agenttesla | e3c48ba70cb42a88e5ebe7e22a5c28ddf8993f9c5106d0ab7e38450229f374c6

Resubmissions

09-12-2023 18:06

231209-wpygbabde3 10

09-12-2023 18:02

231209-wmftgsbdd3 10

09-12-2023 16:59

231209-vhdb5abbd4 10

Analysis

max time kernel
65s
max time network
260s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
09-12-2023 18:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

plugmanxz.exe
Size

737KB
MD5

a0a98d41a45aaa6af1ad3d084218e1b7
SHA1

aaf63c99c9313bd7ee46b67f5bea4f35e967e1af
SHA256

e3c48ba70cb42a88e5ebe7e22a5c28ddf8993f9c5106d0ab7e38450229f374c6
SHA512

96542a1828b66845095f98fb62fb99975a507a89bcc487139045800c5bc1a05bedc337e3699a06887969319b6f8fb51e568d13e42c12815d6d0092b71367e495
SSDEEP

12288:qqc3+GCueH5qtq485C4yKsh8v7TxLnnpxm2WZfQ0l9CLVzev:q/uG2qg4R8v7TxLpwHt/Qg

Score

10^/10

agenttesla microsoft keylogger phishing spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.yandex.ru
Port:
587
Username:
[email protected]
Password:
YAWALESS123@@kkk
Email To:
[email protected]

Signatures

AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
keylogger trojan stealer spyware agenttesla

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Control Panel\International\Geo\Nation	Sysmon.exe

Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
20	api.ipify.org
21	api.ipify.org

Detected potential entity reuse from brand microsoft.
phishing microsoft

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1692 set thread context of 844	1692	plugmanxz.exe	44

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2344	chrome.exe
2344	chrome.exe
844	plugmanxz.exe
844	plugmanxz.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeDebugPrivilege	844	plugmanxz.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe

Suspicious use of FindShellTrayWindow 48 IoCs

pid	Process
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
844	plugmanxz.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2344 wrote to memory of 2364	2344	chrome.exe	29
PID 2344 wrote to memory of 2364	2344	chrome.exe	29
PID 2344 wrote to memory of 2364	2344	chrome.exe	29
PID 2344 wrote to memory of 2668	2344	chrome.exe	31
PID 2344 wrote to memory of 2668	2344	chrome.exe	31
PID 2344 wrote to memory of 2668	2344	chrome.exe	31
PID 2344 wrote to memory of 2668	2344	chrome.exe	31
PID 2344 wrote to memory of 2668	2344	chrome.exe	31
PID 2344 wrote to memory of 2668	2344	chrome.exe	31
PID 2344 wrote to memory of 2668	2344	chrome.exe	31
PID 2344 wrote to memory of 2668	2344	chrome.exe	31
PID 2344 wrote to memory of 2668	2344	chrome.exe	31
PID 2344 wrote to memory of 2668	2344	chrome.exe	31
PID 2344 wrote to memory of 2668	2344	chrome.exe	31
PID 2344 wrote to memory of 2668	2344	chrome.exe	31
PID 2344 wrote to memory of 2668	2344	chrome.exe	31
PID 2344 wrote to memory of 2668	2344	chrome.exe	31
PID 2344 wrote to memory of 2668	2344	chrome.exe	31
PID 2344 wrote to memory of 2668	2344	chrome.exe	31
PID 2344 wrote to memory of 2668	2344	chrome.exe	31
PID 2344 wrote to memory of 2668	2344	chrome.exe	31
PID 2344 wrote to memory of 2668	2344	chrome.exe	31
PID 2344 wrote to memory of 2668	2344	chrome.exe	31
PID 2344 wrote to memory of 2668	2344	chrome.exe	31
PID 2344 wrote to memory of 2668	2344	chrome.exe	31
PID 2344 wrote to memory of 2668	2344	chrome.exe	31
PID 2344 wrote to memory of 2668	2344	chrome.exe	31
PID 2344 wrote to memory of 2668	2344	chrome.exe	31
PID 2344 wrote to memory of 2668	2344	chrome.exe	31
PID 2344 wrote to memory of 2668	2344	chrome.exe	31
PID 2344 wrote to memory of 2668	2344	chrome.exe	31
PID 2344 wrote to memory of 2668	2344	chrome.exe	31
PID 2344 wrote to memory of 2668	2344	chrome.exe	31
PID 2344 wrote to memory of 2668	2344	chrome.exe	31
PID 2344 wrote to memory of 2668	2344	chrome.exe	31
PID 2344 wrote to memory of 2668	2344	chrome.exe	31
PID 2344 wrote to memory of 2668	2344	chrome.exe	31
PID 2344 wrote to memory of 2668	2344	chrome.exe	31
PID 2344 wrote to memory of 2668	2344	chrome.exe	31
PID 2344 wrote to memory of 2668	2344	chrome.exe	31
PID 2344 wrote to memory of 2668	2344	chrome.exe	31
PID 2344 wrote to memory of 2668	2344	chrome.exe	31
PID 2344 wrote to memory of 2660	2344	chrome.exe	32
PID 2344 wrote to memory of 2660	2344	chrome.exe	32
PID 2344 wrote to memory of 2660	2344	chrome.exe	32
PID 2344 wrote to memory of 2512	2344	chrome.exe	33
PID 2344 wrote to memory of 2512	2344	chrome.exe	33
PID 2344 wrote to memory of 2512	2344	chrome.exe	33
PID 2344 wrote to memory of 2512	2344	chrome.exe	33
PID 2344 wrote to memory of 2512	2344	chrome.exe	33
PID 2344 wrote to memory of 2512	2344	chrome.exe	33
PID 2344 wrote to memory of 2512	2344	chrome.exe	33
PID 2344 wrote to memory of 2512	2344	chrome.exe	33
PID 2344 wrote to memory of 2512	2344	chrome.exe	33
PID 2344 wrote to memory of 2512	2344	chrome.exe	33
PID 2344 wrote to memory of 2512	2344	chrome.exe	33
PID 2344 wrote to memory of 2512	2344	chrome.exe	33
PID 2344 wrote to memory of 2512	2344	chrome.exe	33
PID 2344 wrote to memory of 2512	2344	chrome.exe	33
PID 2344 wrote to memory of 2512	2344	chrome.exe	33
PID 2344 wrote to memory of 2512	2344	chrome.exe	33
PID 2344 wrote to memory of 2512	2344	chrome.exe	33
PID 2344 wrote to memory of 2512	2344	chrome.exe	33
PID 2344 wrote to memory of 2512	2344	chrome.exe	33

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\plugmanxz.exe
"C:\Users\Admin\AppData\Local\Temp\plugmanxz.exe"
1⤵
- Suspicious use of SetThreadContext
PID:1692
- C:\Users\Admin\AppData\Local\Temp\plugmanxz.exe
  "C:\Users\Admin\AppData\Local\Temp\plugmanxz.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6b49758,0x7fef6b49768,0x7fef6b49778
  2⤵
  PID:2364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1148 --field-trial-handle=1204,i,17228721440136014860,5381908335318993940,131072 /prefetch:2
  2⤵
  PID:2668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1204,i,17228721440136014860,5381908335318993940,131072 /prefetch:8
  2⤵
  PID:2660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1596 --field-trial-handle=1204,i,17228721440136014860,5381908335318993940,131072 /prefetch:8
  2⤵
  PID:2512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2316 --field-trial-handle=1204,i,17228721440136014860,5381908335318993940,131072 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2308 --field-trial-handle=1204,i,17228721440136014860,5381908335318993940,131072 /prefetch:1
  2⤵
  PID:2480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1472 --field-trial-handle=1204,i,17228721440136014860,5381908335318993940,131072 /prefetch:2
  2⤵
  PID:840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3228 --field-trial-handle=1204,i,17228721440136014860,5381908335318993940,131072 /prefetch:1
  2⤵
  PID:2156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3524 --field-trial-handle=1204,i,17228721440136014860,5381908335318993940,131072 /prefetch:8
  2⤵
  PID:1888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3636 --field-trial-handle=1204,i,17228721440136014860,5381908335318993940,131072 /prefetch:8
  2⤵
  PID:1884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3680 --field-trial-handle=1204,i,17228721440136014860,5381908335318993940,131072 /prefetch:8
  2⤵
  PID:1856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3772 --field-trial-handle=1204,i,17228721440136014860,5381908335318993940,131072 /prefetch:8
  2⤵
  PID:1676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3880 --field-trial-handle=1204,i,17228721440136014860,5381908335318993940,131072 /prefetch:8
  2⤵
  PID:1092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3888 --field-trial-handle=1204,i,17228721440136014860,5381908335318993940,131072 /prefetch:1
  2⤵
  PID:1756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2688 --field-trial-handle=1204,i,17228721440136014860,5381908335318993940,131072 /prefetch:1
  2⤵
  PID:1800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2684 --field-trial-handle=1204,i,17228721440136014860,5381908335318993940,131072 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2592 --field-trial-handle=1204,i,17228721440136014860,5381908335318993940,131072 /prefetch:8
  2⤵
  PID:2072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2308 --field-trial-handle=1204,i,17228721440136014860,5381908335318993940,131072 /prefetch:1
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3692 --field-trial-handle=1204,i,17228721440136014860,5381908335318993940,131072 /prefetch:1
  2⤵
  PID:2136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=796 --field-trial-handle=1204,i,17228721440136014860,5381908335318993940,131072 /prefetch:1
  2⤵
  PID:296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 --field-trial-handle=1204,i,17228721440136014860,5381908335318993940,131072 /prefetch:8
  2⤵
  PID:2080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1612 --field-trial-handle=1204,i,17228721440136014860,5381908335318993940,131072 /prefetch:8
  2⤵
  PID:2416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4076 --field-trial-handle=1204,i,17228721440136014860,5381908335318993940,131072 /prefetch:1
  2⤵
  PID:1096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1292 --field-trial-handle=1204,i,17228721440136014860,5381908335318993940,131072 /prefetch:8
  2⤵
  PID:1980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4004 --field-trial-handle=1204,i,17228721440136014860,5381908335318993940,131072 /prefetch:8
  2⤵
  PID:2480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=1692 --field-trial-handle=1204,i,17228721440136014860,5381908335318993940,131072 /prefetch:1
  2⤵
  PID:1448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=3344 --field-trial-handle=1204,i,17228721440136014860,5381908335318993940,131072 /prefetch:1
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=2816 --field-trial-handle=1204,i,17228721440136014860,5381908335318993940,131072 /prefetch:1
  2⤵
  PID:2996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=2676 --field-trial-handle=1204,i,17228721440136014860,5381908335318993940,131072 /prefetch:1
  2⤵
  PID:2412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=2688 --field-trial-handle=1204,i,17228721440136014860,5381908335318993940,131072 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1300 --field-trial-handle=1204,i,17228721440136014860,5381908335318993940,131072 /prefetch:8
  2⤵
  PID:580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=3512 --field-trial-handle=1204,i,17228721440136014860,5381908335318993940,131072 /prefetch:1
  2⤵
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4100 --field-trial-handle=1204,i,17228721440136014860,5381908335318993940,131072 /prefetch:8
  2⤵
  PID:1812

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:572

C:\Users\Admin\Downloads\Sysmon\Sysmon.exe
"C:\Users\Admin\Downloads\Sysmon\Sysmon.exe"
1⤵
PID:2920
- C:\Users\Admin\AppData\Local\Temp\Sysmon.exe
  "C:\Users\Admin\Downloads\Sysmon\Sysmon.exe"
  2⤵
  - Checks computer location settings
  PID:2136

C:\Users\Admin\Downloads\ProcessMonitor\Procmon.exe
"C:\Users\Admin\Downloads\ProcessMonitor\Procmon.exe"
1⤵
PID:896
- C:\Users\Admin\AppData\Local\Temp\Procmon64.exe
  "C:\Users\Admin\AppData\Local\Temp\Procmon64.exe" /originalpath "C:\Users\Admin\Downloads\ProcessMonitor\Procmon.exe"
  2⤵
  PID:2260

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe"
1⤵
PID:1348

C:\Users\Admin\Downloads\ProcessMonitor\Procmon.exe
"C:\Users\Admin\Downloads\ProcessMonitor\Procmon.exe"
1⤵
PID:2564
- C:\Users\Admin\AppData\Local\Temp\Procmon64.exe
  "C:\Users\Admin\AppData\Local\Temp\Procmon64.exe" /originalpath "C:\Users\Admin\Downloads\ProcessMonitor\Procmon.exe"
  2⤵
  PID:2252

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\credentials mozilla thunderbird.txt
1⤵
PID:1968

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\credentials mozilla thunderbird.txt
1⤵
PID:1712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
313KB

MD5
9ec973ed7afdaa4a0251d0d46ac36a4f

SHA1
e4e7fe4ba8daa95a94ecb68b062d591b3e3abf74

SHA256
a8498921172a41268e57cc61f95d415cec254565491b7bcee081eb4bf9914251

SHA512
32842392db118e921c4c366da8485c2dbce6dc2ea928cac0add3841eadceb018248a8b0505a0f78effb64d087649628031887d690f32d1b9006aa5ce6f903698

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
121KB

MD5
c0aac6a19e7681896754f82237618ba8

SHA1
937631f77a65b8c7b05a8b92d5e8e2080743eed9

SHA256
8fbb3f1ace2baca720450f1c6f04ca26a5caa2a78af477d08bc10db2febc2fa1

SHA512
a12a7e2cc5c77ff1232ad24212830b9a1fdb7d9d4427ea9a7812f919a2b213c9ed70fc8c08e78cbfd86d58ecc9484efc2986d82781a57e79e116e5056d224e08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
74KB

MD5
e676591aa6d49e353ba2a5dd4160b764

SHA1
fed74aef17aa9019a0f508494cdbe646f9346309

SHA256
5e6ca1ecd42ff858d6037fe9957e99545ffada96cb8a6b5bfb194fce0def30ce

SHA512
cf1b61b2a697274a4b85fccf424bc2d7ae46887757f23f4b1a3f24959d0e8c291a1f794f2aa53aafdb6181d9a8f725099a1113f05ecc192dac110ee0948fe26c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
40KB

MD5
929729aa7cff46b3dad2f748a57af24c

SHA1
81aa5db7dd63c79e23ccd23bf2520ab994295f2e

SHA256
3c63e6c7fa25849799d08bf54988bfb3b77b1d1eebb1e55a94b64995850cba2f

SHA512
a10eaa6f2708b683bd43295b9c3da5840c0eb6d8a6b9e1922a534270fecbc0dcdb4cdcc28768df292a06f6210885b510254bdca17e5b3c507b0337fe7dc3d743

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
66KB

MD5
5431d9fa6f11bd740b48616f1e0fc6c3

SHA1
05ac4b33823595c9c600f4f85165c2c3335b99cb

SHA256
12cf33e4f3c42c446523c5860372ba3bfadf8c291b71813e5eec89cfee81da10

SHA512
4177929cea184461e484f97f9cd887eb46af48574274a671bd47c99b2a507c1494aa2feca10707f10e5a5a37cfee9df236e6f1dca51e865f8714a54e5d111703

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
47KB

MD5
5fb3e6d2ecf7f8c2bed26491550a6b60

SHA1
e796db0e6abe9940c5c59a549fcbe5dfa309489e

SHA256
48cc84b7eb07dd77d54f25a803a2ce0ca580a4531395904202cd0d9cc56c7a63

SHA512
401e0b4c86664a41e2fc65b7f53bf4cf00982cabfd2ec1871e61c8d0c80a580f6a10327c67757d770a7eddb09943364ca2a2b4cddbe50ee84e5ba53e5f9d98d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
16KB

MD5
56ffa20d8be25af9a788aa0a7c6e3b11

SHA1
9da639309c198fd54538796d1412391dc11c833f

SHA256
6e0252f4fb4d11e8deaf92b83d392efb54dfb9bc160aa7179f09163843e10e02

SHA512
7bfb1e73736abf78ad3acfeecda138587b768dc5b312bfc64f05d4ca4bf6f922e656f42023b2cdd9896cdb9271b1cb83f249f7bd7f07c0bf1d495e4e9b82f1b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
96KB

MD5
f6ed0ae6d2ddbffcb7cd906ad6ca5ce8

SHA1
dd6496a07f1f32b6532440bbf778fa0398658606

SHA256
8c2f8beffaa1c0495d6377bb3a796820137a5bb969ad26e37102687ffc510a23

SHA512
f50c83cef7fc86eb100deda91dbe6901979880af17586b1e34f4b9d8327b2484406fdaa2d35adb4360ca45efd03a511123f4fd7d00f02d4f55151d8ddf26ddd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
767KB

MD5
0dc95db9ad4e6c7cbe33fc88984d267f

SHA1
30c731d7b6cf0452626719564859dc4f780b892e

SHA256
44547997e5f94efdabcc53bd513058795a83605a2c59b6dd4ffb957e2f492f38

SHA512
c1fe218151ffe5b9b30bf8fed5b8350dfec225a0a7bbd6775fffbfc3b49095fa8889d6461a81a6f857b601f45390891a7b88dc845b82c40fecc05546853d050a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
32KB

MD5
3a2c5435969f7222c4984ce8122cfed3

SHA1
37723c39f2499e2803a45658154a9f3b5e4abd95

SHA256
c74e25d5b1fd8b1fc24abdc3862059b0c7122a52d71e054eb90482efab259a23

SHA512
010f570e1d564c9adfd85bcd9e325143c4e27bb65ddc38108d783ff9fb61b4ef84a240ffc4b342806c1273fd251fb6e7a915fd1b101f58327f43e62c7b2638b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
4.6MB

MD5
69f0dd7205d177f2239da8c4bed29ce5

SHA1
4a7dc861805927e4cf7a8fa347446a1a39b546fe

SHA256
2582f5823c2dce5ca80e43ed4e52708aa87f39a022c1740ef05663329ad4bb06

SHA512
7d750dfbfee769aa27947477cb4d0db73f14a0a865b7d81072d29209ce8d0716a9778296d253b3ba0085766a2ebc3932704feeb2c37ed4584d591266c84692d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
117KB

MD5
69c849eb84ddd29a7842a27c3b67fdfc

SHA1
85518084951b4d62f478a889944072784281236a

SHA256
e170fbf4cdf0000607a4608566c4e5dc5cac2c8e62a50e1de3fcbfb0f9d3abae

SHA512
f32aba4f112125dcbd695c26ede3107fbb4b757d27f05a176a8ed5b09c741e2a72a550286f0fc9dd12eefc130ed2ef412dbf25cf50ba2495b12ff872c8609fc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
494KB

MD5
1c34753654a22fb33ba34c74d9f43b65

SHA1
d3f9799d09ddbe62bc429a255e31e29ee79cd9b5

SHA256
3bf1a272ba20db848584c7845eaec61f2daa727d5f47befa1af9daf411e6369d

SHA512
1a47b4b271c2100469bba7b3e6579f9ceb6a6f9db451b24a51bf358eb1985029d3849f1477ad620536169d6887967f034a24b55b65b9bf1d405a0c98ecf270b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
197KB

MD5
9a3e6c963c8ce9c2a41c02d0fba68018

SHA1
4fbe41e110f0e27746977ef20042a3b3135b6e2b

SHA256
a2e0f08329c5b2f249c845f4d00f92de1554edcabf99f966eb06acd9b06feecc

SHA512
571eeb5b0429b1c0607bad91c10fde5254d0da3b0ffeb531bbcece2ccadf87febe768cacbb14b6a3a5df25268c6e79cf0e147fe48f8159da09a7a903bd4c77b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

Filesize
3.3MB

MD5
3ef2eedf8139b1f51d9561fd8f9fee9a

SHA1
e6769c1ec6d7367a450e304d554470bb0413900f

SHA256
b556dcac41dc01f7310936fbd57d202eaecd00ff580398957b7125fd404728ae

SHA512
4b1479914fdcddc94846ab6cde66976a61a04f8475e59970cb24b5583c40997d9f19eba81016ef69297d87779bb333b9f6d34357b9fdbfdb39448a1a85b36f00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
7a71aa8c2a314f0bbe46c6ea673fa5b8

SHA1
ba19127ab3be6be4e56aab86aa0c8dd97038862c

SHA256
5a358db1e9522931c4ab30d5ee03a17a5a6ea0a23fb7566fa164d244942d3fb4

SHA512
3fcaf9ef32b1f36484d54b9f409d56b2174dda69ad12cf7e9beb528cdb0e3fb7ad39ca0a30f78f38946911a274c3491e494297cb785200d34dea02c4d717351e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000004.dbtmp

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf76e58e.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
8c9445cdad56f0d8c64c35160377c9bc

SHA1
b913cd2c781c4abbcd7c18270a0c306fa554488a

SHA256
1e0cd3f21308bc30d71ce1508f1365c197cda98b9b06162d99fa070bdf8a6bb0

SHA512
a8a9cc43d8f540d6b8ed97d24f0b080c0157422d3ed840718d8844e96953c3f8dcc4dad43318368d261f7fda94fd2f116609a9a8a643cf64dff97c291552150b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
5b6b9b6708006405790fe88b98324230

SHA1
1ee955b2c1884ea6f60f164b89ece48094a71dc7

SHA256
9e15add0fa35feaa8e7eec829efa0fde79298d42e02eac9a02a10c8176facf8f

SHA512
fdc889993456262ba1ada2743fec3f47cd3bc6823ac5ed3411b896e1971e3a100f9c4ce3399be050efd8bb73a4aedce64cd4bbecdb18555d82f802b2021395fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
44edcf9008793bb5d0108c38b9a708a2

SHA1
2906ea543652e449fa48ea98f0df212e9817672c

SHA256
aabcb7e27c9a4be88d3df9d12bd278a2d2fa794d45b16a4bd052acee1dfda537

SHA512
0a210a0d284491b5eb1f5624e27843520246745a8474d32ab7732521c102d78bef95f9eb467612a8f0b0adae00ca9bfb5087883e7f98f517468d7c06a71541bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
527B

MD5
172fa1e062ec85a29689f54c777bbfc0

SHA1
645a62eb71ecafb2f0f9004a6cec0a8f9de3dff4

SHA256
81ff919a4b2319b695a746170d429322b9bd4c6fd854e7aee82db9eac223604b

SHA512
69dcb343e21eaa2f9f9be9bbde68f01837287f46fd9380b1558b92edf19233749448429c864f45dd5832cf601a035742697f5098afcad49a0b7469c6788645b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
527B

MD5
d3cc344782729753b69ac110f7ec3846

SHA1
1fe2d29581885f70073da6b0db45b87bf3aad845

SHA256
4d87f40ae39b302db585a069c2c79ab840b1c9643067d04fc9cde79279cc51f6

SHA512
9a5509fde75d8e02a98c8accec7f25fd2b46ef59b916f27c8faae41b580245d195e7a8d0217cd4e1fc2f9c2d2ac9a84a6ed2b405c74f68dfc8ca047f1414c531

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3849f9e2bc85cf7db396f41733746d28

SHA1
8ea635c37dd6d20e889c793200bc8f47b3990fea

SHA256
237958ed97e2b78d1cf9589dc715a9f2660021a56b6d190682d80cb5c867a081

SHA512
5d325fcc5bb1f3eb17a564d8be4f070f8f94a35821415be514aeb3f013338a33c7c432d7bce3130168c6e758180754e60671b13591dc2b4c59e65e29647d17df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
78efe08c1ef526be692813b9e5e7c4b1

SHA1
bba26c1fea97c340658111b74749e2a854e9de63

SHA256
828dff4c4427b14fea48990f18309262bb1cb539de114612f58813218e9b22e6

SHA512
9cfda3f02186909d5b1271b734c775518be066d04b8db7852e8c574967aa864398e08249bc11024cd36d40d43f111cd517b76ccb56335838d33da8041a5bf919

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
68ce59c21b45bcda424a5f6223d1ec6d

SHA1
9d1ee2ebbf50c9d22e0f2e9a76e14bd63e7c8a84

SHA256
a499bbafb6212ca9e8c6f53b9355874153834b1947da5cb13364f60caca6ed35

SHA512
1fdc7a070b159747124bad60c91208af1e16815bcf0e1c44c04864976524bc45e6c641c6d487cb76019d55f08392b85ee2c8044012484ae123675ebb18ef0e94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a46b141a0bac22a2e46d3a22b2a69c72

SHA1
44870bd23d008d569b4e85425ac21593228bb2d5

SHA256
38914c268a3b3028e469c77affa6b8dd2d2a8aee980adf5c898c553ea34de07b

SHA512
64712dc5d3f7633ceb6d7bd14a00327745e269f8a1517a3ea72458ef00168bce60c268c1240136d206c420c87edfb7880cf0bb4f392a0b6ca2a7d98a587637bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
2e2d8ad833c587747d32a2365cc47335

SHA1
d158d70263d97a3bb3de85f918e055636d6cb342

SHA256
a42acc2457e2f4741d43ffa5483a226caaf8aa42fbb72a6a88f898a5fa5662e7

SHA512
205ced7c46b4a188b10c421973ec4b06244a297065fe95c2ef9f89748062e4900a7cd38ebbebee2705d41f6b0f02685d0c9871c90c25eec03f7dd98b722d991c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e414e670bbdff76dbbc744d98fb44d7a

SHA1
75ea428e0566dc98d4707e0f3591eafe7dc6ff8a

SHA256
511e49b0b393c044f53c1899c72847105e1345962694ed8931322444806cc8cb

SHA512
e6be8af03783bb93da1c8407bcac1f2ab89fa1e6cb521469b2d310f982348d5c170ba76e6ee5a0c1493c3cbd51f6a7e3ced63ffee4fc07f89a25da751c61851e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
2758b11fda42e15218c085a8ce060594

SHA1
8df0745025e902001945978ecc8abc190dfc3fae

SHA256
891459ede9ce05bbd1d8f2e344a13f499351f60c2528756e902ba99f6851b308

SHA512
ec4a641234e5634365c9b2330942951f02385d658baec6ce49dbb48806a8894413a05f2436d5c7d3224ecffd16f19257ca9b151aa01e629d846d626bef26d6dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
adb0d2331acfa89ad777b54abab3e004

SHA1
3c69757f73981399ed014190fe82da193d006f9f

SHA256
5c6808da09af4be8558a8a4c91aab9cd2052b37a670c78d6466fa3ed7d074423

SHA512
e925fb25309350cbb099d9ab3363d85fbdbe8cde684ac9e216bc7595caacd29da500c47e817ce089254df6ca7320eb554d07441d13d570692030058a9e1dc315

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
93fdfba5eecec260cb6644ab51f5f9f9

SHA1
c10cadcc070739cfddc5a8db51157ee94b9d436d

SHA256
1f10695da97b1366b270ec7f46787eff9efd9664bffb491eb20497f3aee64075

SHA512
58c74d4a2cb333011a58fd44ac1209c4dc21723415ece4dab89a566e58dd0f13557ddc5a3e052aa4386d6db30fe6d0845fe3c2f5b85ead2ec9389e80eda90642

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\bec83980-2da5-4043-a688-5f811be5852b.tmp

Filesize
6KB

MD5
215ad9ffa189a7937d40559720710606

SHA1
4d1c9aa153a2cfa6c297b1d20a28a935eedaf19f

SHA256
fd09a6ebd0154f5000104589d78a669f519b4c2325e34e4e844c581af0dbf198

SHA512
5ea5fc38fbda024bd6ff3a0291db292a96d695b350b67845fa15d536fb9081ed39f1582dfb4a3914c4f2a184883344a953c00f4ded6f4407d87a9ce3229059ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
82KB

MD5
4464fa8004979b479022ba157a95b30e

SHA1
d5bab48bb77171b0a7d541407130adfcd9c296d2

SHA256
27b5c5cba24a7208bb7bdc59a3cdd829f1f45d144a42714751c7ab770d1ebed3

SHA512
47847f3915a8c9b3777ab879e1140cfa0a8fdbb8ae1a2e3097c47ed8942baf387d5ac76fc719d120e4c89e2c3f9f878193313c31cdc3fe51087384e3d72afb3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
75KB

MD5
27da6e246b0f1d41c647ca1df28cf502

SHA1
71627772d2e0fdf3becd3f79f35e8d9cd35f5adb

SHA256
92b8386bc9bf9f04fff80d86c2bf954e7df8b320124d1f0fc3887d332fbe499c

SHA512
fc6088270bd6fde5b1f48749362563cf785a22c4cdd774548c146c5aadd3c177832bf60cc610c96a355b214fc8ed4a0756bd8c7a2e59f3109f7a2a821d54bf0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabE6C8.tmp

Filesize
61KB

MD5
f3441b8572aae8801c04f3060b550443

SHA1
4ef0a35436125d6821831ef36c28ffaf196cda15

SHA256
6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

SHA512
5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Procmon64.exe

Filesize
2.6MB

MD5
6b3a6712990ed09dd166c281ec7bee30

SHA1
8a85f03252d045009ce0b90adaac537e17f89167

SHA256
a1b8c40f6da56961081dfee34a252fc667d22c7a22f30269d51f3f409111e787

SHA512
d1baa1f83ab6fc37d939d8db74ba825507e53dc9fc0fa07c5957fccdabc05cc50f66e0db85b54478805e5aef9e1a8f14b262a4b68f43c8a8b62a089dc7be6a44

Download Submit
C:\Users\Admin\AppData\Local\Temp\Procmon64.exe

Filesize
2.6MB

MD5
6b3a6712990ed09dd166c281ec7bee30

SHA1
8a85f03252d045009ce0b90adaac537e17f89167

SHA256
a1b8c40f6da56961081dfee34a252fc667d22c7a22f30269d51f3f409111e787

SHA512
d1baa1f83ab6fc37d939d8db74ba825507e53dc9fc0fa07c5957fccdabc05cc50f66e0db85b54478805e5aef9e1a8f14b262a4b68f43c8a8b62a089dc7be6a44

Download Submit
C:\Users\Admin\AppData\Local\Temp\Procmon64.exe

Filesize
2.6MB

MD5
6b3a6712990ed09dd166c281ec7bee30

SHA1
8a85f03252d045009ce0b90adaac537e17f89167

SHA256
a1b8c40f6da56961081dfee34a252fc667d22c7a22f30269d51f3f409111e787

SHA512
d1baa1f83ab6fc37d939d8db74ba825507e53dc9fc0fa07c5957fccdabc05cc50f66e0db85b54478805e5aef9e1a8f14b262a4b68f43c8a8b62a089dc7be6a44

Download Submit
C:\Users\Admin\AppData\Local\Temp\Procmon64.exe

Filesize
2.6MB

MD5
6b3a6712990ed09dd166c281ec7bee30

SHA1
8a85f03252d045009ce0b90adaac537e17f89167

SHA256
a1b8c40f6da56961081dfee34a252fc667d22c7a22f30269d51f3f409111e787

SHA512
d1baa1f83ab6fc37d939d8db74ba825507e53dc9fc0fa07c5957fccdabc05cc50f66e0db85b54478805e5aef9e1a8f14b262a4b68f43c8a8b62a089dc7be6a44

Download Submit
C:\Users\Admin\AppData\Local\Temp\Sysmon.exe

Filesize
4.3MB

MD5
41677d7aa71ef596be07ca0c25fbf094

SHA1
0471774b6b783ca524fa5ecc32c95585b6fd4bf9

SHA256
a568b18a16e52c91cf6ad908e46970f657786386d867e8db79563b025522e339

SHA512
7f62f334dbbd3aae34912c5fd8605b2004332261d7798f51f9123d5f28bef4bd1d326586840da0c4dbea21417bdaad06585c2b75919e35e80ad5a5f2baed6800

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarEA29.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\Desktop\credentials mozilla thunderbird.txt

Filesize
31B

MD5
eb7e456812e49c77269cd599bfd2caf9

SHA1
64ccfe95b1d327cb44894d28342feeba8a861cea

SHA256
0b26085f559ff37b31636b0125d5c1ee0e7dd27751c3aa9a57db670d034e10ec

SHA512
1318c6526a9106ec1391d80b6a591e1ad5399db58f9798ca2951d83cdb1bdc3b26a4102fe734fa0a1d5ffd0b3d8fc0f61c16d2ed4e048e5b04e939a5877aed41

Download Submit
\Users\Admin\AppData\Local\Temp\Procmon64.exe

Filesize
2.6MB

MD5
6b3a6712990ed09dd166c281ec7bee30

SHA1
8a85f03252d045009ce0b90adaac537e17f89167

SHA256
a1b8c40f6da56961081dfee34a252fc667d22c7a22f30269d51f3f409111e787

SHA512
d1baa1f83ab6fc37d939d8db74ba825507e53dc9fc0fa07c5957fccdabc05cc50f66e0db85b54478805e5aef9e1a8f14b262a4b68f43c8a8b62a089dc7be6a44

Download Submit
\Users\Admin\AppData\Local\Temp\Procmon64.exe

Filesize
2.6MB

MD5
6b3a6712990ed09dd166c281ec7bee30

SHA1
8a85f03252d045009ce0b90adaac537e17f89167

SHA256
a1b8c40f6da56961081dfee34a252fc667d22c7a22f30269d51f3f409111e787

SHA512
d1baa1f83ab6fc37d939d8db74ba825507e53dc9fc0fa07c5957fccdabc05cc50f66e0db85b54478805e5aef9e1a8f14b262a4b68f43c8a8b62a089dc7be6a44

Download Submit
\Users\Admin\AppData\Local\Temp\Procmon64.exe

Filesize
2.6MB

MD5
6b3a6712990ed09dd166c281ec7bee30

SHA1
8a85f03252d045009ce0b90adaac537e17f89167

SHA256
a1b8c40f6da56961081dfee34a252fc667d22c7a22f30269d51f3f409111e787

SHA512
d1baa1f83ab6fc37d939d8db74ba825507e53dc9fc0fa07c5957fccdabc05cc50f66e0db85b54478805e5aef9e1a8f14b262a4b68f43c8a8b62a089dc7be6a44

Download Submit
\Users\Admin\AppData\Local\Temp\Procmon64.exe

Filesize
2.6MB

MD5
6b3a6712990ed09dd166c281ec7bee30

SHA1
8a85f03252d045009ce0b90adaac537e17f89167

SHA256
a1b8c40f6da56961081dfee34a252fc667d22c7a22f30269d51f3f409111e787

SHA512
d1baa1f83ab6fc37d939d8db74ba825507e53dc9fc0fa07c5957fccdabc05cc50f66e0db85b54478805e5aef9e1a8f14b262a4b68f43c8a8b62a089dc7be6a44

Download Submit
\Users\Admin\AppData\Local\Temp\Procmon64.exe

Filesize
2.6MB

MD5
6b3a6712990ed09dd166c281ec7bee30

SHA1
8a85f03252d045009ce0b90adaac537e17f89167

SHA256
a1b8c40f6da56961081dfee34a252fc667d22c7a22f30269d51f3f409111e787

SHA512
d1baa1f83ab6fc37d939d8db74ba825507e53dc9fc0fa07c5957fccdabc05cc50f66e0db85b54478805e5aef9e1a8f14b262a4b68f43c8a8b62a089dc7be6a44

Download Submit
\Users\Admin\AppData\Local\Temp\Sysmon.exe

Filesize
4.3MB

MD5
41677d7aa71ef596be07ca0c25fbf094

SHA1
0471774b6b783ca524fa5ecc32c95585b6fd4bf9

SHA256
a568b18a16e52c91cf6ad908e46970f657786386d867e8db79563b025522e339

SHA512
7f62f334dbbd3aae34912c5fd8605b2004332261d7798f51f9123d5f28bef4bd1d326586840da0c4dbea21417bdaad06585c2b75919e35e80ad5a5f2baed6800

Download Submit
memory/844-113-0x00000000744F0000-0x0000000074BDE000-memory.dmp

Filesize
6.9MB

Download
memory/844-99-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/844-110-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/844-106-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/844-104-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/844-102-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/844-100-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/844-116-0x0000000000E60000-0x0000000000EA0000-memory.dmp

Filesize
256KB

Download
memory/844-97-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/844-95-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/844-159-0x00000000744F0000-0x0000000074BDE000-memory.dmp

Filesize
6.9MB

Download
memory/844-170-0x0000000000E60000-0x0000000000EA0000-memory.dmp

Filesize
256KB

Download
memory/1348-906-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1348-905-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1348-904-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1348-907-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1692-93-0x00000000004E0000-0x00000000004EA000-memory.dmp

Filesize
40KB

Download
memory/1692-91-0x00000000744F0000-0x0000000074BDE000-memory.dmp

Filesize
6.9MB

Download
memory/1692-1-0x00000000744F0000-0x0000000074BDE000-memory.dmp

Filesize
6.9MB

Download
memory/1692-2-0x0000000005090000-0x00000000050D0000-memory.dmp

Filesize
256KB

Download
memory/1692-3-0x0000000000460000-0x000000000047A000-memory.dmp

Filesize
104KB

Download
memory/1692-114-0x00000000744F0000-0x0000000074BDE000-memory.dmp

Filesize
6.9MB

Download
memory/1692-0-0x00000000013C0000-0x000000000147E000-memory.dmp

Filesize
760KB

Download
memory/1692-92-0x00000000004C0000-0x00000000004C8000-memory.dmp

Filesize
32KB

Download
memory/1692-112-0x0000000005090000-0x00000000050D0000-memory.dmp

Filesize
256KB

Download
memory/1692-94-0x00000000053D0000-0x000000000544A000-memory.dmp

Filesize
488KB

Download
memory/2252-925-0x00000000370B0000-0x00000000370C0000-memory.dmp

Filesize
64KB

Download
memory/2252-926-0x0000000000100000-0x0000000000101000-memory.dmp

Filesize
4KB

Download
memory/2252-924-0x000007FEBD170000-0x000007FEBD180000-memory.dmp

Filesize
64KB

Download
memory/2260-896-0x00000000370B0000-0x00000000370C0000-memory.dmp

Filesize
64KB

Download
memory/2260-895-0x000007FEBD170000-0x000007FEBD180000-memory.dmp

Filesize
64KB

Download
memory/2260-897-0x0000000000300000-0x0000000000301000-memory.dmp

Filesize
4KB

Download
memory/2260-900-0x0000000000300000-0x0000000000301000-memory.dmp

Filesize
4KB

Download