f1869674010dd02af3862d3c6ac3c4f31bfe6e777fb0d93b06f8188463671f4b

Resubmissions

22-05-2024 23:02

240522-21dtyacd56 7

22-05-2024 22:49

240522-2rv2vsbh9y 7

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 23:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

temp.zip
Size

1.4MB
MD5

8f00f6ce32d4edc81570f61e749aaec9
SHA1

07117e00b59e3bf83f6341c791410fb1d1b00efe
SHA256

f1869674010dd02af3862d3c6ac3c4f31bfe6e777fb0d93b06f8188463671f4b
SHA512

d086952099c26dd21e15f8cb0e01dc198bfda9a471f9cd3ee4388344abb914f4bc7aa92829844a943b28cd468a54ae3616f45848249e9ccfdcbedbae154accd5
SSDEEP

24576:fv5OhiWG2H/4OolPUDxFh3E3F6mCeGJsh00voYVh/cNANBG2fHjfwgom:qiW3/dolPUDnhUwmZGd0v3cWNBG0l

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

Processes:

raLuyD.exeAutoIT.exeraLuyD.exe

pid process

4852 raLuyD.exe
6016 AutoIT.exe
5064 raLuyD.exe
Loads dropped DLL 6 IoCs

Processes:

raLuyD.exeraLuyD.exe

pid process

4852 raLuyD.exe
4852 raLuyD.exe
4852 raLuyD.exe
5064 raLuyD.exe
5064 raLuyD.exe
5064 raLuyD.exe
Looks up external IP address via web service 6 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

74 ipinfo.io
236 ipinfo.io
238 ipinfo.io
71 api.ipify.org
72 api.ipify.org
73 ipinfo.io
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

5616 4852 WerFault.exe raLuyD.exe

pid	process
4852	raLuyD.exe
6016	AutoIT.exe
5064	raLuyD.exe

pid	process
4852	raLuyD.exe
4852	raLuyD.exe
4852	raLuyD.exe
5064	raLuyD.exe
5064	raLuyD.exe
5064	raLuyD.exe

flow	ioc
74	ipinfo.io
236	ipinfo.io
238	ipinfo.io
71	api.ipify.org
72	api.ipify.org
73	ipinfo.io

pid	pid_target	process	target process
5616	4852	WerFault.exe	raLuyD.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133608926059498374"	chrome.exe

Modifies registry class 35 IoCs

Processes:

AutoIT.exechrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	AutoIT.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	AutoIT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	AutoIT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	AutoIT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	AutoIT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	AutoIT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	AutoIT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\NodeSlot = "4"	AutoIT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\MRUListEx = ffffffff	AutoIT.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	AutoIT.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic"	AutoIT.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	AutoIT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	AutoIT.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0	AutoIT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = 00000000ffffffff	AutoIT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	AutoIT.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	AutoIT.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings	AutoIT.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	AutoIT.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	AutoIT.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	AutoIT.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	AutoIT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	AutoIT.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1181767204-2009306918-3718769404-1000\{AED7F84F-A689-441E-8641-00858ACA7868}	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	AutoIT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	AutoIT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 14002e803accbfb42cdb4c42b0297fe99a87c6410000	AutoIT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff	AutoIT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	AutoIT.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	AutoIT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0 = 4e00310000000000b65868b8100074656d7000003a0009000400efbeb65868b8b65868b82e000000243302000000080000000000000000000000000000008256e300740065006d007000000014000000	AutoIT.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	AutoIT.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	AutoIT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	AutoIT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	AutoIT.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

2844 chrome.exe
2844 chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 30 IoCs

Processes:

chrome.exe

pid	process
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

7zG.exechrome.exeraLuyD.exe

description	pid	process
Token: SeRestorePrivilege	344	7zG.exe
Token: 35	344	7zG.exe
Token: SeSecurityPrivilege	344	7zG.exe
Token: SeSecurityPrivilege	344	7zG.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeCreatePagefilePrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeCreatePagefilePrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeCreatePagefilePrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeCreatePagefilePrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeCreatePagefilePrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeCreatePagefilePrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeCreatePagefilePrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeCreatePagefilePrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeCreatePagefilePrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeCreatePagefilePrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeCreatePagefilePrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeCreatePagefilePrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeCreatePagefilePrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeCreatePagefilePrivilege	2844	chrome.exe
Token: SeDebugPrivilege	4852	raLuyD.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeCreatePagefilePrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeCreatePagefilePrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeCreatePagefilePrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeCreatePagefilePrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeCreatePagefilePrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeCreatePagefilePrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeCreatePagefilePrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeCreatePagefilePrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeCreatePagefilePrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeCreatePagefilePrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeCreatePagefilePrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeCreatePagefilePrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeCreatePagefilePrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeCreatePagefilePrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeCreatePagefilePrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

Processes:

7zG.exechrome.exeAutoIT.exe

pid	process
344	7zG.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
6016	AutoIT.exe
6016	AutoIT.exe
6016	AutoIT.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe

Suspicious use of SendNotifyMessage 29 IoCs

Processes:

chrome.exeAutoIT.exe

pid	process
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
6016	AutoIT.exe
6016	AutoIT.exe
6016	AutoIT.exe
2844	chrome.exe
2844	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

AutoIT.exechrome.exe

pid process

6016 AutoIT.exe
2844 chrome.exe
2844 chrome.exe

pid	process
6016	AutoIT.exe
2844	chrome.exe
2844	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2844 wrote to memory of 3548	2844	chrome.exe	chrome.exe
PID 2844 wrote to memory of 3548	2844	chrome.exe	chrome.exe
PID 2844 wrote to memory of 4336	2844	chrome.exe	chrome.exe
PID 2844 wrote to memory of 4336	2844	chrome.exe	chrome.exe
PID 2844 wrote to memory of 4336	2844	chrome.exe	chrome.exe
PID 2844 wrote to memory of 4336	2844	chrome.exe	chrome.exe
PID 2844 wrote to memory of 4336	2844	chrome.exe	chrome.exe
PID 2844 wrote to memory of 4336	2844	chrome.exe	chrome.exe
PID 2844 wrote to memory of 4336	2844	chrome.exe	chrome.exe
PID 2844 wrote to memory of 4336	2844	chrome.exe	chrome.exe
PID 2844 wrote to memory of 4336	2844	chrome.exe	chrome.exe
PID 2844 wrote to memory of 4336	2844	chrome.exe	chrome.exe
PID 2844 wrote to memory of 4336	2844	chrome.exe	chrome.exe
PID 2844 wrote to memory of 4336	2844	chrome.exe	chrome.exe
PID 2844 wrote to memory of 4336	2844	chrome.exe	chrome.exe
PID 2844 wrote to memory of 4336	2844	chrome.exe	chrome.exe
PID 2844 wrote to memory of 4336	2844	chrome.exe	chrome.exe
PID 2844 wrote to memory of 4336	2844	chrome.exe	chrome.exe
PID 2844 wrote to memory of 4336	2844	chrome.exe	chrome.exe
PID 2844 wrote to memory of 4336	2844	chrome.exe	chrome.exe
PID 2844 wrote to memory of 4336	2844	chrome.exe	chrome.exe
PID 2844 wrote to memory of 4336	2844	chrome.exe	chrome.exe
PID 2844 wrote to memory of 4336	2844	chrome.exe	chrome.exe
PID 2844 wrote to memory of 4336	2844	chrome.exe	chrome.exe
PID 2844 wrote to memory of 4336	2844	chrome.exe	chrome.exe
PID 2844 wrote to memory of 4336	2844	chrome.exe	chrome.exe
PID 2844 wrote to memory of 4336	2844	chrome.exe	chrome.exe
PID 2844 wrote to memory of 4336	2844	chrome.exe	chrome.exe
PID 2844 wrote to memory of 4336	2844	chrome.exe	chrome.exe
PID 2844 wrote to memory of 4336	2844	chrome.exe	chrome.exe
PID 2844 wrote to memory of 4336	2844	chrome.exe	chrome.exe
PID 2844 wrote to memory of 4336	2844	chrome.exe	chrome.exe
PID 2844 wrote to memory of 4336	2844	chrome.exe	chrome.exe
PID 2844 wrote to memory of 2104	2844	chrome.exe	chrome.exe
PID 2844 wrote to memory of 2104	2844	chrome.exe	chrome.exe
PID 2844 wrote to memory of 4436	2844	chrome.exe	chrome.exe
PID 2844 wrote to memory of 4436	2844	chrome.exe	chrome.exe
PID 2844 wrote to memory of 4436	2844	chrome.exe	chrome.exe
PID 2844 wrote to memory of 4436	2844	chrome.exe	chrome.exe
PID 2844 wrote to memory of 4436	2844	chrome.exe	chrome.exe
PID 2844 wrote to memory of 4436	2844	chrome.exe	chrome.exe
PID 2844 wrote to memory of 4436	2844	chrome.exe	chrome.exe
PID 2844 wrote to memory of 4436	2844	chrome.exe	chrome.exe
PID 2844 wrote to memory of 4436	2844	chrome.exe	chrome.exe
PID 2844 wrote to memory of 4436	2844	chrome.exe	chrome.exe
PID 2844 wrote to memory of 4436	2844	chrome.exe	chrome.exe
PID 2844 wrote to memory of 4436	2844	chrome.exe	chrome.exe
PID 2844 wrote to memory of 4436	2844	chrome.exe	chrome.exe
PID 2844 wrote to memory of 4436	2844	chrome.exe	chrome.exe
PID 2844 wrote to memory of 4436	2844	chrome.exe	chrome.exe
PID 2844 wrote to memory of 4436	2844	chrome.exe	chrome.exe
PID 2844 wrote to memory of 4436	2844	chrome.exe	chrome.exe
PID 2844 wrote to memory of 4436	2844	chrome.exe	chrome.exe
PID 2844 wrote to memory of 4436	2844	chrome.exe	chrome.exe
PID 2844 wrote to memory of 4436	2844	chrome.exe	chrome.exe
PID 2844 wrote to memory of 4436	2844	chrome.exe	chrome.exe
PID 2844 wrote to memory of 4436	2844	chrome.exe	chrome.exe
PID 2844 wrote to memory of 4436	2844	chrome.exe	chrome.exe
PID 2844 wrote to memory of 4436	2844	chrome.exe	chrome.exe
PID 2844 wrote to memory of 4436	2844	chrome.exe	chrome.exe
PID 2844 wrote to memory of 4436	2844	chrome.exe	chrome.exe
PID 2844 wrote to memory of 4436	2844	chrome.exe	chrome.exe
PID 2844 wrote to memory of 4436	2844	chrome.exe	chrome.exe
PID 2844 wrote to memory of 4436	2844	chrome.exe	chrome.exe

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\temp.zip
1⤵
PID:4964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4252,i,7012731823941922179,12386606396608877869,262144 --variations-seed-version --mojo-platform-channel-handle=4248 /prefetch:8
1⤵
PID:4512

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2980

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\temp\" -spe -an -ai#7zMap31022:66:7zEvent11133
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:344

C:\Users\Admin\Desktop\temp\raLuyD.exe
"C:\Users\Admin\Desktop\temp\raLuyD.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:4852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 1812
2⤵
- Program crash
PID:5616

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff98f34ab58,0x7ff98f34ab68,0x7ff98f34ab78
2⤵
PID:3548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 --field-trial-handle=1968,i,58390277638454254,14108169829629627798,131072 /prefetch:2
2⤵
PID:4336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 --field-trial-handle=1968,i,58390277638454254,14108169829629627798,131072 /prefetch:8
2⤵
PID:2104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2228 --field-trial-handle=1968,i,58390277638454254,14108169829629627798,131072 /prefetch:8
2⤵
PID:4436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2988 --field-trial-handle=1968,i,58390277638454254,14108169829629627798,131072 /prefetch:1
2⤵
PID:1000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2996 --field-trial-handle=1968,i,58390277638454254,14108169829629627798,131072 /prefetch:1
2⤵
PID:4036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4372 --field-trial-handle=1968,i,58390277638454254,14108169829629627798,131072 /prefetch:1
2⤵
PID:5308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4528 --field-trial-handle=1968,i,58390277638454254,14108169829629627798,131072 /prefetch:8
2⤵
PID:5384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4652 --field-trial-handle=1968,i,58390277638454254,14108169829629627798,131072 /prefetch:8
2⤵
PID:5392

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 --field-trial-handle=1968,i,58390277638454254,14108169829629627798,131072 /prefetch:8
2⤵
PID:5732

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4900 --field-trial-handle=1968,i,58390277638454254,14108169829629627798,131072 /prefetch:8
2⤵
PID:5748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4724 --field-trial-handle=1968,i,58390277638454254,14108169829629627798,131072 /prefetch:8
2⤵
PID:5840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4564 --field-trial-handle=1968,i,58390277638454254,14108169829629627798,131072 /prefetch:1
2⤵
PID:5808

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4220 --field-trial-handle=1968,i,58390277638454254,14108169829629627798,131072 /prefetch:8
2⤵
PID:1848

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3512 --field-trial-handle=1968,i,58390277638454254,14108169829629627798,131072 /prefetch:1
2⤵
PID:3876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2488 --field-trial-handle=1968,i,58390277638454254,14108169829629627798,131072 /prefetch:1
2⤵
PID:5452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4960 --field-trial-handle=1968,i,58390277638454254,14108169829629627798,131072 /prefetch:8
2⤵
PID:5880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5156 --field-trial-handle=1968,i,58390277638454254,14108169829629627798,131072 /prefetch:8
2⤵
PID:5892

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5124 --field-trial-handle=1968,i,58390277638454254,14108169829629627798,131072 /prefetch:1
2⤵
PID:5684

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5492 --field-trial-handle=1968,i,58390277638454254,14108169829629627798,131072 /prefetch:1
2⤵
PID:5900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6040 --field-trial-handle=1968,i,58390277638454254,14108169829629627798,131072 /prefetch:1
2⤵
PID:2680

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 --field-trial-handle=1968,i,58390277638454254,14108169829629627798,131072 /prefetch:8
2⤵
PID:544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5624 --field-trial-handle=1968,i,58390277638454254,14108169829629627798,131072 /prefetch:1
2⤵
PID:5540

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5420 --field-trial-handle=1968,i,58390277638454254,14108169829629627798,131072 /prefetch:1
2⤵
PID:2212

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4748 --field-trial-handle=1968,i,58390277638454254,14108169829629627798,131072 /prefetch:1
2⤵
PID:5128

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=2508 --field-trial-handle=1968,i,58390277638454254,14108169829629627798,131072 /prefetch:1
2⤵
PID:5200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5368 --field-trial-handle=1968,i,58390277638454254,14108169829629627798,131072 /prefetch:1
2⤵
PID:6068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5976 --field-trial-handle=1968,i,58390277638454254,14108169829629627798,131072 /prefetch:1
2⤵
PID:3588

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5136 --field-trial-handle=1968,i,58390277638454254,14108169829629627798,131072 /prefetch:8
2⤵
PID:1092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5792 --field-trial-handle=1968,i,58390277638454254,14108169829629627798,131072 /prefetch:8
2⤵
PID:5704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5136 --field-trial-handle=1968,i,58390277638454254,14108169829629627798,131072 /prefetch:8
2⤵
PID:4268

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5792 --field-trial-handle=1968,i,58390277638454254,14108169829629627798,131072 /prefetch:8
2⤵
PID:5280

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3352 --field-trial-handle=1968,i,58390277638454254,14108169829629627798,131072 /prefetch:8
2⤵
PID:5768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5236 --field-trial-handle=1968,i,58390277638454254,14108169829629627798,131072 /prefetch:8
2⤵
PID:4772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5648 --field-trial-handle=1968,i,58390277638454254,14108169829629627798,131072 /prefetch:8
2⤵
PID:5808

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5880 --field-trial-handle=1968,i,58390277638454254,14108169829629627798,131072 /prefetch:8
2⤵
PID:5300

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=5888 --field-trial-handle=1968,i,58390277638454254,14108169829629627798,131072 /prefetch:1
2⤵
PID:5184

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=4220 --field-trial-handle=1968,i,58390277638454254,14108169829629627798,131072 /prefetch:1
2⤵
PID:6092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=5904 --field-trial-handle=1968,i,58390277638454254,14108169829629627798,131072 /prefetch:1
2⤵
PID:5744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5716 --field-trial-handle=1968,i,58390277638454254,14108169829629627798,131072 /prefetch:8
2⤵
PID:4432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6172 --field-trial-handle=1968,i,58390277638454254,14108169829629627798,131072 /prefetch:8
2⤵
PID:5268

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6356 --field-trial-handle=1968,i,58390277638454254,14108169829629627798,131072 /prefetch:8
2⤵
PID:524

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6348 --field-trial-handle=1968,i,58390277638454254,14108169829629627798,131072 /prefetch:8
2⤵
- Modifies registry class
PID:5276

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6504 --field-trial-handle=1968,i,58390277638454254,14108169829629627798,131072 /prefetch:8
2⤵
PID:4908

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5800 --field-trial-handle=1968,i,58390277638454254,14108169829629627798,131072 /prefetch:8
2⤵
PID:4684

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=6476 --field-trial-handle=1968,i,58390277638454254,14108169829629627798,131072 /prefetch:1
2⤵
PID:5984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=5528 --field-trial-handle=1968,i,58390277638454254,14108169829629627798,131072 /prefetch:1
2⤵
PID:3524

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=6304 --field-trial-handle=1968,i,58390277638454254,14108169829629627798,131072 /prefetch:1
2⤵
PID:1676

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=5188 --field-trial-handle=1968,i,58390277638454254,14108169829629627798,131072 /prefetch:1
2⤵
PID:4772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=6248 --field-trial-handle=1968,i,58390277638454254,14108169829629627798,131072 /prefetch:1
2⤵
PID:5840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=4956 --field-trial-handle=1968,i,58390277638454254,14108169829629627798,131072 /prefetch:1
2⤵
PID:5020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=4952 --field-trial-handle=1968,i,58390277638454254,14108169829629627798,131072 /prefetch:1
2⤵
PID:1260

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=5700 --field-trial-handle=1968,i,58390277638454254,14108169829629627798,131072 /prefetch:1
2⤵
PID:3444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=5652 --field-trial-handle=1968,i,58390277638454254,14108169829629627798,131072 /prefetch:1
2⤵
PID:1044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=5544 --field-trial-handle=1968,i,58390277638454254,14108169829629627798,131072 /prefetch:1
2⤵
PID:5452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=5300 --field-trial-handle=1968,i,58390277638454254,14108169829629627798,131072 /prefetch:1
2⤵
PID:1920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=6816 --field-trial-handle=1968,i,58390277638454254,14108169829629627798,131072 /prefetch:1
2⤵
PID:6092

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4400

C:\Users\Admin\Desktop\temp\AutoIT.exe
"C:\Users\Admin\Desktop\temp\AutoIT.exe"
1⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:6016

C:\Users\Admin\Desktop\temp\raLuyD.exe
raLuyD.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 4852 -ip 4852
1⤵
PID:5440

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
Filesize
59KB

MD5
7626aade5004330bfb65f1e1f790df0c

SHA1
97dca3e04f19cfe55b010c13f10a81ffe8b8374b

SHA256
cdeaef4fa58a99edcdd3c26ced28e6d512704d3a326a03a61d072d3a287fd60e

SHA512
f7b1b34430546788a7451e723a78186c4738b3906cb2bca2a6ae94b1a70f9f863b2bfa7947cc897dfb88b6a3fe98030aa58101f5f656812ff10837e7585e3f74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b
Filesize
104KB

MD5
a575c75e855b749d8b46d8589cbdac9d

SHA1
6d90aea8b146e782703284790eb305c6fc585df0

SHA256
5366c33acd3a75fbe2b66abec2f007eaf942b2fe3b0ffeae6d287f111a9fcbe4

SHA512
6b902ddec9bad3b5f44b7afa2d7111a6c9d7f6e0479e42d6f81e537021309d8c7a41d3da31c977f027978a1a9a374ed0b8a43e974bc6a18421d7c7ae31d83f9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d
Filesize
49KB

MD5
8991c3ec80ec8fbc41382a55679e3911

SHA1
8cc8cee91d671038acd9e3ae611517d6801b0909

SHA256
f55bacd4a20fef96f5c736a912d1947be85c268df18003395e511c1e860e8800

SHA512
4968a21d8cb9821282d10ba2d19f549a07f996b9fa2cdbcc677ac9901627c71578b1fc65db3ca78e56a47da382e89e52ac16fee8437caa879ece2cfba48c5a6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e
Filesize
80KB

MD5
4ff6a88a2bccebd6dd3f36a8a65b458a

SHA1
e28b0b61bbcd7c949b76766c60dad2e4d314c738

SHA256
9935603b77b8755425cc4d4006fafa38b0efcf68d5386e6a74f99668631f9f9b

SHA512
d4a8cc39874c3923767c5960ee2c9c1214c20499028b68d0d1ed64c48ee10065f6a64c0ee7c0bad2a2f45ff54410e4108e975a202df620874be5b3412dba0c3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f
Filesize
56KB

MD5
78c2b586d013f22c00a7fba84f1b17dd

SHA1
297e8185e03b95dc9ac1d3bd61d7fa6870af5e22

SHA256
296967c3f68bf40c880602e4f9332488b55e6b901d7f9abb0190d391e2c1895e

SHA512
6904ac1bc42db7d8e0b7470369dbd2de6936f90af3e00c247d773ef2b8c20cd4ba54ca6fd3983f37052f8d74faed449d14d790ba500ad0ac72a3d72dca82a077

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029
Filesize
143KB

MD5
d9288484587e11d913b64eb026427797

SHA1
9404e2a1f464fdca0478f5ff62c71c6bb8ac8ca8

SHA256
7ad8f63bde940b60d9fa386439bb1cfb0eebdbca3a42778c1b41655682b5220b

SHA512
d2bed01781cb41a8b785d17a123745363472067256e5eed0e5941e8b28f631f4578f488892eecb22395b733c2092432b37e01639f34e0dd503f67690747ed284

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a
Filesize
93KB

MD5
a19974dc8d1073f535ee60f49e76ae05

SHA1
e5951470eccb98b6686fcbf3b7bf9a2bc1d801e4

SHA256
14d6310487961549828ad6ae67173f71b081beb9439195e1f14cd8b7bf291141

SHA512
d3b35c0683f495a2f43647f77841dbeb544d6e60be8eaf7eed4b6192bb05931cd9fb0bbd307f490d0e188704c24772a972c092966675457c961d6237b250cf2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002d
Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000035
Filesize
30KB

MD5
28b9663c85f19833c132faa76d265ff4

SHA1
d2449036f55bf14432f12b1b5d27e9dd0218158d

SHA256
1961283ec96618b772e691db368e7f270c1c6d3e4e30f9e90628fd3be6f79c83

SHA512
43e9e340a7906a4b4eef98f7c044f88370d21f3650de385230343671621c371b5af1a5a74d2a003e538458e50b5950df295ed914811e6c421be6c1a31ce8afbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000037
Filesize
36KB

MD5
d90047f6a5198560aa5e6ed06599266b

SHA1
61914cd40f7fdf47df3e75c7915975867c6cc4cc

SHA256
4cc91b2645ae24db94e889c96e74ee32636c0186e9b88a65f4db95b36d2eb6f0

SHA512
6a54bd7da8a7d5a8cef217699ac7b891297dc64d79dacefbc303613075522c32cd96c6988d7da92f167f67652fe827f95b702bacf8ddf2e64c4a229fe636ea1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000039
Filesize
30KB

MD5
95abab7fff95e34f41b4bf83f05bf153

SHA1
680aca02e475e713d3b3c4771c676eb27fdeaa63

SHA256
547c8f1d343485073e08aae00815bac963a182977f04e2ce47b7d3dec66c04d6

SHA512
1f57f80f9356cd8da348c5e1f9dc465af4555919f14df2405de3f6d305b32e0d7c596360baecd6eb8e640515c895bd20c216eaa94e028a962f67778c178f648c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00007d
Filesize
76KB

MD5
e3f1db3f5539bca35c804cfe7518afdb

SHA1
b28cea30bb24770c3500772a3dc1a0350602b7f8

SHA256
d43b7309552eee5be18d1ad18d0035436eaec46917b060f1ee5b547ef2c4dfba

SHA512
193e57025a9731a691804a2c04fb85be4d1ff18d4a29ec1078d8b15a8d3761b01a391594acb21392fe956f5854040515c38811c2b1c6b4c458540bd560b9fd78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000088
Filesize
54KB

MD5
d2268f530894b7f5925ce33d530fc31a

SHA1
f824acfd607d9ea94381ab442c6ad7cff7f172cb

SHA256
6608786c37f4ab107ba0af2528481e4897814259c9150c5d9de9d5ae8acc90be

SHA512
951cc28929ec96938cf90f1f58f0ae5e53dbfa36a230dca3cc38175f9b0e25f23a3347377d0e098d8be5c9bceeaa73bf29585e5b50dea23d8301fcb4da7fe300

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00009c
Filesize
77KB

MD5
bdadff6217afb28642da1ffefb212f91

SHA1
710aaddd18e89dc6864bbc0baf4a17fb53a83f28

SHA256
96ab13428299fe6ca6754b8d8dbfaa76e75583f91b59e8870211369e78d6a8cc

SHA512
c9370f6933bf99080ad74bff4207f4a0746eae3c03d3b34f72493d092b6ad8f682391bf7e80629abb9900dca5fb9fba4fa2f08346b7f4c9a17c862673eb4f46c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000a3
Filesize
25KB

MD5
d8d49be136f9aeb9b7287e02fab158ff

SHA1
47613626703c4497f704f5bc47dfb4972cc9b53d

SHA256
15a78b53ccc015a7e1f4aef667389945321c4e657c93d3dc3bc69376cf81723c

SHA512
da67c85d0315a02562961530af97d14953a826e792db56f7b8f5a6c3bf8f39c7062d9f82552969bce01c33d6d7c0aff5fd51547ac1427a273701101cc42afcc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
4KB

MD5
24ab1c67c2edf95f3d04a8b94cff3d66

SHA1
912f21318084b80e7306b52e118aed237589df45

SHA256
8e6f2c9fc9c3322759c22ab3e0327c35029c7fb8999f8494cd2b96a4719c71ed

SHA512
9efa8800a262597bd676a14eb25ae0899f1319b6ee2a8f65bf8bf772b83ff87081d0063e335bdfc6ad53f61f431599c988cf49e95ff6e8b8b5d19c7fbec3c41d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
b8816ec1b29bfb1b88396d27a44d3e53

SHA1
e121ff86f193ebe217ed6b8911bebbe6df27fd64

SHA256
bb79362e8a2c526d7ab7b958e67fa484076d0cbad8c577a2f7e6ff34b9cef04c

SHA512
e3cfaf3315307c04b522005e735550323134cbf5fee265caa576a9d1785cf1485a40c748caf2c5c0922cb543081193189e4d6162b4043de7c55076d9010d3fa0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www2.personas.santander.com.ar_0.indexeddb.leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
6KB

MD5
e7ee500365b5ddc97e28a6c89961415d

SHA1
365240f6ed873e8b591576fbc00ddb466370965e

SHA256
555c17138f89ac42e7288cb9874b31e6fa78eb1e967bc96fc229c85253426b58

SHA512
f63aad6dec41c05227a949dba1b31ff97afb2a2ba3df6b7eb0eb883d943965edb1d5a20084566c0e2021e0c2d1addec45bce2caf74135156df8b6c7b73112157

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
192353c54ea10e7150347e91a9fa34b1

SHA1
90c7f8f2e991aa876417db4562dee33e546f79fb

SHA256
07425ea1c7d7c33d6090fab2740ec4b364d4e8698a0f1368070fc7a301e1d19c

SHA512
75e6d3c38f08aa9adab9599239dc901f01bb1878f9fb247c17c3065f1732371050864e18539533f1bc89b2fb20bcc2e868b7ab592c45b57c182b89024e4430b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
1e055f30c750835666d61bd9c6dd89dc

SHA1
1503852d0ff7984816fe9db8ad3b15bf1614952c

SHA256
c406e172ca7f2ae85d118b86b40e8f81856a52e524cfc2f00ffb2fa3daa4cf44

SHA512
82fe4450d9df6f44de25c1ba3ac3110d2f45e46a4395ecd6a76f18a1b1c17fcf536b8ac6d878685a23422178d088d1e27dbe5a3ca7801e33ac9bbe0101d16a58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
4KB

MD5
eeacae547f942824fd3d43565b4a1e56

SHA1
0f6e850da1637ef15a6d921c584b1f923e4dae61

SHA256
1272f9cd4465ad69fce9a147293dcf11038fa7af2caf8f13f60c17b4c69fac92

SHA512
f6a42527a2881ca9dcbf93a5aae35ec312ffd4831a9c3dfc5113a5402983d5f0419c5fc9202db46a29a73eb30cf9f2b9020d2917627d752d71858d4488ec2bdf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
4KB

MD5
4b00f5ebff30a5d85613f69fd0710ba8

SHA1
b5f15655a4ea224d950a81c68436df35d63cd005

SHA256
593a8da25b3be9ca3db0a6a819d210e308cf7add3c4b8f81a72ed6a6a84f166d

SHA512
684a9a7d241b7681fddb4a4f7f2bad5dc28ab4753e64679070919d06742c71131b3ab3b7b02b4201c8a86abab14e492dc4b132b85fd001d7afa4c0dc43febc69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
9d5fc958b9d2b9957de57c8cfe61887d

SHA1
04fa57ad2d0869d5ffbaac723d764a5f2e0302c4

SHA256
88b1340b5e182af9786c068e41529758285eac1e927ae02ab3ff5cd136f43db9

SHA512
db43d74b2d24348f302c31a08f911138a504e354bad47fda4498689b1fb9a8d438ae9d604f8a7d809938fa29f46a06859e14ad0f022880cca0e5d3a95a4cea0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
4KB

MD5
15419496201d140466e6c0219094d7e2

SHA1
63ec4d8f5bf85ad3e47e437ea3f4bbedc8d1675f

SHA256
ca75d8a2261ffbf9cdf8a617563930249780f014544bb4dea06becf29f8b1ef0

SHA512
8d8f1625906afede1bc30b8a35351ca9dc10045bdc2db4ad4c5eb2f136cad090af0b266f026d6c4cf65efb9c84bacb5f6ce7ba8904af09c9b3d77eaccf25afc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
bdb4111d117f9d511d3f1bbbe06207e3

SHA1
4f4d57d0c4355aa22ca4e5258a22f8cb12933f9e

SHA256
00ed48afbea9d7f6238fef7d845f2239659761283516674e0e0e9239b91d97c7

SHA512
35cd8c0898a5a35f602c5a7abe22a023a211449094f599cd318f096d5dfd91249a61455675dad00aa692e951526736306745fcdeacbd95ea2dea98899457e6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
325403c6c287256dd4d709ca73f28c4f

SHA1
78b566a1b61e08b6df1a9ebdf4f4231896ebdccb

SHA256
86480e31f3c0fe596be76b19036b3839c5cf207dbbeda10d027d1b61e04f3c77

SHA512
8edfb8742ca03fc71142787c7afb7d3c52b61a19fb03c22e70ed135392715d7055e268e80a40633cdcd463af383331331fd8181da8fd68c1f1deb1631fabcd57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
c5be7f0da9690b8396f06479fcae313d

SHA1
d2c1c2bfad2cfb769798da4c06946ee30ae5a2dd

SHA256
a90ec212e0eafd572c7c53e8140524234fb9637ce6ca2fc00d5f660c0b807085

SHA512
5e42228baaa2d887511e632624cca3fa3a39c4b2638162acc2a08fb95633ce5bc1e1d0ef796169ccdc281ff1443e5390a6087c3a098ec16c117ecc7aa6e502bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
6e862ea94b5cda54a1bee469ded01ca0

SHA1
b599402e216c2a692cace01a794f1af63e757497

SHA256
e3a68344da8ee2a3922fa463752dc3a5b99261426b17bbd68bce33e258bc9ecf

SHA512
9e54be89dc18821b3b0a9934ec14d67c8b8d7e6fe8c0335939ed6f2de38879511fd706719080799af469b9071e54ce8036919d5d579a18537441238562231129

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
8b93ec6411d8bdd3856ab49b417d2ed7

SHA1
baf90f2c278050920d0bf994c7352cb707b1a5d2

SHA256
8df5a238e52ed238885ae595a0cea965cdfe0fb2bf54287d85932f9deddf4bdc

SHA512
e36463245d76a4f1df2ae99d59644c54b768c3fc4adf7e533ef60eefda1b8adbbc76b085c8cbbb991fb145dd890b6b795a98534c26dbab59a5a3ac790ebd12a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
9475f8352594234b906707ed3d533470

SHA1
0cc9a174bde666a9d4e599d90ccd2fc92a5428ea

SHA256
a96951066474c23f2658659ec8a5c37abb29f59860fe3d7784048362cb6965d5

SHA512
a9222a63dde64a74d874f4a6bac4096a069f03b09d227193a8e6f13dc1e1175baab6d600716e624e539f70a2797adce813a0a8c3ec0307be574f045a6bebf8f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
2361bf2c01e41027616f8ec99fab7205

SHA1
145943e7a3e138c5c1c7673c9ab18365c63b7f34

SHA256
f5c81786766e37ae2d80b6137ffbbeb0239ab27f2f4161813da3bab9c5ecf162

SHA512
2ecbd33b74223b25b9668cef48e6f5288c4f58b46bcb3676344ed99d50864ed9ddf787acc769c8d61bc1cfaf41ca82c524b47aa146adb6514de7ae85c035ece3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
16KB

MD5
03362cf671789bc87c057a621bddc946

SHA1
89cdbd77e990aeca1bdac9b8c0f1f6c2603c2bdc

SHA256
175c8640726d1f224a48cfd0e951a29abda76f0ce3ee4aa7307ab5de27c8eee8

SHA512
1b691c32d7006dd3cf4ac5eed7bb5b3186d224718c693ff809e2db64657b61bcaecc291cacad203fcfdc53e8709eea59f903737e5b8abe1551fc6dfb5094d93e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
120B

MD5
ef7e992cbba21b77422a39fa0fa84725

SHA1
0c3f48335abeb197c6afe42f3f8cb6e35bf51b72

SHA256
406ba75e0d94baf1c02a929ff45b87dc9c22d93936a1cdb6869b626d9a2a15ff

SHA512
fb4a260458555cb7d07017c7ac928228b10ec447426e42e8c456a36a5152e29721c78c8455135a4d4d14dae551c452d1d57d918886fe5cfa01407e114b827eb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a1afb.TMP
Filesize
48B

MD5
29d58edf9a2f09aa0df019de9fb893c0

SHA1
3a2a99c5538111b423975292aac263c84549e26a

SHA256
aae098da09dc616d1a2b703fc21533a49d0349c0a11f897865783727b7f98cec

SHA512
d976cfe7c3b1ba639743fc5f7755df45a1e23e89bcf7955229f8c9a44ea7ca3a4100fc32ce6f52f6adf15a96de08167b172ae7206e07673d515dbe37d4a46040

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
260KB

MD5
7d0ff7d71fbb3b2e85aa6d51ac740e85

SHA1
f3c4ff285eca0ff2ac878e1fc2f073298e7fc0e0

SHA256
d02cfe7f3a567706b70395c32aec759ad4cecc7c8f688a008ad84e7f33909310

SHA512
1a6282247ee9630d646a183b877edc71f94201d33caa445911cfc1573798270e8a4a9812bafb25766531fce0d1cfa816f5fcdcf816e5f171ae55cbb3c3661203

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
260KB

MD5
f604dd41f77189832f7376e277deade9

SHA1
f111c1516723e69984bb496562c3231924bc8626

SHA256
ee300ed475827fb2627d24d994891011e62c2d8c0d29b1853297b6a85fbf32e8

SHA512
01d16320ce2581ec3bcb6e0751a824ca82361869a0cb86f0511ba64621beceb3b21a0f12aed161a61487a236893b3be6e34e7a79b9c80a0012dce7cf165e8a67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
260KB

MD5
e1247a94967031fe13d25776bddbfb92

SHA1
0edbf99940a4a3e3dd09a5828a657949fe1d7ccf

SHA256
d2cf2f53829acd9ef88586fe4f56fa1ede8b675af244c38b7fec98c41d16fd9e

SHA512
550b974e3969b33b53f195b111025561c6d01d803e2c753af236b30f14c16a6c35cfb11291c4de2926455eaac4be9ffabe64c10279bd650b23bee3bdaa196c78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
260KB

MD5
83d4744d4978975634da2fc69542361e

SHA1
6f5657efcfda079be4a78cf51bfc91547d97f301

SHA256
c29ea872b5d55afe8662c42ffca34a8a48f3b01546b56a70fe8d5b4db45c239e

SHA512
c962b325017cb3cb82e1f3f22538c6893369e9ae6bf8b6578ea34ceadfe6f9b89a190b17f738116e9de2cbba47993b4e62d2ca121111363b887c7d64806c9341

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
93KB

MD5
f20be9fb8c79a68f1adb48dc3277f551

SHA1
c54a8d47e1e3351cfd599efd54de4beb8430a10a

SHA256
0c04b39164607404fc7bc34c23cae3e85ccc30c30b41a95fa4e733e141da3374

SHA512
c91dfb4ef5a3bc3440ae188e72189637fa94352c9240622adae9b08b883694e2309f420736ae76ecbb9e9a2bf1392cc0aa7d4800aed47d378b730a0c2bd2c5ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5922e0.TMP
Filesize
88KB

MD5
c6b38ea71da22ef6f66e066280664838

SHA1
de1b1bc824aa95df598b76c143d0e771ccf2e1cd

SHA256
61163899e4d768991e2b26317bd04b7b28b5f52a1884a01819a7873fc3b53987

SHA512
c5b7b3f3c4f470e8a0b611886b9ceee1f8cdbe2d4334995966e54b2dbce2b423fd943f5872a16e191bade372fe58e74a4c3bb0282cc7b92d19043e1ced4b88b0

Download Submit
C:\Users\Admin\Desktop\temp\AutoIT.exe
Filesize
925KB

MD5
0adb9b817f1df7807576c2d7068dd931

SHA1
4a1b94a9a5113106f40cd8ea724703734d15f118

SHA256
98e4f904f7de1644e519d09371b8afcbbf40ff3bd56d76ce4df48479a4ab884b

SHA512
883aa88f2dba4214bb534fbdaf69712127357a3d0f5666667525db3c1fa351598f067068dfc9e7c7a45fed4248d7dca729ba4f75764341e47048429f9ca8846a

Download Submit
C:\Users\Admin\Desktop\temp\RenameFile.a3x
Filesize
686B

MD5
a73c542e3bcf9837dcefafc7b1b5c001

SHA1
8cdf752a5a398a65323af007531b6f5ee5adcdd3

SHA256
d535702273310c87ae55afe9daba4e70691b9de58027e8912561865ba2887ec7

SHA512
f124da0e93e8835f05228def8510d07a2c5ee18d8355904e1016df0b659ba6dedc3b03cf14790ddeeb818b07a77b2b666a7eabed37cf4afe9f904f0c048d48b6

Download Submit
C:\Users\Admin\Desktop\temp\msedge_elf.dll
Filesize
648KB

MD5
c7f7be891174ab1ab656a6edd7a27ba8

SHA1
49af07b3bb1f0be88016661e0b8e15072c297fc5

SHA256
77b13d026c317acd128a081653238488061eb83c9a05a87c7cf42eee10aae7b1

SHA512
3082d44d5064ca6b26e6b8f0543562f73b6622d4a106a25fc44db2aef5cdfb10d083a06091b0297652f00c1074c2e40b86b8570bb2880c094e74a88f912c0337

Download Submit
C:\Users\Admin\Desktop\temp\raLuyD.exe
Filesize
1.1MB

MD5
436671a4dce78ae4ecc22924984d301c

SHA1
b8563d24c175092b182039e787ea291fbf7f808a

SHA256
e1173137f4d966e13c7c7a6acdea6579fe569e565109b006fa9f8adcbbb2f1e7

SHA512
cc6bf278395d8164cbaea95460883489b0e72869501fc9e26cc3e4504438185f580afb92fd48b03c033b85d963c747a049b5d10690ad96f68f551d96d9e28ef1

Download Submit
\??\pipe\crashpad_2844_MGBHVRECVIENKXVM
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/4852-16-0x0000000002B20000-0x0000000002B3E000-memory.dmp

Filesize
120KB

Download
memory/4852-88-0x00000000057A0000-0x0000000005D44000-memory.dmp

Filesize
5.6MB

Download
memory/4852-14-0x0000000005040000-0x00000000050EE000-memory.dmp

Filesize
696KB

Download
memory/4852-15-0x0000000075B60000-0x0000000075C0E000-memory.dmp

Filesize
696KB

Download
memory/4852-17-0x0000000009810000-0x00000000098A2000-memory.dmp

Filesize
584KB

Download
memory/5064-62-0x0000000075B60000-0x0000000075C0E000-memory.dmp

Filesize
696KB

Download