umbral | hxxps://oxy[.]st/d/uwIh

Analysis

max time kernel
149s
max time network
148s
platform
windows10-1703_x64
resource
win10-20240221-en
resource tags

arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
submitted
21-02-2024 16:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://oxy.st/d/uwIh

Score

10^/10

umbral stealer

Malware Config

Extracted

Family

umbral

https://discord.com/api/webhooks/1209870823993905173/Egfaxa6idBzbpLFI9664v8Hpur9oripn4RcVQl4M4WzLmjJfH-ZMS2Kpe-ZwpKQb1PTz

Signatures

Detect Umbral payload 3 IoCs

resource	yara_rule
behavioral2/files/0x000600000001acd7-407.dat	family_umbral
behavioral2/memory/2312-428-0x000002454F0D0000-0x000002454F110000-memory.dmp	family_umbral
behavioral2/files/0x000600000001acd7-485.dat	family_umbral

Umbral
Umbral stealer is an opensource moduler stealer written in C#.
stealer umbral
Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
2312	Eletron (1).exe
4592	Eletron (1).exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2428	chrome.exe
2428	chrome.exe
2748	chrome.exe
2748	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: 33	1272	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1272	AUDIODG.EXE
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe

Suspicious use of FindShellTrayWindow 43 IoCs

pid	Process
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2428 wrote to memory of 5012	2428	chrome.exe	75
PID 2428 wrote to memory of 5012	2428	chrome.exe	75
PID 2428 wrote to memory of 2676	2428	chrome.exe	78
PID 2428 wrote to memory of 2676	2428	chrome.exe	78
PID 2428 wrote to memory of 2676	2428	chrome.exe	78
PID 2428 wrote to memory of 2676	2428	chrome.exe	78
PID 2428 wrote to memory of 2676	2428	chrome.exe	78
PID 2428 wrote to memory of 2676	2428	chrome.exe	78
PID 2428 wrote to memory of 2676	2428	chrome.exe	78
PID 2428 wrote to memory of 2676	2428	chrome.exe	78
PID 2428 wrote to memory of 2676	2428	chrome.exe	78
PID 2428 wrote to memory of 2676	2428	chrome.exe	78
PID 2428 wrote to memory of 2676	2428	chrome.exe	78
PID 2428 wrote to memory of 2676	2428	chrome.exe	78
PID 2428 wrote to memory of 2676	2428	chrome.exe	78
PID 2428 wrote to memory of 2676	2428	chrome.exe	78
PID 2428 wrote to memory of 2676	2428	chrome.exe	78
PID 2428 wrote to memory of 2676	2428	chrome.exe	78
PID 2428 wrote to memory of 2676	2428	chrome.exe	78
PID 2428 wrote to memory of 2676	2428	chrome.exe	78
PID 2428 wrote to memory of 2676	2428	chrome.exe	78
PID 2428 wrote to memory of 2676	2428	chrome.exe	78
PID 2428 wrote to memory of 2676	2428	chrome.exe	78
PID 2428 wrote to memory of 2676	2428	chrome.exe	78
PID 2428 wrote to memory of 2676	2428	chrome.exe	78
PID 2428 wrote to memory of 2676	2428	chrome.exe	78
PID 2428 wrote to memory of 2676	2428	chrome.exe	78
PID 2428 wrote to memory of 2676	2428	chrome.exe	78
PID 2428 wrote to memory of 2676	2428	chrome.exe	78
PID 2428 wrote to memory of 2676	2428	chrome.exe	78
PID 2428 wrote to memory of 2676	2428	chrome.exe	78
PID 2428 wrote to memory of 2676	2428	chrome.exe	78
PID 2428 wrote to memory of 2676	2428	chrome.exe	78
PID 2428 wrote to memory of 2676	2428	chrome.exe	78
PID 2428 wrote to memory of 2676	2428	chrome.exe	78
PID 2428 wrote to memory of 2676	2428	chrome.exe	78
PID 2428 wrote to memory of 2676	2428	chrome.exe	78
PID 2428 wrote to memory of 2676	2428	chrome.exe	78
PID 2428 wrote to memory of 2676	2428	chrome.exe	78
PID 2428 wrote to memory of 2676	2428	chrome.exe	78
PID 2428 wrote to memory of 4328	2428	chrome.exe	77
PID 2428 wrote to memory of 4328	2428	chrome.exe	77
PID 2428 wrote to memory of 1668	2428	chrome.exe	79
PID 2428 wrote to memory of 1668	2428	chrome.exe	79
PID 2428 wrote to memory of 1668	2428	chrome.exe	79
PID 2428 wrote to memory of 1668	2428	chrome.exe	79
PID 2428 wrote to memory of 1668	2428	chrome.exe	79
PID 2428 wrote to memory of 1668	2428	chrome.exe	79
PID 2428 wrote to memory of 1668	2428	chrome.exe	79
PID 2428 wrote to memory of 1668	2428	chrome.exe	79
PID 2428 wrote to memory of 1668	2428	chrome.exe	79
PID 2428 wrote to memory of 1668	2428	chrome.exe	79
PID 2428 wrote to memory of 1668	2428	chrome.exe	79
PID 2428 wrote to memory of 1668	2428	chrome.exe	79
PID 2428 wrote to memory of 1668	2428	chrome.exe	79
PID 2428 wrote to memory of 1668	2428	chrome.exe	79
PID 2428 wrote to memory of 1668	2428	chrome.exe	79
PID 2428 wrote to memory of 1668	2428	chrome.exe	79
PID 2428 wrote to memory of 1668	2428	chrome.exe	79
PID 2428 wrote to memory of 1668	2428	chrome.exe	79
PID 2428 wrote to memory of 1668	2428	chrome.exe	79
PID 2428 wrote to memory of 1668	2428	chrome.exe	79
PID 2428 wrote to memory of 1668	2428	chrome.exe	79
PID 2428 wrote to memory of 1668	2428	chrome.exe	79

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://oxy.st/d/uwIh
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffb82339758,0x7ffb82339768,0x7ffb82339778
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1760 --field-trial-handle=1848,i,7686920700100791636,15680121955677764918,131072 /prefetch:8
  2⤵
  PID:4328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1848,i,7686920700100791636,15680121955677764918,131072 /prefetch:2
  2⤵
  PID:2676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2068 --field-trial-handle=1848,i,7686920700100791636,15680121955677764918,131072 /prefetch:8
  2⤵
  PID:1668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2844 --field-trial-handle=1848,i,7686920700100791636,15680121955677764918,131072 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2836 --field-trial-handle=1848,i,7686920700100791636,15680121955677764918,131072 /prefetch:1
  2⤵
  PID:2384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4668 --field-trial-handle=1848,i,7686920700100791636,15680121955677764918,131072 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4676 --field-trial-handle=1848,i,7686920700100791636,15680121955677764918,131072 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3808 --field-trial-handle=1848,i,7686920700100791636,15680121955677764918,131072 /prefetch:1
  2⤵
  PID:3340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2944 --field-trial-handle=1848,i,7686920700100791636,15680121955677764918,131072 /prefetch:8
  2⤵
  PID:1300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 --field-trial-handle=1848,i,7686920700100791636,15680121955677764918,131072 /prefetch:8
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5404 --field-trial-handle=1848,i,7686920700100791636,15680121955677764918,131072 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5452 --field-trial-handle=1848,i,7686920700100791636,15680121955677764918,131072 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5724 --field-trial-handle=1848,i,7686920700100791636,15680121955677764918,131072 /prefetch:8
  2⤵
  PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4748 --field-trial-handle=1848,i,7686920700100791636,15680121955677764918,131072 /prefetch:1
  2⤵
  PID:512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4736 --field-trial-handle=1848,i,7686920700100791636,15680121955677764918,131072 /prefetch:1
  2⤵
  PID:360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=1808 --field-trial-handle=1848,i,7686920700100791636,15680121955677764918,131072 /prefetch:1
  2⤵
  PID:3752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5556 --field-trial-handle=1848,i,7686920700100791636,15680121955677764918,131072 /prefetch:1
  2⤵
  PID:4176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4912 --field-trial-handle=1848,i,7686920700100791636,15680121955677764918,131072 /prefetch:8
  2⤵
  PID:4332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5992 --field-trial-handle=1848,i,7686920700100791636,15680121955677764918,131072 /prefetch:8
  2⤵
  PID:348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6244 --field-trial-handle=1848,i,7686920700100791636,15680121955677764918,131072 /prefetch:8
  2⤵
  PID:2396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4340 --field-trial-handle=1848,i,7686920700100791636,15680121955677764918,131072 /prefetch:8
  2⤵
  PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5464 --field-trial-handle=1848,i,7686920700100791636,15680121955677764918,131072 /prefetch:8
  2⤵
  PID:4636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6536 --field-trial-handle=1848,i,7686920700100791636,15680121955677764918,131072 /prefetch:8
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4740 --field-trial-handle=1848,i,7686920700100791636,15680121955677764918,131072 /prefetch:8
  2⤵
  PID:3144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6204 --field-trial-handle=1848,i,7686920700100791636,15680121955677764918,131072 /prefetch:8
  2⤵
  PID:508
- C:\Users\Admin\Downloads\Eletron (1).exe
  "C:\Users\Admin\Downloads\Eletron (1).exe"
  2⤵
  - Executes dropped EXE
  PID:2312
- - C:\Windows\System32\Wbem\wmic.exe
    "wmic.exe" csproduct get uuid
    3⤵
    PID:4336
- C:\Users\Admin\Downloads\Eletron (1).exe
  "C:\Users\Admin\Downloads\Eletron (1).exe"
  2⤵
  - Executes dropped EXE
  PID:4592
- - C:\Windows\System32\Wbem\wmic.exe
    "wmic.exe" csproduct get uuid
    3⤵
    PID:4336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7016 --field-trial-handle=1848,i,7686920700100791636,15680121955677764918,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2748

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3344

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x200
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1272

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
32KB

MD5
057478083c1d55ea0c2182b24f6dd72f

SHA1
caf557cd276a76992084efc4c8857b66791a6b7f

SHA256
bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b

SHA512
98ff4416db333e5a5a8f8f299c393dd1a50f574a2c1c601a0724a8ea7fb652f6ec0ba2267390327185ebea55f5c5049ab486d88b4c5fc1585a6a975238507a15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
20KB

MD5
e648b4f809fa852297cf344248779163

SHA1
ea6b174e3bca31d6d29b84ffbcbcc3749e47892e

SHA256
637f545351fbed7e7207fdf36e1381b0860f12fffde46a6fa43bdafcc7a05758

SHA512
a2240d4a902c8245e3ffebd0509e25dd5005d0e6f075f5c78a46095b9a52d86ed483583a2a8b39f1ad4e610d2f7ec63e4ef8eab89936d30da937690936ef4f12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
194KB

MD5
ac84f1282f8542dee07f8a1af421f2a7

SHA1
261885284826281a99ff982428a765be30de9029

SHA256
193b8f571f3fd65b98dc39601431ff6e91ade5f90ee7790bfc1fba8f7580a4b0

SHA512
9f4f58ab43ddadad903cea3454d79b99a750f05e4d850de5f25371d5bec16fc312015a875b8f418154f1124c400ae1c82e2efd862870cd35c3f0961426c8cd82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
23KB

MD5
82db06ca267ac7fdd878a1df35f41f4e

SHA1
9dae7f1ae60d7b83dbdada64fd1b4296f8f20051

SHA256
3847721350fd764d4d21cb4d2e02ab95c4ccdaa9d8ffefeb6f1078bf169ac6fb

SHA512
6e9beeca7caa94fc5dcf929d5af18d24acfc2a56612840b7084fb6057785d85b272eec8acdf4457c7dd1de9bee5e03fefc082a170131002229da0c01da9a8fb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
23KB

MD5
cd7b3e4dfecea7028bc1bdeda5a47477

SHA1
5c37dcaa4ed3c2a4051e4dc1714a342ac0de8365

SHA256
4d401337713e7f1c9f6588f8f7d79721e531c837b5f2f73c0b3cb372fd8f9b87

SHA512
ea11eb8d8347a39a1aa990a05cce6543e47145a1e618091750e2ad77497449e12e8b4d5b1e3385c9669cdd6a66e7dac96ff0e67913730c27c0ef2ff40a669f2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
29KB

MD5
28198fab85f1ac98f664600f670ba43d

SHA1
ee0dd46d793071270130c08412258d8c32194a32

SHA256
81bd52c3dd2417f30deadecbe5412bed404a86e05233b7b7ba6b7e8f682b5b49

SHA512
a1b3ff8361213c15bb077a3b9d31e9cb8b7705d04f2815395c13365972ca94e798f11532df48583fb3792df329d2a98ec903aa0457841da34f062f170de5d921

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
20KB

MD5
4588208961b6b7ed6cd974687346348a

SHA1
52085a4f6c875b6949261704f05050c1727e9c55

SHA256
95a95b07b4e0d051f83a51b680810572bd1244b42cb6e640d3b29b98f3e92885

SHA512
a9853353e68286f62535548ddbf1a97f1b39c1b6200161a660b1a4eac6864a1f6e93ab72d2cfe61249bf4543e2317f04babb3be211a37c12a55d55ee08b2b515

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
88KB

MD5
f64473f7f0d77763bf319a920044a5fe

SHA1
085e34089773af2ec9ec67f206d51e9ada6a84fb

SHA256
d0ce3ff70f038c52fd30f79350f60b4dff5c9bf0f327a1389c83c409a1f8846d

SHA512
25a85139b51b7b1e45a30c3cb8a5f53d7c7c09d7a636236a2abe56e7737c5ff1b7481d2d71ccdee2959c480cece1f753acc27998c1cb981c989b5b03aec5a20a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

Filesize
19KB

MD5
d37ece4290313a264b5e235c0dadf2fb

SHA1
9ae09bed58122b3d3c4914c45e682dce63993e14

SHA256
e08d9d0fd918211315836b13807379efdf0a22ac163c96f96c5a14d1212781bd

SHA512
28a9ebb27fa73557ed24458864558fca4666cfd53766795b2c6785202fba4ca67a29a25f48d3e11ff9bf462b070349571d67a92b1202ae42ca8583db3a781a9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
31KB

MD5
8e2a0e56ae25b282b437f9d5bd300d96

SHA1
5d4ba26731ee84ba9bbc5487312162b826ede550

SHA256
b48a7837a73459a7d6f545cb45a810533d9bf006a54077b2ca3bd62dd6f6315d

SHA512
a2529efb9941f92a6c84c40214bc9c7c97ab70dd69040238b82f9422bfb5424b41e3f56146017c4a9fdb545b17f84058e03c8179fd4f6385e542d799df5d7a4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

Filesize
72KB

MD5
ce2f90b81ee3a43f46c29223ad1d981b

SHA1
b82b68c892bd7c8b0bf06a883f1bdcd8ca0121e5

SHA256
7b5c7bc066eb345c6c48189f960ad13fac80add5b5769e2d7a1f59d82a382505

SHA512
85333d169f9815e608eca91d3ba07b18ad6d121806caec0474fd73bcdf22cd0ec032058ae029fd8ac650667df7a382c1fe186ec15f2e13b224a253e7d7c3c674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
63e0dd1a9cac8c157dd6b2b6220775d4

SHA1
7a3b4936aef62667b57cabb76797f5a9e36b67e0

SHA256
c9853b29dc610f8b887deb50897f90f3a6833dad01cb6d5bee2c396c77d80944

SHA512
d34fd46439303c4f06c2090a341689a6fc325749671f0e226f1fa02dfff8c689e2cd858978d0c8903a2a1b926c201aaa77cb5c2f5220adfe9211dd5b07d12879

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_download.oxy.st_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_oxy.st_0.indexeddb.leveldb\LOG.old

Filesize
371B

MD5
27d15c071cf8f18aa73dee90cb15bd61

SHA1
63feb256ce04691052226e26934659644718682f

SHA256
3d5b094461f199563dbb118c6a8ba5ff9a9cd0192af222c0e5d45628ea691473

SHA512
c5eb7f0139fc2e80814879af4f9ce4253a281e9fa78f29628120d2dbd542cd7f51d96599aed078136b0baba73f3549625c1796543f55288305b8f54ea09c3701

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_oxy.st_0.indexeddb.leveldb\LOG.old~RFe591831.TMP

Filesize
333B

MD5
7cb6541dbbec23e450068211320d8b92

SHA1
12da34c3c4b1b4d7d21d64dfa349cca757cffadc

SHA256
74186594cf47bda716194fdbd1bdf42bfef544e1c43e2e8b35163b168303ebbc

SHA512
521975dd0acb080a25ee59e9a5029ad5330154a9e88b6a9be5a928e58f2fe1efdb1cdead01cbf02aac11efab4628fd4eaad6246974ca9c32fcff87fe9ae72164

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
795dc7c3d15475bc4a62123c05210405

SHA1
38e19a4e80c44a3479bf0936df4086cb31425d3d

SHA256
343840dc62f4d60439982856b5ac25edc5772b6652f54d4efd6a2d2288fb3827

SHA512
4314a5075ab7c8e809a1b32df8d9f4c1eeb097ce0ed616d12fbf88b99d35fb111e3cdc13de825f7fd2cf500cdbbb8912e66a1929da3e661ec84a4a76def53c48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
4d209ad48ff029662345ccb1b7689a71

SHA1
eae771db446970ba2128880813e3cae5802d4063

SHA256
abe57732e3cff321d4e73395fb638ac7b7e0c2ec4a5dfafbcfaefc3e681a5f42

SHA512
d51138f894f848e5079e7ef687e4308a2f11c2375e5b65672e1a1984e5bef3b5eb184b5017eae2f2f6803f0f69327946e36e6ba3c76465454c2bb13bab92c6e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
c9a197f55e81105af47fcd5201bf260d

SHA1
b51bf78a1320cc9fcdee28cae1d11a71cf5fd59c

SHA256
b73359301e577f6fe6edca3ad7d4daa61a31ae114bdfd96ec0170da78e121dc2

SHA512
f6800f3e9f443a1dfe2c51397a427d457b3319b8e6ceab9a22db6469ac47904e8ce543c609a20bfd2b1a6cb5b18f20acc93cba2ccb0e18170ac774580df48ad0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
7a433be2f3a0158133c7bf2cfb8fb283

SHA1
5629469326b63e2267f4f75276d80f3bed0d639e

SHA256
4654e6cd0ffbeae45ccddd98dd3e009cbf68c4505691c273d5c3e85ead781403

SHA512
965638ea455cf61e3aa85cf6f1e6565ad983e98be058d3703c95ab76b44aa2fe9f205eddbeb0e30638f3ff64f897f5ac60b8633c60ac3403328d319dc249b590

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e6ee5a889e004bb7cd6416db3c988a50

SHA1
4e99316653b0fbc3e7645eb06fff30d5fd655a8e

SHA256
a90408179c54d7ad9934105f4fe401b436316cd4e8fd99a751c19f3082ed1cd5

SHA512
f258aa3ae650462b51fc252cf35b4cc901d5f87213ba86202c3ddeb6c6027e198e7988d3379786bc520e222c1f12b383bd708cf2e8f4a2d1325ddf4424f47aff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
59b0c5a38f3b359528d3f0cefdb4727d

SHA1
c5f2b3219112622ca953db9dce57e443a58103cd

SHA256
0c0da5cc8702d2c4a232125d74c8dc89905cfb6f04415f9e3802c10879cd5848

SHA512
82e87aee3ca18237ca01808a0495c89cf966ddf83e35a5442cdee4fe5eaf3ec5b7196e9b76557fdb56deb119b895c41ff4147f55bc225dd1bd87da1613a2f2e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e0071f20838c28805d8a7b37d9aafe9b

SHA1
9b0e4eada478ce63fc92f3dc924215ac2bfd22c2

SHA256
702506abbe0d5b8124c69b2a25613160e5f80a25082b104e7158c01453d1f686

SHA512
31b51a6bc0bcfc0cb3c43f2bf4d733c596c26a3392019107414d77902221ab6c95edd91afac4a8b724bb148ee1709b8ddb6fd128b8a3de36689f612d0992cc31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
21812a5e5366f0f9666f9e1d5c0dc21c

SHA1
12d3553866a4c5a9931abae8c0145d0fa5ff0321

SHA256
38f2f7643217b569007a17590fbe187dc6ee7f616d3f764556c69f2c7f6ad209

SHA512
6e65e0f7ee99ab715dfcddfa16f16a8e2d0182922688475d86358d1e91312e8ab40f5b61d92a9de5fb23c6bdc05f8d575085294c52224d241b677cdfbf969fbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\000001.dbtmp

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3cb585f0b67a0325e7d07cd8a619b284

SHA1
783a3c9105b5a3b476bb36f69788b26a802578b4

SHA256
b6f004f61248b5fd446aed93681fceb15692f04cdef6acf1e4aa716145d655f3

SHA512
2c493a8b8fa919901207a21420b96606132751b68a1ecee24ee8272343e923b71bb91de5486c36982aa0080e8ee028e9255a96420f00e555528bb6e737f7fbec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
081eff0bdfe916da455aaca7c1d3a3f6

SHA1
52bbb05a234ecbb4e3d0cb93326a937462881e5f

SHA256
9dc91b1f8c156f1b2a162afc054d8aa32a37c003e59ae0f7359ef67de6306944

SHA512
087893c1bb6ff92338e384d3c8c60d8cccf2bd9446a3b3631c66d5a8d5f40fbe4ead781cf4496ac37419792285b82af39611357fb3a1a41635fd4dc4b8b6efe8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
0bbb6c279e50fe7c93f32bc002b35c34

SHA1
0ea07227ecb1e1a33276f0efc0a4d171484a1c86

SHA256
0aa559ba91de02f4075c999fb732e24fc28b62e11d01aab1db0aae26234b3245

SHA512
2e71bceb8b40b759cc9a64502baaa7cce8bb9a2054b28baa5f40c47c192a7b13734319997fd806d83415e35ac11da61179544bb2b45b9f8736fe68dc967f53e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d8065e3229e5cbcfe2c5d9689362da66

SHA1
5a2ec73f8623cfeaa3c75004dae73af293638da6

SHA256
4bc312253a3cb4237e7f9c320b4279051d53b231689c78e0e16fd41ac77453bd

SHA512
d9d4c8f2b64b188d35c25450dfa3dbae0d5a1debfc346e6e4c0439a816e96811648f8540fb8035808e8875f2e070e8ffae1e95473beba374f86499ee214e46e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
33f5ba2987711647fd173a64751bf418

SHA1
4f4cdaf2ecf595f40d78db8695740ce1eabe15c7

SHA256
a82fded80a930c07d1568a7a3222b7bf8aaeaddec3dd0acfb86807e99e3d70b0

SHA512
0f142304a55694db372a517dcff05fc0ecda98fa99b62fc69d52493f1b3b8027787d872d7ed6c6c699444684774f641486f8de9482655822ef823ef13892f146

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe580589.TMP

Filesize
48B

MD5
952b8c61abb04dcd890138dc7b863368

SHA1
2df57868c99700dc985e82c60ceacd7784dc33f4

SHA256
0df19fa09fd30f421f674291545a8a9c1042a5e602f08b60fa9e54601876c50b

SHA512
31c1ce4e78157d0fd882e6de268e710a2a9f9d76c3a7317502063215d3e2a3b2540d8429c7676aa6efc54171de9cf74e492d61b0c5d53470fd9332be3e93751f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
ca828d1d4f2c6c06e4a16abe35b74757

SHA1
450fefa56cb633d7dced16a3496aafd00d229622

SHA256
39d6a07d6ee2b11152dbae5081b0e8d287747de54623def24cba4eca81f75b2a

SHA512
e56749f596875337f78b5376c50badacf46040706ed2dd84dde078782a3f858f55b529582ccfe36d91f8236755d3c6233697cb8edbac277f91523b9b96d943a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
fce13d4fccb33ed415f42058b1134f32

SHA1
d4e70491aabf890b690719312c831b278eb9ebcc

SHA256
74d6234846b88f616f51a80923a4f375665cd2fac0c65890928629a637d81eb2

SHA512
c7cc13dc19fb437b8817fc8879b8a064f77e5c381a7ff82485cb6017294f61f54364c68903ef41ff654b45b68cfe010428ca8b93a4d4a60f7c1134c368358e9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
111KB

MD5
5a6c6a166d37903660d661977e9979df

SHA1
061371c3f7c9b4fb86c1ce161ae811114aa3fac6

SHA256
3a1038f11e191e77e4877fdbfcbc1f5cfd79146b290e07d2695ef7b247a05ae7

SHA512
a0bbfb3f16c2adb408f84db8a00e00352bc3bfe50e2dd9818b069fc6ee39a5d5ce5ed4437a43c12e0f724945d28d13db0c243778914a8f49fab9e41659a3f26b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe585772.TMP

Filesize
97KB

MD5
a38a44ae6ff86bffb04eff700c4f4c03

SHA1
6306b3eff10b4b2f01c032f8bf3d52c31c08b437

SHA256
42111b87a3a16812f773574475fa1508e1a968200648f42f968a1d369850bc41

SHA512
0ecef0f1a492fba31336576406272caeef726783b4e0c66558cab9648328c3fe2c628ffd3b0eb463bce5a2376a592d3f1f50bda48702fd811e0e1642ac6bb924

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Eletron (1).exe.log

Filesize
1KB

MD5
53ea0a2251276ba7ae39b07e6116d841

SHA1
5f591af152d71b2f04dfc3353a1c96fd4153117d

SHA256
3f7b0412c182cbdefb3eedafe30233d209d734b1087234ac15409636006b3302

SHA512
cf63abfe61389f241755eef4b8ed0f41701568b79d1263e885f8989ce3eca6bf9f8d5805b4cc7304aaaa5c7e14122b0d15bd9948e47108107bbb7219fd498306

Download Submit
C:\Users\Admin\Downloads\Eletron (1).exe

Filesize
189KB

MD5
e75a9197338446bd923ddf008a2db7d4

SHA1
9823f30fc443dd88e37ff678ff8e961cf6f74702

SHA256
96e1ae49e816b6256f634db291de892e1259d07511fbd0ab837e32c0d04b31da

SHA512
bfe165e1339bf9432c8daa684912fda43644c61836a411abece2c4635682dc60fdfad433d15ec0a5bfa2931f52c23128139352f8c699dcdf8274ed53fa4ef198

Download Submit
C:\Users\Admin\Downloads\b91a3093-753e-4ef7-b069-9837821da7a5.tmp

Filesize
229KB

MD5
bf77e23690fbd8a6a317f411ffb30e8c

SHA1
74fdc8ae5f285bbc384a7c1b3968139964ff9c9f

SHA256
5f92d2b23ae2df64a29281d7354cd8b1d512b854f52338c446553f0c5b140e5f

SHA512
ed3e9268f9a987d87af45fda8920e602c6b5cab8902c29f320e7c0d27687ab22c36b773f5ccf806c2edf169751d07ec1a15e550b18283b43bd220fa7a9265147

Download Submit
memory/2312-432-0x00007FFB6F640000-0x00007FFB7002C000-memory.dmp

Filesize
9.9MB

Download
memory/2312-430-0x0000024569770000-0x0000024569780000-memory.dmp

Filesize
64KB

Download
memory/2312-429-0x00007FFB6F640000-0x00007FFB7002C000-memory.dmp

Filesize
9.9MB

Download
memory/2312-428-0x000002454F0D0000-0x000002454F110000-memory.dmp

Filesize
256KB

Download
memory/4592-488-0x0000018AF4100000-0x0000018AF4110000-memory.dmp

Filesize
64KB

Download
memory/4592-489-0x00007FFB6F640000-0x00007FFB7002C000-memory.dmp

Filesize
9.9MB

Download
memory/4592-487-0x00007FFB6F640000-0x00007FFB7002C000-memory.dmp

Filesize
9.9MB

Download