umbral | dee17b4eadaee39276596882c2c60a1b59451017aa91f5c255dee92ae6689449

Analysis

max time kernel
296s
max time network
277s
platform
windows10-2004_x64
resource
win10v2004-20231127-de
resource tags

arch:x64arch:x86image:win10v2004-20231127-delocale:de-deos:windows10-2004-x64systemwindows
submitted
05/12/2023, 03:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RUNTWAREV2.exe
Size

227KB
MD5

6a3f3ce9e59e7f8b18895edb0ccb8e4f
SHA1

81da4be170d0e4be51014e5bccc89c09f0c95202
SHA256

dee17b4eadaee39276596882c2c60a1b59451017aa91f5c255dee92ae6689449
SHA512

b9caa7e6020d9c7b2442b351a03215a4dece45613918936f848de180b5da92286a20ea8527c676b6fd0d4843a7c2fd9f9123c85c8630e62b883a907ae0101fba
SSDEEP

6144:+loZM+rIkd8g+EtXHkv/iD44AummkrHMV9YW3X2cAb8e1mxzOi:ooZtL+EP84AummkrHMV9YW3X21Azj

Score

10^/10

umbral stealer

Malware Config

Signatures

Detect Umbral payload 1 IoCs

resource	yara_rule
behavioral2/memory/1520-0-0x000002AF7F8D0000-0x000002AF7F910000-memory.dmp	family_umbral

Umbral
Umbral stealer is an opensource moduler stealer written in C#.
stealer umbral

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 41 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3455265224-196869244-2056873367-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3455265224-196869244-2056873367-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3455265224-196869244-2056873367-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3455265224-196869244-2056873367-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3455265224-196869244-2056873367-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3455265224-196869244-2056873367-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3455265224-196869244-2056873367-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31074091"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3455265224-196869244-2056873367-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3455265224-196869244-2056873367-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 400f56cc2b27da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3455265224-196869244-2056873367-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3455265224-196869244-2056873367-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3455265224-196869244-2056873367-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3416325082"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3455265224-196869244-2056873367-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31074091"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3455265224-196869244-2056873367-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3455265224-196869244-2056873367-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004402aa0a8b430241818a878b00a4898a000000000200000000001066000000010000200000001cd4f5cac46051c269d892bb8d579d793cb7d063d4eed93ae448f8956b5bf706000000000e8000000002000020000000873137bcb93c1fd1b4c6d0f0ccb52cf62c58d743604436200ad48127010c90eb200000004c29eca1958951b6391862f611aee46e58b4f39696722e2258fa72a51bf530ec40000000a92832f1b44093001911c81e8109a0fc3deff50eb361cb10b4ed897a881d0fe00d8eb663a07b055ab2c064968e103347aa3ced51509ce2a695e5752ff513cb7f	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3455265224-196869244-2056873367-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3455265224-196869244-2056873367-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3455265224-196869244-2056873367-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3455265224-196869244-2056873367-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3402417778"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3455265224-196869244-2056873367-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3455265224-196869244-2056873367-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3455265224-196869244-2056873367-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3455265224-196869244-2056873367-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3455265224-196869244-2056873367-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3455265224-196869244-2056873367-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3455265224-196869244-2056873367-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3455265224-196869244-2056873367-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "408512144"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3455265224-196869244-2056873367-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3455265224-196869244-2056873367-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3455265224-196869244-2056873367-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004402aa0a8b430241818a878b00a4898a0000000002000000000010660000000100002000000069b997c8934957fcfe87ac03b5daa3fd5f1f47eecb25cbd88b1fdb8d03c0b020000000000e800000000200002000000081a6602d0553ed605a52282a491b228eeb45213aec816a6ad58552b00b55e51920000000af424fd703806fd5bb92d07aea8884bad428ecd0fc4b460f7b5089e55ddbc0e140000000952303ae3bcb8db5e1fc24080b998714c5c81dbe864aa7ac97bfee29a18d9a40ae9569676d33e7061a5c72b1ef03ce5ff0efbc85c9be4515889a6ce571710d9b	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3455265224-196869244-2056873367-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\de-DE = "de-DE.1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3455265224-196869244-2056873367-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3455265224-196869244-2056873367-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3455265224-196869244-2056873367-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3455265224-196869244-2056873367-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3455265224-196869244-2056873367-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31074091"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3455265224-196869244-2056873367-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3455265224-196869244-2056873367-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3402417778"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3455265224-196869244-2056873367-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70fc42cc2b27da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3455265224-196869244-2056873367-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3455265224-196869244-2056873367-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{F66E72E0-931E-11EE-AC0A-DEA55E44F084} = "0"	iexplore.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133462207457942380"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4008	chrome.exe
4008	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1520	RUNTWAREV2.exe
Token: SeIncreaseQuotaPrivilege	1032	wmic.exe
Token: SeSecurityPrivilege	1032	wmic.exe
Token: SeTakeOwnershipPrivilege	1032	wmic.exe
Token: SeLoadDriverPrivilege	1032	wmic.exe
Token: SeSystemProfilePrivilege	1032	wmic.exe
Token: SeSystemtimePrivilege	1032	wmic.exe
Token: SeProfSingleProcessPrivilege	1032	wmic.exe
Token: SeIncBasePriorityPrivilege	1032	wmic.exe
Token: SeCreatePagefilePrivilege	1032	wmic.exe
Token: SeBackupPrivilege	1032	wmic.exe
Token: SeRestorePrivilege	1032	wmic.exe
Token: SeShutdownPrivilege	1032	wmic.exe
Token: SeDebugPrivilege	1032	wmic.exe
Token: SeSystemEnvironmentPrivilege	1032	wmic.exe
Token: SeRemoteShutdownPrivilege	1032	wmic.exe
Token: SeUndockPrivilege	1032	wmic.exe
Token: SeManageVolumePrivilege	1032	wmic.exe
Token: 33	1032	wmic.exe
Token: 34	1032	wmic.exe
Token: 35	1032	wmic.exe
Token: 36	1032	wmic.exe
Token: SeIncreaseQuotaPrivilege	1032	wmic.exe
Token: SeSecurityPrivilege	1032	wmic.exe
Token: SeTakeOwnershipPrivilege	1032	wmic.exe
Token: SeLoadDriverPrivilege	1032	wmic.exe
Token: SeSystemProfilePrivilege	1032	wmic.exe
Token: SeSystemtimePrivilege	1032	wmic.exe
Token: SeProfSingleProcessPrivilege	1032	wmic.exe
Token: SeIncBasePriorityPrivilege	1032	wmic.exe
Token: SeCreatePagefilePrivilege	1032	wmic.exe
Token: SeBackupPrivilege	1032	wmic.exe
Token: SeRestorePrivilege	1032	wmic.exe
Token: SeShutdownPrivilege	1032	wmic.exe
Token: SeDebugPrivilege	1032	wmic.exe
Token: SeSystemEnvironmentPrivilege	1032	wmic.exe
Token: SeRemoteShutdownPrivilege	1032	wmic.exe
Token: SeUndockPrivilege	1032	wmic.exe
Token: SeManageVolumePrivilege	1032	wmic.exe
Token: 33	1032	wmic.exe
Token: 34	1032	wmic.exe
Token: 35	1032	wmic.exe
Token: 36	1032	wmic.exe
Token: SeShutdownPrivilege	4008	chrome.exe
Token: SeCreatePagefilePrivilege	4008	chrome.exe
Token: SeShutdownPrivilege	4008	chrome.exe
Token: SeCreatePagefilePrivilege	4008	chrome.exe
Token: SeShutdownPrivilege	4008	chrome.exe
Token: SeCreatePagefilePrivilege	4008	chrome.exe
Token: SeShutdownPrivilege	4008	chrome.exe
Token: SeCreatePagefilePrivilege	4008	chrome.exe
Token: SeShutdownPrivilege	4008	chrome.exe
Token: SeCreatePagefilePrivilege	4008	chrome.exe
Token: SeShutdownPrivilege	4008	chrome.exe
Token: SeCreatePagefilePrivilege	4008	chrome.exe
Token: SeShutdownPrivilege	4008	chrome.exe
Token: SeCreatePagefilePrivilege	4008	chrome.exe
Token: SeShutdownPrivilege	4008	chrome.exe
Token: SeCreatePagefilePrivilege	4008	chrome.exe
Token: SeShutdownPrivilege	4008	chrome.exe
Token: SeCreatePagefilePrivilege	4008	chrome.exe
Token: SeShutdownPrivilege	4008	chrome.exe
Token: SeCreatePagefilePrivilege	4008	chrome.exe
Token: SeShutdownPrivilege	4008	chrome.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
1056	iexplore.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1056	iexplore.exe
1056	iexplore.exe
5192	IEXPLORE.EXE
5192	IEXPLORE.EXE
5192	IEXPLORE.EXE
5192	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1520 wrote to memory of 1032	1520	RUNTWAREV2.exe	87
PID 1520 wrote to memory of 1032	1520	RUNTWAREV2.exe	87
PID 4008 wrote to memory of 3756	4008	chrome.exe	109
PID 4008 wrote to memory of 3756	4008	chrome.exe	109
PID 4008 wrote to memory of 5004	4008	chrome.exe	110
PID 4008 wrote to memory of 5004	4008	chrome.exe	110
PID 4008 wrote to memory of 5004	4008	chrome.exe	110
PID 4008 wrote to memory of 5004	4008	chrome.exe	110
PID 4008 wrote to memory of 5004	4008	chrome.exe	110
PID 4008 wrote to memory of 5004	4008	chrome.exe	110
PID 4008 wrote to memory of 5004	4008	chrome.exe	110
PID 4008 wrote to memory of 5004	4008	chrome.exe	110
PID 4008 wrote to memory of 5004	4008	chrome.exe	110
PID 4008 wrote to memory of 5004	4008	chrome.exe	110
PID 4008 wrote to memory of 5004	4008	chrome.exe	110
PID 4008 wrote to memory of 5004	4008	chrome.exe	110
PID 4008 wrote to memory of 5004	4008	chrome.exe	110
PID 4008 wrote to memory of 5004	4008	chrome.exe	110
PID 4008 wrote to memory of 5004	4008	chrome.exe	110
PID 4008 wrote to memory of 5004	4008	chrome.exe	110
PID 4008 wrote to memory of 5004	4008	chrome.exe	110
PID 4008 wrote to memory of 5004	4008	chrome.exe	110
PID 4008 wrote to memory of 5004	4008	chrome.exe	110
PID 4008 wrote to memory of 5004	4008	chrome.exe	110
PID 4008 wrote to memory of 5004	4008	chrome.exe	110
PID 4008 wrote to memory of 5004	4008	chrome.exe	110
PID 4008 wrote to memory of 5004	4008	chrome.exe	110
PID 4008 wrote to memory of 5004	4008	chrome.exe	110
PID 4008 wrote to memory of 5004	4008	chrome.exe	110
PID 4008 wrote to memory of 5004	4008	chrome.exe	110
PID 4008 wrote to memory of 5004	4008	chrome.exe	110
PID 4008 wrote to memory of 5004	4008	chrome.exe	110
PID 4008 wrote to memory of 5004	4008	chrome.exe	110
PID 4008 wrote to memory of 5004	4008	chrome.exe	110
PID 4008 wrote to memory of 5004	4008	chrome.exe	110
PID 4008 wrote to memory of 5004	4008	chrome.exe	110
PID 4008 wrote to memory of 5004	4008	chrome.exe	110
PID 4008 wrote to memory of 5004	4008	chrome.exe	110
PID 4008 wrote to memory of 5004	4008	chrome.exe	110
PID 4008 wrote to memory of 5004	4008	chrome.exe	110
PID 4008 wrote to memory of 5004	4008	chrome.exe	110
PID 4008 wrote to memory of 5004	4008	chrome.exe	110
PID 4008 wrote to memory of 4784	4008	chrome.exe	114
PID 4008 wrote to memory of 4784	4008	chrome.exe	114
PID 4008 wrote to memory of 5076	4008	chrome.exe	111
PID 4008 wrote to memory of 5076	4008	chrome.exe	111
PID 4008 wrote to memory of 5076	4008	chrome.exe	111
PID 4008 wrote to memory of 5076	4008	chrome.exe	111
PID 4008 wrote to memory of 5076	4008	chrome.exe	111
PID 4008 wrote to memory of 5076	4008	chrome.exe	111
PID 4008 wrote to memory of 5076	4008	chrome.exe	111
PID 4008 wrote to memory of 5076	4008	chrome.exe	111
PID 4008 wrote to memory of 5076	4008	chrome.exe	111
PID 4008 wrote to memory of 5076	4008	chrome.exe	111
PID 4008 wrote to memory of 5076	4008	chrome.exe	111
PID 4008 wrote to memory of 5076	4008	chrome.exe	111
PID 4008 wrote to memory of 5076	4008	chrome.exe	111
PID 4008 wrote to memory of 5076	4008	chrome.exe	111
PID 4008 wrote to memory of 5076	4008	chrome.exe	111
PID 4008 wrote to memory of 5076	4008	chrome.exe	111
PID 4008 wrote to memory of 5076	4008	chrome.exe	111
PID 4008 wrote to memory of 5076	4008	chrome.exe	111
PID 4008 wrote to memory of 5076	4008	chrome.exe	111
PID 4008 wrote to memory of 5076	4008	chrome.exe	111

C:\Users\Admin\AppData\Local\Temp\RUNTWAREV2.exe
"C:\Users\Admin\AppData\Local\Temp\RUNTWAREV2.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1520
- C:\Windows\System32\Wbem\wmic.exe
  "wmic.exe" csproduct get uuid
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd52d79758,0x7ffd52d79768,0x7ffd52d79778
  2⤵
  PID:3756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1840,i,17354860178125346449,2680390056964182421,131072 /prefetch:2
  2⤵
  PID:5004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2260 --field-trial-handle=1840,i,17354860178125346449,2680390056964182421,131072 /prefetch:8
  2⤵
  PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3096 --field-trial-handle=1840,i,17354860178125346449,2680390056964182421,131072 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3088 --field-trial-handle=1840,i,17354860178125346449,2680390056964182421,131072 /prefetch:1
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1840,i,17354860178125346449,2680390056964182421,131072 /prefetch:8
  2⤵
  PID:4784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4636 --field-trial-handle=1840,i,17354860178125346449,2680390056964182421,131072 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4840 --field-trial-handle=1840,i,17354860178125346449,2680390056964182421,131072 /prefetch:8
  2⤵
  PID:4368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5000 --field-trial-handle=1840,i,17354860178125346449,2680390056964182421,131072 /prefetch:8
  2⤵
  PID:3200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5152 --field-trial-handle=1840,i,17354860178125346449,2680390056964182421,131072 /prefetch:8
  2⤵
  PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5304 --field-trial-handle=1840,i,17354860178125346449,2680390056964182421,131072 /prefetch:8
  2⤵
  PID:2416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5524 --field-trial-handle=1840,i,17354860178125346449,2680390056964182421,131072 /prefetch:8
  2⤵
  PID:3548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5568 --field-trial-handle=1840,i,17354860178125346449,2680390056964182421,131072 /prefetch:8
  2⤵
  PID:3580
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:2500
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff7dc7e7688,0x7ff7dc7e7698,0x7ff7dc7e76a8
    3⤵
    PID:3960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5536 --field-trial-handle=1840,i,17354860178125346449,2680390056964182421,131072 /prefetch:8
  2⤵
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5196 --field-trial-handle=1840,i,17354860178125346449,2680390056964182421,131072 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3312 --field-trial-handle=1840,i,17354860178125346449,2680390056964182421,131072 /prefetch:1
  2⤵
  PID:5340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3300 --field-trial-handle=1840,i,17354860178125346449,2680390056964182421,131072 /prefetch:8
  2⤵
  PID:5436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3200 --field-trial-handle=1840,i,17354860178125346449,2680390056964182421,131072 /prefetch:1
  2⤵
  PID:5456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3188 --field-trial-handle=1840,i,17354860178125346449,2680390056964182421,131072 /prefetch:8
  2⤵
  PID:5508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5216 --field-trial-handle=1840,i,17354860178125346449,2680390056964182421,131072 /prefetch:8
  2⤵
  PID:5552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6172 --field-trial-handle=1840,i,17354860178125346449,2680390056964182421,131072 /prefetch:8
  2⤵
  PID:5568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3160 --field-trial-handle=1840,i,17354860178125346449,2680390056964182421,131072 /prefetch:1
  2⤵
  PID:5764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5636 --field-trial-handle=1840,i,17354860178125346449,2680390056964182421,131072 /prefetch:1
  2⤵
  PID:6140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=3456 --field-trial-handle=1840,i,17354860178125346449,2680390056964182421,131072 /prefetch:1
  2⤵
  PID:1164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6464 --field-trial-handle=1840,i,17354860178125346449,2680390056964182421,131072 /prefetch:1
  2⤵
  PID:5692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6472 --field-trial-handle=1840,i,17354860178125346449,2680390056964182421,131072 /prefetch:8
  2⤵
  PID:3200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6784 --field-trial-handle=1840,i,17354860178125346449,2680390056964182421,131072 /prefetch:1
  2⤵
  PID:6000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6808 --field-trial-handle=1840,i,17354860178125346449,2680390056964182421,131072 /prefetch:8
  2⤵
  PID:6084

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:652

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x524 0x528
1⤵
PID:5876

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\SwitchResolve.xsl
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:1056
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1056 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:5192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
867B

MD5
c5dfb849ca051355ee2dba1ac33eb028

SHA1
d69b561148f01c77c54578c10926df5b856976ad

SHA256
cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b

SHA512
88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
40KB

MD5
929729aa7cff46b3dad2f748a57af24c

SHA1
81aa5db7dd63c79e23ccd23bf2520ab994295f2e

SHA256
3c63e6c7fa25849799d08bf54988bfb3b77b1d1eebb1e55a94b64995850cba2f

SHA512
a10eaa6f2708b683bd43295b9c3da5840c0eb6d8a6b9e1922a534270fecbc0dcdb4cdcc28768df292a06f6210885b510254bdca17e5b3c507b0337fe7dc3d743

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
984B

MD5
31e8790b6285eb20b8f410a64a0de1dd

SHA1
f04b51abb743d515641082ffe4e94c8b7a304d9f

SHA256
bf3d2126d43ab33dbc29b15bfb8e2568b877d7c1b4ddb5ceef1797788befd48e

SHA512
a7b29830903450e0e609af5d8f8c5fc3441794165abc7a3b58728f1207afd6d306b08c23e85a7306b4be6b8f5b276b200448539ca2bac33c6a5898768b9cd4fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
478ade4034f5ea60315943391d8fa509

SHA1
511ef41b37ef4e129ae4c91e865703747cd7575d

SHA256
fcd1469e6e8dcbfc733fbc670b896580d011cd06f157dc5a22ade11a572ccf24

SHA512
ee0dc52b2ae0929bbbca7dae4d1fcdfeee8b9e0fc90cf5c8e4fbe48aed676b1e3836b795d3a0184435c27a23515ea7dee340de6330e4240e8e3b6f456a455161

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
af8ee6b4192b496301427be9f0d31240

SHA1
de9ddbd387dff01bb7c992c7331e19562a910e45

SHA256
a0f383b0d11e4cad101b83d9d0214260ce3121bdfbfc8ef8dbea6ec9c8b53ff9

SHA512
98f4c4616eefc7ffbdccbaf26d61392a76e58b57419583f61dfbe54c764231423c6c46f7f2a53eb75c5e001dc5b448584995936fbd805363e7fb044d379cea22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e707acf3046a39f6759ad240461f8e3e

SHA1
a8ebc46ecfde78ff5a1c8d67da2ba3369e3e4140

SHA256
a4faf1be246ad132ab61203403647e859c7210f88b5a24db097a606ca07b5d3b

SHA512
29603b2ad2237c27ac8b652d144dac2b7412e8d308517b5c33be53636fd6c89dcd700840f6a7c0cc44cc15aa3e28fde08e3b0e5daefb22c54e5f9b9e01d4bd81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
81c2c7f5f6b0728366c1a64a0ee8f60b

SHA1
38207a39b0e0aff7f43af1aed68c92c8ce567181

SHA256
63210da9a49a18871d31793266fb37ef670e4ba098fb6ad04b81d0935b67ce8e

SHA512
7fbcd6786b16a6b1b0c07e6b9cabeba233c92f069aaa7a744c95c3b1cc9ef710feb77c6fcf2adb7e6ff42ccfca60c06502c2d2905b9a3428d6c2e2458159a0d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
039f9371698bd038d5e1de8d05a8f56c

SHA1
9f86e037e366de441520ba2d8d52d206be5b7909

SHA256
fcef3a382b63894bdcaeb07234622ed96f1254b510e7c3d3b8b30188441296ad

SHA512
9cd7ca03924f01cae8c78ffe4a3b9efba2c415d1906b442019fd098563d54172175d31a7696e25e9695a6e506a59b89a68f18d235f937295f9c645cc7d532857

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
df3a614e58f5bafdb57ff7ec175e0e3e

SHA1
4e38b44d6590a110bcfdf81c4bf4d1ca4f50e66a

SHA256
9d495dfc3d9bc27ff5bda50b74e904a076d1516e0e12dfc584d307f20950b811

SHA512
be5c974c68c4a17dd497a3bd9bfaeabab38eca5ae1eb00ebc103d4a7e1bd83a19ca0d23881c914951dd6d0e91f2e743e12064a45c93d0c0077d631bf09951437

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
485a26949d3fe208dd49d077c8823d82

SHA1
2dfd372e0e89c7624b42fb8858b6fbeaf5bdb49e

SHA256
a3a7f36a9b252ea33e1d17e3f6993fcf8dc521708bd0d6257ff1dce3e4c6b34c

SHA512
9394719111d5de6b6961607cb8f496b24e748f70da0af1741e6ee85e297c60fac9f12ff4f1f2908a6d071eaf250163c6c4abd6da7552d06685ca79edb0ef0e6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\abb92f60-44d1-4a92-958a-0987a81c160f.tmp

Filesize
15KB

MD5
563a7f6deadb2b9b9271e2b830490cfd

SHA1
13cb1a41ebe4dcaabbe934ade36fca33d9b95451

SHA256
455314ec716c343302b26a6b3cb32c532fedefe72aa42736a5dc1f959d7965e7

SHA512
5a81cfe0e362bc0e64002d324f51bf01359e5424d2809fc56f1e6d689f8c223329296a77eb5ee790ca81a76e5b917633d9700b03c136aa6ace7db599ab36ed6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
224KB

MD5
2be5e6e93166a35d19535578b124eb57

SHA1
054827cd9b69469a59cc61342f0aaf581eef11d1

SHA256
62e5bb7e4456490396d54ddf58a64c23581bd252f735fc0f9b253cec8904e6e8

SHA512
dd35009127d409b32ccbe9c7fd2059fa5f9ef05910284e9488b13d20d14b07a1f7a2f80eb93d12aae3e051f901a2a25375c514b7462d51e3f1ee403f1fd15aa7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
224KB

MD5
c669857960f7ecc070b39b6dcfc4d756

SHA1
034c2dc1ce080870838963385bbb50b6e7e0b432

SHA256
de446606b04da12c1d724bc9e4d277a2059f6c7437f62050f52fb341682084b0

SHA512
6767a36724afb10017bd182aec2b1d9b0571efd02f1ae80ffa1eb8ad3fb16a297b0c448f026c399e779f9b6a2d80f4c014bfd9ae140bd3aaf8e535b3806768fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
224KB

MD5
7d55c36c80858c0d746aa6c105dc7015

SHA1
9a1ad68fccfe608e931f89d88f9684b3fe266187

SHA256
788f20a3995a15e929dd0602ef134f8ff63f2086393ba004c8838508b24f5aa5

SHA512
3427f226450d81c3c459cba051d0e313d120ea403808dd368d95cfccfafb6b549def72814775593ce097313bb1bf8f5ea8e0874bd2cc8fe63e16db504f57da37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\F0IUT3PN\suggestions[1].de-DE

Filesize
18KB

MD5
cc5361b5fdccfc6830217e2eb9972dd8

SHA1
e4a1206d9190eccea3e6a116c954d11da0aeba66

SHA256
afd57b0b6d8166e25bbef7cbc97522677c11c9a930fd4d4a204d1b7ae6258492

SHA512
ef63961bd7f0d3357d352a8f9c8ea57d0271e0fb664b1be179c38cd2d559bbaa4864f64f3521f26f868cc074f97994e2658c6d652021a39dc5207d45411691bc

Download Submit
memory/1520-0-0x000002AF7F8D0000-0x000002AF7F910000-memory.dmp

Filesize
256KB

Download
memory/1520-6-0x00007FFD53570000-0x00007FFD54031000-memory.dmp

Filesize
10.8MB

Download
memory/1520-4-0x000002AF7FF00000-0x000002AF80004000-memory.dmp

Filesize
1.0MB

Download
memory/1520-3-0x000002AF7FCB0000-0x000002AF7FCF2000-memory.dmp

Filesize
264KB

Download
memory/1520-2-0x000002AF019E0000-0x000002AF019F0000-memory.dmp

Filesize
64KB

Download
memory/1520-1-0x00007FFD53570000-0x00007FFD54031000-memory.dmp

Filesize
10.8MB

Download