Resubmissions

10-04-2024 12:56

240410-p6qpgagd79 1

10-04-2024 12:39

240410-pv43qaba8s 7

08-04-2024 16:21

240408-ttseradf78 1

06-04-2024 08:39

240406-kkr8ysfc55 6

06-04-2024 08:14

240406-j4467aeb4x 10

06-04-2024 08:05

240406-jyx6paeg54 8

Analysis

  • max time kernel
    501s
  • max time network
    501s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-04-2024 08:05

General

  • Target

    https://bing.com

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 2 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://bing.com
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3184
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed2ea9758,0x7ffed2ea9768,0x7ffed2ea9778
      2⤵
        PID:3148
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1628 --field-trial-handle=1848,i,4062379375956556845,12153122758061855625,131072 /prefetch:2
        2⤵
          PID:1820
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=1848,i,4062379375956556845,12153122758061855625,131072 /prefetch:8
          2⤵
            PID:3668
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2164 --field-trial-handle=1848,i,4062379375956556845,12153122758061855625,131072 /prefetch:8
            2⤵
              PID:1480
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2892 --field-trial-handle=1848,i,4062379375956556845,12153122758061855625,131072 /prefetch:1
              2⤵
                PID:2112
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2900 --field-trial-handle=1848,i,4062379375956556845,12153122758061855625,131072 /prefetch:1
                2⤵
                  PID:1896
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3968 --field-trial-handle=1848,i,4062379375956556845,12153122758061855625,131072 /prefetch:1
                  2⤵
                    PID:4864
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4792 --field-trial-handle=1848,i,4062379375956556845,12153122758061855625,131072 /prefetch:1
                    2⤵
                      PID:5096
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 --field-trial-handle=1848,i,4062379375956556845,12153122758061855625,131072 /prefetch:8
                      2⤵
                        PID:4788
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 --field-trial-handle=1848,i,4062379375956556845,12153122758061855625,131072 /prefetch:8
                        2⤵
                          PID:4140
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3240 --field-trial-handle=1848,i,4062379375956556845,12153122758061855625,131072 /prefetch:2
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:4404
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4632 --field-trial-handle=1848,i,4062379375956556845,12153122758061855625,131072 /prefetch:1
                          2⤵
                            PID:1836
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5036 --field-trial-handle=1848,i,4062379375956556845,12153122758061855625,131072 /prefetch:8
                            2⤵
                              PID:2504
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4904 --field-trial-handle=1848,i,4062379375956556845,12153122758061855625,131072 /prefetch:8
                              2⤵
                                PID:3436
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3340 --field-trial-handle=1848,i,4062379375956556845,12153122758061855625,131072 /prefetch:1
                                2⤵
                                  PID:4364
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5160 --field-trial-handle=1848,i,4062379375956556845,12153122758061855625,131072 /prefetch:1
                                  2⤵
                                    PID:1412
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5712 --field-trial-handle=1848,i,4062379375956556845,12153122758061855625,131072 /prefetch:8
                                    2⤵
                                      PID:1400
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5912 --field-trial-handle=1848,i,4062379375956556845,12153122758061855625,131072 /prefetch:8
                                      2⤵
                                        PID:4284
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5964 --field-trial-handle=1848,i,4062379375956556845,12153122758061855625,131072 /prefetch:8
                                        2⤵
                                          PID:4704
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 --field-trial-handle=1848,i,4062379375956556845,12153122758061855625,131072 /prefetch:8
                                          2⤵
                                            PID:2900
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5440 --field-trial-handle=1848,i,4062379375956556845,12153122758061855625,131072 /prefetch:8
                                            2⤵
                                              PID:3036
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5624 --field-trial-handle=1848,i,4062379375956556845,12153122758061855625,131072 /prefetch:8
                                              2⤵
                                                PID:552
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3056 --field-trial-handle=1848,i,4062379375956556845,12153122758061855625,131072 /prefetch:1
                                                2⤵
                                                  PID:4468
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5732 --field-trial-handle=1848,i,4062379375956556845,12153122758061855625,131072 /prefetch:1
                                                  2⤵
                                                    PID:4116
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4992 --field-trial-handle=1848,i,4062379375956556845,12153122758061855625,131072 /prefetch:8
                                                    2⤵
                                                      PID:3464
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5264 --field-trial-handle=1848,i,4062379375956556845,12153122758061855625,131072 /prefetch:8
                                                      2⤵
                                                        PID:4280
                                                    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                                      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                                      1⤵
                                                        PID:1156
                                                      • C:\Windows\System32\rundll32.exe
                                                        C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                        1⤵
                                                          PID:2632
                                                        • C:\Users\Admin\Downloads\Rensen.exe
                                                          "C:\Users\Admin\Downloads\Rensen.exe"
                                                          1⤵
                                                          • Executes dropped EXE
                                                          • Suspicious behavior: EnumeratesProcesses
                                                          PID:2004
                                                          • C:\Windows\system32\cmd.exe
                                                            C:\Windows\system32\cmd.exe /c cls
                                                            2⤵
                                                              PID:3372
                                                            • C:\Users\Admin\Downloads\Rensen.exe
                                                              "C:\Users\Admin\Downloads\Rensen.exe"
                                                              2⤵
                                                              • Executes dropped EXE
                                                              • Suspicious behavior: EnumeratesProcesses
                                                              • Suspicious behavior: GetForegroundWindowSpam
                                                              PID:1156
                                                              • C:\Windows\system32\cmd.exe
                                                                C:\Windows\system32\cmd.exe /c cls
                                                                3⤵
                                                                  PID:4064
                                                            • C:\Windows\system32\taskmgr.exe
                                                              "C:\Windows\system32\taskmgr.exe" /0
                                                              1⤵
                                                              • Checks SCSI registry key(s)
                                                              • Suspicious use of FindShellTrayWindow
                                                              • Suspicious use of SendNotifyMessage
                                                              PID:2612
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe"
                                                              1⤵
                                                                PID:1408
                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffed2ea9758,0x7ffed2ea9768,0x7ffed2ea9778
                                                                  2⤵
                                                                    PID:4932

                                                                Network

                                                                MITRE ATT&CK Enterprise v15

                                                                Replay Monitor

                                                                Loading Replay Monitor...

                                                                Downloads

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

                                                                  Filesize

                                                                  40B

                                                                  MD5

                                                                  bc16ebe41a9fc2938c4060992a92b0af

                                                                  SHA1

                                                                  1719af3e339b187d984a76437eb80cae5dc50e6f

                                                                  SHA256

                                                                  5874dbe9583546eb24cfb2b237d58f97ef186cd72866dd224df82e62817744ae

                                                                  SHA512

                                                                  c78d4be86a3f35ae07375b37fd39f869d317a6ec6699d7673731e6f9b255d7bcbfacf58ca71c3f51baac1e2b2bbee7da58603efa5bd51a31162c481aab7a912c

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

                                                                  Filesize

                                                                  24KB

                                                                  MD5

                                                                  e1831f8fadccd3ffa076214089522cea

                                                                  SHA1

                                                                  10acd26c218ff1bbbe6ac785eab5485045f61881

                                                                  SHA256

                                                                  9b9a4a9191b023df1aa66258eb19fc64ae5356cfc97a9dda258c6cc8ba1059ac

                                                                  SHA512

                                                                  372c486ac381358cc301f32cd89b7a05da7380c03fa524147c2ddf3f5e23f9b57c17485aaedc85b413461a879afc42e729547b0c96c26c49bbdb7301cd064298

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

                                                                  Filesize

                                                                  49KB

                                                                  MD5

                                                                  e1f8c1a199ca38a7811716335fb94d43

                                                                  SHA1

                                                                  e35ea248cba54eb9830c06268004848400461164

                                                                  SHA256

                                                                  78f0f79cdd0e79a9fba9b367697255425b78da4364dc522bc59a3ce65fe95a6c

                                                                  SHA512

                                                                  12310f32ee77701c1e3491325a843d938c792f42bfdbbc599fe4b2f6703f5fe6588fbcd58a6a2d519050fc9ef53619e2e35dfadcbda4b218df8a912a59a5381a

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

                                                                  Filesize

                                                                  43KB

                                                                  MD5

                                                                  8edf1178fbf41e750ab75fa410368a9c

                                                                  SHA1

                                                                  3104a4867ab00cdee8f4e5427b2a691cde97e1a0

                                                                  SHA256

                                                                  717088880d26775f3bccaea18ccb54cef604f9b28dfb357efaaa60d44476a9d4

                                                                  SHA512

                                                                  dbdab4ff33ee8fc08f9c0fa8ddea2be03e47fff2645d484ff045b420d421915ba91284e5d8f55cbf523f0b041c3d1f813d1e5ddd6dc0c7e073d566f05ea77e76

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

                                                                  Filesize

                                                                  21KB

                                                                  MD5

                                                                  939b17598242605d4cda089e4c40e52a

                                                                  SHA1

                                                                  cb7e96bbb89879ab97002ef7764e868d8536fdbd

                                                                  SHA256

                                                                  14d0a9ba41b036d7702963b2f0048a670f138372fbc3644ec4f009cd3184e041

                                                                  SHA512

                                                                  d62140ff22453508964a7fc40602adc68b2ceea883eb7e77206a84569b2cb6ffad4b0796371ca28ce1a7110adf58786b374854d5fb1dc53a42588d61c79143e7

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

                                                                  Filesize

                                                                  20KB

                                                                  MD5

                                                                  8b2813296f6e3577e9ac2eb518ac437e

                                                                  SHA1

                                                                  6c8066353b4d463018aa1e4e9bb9bf2e9a7d9a86

                                                                  SHA256

                                                                  befb3b0471067ac66b93fcdba75c11d743f70a02bb9f5eef7501fa874686319d

                                                                  SHA512

                                                                  a1ed4d23dfbe981bf749c2008ab55a3d76e8f41801a09475e7e0109600f288aa20036273940e8ba70a172dec57eec56fe7c567cb941ba71edae080f2fdcc1e0c

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

                                                                  Filesize

                                                                  65KB

                                                                  MD5

                                                                  ee752d1511d5545228d0884d3859bcaa

                                                                  SHA1

                                                                  101ff34567dde76dc3ca539954a2544001302c3e

                                                                  SHA256

                                                                  49ffd1f840f11ef95c7d9f348d4535c3fde175414d94ea2182124bae245c345b

                                                                  SHA512

                                                                  6bb03d3b16f0ff19a8b054dd7187bd65ac15a752b56de110eb30205ea9e2701fd78e4cfb1daa5f020ca076efa1c02677ea99dde0788aaf69bc20a4d4b15eda8e

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

                                                                  Filesize

                                                                  59KB

                                                                  MD5

                                                                  063fe934b18300c766e7279114db4b67

                                                                  SHA1

                                                                  d7e71855cf6e8d1e7fbaa763223857f50cd1d4bd

                                                                  SHA256

                                                                  8745914e0214bcd9d2e6a841f0679a81084ef3fc3d99125876bee26653f4253e

                                                                  SHA512

                                                                  9d0dfc21306b3a56c2ecdf1265392271969e3765e161e117c8765125b34793e24458217cf6514b364f351f47e65baaaf5856be0d13406a789f844d6ba8c7075f

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

                                                                  Filesize

                                                                  151KB

                                                                  MD5

                                                                  840a2dc1618ad9c55fd310a7fa99defa

                                                                  SHA1

                                                                  758a611114db290b4657e0a250cfa3e9039f98d8

                                                                  SHA256

                                                                  88b068b725836f11c74f18cc8baf4aebc5ce09f0b418535a1b624b1efbf003a7

                                                                  SHA512

                                                                  8f9a61608131e2176a2b4caa2b120a0d66b23d6f52df555ba467ce315f4dc62e4dd282305e42442e1717bdb811550daa636334b269932d38ea3f49773b877ecb

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

                                                                  Filesize

                                                                  22KB

                                                                  MD5

                                                                  f650e6b6cae5279e4c89126960b6b090

                                                                  SHA1

                                                                  9f79318b36cc53712c3e7e0cf6e9ef91f62811e9

                                                                  SHA256

                                                                  86781350321e19d398b5a3760fd4c0af43764862c8c37e319b8b743f15c559c0

                                                                  SHA512

                                                                  eff8025498be7773e063c43137946382c408cb886272ac4c9f8cdc6b2447b8e4d4c559351bcec842b7436b3d7be96c51da967637c8e99ed48822876ded0cb2df

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                  Filesize

                                                                  648B

                                                                  MD5

                                                                  4fb90921e128003c6747e5fd2557d8e0

                                                                  SHA1

                                                                  5196e96a16d9972e5eb21a5a02d044c461633dcd

                                                                  SHA256

                                                                  29414470bfb086c0e391f8d93a13ead10e24f17f4d9ba11e9e66919793839075

                                                                  SHA512

                                                                  7797b3a416a55c7f6cb61a9a827733e2445a0c81706b98047235f52a83a00530f7a708d19a8814a985057f72e17e1ff2eb6837f94b45cdad404d8b1e7a9690be

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                  Filesize

                                                                  3KB

                                                                  MD5

                                                                  8a63a25a08e1471638cd5f79a4238980

                                                                  SHA1

                                                                  2f4a8922e666c02908534bbff38bd01320d30144

                                                                  SHA256

                                                                  16bdf984fa94960cf2d4bdf879c7a894d20374200b045169700f686dbf14cc23

                                                                  SHA512

                                                                  a2ca2b37229b4413de013f9739690a69fadfd219fa21e37cdca696c561ae56a70cc95b210f61fb6379ce81fa70156bc7fb3f402aca37757f872f4958924d321d

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\7e450e06-3acd-4516-8d29-e7bf66f24450.tmp

                                                                  Filesize

                                                                  1KB

                                                                  MD5

                                                                  1a1c9549d4bf43f985398aa45cf48494

                                                                  SHA1

                                                                  11ca03cb9f6012b78d3f0e5fd1b9eca637a64eba

                                                                  SHA256

                                                                  2d5f4025cb0d1ac952034bb0faf14d1f3a7427ff6e7296fd914bb40c9501f5ab

                                                                  SHA512

                                                                  e2cb8d2429f95b5eb6d33e8fbb784bdf0f725da633f8346788546951615fe95991c13404735acd4ebbaa2ac187f749e1c14644eee7826a772106f3ceeec28809

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                  Filesize

                                                                  1KB

                                                                  MD5

                                                                  a70e9a02af747784ed7b275c9cfb4cd4

                                                                  SHA1

                                                                  a6d92ebc1ba0c645faf2f8da542fe2a3fe92f5f7

                                                                  SHA256

                                                                  f67e72914cc89a0d6239827ce349acfa8b539b72c36a9037c9e19b0cb7c95f39

                                                                  SHA512

                                                                  72007f2543cf70233d1d552b03d672268b11fdb0de5c3164ea04b4c31ebc66156c1676bbbf95504b361543f3d0f0ce8134db9cdc34652262c0a8d5a34eed4901

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                  Filesize

                                                                  1KB

                                                                  MD5

                                                                  b8b3e53e08db3c2a86afe078ffe7414b

                                                                  SHA1

                                                                  5e71407624caef43cf819176ce658507e68b8211

                                                                  SHA256

                                                                  0516fcd9d554f624680174a7d807645a2614d5b6eb5c41afc921a059beeb0b2b

                                                                  SHA512

                                                                  7fe6560e3492f7c469d9f323d35be0a6058f93784f22745decd8d9623f9de9b65a3d2556d987490063112d24da2ed6920a93bce8c56a2d197ab3b9160879a4cd

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                  Filesize

                                                                  2KB

                                                                  MD5

                                                                  2dd2f26b3cacbc30d83a70e9bbcf8794

                                                                  SHA1

                                                                  3318e6f1280fbf0c1c6097abe8029718a64f1814

                                                                  SHA256

                                                                  a624a42ab8a9a6b5e1bda8f284833cc858e1717206c59372b38180f0548c80ac

                                                                  SHA512

                                                                  94559c74520e35641798809899fe777f3f06a107dab0d639a6337a4d97c5d7297e5ca741bd8cee372956f2c0d5fe2f9a5db54e4ce72577e710633a95f7f6932d

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                  Filesize

                                                                  1KB

                                                                  MD5

                                                                  802985b9dd5037c3b0a9132d81f645ca

                                                                  SHA1

                                                                  cf037d38af1a8b3b74682e62577af1e9ee4a76b6

                                                                  SHA256

                                                                  6c908ebf136e4ac421f3e32e8ab10b51e6ba998b419edbeed170b3865951398e

                                                                  SHA512

                                                                  7a6215c11ccf08aa57caa34caa837235bd8e9e437729088a7deb33badf8475b8a446f41a643e0a4758af581c860d72b457ed7dc8f98010bfa8a26d7b196632bb

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                  Filesize

                                                                  1KB

                                                                  MD5

                                                                  24078b4b6e6df776c2326e5ea51660d6

                                                                  SHA1

                                                                  3eae685fbde53ff9a5c1ce82265b19a9111942d4

                                                                  SHA256

                                                                  0f3e8281938e51b0bfe5696fe9a07204fbdfe43fb748c37e7a714326c4bc44f3

                                                                  SHA512

                                                                  f24b72d0fbde9a261c540a2e72f977727a1df3f0c585410d815decb17a0f92392f95faf8369a7fdedc4a56ba82c902ec268c99885d089955777e5b7b920e0411

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                  Filesize

                                                                  1KB

                                                                  MD5

                                                                  4709fbc0eba41df9209c1b294e78e9b3

                                                                  SHA1

                                                                  1b6af3d6ebb60a8be29020b353f75a8fb9dd846c

                                                                  SHA256

                                                                  1e2c3bf7db6c31c8cbd407d30906a6c110ba696b0b882fa689210c9b1896676d

                                                                  SHA512

                                                                  e6e2123864ebc97c7e8d3932e0466eafe87a433bb696fad720d5af6383fc466cc64bc1c7bacfd5423c4a3869dea5103a73974885ca65714477b1063a9361883f

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                  Filesize

                                                                  1KB

                                                                  MD5

                                                                  23e96f10438551c1b4ca2aca7d225624

                                                                  SHA1

                                                                  2df0076b5106b5c64768aa290f324064fcd2c200

                                                                  SHA256

                                                                  55c145870158fb8ccf45921317709e0f2a4acd0824a63142dff34befd62d8c7a

                                                                  SHA512

                                                                  d479ace08f86f92eb2483b7e8c38c652b6da4eb413e33eb331dbe2766c6a3a61ab61f22cbc80fa219832713798ab4e963c457b097be55e8ba034b8f54961a1ba

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                  Filesize

                                                                  7KB

                                                                  MD5

                                                                  30677eb6f60681f2ea83d7025360c296

                                                                  SHA1

                                                                  856c96cdde353792502083efc894b3ce1c97296f

                                                                  SHA256

                                                                  486dc6e0e1b657f441889ffd4822ecde7e5197ae4950ef807817c87ab334d585

                                                                  SHA512

                                                                  dcd39ef2cb2e12d96ca5f6394cd09b3060f2a769391f50f6f944e93a4908918b15114341fee60206a697ac31f67a01766f186c891ac87f2fb9c4cc55a8e636c8

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                  Filesize

                                                                  7KB

                                                                  MD5

                                                                  1469809b71df9c8f05946f65fce0d5eb

                                                                  SHA1

                                                                  47d7328bc0c217ce7279557b3d5e2f1d4008f5e9

                                                                  SHA256

                                                                  fb23ab8c6045927684eeaa148a91afe6cf03643056b6792c2b64423748d32fbb

                                                                  SHA512

                                                                  37432d0ff844aea2139cb46b51af6cd5a6bdfa13ca17f9b2cfed695d013755d08b776a40e0b5603e2cd7b5eee99a49cc21f21bda64d31067129d7ad1bafab64c

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                  Filesize

                                                                  6KB

                                                                  MD5

                                                                  e83a85ab35b9df2ac8b861af36de64ae

                                                                  SHA1

                                                                  eef34888e47c1a6852728fa54bd9424f73f82520

                                                                  SHA256

                                                                  6b25d2d466d44f6512abc669a475a43b7c7e04f1af7730d1ee4df4b7a7a8235e

                                                                  SHA512

                                                                  5c0941e67e7825bd89d10abd86ebf4a92679da339ab8998a1ed881c7570943ba53cd99247a11fc04a08adbb0ce9f71e9c5e6ada25c6c4bbc406fb062141c5eb3

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                  Filesize

                                                                  114KB

                                                                  MD5

                                                                  2a2ce28c193b65fad19ae295dfc0a121

                                                                  SHA1

                                                                  12524711e05855b6df7513e9d82b2db6ecdbfe44

                                                                  SHA256

                                                                  5fc36712218be8a20cc21614e942566f4c4dfedc9f8ec8cc51bc33a64c8f8b79

                                                                  SHA512

                                                                  15672d3ac7b136d82e6348a7f7370cabd266dd620925b765637b4da18793a285645dc41373bd1eba03bcfd384cea6b980d3fca3cea53cef1cc2c24112a0d45fa

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                  Filesize

                                                                  114KB

                                                                  MD5

                                                                  a16d31bab19e0a3f5a8d007816b0f7e2

                                                                  SHA1

                                                                  1cc397590d6c17a7cf2460b07716786960f49ba6

                                                                  SHA256

                                                                  2b91ca06db19a88f1770fa1872d83ac64f52ff31b1381329c8833f56f3edc21a

                                                                  SHA512

                                                                  c58b8fd0623e653e092c0a40d4976f0677981d9c6d03d5d4effc4ca829452f6bf251813a6be27c3ce8ca5521ffb8c3e0697c593bcf4049dd730e7c80e95bd624

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                                  Filesize

                                                                  98KB

                                                                  MD5

                                                                  fccbb894dd51cd667b9b07d9d3808753

                                                                  SHA1

                                                                  e0a24675ba9d9fa730a5f13d7336e48787a04661

                                                                  SHA256

                                                                  56883c8dbfe60346dde1e70ee7fa308815bf990ea09c880c8cd6d70789635809

                                                                  SHA512

                                                                  22f3fcac49770bcefb707466edcf6a4d79c11077ac2bd648bab74775bec20ded792d34609ca0c689546982790fbcdeedfb123f6e39d904f11f0cbead6d6728f0

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                                  Filesize

                                                                  103KB

                                                                  MD5

                                                                  1e057bda5bcb5ea8b9e0b9f2e3d0dfea

                                                                  SHA1

                                                                  8539a31011c43b6d0271d3b0c180cef54a3b2148

                                                                  SHA256

                                                                  b43066c9be8a36e602264e3024fc4f5e789d3999c6f702d6dca19e732e29a79e

                                                                  SHA512

                                                                  fad282afdd29c3b698c2f3def26250dcb8f43097755fa5f3114e3a7a91d1cc8341233c9acf5888edf72917effe5e68653101fcc50aa747c2ff4e7d5349d2ee7e

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5d7c95.TMP

                                                                  Filesize

                                                                  97KB

                                                                  MD5

                                                                  f3ec5b32d52fd73ce1c98995541c9f6b

                                                                  SHA1

                                                                  d4db8a8b480a8433f0a3c84eeffbbf618e2fa10d

                                                                  SHA256

                                                                  4d0c50c14479a20fbef6f954e884ff6bb37baf5887d7b411643ec801685faeec

                                                                  SHA512

                                                                  61790a5b4244fa4fe2ba8b702e7a576fdf048fc2339b51efff4f500615de1c5a89b3eb94bbaadf055a44ab20c709348959d90a7dbd18e79c1670a14c0fdc82df

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                                                                  Filesize

                                                                  2B

                                                                  MD5

                                                                  99914b932bd37a50b983c5e7c90ae93b

                                                                  SHA1

                                                                  bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                                                  SHA256

                                                                  44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                                                  SHA512

                                                                  27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                                                • C:\Users\Admin\Downloads\Rensen.cfg

                                                                  Filesize

                                                                  387B

                                                                  MD5

                                                                  35230636c7f6f045b3f20055ddf15d2f

                                                                  SHA1

                                                                  2aa372c9ba3f03895544ce77185de774f4c0dccc

                                                                  SHA256

                                                                  379367ea19cde6d52b658a8292794a50ba8040edbb6a638c5260fb8acf21120f

                                                                  SHA512

                                                                  d6abc7fe2feb6ff98b23cd811357f11b28d72f10b1f80ba3c7608243a73c06d811565198206f520ca2f951302c887df083758592325aef507353ab0a1bf12a5e

                                                                • C:\Users\Admin\Downloads\Rensen.exe

                                                                  Filesize

                                                                  394KB

                                                                  MD5

                                                                  e19ebda4ea362c8421ba3e51dfe9186c

                                                                  SHA1

                                                                  df86f196d1b669f84d08433d003c61c70d91440d

                                                                  SHA256

                                                                  0f08c5a7f6201cc07f7e68047ee764f2f3ef5809ce1779518000b0c71192d6b3

                                                                  SHA512

                                                                  878c5a1fea207c120d021d71b4d71f39b212eaf11903af3d423472cfa118ec260885badfc2ea32aa8e01a13bfd2bd9c128cd889d0ed125ed4aad9c71a9a888b3

                                                                • \??\pipe\crashpad_3184_UTQPAATOGHPIWFGM

                                                                  MD5

                                                                  d41d8cd98f00b204e9800998ecf8427e

                                                                  SHA1

                                                                  da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                  SHA256

                                                                  e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                  SHA512

                                                                  cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                • memory/2612-767-0x00000243A7230000-0x00000243A7231000-memory.dmp

                                                                  Filesize

                                                                  4KB

                                                                • memory/2612-768-0x00000243A7230000-0x00000243A7231000-memory.dmp

                                                                  Filesize

                                                                  4KB

                                                                • memory/2612-769-0x00000243A7230000-0x00000243A7231000-memory.dmp

                                                                  Filesize

                                                                  4KB

                                                                • memory/2612-779-0x00000243A7230000-0x00000243A7231000-memory.dmp

                                                                  Filesize

                                                                  4KB

                                                                • memory/2612-778-0x00000243A7230000-0x00000243A7231000-memory.dmp

                                                                  Filesize

                                                                  4KB

                                                                • memory/2612-777-0x00000243A7230000-0x00000243A7231000-memory.dmp

                                                                  Filesize

                                                                  4KB

                                                                • memory/2612-776-0x00000243A7230000-0x00000243A7231000-memory.dmp

                                                                  Filesize

                                                                  4KB

                                                                • memory/2612-775-0x00000243A7230000-0x00000243A7231000-memory.dmp

                                                                  Filesize

                                                                  4KB

                                                                • memory/2612-773-0x00000243A7230000-0x00000243A7231000-memory.dmp

                                                                  Filesize

                                                                  4KB

                                                                • memory/2612-774-0x00000243A7230000-0x00000243A7231000-memory.dmp

                                                                  Filesize

                                                                  4KB