cfeea4ea5121d1e6b1edbd5ca6e575830a0a4cbaf63120bc36639c44e1b89781

Analysis

max time kernel
89s
max time network
117s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
28-04-2024 17:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

HitmanPro_x64.exe
Size

13.6MB
MD5

57ae72bca137c9ec15470087d2a4c378
SHA1

e4dd10c770a7ec7993ed47a37d1f7182e907e3ed
SHA256

cfeea4ea5121d1e6b1edbd5ca6e575830a0a4cbaf63120bc36639c44e1b89781
SHA512

f80d6732e86a8d38db1ff43c0c5058013bd456c4b86b87018166ca073bc84fb8e7676b55371ae9cec668a77d198e1e7f6854a9a93581ed21a32167e3b9533f6e
SSDEEP

393216:qPwSxE5xi6RP25MJFjrTuSne6Jz7N/S3:TxP2ufjrCq

Score

8^/10

discovery spyware stealer

Malware Config

Signatures

Drops file in Drivers directory 2 IoCs

Processes:

HitmanPro_x64.exe

description	ioc	process
File created	C:\Windows\system32\drivers\hitmanpro37.sys	HitmanPro_x64.exe
File opened for modification	C:\Windows\system32\drivers\hitmanpro37.sys	HitmanPro_x64.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Unexpected DNS network traffic destination 1 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.

Processes:

description ioc

Destination IP 185.228.168.9
Enumerates connected drives 3 TTPs 2 IoCs
Attempts to read the root path of hard drives other than the default C: drive.

Query Registry
T1012

Peripheral Device Discovery
T1120

System Information Discovery
T1082

Processes:

HitmanPro_x64.exe

description ioc process

File opened (read-only) \??\D: HitmanPro_x64.exe
File opened (read-only) \??\F: HitmanPro_x64.exe

description	ioc
Destination IP	185.228.168.9

description	ioc	process
File opened (read-only)	\??\D:	HitmanPro_x64.exe
File opened (read-only)	\??\F:	HitmanPro_x64.exe

Maps connected drives based on registry 3 TTPs 3 IoCs

Disk information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

HitmanPro_x64.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\	HitmanPro_x64.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum	HitmanPro_x64.exe
Key value enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum	HitmanPro_x64.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 3 IoCs

Processes:

HitmanPro_x64.exe

description	ioc	process
File created	C:\Program Files\HitmanPro\hmpsched.exe	HitmanPro_x64.exe
File created	C:\Program Files\HitmanPro\HitmanPro.exe	HitmanPro_x64.exe
File opened for modification	C:\Program Files\HitmanPro\HitmanPro.exe	HitmanPro_x64.exe

Executes dropped EXE 1 IoCs

Processes:

hmpsched.exe

pid process

5980 hmpsched.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
5980	hmpsched.exe

Checks SCSI registry key(s) 3 TTPs 62 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

HitmanPro_x64.exe

description	ioc	process
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM	HitmanPro_x64.exe
Key value enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	HitmanPro_x64.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	HitmanPro_x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\	HitmanPro_x64.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	HitmanPro_x64.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	HitmanPro_x64.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	HitmanPro_x64.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	HitmanPro_x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\	HitmanPro_x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\	HitmanPro_x64.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Device Parameters	HitmanPro_x64.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	HitmanPro_x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\	HitmanPro_x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\	HitmanPro_x64.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	HitmanPro_x64.exe
Key value enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	HitmanPro_x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Device Parameters\Storport\	HitmanPro_x64.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK	HitmanPro_x64.exe
Key value enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Storport	HitmanPro_x64.exe
Key value enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Device Parameters	HitmanPro_x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Device Parameters\	HitmanPro_x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\	HitmanPro_x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\	HitmanPro_x64.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM	HitmanPro_x64.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Device Parameters	HitmanPro_x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\	HitmanPro_x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Device Parameters\	HitmanPro_x64.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Device Parameters\Storport	HitmanPro_x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Device Parameters\Storport\	HitmanPro_x64.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Device Parameters\Storport	HitmanPro_x64.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Device Parameters	HitmanPro_x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\	HitmanPro_x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Storport\	HitmanPro_x64.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Device Parameters\Storport	HitmanPro_x64.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Device Parameters	HitmanPro_x64.exe
Key value enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Device Parameters	HitmanPro_x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Device Parameters\Storport\	HitmanPro_x64.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM	HitmanPro_x64.exe
Key value enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	HitmanPro_x64.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	HitmanPro_x64.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Storport	HitmanPro_x64.exe
Key value enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Device Parameters\Storport	HitmanPro_x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\	HitmanPro_x64.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	HitmanPro_x64.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Device Parameters	HitmanPro_x64.exe
Key value enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Device Parameters	HitmanPro_x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\	HitmanPro_x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\	HitmanPro_x64.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	HitmanPro_x64.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK	HitmanPro_x64.exe
Key value enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	HitmanPro_x64.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	HitmanPro_x64.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Device Parameters	HitmanPro_x64.exe
Key value enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Device Parameters\Storport	HitmanPro_x64.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	HitmanPro_x64.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	HitmanPro_x64.exe
Key value enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Device Parameters\Storport	HitmanPro_x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\	HitmanPro_x64.exe
Key value enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	HitmanPro_x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Device Parameters\	HitmanPro_x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\	HitmanPro_x64.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM	HitmanPro_x64.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133587978788647752"	chrome.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

HitmanPro_x64.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	HitmanPro_x64.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	HitmanPro_x64.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	HitmanPro_x64.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

Processes:

HitmanPro_x64.exechrome.exe

pid	process
3548	HitmanPro_x64.exe
3548	HitmanPro_x64.exe
3548	HitmanPro_x64.exe
3548	HitmanPro_x64.exe
3548	HitmanPro_x64.exe
3548	HitmanPro_x64.exe
4320	chrome.exe
4320	chrome.exe
3548	HitmanPro_x64.exe
3548	HitmanPro_x64.exe
3548	HitmanPro_x64.exe
3548	HitmanPro_x64.exe
3548	HitmanPro_x64.exe

Suspicious behavior: LoadsDriver 10 IoCs

Processes:

pid process

652
652
652
652
652
652
652
652
652
652

pid	process
652
652
652
652
652
652
652
652
652
652

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

Processes:

chrome.exe

pid	process
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe

Suspicious use of FindShellTrayWindow 38 IoCs

Processes:

HitmanPro_x64.exechrome.exe

pid	process
3548	HitmanPro_x64.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
3548	HitmanPro_x64.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe

Suspicious use of SendNotifyMessage 33 IoCs

Processes:

HitmanPro_x64.exechrome.exe

pid	process
3548	HitmanPro_x64.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4320 wrote to memory of 5044	4320	chrome.exe	chrome.exe
PID 4320 wrote to memory of 5044	4320	chrome.exe	chrome.exe
PID 4320 wrote to memory of 1284	4320	chrome.exe	chrome.exe
PID 4320 wrote to memory of 1284	4320	chrome.exe	chrome.exe
PID 4320 wrote to memory of 1284	4320	chrome.exe	chrome.exe
PID 4320 wrote to memory of 1284	4320	chrome.exe	chrome.exe
PID 4320 wrote to memory of 1284	4320	chrome.exe	chrome.exe
PID 4320 wrote to memory of 1284	4320	chrome.exe	chrome.exe
PID 4320 wrote to memory of 1284	4320	chrome.exe	chrome.exe
PID 4320 wrote to memory of 1284	4320	chrome.exe	chrome.exe
PID 4320 wrote to memory of 1284	4320	chrome.exe	chrome.exe
PID 4320 wrote to memory of 1284	4320	chrome.exe	chrome.exe
PID 4320 wrote to memory of 1284	4320	chrome.exe	chrome.exe
PID 4320 wrote to memory of 1284	4320	chrome.exe	chrome.exe
PID 4320 wrote to memory of 1284	4320	chrome.exe	chrome.exe
PID 4320 wrote to memory of 1284	4320	chrome.exe	chrome.exe
PID 4320 wrote to memory of 1284	4320	chrome.exe	chrome.exe
PID 4320 wrote to memory of 1284	4320	chrome.exe	chrome.exe
PID 4320 wrote to memory of 1284	4320	chrome.exe	chrome.exe
PID 4320 wrote to memory of 1284	4320	chrome.exe	chrome.exe
PID 4320 wrote to memory of 1284	4320	chrome.exe	chrome.exe
PID 4320 wrote to memory of 1284	4320	chrome.exe	chrome.exe
PID 4320 wrote to memory of 1284	4320	chrome.exe	chrome.exe
PID 4320 wrote to memory of 1284	4320	chrome.exe	chrome.exe
PID 4320 wrote to memory of 1284	4320	chrome.exe	chrome.exe
PID 4320 wrote to memory of 1284	4320	chrome.exe	chrome.exe
PID 4320 wrote to memory of 1284	4320	chrome.exe	chrome.exe
PID 4320 wrote to memory of 1284	4320	chrome.exe	chrome.exe
PID 4320 wrote to memory of 1284	4320	chrome.exe	chrome.exe
PID 4320 wrote to memory of 1284	4320	chrome.exe	chrome.exe
PID 4320 wrote to memory of 1284	4320	chrome.exe	chrome.exe
PID 4320 wrote to memory of 1284	4320	chrome.exe	chrome.exe
PID 4320 wrote to memory of 1284	4320	chrome.exe	chrome.exe
PID 4320 wrote to memory of 2828	4320	chrome.exe	chrome.exe
PID 4320 wrote to memory of 2828	4320	chrome.exe	chrome.exe
PID 4320 wrote to memory of 756	4320	chrome.exe	chrome.exe
PID 4320 wrote to memory of 756	4320	chrome.exe	chrome.exe
PID 4320 wrote to memory of 756	4320	chrome.exe	chrome.exe
PID 4320 wrote to memory of 756	4320	chrome.exe	chrome.exe
PID 4320 wrote to memory of 756	4320	chrome.exe	chrome.exe
PID 4320 wrote to memory of 756	4320	chrome.exe	chrome.exe
PID 4320 wrote to memory of 756	4320	chrome.exe	chrome.exe
PID 4320 wrote to memory of 756	4320	chrome.exe	chrome.exe
PID 4320 wrote to memory of 756	4320	chrome.exe	chrome.exe
PID 4320 wrote to memory of 756	4320	chrome.exe	chrome.exe
PID 4320 wrote to memory of 756	4320	chrome.exe	chrome.exe
PID 4320 wrote to memory of 756	4320	chrome.exe	chrome.exe
PID 4320 wrote to memory of 756	4320	chrome.exe	chrome.exe
PID 4320 wrote to memory of 756	4320	chrome.exe	chrome.exe
PID 4320 wrote to memory of 756	4320	chrome.exe	chrome.exe
PID 4320 wrote to memory of 756	4320	chrome.exe	chrome.exe
PID 4320 wrote to memory of 756	4320	chrome.exe	chrome.exe
PID 4320 wrote to memory of 756	4320	chrome.exe	chrome.exe
PID 4320 wrote to memory of 756	4320	chrome.exe	chrome.exe
PID 4320 wrote to memory of 756	4320	chrome.exe	chrome.exe
PID 4320 wrote to memory of 756	4320	chrome.exe	chrome.exe
PID 4320 wrote to memory of 756	4320	chrome.exe	chrome.exe
PID 4320 wrote to memory of 756	4320	chrome.exe	chrome.exe
PID 4320 wrote to memory of 756	4320	chrome.exe	chrome.exe
PID 4320 wrote to memory of 756	4320	chrome.exe	chrome.exe
PID 4320 wrote to memory of 756	4320	chrome.exe	chrome.exe
PID 4320 wrote to memory of 756	4320	chrome.exe	chrome.exe
PID 4320 wrote to memory of 756	4320	chrome.exe	chrome.exe
PID 4320 wrote to memory of 756	4320	chrome.exe	chrome.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\HitmanPro_x64.exe
"C:\Users\Admin\AppData\Local\Temp\HitmanPro_x64.exe"
1⤵
- Drops file in Drivers directory
- Enumerates connected drives
- Maps connected drives based on registry
- Drops file in Program Files directory
- Checks SCSI registry key(s)
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4320

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff95a9fab58,0x7ff95a9fab68,0x7ff95a9fab78
2⤵
PID:5044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=1912,i,6084949145156174064,15979396318875403400,131072 /prefetch:2
2⤵
PID:1284

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1912,i,6084949145156174064,15979396318875403400,131072 /prefetch:8
2⤵
PID:2828

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2172 --field-trial-handle=1912,i,6084949145156174064,15979396318875403400,131072 /prefetch:8
2⤵
PID:756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=1912,i,6084949145156174064,15979396318875403400,131072 /prefetch:1
2⤵
PID:620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3120 --field-trial-handle=1912,i,6084949145156174064,15979396318875403400,131072 /prefetch:1
2⤵
PID:5080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4052 --field-trial-handle=1912,i,6084949145156174064,15979396318875403400,131072 /prefetch:1
2⤵
PID:2436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4512 --field-trial-handle=1912,i,6084949145156174064,15979396318875403400,131072 /prefetch:8
2⤵
PID:4748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4460 --field-trial-handle=1912,i,6084949145156174064,15979396318875403400,131072 /prefetch:8
2⤵
PID:944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4728 --field-trial-handle=1912,i,6084949145156174064,15979396318875403400,131072 /prefetch:8
2⤵
PID:2540

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4816 --field-trial-handle=1912,i,6084949145156174064,15979396318875403400,131072 /prefetch:8
2⤵
PID:3504

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4584 --field-trial-handle=1912,i,6084949145156174064,15979396318875403400,131072 /prefetch:8
2⤵
PID:4308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4876 --field-trial-handle=1912,i,6084949145156174064,15979396318875403400,131072 /prefetch:1
2⤵
PID:1780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3404 --field-trial-handle=1912,i,6084949145156174064,15979396318875403400,131072 /prefetch:1
2⤵
PID:4456

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4292 --field-trial-handle=1912,i,6084949145156174064,15979396318875403400,131072 /prefetch:8
2⤵
PID:4448

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4888 --field-trial-handle=1912,i,6084949145156174064,15979396318875403400,131072 /prefetch:1
2⤵
PID:5100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3276 --field-trial-handle=1912,i,6084949145156174064,15979396318875403400,131072 /prefetch:1
2⤵
PID:3616

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3148 --field-trial-handle=1912,i,6084949145156174064,15979396318875403400,131072 /prefetch:1
2⤵
PID:2728

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5480 --field-trial-handle=1912,i,6084949145156174064,15979396318875403400,131072 /prefetch:1
2⤵
PID:2432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5500 --field-trial-handle=1912,i,6084949145156174064,15979396318875403400,131072 /prefetch:1
2⤵
PID:1296

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5716 --field-trial-handle=1912,i,6084949145156174064,15979396318875403400,131072 /prefetch:1
2⤵
PID:3144

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5872 --field-trial-handle=1912,i,6084949145156174064,15979396318875403400,131072 /prefetch:1
2⤵
PID:4644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6004 --field-trial-handle=1912,i,6084949145156174064,15979396318875403400,131072 /prefetch:1
2⤵
PID:5028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6152 --field-trial-handle=1912,i,6084949145156174064,15979396318875403400,131072 /prefetch:1
2⤵
PID:1364

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6292 --field-trial-handle=1912,i,6084949145156174064,15979396318875403400,131072 /prefetch:1
2⤵
PID:3904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6104 --field-trial-handle=1912,i,6084949145156174064,15979396318875403400,131072 /prefetch:1
2⤵
PID:5160

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6072 --field-trial-handle=1912,i,6084949145156174064,15979396318875403400,131072 /prefetch:1
2⤵
PID:5168

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6048 --field-trial-handle=1912,i,6084949145156174064,15979396318875403400,131072 /prefetch:1
2⤵
PID:5176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6604 --field-trial-handle=1912,i,6084949145156174064,15979396318875403400,131072 /prefetch:1
2⤵
PID:5184

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1312

C:\Program Files\HitmanPro\hmpsched.exe
"C:\Program Files\HitmanPro\hmpsched.exe"
1⤵
- Executes dropped EXE
PID:5980

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\HitmanPro\HitmanPro.exe
Filesize
13.6MB

MD5
57ae72bca137c9ec15470087d2a4c378

SHA1
e4dd10c770a7ec7993ed47a37d1f7182e907e3ed

SHA256
cfeea4ea5121d1e6b1edbd5ca6e575830a0a4cbaf63120bc36639c44e1b89781

SHA512
f80d6732e86a8d38db1ff43c0c5058013bd456c4b86b87018166ca073bc84fb8e7676b55371ae9cec668a77d198e1e7f6854a9a93581ed21a32167e3b9533f6e

Download Submit
C:\Program Files\HitmanPro\hmpsched.exe
Filesize
151KB

MD5
37c82e90529078c1dffc65c59050f4cd

SHA1
697495fba0dfa323e11fe73c0bc64ae44b2033fa

SHA256
e37128b0a2599fc950263d9c2e800a41ffbdc9b63eb74f3c48f44e8213817a0c

SHA512
154df1633c7011c96fbd96728912fda15e0848ce39a1348704a1a83132b220e8f40834fd54771b723ce066e720915d2decb50c923906014e446d8c3c6a01dd90

Download Submit
C:\ProgramData\HitmanPro\HitmanPro.key
Filesize
1KB

MD5
80fa1fbf8a23b11fa609fb4940a5dfbc

SHA1
094a6c193d09b4f1f7e96a47060e6b7eac41a5be

SHA256
d569a4a833f012d5fcdd1aac1cb12661569963602f5254cf56cb703c1cac2f8e

SHA512
183ff42e6d44ae470ea619b255e1a67c69235658a7fbd129f4a3e183334c46a6b60dfd9a4f8dc6b6907cb7aa15bc2b318a13c0013ad1d32de41b9fda0d50e79d

Download Submit
C:\ProgramData\HitmanPro\HitmanPro.lic
Filesize
1KB

MD5
d9484ba0ec05821d793dffb3ad70cdf4

SHA1
e7ccecfe9136dde655863c51cdb26cff527c2a18

SHA256
10426f95c181db960922725a9bd8517bf3a4775198abce74eb44004c54fc1dc5

SHA512
5256354104806605baf9d018be1b46760a2cae752a24452de6b96a4867d5f0f7d367e750eb367ac9555f1978d8160873736adab886753816fa11bdc07e0cf69b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026
Filesize
64KB

MD5
9ab10d71ba9d5687f36807e669b870d1

SHA1
e156f2cfdda7b5dcca0db32860759e954626e6f1

SHA256
7cdc09376d5fad31e928ac542ed83ed3ddfc5507180e94417b0cf4116b1c15e4

SHA512
c70c189dd7e515c2317a276319668073b8f73151bf7a1e0b6623ce888f590cebc7b7a69fd0b39cf7fb5206166202b6cf9b1baeec9c59ed9b3f926c7d7e13935e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a
Filesize
16KB

MD5
9c6b5ce6b3452e98573e6409c34dd73c

SHA1
de607fadef62e36945a409a838eb8fc36d819b42

SHA256
cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc

SHA512
4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0a817b5616fc3347_0
Filesize
246B

MD5
2b9d8130674720708f8f6b7bd5669cdf

SHA1
c8fca0083461dc99618bf3c36d4d70c2d31c3116

SHA256
51dacef5d8e345996f05d8a45f7a4b8e724b3d22f1f31adcfc9ae2243bfcf660

SHA512
886a805fb80fbc6239f7aaaddeb6dda6cfd571cebb204815f9ef65a45a84bd807704fdc05ba4bbbd46ee95b1440892e62abd6f4ad92b98d14674748b1155a347

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\37a66a04f122d78e_0
Filesize
257B

MD5
ada295e751c42bce12b033b315948eaa

SHA1
89235a5871eff417ce43f2e06f32f4221bec8f4a

SHA256
2328bc050980028a57e3b3cdee5590e5ebebe297a0e710c3e9dbdc2650e5c342

SHA512
637df0120eb601c19ba1cdf4cd97e5940cd156f2c82f2d06296153a4c93e1e14ca39b4f6b720503f93b0a4ea6de8f2209f0b5d30ac69e34d59da3212c664f567

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4c307b02b4dcc58c_0
Filesize
228B

MD5
55c5355a9191191c38db4aefc04891a4

SHA1
0161ae79a9c235481cb7f50a019ec1dd8eb53245

SHA256
13d17eb0d17337edd379a063169f0c92b780f7b0e876edb6f82ff1ce03b5ad8d

SHA512
d9fd9c9b318e900fec5048fd851b778aac4aa15015b3446c97356befcee5404a9b219e049262e123be81769595ea52a72ce9d3881d840a33d0c1a70906695e4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4c82002aae459c56_0
Filesize
254B

MD5
89ca1334f6d30c0d2b19efc55d58b83d

SHA1
1a58e78f1914d2e9fcd6890e1fd564070f3781b5

SHA256
02f8f638638459faa14f534668cb606770f608b267c51a5a047ddb537bf5af07

SHA512
135143135f9eb44f6c11313c7b6bfeb57274a0649609c0691aceef730f1f828507d8a03f47ab723785857592bd05c94dbdb3c1043fc800c301def3d3ab07daf1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
d235b5e68de546a7978c6a0ccfe35290

SHA1
4c7f0bef62dd2bc779e73a27e091667ea081d0a2

SHA256
7fee4bcc63d0b9e4fda4aef1cabea30543f6c9da054db1a8f89252ff577e3ddb

SHA512
4f188fc49328cda42aa536917fb0a2d56544783ddaeb019522bae6bcc0f1749aac9d7d2bdce5dccc4462b31b51d40bc2d931eb55ed1a31414c7defe4c3d51192

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
072df1723fe34426ddfff4cbb35bcfe8

SHA1
a294dc5796939ceaf61c84cbd2972a58c288aabc

SHA256
99afee87f8ff7176d502de29d6680590642e367e4279b2947131a7d38d254243

SHA512
9cfbbafdee9846064afcfc06261b7cf2c4655f92004f700509611949158d432f5eedf96bbde69a896eb0eba729aaa962753a9281e291548e8adb65e39c369a31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
c8d69b885c2128d4151e156784103764

SHA1
ebec71891d21146417839b9b83d8286249893f7f

SHA256
2c417673b06959a62d6cd6472e389a1b8ab68a1fe145a0dc1039d9099157796f

SHA512
5d06e509dd19626dc906758b7755e5304568b72babbc648800a5348db897e4f1c89da98455e3e38629d5eade9a8cf0ec05bdffc8ea2d2ee667485239faf73a7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
Filesize
32KB

MD5
7ab992aca626c3a3638358d294bd1ad4

SHA1
b266018c33308138c16bc7141b668bc031d00768

SHA256
c8a19da55a375a462ad500b9ab4c43a1cc7992fd048b5266173b20510d238fc5

SHA512
6963c323a823cd62b9b2d89ef013ee0bb137497f59dd39fc7df468f61bdbda93b35e719d747febd426d6833f169a9fddafe7d608317a5628fbb72307ae972657

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
Filesize
32KB

MD5
93ce1ae6b8012639408a309ac6b7351e

SHA1
7cfa95b4cc8c9b108cab2277d59d038d72af1fa6

SHA256
58c1e71998efcabbc5040940064977ff3cdeb103a4f3359e1355bb35736cf89c

SHA512
58bea8b894d7cc857219fe89b7888fd30a1ee29ab06f06cb6d23fdaa6ba5813c001f280ca111fdd3dbe45e0429c1f06d1fa527825b5258088ff231ae99fc2cc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies-journal
Filesize
24KB

MD5
9439cefdd2373177d42999a6024d84ae

SHA1
19f2b116a03e770907be5dc1a3deca48716499c1

SHA256
5d0c9d1549ba13167ea1903e4dbd4e8e6f946c478c4c67e5ee20081be2a137d5

SHA512
cae58e0291feb2b9aca2636a0a93547c8da993eec52bcd7c6373ef68fd5647aedc7e79be38ddd8d01e812f27305663dd7336ad7bc343bff87335b56186142133

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
10KB

MD5
a68df4271b889d210e5158da4fd86249

SHA1
30546218a52c50c1f49afc546544144b045a7f12

SHA256
7cef9e2bc71e992a83d79798097cb7dba63f41c145b88faff733942906d47bf8

SHA512
9087e9ebc15eb08ce443e2f696caf6cea90d0e469e9e64a1a572629102ab21eb61d9c9c3da6a5d3e62f3e5116cfcfa525a65646e2084888585dfa2d3ba059a3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
10KB

MD5
b8b398a08d0fdd7cbfabc2a97780a7f4

SHA1
dc1f3f98376ff2338818dc25ea7411b4d68e185d

SHA256
d21dfd2acddb36a532607a619a80bb7e7eb387997f769bfccf2a8703e4792a43

SHA512
b313b073d8f3bc72a50bda5889a591dcb5a4adef9d02acf78b0a6872a2d3a170c022d49ef9110accf49307efba5c6da5a93833dc601d32fc4ce2f94737e38217

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
d1fe6241850cbca085fa932a8744a4ba

SHA1
f634e4a76e19a5b5ea73a1f558688dac93dba409

SHA256
9c84ba5141c55a9f196a3852c3e652d01aa2e2a71cf6300874fcdc8ab7f2a901

SHA512
22ef9609542f2b2db2af91fee5c3d052fbd2104a04b3f728516b53c94e783f14928e70a6169e7ab73ac36ecbb4cb21691c70d21bf67cdb79436ebd666de04b74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
6b31fcd750983b5e0ca05d0664a08a33

SHA1
99ac0cf225de0ee089014b96c8e9f5ed33a37e7c

SHA256
1b568d2a85019922d3d8925925a71b120f6393e17d6d95da1fe5f1c12e2533e7

SHA512
1106573c1c53cb805f58a946d8d1c26a0a65746460eeb2450823b140ca272a5fd2ff30048d9b0ab0d4907d343d8b8783be8150f8090d20010447f7418fc906c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
523B

MD5
923f566688152430616bd0b93445ef83

SHA1
1b49a5c3a9333da9863b2a12acda8f2e5ecfe364

SHA256
5c9325d268182a779e53fe6b332e1a9f6591882cfdc07007e30f7d3ad7d51804

SHA512
f9c56350943fc0cb667cb3c1a4259639460bbf162d2ca3d5fb0db64f3f66f3d79e047f19d10f263dcdd42db66f682b176402942e9cb5ab3e583d89ee629aceeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
5568194d88c74fda29131b3cd4b4f36d

SHA1
1f8061cfad3da3a18b9d364a1eff59f94b9f44b2

SHA256
9033cbd79674a14e0342e50f3245fc0aa7b181af2e68a5a31922ffa5349b84a0

SHA512
eb0201edf32ab0604d2009ce8d3a46e432ca87df393df5f172fc14537b5dd33e42c2c0779ace47aeef040a27c4bb3320b128348966a8d4f97ba9247ba71de2aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
cec42d9b24309ef5a8320aeb6ae090c1

SHA1
22bed332b231da702a4b2f5a1202f211f4f90065

SHA256
f624d714268f7b6eb5029480c07d6e78ec7f4a1493d3253440b247c931120299

SHA512
b6a02fe3d1d5061148d2d5475162d1ed9047d88c2c87ec63fa95bb862922ab315544c0be0b7b17552d63e76c1ddaa57aadb0a9112412df107aa40baf69dd037e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
3b2dfb4cf3490361775a2c66f37b56f6

SHA1
ca6397d22d54134ff4ceec36d2d517fa7c2d8323

SHA256
ad986a31bf8c8c99af90808eb60eee33db193d8ebef37da4c059da30e6132530

SHA512
b61d54de813c612b7349b53c1e0d3e1911e57b79eaaae909936de96860e81d26374686f453c5bc1e43ff2dbdf1b33aa75c7bdbda486af54375abde3d5ce24f7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
e21a3d787fbaeeb4c09d5fbe744b8ab6

SHA1
d9d27f3f6d070a0ad289d51b0c0464e41fd117b6

SHA256
5b38b3ee603026970dd4241aa91c4a82be3dc77385b36822714eccc86b8fcd70

SHA512
ad29f07d796b27ccc6c30097fdc040cce1d68aa22c88e9e527953d459eb3309848cc0286d475bfc307e4d172b022695091b821ed1dd0255776e9b932c8cc90b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
2e59c0ae898649dd3fba992df514f82f

SHA1
fa0cc71e6e07d4569ffd07b5e72daa097f462125

SHA256
174f259bb5ad1cf56ba04870f93a2b94f23932ec1f26ba736d40bc2802881740

SHA512
f8b2b335b85293a66fab8e1638df6f25bd277caa71b8bc6c8f53fca1f218051ed7231f995b861bc1a04a4e8a43a3d52d29c21b3e164eec5bb73089aaff63f9ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
57c903274d3da515b9023dc1f9d3fe2b

SHA1
9a446bd26ec10b82c16245a6740520b3b1fd964a

SHA256
d0aaadda72c6a200f3733913ca778ae6ae76d035d174cac5e72b0d495b6e0142

SHA512
758c7297b2cfc759e95bf446d2129f0a97fb171f4005d380fd0efd91070ffd12612620439a2e2b0162ff0dd5e5717f4065b21e69adb454d32c2c4facd3ed15e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
bbb70e83b4c07785e85f890a5999f607

SHA1
23ceb834a6a962495e42ed2a0aac5f2ad5e73f1b

SHA256
23d6e84d3ded3c9701d62c17040c66a76e2c646fe64bb0e290bc7612b86de052

SHA512
48c1d402fd3993ac3a5012930ae6fd9392aadc775e0d78a3315bc6d9620ecfaa5f970ec9e67febec3745d37fc114ec769b7b8696039200b2deed40a614e014a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
16KB

MD5
340bd76c32af4d2aa145c5dc31109d71

SHA1
9c626795d7cc608fe095ef2f48ecdedd4fe0810b

SHA256
e59aa6dae955816fd7855ca43636f1cfca5df84afb1935d19986916c498308c3

SHA512
ac035bdc71d5974b5878c93639cd6240816ff8d3464b70611b2195300412eb6c81939544693d6f1352b97e3c65cda96cec3c9e17eeedd6f524a9c43c7aa2b24f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data
Filesize
100KB

MD5
23e7ac759ce7146eb3e6fbec7f4cba1d

SHA1
617a5598b00a7584c685fa4e4f86c64857f2a2e9

SHA256
e581f9acc021688541a32c5039331e0653f12222d4d8542e1b8008e7e14969ce

SHA512
d876baa4329afaa2d8a0ff8641d876578ef5bbea8310e8832b3a63aea5f7032a92db72e843ff2454334e5c631381fed35fe15dcad03993e0f479e9d8ac1c32fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
256KB

MD5
a2f7728cfd2d59051c429a637c446bac

SHA1
5477bc1f16861da4c60b3372b4c1759608fd5c3e

SHA256
e65b1a08bc5b0d44219c27e4772363da5bde44193e17e129b8544af2da58426a

SHA512
2bdf27f6a4ba7f797a9ee6ccaa3ed96e134cc5d03a90453f8c3d7f81a09fa6ef1f0e504adb1452117830e214cd96e57441c44f1438e2315d51f94d67f565cefa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
256KB

MD5
51b77645fe6a4f69eb5a7bfa493931cc

SHA1
b052423c79b85fe8eacb38f7b75b848c2e004e42

SHA256
1b87b0c96ed12faef28c292c4ff853588548f5b469a52072d713296fe3bb8f72

SHA512
dcd182e48c347d770d5df97b13aca937ef6eba6a230ca92ef857fa08033a60fdbbe1d431c4fd03252d4bda541cc33d6b25e5a597bdbe6d1cd383a2570c19e423

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
91KB

MD5
5a8be8c37d1540a419e18c99fbec3b46

SHA1
68b0cd09046241948332babe48069499b351d0d2

SHA256
af230d339e9ae051cf6022728c77f3c80ada928995a13c5e67c3dd179525e20a

SHA512
5810545329cc28085ac854a61e7a462d951cb068706a55011363f47b35858fa113becaadeb61b783b20acae6857fc9d31c922bb9cfb07d1ca97638a48090a497

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57f0e8.TMP
Filesize
88KB

MD5
d7e899fe6d615f4517b964e7e251c523

SHA1
770fa0ddaaf91252d424a24746d489f66b3aa937

SHA256
e908a360fc524cfed772ab3167964542f7904e9c2ae76008009e7d97123da90a

SHA512
c223a5df34fd4f1e94f381bf2e810ef75271d466c1ac1479c766e4928f6cffba313d8d3c5621ca5b7391fe8c357bd608b55466e84897708b383ba4afce581f12

Download Submit
C:\Windows\System32\drivers\hitmanpro37.sys
Filesize
41KB

MD5
55b9678f6281ff7cb41b8994dabf9e67

SHA1
95a6a9742b4279a5a81bef3f6e994e22493bbf9f

SHA256
eb5d9df12ae2770d0e5558e8264cbb1867c618217d10b5115690ab4dcfe893c6

SHA512
d2270c13dc8212b568361f9d7d10210970b313d8cd2b944f63a626f6e7f2feb19671d3fcdbdf35e593652427521c7c18050c1181dc4c114da96db2675814ab40

Download Submit
\??\pipe\crashpad_4320_CUOFVCPUUYQUASKO
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/3548-286-0x000001B1F8540000-0x000001B1F8655000-memory.dmp

Filesize
1.1MB

Download
memory/3548-17-0x000001B1F8540000-0x000001B1F8655000-memory.dmp

Filesize
1.1MB

Download
memory/3548-320-0x000001B1F8540000-0x000001B1F8655000-memory.dmp

Filesize
1.1MB

Download
memory/3548-628-0x000001B1F8540000-0x000001B1F8655000-memory.dmp

Filesize
1.1MB

Download