dcrat | hxxp://t[.]me/excellent_stalcraft

Resubmissions

26/08/2023, 19:03

230826-xqhypacf65 8

26/08/2023, 18:13

26/08/2023, 18:03

26/08/2023, 18:03

26/08/2023, 18:00

26/08/2023, 11:10

26/08/2023, 11:04

Analysis

max time kernel
119s
max time network
529s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
26/08/2023, 11:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://t.me/excellent_stalcraft

Score

10^/10

dcrat infostealer rat

Malware Config

Signatures

DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
rat infostealer dcrat

DCRat payload 7 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

rat

resource	yara_rule
behavioral1/files/0x000800000001a479-1062.dat	dcrat
behavioral1/files/0x000800000001a479-1063.dat	dcrat
behavioral1/files/0x000400000001a48b-1075.dat	dcrat
behavioral1/files/0x000400000001a48b-1077.dat	dcrat
behavioral1/files/0x000400000001a48b-1078.dat	dcrat
behavioral1/files/0x000400000001a48b-1076.dat	dcrat
behavioral1/memory/1620-1081-0x0000000000930000-0x0000000000BBA000-memory.dmp	dcrat

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1860	chrome.exe
1860	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe

Suspicious use of FindShellTrayWindow 41 IoCs

pid	Process
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1860 wrote to memory of 1056	1860	chrome.exe	28
PID 1860 wrote to memory of 1056	1860	chrome.exe	28
PID 1860 wrote to memory of 1056	1860	chrome.exe	28
PID 1860 wrote to memory of 2244	1860	chrome.exe	30
PID 1860 wrote to memory of 2244	1860	chrome.exe	30
PID 1860 wrote to memory of 2244	1860	chrome.exe	30
PID 1860 wrote to memory of 2244	1860	chrome.exe	30
PID 1860 wrote to memory of 2244	1860	chrome.exe	30
PID 1860 wrote to memory of 2244	1860	chrome.exe	30
PID 1860 wrote to memory of 2244	1860	chrome.exe	30
PID 1860 wrote to memory of 2244	1860	chrome.exe	30
PID 1860 wrote to memory of 2244	1860	chrome.exe	30
PID 1860 wrote to memory of 2244	1860	chrome.exe	30
PID 1860 wrote to memory of 2244	1860	chrome.exe	30
PID 1860 wrote to memory of 2244	1860	chrome.exe	30
PID 1860 wrote to memory of 2244	1860	chrome.exe	30
PID 1860 wrote to memory of 2244	1860	chrome.exe	30
PID 1860 wrote to memory of 2244	1860	chrome.exe	30
PID 1860 wrote to memory of 2244	1860	chrome.exe	30
PID 1860 wrote to memory of 2244	1860	chrome.exe	30
PID 1860 wrote to memory of 2244	1860	chrome.exe	30
PID 1860 wrote to memory of 2244	1860	chrome.exe	30
PID 1860 wrote to memory of 2244	1860	chrome.exe	30
PID 1860 wrote to memory of 2244	1860	chrome.exe	30
PID 1860 wrote to memory of 2244	1860	chrome.exe	30
PID 1860 wrote to memory of 2244	1860	chrome.exe	30
PID 1860 wrote to memory of 2244	1860	chrome.exe	30
PID 1860 wrote to memory of 2244	1860	chrome.exe	30
PID 1860 wrote to memory of 2244	1860	chrome.exe	30
PID 1860 wrote to memory of 2244	1860	chrome.exe	30
PID 1860 wrote to memory of 2244	1860	chrome.exe	30
PID 1860 wrote to memory of 2244	1860	chrome.exe	30
PID 1860 wrote to memory of 2244	1860	chrome.exe	30
PID 1860 wrote to memory of 2244	1860	chrome.exe	30
PID 1860 wrote to memory of 2244	1860	chrome.exe	30
PID 1860 wrote to memory of 2244	1860	chrome.exe	30
PID 1860 wrote to memory of 2244	1860	chrome.exe	30
PID 1860 wrote to memory of 2244	1860	chrome.exe	30
PID 1860 wrote to memory of 2244	1860	chrome.exe	30
PID 1860 wrote to memory of 2244	1860	chrome.exe	30
PID 1860 wrote to memory of 2244	1860	chrome.exe	30
PID 1860 wrote to memory of 2244	1860	chrome.exe	30
PID 1860 wrote to memory of 2448	1860	chrome.exe	32
PID 1860 wrote to memory of 2448	1860	chrome.exe	32
PID 1860 wrote to memory of 2448	1860	chrome.exe	32
PID 1860 wrote to memory of 2328	1860	chrome.exe	31
PID 1860 wrote to memory of 2328	1860	chrome.exe	31
PID 1860 wrote to memory of 2328	1860	chrome.exe	31
PID 1860 wrote to memory of 2328	1860	chrome.exe	31
PID 1860 wrote to memory of 2328	1860	chrome.exe	31
PID 1860 wrote to memory of 2328	1860	chrome.exe	31
PID 1860 wrote to memory of 2328	1860	chrome.exe	31
PID 1860 wrote to memory of 2328	1860	chrome.exe	31
PID 1860 wrote to memory of 2328	1860	chrome.exe	31
PID 1860 wrote to memory of 2328	1860	chrome.exe	31
PID 1860 wrote to memory of 2328	1860	chrome.exe	31
PID 1860 wrote to memory of 2328	1860	chrome.exe	31
PID 1860 wrote to memory of 2328	1860	chrome.exe	31
PID 1860 wrote to memory of 2328	1860	chrome.exe	31
PID 1860 wrote to memory of 2328	1860	chrome.exe	31
PID 1860 wrote to memory of 2328	1860	chrome.exe	31
PID 1860 wrote to memory of 2328	1860	chrome.exe	31
PID 1860 wrote to memory of 2328	1860	chrome.exe	31
PID 1860 wrote to memory of 2328	1860	chrome.exe	31

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://t.me/excellent_stalcraft
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6d19758,0x7fef6d19768,0x7fef6d19778
  2⤵
  PID:1056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1112 --field-trial-handle=1288,i,293073526163477913,12944588789283847198,131072 /prefetch:2
  2⤵
  PID:2244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1532 --field-trial-handle=1288,i,293073526163477913,12944588789283847198,131072 /prefetch:8
  2⤵
  PID:2328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1492 --field-trial-handle=1288,i,293073526163477913,12944588789283847198,131072 /prefetch:8
  2⤵
  PID:2448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2284 --field-trial-handle=1288,i,293073526163477913,12944588789283847198,131072 /prefetch:1
  2⤵
  PID:2728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2292 --field-trial-handle=1288,i,293073526163477913,12944588789283847198,131072 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1300 --field-trial-handle=1288,i,293073526163477913,12944588789283847198,131072 /prefetch:2
  2⤵
  PID:1276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1428 --field-trial-handle=1288,i,293073526163477913,12944588789283847198,131072 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=1108 --field-trial-handle=1288,i,293073526163477913,12944588789283847198,131072 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2612 --field-trial-handle=1288,i,293073526163477913,12944588789283847198,131072 /prefetch:8
  2⤵
  PID:1608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3744 --field-trial-handle=1288,i,293073526163477913,12944588789283847198,131072 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3624 --field-trial-handle=1288,i,293073526163477913,12944588789283847198,131072 /prefetch:1
  2⤵
  PID:2844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1368 --field-trial-handle=1288,i,293073526163477913,12944588789283847198,131072 /prefetch:1
  2⤵
  PID:3016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3916 --field-trial-handle=1288,i,293073526163477913,12944588789283847198,131072 /prefetch:1
  2⤵
  PID:1316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2696 --field-trial-handle=1288,i,293073526163477913,12944588789283847198,131072 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2636 --field-trial-handle=1288,i,293073526163477913,12944588789283847198,131072 /prefetch:8
  2⤵
  PID:1752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4108 --field-trial-handle=1288,i,293073526163477913,12944588789283847198,131072 /prefetch:8
  2⤵
  PID:2140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3940 --field-trial-handle=1288,i,293073526163477913,12944588789283847198,131072 /prefetch:1
  2⤵
  PID:2696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4468 --field-trial-handle=1288,i,293073526163477913,12944588789283847198,131072 /prefetch:1
  2⤵
  PID:1456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3660 --field-trial-handle=1288,i,293073526163477913,12944588789283847198,131072 /prefetch:8
  2⤵
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=752 --field-trial-handle=1288,i,293073526163477913,12944588789283847198,131072 /prefetch:8
  2⤵
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3820 --field-trial-handle=1288,i,293073526163477913,12944588789283847198,131072 /prefetch:8
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=828 --field-trial-handle=1288,i,293073526163477913,12944588789283847198,131072 /prefetch:1
  2⤵
  PID:920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=3624 --field-trial-handle=1288,i,293073526163477913,12944588789283847198,131072 /prefetch:1
  2⤵
  PID:1316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=3928 --field-trial-handle=1288,i,293073526163477913,12944588789283847198,131072 /prefetch:1
  2⤵
  PID:1020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4512 --field-trial-handle=1288,i,293073526163477913,12944588789283847198,131072 /prefetch:8
  2⤵
  PID:1608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3956 --field-trial-handle=1288,i,293073526163477913,12944588789283847198,131072 /prefetch:8
  2⤵
  PID:928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4744 --field-trial-handle=1288,i,293073526163477913,12944588789283847198,131072 /prefetch:8
  2⤵
  PID:2624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4504 --field-trial-handle=1288,i,293073526163477913,12944588789283847198,131072 /prefetch:8
  2⤵
  PID:1384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3656 --field-trial-handle=1288,i,293073526163477913,12944588789283847198,131072 /prefetch:8
  2⤵
  PID:1616

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2904

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap8773:80:7zEvent12169
1⤵
PID:1572

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Инструкция.txt
1⤵
PID:304

C:\Users\Admin\Desktop\NeoronCheat.exe
"C:\Users\Admin\Desktop\NeoronCheat.exe"
1⤵
PID:3060
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\comSessionsvc\QflP0NvNdmg81e.vbe"
  2⤵
  PID:920
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c ""C:\comSessionsvc\bS1mwsMC3AqF44bHav.bat" "
    3⤵
    PID:2740
  - - C:\comSessionsvc\agentdhcp.exe
      "C:\comSessionsvc\agentdhcp.exe"
      4⤵
      PID:1620

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
PID:1384

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
61KB

MD5
f3441b8572aae8801c04f3060b550443

SHA1
4ef0a35436125d6821831ef36c28ffaf196cda15

SHA256
6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

SHA512
5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e4d56d31811c5214130318dbca521454

SHA1
a8ab7503ef13a07f081cfd0543d6c4d8d201cb8f

SHA256
7764ee33c9b626c5a85514e7c3f656518d0a774b9fdf7d44293f5a6e0bf46ec6

SHA512
29bf9a5832137487d621c7d0c4932b0efb629a028e1e232cd5012fec118366d6be9edba6f2e0c23974e6b3467ee99952b4119365afa169189462e3af09d29cd1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
167c02585d0a607102cc43608ba8e767

SHA1
b5a811909d3323fc57bedbab8d05c6acd083cfb5

SHA256
ad390dcd288791f318d3f6da041dd5cdd830cdcfd7cd7566effd24e39b0d1a1d

SHA512
d3eebdb95e13090cdb22bb5cba1c372f9500f46e18eede897dde05fa78fe95d936a4657e7d5ce9fe43fade8813b18f7190204e64d3b1fb619da418cbf6a18335

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ac3900dcb3e7c79cc28ca3d328f68f7f

SHA1
c15e122bf0ceaf6da23d30e6274734302f20950f

SHA256
b32654939497725597ea394a779b87856d4a2538ee96494bc01b356421774fe4

SHA512
487033ebd77e201c6c565648e741cbe1e60fe5071cc1e62216835a032b23bdaffa7a1eeb92b0641751d98ed2a573bfbf84b05186d701e6a3d2a5967afa38b26f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
86467d2bf31b2696897883016b1a31bb

SHA1
4e7a3f0f3359073d63b710ac196bcfddb5cd9c50

SHA256
044a9d73f9af656bcc273d31e104f14d24e90363ae1cb827bb70e65db21731d9

SHA512
69763b77a90828b916ca13ae686f1209b99e279cf8c12900f83bae965b773d25368e108eca546924cad9b6d03c281c7067ebd7c05f0dfe210774ae7246641325

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\2a3f833a-52d2-4556-b1f9-53a05a6458b1.tmp

Filesize
6KB

MD5
4f1c1f1f5874732f0e67174bd851f4cc

SHA1
011b98dc29c11d841aa2ea146ccf069e955544e7

SHA256
5642187b312a7495883d6b65d336802f75f82c96f3e28223a628a29f468867e1

SHA512
3af97a5fc8a6e04b252e2204e631f1f1f431286dff0ff3947e62cfe192daa63371b3b9a1b958a78ddefb1e1e367b17e70722d6ee1663c7661f520e0fd64228db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005e

Filesize
17KB

MD5
950eca48e414acbe2c3b5d046dcb8521

SHA1
1731f264e979f18cdf08c405c7b7d32789a6fb59

SHA256
c0bbe530abfce19e06697bc4358eb426e076ccdb9113e22df4a6f32085da67a2

SHA512
27e55525ade4d099a6881011f6e2e0d5d3a9ca7181f4f014dc231d40b3b1907d0d437b0c44d336c25dd7b73209cd773b8563675ac260c43c7752e2d2d694d4d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf77694e.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
a03f273a42aec640e20be3d1f0ea62de

SHA1
9d0213e9a3243fdb379ba6d1958c816a6c47d04a

SHA256
f00c9db68576e19aca3dcdd4c0f54971452759067a71d2d4053c3f5a92ba1902

SHA512
9ac3a0976b58fcd3b0bdda1111cb781909942008457c3e386659966fadc3d539505d450dbeb96571021dffbf4db5356752952cfbe4e88abdcf80a24027ee88b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
f56d7c76960d01c882707bf46c5bc4c8

SHA1
f8bec24ae679acf59c380e85f10a9b747ec25546

SHA256
0ac098126d2f4ead75be40cd65164b9867aca492b2a21405a84e96b47841f549

SHA512
6f6b01fc24bfe5ea07d8dee12e102f06129db56e28664c30b7ca409cc132b5747acff52e7762dff251c76467045e9ea3b0e723ad3a18efb1c78cf61d593a6804

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1007B

MD5
f1bb2bd94d2d458d6030ece959fb8f71

SHA1
c35696eb24aba8156d7b1829621d4b9d09802d01

SHA256
33ec64500ce539c4e47fab6f28941edfd8f49b872380ef0be2fc3542f34f6009

SHA512
0ae194c2439ed5d4ad76136c09f6f26391fa652d2fdcf395156a8f8ebd10418eb71ff331e641febd683bfcc8e5aff54ae112af5b0974b9ee10453b92f22ade03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1d505aea5ee67aa7f4dc6315c448454d

SHA1
ab368889d1d35a0e711026d7ed5d13144be2dcc5

SHA256
ffa67e80957e3d265062eb76d65c735fdd857b3ea62415510b95288d31dd559e

SHA512
8410ea8c9cb0efdb1a2f945b586dd43bb0da50bafa1f01959f907f03dbb8873c0b78ce2a06f3d7ed8207ba353f16fdead2105fe031f05697557f085b2bf020d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c09af244b7f6b8f57993219156217503

SHA1
a1e195b80e2574b40caa6481ac5ab3b6b5377c54

SHA256
2b52b9fd7a126e0495b53c97e34243f0df39443a7aae7ea8b374cbcda9e07771

SHA512
86fb9fd289fbddd9c40e9e314e9958d2a4ea3e1231a6f7ed4f67cd8e6bd6fd75f0258e370de05a5657faf5fe7028283433eb7772dcf066b623eadd36ee4961f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
78240698828bd3d64cbe9ea6dd91a2f3

SHA1
8ed65d29c996654104848163f97d186477b9a38b

SHA256
e053594f638eeff56a9345847fe0a3c3db04f8842c7230668261c8da39521174

SHA512
27bec91a13237c04642c905fafda82338eaa5fb5ddaa4a82df62bfaad1efcf3953557782f2153fa428589b039ae0d003d52357ba6f47a9dd9d317720d579c613

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9cc4e369ae2755ae63d450a10c658e9b

SHA1
75af9d6ab07c2a730efeddd1c3199b7d9d8f7a1e

SHA256
bd0fad104183e83f3631db9221a1e67d3351afdecd7ca4847f29d7d6f82675f2

SHA512
34c283175ed021cdd3dff0c7a5792cbebbfde93feb2f3f4267f82fdca2c9981842c085c93a5df6192e148edafa73e8ce5d5ec39ff851f72b761150baf83e4eaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1007B

MD5
6e4eb6bcd8e98ac54a6f04e2403bd8f8

SHA1
609beebb3b1d9c2eda5bd4ad5f28c2f46f87761e

SHA256
2948e53e0256985993c881d2634b2caf9e7244050bbd6e79a12c57061394e56c

SHA512
b544511dc68288297323ab1bbc3fec9105efa0b5261eaf65445ca9eee7f3bb96a4e25f73b7e34b3184d7d01176a0f70ad9d8e84fc745e4bceebfdfa9c9552ff6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\d0a031a6-3046-4c85-be8f-4c1735609e09.tmp

Filesize
6KB

MD5
4b503703a9a30f593d12b47b09226824

SHA1
4609f1545e7d35493ff168d3ac21faea952c449f

SHA256
1be77acd4d2d77a9a26147f926d6c8a8810d9f07c1cdedaf3fdc40660ef2e695

SHA512
c0581a96519e16bd6b1f36577ce180b54f3415b754842338f9d55adea782f4cc1f1a923530181d71c09e729d2f9d2c1e4778d143ecfece59769f3515c4d01db2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
6d2017797f41605f909c563f476276f0

SHA1
2192433a9d4c040fb814bd17daaa20540014fbe0

SHA256
a46509e76bc1deb504324fc9d7d5c58fd1b22c147f6d3b45e52721f82b46ce72

SHA512
0e150817e0f34c4a322cbe2c7ad0ffb76b4985fa4e65dbe632316f071e711d6f2349050c623d733659b326e6e3a534717b2dfd8d8713de73fdc2e76646a33bef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
72f90673530737c16ffea4a0a68b9abd

SHA1
f95f402a06e25507ab2e45ece082c271b783ae0e

SHA256
b947d5d63cbd4ccfce7c8a33a3655bd3e24a870faee04a3ef4c4963acebe2e1b

SHA512
7274394d13254d61773bdb26180e66c10a7d44e804bcbdad45a29b49e6289fd8950fd830354e700090b46aa1985520e70cd99ece55dd1d7f98c5c0e168ebc030

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9abd932ae546c7ef4cd53a2e10998ff5

SHA1
0cb44571886ba8027b79b564b8149ca99b9b4f5f

SHA256
26e12c9a7985a2437a85b1de70f9f065ec304b1e2f5fcfe9a34f7320300e25b5

SHA512
a61e242b3646af2b5ce6988c082dd79ab90500c4cf3e0f8eeaab2a5e0f9515a6c9822e12f34a6be9550a00331c3fa9861e5b988efa63432194633c4a5be5d2d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b7bce80b26402b8da4ca652c2798925b

SHA1
7916db55e9b626ca096cdf3d510a0def6e616ce3

SHA256
fe82ce6b730928947966158d1d4eb86c618ec531cb09535e297ca0281d055676

SHA512
1c206cd7a46c2babb1293f95bff601ed03983c23f5f52c12ab4a1ee2b62e66c88869821c868be4f9a0ba3e4f7f768f8af6cea266bebdea2b0962de75d747c8a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
183ca7f15d11ab2e30c050303e69047e

SHA1
2ae04bdfafd18d99efaa4c06f517c6996ef2cb7a

SHA256
c1a77ebdc2bef66ddce6604cc2d9da6ef1d6d70c4119c693ada98641d05b5797

SHA512
47ee69c174bb879f23af147aad1e9262018fdf844967fb6bae0fa8d6ca7a6d7a198aa4d4c9931055dbe1ef3bb1aa170d04c988f7195d72dde4dcb1232d010cbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2be11d04aa7764ba788a75fca3ccac31

SHA1
1811677709f2d9315fa6072b2632450dea5a6d06

SHA256
5d8f747f2de0ffdfd2f363bf9f5ced0719d4a842c75cb5d5bdf965ae60a57f41

SHA512
890f5f0d4aaf1d11148b0611b6cac083113219f69e4810cae1a9f09dc8413b0c3e24b1074beebe88460d3bba53bfcf06125d48dee3f5d5b2e53a54b2f4245b44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
cc6fa9dc6b295ee5349aaf94a07c24c8

SHA1
f9186760699f4306df07570c3b57fd2d59777aef

SHA256
b4ba6c5ed517132d04017f50c26e8aecc883967b3681827d28245dc23aad9ab8

SHA512
76138e903a465bc60fda9a45a61253c97d6b179057a8f062d35b34cd99cfa53d0416e528608342c552fd6147b38197fe82e417ab7dab5b4cb4ec7c58cbeff722

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
3b9581f4d2cf262c68ee6b992fa43264

SHA1
3828885c020bfd0b46b0d997285ba1028d67d78b

SHA256
49e7755b9792903716232e5e0178c9c63ac35e46881e117d42704367be111b74

SHA512
6fc7acbd0a7a45ddb6e1f7c70a835cfba3948c8e00b52cb951eb6188dfa6332d3cf8101246d79db9da368924215f69c7c7cc41f73ee6d3d2b349e732848ff2a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
07f571534b75547c6870388043c1b7be

SHA1
28de325b3f44d24c3d26d008531833bcbe51ccdd

SHA256
0d1df0618ea91aa6a3797a566a9dd03f0acc53e6bfc2f719ad774c6a9b7c760d

SHA512
9a934aaadde76ca0941a023e8d0842b2e8c81a2c0361219cb52e4458e7fdce7819f9740950817aa7f17efcf0040a4f697f7bc5d926c9f16a2e9dd6bd0ab014d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
187B

MD5
1a4279b18141837d58186384e2bdf39f

SHA1
8a92f6f91cf3d4cf24942d98ff34bfc7d29431a9

SHA256
057f839277037aeca2894523574240961fa1e21778d385bd529475446ebfa4e5

SHA512
6d19543e3476cdbe8934f5c08ff1de38456e3da6fb5d6e428d015ceaab708f0536b4419d543838b22f710abdfccffff3a89f9583e06ef131a7c4d0bf39340062

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
5c857c589e18caab2201a914567142fe

SHA1
67adede95e5f2b46aa227828cbd48f11eac475d2

SHA256
1fc822d0651467e6a3c3b2d0e06f0dd64ffc84b46599470273f8c1a11994f886

SHA512
e05e43bddc1cd2e8db70285ef57916bf2a0fac78e34613342369928b8360fdf2517a462da93f47ecf6dd0ce89167538b333adc524725c08c86de830b85b52280

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b6462fa9-919f-4fee-853d-e0ddce88faa5.tmp

Filesize
6KB

MD5
3a57efbe1f575980095eebffb6f388ff

SHA1
a4962e7c82e2eb1802d0c8d933ea1e5e1f87de5f

SHA256
844681b0b6cd61ceb5b6475abd01594c64cfbf9d6339d5b55eeccb497f68cb52

SHA512
da003520f184ed1ff65cbe96a375774e6d157eb8a10ebc3ca9a36d5d877a20b01d70ae5ead2f7d8f9de2cd44cf63c3d1091eaa75ba9b10cdd73cc8a542b27dc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
89KB

MD5
5080951c516bdf64f2e5016be1cac0c4

SHA1
4a7a2db651743ae0d4d68e14a583718db5630d1c

SHA256
6412f007c14949d0b6946a9588feac07264d4f22943801efeb013053fa207d05

SHA512
c8e5f296812202e02ff39de5da8d1f3f1675d36016af95176c5e8988be2bfcb957cb45e00026cbf6c99a8a0dff191141e6265c1d209eff7cd6fc87b421eb681a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
89KB

MD5
ec0eeb07581aa007d1fc722410f4a382

SHA1
d181a4c06e18e934e3a1f41946fac8a9b7863bb9

SHA256
9465aab311e340234542ba50ec1b8d0d977b3c241d142007a90143f1721970c9

SHA512
c23ebe89c7d9dcf848808c5aca78b918940948a1712a65c1b5c5f1f91f4b12c1b0d16e9b281d6d7cb824328a49a8b26bddf83f1ffe3ba09db84cda88c0b8f07f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
89KB

MD5
985893135db66e0225d185659a6568a0

SHA1
c79172eaec8171a438a33d071bf68f08d745f21e

SHA256
62fe691569c9410277cf35cd8cb2e165b39d30d267c094ae4c42df2089a6a523

SHA512
3f562e52bc02104a56b14c3958fd1736f8c9eed4b56f98b8b3123df3697de7867e953e4e22a5af43796b81719dba0dc0166e134e0867522908abb12ba808d866

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
76KB

MD5
51313461fca0c9653dc4af6b232672d8

SHA1
48cf8454f3b5501319a25aba464bb4b5b2e54c67

SHA256
dd365dd69e7e901b56b2d1f8463cfc09bed7f2245e29b5b3f0fbbe294de02ff7

SHA512
c07a12d1e726405bc51c5df0e0342aa080ac4a0fa13e6a10782e8bda46dd1fd4e6465dc448d0e0039a2c8cb487e366ac3078a4249cca4a5296e2677a36f10d4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
78KB

MD5
c55c84316965bd16fdcda86c0743f252

SHA1
83a5c6641a866668b2ec1b395da9eba88ded070e

SHA256
e0d952a764b4e54713e0ad3f157ac4678c95a993ec534317eb19a48a10d3c4d8

SHA512
ab6af253988fcaab5ec9d68b7eb01cdf7e30dc91ac70db2b0aedea7008bbb5942fbe7435987c4828c35414e8d4dc81640d16c9c18e5f380052405a68095a76ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar21AB.tmp

Filesize
163KB

MD5
9441737383d21192400eca82fda910ec

SHA1
725e0d606a4fc9ba44aa8ffde65bed15e65367e4

SHA256
bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

SHA512
7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

Download Submit
C:\Users\Admin\Desktop\NeoronCheat.exe

Filesize
2.8MB

MD5
2a962dc3b85e8d8814c60354c5d72c15

SHA1
f8b0f1e28e2170b9a31f6d505d20b6750b26f088

SHA256
2908c6d06990eae7bcb93ced17df03c0e06728968fcda55b79d4b65fc88d03eb

SHA512
a06e052f0a4771e0959fe63b17c5bd6449757a44a5411b8a33bedcc4ec100b9fe1bafcc038dc0c216958ce1f1610dbca8a8014f71369e0102242bb2c93ba9be7

Download Submit
C:\Users\Admin\Desktop\NeoronCheat.exe

Filesize
2.8MB

MD5
2a962dc3b85e8d8814c60354c5d72c15

SHA1
f8b0f1e28e2170b9a31f6d505d20b6750b26f088

SHA256
2908c6d06990eae7bcb93ced17df03c0e06728968fcda55b79d4b65fc88d03eb

SHA512
a06e052f0a4771e0959fe63b17c5bd6449757a44a5411b8a33bedcc4ec100b9fe1bafcc038dc0c216958ce1f1610dbca8a8014f71369e0102242bb2c93ba9be7

Download Submit
C:\Users\Admin\Desktop\Инструкция.txt

Filesize
194B

MD5
58e6ed14aa69676bbe0875250c7e1da1

SHA1
4ff147f36ab8025b601378010a31e8bcd9e3d2ad

SHA256
104f47d4204186933cb9ff81afb9a088cc99bac712ea620837a88aae505d0dfc

SHA512
d928afc03eaf75ed8c1f83c9a6c5e95b1dd65004d7a9d50af9f51599c9961b3269568d4b7e0e5f21c9eda25e4303d3c2a6e4ad3fe01e16c1d6d143eac74e29c7

Download Submit
C:\comSessionsvc\QflP0NvNdmg81e.vbe

Filesize
208B

MD5
15595cabe095e9f02a124a3125b0d18d

SHA1
7111160245ee5ce6cf8900f67e557c2ef444f924

SHA256
18c8fab2d261ff0ee81cc1ea2ef6bbc068100b5891336c41f8a303e2395e335c

SHA512
5fa514d609d4ecbebe7195444bb270dd9c16d02f1d07c98d4354b59c442f1d10214f94acc092dbc9f0ae16fe907653bc59d788b445e3ffe2201402aec5ea40ea

Download Submit
C:\comSessionsvc\agentdhcp.exe

Filesize
2.5MB

MD5
468ecd42a6ebf87b8f5d6112adf67234

SHA1
1e2f2e3ff87a20b51d47b89faded9051dd01bc2e

SHA256
9ace2be858027d0b698c291f50638d511c1d37cd88c66dc33ed32b02ae351ca1

SHA512
4a4bccf7779b6d90e964db4349f159bdf98d7d9f37c0e2d581f89e1dd54df59db066d1d9f3b54c5382cc6c4465745e1b673c933ce9d89ee346ace0e3cadbe6db

Download Submit
C:\comSessionsvc\agentdhcp.exe

Filesize
2.5MB

MD5
468ecd42a6ebf87b8f5d6112adf67234

SHA1
1e2f2e3ff87a20b51d47b89faded9051dd01bc2e

SHA256
9ace2be858027d0b698c291f50638d511c1d37cd88c66dc33ed32b02ae351ca1

SHA512
4a4bccf7779b6d90e964db4349f159bdf98d7d9f37c0e2d581f89e1dd54df59db066d1d9f3b54c5382cc6c4465745e1b673c933ce9d89ee346ace0e3cadbe6db

Download Submit
C:\comSessionsvc\bS1mwsMC3AqF44bHav.bat

Filesize
32B

MD5
d4d430d3f713c68a76a064f0c854b09e

SHA1
45ec5315eec30924e6bde2764c5f5bba68bdecd0

SHA256
a20ab78753975d7d80f9605fdfc6de1bbf860d802799eb89d762efc1d7b4f2d8

SHA512
a56b358ca2f13c0a3bdc6f4e4504a32cd1d5faf0ca3ea4a6af09bf93c6264943c2de2156e7c689cd081e6e717617308986666ae907409e4e603a8a9f1f75e814

Download Submit
\comSessionsvc\agentdhcp.exe

Filesize
2.5MB

MD5
468ecd42a6ebf87b8f5d6112adf67234

SHA1
1e2f2e3ff87a20b51d47b89faded9051dd01bc2e

SHA256
9ace2be858027d0b698c291f50638d511c1d37cd88c66dc33ed32b02ae351ca1

SHA512
4a4bccf7779b6d90e964db4349f159bdf98d7d9f37c0e2d581f89e1dd54df59db066d1d9f3b54c5382cc6c4465745e1b673c933ce9d89ee346ace0e3cadbe6db

Download Submit
\comSessionsvc\agentdhcp.exe

Filesize
2.5MB

MD5
468ecd42a6ebf87b8f5d6112adf67234

SHA1
1e2f2e3ff87a20b51d47b89faded9051dd01bc2e

SHA256
9ace2be858027d0b698c291f50638d511c1d37cd88c66dc33ed32b02ae351ca1

SHA512
4a4bccf7779b6d90e964db4349f159bdf98d7d9f37c0e2d581f89e1dd54df59db066d1d9f3b54c5382cc6c4465745e1b673c933ce9d89ee346ace0e3cadbe6db

Download Submit
memory/1384-1096-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1384-1137-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1384-1083-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1384-1084-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1384-1085-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1384-1093-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1384-1094-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1384-1175-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1384-1174-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1384-1173-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1384-1098-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1384-1099-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1384-1100-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1384-1172-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1384-1103-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1384-1102-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1384-1171-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1384-1105-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1384-1080-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1384-1113-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1384-1114-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1384-1115-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1384-1079-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1384-1073-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1384-1130-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1384-1131-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1384-1132-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1384-1133-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1384-1134-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1384-1135-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1384-1136-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1384-1170-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1384-1138-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1384-1139-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1384-1140-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1384-1141-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1384-1142-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1384-1143-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1384-1144-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1384-1145-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1384-1146-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1384-1147-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1384-1148-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1384-1149-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1384-1150-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1384-1151-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1384-1152-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1384-1153-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1384-1154-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1384-1155-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1384-1156-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1384-1157-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1384-1158-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1384-1159-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1384-1160-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1384-1161-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1384-1072-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1384-1169-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1620-1082-0x000007FEF33E0000-0x000007FEF3DCC000-memory.dmp

Filesize
9.9MB

Download
memory/1620-1104-0x000007FEF33E0000-0x000007FEF3DCC000-memory.dmp

Filesize
9.9MB

Download
memory/1620-1101-0x000007FEF33E0000-0x000007FEF3DCC000-memory.dmp

Filesize
9.9MB

Download
memory/1620-1097-0x0000000000440000-0x000000000044E000-memory.dmp

Filesize
56KB

Download
memory/1620-1081-0x0000000000930000-0x0000000000BBA000-memory.dmp

Filesize
2.5MB

Download
memory/1620-1095-0x00000000003B0000-0x0000000000430000-memory.dmp

Filesize
512KB

Download