8641f88b89c9076ece3ee571baa4b3c93ba3ac3883e90fe5f894dc41e3b7bdc7

Resubmissions

15-04-2024 22:57

240415-2xks3sce9t 10

15-04-2024 22:52

240415-2tjrlsae29 10

Analysis

max time kernel
1800s
max time network
1745s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
15-04-2024 22:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Ro-exec/defcon.exe
Size

447KB
MD5

58008524a6473bdf86c1040a9a9e39c3
SHA1

cb704d2e8df80fd3500a5b817966dc262d80ddb8
SHA256

1ef6c1a4dfdc39b63bfe650ca81ab89510de6c0d3d7c608ac5be80033e559326
SHA512

8cf492584303523bf6cdfeb6b1b779ee44471c91e759ce32fd4849547b6245d4ed86af5b38d1c6979729a77f312ba91c48207a332ae1589a6e25de67ffb96c31
SSDEEP

6144:Vzv+kSn74iCmfianQGDM3OXTWRDy9GYQDUmJFXIXHrsUBnBTF8JJCYrYNsQJzfgu:Vzcn7EanlQiWtYhmJFSwUBLcQZfgiD

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 13 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4256-0-0x0000000000400000-0x00000000004CD000-memory.dmp	upx
behavioral2/memory/3560-21-0x0000000000400000-0x00000000004CD000-memory.dmp	upx
behavioral2/memory/4256-22-0x0000000000400000-0x00000000004CD000-memory.dmp	upx
behavioral2/memory/3560-43-0x0000000000400000-0x00000000004CD000-memory.dmp	upx
behavioral2/memory/2364-44-0x0000000000400000-0x00000000004CD000-memory.dmp	upx
behavioral2/memory/2364-94-0x0000000000400000-0x00000000004CD000-memory.dmp	upx
behavioral2/memory/2364-95-0x0000000000400000-0x00000000004CD000-memory.dmp	upx
behavioral2/memory/2364-96-0x0000000000400000-0x00000000004CD000-memory.dmp	upx
behavioral2/memory/2364-97-0x0000000000400000-0x00000000004CD000-memory.dmp	upx
behavioral2/memory/2364-98-0x0000000000400000-0x00000000004CD000-memory.dmp	upx
behavioral2/memory/2364-138-0x0000000000400000-0x00000000004CD000-memory.dmp	upx
behavioral2/memory/2364-229-0x0000000000400000-0x00000000004CD000-memory.dmp	upx
behavioral2/memory/2364-323-0x0000000000400000-0x00000000004CD000-memory.dmp	upx

AutoIT Executable 11 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral2/memory/4256-22-0x0000000000400000-0x00000000004CD000-memory.dmp	autoit_exe
behavioral2/memory/3560-43-0x0000000000400000-0x00000000004CD000-memory.dmp	autoit_exe
behavioral2/memory/2364-44-0x0000000000400000-0x00000000004CD000-memory.dmp	autoit_exe
behavioral2/memory/2364-94-0x0000000000400000-0x00000000004CD000-memory.dmp	autoit_exe
behavioral2/memory/2364-95-0x0000000000400000-0x00000000004CD000-memory.dmp	autoit_exe
behavioral2/memory/2364-96-0x0000000000400000-0x00000000004CD000-memory.dmp	autoit_exe
behavioral2/memory/2364-97-0x0000000000400000-0x00000000004CD000-memory.dmp	autoit_exe
behavioral2/memory/2364-98-0x0000000000400000-0x00000000004CD000-memory.dmp	autoit_exe
behavioral2/memory/2364-138-0x0000000000400000-0x00000000004CD000-memory.dmp	autoit_exe
behavioral2/memory/2364-229-0x0000000000400000-0x00000000004CD000-memory.dmp	autoit_exe
behavioral2/memory/2364-323-0x0000000000400000-0x00000000004CD000-memory.dmp	autoit_exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133576955446475373"	chrome.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
4256	defcon.exe
4256	defcon.exe
4256	defcon.exe
4256	defcon.exe
4256	defcon.exe
4256	defcon.exe
3560	defcon.exe
3560	defcon.exe
3560	defcon.exe
3560	defcon.exe
3560	defcon.exe
3560	defcon.exe
2364	defcon.exe
2364	defcon.exe
4712	chrome.exe
4712	chrome.exe
3984	chrome.exe
3984	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2364	defcon.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4256	defcon.exe
Token: SeAssignPrimaryTokenPrivilege	4256	defcon.exe
Token: SeIncreaseQuotaPrivilege	4256	defcon.exe
Token: 0	4256	defcon.exe
Token: SeDebugPrivilege	3560	defcon.exe
Token: SeAssignPrimaryTokenPrivilege	3560	defcon.exe
Token: SeIncreaseQuotaPrivilege	3560	defcon.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe
2364	defcon.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4712 wrote to memory of 4280	4712	chrome.exe	101
PID 4712 wrote to memory of 4280	4712	chrome.exe	101
PID 4712 wrote to memory of 3640	4712	chrome.exe	102
PID 4712 wrote to memory of 3640	4712	chrome.exe	102
PID 4712 wrote to memory of 3640	4712	chrome.exe	102
PID 4712 wrote to memory of 3640	4712	chrome.exe	102
PID 4712 wrote to memory of 3640	4712	chrome.exe	102
PID 4712 wrote to memory of 3640	4712	chrome.exe	102
PID 4712 wrote to memory of 3640	4712	chrome.exe	102
PID 4712 wrote to memory of 3640	4712	chrome.exe	102
PID 4712 wrote to memory of 3640	4712	chrome.exe	102
PID 4712 wrote to memory of 3640	4712	chrome.exe	102
PID 4712 wrote to memory of 3640	4712	chrome.exe	102
PID 4712 wrote to memory of 3640	4712	chrome.exe	102
PID 4712 wrote to memory of 3640	4712	chrome.exe	102
PID 4712 wrote to memory of 3640	4712	chrome.exe	102
PID 4712 wrote to memory of 3640	4712	chrome.exe	102
PID 4712 wrote to memory of 3640	4712	chrome.exe	102
PID 4712 wrote to memory of 3640	4712	chrome.exe	102
PID 4712 wrote to memory of 3640	4712	chrome.exe	102
PID 4712 wrote to memory of 3640	4712	chrome.exe	102
PID 4712 wrote to memory of 3640	4712	chrome.exe	102
PID 4712 wrote to memory of 3640	4712	chrome.exe	102
PID 4712 wrote to memory of 3640	4712	chrome.exe	102
PID 4712 wrote to memory of 3640	4712	chrome.exe	102
PID 4712 wrote to memory of 3640	4712	chrome.exe	102
PID 4712 wrote to memory of 3640	4712	chrome.exe	102
PID 4712 wrote to memory of 3640	4712	chrome.exe	102
PID 4712 wrote to memory of 3640	4712	chrome.exe	102
PID 4712 wrote to memory of 3640	4712	chrome.exe	102
PID 4712 wrote to memory of 3640	4712	chrome.exe	102
PID 4712 wrote to memory of 3640	4712	chrome.exe	102
PID 4712 wrote to memory of 3640	4712	chrome.exe	102
PID 4712 wrote to memory of 3620	4712	chrome.exe	103
PID 4712 wrote to memory of 3620	4712	chrome.exe	103
PID 4712 wrote to memory of 1916	4712	chrome.exe	104
PID 4712 wrote to memory of 1916	4712	chrome.exe	104
PID 4712 wrote to memory of 1916	4712	chrome.exe	104
PID 4712 wrote to memory of 1916	4712	chrome.exe	104
PID 4712 wrote to memory of 1916	4712	chrome.exe	104
PID 4712 wrote to memory of 1916	4712	chrome.exe	104
PID 4712 wrote to memory of 1916	4712	chrome.exe	104
PID 4712 wrote to memory of 1916	4712	chrome.exe	104
PID 4712 wrote to memory of 1916	4712	chrome.exe	104
PID 4712 wrote to memory of 1916	4712	chrome.exe	104
PID 4712 wrote to memory of 1916	4712	chrome.exe	104
PID 4712 wrote to memory of 1916	4712	chrome.exe	104
PID 4712 wrote to memory of 1916	4712	chrome.exe	104
PID 4712 wrote to memory of 1916	4712	chrome.exe	104
PID 4712 wrote to memory of 1916	4712	chrome.exe	104
PID 4712 wrote to memory of 1916	4712	chrome.exe	104
PID 4712 wrote to memory of 1916	4712	chrome.exe	104
PID 4712 wrote to memory of 1916	4712	chrome.exe	104
PID 4712 wrote to memory of 1916	4712	chrome.exe	104
PID 4712 wrote to memory of 1916	4712	chrome.exe	104
PID 4712 wrote to memory of 1916	4712	chrome.exe	104
PID 4712 wrote to memory of 1916	4712	chrome.exe	104
PID 4712 wrote to memory of 1916	4712	chrome.exe	104
PID 4712 wrote to memory of 1916	4712	chrome.exe	104
PID 4712 wrote to memory of 1916	4712	chrome.exe	104
PID 4712 wrote to memory of 1916	4712	chrome.exe	104
PID 4712 wrote to memory of 1916	4712	chrome.exe	104
PID 4712 wrote to memory of 1916	4712	chrome.exe	104
PID 4712 wrote to memory of 1916	4712	chrome.exe	104

C:\Users\Admin\AppData\Local\Temp\Ro-exec\defcon.exe
"C:\Users\Admin\AppData\Local\Temp\Ro-exec\defcon.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4256
- C:\Users\Admin\AppData\Local\Temp\Ro-exec\defcon.exe
  C:\Users\Admin\AppData\Local\Temp\Ro-exec\defcon.exe
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3560
- - C:\Users\Admin\AppData\Local\Temp\Ro-exec\defcon.exe
    "C:\Users\Admin\AppData\Local\Temp\Ro-exec\defcon.exe" /TI
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:2364

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe99efab58,0x7ffe99efab68,0x7ffe99efab78
  2⤵
  PID:4280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1836,i,18093970108118429125,13794828555493073032,131072 /prefetch:2
  2⤵
  PID:3640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1836,i,18093970108118429125,13794828555493073032,131072 /prefetch:8
  2⤵
  PID:3620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2264 --field-trial-handle=1836,i,18093970108118429125,13794828555493073032,131072 /prefetch:8
  2⤵
  PID:1916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=1836,i,18093970108118429125,13794828555493073032,131072 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3056 --field-trial-handle=1836,i,18093970108118429125,13794828555493073032,131072 /prefetch:1
  2⤵
  PID:4204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4392 --field-trial-handle=1836,i,18093970108118429125,13794828555493073032,131072 /prefetch:1
  2⤵
  PID:1372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3964 --field-trial-handle=1836,i,18093970108118429125,13794828555493073032,131072 /prefetch:8
  2⤵
  PID:4640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4524 --field-trial-handle=1836,i,18093970108118429125,13794828555493073032,131072 /prefetch:8
  2⤵
  PID:656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4772 --field-trial-handle=1836,i,18093970108118429125,13794828555493073032,131072 /prefetch:8
  2⤵
  PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4928 --field-trial-handle=1836,i,18093970108118429125,13794828555493073032,131072 /prefetch:8
  2⤵
  PID:944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4676 --field-trial-handle=1836,i,18093970108118429125,13794828555493073032,131072 /prefetch:8
  2⤵
  PID:4140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4636 --field-trial-handle=1836,i,18093970108118429125,13794828555493073032,131072 /prefetch:8
  2⤵
  PID:2368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4632 --field-trial-handle=1836,i,18093970108118429125,13794828555493073032,131072 /prefetch:8
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4904 --field-trial-handle=1836,i,18093970108118429125,13794828555493073032,131072 /prefetch:1
  2⤵
  PID:4700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4980 --field-trial-handle=1836,i,18093970108118429125,13794828555493073032,131072 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3396 --field-trial-handle=1836,i,18093970108118429125,13794828555493073032,131072 /prefetch:1
  2⤵
  PID:3096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3492 --field-trial-handle=1836,i,18093970108118429125,13794828555493073032,131072 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3480 --field-trial-handle=1836,i,18093970108118429125,13794828555493073032,131072 /prefetch:1
  2⤵
  PID:3084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3520 --field-trial-handle=1836,i,18093970108118429125,13794828555493073032,131072 /prefetch:1
  2⤵
  PID:2192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3068 --field-trial-handle=1836,i,18093970108118429125,13794828555493073032,131072 /prefetch:1
  2⤵
  PID:3276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5052 --field-trial-handle=1836,i,18093970108118429125,13794828555493073032,131072 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4956 --field-trial-handle=1836,i,18093970108118429125,13794828555493073032,131072 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6128 --field-trial-handle=1836,i,18093970108118429125,13794828555493073032,131072 /prefetch:1
  2⤵
  PID:5368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=2512 --field-trial-handle=1836,i,18093970108118429125,13794828555493073032,131072 /prefetch:1
  2⤵
  PID:5580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2652 --field-trial-handle=1836,i,18093970108118429125,13794828555493073032,131072 /prefetch:8
  2⤵
  PID:5772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6524 --field-trial-handle=1836,i,18093970108118429125,13794828555493073032,131072 /prefetch:8
  2⤵
  PID:5780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=4984 --field-trial-handle=1836,i,18093970108118429125,13794828555493073032,131072 /prefetch:1
  2⤵
  PID:3060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3392 --field-trial-handle=1836,i,18093970108118429125,13794828555493073032,131072 /prefetch:8
  2⤵
  PID:5260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5328 --field-trial-handle=1836,i,18093970108118429125,13794828555493073032,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=3516 --field-trial-handle=1836,i,18093970108118429125,13794828555493073032,131072 /prefetch:1
  2⤵
  PID:3712

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4896

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3c0 0x490
1⤵
PID:4632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
27KB

MD5
d6f862353c2433098d82725f90a0e280

SHA1
55ab2e7e58fd35c99aec7fb52849d866eaefc438

SHA256
719a5b617534fb3a811c51a999f943911439fb43225e3a38a79dfb9c0ffbac38

SHA512
0de7c8478de4d63e2d49e834c5ddc7e6190dfa851b46914f32adc392c1b9e22e6222c01950738985b44612b65a8cdfa6ddd99e77c49e1d6b9257c63af974b178

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
63KB

MD5
8ff42b760d33ac3eab8db029f3813afc

SHA1
3739c9639f09f5126b22ae442dffd01ca1ee0886

SHA256
02c861339110f8e917bc592deafaba09ea20d5061658a31ce8a182e25e4b6bc5

SHA512
eabb7e2f8398706354f7ae82e6a8f5294baa605009adc890aca4f40817c4921a2168e915afc0830840a9918de36c6e4ab1ba136e6ab41bb7db744ad1c0a26501

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
76KB

MD5
d69656cbb1d933d44dbcada6f7954837

SHA1
016667b275bea51de0c5346aff2c8e2314715abf

SHA256
ab5efe92c64d1bcf691021d2bf18d5f7038540d4d6f744a38abb6f2eb975f33b

SHA512
1e7d0a6d3a6336158b77c59dba9e74f4c9c0d3f9f2281b8fbdf7dcb60f22b1fc986e76c5767e41991ff9dfb8fe5710cbb320ce46507a5cc5e55bd07add0775b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
94KB

MD5
72985f2fe586ce0a1701122578c873b4

SHA1
138173a921437279af49a8e276cb6f4dbc79f150

SHA256
408fd1d523331ecea583b2892f6450d7242035b8f07dba972a70939c5924fc5e

SHA512
05ed15dec04861ea48f71aebc285c7148b8fb085b766511bbceaa027234f090a31daa27982c9d584876d686fcfe20eb340f3ac4cd29543526504b2e5f65eb204

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002b

Filesize
29KB

MD5
f85e85276ba5f87111add53684ec3fcb

SHA1
ecaf9aa3c5dd50eca0b83f1fb9effad801336441

SHA256
4b0beec41cb9785652a4a3172a4badbdaa200b5e0b17a7bcc81af25afd9b2432

SHA512
1915a2d4218ee2dbb73c490b1acac722a35f7864b7d488a791c96a16889cd86eee965174b59498295b3491a9783facce5660d719133e9c5fb3b96df47dde7a53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031

Filesize
21KB

MD5
08d22b7b5d3d16b28250c2c845ccfca3

SHA1
4093b14efdcb04208a0b9630bcf258813f087ff0

SHA256
aa09076eac69e0ff314523e731b03c77790a9b87dccda6ab406913fb2b56f374

SHA512
747c131ec0378273c77895258ad21218069d2cc1328773a3c0c707d9f2bc64647338f453c518a7cb129e3d4fce9fd64105383dade0b98c0131222f9b41b9e666

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003a

Filesize
16KB

MD5
48c80c7c28b5b00a8b4ff94a22b72fe3

SHA1
d57303c2ad2fd5cedc5cb20f264a6965a7819cee

SHA256
6e9be773031b3234fb9c2d6cf3d9740db1208f4351beca325ec34f76fd38f356

SHA512
c7381e462c72900fdbb82b5c365080efa009287273eb5109ef25c8d0a5df33dd07664fd1aed6eb0d132fa6a3cb6a3ff6b784bffeeca9a2313b1e6eb6e32ab658

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f0eb7b8a4197711b4a3a9db354c54c11

SHA1
0ae6d7b6ea20972d8527b7f05ee223d27b8ecc24

SHA256
23fc99dc9807ac4566fe4fe605925994b749330439d867faa475fe6c0a37c88e

SHA512
0947cced2451b3c89cc5051e8bfbe2b28eb6588cd3408ae8e6bcb5a31b17e2befcc51e1baba3dc466a4dafaefd5cce829c958ed323b41ee02e24b873c64233a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e4851b383332ef743b11c55f696a8805

SHA1
b7ed0225b254a6da0b182350faa1d9c405ee1ad5

SHA256
f110271c1cec2e34a3111a9454760bcb5de6c7e4e4e05f7f30cbfceb59ed4f64

SHA512
5776c45fedc4c5d7496a36af683b7cbc5c566bdb3608792459cc9281be0c21635a1f8c4c866e5d086e0eb2794a07a24c5826ecb33190b0e006a3e798ad84615f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
4ec510ae89ad39f7737e18f96956af7b

SHA1
5b41fb55ba74964df12d2ead718fd5208c10726c

SHA256
4d20149109b34f18483d68fa914f1211a54ed36db33d7865e3be28ceff50b6d3

SHA512
423c50937aa9b7452f17898dc14d1b97e15aeb007237c80284ba3f88bf5f563b1473b9e2faa6a8325936ef4116272229ad511b9b6e0259de7c0f7daa4db2f8a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
71c655a74fa64e942dab0d90d86d77d2

SHA1
6e856de44bd8a6c4c1cebeb9760a793659e89f86

SHA256
43a68372d95ae9f32ecdafb2d5072d13feba50a3872cd7a43f0b926238c69125

SHA512
d4011c68f291b53daca9a0ca5ce90cf6c6609a55cc6e45dbd2cc91d6146b1630498feaaa52846ca116bcdb7398c998a82f63530b7c563ef9b4c643f497946537

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
d854f5173ed2af33922915adbe6633c1

SHA1
33e80ca84545cfa88b0311b3761b378bfb55c26f

SHA256
ed70b9f0933c8ae6b9b0a52e7e8066e3ca23eda577f8a9a486551eef6a288271

SHA512
f5a33466e73e1cf0eef377b3bcf5b74a312d62e914c1d5220f8464105557055ecffd56347fb10116dc75ab4898608a012eb6bfd17e8bda59f1861d26bfdcb020

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
7e1f32aa6cedac4bc93b6c3f74d7eccc

SHA1
7356292b50ff62a4156c7f6261ea5227df532587

SHA256
a8cfe11419b81351c90e228ede1e510cbca409ef445fcdc2ddac73fa92a5a0fc

SHA512
60369f6b3b1aa12f84331de3900ac1b9a6c4c474c441536ec88491d5de0bfb9ebc3e68210fb3168ae8f208b818c6bad6d2d6031962e070ef6aed1180ff958602

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
539ec04f7b515af698d1f65e17a61676

SHA1
9ff88c0e116841f691ef45077db53b7afd7c0c6e

SHA256
c4931702dd20506553ffff46ba7ce1b9070caf709418ec2b1bb2fb236333abb5

SHA512
3c054ad34ef57f7f6f0da5ba635362d3a380b7796dd2092579b4feaba4e034b034bf9082bf7941a6ed4ace6bc401401f6a694671db7b65757c4b50956ab74551

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
010454937aba982ecc6a24bb14087709

SHA1
7aa3a2a66a96b30458ef7add5cacb95534dd3c44

SHA256
ddf557a8ef6fb4bc98f34010071c3770da021268d16058b31450082532920a5a

SHA512
eadedf0c34524ab1603344cd0702d809daaabbaa0ee958e48622c41aec815e8409b98336b0552961d6576f50457465b5f84207f00963df8fbeedf7f3fa8160a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
64f41890ceeeeef6f205595c4d4c0a1f

SHA1
e6143a54a7eac3b0a822de51f82a2087d99da41b

SHA256
169f7673f41fb80570945a0218b45dbc6feef7e082cfde53287154488a98a2c0

SHA512
d0c7c4e22bd9055543812d43328fdfd5e29f9e14bc060576b900933e604312ac90081305ac07a3994a18041e25f787711767c71a32be0a470c81988840cd9300

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a34d73e288399b0daff8992b151fe965

SHA1
15155b73d18b6a66837e8332d6cd4f216f08dd57

SHA256
b475db7fa2c034aaf7f0c891609507b3a99216392e47b889f03aac95df9a8fde

SHA512
5d256b48252a5da96e020602d4341e8bc9ff954bf4d91e38e8ad5a8db114000fd8594c79802421e63a0e58189bbc1c73990d644acc39725c9ea52ae964e2b2fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ab4a57cf1f850451ba8b7a2d1d114e7b

SHA1
92198d59aabd855a394c0f57b7de9a1e79e52a55

SHA256
7d8a03b0cc76502457a34843173b58383efcf331f0fce68afc48ebe03d46270f

SHA512
785cedfe81198f11ed47b33d58c2c10fce7bf2ee18422f70303c78be99a5cfe65277d8311de83ae68d418beb5b94a432e8cc0798b1bc0d7a07ebc4cf7b4f09b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
57ae10c5743594b7fde8433f0a056270

SHA1
bfd7226bb2d475f0de1f2b2f3a7864a6d09fac09

SHA256
5afd8a6e6706863f3ea726acc6f9f0608486d716a54886560b273f207e325e3c

SHA512
3d091a88f9dfd4a71cc3f7246bec564458128d8bc4a20871d06ee9a81dffea76897f39b5c577a96c5cd0e538f862be46686a4ad27a5c30d01e1335ec7e74a1f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
9f23680424976156598170c3aff16e18

SHA1
d96384da93de1e94fd33e193ccbc1e45231e4ded

SHA256
6dd0b315dd10d269eb5f2ac070b02e488a9a86445fb61ef57db0c35bc7a69964

SHA512
5fa37188acf899b0ebb12ccedc83d7b11d7c81a10972540cec3f22f37552235e7103995704c045f4c103bc6ff9e00b91a5b6dbc14aa77cac7b9c1304b8f2ade0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
00ccbf828da0ef9abb57e5238ae92d11

SHA1
2963070c9b89b20122a7cf905a7042c7caeb8822

SHA256
ad4b32fa4e8deb7367bdc499a8d7a2cf82d99d6881101f440fc63a790d6c1230

SHA512
4e3ed399c406096d2ac33b163d8acb54003f1c74f57e71698fbb3e7b25ec385d5c9ee6bdb27305d628979df780f9cad6502fd58fee37118a3a3405148f12463c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e6db136ddc6a2ba6483eca364f3b8a83

SHA1
3ac6fa9f771554ddcd84287b1074a782cd52aad7

SHA256
a0fe32b00f6e44208f7557fc49f12edb74fddc954cf7ed1331591f3c2730a958

SHA512
c250cb10c11057a81be6e1d414c119163bfa597904b6ef1018281ee70064201dfa2b7f5627794ef42eea29b9134696eab14f2c0a8db0b9bbdef6a1105d71608b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
70a834fcf2a33a95961b4e855590d99a

SHA1
6b9bd50a777419c444f4ce39a5fb5ad789368931

SHA256
ebfb64baa238c05902df2ed406d7c09f68dd8c34265e9429a5e78b87c7fc6494

SHA512
76ac3963a275f5f3366ff321f8306864840d11126ea6e8459c7ac7eae896f32bfaba53444b95f809d53a7b9b845f978d7e8a1744d293b5b0f302c85dbf0b621e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
b28aef0192a67f21bc93ee25f3f929cb

SHA1
a6524cf7604add2672fe4971b63df2fcf3ec0814

SHA256
6b612c6f070c335cf80bdb3a8a851d5c473a477b3138cc477a304e942310983a

SHA512
5b7285ceb2bc2261d536be77f88c538d8f5ceff793895639a0d88f625ce447ff7c377b56c6a413dc921ac5bedb8f3237239f6fe42e214589a9de84eea195a7dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a6b812543c7bdacb703caf0ba1b68f78

SHA1
cd2bb726068912bb8b5548e07e9ec6c8c2895864

SHA256
8e3e2d94f98536752cb61f6624507ca16635c63877f2db7f7777ef9c95e5e7f7

SHA512
9d1fc0ba8b96c124332f9e1c4c651d8d03c445f5b8fddcb7029fe76bf03cd4b419512f973a1d720f3b364c52a24c51f77e4d7fcd6ed5d1c5a7528a25df7a5c02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
262f7cf3f5ee491410daa39962b0c7ab

SHA1
e749a91a9172ff6ad556834bd5500a29ea0d6116

SHA256
461b4282b8744dfe3b59a90736d0a10b797e89bb2b46a5104fe09f4a62eaffb1

SHA512
a464509f9a9bf6b0bc157657fdcd7d10a69d4480fa254e43e3f18fdd92dae550d3005fd6b1b8d73e56636820b440e913ffc05b2174610c32bd77bf9a380d0f7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
42d4c78536666e24ba2c0752edb0d689

SHA1
b962cc2d5368e9e2269a161de1f0f24b91a5c517

SHA256
6b98bac583f5f9eb030dbc1417926a8bd2a061b8378a2ba06def30f4ec974492

SHA512
de3e537ec8766fe9297093f6a6e89b9b07276f95908135e244347d0fc03d2158509b8d1a92d8dcdf486f544353b491909fb097d2a6d0200ee9f8a39aeb6ee280

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
3ca90c6df637c8ff613163a0416fb6c6

SHA1
4e21e045662dc6c642c56bace8bddac1990cc2de

SHA256
da8224d5886317f07d9fb52787e887304e5b4e725151d56d94a5eaed74025f36

SHA512
f0b06577b4f2c657ced26f7c1ee0969c0bb6f7fe2c365fd6e2a26d1994fbe2ac56b803051e0a30e83567ae40104e22338eeba3d793ca891a7a38de0addfbbc31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b916724f324dfe86b105fb8304c48a73

SHA1
d8926dad252ada520c036d62095381d3c7d016d5

SHA256
f6df1900a008c3579fee4b03f8747af144f597ebe1c653bb0775d1451ebfba0f

SHA512
faa3e820c46b06b06bb6d2b094f37eb453e1151115b3945239a7e308f5c203da294557bb8b96273dcb7c70a58af454a6a0489dff14b6b360e717d4ca6ab64e1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
f83c5d163aab5977844453f968fd164e

SHA1
aa4eb1f8617dce7df62021f1138bbcad718ff4c5

SHA256
99f3e83c56d20dcb70450ad1d294366691eba289bb224b26ec250d697921edee

SHA512
1de7f083ad3719606ba2b7105d396e3bfc4001aa30d210a5a2d4d46725d58dbd920111ef1854b05227145760c5da7735f4349ae340dcc5eed384170c4c91db9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

Filesize
4KB

MD5
2f1014aac71654c67b0ff78d568acfcb

SHA1
d999d2c3f1ce038ff90969e016b537f303645da0

SHA256
bc32b41ea6c173d8b44c2a42b12ca416e71b7d8c5e8d5667c3222e20a32fea14

SHA512
cf364020cc01e20f7e0de06ea3906b124619e74268c182a19da4822e250fff3808f7b75e77d62027d7c6320f2b88443185a5f19d0e314d6ea4c8579a296cb108

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0

Filesize
2KB

MD5
1d11f46487ac496da59b30d04f992fc0

SHA1
d1765f6dd8359f1f7bdc5268426cb687b9e22ce6

SHA256
cdb2508caf7be601ba42235083c9dfc5ccf798789cefb236b8c1d4b7da2ac2ea

SHA512
cd399fec58654938489afe75bb4ea28e701076cd45cf49643112753ca610d7c0365dbd5a2704dfd4e8aa9dfc82ad834e3209586b8747a7ef0d1e79fc0356a345

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_1

Filesize
3KB

MD5
07d8c0465b5642883ef896f9c12b22eb

SHA1
b0b8c6fa800809ffdb90d37132f791e5eb3ad37b

SHA256
cd004375a9e2268c64b1f7eac074f627cfba7a32a0f7d77eee809bf216cbf9ff

SHA512
3e56da85031e206b18f5a53a3bac51d07d50f74e127b113e8250ca9c88bc34496bd1ad5108f51c3afce9d7821f61c2a9ad0242d45777a802c09615cabf8d4f69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
8fd4342031491878778e87c21d1c97d5

SHA1
73a010d5f7a2fb8d81b6fdcb035e0e96abcac0e4

SHA256
09c085ff18732b4e99a13ea5710d373c5bc114ab619d9e96a7492d7829178f8c

SHA512
34fa3ee33199f9027a80193a32bfaf244936d03f2199cb9845c8ab2da3a118005dbee83d2f27f1e9c3807f9c4562ea28cc2691adba2cd33f360aa2204f61c464

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe599ec7.TMP

Filesize
48B

MD5
389f3e6f62b1ba2f73c48aab7ef8ad95

SHA1
f609716828663ce4001fcfeafc3d97115be759d2

SHA256
814c2596d75f437b29e7af0b452b56208b5e5f6717f2a4e6fc47b0749f186042

SHA512
1ee9510d3cbac24eae494dea55ce301d93f25b757498991a7c92de47d1c30ff9d313c33eba55ab0408e4278c0e27f3e3ffe06a93fd9c1891b1a4e2314984b0aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
251KB

MD5
a8c1788bbdc348e704924167119a6973

SHA1
8efedfed537b86c5bf8ad19123be077da58b8728

SHA256
cdff413134ec9c182d97977f9d8ce2403506f28d51a25a6539d89250ede2ac34

SHA512
1981619e8d2037f402c3ab464c87ac74c5235f61631adb9fde9bdd655546d065279767a527ff20e7ace45f48253ea658353331fc229aae4d294e7b678248a156

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
251KB

MD5
e31b603e344eebf5f29602f460719833

SHA1
68efa6d8d9590ecbc625fca83e90ff56a0854050

SHA256
d655f9812d2f0732a1314a0bb0399e0c6ccd17ab2d6dd06d0ac6a0f0428f9e59

SHA512
39616ba8b896e9614c72feddad9e29cae07e6848145221c1afb65fad6cf127da66fc36dd2cc6f2c514ab1f10ea76e326abd318f1f8ded4e871a767ad843df4fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
5d08db48c9c2584818bc6ba76db51ff1

SHA1
6a1d995ce23a492a10a027a58967adb6905059a2

SHA256
8536c658e4616fb9658b469ca1213450ac5f7ca0dc238fd4fab3508040f733f5

SHA512
ad5f94fb98bf6c9a6af41c5869801243b76cbdb65d0f9ecafd5adcaa199d830fe42f1665e2025f9c03bf382430e2156705a5fc399b16ee5c877cf473bd06aa8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5a3c20.TMP

Filesize
89KB

MD5
a5d98322f97f67e88922b3f78c9603c0

SHA1
1754ef8ecfb576b2785a35823fde65f44270f95a

SHA256
4845160391947d66a07df0fa739f5591e0e598af465ec0305ee332a4d9735dcd

SHA512
744eced6a85efdc2782610c359e94340756c465bc983efd1d4ec33f83f36fbd6f35640f6f1d3b9a7179b10b0255ba73ab7bdf03b9c366523abd9cade0cd80076

Download Submit
C:\Users\Admin\AppData\Local\Temp\Ro-exec\defcon.ini

Filesize
2KB

MD5
6bbf973be4a05ae240b507f16fce4aa4

SHA1
5894f24e099ac8e894b2532ed0136d809aa6c546

SHA256
03031269e9823466acb2be8fedd5bb22b106b4e539669b7fee736fad4942a50f

SHA512
cc461ad28e749f4768437d05b8775005dd10032685fec6e2461cfa65036822dbe5ad62528a7e2eec3088f310ef9c8377d5404f3191446f49f673d97b91828a96

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Windows\Temp\3a5x6w0l.tmp

Filesize
37KB

MD5
1f8c95b97229e09286b8a531f690c661

SHA1
b15b21c4912267b41861fb351f192849cca68a12

SHA256
557a903f0f2177e3e62b1a534dee554cf2eff3dd3991bc2310f064bf9c7d2152

SHA512
0f0e5b85b6ef73ecebcd70ca90ce54c019eec1ea99966c469f357dd3393d0067f591b3690fe0b7922d7ba4aa25ebefd76a092d28c3377e6035720f8630a1a186

Download Submit
C:\Windows\Temp\3a5x6w0l.tmp

Filesize
37KB

MD5
3bc9acd9c4b8384fb7ce6c08db87df6d

SHA1
936c93e3a01d5ae30d05711a97bbf3dfa5e0921f

SHA256
a3d7de3d70c7673e8af7275eede44c1596156b6503a9614c47bad2c8e5fa3f79

SHA512
f8508376d9fb001bce10a8cc56da5c67b31ff220afd01fb57e736e961f3a563731e84d6a6c046123e1a5c16d31f39d9b07528b64a8f432eac7baa433e1d23375

Download Submit
C:\Windows\Temp\aut391C.tmp

Filesize
14KB

MD5
9d5a0ef18cc4bb492930582064c5330f

SHA1
2ec4168fd3c5ea9f2b0ab6acd676a5b4a95848c8

SHA256
8f5bbcc572bc62feb13a669f856d21886a61888fd6288afd066272a27ea79bb3

SHA512
1dc3387790b051c3291692607312819f0967848961bc075799b5a2353efadd65f54db54ddf47c296bb6a9f48e94ec83086a4f8bf7200c64329a73fc7ec4340a4

Download Submit
C:\Windows\Temp\aut391D.tmp

Filesize
12KB

MD5
efe44d9f6e4426a05e39f99ad407d3e7

SHA1
637c531222ee6a56780a7fdcd2b5078467b6e036

SHA256
5ea3b26c6b1b71edaef17ce365d50be963ae9f4cb79b39ec723fe6e9e4054366

SHA512
8014b60cef62ff5c94bf6338ee3385962cfc62aaa6c101a607c592ba00aea2d860f52e5f52be2a2a3b35310f135548e8d0b00211bfcf32d6b71198f5d3046b63

Download Submit
C:\Windows\Temp\aut391E.tmp

Filesize
7KB

MD5
ecffd3e81c5f2e3c62bcdc122442b5f2

SHA1
d41567acbbb0107361c6ee1715fe41b416663f40

SHA256
9874ab363b07dcc7e9cd6022a380a64102c1814343642295239a9f120cb941c5

SHA512
7f84899b77e3e2c0a35fb4973f4cd57f170f7a22f862b08f01938cf7537c8af7c442ef2ae6e561739023f6c9928f93a59b50d463af6373ed344f68260bc47c76

Download Submit
memory/2364-96-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/2364-94-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/2364-323-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/2364-138-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/2364-229-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/2364-98-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/2364-44-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/2364-97-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/2364-95-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/3560-43-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/3560-21-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/4256-0-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/4256-22-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download