redline | hxxps://cracks-1[.]gitbook[.]io/software

Analysis

max time kernel
328s
max time network
330s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
13-05-2024 15:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cracks-1.gitbook.io/software

Score

10^/10

redline zgrat discovery infostealer rat spyware stealer

Malware Config

Signatures

Detect ZGRat V1 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/6288-1159-0x0000000000400000-0x000000000044A000-memory.dmp	family_zgrat_v1

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/6288-1159-0x0000000000400000-0x000000000044A000-memory.dmp	family_redline

ZGRat
ZGRat is remote access trojan written in C#.
rat zgrat

Executes dropped EXE 1 IoCs

Processes:

1227006289.exe

pid	Process
6196	1227006289.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Suspicious use of SetThreadContext 1 IoCs

Processes:

1227006289.exe

description	pid	Process	procid_target
PID 6196 set thread context of 6288	6196	1227006289.exe	197

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133600871390118818"	chrome.exe

Modifies registry class 64 IoCs

Processes:

chrome.exechrome.exe

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\NodeSlot = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "2"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e8005398e082303024b98265d99428e115f0000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = 00000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	chrome.exe

Suspicious behavior: EnumeratesProcesses 9 IoCs

Processes:

chrome.exechrome.exeRegAsm.exe

pid	Process
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
7780	chrome.exe
7780	chrome.exe
6288	RegAsm.exe
6288	RegAsm.exe
6288	RegAsm.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

chrome.exe

pid	Process
8732	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 61 IoCs

Processes:

chrome.exe

pid	Process
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	Process
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exe

pid	Process
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	Process
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

chrome.exe

pid	Process
8732	chrome.exe
8732	chrome.exe
8732	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	Process	procid_target
PID 3024 wrote to memory of 4172	3024	chrome.exe	83
PID 3024 wrote to memory of 4172	3024	chrome.exe	83
PID 3024 wrote to memory of 4580	3024	chrome.exe	84
PID 3024 wrote to memory of 4580	3024	chrome.exe	84
PID 3024 wrote to memory of 4580	3024	chrome.exe	84
PID 3024 wrote to memory of 4580	3024	chrome.exe	84
PID 3024 wrote to memory of 4580	3024	chrome.exe	84
PID 3024 wrote to memory of 4580	3024	chrome.exe	84
PID 3024 wrote to memory of 4580	3024	chrome.exe	84
PID 3024 wrote to memory of 4580	3024	chrome.exe	84
PID 3024 wrote to memory of 4580	3024	chrome.exe	84
PID 3024 wrote to memory of 4580	3024	chrome.exe	84
PID 3024 wrote to memory of 4580	3024	chrome.exe	84
PID 3024 wrote to memory of 4580	3024	chrome.exe	84
PID 3024 wrote to memory of 4580	3024	chrome.exe	84
PID 3024 wrote to memory of 4580	3024	chrome.exe	84
PID 3024 wrote to memory of 4580	3024	chrome.exe	84
PID 3024 wrote to memory of 4580	3024	chrome.exe	84
PID 3024 wrote to memory of 4580	3024	chrome.exe	84
PID 3024 wrote to memory of 4580	3024	chrome.exe	84
PID 3024 wrote to memory of 4580	3024	chrome.exe	84
PID 3024 wrote to memory of 4580	3024	chrome.exe	84
PID 3024 wrote to memory of 4580	3024	chrome.exe	84
PID 3024 wrote to memory of 4580	3024	chrome.exe	84
PID 3024 wrote to memory of 4580	3024	chrome.exe	84
PID 3024 wrote to memory of 4580	3024	chrome.exe	84
PID 3024 wrote to memory of 4580	3024	chrome.exe	84
PID 3024 wrote to memory of 4580	3024	chrome.exe	84
PID 3024 wrote to memory of 4580	3024	chrome.exe	84
PID 3024 wrote to memory of 4580	3024	chrome.exe	84
PID 3024 wrote to memory of 4580	3024	chrome.exe	84
PID 3024 wrote to memory of 4580	3024	chrome.exe	84
PID 3024 wrote to memory of 4580	3024	chrome.exe	84
PID 3024 wrote to memory of 4532	3024	chrome.exe	85
PID 3024 wrote to memory of 4532	3024	chrome.exe	85
PID 3024 wrote to memory of 3192	3024	chrome.exe	86
PID 3024 wrote to memory of 3192	3024	chrome.exe	86
PID 3024 wrote to memory of 3192	3024	chrome.exe	86
PID 3024 wrote to memory of 3192	3024	chrome.exe	86
PID 3024 wrote to memory of 3192	3024	chrome.exe	86
PID 3024 wrote to memory of 3192	3024	chrome.exe	86
PID 3024 wrote to memory of 3192	3024	chrome.exe	86
PID 3024 wrote to memory of 3192	3024	chrome.exe	86
PID 3024 wrote to memory of 3192	3024	chrome.exe	86
PID 3024 wrote to memory of 3192	3024	chrome.exe	86
PID 3024 wrote to memory of 3192	3024	chrome.exe	86
PID 3024 wrote to memory of 3192	3024	chrome.exe	86
PID 3024 wrote to memory of 3192	3024	chrome.exe	86
PID 3024 wrote to memory of 3192	3024	chrome.exe	86
PID 3024 wrote to memory of 3192	3024	chrome.exe	86
PID 3024 wrote to memory of 3192	3024	chrome.exe	86
PID 3024 wrote to memory of 3192	3024	chrome.exe	86
PID 3024 wrote to memory of 3192	3024	chrome.exe	86
PID 3024 wrote to memory of 3192	3024	chrome.exe	86
PID 3024 wrote to memory of 3192	3024	chrome.exe	86
PID 3024 wrote to memory of 3192	3024	chrome.exe	86
PID 3024 wrote to memory of 3192	3024	chrome.exe	86
PID 3024 wrote to memory of 3192	3024	chrome.exe	86
PID 3024 wrote to memory of 3192	3024	chrome.exe	86
PID 3024 wrote to memory of 3192	3024	chrome.exe	86
PID 3024 wrote to memory of 3192	3024	chrome.exe	86
PID 3024 wrote to memory of 3192	3024	chrome.exe	86
PID 3024 wrote to memory of 3192	3024	chrome.exe	86
PID 3024 wrote to memory of 3192	3024	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cracks-1.gitbook.io/software
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe8a71ab58,0x7ffe8a71ab68,0x7ffe8a71ab78
  2⤵
  PID:4172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:2
  2⤵
  PID:4580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:8
  2⤵
  PID:4532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2240 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:8
  2⤵
  PID:3192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3044 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3064 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:1
  2⤵
  PID:3456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4304 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:8
  2⤵
  PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4592 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:8
  2⤵
  PID:3124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4600 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:1
  2⤵
  PID:3876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4856 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:8
  2⤵
  PID:3644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5092 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4256 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:1
  2⤵
  PID:3784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5204 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:1
  2⤵
  PID:2928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5192 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:1
  2⤵
  PID:4808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5372 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:1
  2⤵
  PID:1848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5396 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:1
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5412 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:1
  2⤵
  PID:1356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6032 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:1
  2⤵
  PID:5368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5924 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:1
  2⤵
  PID:5492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6404 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:1
  2⤵
  PID:5552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6604 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:1
  2⤵
  PID:5836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6780 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:1
  2⤵
  PID:5964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6540 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:1
  2⤵
  PID:6044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6896 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:1
  2⤵
  PID:6132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7276 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:8
  2⤵
  PID:5908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=7624 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:1
  2⤵
  PID:816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=7780 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:1
  2⤵
  PID:3404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=7704 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:1
  2⤵
  PID:5512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=8056 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:1
  2⤵
  PID:6080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=8016 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:1
  2⤵
  PID:6152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=8068 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:1
  2⤵
  PID:6168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=7748 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:1
  2⤵
  PID:6176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=8320 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:1
  2⤵
  PID:6200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=8336 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:1
  2⤵
  PID:6232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=8884 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:1
  2⤵
  PID:6640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=8908 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:1
  2⤵
  PID:6780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=9128 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:1
  2⤵
  PID:6864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=9300 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:1
  2⤵
  PID:6872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=8480 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:1
  2⤵
  PID:7020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=9792 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:1
  2⤵
  PID:7144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=9700 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:1
  2⤵
  PID:7152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=9628 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:1
  2⤵
  PID:7016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=10096 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:1
  2⤵
  PID:7244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=5020 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:1
  2⤵
  PID:7384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=9932 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:1
  2⤵
  PID:7472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=9420 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:1
  2⤵
  PID:7836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=10760 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:1
  2⤵
  PID:7912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=10904 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:1
  2⤵
  PID:8104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=10876 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:1
  2⤵
  PID:8172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=10912 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:1
  2⤵
  PID:7212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=11292 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:1
  2⤵
  PID:7464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=10100 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:1
  2⤵
  PID:7828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=11504 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:1
  2⤵
  PID:7992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=10252 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:1
  2⤵
  PID:4252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=11628 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:1
  2⤵
  PID:8200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11796 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:8
  2⤵
  PID:8208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11808 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:8
  2⤵
  PID:8216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11804 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:8
  2⤵
  PID:8472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=12100 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:1
  2⤵
  PID:8480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=12304 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:1
  2⤵
  PID:8612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=10244 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:1
  2⤵
  PID:8820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=12540 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:1
  2⤵
  PID:8852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=12664 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:1
  2⤵
  PID:8896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=7760 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:1
  2⤵
  PID:9036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=12824 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:1
  2⤵
  PID:9128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=7304 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:1
  2⤵
  PID:9208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=7844 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=7820 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:1
  2⤵
  PID:2860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=7096 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:1
  2⤵
  PID:6448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8008 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:8
  2⤵
  PID:5564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1940 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:7780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6788 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:8
  2⤵
  PID:5448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11508 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:8
  2⤵
  PID:7464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --mojo-platform-channel-handle=11364 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:1
  2⤵
  PID:6768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=11508 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:1
  2⤵
  PID:8888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=9628 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3192 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:8
  2⤵
  PID:8788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5912 --field-trial-handle=1856,i,4523890035436624860,7336338206681109287,131072 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:8732

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4924

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6504

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Software\" -spe -an -ai#7zMap16257:78:7zEvent5877
1⤵
PID:4728

C:\Users\Admin\Downloads\Software\1227006289.exe
"C:\Users\Admin\Downloads\Software\1227006289.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:6196
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6288

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
772424160a740ab46f10d75ee3f72e87

SHA1
ce1d08ca4145f6a14ce3727642af5a997f73d1e5

SHA256
00ee43ab7fd127a5e0b86cb4db053f67544834eac165db5b54f4b1d406952b84

SHA512
920600c6e67f96b735a40de5e0c4bc1c585f49dc7e92bb07295bc0fed6b1ec3814f5813690d169d574b7184a6cad67cbf97718c224b0cd95cf7df239ab536d88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

Filesize
20KB

MD5
8dc2756f85fccea2e456061d06bdea5e

SHA1
cdb7f846722ae88cfcca334697b1c61e7945d8ea

SHA256
ff17f0a5c2b621ce0625cfd2d947bf0eabf322c95a8e75a27f42d0722329ae9e

SHA512
585b17e9f72a35299cf49d23567dd29d1fbc70caef0c8374f20ed43c16bcfbbe0cb95107a88e3666b88c1d09263e2180771effeb9fdfdd8423cc08840dcf0d69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000058

Filesize
64KB

MD5
475b50689dfe5ac600b3de04ace088ea

SHA1
fbb328c285b985d98e436e1a2025dc2ef814f08d

SHA256
bb3580399452f7fc44aa591302242cc83e1a1c5daad646fcc2d1d3e81b9b7bc1

SHA512
55bef283c23fe00a25ab86c8e62df455236bb4a114d72da8986d0ab51b46567f195d35f94de1e133ae61e95d121de99938aa02e80abfd38c3c841fde9214c381

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006c

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000070

Filesize
199KB

MD5
585ac11a4e8628c13c32de68f89f98d6

SHA1
bcea01f9deb8d6711088cb5c344ebd57997839db

SHA256
d692f27c385520c3b4078c35d78cdf154c424d09421dece6de73708659c7e2a6

SHA512
76d2ed3f41df567fe4d04060d9871684244764fc59b81cd574a521bb013a6d61955a6aedf390a1701e3bfc24f82d92fd062ca9e461086f762a3087c142211c19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
e2901a812aebb5f39f50c3f3aabaf747

SHA1
133d5702463dd1afaf366ca197f2fccb847c5b76

SHA256
6c731dcb897953f64c60f30be6e1f34629909291e8578b2b90607efb4779962f

SHA512
d9acbf4543cd2567b107475363512f5759e4ed79e254025314a17271a1f92fd0af2d452e756a393f30200ff7d8c553204fb318373ab8238d75e720489537834a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
aa81ce4c192098f6590acefebec89ff5

SHA1
f7cd544a6774702b9476113a63a4dbe1d85dba18

SHA256
aa95fd4712f3491c720b2c107950d0f48528c838d4c9adb8c761bd62bc287d30

SHA512
a6bfacc09cfceec638dbf30cfda0dd93438616f3c86626aa7d1d2200886d5ecfc0bc05d813a43188c469b5455a97ea9abb00989810e323eee54632c744b9e2da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e8b8d46cd00c7cc096f053b521c36273

SHA1
01c6f921ab78af2c81b443354a7259f5acbc9b96

SHA256
ed5c258489b8af4c23abe78da2086ce5abe9c507ddb43c5dbf3868fc0d5a5d43

SHA512
bbf3ccbb78de44092ad6939cb88c0a277ace90a97093c395cdd1d7d2261bc222698ddf94e28deb68e6e2f90ea0e8faa118f77b984f8a628c0f744985b163d9b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
78707709886ec460058c9cbfe4cd08fd

SHA1
78569084fb25aa54ac2f6183d7d8b38747121e1a

SHA256
8056d47f0b4a09959f7f184054e2976bfe0b1ec9a5fedb03c0e65c8a83652bf9

SHA512
2932272008e10ae9e038c79c9883dd78d905f558fbc04bc19f106f4e651f413ffb373499d1c7fc5924d66d544736422b49ee4689af9617b502e2550f24953f45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
567bc02cb716d6a2dacafe8cc999f40a

SHA1
ffe49c9e937f45c858dac25a5006cc0cedc30512

SHA256
87311c4faa5ae80e24abe23d414424d67341172e469f98ba69eeb6158ef6afe0

SHA512
636935ee32f82a081cc47674b7b0e91b597dcbe69069a6682a50559da2f40ea2bce53f3218245d61e237b5c647f00df30a338a9a4a94c5e3b5204877c03076a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
24KB

MD5
8be3c75858c882c6b82b522a392a78e8

SHA1
4461c7205f6f4c1adae96e95d6ffa4ea5d9def19

SHA256
71053e872f9db41e2e1966b052e9f76a70bcace90c3bb5f70443bb65b499a384

SHA512
f2ab145693a5d6ab1efa541b49dfa794f31bd244b88c662bad40cd35ea2535ced0b8747506b12352b3fd4b2f992e823ebcdc35a7ad8889103a91fe711e3efa3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
27KB

MD5
036420a67536d1be3cf4bb710dbadc03

SHA1
6ef982d3a4ad618440aec5e74ff161f5b91f3090

SHA256
56300d82903775a4cac80f27d0a74df7d73c1c94aa625c1358074cf4f879c892

SHA512
31ab848d83cfc22a754529d1c9ff1edad3de1eb4b429350ce1dbdb8fd8af0170b929d6e748ec651c779c189bdcce9524e216c1eb6dd008feda301651ea75efb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
860B

MD5
cb4a8add581b4d5a0487ba999e121664

SHA1
801e28b760c858a6f14ea47a105e43af66b92a37

SHA256
e343ba9ea89fa0de6fbee89802f852af7b1080ee33e5c88509f71e46146ecf4a

SHA512
c7486778dde330576cde7e8537826ca66f6c4641b589790375a570c72f3f452c0284ea9c401cf9d8473a9388225d63575ded1d3b4d1b50a9133608c9f3517872

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
88f183d22ad72cb451aa6d8c343d41ec

SHA1
0bd368de3e044d9cfe213375e62a95f3a2c575a0

SHA256
f970d2912755d4c895a9d3b472c4daf4c5b2d3faf4eafad2ef7f1b000acbb8d0

SHA512
6eab370ed681d9c8e6b3e92c1b8a444161d371ec442c5f97846710ff179a09bb75f4e266fe6bb896c51807e2d1951871f064b2841a54cc97689687a71459b119

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
6855204433cd63e0cd93ae0749b76731

SHA1
75528bba3f952998d579c3f6e1e78753bbab4254

SHA256
272d97a787b7617f4fbe1c48b72baac11278d510db1f2784b2e3718d6d03e9d5

SHA512
1352c7e0fd5de8b4bd1ae2a85802cf6feeac8de288997598e55ce8c6c59276279a0b8cf53de6f257a6dffa6fac458b95972ebf688d2e0bec11a8203638aeb7b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
4181b2f28a4b8eb8eceaf6152ce4a800

SHA1
b8a53ebba94601aabc1dee940b4fad6f650ac95f

SHA256
f5f910e53c8dde7a57391440e0bbeb02dca567d047d4785e57172ee97b7111e1

SHA512
34bb3c25d55216ac6341848b23ff15b612b90256f56a58d87eb4a7c44b409772d903deeab205f14555cdfcda35029d535d7e02f2e8461acb515fa2416f166f36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
f9282a8dbafba86eaedd751e66ae2bbe

SHA1
daaaef7dc32712fdaa6d65339c1d0f3895ff4e44

SHA256
023fc8a636e22973a69fdd48662090e43fda50e0ee710785f100bb1aa839663a

SHA512
980896421532b8e57eafeb5d059cc02833f2da2bc4452ca320eb97cf7d2a7ef8e237b6af613983955a62247e2009abebba7861564a7ff5c53e24b4e50695ba75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
278811f2cf03ad3f1c2f7355d8736f83

SHA1
e937cbe979d65045bcc0db9a8f19ec6dfb5f9706

SHA256
98c7110e0efec7e392ccef9bfc5c44c306eb25738c417ade66ae594065bec8ab

SHA512
517cb9ea9048d96834e3c5b2c8d2c5c0b0a994eea53ad15183ae0d43b11150f0cd86a9881e434e823878cf2f3aed4f064b756e762f58809ba656650e08e71fb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
0d267792169d59b24091a6b5bec0bb34

SHA1
f0f6ed45587935bf0aada04ebae4834ee1c14e0f

SHA256
a04a849f6c98f079ff1600ca6e1a88b18a4662135011999c321018230d7957f7

SHA512
0de90055ed9fdb653148055fee54bde37741616a714d90dbd55bd70289169a17722ccb347daf66b4322eb9298071f43ecfc207d2b8cfa5e3eda69b8eaa85b0d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f7415b00dff0ae97553b1b199b86e6d1

SHA1
66305958f3ded91cd16f8db0fed5a537ab383d0c

SHA256
7e8a36d225f3e8ed4ea759e7b58320f2cd17e1b6526a59b083ceb0b876c9fbcd

SHA512
7ac5a78fec952fc8a3c72afdb6428ec902bd2a9741f00841d59594e9212bbb27e44a3c338c0a17c10c597d1794cdb225264c93f50ddd0845a7e7ed173bed34bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3159983c457f781b2b552e3db9ee0bc1

SHA1
621bf6b70446546a218d513fbce539917608809f

SHA256
baed10ee06b5a1cf5053154fbcc5d22d1db2ff83ffc61e9e3a7128e22e1f0ecf

SHA512
a50ad2c54d6842c76c77b69a60cf39504b52c1af942dd3315b1f57f8031566258466f02999de54eadf8f894826a1e92613eeb468296421f6a830d29a23704f2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
ce7393cd54ee8c45d07d2d8e82cddd3b

SHA1
e3f306aae8ed42662ed85ac8e3217b4658585c09

SHA256
d8400e6a6e1549131f7dd1cc38fd50e185c8966c8bdab7ca110d12978a07b3c0

SHA512
386397a3f739c436619943c7838672c15f18adfa38f5b74b94ae43b17fff715424e542016d7595c449228eebdd86cf924b0ea9bade8094b9192bab065f9f1b0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
47b9dfd3ec42a88ceac0e9d35fc1ab3e

SHA1
1908fa0e3af64003dcec61a85fe77101de06e025

SHA256
12724d76ca46c95eea05346412ab0f1efe6f0490c27b536aec4ec231bf117af8

SHA512
e4a5ba95ad74104bae692546b8c453424bcf83841662213867dcadb18dc53a53ebe462357501f9c53c6160f2e6f31958ac2f24e359704b6dd02946e99e3e34c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d125e117769d851aa604f7211ce3e976

SHA1
1067ec39fbed522173d30a3cd6877173d548375c

SHA256
5e7784aebac24c1893c24d540473873742573f68eba04cfde3d34984e77aa5a7

SHA512
a26c50af1556b28f9a4cee114ae952d89009c6c211920b99391b53181f34bca11adf2e782582006f03a6dfb2c5261a1065c86efd4bf6de48aa89d177c4f19976

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
618b9e9c9b39657a3a54f556a2b07fae

SHA1
7ba3ea20a987426642fa5f36c462bde4dc91296e

SHA256
d483762d2444421b8a798c3e8e986285e67c1862fa5ed622dc5869ce84f71454

SHA512
ee23543f1085b4c61c42e56f68978e22778c5f339caf608dae3cc2e3ad42daf3bcbe121f0cce0afd8def9dcf221287a06eba3bb1ada89504cf89e5d948802e82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
131KB

MD5
0cd3fd8a88dcef2fc23f79eefc52c7d7

SHA1
6e03ad5b23a05598e858495c682ddee9b4fbead7

SHA256
cd8e8ac2bf3719b28798a7122e1041db987a75d4bac35abfb56d375a001006b9

SHA512
4d029c0b0623e2766fb534f79e885d1b530ab6e1781b056734a1131bbcafa58d773b95ab200908c7d9a69ed7586774523cf97356758aa16f3a553acf259b2cfc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
131KB

MD5
50d2d6a435b8a222813f4a183af34e81

SHA1
38043062aebc1ed7c1282a589b45b7be968dd29a

SHA256
e47c6ac62ee268a61ec625e37724bcfd46659b4b1661bfb1cf78d9451d9439b4

SHA512
c477278b7209c443e95e256be42cd123d5e2a06f9b2b873e27f6b3dd2a6d34aff6cf62c6af80d62879b879d45cdde9cdc840d41df1b6a0ec9fd1878a0cb465da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
132KB

MD5
a50bd33ed10d45abebc7ec44da381c93

SHA1
72704c8472d047c657cbab3b078ea85f4b5a404b

SHA256
568cb3a57f6a8eb207b8fe58b05306fc9a76cf115640cc7cc4696b58a4af34fb

SHA512
c29775dc8261ba89b63fc3bce35abde2d058bbb83bc2c0385aff2310698636934b98fbc97504e9174f88ee11b8b5b332c9f17fdddf01128b30db42cbfcef7341

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
165KB

MD5
c0981d5fa9aca13df5226c7f8977ef09

SHA1
d8c57b6a82f7be7cf4377a09c36e9c9e9e27242a

SHA256
7b41e1b595a2cea659ae197d49d0abe06b847c6f9dbebc503ec561aa48cd7287

SHA512
bd07a9af62069a825f2de88293bd19a803537c010723b2f5b6c6f39053db68d48d41ee2ae821eb3d5eac1a3ec8d2a148f7f9874c381de0ae01f0556f56efb724

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
152KB

MD5
88c982c13036c6b154b9ec4d6b958945

SHA1
55f5c16caabcbfea7d314022b57a667468335329

SHA256
cf8d64099eb9eee875b23cd8e34f27efb0b04eec444442655c9a4a17e5c36af6

SHA512
745500caf844d2d68652ca73485f4022613e1c010acb4d550ea377e3a568c5e624ffe3d8e0c19b58ec2f50c1c51218e1dbe75e1811ed66d11ea59c9fff4e82db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
132KB

MD5
7361dcbfab27b8ac6ecd8496bb883d26

SHA1
788caf7eeb4cda2f886a02fa7761975b10ff6202

SHA256
2350e9b4242d94b70b81732879deedd396b8c993e29640959e561b5c1501af03

SHA512
0282f4f8faf5f4a96ca064a746fd907fba4721ab1aafaa38652d2e84a0d47320dda1dcaac54c0f02c4ab27c8795d1e58a520cb85358fad486f88d80a58650cae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
131KB

MD5
a628b0555ff6c627fd6050833a6dacde

SHA1
c10e44734356889119635e3052fd2fed8f277a8d

SHA256
861256fc8ad8bafaaaf8722b6eed95f3a84b4573b0f1b60cd31decf9d664fdfc

SHA512
85369b42b439a118d6584da61c7809e18cd651e245c2f976a25ec1084c650c1498a82fce4fe1fdd92b998d666a3ae31a0896b22b973ba18dc10f839dfa73ad87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
ac488cde40a6689869c15bfaed59769f

SHA1
7119c7261c6819d0bb0c571894913866a21559e4

SHA256
6b229cf05b6b2b9b360025ae4ef8e7afe24834d5da40d826c181ef08536c4380

SHA512
d4a5ed4dd0c7d03ea113aa3977d0e51b0f619e136ee2a6b0b043830f271657124e2a8732984ceb69c7bbd3ccfc1e2c965c90f97ac6c6cb882e03d09135bbe900

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
104KB

MD5
ae0d5d3a2a85a970cf29260e87467754

SHA1
0d7d380416cb0b6e742446b753d5dedb2edd7991

SHA256
1f4111c45beca454496d46faec5dbb773c23a71ad6e7e8325087d23eee14f056

SHA512
d28627afeb84ce3ff2051ab19d21437d55bc54f4f6f540da2eed3e04b1624778808091d51020815f737e330014d770005df81edec16a6f0714c67f548a76f9d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57cd23.TMP

Filesize
88KB

MD5
41eb56ee022078931e370f1ee50a27d7

SHA1
da4b021c438d949480f31279f006f34c090490b8

SHA256
ad213ad5f54e713f74d6e45a1fcd581297642111d7c7a323f02ec8c383e940c3

SHA512
20e73c2cf7eb1fe0fd8f27cdd674385ca4cc52e501070b8c286bc1640931c563ecf1def54053b12570da1afc4613321eea0622d708b0a92bdf3c4fbf8f1b756a

Download Submit
\??\pipe\crashpad_3024_LCXPGUTASIIEOVDK

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/6196-1160-0x0000000000730000-0x0000000000731000-memory.dmp

Filesize
4KB

Download
memory/6196-1158-0x0000000000730000-0x0000000000731000-memory.dmp

Filesize
4KB

Download
memory/6288-1166-0x0000000006650000-0x0000000006662000-memory.dmp

Filesize
72KB

Download
memory/6288-1167-0x00000000066B0000-0x00000000066EC000-memory.dmp

Filesize
240KB

Download
memory/6288-1162-0x00000000055A0000-0x0000000005632000-memory.dmp

Filesize
584KB

Download
memory/6288-1163-0x0000000005650000-0x000000000565A000-memory.dmp

Filesize
40KB

Download
memory/6288-1164-0x0000000006BB0000-0x00000000071C8000-memory.dmp

Filesize
6.1MB

Download
memory/6288-1165-0x0000000006730000-0x000000000683A000-memory.dmp

Filesize
1.0MB

Download
memory/6288-1159-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/6288-1161-0x0000000005C20000-0x00000000061C4000-memory.dmp

Filesize
5.6MB

Download
memory/6288-1168-0x0000000006840000-0x000000000688C000-memory.dmp

Filesize
304KB

Download
memory/6288-1169-0x00000000069B0000-0x0000000006A16000-memory.dmp

Filesize
408KB

Download
memory/6288-1170-0x0000000007350000-0x00000000073C6000-memory.dmp

Filesize
472KB

Download
memory/6288-1171-0x0000000006B80000-0x0000000006B9E000-memory.dmp

Filesize
120KB

Download
memory/6288-1172-0x0000000008960000-0x0000000008B22000-memory.dmp

Filesize
1.8MB

Download
memory/6288-1173-0x0000000009060000-0x000000000958C000-memory.dmp

Filesize
5.2MB

Download