umbral | hxxps://pixeldrain[.]com/u/7bKL5P7X

Analysis

max time kernel
1799s
max time network
1795s
platform
windows10-1703_x64
resource
win10-20231215-en
resource tags

arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system
submitted
14-02-2024 12:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://pixeldrain.com/u/7bKL5P7X

Score

10^/10

umbral spyware stealer

Malware Config

Signatures

Detect Umbral payload 2 IoCs

resource	yara_rule
behavioral1/files/0x000700000001ac04-33.dat	family_umbral
behavioral1/memory/4820-61-0x000001CBE1E80000-0x000001CBE1EC0000-memory.dmp	family_umbral

Umbral
Umbral stealer is an opensource moduler stealer written in C#.
stealer umbral
Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
4820	Umbral.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
26	discord.com
27	discord.com

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
23	ip-api.com

Detects videocard installed 1 TTPs 1 IoCs

Uses WMIC.exe to determine videocard installed.

System Information Discovery

T1082

pid	Process
3728	wmic.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133523861405228956"	chrome.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
1632	PING.EXE

Suspicious behavior: EnumeratesProcesses 24 IoCs

pid	Process
4436	chrome.exe
4436	chrome.exe
4176	powershell.exe
4176	powershell.exe
4176	powershell.exe
4176	powershell.exe
2552	Conhost.exe
2552	Conhost.exe
2552	Conhost.exe
2552	Conhost.exe
8	powershell.exe
8	powershell.exe
8	powershell.exe
8	powershell.exe
3532	powershell.exe
3532	powershell.exe
3532	powershell.exe
3532	powershell.exe
4148	powershell.exe
4148	powershell.exe
4148	powershell.exe
4148	powershell.exe
1236	chrome.exe
1236	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4436	chrome.exe
4436	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4436	chrome.exe
Token: SeCreatePagefilePrivilege	4436	chrome.exe
Token: SeShutdownPrivilege	4436	chrome.exe
Token: SeCreatePagefilePrivilege	4436	chrome.exe
Token: SeShutdownPrivilege	4436	chrome.exe
Token: SeCreatePagefilePrivilege	4436	chrome.exe
Token: SeShutdownPrivilege	4436	chrome.exe
Token: SeCreatePagefilePrivilege	4436	chrome.exe
Token: SeShutdownPrivilege	4436	chrome.exe
Token: SeCreatePagefilePrivilege	4436	chrome.exe
Token: SeShutdownPrivilege	4436	chrome.exe
Token: SeCreatePagefilePrivilege	4436	chrome.exe
Token: SeDebugPrivilege	4820	Umbral.exe
Token: SeShutdownPrivilege	4436	chrome.exe
Token: SeCreatePagefilePrivilege	4436	chrome.exe
Token: SeDebugPrivilege	4176	powershell.exe
Token: SeShutdownPrivilege	4436	chrome.exe
Token: SeCreatePagefilePrivilege	4436	chrome.exe
Token: SeIncreaseQuotaPrivilege	4176	powershell.exe
Token: SeSecurityPrivilege	4176	powershell.exe
Token: SeTakeOwnershipPrivilege	4176	powershell.exe
Token: SeLoadDriverPrivilege	4176	powershell.exe
Token: SeSystemProfilePrivilege	4176	powershell.exe
Token: SeSystemtimePrivilege	4176	powershell.exe
Token: SeProfSingleProcessPrivilege	4176	powershell.exe
Token: SeIncBasePriorityPrivilege	4176	powershell.exe
Token: SeCreatePagefilePrivilege	4176	powershell.exe
Token: SeBackupPrivilege	4176	powershell.exe
Token: SeRestorePrivilege	4176	powershell.exe
Token: SeShutdownPrivilege	4176	powershell.exe
Token: SeDebugPrivilege	4176	powershell.exe
Token: SeSystemEnvironmentPrivilege	4176	powershell.exe
Token: SeRemoteShutdownPrivilege	4176	powershell.exe
Token: SeUndockPrivilege	4176	powershell.exe
Token: SeManageVolumePrivilege	4176	powershell.exe
Token: 33	4176	powershell.exe
Token: 34	4176	powershell.exe
Token: 35	4176	powershell.exe
Token: 36	4176	powershell.exe
Token: SeShutdownPrivilege	4436	chrome.exe
Token: SeCreatePagefilePrivilege	4436	chrome.exe
Token: SeDebugPrivilege	2552	Conhost.exe
Token: SeShutdownPrivilege	4436	chrome.exe
Token: SeCreatePagefilePrivilege	4436	chrome.exe
Token: SeDebugPrivilege	8	powershell.exe
Token: SeShutdownPrivilege	4436	chrome.exe
Token: SeCreatePagefilePrivilege	4436	chrome.exe
Token: SeDebugPrivilege	3532	powershell.exe
Token: SeShutdownPrivilege	4436	chrome.exe
Token: SeCreatePagefilePrivilege	4436	chrome.exe
Token: SeShutdownPrivilege	4436	chrome.exe
Token: SeCreatePagefilePrivilege	4436	chrome.exe
Token: SeIncreaseQuotaPrivilege	3404	wmic.exe
Token: SeSecurityPrivilege	3404	wmic.exe
Token: SeTakeOwnershipPrivilege	3404	wmic.exe
Token: SeLoadDriverPrivilege	3404	wmic.exe
Token: SeSystemProfilePrivilege	3404	wmic.exe
Token: SeSystemtimePrivilege	3404	wmic.exe
Token: SeProfSingleProcessPrivilege	3404	wmic.exe
Token: SeIncBasePriorityPrivilege	3404	wmic.exe
Token: SeCreatePagefilePrivilege	3404	wmic.exe
Token: SeBackupPrivilege	3404	wmic.exe
Token: SeRestorePrivilege	3404	wmic.exe
Token: SeShutdownPrivilege	3404	wmic.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4436 wrote to memory of 1912	4436	chrome.exe	70
PID 4436 wrote to memory of 1912	4436	chrome.exe	70
PID 4436 wrote to memory of 1132	4436	chrome.exe	77
PID 4436 wrote to memory of 1132	4436	chrome.exe	77
PID 4436 wrote to memory of 1132	4436	chrome.exe	77
PID 4436 wrote to memory of 1132	4436	chrome.exe	77
PID 4436 wrote to memory of 1132	4436	chrome.exe	77
PID 4436 wrote to memory of 1132	4436	chrome.exe	77
PID 4436 wrote to memory of 1132	4436	chrome.exe	77
PID 4436 wrote to memory of 1132	4436	chrome.exe	77
PID 4436 wrote to memory of 1132	4436	chrome.exe	77
PID 4436 wrote to memory of 1132	4436	chrome.exe	77
PID 4436 wrote to memory of 1132	4436	chrome.exe	77
PID 4436 wrote to memory of 1132	4436	chrome.exe	77
PID 4436 wrote to memory of 1132	4436	chrome.exe	77
PID 4436 wrote to memory of 1132	4436	chrome.exe	77
PID 4436 wrote to memory of 1132	4436	chrome.exe	77
PID 4436 wrote to memory of 1132	4436	chrome.exe	77
PID 4436 wrote to memory of 1132	4436	chrome.exe	77
PID 4436 wrote to memory of 1132	4436	chrome.exe	77
PID 4436 wrote to memory of 1132	4436	chrome.exe	77
PID 4436 wrote to memory of 1132	4436	chrome.exe	77
PID 4436 wrote to memory of 1132	4436	chrome.exe	77
PID 4436 wrote to memory of 1132	4436	chrome.exe	77
PID 4436 wrote to memory of 1132	4436	chrome.exe	77
PID 4436 wrote to memory of 1132	4436	chrome.exe	77
PID 4436 wrote to memory of 1132	4436	chrome.exe	77
PID 4436 wrote to memory of 1132	4436	chrome.exe	77
PID 4436 wrote to memory of 1132	4436	chrome.exe	77
PID 4436 wrote to memory of 1132	4436	chrome.exe	77
PID 4436 wrote to memory of 1132	4436	chrome.exe	77
PID 4436 wrote to memory of 1132	4436	chrome.exe	77
PID 4436 wrote to memory of 1132	4436	chrome.exe	77
PID 4436 wrote to memory of 1132	4436	chrome.exe	77
PID 4436 wrote to memory of 1132	4436	chrome.exe	77
PID 4436 wrote to memory of 1132	4436	chrome.exe	77
PID 4436 wrote to memory of 1132	4436	chrome.exe	77
PID 4436 wrote to memory of 1132	4436	chrome.exe	77
PID 4436 wrote to memory of 1132	4436	chrome.exe	77
PID 4436 wrote to memory of 1132	4436	chrome.exe	77
PID 4436 wrote to memory of 1652	4436	chrome.exe	76
PID 4436 wrote to memory of 1652	4436	chrome.exe	76
PID 4436 wrote to memory of 2568	4436	chrome.exe	78
PID 4436 wrote to memory of 2568	4436	chrome.exe	78
PID 4436 wrote to memory of 2568	4436	chrome.exe	78
PID 4436 wrote to memory of 2568	4436	chrome.exe	78
PID 4436 wrote to memory of 2568	4436	chrome.exe	78
PID 4436 wrote to memory of 2568	4436	chrome.exe	78
PID 4436 wrote to memory of 2568	4436	chrome.exe	78
PID 4436 wrote to memory of 2568	4436	chrome.exe	78
PID 4436 wrote to memory of 2568	4436	chrome.exe	78
PID 4436 wrote to memory of 2568	4436	chrome.exe	78
PID 4436 wrote to memory of 2568	4436	chrome.exe	78
PID 4436 wrote to memory of 2568	4436	chrome.exe	78
PID 4436 wrote to memory of 2568	4436	chrome.exe	78
PID 4436 wrote to memory of 2568	4436	chrome.exe	78
PID 4436 wrote to memory of 2568	4436	chrome.exe	78
PID 4436 wrote to memory of 2568	4436	chrome.exe	78
PID 4436 wrote to memory of 2568	4436	chrome.exe	78
PID 4436 wrote to memory of 2568	4436	chrome.exe	78
PID 4436 wrote to memory of 2568	4436	chrome.exe	78
PID 4436 wrote to memory of 2568	4436	chrome.exe	78
PID 4436 wrote to memory of 2568	4436	chrome.exe	78
PID 4436 wrote to memory of 2568	4436	chrome.exe	78

Views/modifies file attributes 1 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
212	attrib.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://pixeldrain.com/u/7bKL5P7X
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffbccab9758,0x7ffbccab9768,0x7ffbccab9778
  2⤵
  PID:1912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1780 --field-trial-handle=1844,i,13537780701096585991,6335660868532082464,131072 /prefetch:8
  2⤵
  PID:1652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1524 --field-trial-handle=1844,i,13537780701096585991,6335660868532082464,131072 /prefetch:2
  2⤵
  PID:1132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2064 --field-trial-handle=1844,i,13537780701096585991,6335660868532082464,131072 /prefetch:8
  2⤵
  PID:2568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2904 --field-trial-handle=1844,i,13537780701096585991,6335660868532082464,131072 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2896 --field-trial-handle=1844,i,13537780701096585991,6335660868532082464,131072 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5152 --field-trial-handle=1844,i,13537780701096585991,6335660868532082464,131072 /prefetch:8
  2⤵
  PID:3232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5304 --field-trial-handle=1844,i,13537780701096585991,6335660868532082464,131072 /prefetch:8
  2⤵
  PID:3244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 --field-trial-handle=1844,i,13537780701096585991,6335660868532082464,131072 /prefetch:8
  2⤵
  PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 --field-trial-handle=1844,i,13537780701096585991,6335660868532082464,131072 /prefetch:8
  2⤵
  PID:4568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 --field-trial-handle=1844,i,13537780701096585991,6335660868532082464,131072 /prefetch:8
  2⤵
  PID:2228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5284 --field-trial-handle=1844,i,13537780701096585991,6335660868532082464,131072 /prefetch:8
  2⤵
  PID:2116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5336 --field-trial-handle=1844,i,13537780701096585991,6335660868532082464,131072 /prefetch:8
  2⤵
  PID:2844
- C:\Users\Admin\Downloads\Umbral.exe
  "C:\Users\Admin\Downloads\Umbral.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:4820
- - C:\Windows\SYSTEM32\attrib.exe
    "attrib.exe" +h +s "C:\Users\Admin\Downloads\Umbral.exe"
    3⤵
    - Views/modifies file attributes
    PID:212
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\Admin\Downloads\Umbral.exe'
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4176
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2
    3⤵
    PID:2552
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "powershell.exe" Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:8
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "powershell.exe" Get-ItemPropertyValue -Path HKLN:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3532
- - C:\Windows\System32\Wbem\wmic.exe
    "wmic.exe" os get Caption
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3404
- - C:\Windows\System32\Wbem\wmic.exe
    "wmic.exe" computersystem get totalphysicalmemory
    3⤵
    PID:3052
- - C:\Windows\System32\Wbem\wmic.exe
    "wmic.exe" csproduct get uuid
    3⤵
    PID:3696
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "powershell.exe" Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4148
- - C:\Windows\System32\Wbem\wmic.exe
    "wmic" path win32_VideoController get name
    3⤵
    - Detects videocard installed
    PID:3728
- - C:\Windows\SYSTEM32\cmd.exe
    "cmd.exe" /c ping localhost && del /F /A h "C:\Users\Admin\Downloads\Umbral.exe" && pause
    3⤵
    PID:2140
  - - C:\Windows\system32\PING.EXE
      ping localhost
      4⤵
      Runs ping.exe
      PID:1632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=868 --field-trial-handle=1844,i,13537780701096585991,6335660868532082464,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1236

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2124

C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
d4836ef5607c6dafe8b667c7168d2979

SHA1
7988a626da68a593d6b5612cb43e4a8d16f85222

SHA256
7d97e10afeb73832446c75fdec6b93d00e4aa5cdb4f04ecc0a89145082510f13

SHA512
9c37e38ec47fe754b8d5e0550821bd50fbc2763c81bdcc83fa5d1147c3022d13de5c70ba6546ccfe1158fa23650f8ebedd52699a5f28a297ead94f58ac0475bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\23b971c8-9572-4853-bc6d-cf8e192a57d2.tmp

Filesize
539B

MD5
d1180095d4d958795de2c5f90c7160ae

SHA1
b6dbb9b85a0f042944048545e3a193bd6531ecf3

SHA256
5197604104e8f6dc78d7de630b69a6a6d8e54f6a6ba841c31830bb50d5ec8253

SHA512
4646430fc056cebfd5ed524396c5f2db5f41f6cb60be60749645074cec53a44d131823112ccbcbb6c65c48f470b4b7bd4938a0cacba0e5f9c3b1289aa41fd46e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\977d2194-8f76-4b10-a7e1-c1b7004f7e04.tmp

Filesize
539B

MD5
2155e5d6632854d601541b8b429d6dba

SHA1
b044382a6af6c22f541352498aa1e730c405111e

SHA256
85a650392a444df518b9da20d3a53cea93d9bb6079da0d0c50b354821d0f6c66

SHA512
dcf60e4a4c2bc1abe4ff815bf134d7e9e215cbb28d0e76cdef7eb6c3f116217807518028035c163c600de792c7f3c18e448df687d93a4b93ac0465ae28bf3383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
2895652e2f0f628ca8a9f986c309b3c0

SHA1
3006c2d8562ae820152c852c5163353083b699b3

SHA256
c95b7e2c72f60d93a43d793a39326436534762aa5ee69e849e5b0124d77af06c

SHA512
df98a5e1bfe03e7ca3a14866d78432d4c54fcc9b872a320923298183479bcd35181092d0a84159b0e4234a5f2a2a70a2b618bbb2a1a1a1ee66bc2ef777b144bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
c97524df09f032fa0c078fe595f8c13e

SHA1
c29bb0001e2c99a210554daf944f8c60efff8986

SHA256
ff351627cf48da7b312db1fa1dc192a6571eb30d66e2d7a70b7ee04ff22193de

SHA512
fb754423c29a4ba17f7d6e413bb0381778811fd81bdbb389343c95e6f8b4863db6c833adbda4655bd2ab042d35021a2861a6eb08d34f6e115a20a4d1c2ab869a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
6e6693480ae2bf6a244902bb6e6951d5

SHA1
fe9ba9452888f2ca5b7ab1a3d0efc3a9015f499d

SHA256
47bc67426fd831c80630e7626040fb0a0f90363454a8a7963993378147c21efd

SHA512
0bacf3145470727cb7d37660244f618e791847a12c94dc4c8fb3e75b1debd28a4f62949d8d71631c5ff2258aebc40b8061837b2beedb037270b1bbb565893e07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
c7150b170a591b84f76a35d0b979c5ed

SHA1
4b418a987ab04243a3d09ea6d25e2ad0cd57397c

SHA256
35511d509d514dea358c2d37bdafc8e259402c1c6c4be6a925a7426087a41910

SHA512
4def2e7a56196bc18aeef22a108a17e188af5a9e80e57d3567420ba3dfb55f3e07fa4bc93981da91831f2e5d052672bfb0ba13de59d126638323c755cd25677b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
81ceeaa2868bfca98c61ddf1c38ee9a7

SHA1
394e1557d1670c82d2d73f297653ceccbde4e4cf

SHA256
0a619beff54405da6fe40b9e943a0c51b3d1a972dadfa38a1c77e46dca38b239

SHA512
58e4e5e0eef056320b12bfe88175060b091d6a7cd426aee188e8bd6460a7853d97143114b67c2ccd41b2219e6d4b61d2b768d4c8e1c779dc189b552605e06def

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
389160f0fdd91f9bbd81b204a8b65411

SHA1
98d200be95ce9fdac0a75db1bb6dbca4b43b9e92

SHA256
6cd97bacc032d3c7114b8d5abfd073f6406505edf7c07f0a27c3c509af59f361

SHA512
e2921a969bb6a362d7023abcf91b084cc09c3931ee6461e4dde26c39274662d0caf16de5f5640df64286450587cbee01a030cccf729c6e3bc91f27cc03e9c0b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
e3d5d137d640aaec4cd4c0de3e8b4659

SHA1
ece4a103035672d5c731c27bf8fa417c84346698

SHA256
3d052df15a9203c30ddcc0a9ef4fda23607c5f083080dfe659827024c5d15832

SHA512
c8ead761802d9ae5e51771edae775b9fb8a53d1d63b2d59e36a5df5940b567e1f2eb0c128a486e9ec93bb36d3d86b663ea1e6c24c50213f48765d5a5e6a0727f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
65a1e58e4f3e8623eee5885269cc2467

SHA1
f9e4b5c0a4a5fd3e55d073ebd83c1927bc79c129

SHA256
ebc82b2faf566afcd51a398c08e88c0661508326c4f91062e3e2ba4a86bed23e

SHA512
52838588ec6d414a67c0c87591cafb72be665e0c51b9c7a7737e513bd9e5e839f27e01e7ed4686878b7de0636b542005701978d4f4b7c1c9a1985ef75e7026cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
bbe968d45929d621eef2df0f21e61ed3

SHA1
dbfec53f18cab84119972b405cc9643e5c97f8fd

SHA256
907b690b994294dac072bfff75f593e7e4b3df946c241de34e3e3b71c3daa431

SHA512
d704748779180675c17d8a1ea78f928a4541bff0b4835cf6c0df5575886d3d5363d17a153bcf31ddff73506ef3d330ef806636996a0843e0936932b026a37241

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
79ee905cbd3a505fc0d460e30c32be9e

SHA1
793e1c02be8144836dba3dddf2a94382685e3489

SHA256
590b402980aaf1961a66b17fe08728b5118f943bf6d82a6ad407e04185d160f0

SHA512
f94900d69328ce08f34c2fd9c762e31abe81cea31b59d9e9e164380846b4d3830916872d263791ee579c8a18627aac2a8e0b695dddb74b3eeefda467f999668d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
232e8584596a1bfab783f0a06d9956c2

SHA1
5191c6ce7ab17ba49ae713421b61ecaa0b7c3a1c

SHA256
798ed85c4054b6ad15bdfc4dbdc244488c2beedacd886949b8403c1cdfb49c72

SHA512
3b564bd396d7432fc584afa5f3d349805390fbd094635c4c9833dce41ef9d531ce3c3a1d4fb9c2656ef020caa1f76b4dd15a6dac7a33d725b5b7ad23268ea964

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
537B

MD5
a0a8c23aa70e1c66aec3bb5a6e9f02bf

SHA1
20b99995f94b8d71a178d17f37c138c709098842

SHA256
df442072d762c14962b822c729f9d7b2242655a8baa98b1522927d24cfd97103

SHA512
2801e89f0c939ad62ca11943e191b6e787919d7e12d7b07f585a26a729ec580d3f86ecf119aa59a10aa755cffa0e5a6fc681f8511773cbe3be85ad54e4db764e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
f67e08139305a6fc060a642637988d82

SHA1
040fd540ad34666bd91bc226976430699908db7f

SHA256
6a3d94339b6c3230a5c261a26aa233e47307a7b663b42f88acebfcc438de92a4

SHA512
c8fbbd40dc1b16718776f3435f17ec7a2e09deb2ac2ab9b33dbced719aaa5b73df13ddf761e54731125d61c252e3cb31202d1e66a7d161664e38877c166ada11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
537B

MD5
deb510a0f7bde05d60c90e9a19406148

SHA1
6c5cce764da080ab6ade60713fc973770aaf8900

SHA256
ade6312031b5a626045d770e6a7e8c7d13fb7d8476e18d9a77572b2cad25ad39

SHA512
db014bde2fd8b709f434ac7e9554760da576f51345d8ddb721181ac840a7494a89da7af3666b9bbe95178d67a0accfe05e6fbad48a82441d58df07b7ab7f6292

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
d64a456f28dda481d9c686c6a4925139

SHA1
2158fefd68ed0d4e7121fd82b00d28a51e53b8f1

SHA256
27fe01e5e39d9e7836fa860cf16b59c245f5bf4d5d02352b4809ad801c281bcb

SHA512
928e78b8948cc1090786a4e748ac890bd8fcaaedf03a2e60a206e97e3de229bcaf6d6e8ee88432383116cdc3e2e700d0f713ab4ba493abfb3a6d4e5299906eb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
50a18756cf26beb106f98921c0974a7c

SHA1
70e0e8e339729b9a1e90c7e14621c84c3fee6c65

SHA256
141b6fd7d612153f6bcabdb15916541f0cb7137cced77c82be0299d788b56e3d

SHA512
3e3291940ec7cfdbd0da21e9ad63c05be8bd432181a7e82490a3b7e87221cbd2de6f4c9b3e0134d932c125a8aa5f7d3dd958a397e36e67b28f82d7c24240623e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
c6ac682f636c3ee5798bf9fc06c5ff34

SHA1
17d8f9d27c2e158e42dd6d42f667dcbffc1910f2

SHA256
fd5ff5c50be1e366d9828bfcb2bb7fcdafe34a0c8248d49060cef1c18bb13936

SHA512
0f1a1144748a996c6a789aee441bfe85e24a1f37541ffc64c52589579ba495ae653180f752ce250956a45bf26257ceab0c8224ce827d44d267b00f107d5d6766

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
0cb8e97460673b2ca52fe4f784294e3b

SHA1
4ea4bda4c53fd3d2872203a7846518d02769e519

SHA256
09b7265bbf32342b09d8bcd05d8088f21ed848bacf70ebd2665ef3b6d9eae064

SHA512
a5bf8cc64bbcd43f5c66a0dc12419573dbfcf3a50e1d8af68cbb8ca3f529b93d2d942789bffe2af6f9f6ce18be35bd4d463957b6c94faabb0ff4120f878e76da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
b01f0def71c7efa501da4cb70cb8a57a

SHA1
53c51f523669ed44b25d3857268f1957735aaeb6

SHA256
17c79e4a6781e658ddefddbd9ae05773f3e304347a6e65d74e5e309fb5e088e7

SHA512
16e8eb6c91220267800d7bed8217a1ab3d40e517f26686fd1e300b24324df931b23510022d869a4c09f419c69ae37fdb1daf321e6dc91d021652b125115204f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
cf19ffc3f104696ea94b22a91800f488

SHA1
f9213033f27c8c859dece0f7768ef4add5b09fb1

SHA256
c24e3bbd91dd1815855be7c2e6533a145fa7e7f0ff06cbafd89e3df385b5415f

SHA512
2c36cc713aa1f77e2b0a59420175c1d254fc0d7c95bd7f1902c5563914c1ae2c4d75a2ccef5864d6ba0efb717f7d35519380c127aa153ebebeaec2ffc2fc8424

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
56f8d669543283db88cfd2287403a4ce

SHA1
b05f274d27bb440ca82f89c3f8200869c3957bcd

SHA256
23e9392b9f62ae1e93cfcadc4b561160705137ba7898a6da282f64b91792c98f

SHA512
3efe7f9849fcd617f61de6aff27a002b57d24c566e4a61941220bbc9e39489afa7bb3e2d144bfa11df9939fef32ffca9d801abfafd3f9c8ab3c279d098634195

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
537B

MD5
fea825010481444a04f91db2dd200c10

SHA1
786f8860e25d71cc4bd247bf4d5e9a3ce183c240

SHA256
82e2220e01c1972503b7c2379daba5769b8e39721746b1dee53c02717239c4c6

SHA512
23484812136c2f4591672016d6f81761c6ff85e3ce635e2bdf87e97345fda89e74c667adfdb4b836cc47f6b22bfb5af8ea031df3fa990863db9e2fae6a7df79d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
5a69ac62314b270bdd37d5c6d63621eb

SHA1
a4a1a960cb1cb1ea004f0cc6ced72ce3ac82550b

SHA256
ce5a5907e04e619beb64ea8b6b99cec907f388d3ee7c9918f88086f8e29bbebe

SHA512
e1604ef4b16de628761d80ac542c04cd3b898e68fc28ac05f1b4834f68ae56c226e8a1828fb56a9498dc83a0979f2998cd12b05f042f46378a645dc3ac25af4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
f3464dfdfb4f645a964021d6ab52bff0

SHA1
15f61b74d643cc5d0146787f018e0cb7403489f8

SHA256
3a025444a2d7632f37ad2daa09c6d24db199373f87594d8fa37dce2e9bad3c37

SHA512
aa7697175d7d86e0a45873b26492cb43a80c94883a2870d183feb7875a897f70989c18720f72c03d855eb4cc1035abf33342773558463e0dc18004c0f5475c1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
a1ea45411eddddaf6c9a9ae3f89a2c13

SHA1
ed0b7a08fd7316e897d0126804c1ccc63685cc02

SHA256
f577018c0a1f78f0e2ca1d98d8d248849335c996c92da9e4441c7b4f51aeaee3

SHA512
2ddcaf503e32f35e640b0ab1d2e3484305a25ff0db5ba25e3876252a2c735d4baabdd14a80d160e1e1516e108a3390afd04b8500baf03c69b7080e90692b2e26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
3c27891c65642bb906be8bcaa456544a

SHA1
2d25e5ebafe3cb60f597e59c467d220c595f72dc

SHA256
1794b09e72f2a8b0cede4d37faceba8bca4606a357136c08a24319c58dc6e105

SHA512
e70803d13d0d051556dc8e5f0c009ffe7f77498464890a3ac1ca0bcfc72c2cb49e97c289fe25288e28f85acc5bb56b630f791804a3709a10133f1e064938963c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
346f36c73a8eef86eff61b247f82a55f

SHA1
be4dd09aaa5391ef8c1c2a2ff3ab7147866860ff

SHA256
3c4b5a6ba385ca4b63d3574099c171ae035b69c94db85e2912525e475c266f93

SHA512
00e8fab802a2fb0d08e092c09e8acd264335eb16a5d6ac1dd8f7035395a202470377837f7ac40ba457d28467b4bc94d78388cf4a5523b7ddc97425d887317c45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
281fe2cfaab1063d9af7355a15b16d19

SHA1
ecb9ef29037f2015751a74bdb9b2cd9969770ebf

SHA256
f72028b3526a95448df9fe8519a4cf84cd9e5674652f843c99cf3ca55ff395c3

SHA512
e0f3d2a3a0f16213c8a80a9baf33dff86338b0798ab3991ad29a1b7e90bda255166f8ced3675bcb1ef36da49a25f3745fd1906b4206fb759af9c1bb346c772f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
5da6013312ddeaf9e0713c7e850d6b66

SHA1
8f6219c52f4745cb32c382f60ec237a41f792e11

SHA256
5306b4b0349bef737929caf882f450a33bf1067533b3ab0c6b9cc958eb1c9331

SHA512
ff93d6f7e2468026081539fc1c422ef7e115fcf4878b229c18dbeceb835c4eb6633c6680f03e5345782194f5b4192f6c8777f79c58b057832e83e64f0c597724

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
3b665115409b3ad43c667ae3f7712aae

SHA1
79cf91760f6b560fd64257dcd564b3d7a6a3c964

SHA256
e88040771ed5c62eacd4eed3d1d1fcf08329f7b6758efdaf7e4f07ccac71d43e

SHA512
b598daab79beae4b0ea4b1d22855ccf79b978c68ab99bfd51256e7d4e1f68b3dc19f4d32c41537d3134d5fa4330e6d863cf0577e9ea7e28b683efbd703bb8286

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
5d3efc1e131230027ee8c5432dd9f01b

SHA1
5fda8e709617a94731c88f02c0429335730fa9cb

SHA256
d21b90f96dcc27dfada4c2185cd67d10ca579948f63dfdc1b9b7d25516240768

SHA512
caf642f9e04ab7755296a20a7a23e431bf71d96866d3496b112e3bda357de3f33091eb8c23166ae6130cf91e82d56d90378dc2fc3ba5110bee244f6f81bef0e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
0ee363a8839bbb6c91d22ca285620a45

SHA1
6a01316eb7f0a2a065a2f21bc854cc57aec73c58

SHA256
143a5b0803709cc554b90a69f519840493a6baded88db194386c73d4d918487f

SHA512
6668c1342290e2d5cc072b72a43db33947def1de22608fbf47eeb427622f5b41129e92943f98a356a38781c9e8cccc46e92e3846648acd3f1ad2e813c87bea9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
23af48670a7b34f14b30c5f2e4b3eb3a

SHA1
697489fc4e6ee82d4edc38ae209d435297cb1502

SHA256
619e6cf970bad044b37099a85c03724645a617877e4c20f2f191f969e6279095

SHA512
dfee907960d059b4060fb38b48bd3aaeb515b4ac99a01f95342c8798882695decea5d88f127d559b69641f4265d0777eda6b525ebfe2f72fa953e6348d02bd46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
ea7360ed4fc8cc1664ebdf4a50b94547

SHA1
8a2ee5c56665100343a8c0fd3d7d2c7cb67be718

SHA256
de6fa46c3d8e3f6c548312a3c0b9c6acbc0a549d7ec33b90ba63fc5e4dbfba4a

SHA512
9444e358475b93ec9793151c9ef8211b8847583b759032f0b2f5267943a852141f26f2842e68f5e62c247d6b8c4e0bb9c52f4da761de4883e4ec001054787b1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
d95feab8f4ce058d9fec0ed9d7f0e16d

SHA1
11d14a303df93b3b890970e74e9d1b538d5123d5

SHA256
881040b7029bebe59765cf9eb9b3725f5714849f90916f5a75039be216ae8896

SHA512
4523c16d4297287e2fa92a44d016b2b00da61fefb4a70f827c80ec673dfc0c0e96c55097a69336f2a228387f150d5dad7fd867524eb43626463a53f7f9238b1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
9638beedbe3662b9112d888b7663651d

SHA1
3bbeee6b9f57d82566414b039889c1c9b76a37dc

SHA256
3ef4907e5f624af23010dbcb220fb7058a6d7f0be951c43f3b8cd6a0eb8e82ef

SHA512
d235139e490ffc5e12e0e48f296a81085e214b37b25dcd482357a16d0017e8845a8a3f0b9243394457018fc7110fd3297f56189658c7484ce4b0102a797a0c23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
537B

MD5
9ad6393805ce9d2012b3e4f5b5337081

SHA1
70c729f44e782cb1234a645068ea11ef8ff0d78e

SHA256
8bb605bdd48462feeff2b31a603afd28876589fd9643040b8c8bd63056d169f9

SHA512
d77a6ccda29393b5663a2658953f92ee2d93404bf43c8858e9754203cadb578613c69d888a1de06aca82fc90c5807e146700cb2868fcc76e1f8debffe4b7fea9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
59c0ffdb51e420f29dc054ae39dc2a17

SHA1
8c94aa72907a3cb6d90de25d9b3aee88d798234e

SHA256
937ad013b7324392ea35bcd53354046c6ff4db6e6a6b711f6504f1d566bb0598

SHA512
a5c211dac8883b83aecefd6ab56a4f7f18a6cfcc8ee041591f78e084a24d73c42a7237157e2db012268aca50fe07927425887aa5e8a83e1cfcb5b25ff858ea98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
6a6799edea998df3ce2e04077c247942

SHA1
38a6e8797ed63842972062ac36d23661f77f582c

SHA256
49456b8d5d72fe9f999791087af6913cda7d351354e48a65e89cbc6cf0b52564

SHA512
c9b053b8325906020e918920676fe72f4ef1c74b9dc01d3105515d6130eea2468b703a54d125c7b2f7f7a6c6d2ade8b8428f3e7a9d1d3c250c39b688d36113f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
a3f14ae8b6078003c69bfae44a015a74

SHA1
a8424c2d988b8fbc2eed800b298933b9558c11d0

SHA256
558b7cb26fab4c02aab02ea475c3153d9d8754c4e9e83ddff5dee4cd8e32a94d

SHA512
f6e5b1580907b144b986d978d604475621f6f70382806e1f009986e3cf96a839cfb90fb43b76099269a6c5ae47699954341e008de7926838cf342890da7799e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
b565d24ce56333b3729bf4015c83e275

SHA1
80c37d2e0668f62c2823b5b4b1717a4ad26ca089

SHA256
cd7107f51fcbbc70510014886576a547a9625b1cedeca24fd69045047a50eef5

SHA512
59c7caa2427a778fe88e24afc2a8df172d6e90638c58a66576faf3280bc57da6b22ff9388a09322c26416c7223611483eec99f2662192a947305b61200b2ff6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
e2479ae84d59b7d3488ac5b102b5d8a8

SHA1
86ed2031b384477d2e9b0b3f33e742e81bfc0ae5

SHA256
cd158d37dc8e3f1fe9ef235dbd5fb338ba357729ee95ccf8c3c32ba3fc3e1afa

SHA512
74c56d6ec479e7c72722139f64ae317ba393caac6049c4eb9947d4a73e568575347f7dd7a49dc5304e77dc56d3f05a9dadd9be32e386b8979a57cb9b7af2e6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
26621f4c9eedac9192cc27cab7cc4ac7

SHA1
2cedb9424fbd6c44056dc98607d4115724b29642

SHA256
c7c0086bd875dcf6a75ed8a4f643bc05264864a5e5382b55378a5c9845038997

SHA512
489801c8f693a1b78b17931524c244c5a24642833133d5545d87057045854deb7c20e5bdd602908eb0de69b101fd3ef1af7f0ba60e5c5164b934aea6abf53c39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
4998ae1c6d2669f796c161d9f53a545f

SHA1
a0b2834d1f8539e6a6b3f1256a5cf784ebad275c

SHA256
7b13324d90201fe650c181093e2889c23130ed16aab57ee3ad96e30d9b602131

SHA512
a427d104ac0a06e0ca524735cc382d4b89b982e69dcf39a2f99d40ac2044f692a20359bd2f22e36b149b62cc72105347852b390350a8f3347db2be5572ba22de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
10fc4e39ce898a0de7b9c9cd1169cdc8

SHA1
44dd9f8a63f8c852aae32556306669a21c40cb4b

SHA256
2fef8f67abcdfbd2633f9dbfbf25afb62f8249e1cd667c8fea41e299e49a9741

SHA512
2ba4756562ad1aa32faeb55735421682cf2bc137340a4955db1dcbd118cca49d12a82d732f83377d971fea7a3adc664beb940b7d5204039d0d18e7cfb91763d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\b971f256-b3e5-41db-a491-7f3f921fac37.tmp

Filesize
539B

MD5
0c7637974119f8b4819451891f11eb3b

SHA1
9b4ab5c30c8c77b74eb65616e9d39c4d36fc60e5

SHA256
c86b5bb6dd9da8bef2318fdacd3ad43588d91d4d71ccbf0c7ced0f789b8d9142

SHA512
c51b3c157ceaa3b329d196c72ca383efbea6ea602ede35e8df16c9debc14852fd5f4878974e9ac89e1c946cfe4f06949988e635e73186c1ef3a5947d3b1f3fb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
046a6cd2aac8e524ebbaeb3d80c1febd

SHA1
7ee05a4da48d7bfa1854fe0bf132b5595132100b

SHA256
f59d192903489debbb783800c3556458488c1e88f00f802f1207b53919c09aea

SHA512
c04fdbb77bb43eedf0054e86ad8649a3e7e39ecd849bbdddb410864651cf010d0bfb9bf5bbef24e9ff4a74a14122caec8935aadc813b6000ed4e5f5e32cd13e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
632799767da4f22f19123736490e768b

SHA1
b3b3f701275f962e40dc3d1decd6f99bec968e1b

SHA256
6b1a9942bc8a0e28e70a950dda0c2c84a310e5d88e0814493036ac1f4276b204

SHA512
263551a7e467a61259621b5ee419a211b88b7eaee8788cec95d6488cd6fd38a0d26bf2d193ecacd2724f7822305185ec809a65b63384007c313cf7569b452edf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
feffd14da7ad070ccf437936b8ace6f8

SHA1
914963266e2eb209243a3ea19246cf8bd72505e4

SHA256
246c9ffaf35afd2b1e4aa96ec3c48afe5285c2ef590e8b8385fdd8fdc1f90751

SHA512
2848342f71efa753361e5ca233931dbfc808eabd036d7bcd23f9af31c498ceba46391dcc63c355a3646371429a9c2fad8e387dc1c7c3486455489450cbfe1b1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

Filesize
8KB

MD5
256f604782e4a33a8daac92503852435

SHA1
2d2437d76da83cacc0cd700300db429c08555d8c

SHA256
30ea243c7e74955b9252fd8517362acc1d3723369191f31487e972446acffcbd

SHA512
7cd6476ad986bfd7285ceccd1134610cbcd153792d0776aa40cf1eaabb9ef7742f877a98d5190320850fe9962e3e049dac589d9c7f70f4324260efdcf406f998

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
81c3f394572a60c648f1361e59b95df3

SHA1
f0afc46a4e8cff30ed107288feb0b9016988cc8a

SHA256
e08c76dd598ff6b9c87f8d0fbef822836d7579cc5084ec4c19aa26edbf2c7b10

SHA512
d2cae6cb6c0e8e018ec4e592f5f92c8ff51f14e692412f0bcaf8f9b7b30d2e4d4cc902516d6f6821cb7071b693e85643293867dcaadde54c822cbaa220a9a0cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
3KB

MD5
8592ba100a78835a6b94d5949e13dfc1

SHA1
63e901200ab9a57c7dd4c078d7f75dcd3b357020

SHA256
fdd7d9def6f9f0c0f2e60dbc8a2d1999071cd7d3095e9e087bb1cda7a614ac3c

SHA512
87f98e6cb61b2a2a7d65710c4d33881d89715eb7a06e00d492259f35c3902498baabffc5886be0ec5a14312ad4c262e3fc40cd3a5cb91701af0fb229726b88c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
3440f998908b96105fa1a160ebb9b05d

SHA1
6c8b329a3e838e650f17ac77b76c9a761b3c5d35

SHA256
997ab5d03420d88b54055c3ff8a8f40510e4b8f2f593dfc00ba8f825c1490012

SHA512
c32b8a341cfc210a7ec1a92f3c3e1397184492b231f8646ffbc0b4078390844c2c51cd2347429f75472426beb69a56cf77886418e111547478686285430e9352

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
70ec9a935882c433d6cd82ce5d2ec01d

SHA1
55af174d37acc280fcbc709adee4a4060da8e4b4

SHA256
0b16ba944f2c73f36caefb1f084b8bed98065350cf3a3bd636b6832ad4ac33c0

SHA512
f3d19fcb0790f2ba1b55a3fab6415e5a7cae9fa88bc756a199c9cecd4e3c875ad520b50d2f9b9c0cd5a6a8325ea36be4d16eddbe04524a31ceb35b6e4d2b0e43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
ad61847840cadfb9706bc225658ea9dd

SHA1
ea3b18d4749771452d6be9f846c3e78ca8aa7295

SHA256
08dff8be3f6468c2818eb103c04d2cd8f8f7b5501c05ecc028a9ee0e3b7c420f

SHA512
e85f27353072eae2461b4666b30512a3fa0b7787a5bf65fdcee690e96b61241e0ad58c891b33300deb59847b434d1d02afd87e8579a892db21ef014bcc285b85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
43560ff91dd9ab9ef3e79acc94d441b0

SHA1
f1ba3ac915e1e45800b29e8c4a3072d156cb597b

SHA256
e8048ec3d27722de1b124dee8c2af5db4f75565b88251579b7320656dc487d14

SHA512
28a3cfa336b463e8932fd8a9fddd2794edb32418537af04121157cac59555451454465c066f0bed6d352b8a77e6c704ef99d879b7f7e4bbc5d52a1104e303224

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_bo4g23hf.pnr.ps1

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 804973.crdownload

Filesize
229KB

MD5
07d67e3ff4ce90fe952f03f26fac9a1e

SHA1
ba6203375fef0193c04beba4811c9ff6bbf3e201

SHA256
dbab31d63dcd9cda76f864221c2db8d8827d392815139a5e39974ca24d488b69

SHA512
4e8db2a7cfd994b38da4b5749ccf25aae81418e96334d274d712105e69a592eb1d04fa49ad0e9e91c68e99afc236c592bbfa2066b8942c6ac893a161f18ceb06

Download Submit
memory/8-168-0x00007FFBB9900000-0x00007FFBBA2EC000-memory.dmp

Filesize
9.9MB

Download
memory/8-170-0x0000025B26B70000-0x0000025B26B80000-memory.dmp

Filesize
64KB

Download
memory/8-172-0x0000025B26B70000-0x0000025B26B80000-memory.dmp

Filesize
64KB

Download
memory/8-203-0x0000025B26B70000-0x0000025B26B80000-memory.dmp

Filesize
64KB

Download
memory/8-204-0x0000025B26B70000-0x0000025B26B80000-memory.dmp

Filesize
64KB

Download
memory/8-207-0x00007FFBB9900000-0x00007FFBBA2EC000-memory.dmp

Filesize
9.9MB

Download
memory/2552-216-0x00007FFBB9900000-0x00007FFBBA2EC000-memory.dmp

Filesize
9.9MB

Download
memory/2552-119-0x00007FFBB9900000-0x00007FFBBA2EC000-memory.dmp

Filesize
9.9MB

Download
memory/2552-122-0x0000022C494C0000-0x0000022C494D0000-memory.dmp

Filesize
64KB

Download
memory/2552-123-0x0000022C494C0000-0x0000022C494D0000-memory.dmp

Filesize
64KB

Download
memory/3532-242-0x000001E82D230000-0x000001E82D240000-memory.dmp

Filesize
64KB

Download
memory/3532-218-0x000001E82D230000-0x000001E82D240000-memory.dmp

Filesize
64KB

Download
memory/3532-217-0x000001E82D230000-0x000001E82D240000-memory.dmp

Filesize
64KB

Download
memory/3532-241-0x000001E82D230000-0x000001E82D240000-memory.dmp

Filesize
64KB

Download
memory/3532-211-0x00007FFBB9900000-0x00007FFBBA2EC000-memory.dmp

Filesize
9.9MB

Download
memory/3532-245-0x00007FFBB9900000-0x00007FFBBA2EC000-memory.dmp

Filesize
9.9MB

Download
memory/4148-258-0x000001E9BD3F0000-0x000001E9BD400000-memory.dmp

Filesize
64KB

Download
memory/4148-280-0x00007FFBB9900000-0x00007FFBBA2EC000-memory.dmp

Filesize
9.9MB

Download
memory/4148-277-0x000001E9BD3F0000-0x000001E9BD400000-memory.dmp

Filesize
64KB

Download
memory/4148-257-0x00007FFBB9900000-0x00007FFBBA2EC000-memory.dmp

Filesize
9.9MB

Download
memory/4148-259-0x000001E9BD3F0000-0x000001E9BD400000-memory.dmp

Filesize
64KB

Download
memory/4176-71-0x0000023B620C0000-0x0000023B620E2000-memory.dmp

Filesize
136KB

Download
memory/4176-69-0x0000023B49A60000-0x0000023B49A70000-memory.dmp

Filesize
64KB

Download
memory/4176-68-0x00007FFBB9900000-0x00007FFBBA2EC000-memory.dmp

Filesize
9.9MB

Download
memory/4176-70-0x0000023B49A60000-0x0000023B49A70000-memory.dmp

Filesize
64KB

Download
memory/4176-74-0x0000023B62270000-0x0000023B622E6000-memory.dmp

Filesize
472KB

Download
memory/4176-87-0x0000023B49A60000-0x0000023B49A70000-memory.dmp

Filesize
64KB

Download
memory/4176-109-0x0000023B49A60000-0x0000023B49A70000-memory.dmp

Filesize
64KB

Download
memory/4176-115-0x00007FFBB9900000-0x00007FFBBA2EC000-memory.dmp

Filesize
9.9MB

Download
memory/4820-248-0x000001CBE3C30000-0x000001CBE3C42000-memory.dmp

Filesize
72KB

Download
memory/4820-247-0x000001CBE3C00000-0x000001CBE3C0A000-memory.dmp

Filesize
40KB

Download
memory/4820-171-0x000001CBE22E0000-0x000001CBE22F0000-memory.dmp

Filesize
64KB

Download
memory/4820-285-0x00007FFBB9900000-0x00007FFBBA2EC000-memory.dmp

Filesize
9.9MB

Download
memory/4820-154-0x00007FFBB9900000-0x00007FFBBA2EC000-memory.dmp

Filesize
9.9MB

Download
memory/4820-164-0x000001CBE2320000-0x000001CBE233E000-memory.dmp

Filesize
120KB

Download
memory/4820-162-0x000001CBFC580000-0x000001CBFC5D0000-memory.dmp

Filesize
320KB

Download
memory/4820-63-0x000001CBE22E0000-0x000001CBE22F0000-memory.dmp

Filesize
64KB

Download
memory/4820-62-0x00007FFBB9900000-0x00007FFBBA2EC000-memory.dmp

Filesize
9.9MB

Download
memory/4820-61-0x000001CBE1E80000-0x000001CBE1EC0000-memory.dmp

Filesize
256KB

Download