864d70dd755dab8431c2465531067cf8130166585e55dd4c4bb7de3df54a1967

Resubmissions

30-09-2023 02:39

230930-c5m6qshf42 7

30-09-2023 02:34

230930-c2ncbshf24 7

Analysis

max time kernel
177s
max time network
202s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
30-09-2023 02:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MacroRecorderSetup.exe
Size

2.6MB
MD5

50307092df1de5735811933cefad0b85
SHA1

fcf6d604a542d6aebee2e6828966387367b04cbf
SHA256

864d70dd755dab8431c2465531067cf8130166585e55dd4c4bb7de3df54a1967
SHA512

0cf5ece8b4ab2e302136f9bf65c89f6d4d79f5cad7989250b04ffb6c110009db081fc817b653c0bfdd54c6da8e7c1b6cafc0ed157ba72cef9ddd863f3f12dd90
SSDEEP

49152:Aqe3f6QX7FIsEl4404EcVZvUWN6NuFXL+fLLMtj7yWRBywyYkHeBnI:VSijsEl904EcVuWN6yMLAtj2sEwlpVI

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2696	MacroRecorderSetup.tmp
3060	MacroRecorder.exe

Loads dropped DLL 5 IoCs

pid	Process
2440	MacroRecorderSetup.exe
2696	MacroRecorderSetup.tmp
2696	MacroRecorderSetup.tmp
2696	MacroRecorderSetup.tmp
2696	MacroRecorderSetup.tmp

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 23 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\MacroRecorder\MacroLauncher.exe	MacroRecorderSetup.tmp
File created	C:\Program Files (x86)\MacroRecorder\is-BUFS1.tmp	MacroRecorderSetup.tmp
File created	C:\Program Files (x86)\MacroRecorder\is-T146D.tmp	MacroRecorderSetup.tmp
File opened for modification	C:\Program Files (x86)\MacroRecorder\unins000.dat	MacroRecorderSetup.tmp
File opened for modification	C:\Program Files (x86)\MacroRecorder\Mono.Cecil.dll	MacroRecorderSetup.tmp
File opened for modification	C:\Program Files (x86)\MacroRecorder\Mono.Cecil.Pdb.dll	MacroRecorderSetup.tmp
File opened for modification	C:\Program Files (x86)\MacroRecorder\Mono.Cecil.Rocks.dll	MacroRecorderSetup.tmp
File created	C:\Program Files (x86)\MacroRecorder\unins000.dat	MacroRecorderSetup.tmp
File created	C:\Program Files (x86)\MacroRecorder\is-KRK5E.tmp	MacroRecorderSetup.tmp
File created	C:\Program Files (x86)\MacroRecorder\is-8ELV2.tmp	MacroRecorderSetup.tmp
File created	C:\Program Files (x86)\MacroRecorder\is-K2U4G.tmp	MacroRecorderSetup.tmp
File opened for modification	C:\Program Files (x86)\MacroRecorder\Microsoft.Win32.TaskScheduler.dll	MacroRecorderSetup.tmp
File created	C:\Program Files (x86)\MacroRecorder\is-386C8.tmp	MacroRecorderSetup.tmp
File created	C:\Program Files (x86)\MacroRecorder\is-1NU2I.tmp	MacroRecorderSetup.tmp
File created	C:\Program Files (x86)\MacroRecorder\is-IVKB1.tmp	MacroRecorderSetup.tmp
File created	C:\Program Files (x86)\MacroRecorder\is-TNUAT.tmp	MacroRecorderSetup.tmp
File created	C:\Program Files (x86)\MacroRecorder\unins000.msg	MacroRecorderSetup.tmp
File opened for modification	C:\Program Files (x86)\MacroRecorder\Mono.Cecil.Mdb.dll	MacroRecorderSetup.tmp
File created	C:\Program Files (x86)\MacroRecorder\is-TNPAV.tmp	MacroRecorderSetup.tmp
File created	C:\Program Files (x86)\MacroRecorder\is-S6Q3P.tmp	MacroRecorderSetup.tmp
File created	C:\Program Files (x86)\MacroRecorder\is-147NH.tmp	MacroRecorderSetup.tmp
File created	C:\Program Files (x86)\MacroRecorder\is-O4F1E.tmp	MacroRecorderSetup.tmp
File opened for modification	C:\Program Files (x86)\MacroRecorder\MacroRecorder.exe	MacroRecorderSetup.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 11 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies registry class 9 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000_CLASSES\.mcr	MacroRecorder.exe
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000_CLASSES\JitbitMacroRecorder	MacroRecorder.exe
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000_CLASSES\JitbitMacroRecorder\DefaultIcon	MacroRecorder.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000_CLASSES\JitbitMacroRecorder\DefaultIcon\ = "C:\\Program Files (x86)\\MacroRecorder\\MacroRecorder.exe,0"	MacroRecorder.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000_CLASSES\.mcr\ = "JitbitMacroRecorder"	MacroRecorder.exe
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000_CLASSES\JitbitMacroRecorder\shell	MacroRecorder.exe
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000_CLASSES\JitbitMacroRecorder\shell\open	MacroRecorder.exe
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000_CLASSES\JitbitMacroRecorder\shell\open\command	MacroRecorder.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000_CLASSES\JitbitMacroRecorder\shell\open\command\ = "C:\\Program Files (x86)\\MacroRecorder\\MacroRecorder.exe \"%1\""	MacroRecorder.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2696	MacroRecorderSetup.tmp
2696	MacroRecorderSetup.tmp
2556	chrome.exe
2556	chrome.exe
1452	chrome.exe
1452	chrome.exe
1676	chrome.exe
1676	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3060	MacroRecorder.exe

Suspicious use of AdjustPrivilegeToken 57 IoCs

description	pid	Process
Token: SeDebugPrivilege	3060	MacroRecorder.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1676	chrome.exe
Token: SeShutdownPrivilege	1676	chrome.exe
Token: SeShutdownPrivilege	1676	chrome.exe
Token: SeShutdownPrivilege	1676	chrome.exe
Token: SeShutdownPrivilege	1676	chrome.exe
Token: SeShutdownPrivilege	1676	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2696	MacroRecorderSetup.tmp
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2440 wrote to memory of 2696	2440	MacroRecorderSetup.exe	28
PID 2440 wrote to memory of 2696	2440	MacroRecorderSetup.exe	28
PID 2440 wrote to memory of 2696	2440	MacroRecorderSetup.exe	28
PID 2440 wrote to memory of 2696	2440	MacroRecorderSetup.exe	28
PID 2440 wrote to memory of 2696	2440	MacroRecorderSetup.exe	28
PID 2440 wrote to memory of 2696	2440	MacroRecorderSetup.exe	28
PID 2440 wrote to memory of 2696	2440	MacroRecorderSetup.exe	28
PID 2696 wrote to memory of 3060	2696	MacroRecorderSetup.tmp	30
PID 2696 wrote to memory of 3060	2696	MacroRecorderSetup.tmp	30
PID 2696 wrote to memory of 3060	2696	MacroRecorderSetup.tmp	30
PID 2696 wrote to memory of 3060	2696	MacroRecorderSetup.tmp	30
PID 2556 wrote to memory of 2788	2556	chrome.exe	34
PID 2556 wrote to memory of 2788	2556	chrome.exe	34
PID 2556 wrote to memory of 2788	2556	chrome.exe	34
PID 2556 wrote to memory of 2892	2556	chrome.exe	36
PID 2556 wrote to memory of 2892	2556	chrome.exe	36
PID 2556 wrote to memory of 2892	2556	chrome.exe	36
PID 2556 wrote to memory of 2892	2556	chrome.exe	36
PID 2556 wrote to memory of 2892	2556	chrome.exe	36
PID 2556 wrote to memory of 2892	2556	chrome.exe	36
PID 2556 wrote to memory of 2892	2556	chrome.exe	36
PID 2556 wrote to memory of 2892	2556	chrome.exe	36
PID 2556 wrote to memory of 2892	2556	chrome.exe	36
PID 2556 wrote to memory of 2892	2556	chrome.exe	36
PID 2556 wrote to memory of 2892	2556	chrome.exe	36
PID 2556 wrote to memory of 2892	2556	chrome.exe	36
PID 2556 wrote to memory of 2892	2556	chrome.exe	36
PID 2556 wrote to memory of 2892	2556	chrome.exe	36
PID 2556 wrote to memory of 2892	2556	chrome.exe	36
PID 2556 wrote to memory of 2892	2556	chrome.exe	36
PID 2556 wrote to memory of 2892	2556	chrome.exe	36
PID 2556 wrote to memory of 2892	2556	chrome.exe	36
PID 2556 wrote to memory of 2892	2556	chrome.exe	36
PID 2556 wrote to memory of 2892	2556	chrome.exe	36
PID 2556 wrote to memory of 2892	2556	chrome.exe	36
PID 2556 wrote to memory of 2892	2556	chrome.exe	36
PID 2556 wrote to memory of 2892	2556	chrome.exe	36
PID 2556 wrote to memory of 2892	2556	chrome.exe	36
PID 2556 wrote to memory of 2892	2556	chrome.exe	36
PID 2556 wrote to memory of 2892	2556	chrome.exe	36
PID 2556 wrote to memory of 2892	2556	chrome.exe	36
PID 2556 wrote to memory of 2892	2556	chrome.exe	36
PID 2556 wrote to memory of 2892	2556	chrome.exe	36
PID 2556 wrote to memory of 2892	2556	chrome.exe	36
PID 2556 wrote to memory of 2892	2556	chrome.exe	36
PID 2556 wrote to memory of 2892	2556	chrome.exe	36
PID 2556 wrote to memory of 2892	2556	chrome.exe	36
PID 2556 wrote to memory of 2892	2556	chrome.exe	36
PID 2556 wrote to memory of 2892	2556	chrome.exe	36
PID 2556 wrote to memory of 2892	2556	chrome.exe	36
PID 2556 wrote to memory of 2892	2556	chrome.exe	36
PID 2556 wrote to memory of 2892	2556	chrome.exe	36
PID 2556 wrote to memory of 2892	2556	chrome.exe	36
PID 2556 wrote to memory of 1888	2556	chrome.exe	38
PID 2556 wrote to memory of 1888	2556	chrome.exe	38
PID 2556 wrote to memory of 1888	2556	chrome.exe	38
PID 2556 wrote to memory of 2536	2556	chrome.exe	37
PID 2556 wrote to memory of 2536	2556	chrome.exe	37
PID 2556 wrote to memory of 2536	2556	chrome.exe	37
PID 2556 wrote to memory of 2536	2556	chrome.exe	37
PID 2556 wrote to memory of 2536	2556	chrome.exe	37
PID 2556 wrote to memory of 2536	2556	chrome.exe	37
PID 2556 wrote to memory of 2536	2556	chrome.exe	37
PID 2556 wrote to memory of 2536	2556	chrome.exe	37

C:\Users\Admin\AppData\Local\Temp\MacroRecorderSetup.exe
"C:\Users\Admin\AppData\Local\Temp\MacroRecorderSetup.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2440
- C:\Users\Admin\AppData\Local\Temp\is-UK53U.tmp\MacroRecorderSetup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-UK53U.tmp\MacroRecorderSetup.tmp" /SL5="$70126,1902330,780800,C:\Users\Admin\AppData\Local\Temp\MacroRecorderSetup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2696
- - C:\Program Files (x86)\MacroRecorder\MacroRecorder.exe
    "C:\Program Files (x86)\MacroRecorder\MacroRecorder.exe"
    3⤵
    - Executes dropped EXE
    - Modifies registry class
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of AdjustPrivilegeToken
    PID:3060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6bb9758,0x7fef6bb9768,0x7fef6bb9778
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1164 --field-trial-handle=1244,i,15643086906712542636,15558865644553373052,131072 /prefetch:2
  2⤵
  PID:2892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1628 --field-trial-handle=1244,i,15643086906712542636,15558865644553373052,131072 /prefetch:8
  2⤵
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 --field-trial-handle=1244,i,15643086906712542636,15558865644553373052,131072 /prefetch:8
  2⤵
  PID:1888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2324 --field-trial-handle=1244,i,15643086906712542636,15558865644553373052,131072 /prefetch:1
  2⤵
  PID:1088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2336 --field-trial-handle=1244,i,15643086906712542636,15558865644553373052,131072 /prefetch:1
  2⤵
  PID:832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1360 --field-trial-handle=1244,i,15643086906712542636,15558865644553373052,131072 /prefetch:2
  2⤵
  PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1448 --field-trial-handle=1244,i,15643086906712542636,15558865644553373052,131072 /prefetch:1
  2⤵
  PID:1688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3468 --field-trial-handle=1244,i,15643086906712542636,15558865644553373052,131072 /prefetch:8
  2⤵
  PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3588 --field-trial-handle=1244,i,15643086906712542636,15558865644553373052,131072 /prefetch:8
  2⤵
  PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3704 --field-trial-handle=1244,i,15643086906712542636,15558865644553373052,131072 /prefetch:8
  2⤵
  PID:2436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3576 --field-trial-handle=1244,i,15643086906712542636,15558865644553373052,131072 /prefetch:8
  2⤵
  PID:2140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1520 --field-trial-handle=1244,i,15643086906712542636,15558865644553373052,131072 /prefetch:8
  2⤵
  PID:2616

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2340

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6bb9758,0x7fef6bb9768,0x7fef6bb9778
  2⤵
  PID:1420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1132 --field-trial-handle=1184,i,16990990737756061182,16906812265342399639,131072 /prefetch:2
  2⤵
  PID:2296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1532 --field-trial-handle=1184,i,16990990737756061182,16906812265342399639,131072 /prefetch:8
  2⤵
  PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1628 --field-trial-handle=1184,i,16990990737756061182,16906812265342399639,131072 /prefetch:8
  2⤵
  PID:1564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2164 --field-trial-handle=1184,i,16990990737756061182,16906812265342399639,131072 /prefetch:1
  2⤵
  PID:2528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2176 --field-trial-handle=1184,i,16990990737756061182,16906812265342399639,131072 /prefetch:1
  2⤵
  PID:2548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1392 --field-trial-handle=1184,i,16990990737756061182,16906812265342399639,131072 /prefetch:2
  2⤵
  PID:956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=3268 --field-trial-handle=1184,i,16990990737756061182,16906812265342399639,131072 /prefetch:2
  2⤵
  PID:3016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2388 --field-trial-handle=1184,i,16990990737756061182,16906812265342399639,131072 /prefetch:8
  2⤵
  PID:836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3368 --field-trial-handle=1184,i,16990990737756061182,16906812265342399639,131072 /prefetch:1
  2⤵
  PID:1800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3600 --field-trial-handle=1184,i,16990990737756061182,16906812265342399639,131072 /prefetch:8
  2⤵
  PID:2444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1440 --field-trial-handle=1184,i,16990990737756061182,16906812265342399639,131072 /prefetch:8
  2⤵
  PID:2116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3604 --field-trial-handle=1184,i,16990990737756061182,16906812265342399639,131072 /prefetch:8
  2⤵
  PID:108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3800 --field-trial-handle=1184,i,16990990737756061182,16906812265342399639,131072 /prefetch:1
  2⤵
  PID:1088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3768 --field-trial-handle=1184,i,16990990737756061182,16906812265342399639,131072 /prefetch:8
  2⤵
  PID:544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3716 --field-trial-handle=1184,i,16990990737756061182,16906812265342399639,131072 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4124 --field-trial-handle=1184,i,16990990737756061182,16906812265342399639,131072 /prefetch:1
  2⤵
  PID:1568

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2864

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6bb9758,0x7fef6bb9768,0x7fef6bb9778
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1160 --field-trial-handle=1292,i,17093811110342255639,17273976100583934386,131072 /prefetch:2
  2⤵
  PID:1100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1496 --field-trial-handle=1292,i,17093811110342255639,17273976100583934386,131072 /prefetch:8
  2⤵
  PID:1652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1600 --field-trial-handle=1292,i,17093811110342255639,17273976100583934386,131072 /prefetch:8
  2⤵
  PID:2264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2236 --field-trial-handle=1292,i,17093811110342255639,17273976100583934386,131072 /prefetch:1
  2⤵
  PID:976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2244 --field-trial-handle=1292,i,17093811110342255639,17273976100583934386,131072 /prefetch:1
  2⤵
  PID:2668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1160 --field-trial-handle=1292,i,17093811110342255639,17273976100583934386,131072 /prefetch:2
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2176 --field-trial-handle=1292,i,17093811110342255639,17273976100583934386,131072 /prefetch:8
  2⤵
  PID:3000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3344 --field-trial-handle=1292,i,17093811110342255639,17273976100583934386,131072 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3348 --field-trial-handle=1292,i,17093811110342255639,17273976100583934386,131072 /prefetch:8
  2⤵
  PID:888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3608 --field-trial-handle=1292,i,17093811110342255639,17273976100583934386,131072 /prefetch:8
  2⤵
  PID:1088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3848 --field-trial-handle=1292,i,17093811110342255639,17273976100583934386,131072 /prefetch:8
  2⤵
  PID:2760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3876 --field-trial-handle=1292,i,17093811110342255639,17273976100583934386,131072 /prefetch:8
  2⤵
  PID:2192

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6bb9758,0x7fef6bb9768,0x7fef6bb9778
  2⤵
  PID:2560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1424 --field-trial-handle=1232,i,3640771742023449473,3142974866410726043,131072 /prefetch:8
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1172 --field-trial-handle=1232,i,3640771742023449473,3142974866410726043,131072 /prefetch:2
  2⤵
  PID:2156

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\MacroRecorder\MacroRecorder.exe

Filesize
1.1MB

MD5
cd2ff16f2aa3a0525c7e9ed355ba7457

SHA1
0511be4d649c8da29ac8af12f019a8ca01f00ade

SHA256
9e2b3c898821eabc315576f6f274dbdd4e055c60ef3d2325a96caf702fd86ece

SHA512
45dc33d6790c66ad5bad9e6f3d0b0f47ef4b112ed6e55601900f25aa46c171d6ad47a69f4a18e24afff218aab221de21e50d39c8823371e2bd5fae6019ca3299

Download Submit
C:\Program Files (x86)\MacroRecorder\MacroRecorder.exe

Filesize
1.1MB

MD5
cd2ff16f2aa3a0525c7e9ed355ba7457

SHA1
0511be4d649c8da29ac8af12f019a8ca01f00ade

SHA256
9e2b3c898821eabc315576f6f274dbdd4e055c60ef3d2325a96caf702fd86ece

SHA512
45dc33d6790c66ad5bad9e6f3d0b0f47ef4b112ed6e55601900f25aa46c171d6ad47a69f4a18e24afff218aab221de21e50d39c8823371e2bd5fae6019ca3299

Download Submit
C:\Program Files (x86)\MacroRecorder\MacroRecorder.exe

Filesize
1.1MB

MD5
cd2ff16f2aa3a0525c7e9ed355ba7457

SHA1
0511be4d649c8da29ac8af12f019a8ca01f00ade

SHA256
9e2b3c898821eabc315576f6f274dbdd4e055c60ef3d2325a96caf702fd86ece

SHA512
45dc33d6790c66ad5bad9e6f3d0b0f47ef4b112ed6e55601900f25aa46c171d6ad47a69f4a18e24afff218aab221de21e50d39c8823371e2bd5fae6019ca3299

Download Submit
C:\Program Files (x86)\MacroRecorder\unins000.exe

Filesize
2.9MB

MD5
5f60fcd65065f14167a21d790ec39d05

SHA1
7930a70c8f96b743fd5a2a3923a6ea99280e53e0

SHA256
0b3a2cfecc43852e4999f817af79722ac0a18b3aaa749d40fa173bcc803fe2a8

SHA512
74b8edd32f3bb40a21cd1ab7c106f330d80318fc61153e4fed01200e2733e79310028b2fe3ebd83b7fc3392bcaba8ccd4aa990ab3ad571fbf779c5be5ff2e463

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\232ce468-89d6-4a8e-9ebe-6137fa6d5a3c.tmp

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\33334580-077d-460c-b3b4-007de3963033.tmp

Filesize
106KB

MD5
3717fb1de8adbbc40df9fd0d3afd9c85

SHA1
12ecac3cf18a5fa3408c040c415bacf562e8de86

SHA256
801705869b2efc8551ce47125689ea11734ad276262f5d571d59fab853fb15c9

SHA512
87afcc84ddcf92cee454f938b0d147e4f4285a111873191550d9a4bcdb6330e9af6d2bd33014e79f65ace1dcc947631fd98e22f7c092cb8ed5d01d5842c7864d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
7ffa0a6b6f96dc427173483dc0d48252

SHA1
ddf0516ceea93b18671d440213322f78bb1f7055

SHA256
4657a101210fb43970bfb446664e400222fb9b2a772a1a6c636f5dfdae5cf033

SHA512
b45db74fb7a119b02fd9f7ffbd07988e7654693435a5531b854b0a11879d787cc4b9ca6ebfa197df55e2b2826886dbba3fe9ab8fe1a3d4720caee84cba5e2f89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
7ffa0a6b6f96dc427173483dc0d48252

SHA1
ddf0516ceea93b18671d440213322f78bb1f7055

SHA256
4657a101210fb43970bfb446664e400222fb9b2a772a1a6c636f5dfdae5cf033

SHA512
b45db74fb7a119b02fd9f7ffbd07988e7654693435a5531b854b0a11879d787cc4b9ca6ebfa197df55e2b2826886dbba3fe9ab8fe1a3d4720caee84cba5e2f89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\1c6412f5-090d-4edb-8574-e3f5b6283f7a.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
177c885686f4df48c70f4c2f2ee96004

SHA1
e590e19dea609b8db6105fd53d24d1636f085026

SHA256
62f038664f36eaecdbd93bcc2b21c5b3c18eaeb8d92031aac628ca59349fc81f

SHA512
12cb5a929859a04eea98f313301807e91cb2a8d8c8bab19d2114afaf9238228907811f84e51bf9970d0110629a530454e231fb78f3d17304c4c9b27ba17a203c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
73e670514f1bd122aaf521cda12d8ed9

SHA1
0885eaa8b325adb74170040c5cb2730b90d299f3

SHA256
c343e5eac96ea8878b47336a398b8a1e2ebaa9ed65e7eca3b7e292664320c7d1

SHA512
8a805090808dcd966b2b3503d6244d8db74938b1daac8da69c55eac3483ac142c4be0a580742e5dd05551347cbf9fc7eb88184943afd026849e9bef0c7e71e26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
83f1aa7f46e73e9faf71b57bd0a2e713

SHA1
c4ec725ff5abfcca9eb7af8a1585dfab30257322

SHA256
2b0e4128286641a6955e83968b2977ae0792f746876a91f84cd0d9343f35635c

SHA512
ff50ae5c56ad5d8dd60e0bc75061460a067618a78f2f7aef6552fa552e315bdd5fa2f886290da78dd18bcb5e19ce98d8ad593eac64d4e87061ea74528cda11f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
40KB

MD5
7af63db34db605d8dd2c1c9a01b1e053

SHA1
0a78f5165c37eb51371afe2e9dde9ea1f70b8912

SHA256
b4f04e6c5f7e27398f72dceeb47a4711f6b4d475c4a2c8c23e8930d6718ce938

SHA512
78387a5038d814c1ac71a35bb44e0e1e9a49456e4b0da8e38766f3ca3f4ce9f973926697701bb1cfc47552dc11ccbb1326488e0a28f1b1f0cd96e60ace05a8b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\CURRENT

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
136B

MD5
8690a65967e190ebe3b971602f4fcf17

SHA1
53b671cffc46139b1426aa83be5b6f389b13c47a

SHA256
9598b8e96159edc6ffd1639cf9492a4658b6557e19e455a2c6ccc6a6fa906f63

SHA512
e752a499be9f24e408f4d393a6ac109ef915f872be57336740825b6fac6fe8420c6bcf8fc822596971570fe0933e59a626e661c0d090d5a1bdb0d97a25d6e4ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000007

Filesize
50B

MD5
1be22f40a06c4e7348f4e7eaf40634a9

SHA1
8205ec74cd32ef63b1cc274181a74b95eedf86df

SHA256
45a28788cde0d2a0232d19c391eae45777fe640790ac0674d6daa5672c444691

SHA512
b8f6f42d375e3ad8015d744fa2814994fa6e588b41cce0131fca48194dd40146b08169a8ce0da350525ff32a59a16edb503c72e0f07254955c82a0d38074856e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000008.dbtmp

Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf781dbe.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
136B

MD5
d69702fea2e95ae1181647feafbbe631

SHA1
93d7e55d2f511257d3f0df394bdd2f4300d8f343

SHA256
4edbd8acd336c26fb5d31caca9555a9aba66014a61b79d10b7c3c7a0b4698a74

SHA512
41988fa11863164e38b06a55106eeac4ffe1500b99f29c1a2e50a2e8994676f85fc2589fbf00514137ba926f798b1d59f7d1498b6f03fc675314431952cfadce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
8b341ee6559bc93afe907f65aabcf45b

SHA1
eb58dc90e5b34554d1fdbd79223c23b6e2d807da

SHA256
2c57512d45db2e61e8160bfb44e9df324b2a693844bcab34059fbcf30fb299c5

SHA512
1752b2699dafb3a48322b6a83ec7ae5d63839c220118698922360943faaae08dac0406409f187cfa24af5c2fc56f4b702427d99511cdba1f572cdbac9adffd9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
33934a7d7465164d888230186374914a

SHA1
e4c93d2179f3c1051b3746a1d5ce83a2d73a8cbf

SHA256
5f9998d45c0ea8ccd42b65953c5ed6b46be70930c9ffdcbb9e7914c164befd97

SHA512
79e12fe2263e327d234bc22e60c544ac5db8e086b10a60d09214898d386535f8da46cf95da4bfad872092f0f71bfb20906811193529900df21895aa406994fce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
941e24dda231adf0d405d81a122c81e1

SHA1
bccfb56e240d49961890158aae2caeed6e6a701b

SHA256
6c531502de07a4a7ef52dabe10d9d9d8f347c9ad4e179bcb0bba8b6b2830a52c

SHA512
8b702c79fb6184c7daeebc2eaa26478f2c381c9aef94bf8617bac25d6e137b0f2ec219077cfcb5f47c5ec2837e9dd41e843b998b2737095f895c45af92ce3533

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
6f1017f34fa6c713b382ee18fdd91b91

SHA1
58e66c3953c56ed91f708ab4a0270f552d9a2134

SHA256
05a42e913c02a9c5d5bbff7d9b7d57a19df6ce15a277c26a9be9bab5a3ea4a58

SHA512
b3ee60371127bd0b70292b7c6ff5ab24131f5a9e0b4066d7e39995d905437b97a34bc789f4889e7b49657c5c0e4427f62c0202420b750b935224bbe9aea60e64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
e380d961141d69535e9291290fd06176

SHA1
de842d1e9c9a902f8baf117d33778a40059756f4

SHA256
0fb5e9119bc630de07e25c7ff0a3c3b10e6efa696174bbfb3df193f5beddd44d

SHA512
5bab8d7f07939b52507ac38a9f71564f160fc974bcaaa0951c3bd17fe4f33166c01b7a1daf49b82c1bdbe83c22766072dda031803f63862bcdeb9f9bdc75022c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000009.log

Filesize
38B

MD5
e9c694b34731bf91073cf432768a9c44

SHA1
861f5a99ad9ef017106ca6826efe42413cda1a0e

SHA256
01c766e2c0228436212045fa98d970a0ad1f1f73abaa6a26e97c6639a4950d85

SHA512
2a359571c4326559459c881cba4ff4fa9f312f6a7c2955b120b907430b700ea6fd42a48fbb3cc9f0ca2950d114df036d1bb3b0618d137a36ebaaa17092fe5f01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\CURRENT

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
247B

MD5
a0fa2466c5b0defa2f55f8946aaf49de

SHA1
42eeb48d6d6eb0e37469318c078ac8bfa55910db

SHA256
27646e18e7a7d397c94ff6974b8fdb2a16c817028d49c4812c061296b55c7893

SHA512
4c4706d21a2bab6891c2b480e67b6bac9d3aa1bd08e026c078fc3cac5ecbcb41e3379d90eec10e65e97aa5aa02cb1b353aa9d25179abdc82ee3de7bc593aff32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000007

Filesize
90B

MD5
b6d5d86412551e2d21c97af6f00d20c3

SHA1
543302ae0c758954e222399987bb5e364be89029

SHA256
e0b2fdc217d9c571a35f41c21ed2596309f3f00a7297a8d1ded05f54f0e68191

SHA512
5b56ae73a61add9e26f77d95c9b823f82a7fcdc75eed64b388fb4967f5c6c42cb0796b0b99dc25c89f38952786176c10d173dec7862a8a5ce5f820280f72d665

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
136B

MD5
39165ed79eb72dc24332efd16786808d

SHA1
a86e0fe8d8b8b13ff658df6374f619cfef07e13f

SHA256
29f83ef0a981b042d4f4e9748c55d9098a17393973e98e225008faa877cbe852

SHA512
868b5f016af29d6caa4d5d48a72c36a860d7b7b1f83b682e098aa85d19264d685dfe4fb103e6831de894486c83a5d5e3a9b3a24efb42ec9b9bdedafb577b82b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\MANIFEST-000007

Filesize
107B

MD5
22b937965712bdbc90f3c4e5cd2a8950

SHA1
25a5df32156e12134996410c5f7d9e59b1d6c155

SHA256
cad3bbec41899ea5205612fc1494fa7ba88847fb75437a2def22211a4003e2eb

SHA512
931427ad4609ab4ca12b2ee852d4965680f58602b00c182a2d340acf3163d888be6cfad87ca089f2b47929ddfa66be03ab13a6d24922397334d6997d4c8ede3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000009.dbtmp

Filesize
16B

MD5
979c29c2917bed63ccf520ece1d18cda

SHA1
65cd81cdce0be04c74222b54d0881d3fdfe4736c

SHA256
b3524365a633ee6d1fa9953638d2867946c515218c497a5ec2dbef7dc44a7c53

SHA512
e38f694fd6ab9f678ae156528230d7a8bfb7b59a13b227f59f9c38ab5617db11ebb6be1276323a905d09c4066a3fe820cf58077ab48bf201f3c467a98516ee7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000011.dbtmp

Filesize
16B

MD5
6de46ed1e4e3a2ca9cf0c6d2c5bb98ca

SHA1
e45e85d3d91d58698f749c321a822bcccd2e5df7

SHA256
a197cc479c3bc03ef7b8d2b228f02a9bfc8c7cc6343719c5e26bebc0ca4ecf06

SHA512
710620a671c13935820ed0f3f78269f6975c05cf5f00542ebc855498ae9f12278da85feef14774206753771a4c876ae11946f341bb6c4d72ebcd99d7cff20dcd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
136B

MD5
a987249f95553174f0c362145c30afea

SHA1
09b4a4a04b1964f32c75f9a4f183fe36801f8655

SHA256
840e750cec4b593e5fb68e0f460ba7390302ea63f1b5460a722bcd2dbbfae27d

SHA512
08cab333696d4a64c48fd85c4a082a6f8640ffdc0be849f7a832b0f65c4a7aa41991525049179bc5266ae51f967f00ee446c058a2f2c3f8a79ed14639cf34bc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000007

Filesize
117B

MD5
2ac0494b5c4c6d605281ee87339a0cc7

SHA1
6ea0fd5480bd086ed4110d0622388574f0222666

SHA256
53161ecf97484ce07e22fbed3f642f3c1daec51a22b84be407522e5d38d2afbd

SHA512
77c6a0422b17b90dcc84094e184020613bfc7f71f07bb6fe15a68f48330e7b374c5228d65606341248983e3ec17c9b30a61e31ebdfac73f7e6abeb9d2b5f8f7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000008.ldb

Filesize
442B

MD5
6fb78c7da943d25f0596b18a4fd83c42

SHA1
62e9db09cb2187f1b0c3aff54b0da9b9149324ac

SHA256
61744529c1e25e42cb0d54d67aed6e441622b7c0866e79d43c92c64a27b9e0b4

SHA512
b9d87ecd136c37c036dbac9da6f6ec7a90e0c728f1cb9efdde468ae87a6b6c8df82f303813c9eed3800d10109ac38169f0e29d751c599cc5863bec3a235b2c90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000009.log

Filesize
122B

MD5
89c002175b9cef126c1690c64c6e2f73

SHA1
b9d11f7980966e997df1f07dfb09f06c05aee979

SHA256
90a51ffa73fa0817e6a634fe391847c0b4d9802f61bee9b95f819694a08a71ee

SHA512
45f9882526f19b785a08e3a6157b754608f414026c5c603148810982fa75d8b348ce8381b133d29cf2a31a131dca51111ef61a361e7d631890be7fbc17e7de44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000013.dbtmp

Filesize
16B

MD5
a6813b63372959d9440379e29a2b2575

SHA1
394c17d11669e9cb7e2071422a2fd0c80e4cab76

SHA256
e6325e36f681074fccd2b1371dbf6f4535a6630e5b95c9ddff92c48ec11ce312

SHA512
3215a0b16c833b46e6be40fe8e3156e91ec0a5f5d570a5133b65c857237826053bf5d011de1fcc4a13304d7d641bcba931178f8b79ee163f97eb0db08829e711

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\CURRENT

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
249B

MD5
bec2025cb984c6c9e7140bb5659e1fdc

SHA1
3566981f8a0e6414c4fbf8ba4527dc53d188a695

SHA256
ff7b672b61e9c378061f31f75e9461442106a8f37ec8ea24687c63e4537b31e4

SHA512
6b3afeb551ccc34e0aa94314fc2feab2f7a7d48ad220f8f479fbbcbbac042ea10a5e902db217a6b2425ac3109a0a175175b2a24dd75943da43d05157c3483928

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\MANIFEST-000007

Filesize
98B

MD5
005293bb1e73454e3968ab76c06f2aaa

SHA1
9f48bce729179b292797f65583d43af84c7d3f12

SHA256
3c64a1e8e11a2a039c6f312fe4500d3e2f4d6fc7898ab8fb2c285f0c0754a852

SHA512
b6de68c6b9397e27ebe96cee1b794421594000ecc8c339cc067f5d64bf14f6084aacb58fde25f8583228edd93741b54f61b38ad5af816d65dec49841bd3acfa0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000008.ldb

Filesize
318B

MD5
ff1e567deb648c50904bc6443db59490

SHA1
e597ffb7e229579da01bdabe992a4e201f35a3be

SHA256
8a3744a2daedd66294a181bdcec9176d779d201620b2ff987980f09498b39d42

SHA512
0b7daa15a7891b9bfb2618c713ca5d9bcd5a09ee435d31e737fed407a34cbd02ed386d3f9f76e4ce34603fa2d2c508019ce6899bd9b9e69eef3d8e684ef0ede9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000009.log

Filesize
34B

MD5
fe62c64b5b3d092170445d5f5230524e

SHA1
0e27b930da78fce26933c18129430816827b66d3

SHA256
1e1a9ca70503efd8c607f9bc7131f08aba0476d75f2586dadb4da5485a5315d4

SHA512
924daccfbfb0c0464b4c5fd769e01a8f2e96fe28b635aa27ab4cd91766b05b03bbf941af14c017436107673f01bad815ce1fac2a649e745c76b3c736994b4fd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000010.dbtmp

Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
249B

MD5
86b26c45bbd24c81232b27ee11db4bcf

SHA1
f732c4bd461fcce7767122637ec176d48c9776a7

SHA256
9eb11c4c758e3fcfebdf12c5fb95d1af6ff8f2ff804e261fddaf1588b498727c

SHA512
5dc489a031b3e4733dc2e9df466fe2d29e0dc30e0c964b0de6318ae2bf303bd806f471b01894b0651561abf600d7963de2ea8720238b71560675f8803d101f79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\MANIFEST-000007

Filesize
118B

MD5
fb45dce6bda278c7d3d13b393437b975

SHA1
401dc4c3873fdefffb73d4ace2c33eba4da6f031

SHA256
39ec38c22a26d9b457a468bde28023cceead2c76c189a2b9ab9cbbfd7ae62607

SHA512
966ae0e1c36342af2abab8e62713646fc4c17d8013fb160fcd58891e47413b89cc5adce1ce52195e7b985c3e3f9092f63171dcb7a1fb572195b008a88d2b5aa5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
106KB

MD5
ec19f768cacc33696a8851d8eec8c68b

SHA1
61f2eafcf0a753f8e5f5cd73c1325e1c141c99b9

SHA256
871d47b2a20beea4239b965a24908996ca3144e7f2b7ab96833bb1ad2a973d00

SHA512
1b3120daf2bd852705b0d665be766381ccf1b33d85d8cfe99f732a59d0136f989578b224d63dfa383dc23ceccce3a7ca541212a67536c34c185cfb8bd11f4c60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
07ef4c91239b10fd97d49e3e06c49ec4

SHA1
bbb2374234902981b7e441aa2a53ca61e0c71263

SHA256
68660b0c9412c771d1dc74c07090f0927743e49c21ad9442d63a9ff2e4aa21d8

SHA512
48875a3d173c5ad15902a56b90b415a200f6d6a7c5d0db0108ee262fc5ff8876e24fa4e7da56e32a44346564dc81e7b479d669e5744ed3c9874ab1a979349bdc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
106KB

MD5
6c733d3f4c202323fc12d839e96a2d1c

SHA1
fb67844345fe794abd690403075a092527f34ba2

SHA256
97274a7bdcca37dbac33f9322af149a49ec969803b2c443a0c0096dd1b2a5f0a

SHA512
bdaa65f9b64aa34338512fce38ac35f3cfa28e904bfab032e651dd23f5d4819ca0279ca9803447fc65cf5a8a4d9c4dac893afdc5803cb6fecb3a894166b186a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\c574357c-b4b2-417a-be68-79ce605bf7ea.tmp

Filesize
106KB

MD5
0ed027eb8f37e35b43d3e5e115f5d101

SHA1
d3328632ffe2f639978a2a91d2ab7434928e7219

SHA256
5a72456be073539bc8ac8c080820bfdb53d826ab4007f975f3b2957b16ac3d32

SHA512
1d92b855d5622093acb8af9955f6d8aa5adb282991e2988fd8597d3beddcafe33250eaf99f2a84d035b9c12d90bddd041817a29517ded15f29bedf4500f0a487

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\fb271076-b973-4c81-83b0-60942811e15a.tmp

Filesize
200KB

MD5
07ef4c91239b10fd97d49e3e06c49ec4

SHA1
bbb2374234902981b7e441aa2a53ca61e0c71263

SHA256
68660b0c9412c771d1dc74c07090f0927743e49c21ad9442d63a9ff2e4aa21d8

SHA512
48875a3d173c5ad15902a56b90b415a200f6d6a7c5d0db0108ee262fc5ff8876e24fa4e7da56e32a44346564dc81e7b479d669e5744ed3c9874ab1a979349bdc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\fd3fe7f4-9963-4978-b23f-1654ce076834.tmp

Filesize
106KB

MD5
fae66977259bcc8336fa957a1dd371c9

SHA1
39f2709746c653f94bb25ddbd6590f1a64bbda4e

SHA256
126379098369102d64ac9c98a2f51c13272f289c67c8b1e700def0e21d075785

SHA512
1ba989a884da57cb21a2d5307595c68f336a18bd186f7b00631dd0a2ab350deacca12cad17b6daad57ce7077715bb2dbd6b9e458f2395b47f23055fca33120de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-UK53U.tmp\MacroRecorderSetup.tmp

Filesize
2.9MB

MD5
5f60fcd65065f14167a21d790ec39d05

SHA1
7930a70c8f96b743fd5a2a3923a6ea99280e53e0

SHA256
0b3a2cfecc43852e4999f817af79722ac0a18b3aaa749d40fa173bcc803fe2a8

SHA512
74b8edd32f3bb40a21cd1ab7c106f330d80318fc61153e4fed01200e2733e79310028b2fe3ebd83b7fc3392bcaba8ccd4aa990ab3ad571fbf779c5be5ff2e463

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-UK53U.tmp\MacroRecorderSetup.tmp

Filesize
2.9MB

MD5
5f60fcd65065f14167a21d790ec39d05

SHA1
7930a70c8f96b743fd5a2a3923a6ea99280e53e0

SHA256
0b3a2cfecc43852e4999f817af79722ac0a18b3aaa749d40fa173bcc803fe2a8

SHA512
74b8edd32f3bb40a21cd1ab7c106f330d80318fc61153e4fed01200e2733e79310028b2fe3ebd83b7fc3392bcaba8ccd4aa990ab3ad571fbf779c5be5ff2e463

Download Submit
\Program Files (x86)\MacroRecorder\MacroLauncher.exe

Filesize
470KB

MD5
9d024bbd0b1dba4baed68783d74ec47b

SHA1
6034648bdff3ee98bd1b8273124caad67067500b

SHA256
8a0f56a70cb58e004d9a8c158aba2a665e66dc83f0664a6f27445c9687af2442

SHA512
03ab2470fdb9dde9cac4a80016dc6e1387be6d2ff774cb06911b4ba6c4e54b492fb7dd48dbe0e190dd84c4cb1eaae3bf4ab3003a0d0b71a195122f31d8517ea1

Download Submit
\Program Files (x86)\MacroRecorder\MacroRecorder.exe

Filesize
1.1MB

MD5
cd2ff16f2aa3a0525c7e9ed355ba7457

SHA1
0511be4d649c8da29ac8af12f019a8ca01f00ade

SHA256
9e2b3c898821eabc315576f6f274dbdd4e055c60ef3d2325a96caf702fd86ece

SHA512
45dc33d6790c66ad5bad9e6f3d0b0f47ef4b112ed6e55601900f25aa46c171d6ad47a69f4a18e24afff218aab221de21e50d39c8823371e2bd5fae6019ca3299

Download Submit
\Program Files (x86)\MacroRecorder\MacroRecorder.exe

Filesize
1.1MB

MD5
cd2ff16f2aa3a0525c7e9ed355ba7457

SHA1
0511be4d649c8da29ac8af12f019a8ca01f00ade

SHA256
9e2b3c898821eabc315576f6f274dbdd4e055c60ef3d2325a96caf702fd86ece

SHA512
45dc33d6790c66ad5bad9e6f3d0b0f47ef4b112ed6e55601900f25aa46c171d6ad47a69f4a18e24afff218aab221de21e50d39c8823371e2bd5fae6019ca3299

Download Submit
\Program Files (x86)\MacroRecorder\unins000.exe

Filesize
2.9MB

MD5
5f60fcd65065f14167a21d790ec39d05

SHA1
7930a70c8f96b743fd5a2a3923a6ea99280e53e0

SHA256
0b3a2cfecc43852e4999f817af79722ac0a18b3aaa749d40fa173bcc803fe2a8

SHA512
74b8edd32f3bb40a21cd1ab7c106f330d80318fc61153e4fed01200e2733e79310028b2fe3ebd83b7fc3392bcaba8ccd4aa990ab3ad571fbf779c5be5ff2e463

Download Submit
\Users\Admin\AppData\Local\Temp\is-UK53U.tmp\MacroRecorderSetup.tmp

Filesize
2.9MB

MD5
5f60fcd65065f14167a21d790ec39d05

SHA1
7930a70c8f96b743fd5a2a3923a6ea99280e53e0

SHA256
0b3a2cfecc43852e4999f817af79722ac0a18b3aaa749d40fa173bcc803fe2a8

SHA512
74b8edd32f3bb40a21cd1ab7c106f330d80318fc61153e4fed01200e2733e79310028b2fe3ebd83b7fc3392bcaba8ccd4aa990ab3ad571fbf779c5be5ff2e463

Download Submit
memory/2440-10-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/2440-1-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/2440-70-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/2696-13-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/2696-8-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/2696-69-0x0000000000400000-0x00000000006EE000-memory.dmp

Filesize
2.9MB

Download
memory/2696-12-0x0000000000400000-0x00000000006EE000-memory.dmp

Filesize
2.9MB

Download
memory/2696-15-0x0000000000400000-0x00000000006EE000-memory.dmp

Filesize
2.9MB

Download
memory/3060-66-0x0000000000120000-0x0000000000240000-memory.dmp

Filesize
1.1MB

Download
memory/3060-76-0x0000000005300000-0x0000000005340000-memory.dmp

Filesize
256KB

Download
memory/3060-78-0x0000000005300000-0x0000000005340000-memory.dmp

Filesize
256KB

Download
memory/3060-67-0x0000000073220000-0x000000007390E000-memory.dmp

Filesize
6.9MB

Download
memory/3060-74-0x0000000073220000-0x000000007390E000-memory.dmp

Filesize
6.9MB

Download
memory/3060-77-0x0000000005300000-0x0000000005340000-memory.dmp

Filesize
256KB

Download
memory/3060-71-0x0000000005300000-0x0000000005340000-memory.dmp

Filesize
256KB

Download
memory/3060-73-0x0000000005300000-0x0000000005340000-memory.dmp

Filesize
256KB

Download
memory/3060-75-0x0000000005300000-0x0000000005340000-memory.dmp

Filesize
256KB

Download