43adf87d5486202112a4bdea368abc46b5fb6f2ae2a6083b8a87e18723b2feee

Resubmissions

22-05-2024 09:47

240522-lses9sba38 4

22-05-2024 09:35

240522-lketasah4t 10

Analysis

max time kernel
604s
max time network
599s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
22-05-2024 09:35

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

dugga_848274.gz
Size

5KB
MD5

7867d29c88ed216103feb5021f01ebf8
SHA1

543af5ce7d60b6bf66d44d6bc42515d7fc97e796
SHA256

43adf87d5486202112a4bdea368abc46b5fb6f2ae2a6083b8a87e18723b2feee
SHA512

f0a22affd6b56154e0ad15a28fadedbc1977fc1fe72b6280d3d87c72ad8d7df1b3a465d9532869a30c09e88cd35ab0f0f6ed188513a38a5ae090d575797354a9
SSDEEP

96:xUS0wqaXc0hWp9nVRcerCWZIIvj2y/dT2/7HpPotQWtfDmDa:xUncc79VierCW7vj9/Q/7pKQULf

Score

10^/10

discovery evasion exploit trojan upx

Malware Config

Signatures

UAC bypass 3 TTPs 1 IoCs
evasion trojan

Bypass User Account Control
T1548.002

Disable or Modify Tools
T1562.001

Modify Registry
T1112

Processes:

Illerka.C.exe

description ioc process

Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" Illerka.C.exe
Possible privilege escalation attempt 3 IoCs
exploit

Processes:

icacls.exetakeown.exetakeown.exe

pid process

4196 icacls.exe
5816 takeown.exe
6068 takeown.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	Illerka.C.exe

pid	process
4196	icacls.exe
5816	takeown.exe
6068	takeown.exe

Executes dropped EXE 11 IoCs

Processes:

Gas.exeIllerka.C.exePCToaster.exePCToaster.exeTaskILL.exeTaskILL.exeTaskILL.exeTaskILL.exeTaskILL.exeTaskILL.exeVeryFun.exe

pid	process
5156	Gas.exe
5884	Illerka.C.exe
5168	PCToaster.exe
5008	PCToaster.exe
1588	TaskILL.exe
3884	TaskILL.exe
388	TaskILL.exe
5948	TaskILL.exe
684	TaskILL.exe
3084	TaskILL.exe
5628	VeryFun.exe

Modifies file permissions 1 TTPs 3 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

icacls.exetakeown.exetakeown.exe

pid process

4196 icacls.exe
5816 takeown.exe
6068 takeown.exe

pid	process
4196	icacls.exe
5816	takeown.exe
6068	takeown.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\Downloads\Unconfirmed 919497.crdownload	upx
behavioral2/memory/5628-2012-0x00000000000C0000-0x00000000006FD000-memory.dmp	upx
behavioral2/memory/5628-2100-0x00000000000C0000-0x00000000006FD000-memory.dmp	upx

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

Illerka.C.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Illerka.C.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	Illerka.C.exe

Drops desktop.ini file(s) 1 IoCs

Processes:

Illerka.C.exe

description ioc process

File created C:\Users\Admin\Downloads\desktop.ini Illerka.C.exe
Enumerates connected drives 3 TTPs 2 IoCs
Attempts to read the root path of hard drives other than the default C: drive.

Query Registry
T1012

Peripheral Device Discovery
T1120

System Information Discovery
T1082

Processes:

takeown.exetakeown.exe

description ioc process

File opened (read-only) \??\V: takeown.exe
File opened (read-only) \??\V: takeown.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service
T1102

Processes:

flow ioc

40 raw.githubusercontent.com
48 raw.githubusercontent.com
49 raw.githubusercontent.com
242 raw.githubusercontent.com

description	ioc	process
File created	C:\Users\Admin\Downloads\desktop.ini	Illerka.C.exe

description	ioc	process
File opened (read-only)	\??\V:	takeown.exe
File opened (read-only)	\??\V:	takeown.exe

flow	ioc
40	raw.githubusercontent.com
48	raw.githubusercontent.com
49	raw.githubusercontent.com
242	raw.githubusercontent.com

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

Processes:

resource	yara_rule
behavioral2/memory/5628-2100-0x00000000000C0000-0x00000000006FD000-memory.dmp	autoit_exe

Drops file in System32 directory 2 IoCs

Processes:

chrome.exe

description	ioc	process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Suspicious use of SetThreadContext 2 IoCs

Processes:

VeryFun.exe

description	pid	process	target process
PID 5628 set thread context of 2672	5628	VeryFun.exe	cmd.exe
PID 5628 set thread context of 2448	5628	VeryFun.exe	cmd.exe

Drops file in Windows directory 2 IoCs

Processes:

VeryFun.exechrome.exe

description ioc process

File opened for modification C:\Windows\System.ini VeryFun.exe
File opened for modification C:\Windows\SystemTemp chrome.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

description	ioc	process
File opened for modification	C:\Windows\System.ini	VeryFun.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

vds.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	vds.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	vds.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	vds.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	vds.exe

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exefirefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Kills process with taskkill 1 IoCs
evasion

Processes:

taskkill.exe

pid process

5744 taskkill.exe

pid	process
5744	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133608444015911963"	chrome.exe

Modifies registry class 6 IoCs

Processes:

firefox.exeOpenWith.execmd.exeOpenWith.exechrome.exeOpenWith.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings	OpenWith.exe

NTFS ADS 44 IoCs

Processes:

chrome.exeIllerka.C.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Gas.exe:Zone.Identifier	chrome.exe
File created	C:\Users\Admin\Downloads\desktop.ini\:Zone.Identifier:$DATA	Illerka.C.exe
File created	C:\Users\Admin\Downloads\ResumeConfirm.htm\:Zone.Identifier:$DATA	Illerka.C.exe
File created	C:\Users\Admin\Downloads\StopMove.rar\:Zone.Identifier:$DATA	Illerka.C.exe
File opened for modification	C:\Users\Admin\Downloads\453468b86856665f2cc0e0e71668c0b6aac8b14326c623995ba5963f22257619:Zone.Identifier	chrome.exe
File created	C:\Users\Admin\Downloads\CompressDeny.M2TS\:Zone.Identifier:$DATA	Illerka.C.exe
File created	C:\Users\Admin\Downloads\DebugAdd.asp\:Zone.Identifier:$DATA	Illerka.C.exe
File created	C:\Users\Admin\Downloads\Gas.exe\:Zone.Identifier:$DATA	Illerka.C.exe
File created	C:\Users\Admin\Downloads\Grave.apk\:Zone.Identifier:$DATA	Illerka.C.exe
File created	C:\Users\Admin\Downloads\SkipUndo.mid\:Zone.Identifier:$DATA	Illerka.C.exe
File created	C:\Users\Admin\Downloads\StepUpdate.html\:Zone.Identifier:$DATA	Illerka.C.exe
File opened for modification	C:\Users\Admin\Downloads\PCToaster.exe:Zone.Identifier	chrome.exe
File created	C:\Users\Admin\Downloads\ConvertToStep.txt\:Zone.Identifier:$DATA	Illerka.C.exe
File created	C:\Users\Admin\Downloads\RepairJoin.pptx\:Zone.Identifier:$DATA	Illerka.C.exe
File created	C:\Users\Admin\Downloads\RestoreUndo.xltm\:Zone.Identifier:$DATA	Illerka.C.exe
File created	C:\Users\Admin\Downloads\SkipSearch.dxf\:Zone.Identifier:$DATA	Illerka.C.exe
File created	C:\Users\Admin\Downloads\UseConvertTo.pptm\:Zone.Identifier:$DATA	Illerka.C.exe
File opened for modification	C:\Users\Admin\Downloads\Illerka.C.exe:Zone.Identifier	chrome.exe
File created	C:\Users\Admin\Downloads\ExpandGrant.temp\:Zone.Identifier:$DATA	Illerka.C.exe
File created	C:\Users\Admin\Downloads\GroupDeny.kix\:Zone.Identifier:$DATA	Illerka.C.exe
File created	C:\Users\Admin\Downloads\RestartExport.mpv2\:Zone.Identifier:$DATA	Illerka.C.exe
File opened for modification	C:\Users\Admin\Downloads\TaskILL.exe:Zone.Identifier	chrome.exe
File created	C:\Users\Admin\Downloads\453468b86856665f2cc0e0e71668c0b6aac8b14326c623995ba5963f22257619\:Zone.Identifier:$DATA	Illerka.C.exe
File created	C:\Users\Admin\Downloads\CompareResize.lnk\:Zone.Identifier:$DATA	Illerka.C.exe
File created	C:\Users\Admin\Downloads\CopyStep.docx\:Zone.Identifier:$DATA	Illerka.C.exe
File created	C:\Users\Admin\Downloads\HideUpdate.vst\:Zone.Identifier:$DATA	Illerka.C.exe
File created	C:\Users\Admin\Downloads\ReadNew.ods\:Zone.Identifier:$DATA	Illerka.C.exe
File created	C:\Users\Admin\Downloads\TestDeny.exe\:Zone.Identifier:$DATA	Illerka.C.exe
File opened for modification	C:\Users\Admin\Downloads\Grave.apk:Zone.Identifier	chrome.exe
File created	C:\Users\Admin\Downloads\EnterUnblock.vstx\:Zone.Identifier:$DATA	Illerka.C.exe
File created	C:\Users\Admin\Downloads\EnterWrite.ram\:Zone.Identifier:$DATA	Illerka.C.exe
File created	C:\Users\Admin\Downloads\ExitConnect.midi\:Zone.Identifier:$DATA	Illerka.C.exe
File created	C:\Users\Admin\Downloads\MountLimit.i64\:Zone.Identifier:$DATA	Illerka.C.exe
File created	C:\Users\Admin\Downloads\RedoInitialize.png\:Zone.Identifier:$DATA	Illerka.C.exe
File created	C:\Users\Admin\Downloads\RedoResize.emz\:Zone.Identifier:$DATA	Illerka.C.exe
File created	C:\Users\Admin\Downloads\SendAssert.vstx\:Zone.Identifier:$DATA	Illerka.C.exe
File opened for modification	C:\Users\Admin\Downloads\453468b86856665f2cc0e0e71668c0b6aac8b14326c623995ba5963f22257619 (1):Zone.Identifier	chrome.exe
File created	C:\Users\Admin\Downloads\453468b86856665f2cc0e0e71668c0b6aac8b14326c623995ba5963f22257619 (1)\:Zone.Identifier:$DATA	Illerka.C.exe
File created	C:\Users\Admin\Downloads\AddClose.jfif\:Zone.Identifier:$DATA	Illerka.C.exe
File created	C:\Users\Admin\Downloads\DenyTrace.htm\:Zone.Identifier:$DATA	Illerka.C.exe
File created	C:\Users\Admin\Downloads\DisconnectNew.ps1\:Zone.Identifier:$DATA	Illerka.C.exe
File created	C:\Users\Admin\Downloads\LimitReceive.rtf\:Zone.Identifier:$DATA	Illerka.C.exe
File created	C:\Users\Admin\Downloads\SendExpand.inf\:Zone.Identifier:$DATA	Illerka.C.exe
File opened for modification	C:\Users\Admin\Downloads\VeryFun.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

chrome.exechrome.exeIllerka.C.exeTaskILL.exe

pid	process
476	chrome.exe
476	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
5884	Illerka.C.exe
5884	Illerka.C.exe
5884	Illerka.C.exe
5884	Illerka.C.exe
5884	Illerka.C.exe
5884	Illerka.C.exe
5884	Illerka.C.exe
5884	Illerka.C.exe
5884	Illerka.C.exe
5884	Illerka.C.exe
5884	Illerka.C.exe
5884	Illerka.C.exe
5884	Illerka.C.exe
5884	Illerka.C.exe
5884	Illerka.C.exe
5884	Illerka.C.exe
5884	Illerka.C.exe
5884	Illerka.C.exe
5884	Illerka.C.exe
5884	Illerka.C.exe
5884	Illerka.C.exe
5884	Illerka.C.exe
5884	Illerka.C.exe
5884	Illerka.C.exe
5884	Illerka.C.exe
5884	Illerka.C.exe
5884	Illerka.C.exe
5884	Illerka.C.exe
5884	Illerka.C.exe
5884	Illerka.C.exe
5884	Illerka.C.exe
5884	Illerka.C.exe
5884	Illerka.C.exe
5884	Illerka.C.exe
5884	Illerka.C.exe
5884	Illerka.C.exe
1588	TaskILL.exe
1588	TaskILL.exe
1588	TaskILL.exe
1588	TaskILL.exe
1588	TaskILL.exe
1588	TaskILL.exe
1588	TaskILL.exe
1588	TaskILL.exe
1588	TaskILL.exe
1588	TaskILL.exe
1588	TaskILL.exe
1588	TaskILL.exe
1588	TaskILL.exe
1588	TaskILL.exe
1588	TaskILL.exe
1588	TaskILL.exe
1588	TaskILL.exe
1588	TaskILL.exe
1588	TaskILL.exe
1588	TaskILL.exe
1588	TaskILL.exe
1588	TaskILL.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 57 IoCs

Processes:

chrome.exe

pid	process
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	476	chrome.exe
Token: SeCreatePagefilePrivilege	476	chrome.exe
Token: SeShutdownPrivilege	476	chrome.exe
Token: SeCreatePagefilePrivilege	476	chrome.exe
Token: SeShutdownPrivilege	476	chrome.exe
Token: SeCreatePagefilePrivilege	476	chrome.exe
Token: SeShutdownPrivilege	476	chrome.exe
Token: SeCreatePagefilePrivilege	476	chrome.exe
Token: SeShutdownPrivilege	476	chrome.exe
Token: SeCreatePagefilePrivilege	476	chrome.exe
Token: SeShutdownPrivilege	476	chrome.exe
Token: SeCreatePagefilePrivilege	476	chrome.exe
Token: SeShutdownPrivilege	476	chrome.exe
Token: SeCreatePagefilePrivilege	476	chrome.exe
Token: SeShutdownPrivilege	476	chrome.exe
Token: SeCreatePagefilePrivilege	476	chrome.exe
Token: SeShutdownPrivilege	476	chrome.exe
Token: SeCreatePagefilePrivilege	476	chrome.exe
Token: SeShutdownPrivilege	476	chrome.exe
Token: SeCreatePagefilePrivilege	476	chrome.exe
Token: SeShutdownPrivilege	476	chrome.exe
Token: SeCreatePagefilePrivilege	476	chrome.exe
Token: SeShutdownPrivilege	476	chrome.exe
Token: SeCreatePagefilePrivilege	476	chrome.exe
Token: SeShutdownPrivilege	476	chrome.exe
Token: SeCreatePagefilePrivilege	476	chrome.exe
Token: SeShutdownPrivilege	476	chrome.exe
Token: SeCreatePagefilePrivilege	476	chrome.exe
Token: SeShutdownPrivilege	476	chrome.exe
Token: SeCreatePagefilePrivilege	476	chrome.exe
Token: SeShutdownPrivilege	476	chrome.exe
Token: SeCreatePagefilePrivilege	476	chrome.exe
Token: SeShutdownPrivilege	476	chrome.exe
Token: SeCreatePagefilePrivilege	476	chrome.exe
Token: SeShutdownPrivilege	476	chrome.exe
Token: SeCreatePagefilePrivilege	476	chrome.exe
Token: SeShutdownPrivilege	476	chrome.exe
Token: SeCreatePagefilePrivilege	476	chrome.exe
Token: SeShutdownPrivilege	476	chrome.exe
Token: SeCreatePagefilePrivilege	476	chrome.exe
Token: SeShutdownPrivilege	476	chrome.exe
Token: SeCreatePagefilePrivilege	476	chrome.exe
Token: SeShutdownPrivilege	476	chrome.exe
Token: SeCreatePagefilePrivilege	476	chrome.exe
Token: SeShutdownPrivilege	476	chrome.exe
Token: SeCreatePagefilePrivilege	476	chrome.exe
Token: SeShutdownPrivilege	476	chrome.exe
Token: SeCreatePagefilePrivilege	476	chrome.exe
Token: SeShutdownPrivilege	476	chrome.exe
Token: SeCreatePagefilePrivilege	476	chrome.exe
Token: SeShutdownPrivilege	476	chrome.exe
Token: SeCreatePagefilePrivilege	476	chrome.exe
Token: SeShutdownPrivilege	476	chrome.exe
Token: SeCreatePagefilePrivilege	476	chrome.exe
Token: SeShutdownPrivilege	476	chrome.exe
Token: SeCreatePagefilePrivilege	476	chrome.exe
Token: SeShutdownPrivilege	476	chrome.exe
Token: SeCreatePagefilePrivilege	476	chrome.exe
Token: SeShutdownPrivilege	476	chrome.exe
Token: SeCreatePagefilePrivilege	476	chrome.exe
Token: SeShutdownPrivilege	476	chrome.exe
Token: SeCreatePagefilePrivilege	476	chrome.exe
Token: SeShutdownPrivilege	476	chrome.exe
Token: SeCreatePagefilePrivilege	476	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exefirefox.exe

pid	process
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
4768	firefox.exe
4768	firefox.exe
4768	firefox.exe
4768	firefox.exe
4768	firefox.exe
4768	firefox.exe
4768	firefox.exe
4768	firefox.exe
4768	firefox.exe
4768	firefox.exe
4768	firefox.exe
4768	firefox.exe
4768	firefox.exe
4768	firefox.exe
4768	firefox.exe
4768	firefox.exe
4768	firefox.exe
4768	firefox.exe
4768	firefox.exe
4768	firefox.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

chrome.exe

pid	process
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe
476	chrome.exe

Suspicious use of SetWindowsHookEx 32 IoCs

Processes:

OpenWith.exeOpenWith.exefirefox.exeOpenWith.exejavaw.exejavaw.exePickerHost.exeVeryFun.execmd.exe

pid	process
4192	OpenWith.exe
1876	OpenWith.exe
1876	OpenWith.exe
1876	OpenWith.exe
1876	OpenWith.exe
1876	OpenWith.exe
1876	OpenWith.exe
1876	OpenWith.exe
1876	OpenWith.exe
1876	OpenWith.exe
1876	OpenWith.exe
1876	OpenWith.exe
1876	OpenWith.exe
1876	OpenWith.exe
1876	OpenWith.exe
1876	OpenWith.exe
4768	firefox.exe
4768	firefox.exe
4768	firefox.exe
4768	firefox.exe
5136	OpenWith.exe
5320	javaw.exe
5320	javaw.exe
5320	javaw.exe
5320	javaw.exe
1072	javaw.exe
1072	javaw.exe
1072	javaw.exe
1072	javaw.exe
4856	PickerHost.exe
5628	VeryFun.exe
2448	cmd.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 476 wrote to memory of 1892	476	chrome.exe	chrome.exe
PID 476 wrote to memory of 1892	476	chrome.exe	chrome.exe
PID 476 wrote to memory of 568	476	chrome.exe	chrome.exe
PID 476 wrote to memory of 568	476	chrome.exe	chrome.exe
PID 476 wrote to memory of 568	476	chrome.exe	chrome.exe
PID 476 wrote to memory of 568	476	chrome.exe	chrome.exe
PID 476 wrote to memory of 568	476	chrome.exe	chrome.exe
PID 476 wrote to memory of 568	476	chrome.exe	chrome.exe
PID 476 wrote to memory of 568	476	chrome.exe	chrome.exe
PID 476 wrote to memory of 568	476	chrome.exe	chrome.exe
PID 476 wrote to memory of 568	476	chrome.exe	chrome.exe
PID 476 wrote to memory of 568	476	chrome.exe	chrome.exe
PID 476 wrote to memory of 568	476	chrome.exe	chrome.exe
PID 476 wrote to memory of 568	476	chrome.exe	chrome.exe
PID 476 wrote to memory of 568	476	chrome.exe	chrome.exe
PID 476 wrote to memory of 568	476	chrome.exe	chrome.exe
PID 476 wrote to memory of 568	476	chrome.exe	chrome.exe
PID 476 wrote to memory of 568	476	chrome.exe	chrome.exe
PID 476 wrote to memory of 568	476	chrome.exe	chrome.exe
PID 476 wrote to memory of 568	476	chrome.exe	chrome.exe
PID 476 wrote to memory of 568	476	chrome.exe	chrome.exe
PID 476 wrote to memory of 568	476	chrome.exe	chrome.exe
PID 476 wrote to memory of 568	476	chrome.exe	chrome.exe
PID 476 wrote to memory of 568	476	chrome.exe	chrome.exe
PID 476 wrote to memory of 568	476	chrome.exe	chrome.exe
PID 476 wrote to memory of 568	476	chrome.exe	chrome.exe
PID 476 wrote to memory of 568	476	chrome.exe	chrome.exe
PID 476 wrote to memory of 568	476	chrome.exe	chrome.exe
PID 476 wrote to memory of 568	476	chrome.exe	chrome.exe
PID 476 wrote to memory of 568	476	chrome.exe	chrome.exe
PID 476 wrote to memory of 568	476	chrome.exe	chrome.exe
PID 476 wrote to memory of 568	476	chrome.exe	chrome.exe
PID 476 wrote to memory of 3908	476	chrome.exe	chrome.exe
PID 476 wrote to memory of 3908	476	chrome.exe	chrome.exe
PID 476 wrote to memory of 4620	476	chrome.exe	chrome.exe
PID 476 wrote to memory of 4620	476	chrome.exe	chrome.exe
PID 476 wrote to memory of 4620	476	chrome.exe	chrome.exe
PID 476 wrote to memory of 4620	476	chrome.exe	chrome.exe
PID 476 wrote to memory of 4620	476	chrome.exe	chrome.exe
PID 476 wrote to memory of 4620	476	chrome.exe	chrome.exe
PID 476 wrote to memory of 4620	476	chrome.exe	chrome.exe
PID 476 wrote to memory of 4620	476	chrome.exe	chrome.exe
PID 476 wrote to memory of 4620	476	chrome.exe	chrome.exe
PID 476 wrote to memory of 4620	476	chrome.exe	chrome.exe
PID 476 wrote to memory of 4620	476	chrome.exe	chrome.exe
PID 476 wrote to memory of 4620	476	chrome.exe	chrome.exe
PID 476 wrote to memory of 4620	476	chrome.exe	chrome.exe
PID 476 wrote to memory of 4620	476	chrome.exe	chrome.exe
PID 476 wrote to memory of 4620	476	chrome.exe	chrome.exe
PID 476 wrote to memory of 4620	476	chrome.exe	chrome.exe
PID 476 wrote to memory of 4620	476	chrome.exe	chrome.exe
PID 476 wrote to memory of 4620	476	chrome.exe	chrome.exe
PID 476 wrote to memory of 4620	476	chrome.exe	chrome.exe
PID 476 wrote to memory of 4620	476	chrome.exe	chrome.exe
PID 476 wrote to memory of 4620	476	chrome.exe	chrome.exe
PID 476 wrote to memory of 4620	476	chrome.exe	chrome.exe
PID 476 wrote to memory of 4620	476	chrome.exe	chrome.exe
PID 476 wrote to memory of 4620	476	chrome.exe	chrome.exe
PID 476 wrote to memory of 4620	476	chrome.exe	chrome.exe
PID 476 wrote to memory of 4620	476	chrome.exe	chrome.exe
PID 476 wrote to memory of 4620	476	chrome.exe	chrome.exe
PID 476 wrote to memory of 4620	476	chrome.exe	chrome.exe
PID 476 wrote to memory of 4620	476	chrome.exe	chrome.exe
PID 476 wrote to memory of 4620	476	chrome.exe	chrome.exe

System policy modification 1 TTPs 1 IoCs
evasion

Modify Registry
T1112

Processes:

Illerka.C.exe

description ioc process

Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" Illerka.C.exe
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Views/modifies file attributes 1 TTPs 1 IoCs
evasion

Hidden Files and Directories
T1564.001

Processes:

attrib.exe

pid process

5112 attrib.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	Illerka.C.exe

pid	process
5112	attrib.exe

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3312

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\dugga_848274.gz
2⤵
- Modifies registry class
PID:2256

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
2⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:476

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7fff2328cc40,0x7fff2328cc4c,0x7fff2328cc58
3⤵
PID:1892

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1816,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1804 /prefetch:2
3⤵
PID:568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2116,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2108 /prefetch:3
3⤵
PID:3908

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2184,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2204 /prefetch:8
3⤵
PID:4620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3260 /prefetch:1
3⤵
PID:3116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3252,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3292 /prefetch:1
3⤵
PID:452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4496,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3572 /prefetch:1
3⤵
PID:3776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4648,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4636 /prefetch:8
3⤵
PID:3940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4624,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4784 /prefetch:8
3⤵
PID:3800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4300,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4608 /prefetch:8
3⤵
PID:4792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4460,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5040 /prefetch:8
3⤵
PID:3448

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4608,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4740 /prefetch:1
3⤵
PID:984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4952,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3272 /prefetch:1
3⤵
PID:1360

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5192,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5176 /prefetch:1
3⤵
PID:3348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3380,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5384 /prefetch:1
3⤵
PID:992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5320,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5440 /prefetch:8
3⤵
- NTFS ADS
PID:1944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3324,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3352 /prefetch:8
3⤵
- NTFS ADS
PID:1760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5344,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3480 /prefetch:1
3⤵
PID:1552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5624,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3444 /prefetch:1
3⤵
PID:1416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5780,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5792 /prefetch:1
3⤵
PID:3336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5952,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5740 /prefetch:8
3⤵
PID:340

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6056,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6052 /prefetch:8
3⤵
PID:4852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1164,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5932 /prefetch:8
3⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
PID:4628

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6000,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5964 /prefetch:1
3⤵
PID:4448

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5880,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5872 /prefetch:8
3⤵
- NTFS ADS
PID:836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=6308,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4292 /prefetch:1
3⤵
PID:5268

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6256,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3340 /prefetch:8
3⤵
PID:1360

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6132,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3520 /prefetch:8
3⤵
- NTFS ADS
PID:5260

C:\Users\Admin\Downloads\Gas.exe
"C:\Users\Admin\Downloads\Gas.exe"
3⤵
- Executes dropped EXE
PID:5156

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=5836,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5876 /prefetch:1
3⤵
PID:4340

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=5728,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6300 /prefetch:1
3⤵
PID:2108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=6248,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5496 /prefetch:1
3⤵
PID:5900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=5804,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4904 /prefetch:1
3⤵
PID:5480

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=5864,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3748 /prefetch:1
3⤵
PID:2964

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=5944,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6552 /prefetch:1
3⤵
PID:4068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=5652,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5360 /prefetch:1
3⤵
PID:4476

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=6092,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5808 /prefetch:1
3⤵
PID:3408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6788,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6792 /prefetch:8
3⤵
PID:1004

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6904,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6912 /prefetch:8
3⤵
PID:4720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=7008,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6792 /prefetch:1
3⤵
PID:2816

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=6240,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6264 /prefetch:1
3⤵
PID:2000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=7112,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6204 /prefetch:1
3⤵
PID:5888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5956,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6528 /prefetch:8
3⤵
PID:2972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5812,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6492 /prefetch:8
3⤵
PID:5612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6888,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5568 /prefetch:8
3⤵
PID:5608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5288,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6576 /prefetch:8
3⤵
PID:5540

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6884,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4296 /prefetch:8
3⤵
PID:4516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=4356,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6872 /prefetch:1
3⤵
PID:684

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3240,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6592 /prefetch:8
3⤵
- NTFS ADS
PID:5868

C:\Users\Admin\Downloads\Illerka.C.exe
"C:\Users\Admin\Downloads\Illerka.C.exe"
3⤵
- UAC bypass
- Executes dropped EXE
- Checks whether UAC is enabled
- Drops desktop.ini file(s)
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- System policy modification
PID:5884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=6252,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6332 /prefetch:1
3⤵
PID:1192

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=7076,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6856 /prefetch:8
3⤵
PID:796

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=7080,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5892 /prefetch:8
3⤵
PID:1964

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6280,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6344 /prefetch:8
3⤵
- NTFS ADS
PID:1456

C:\Users\Admin\Downloads\PCToaster.exe
"C:\Users\Admin\Downloads\PCToaster.exe"
3⤵
- Executes dropped EXE
PID:5168

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\PCToaster.exe"
4⤵
- Suspicious use of SetWindowsHookEx
PID:5320

C:\Windows\system32\icacls.exe
C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
5⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:4196

C:\Windows\SYSTEM32\attrib.exe
attrib +h C:\Users\Admin\Downloads\scr.txt
5⤵
- Views/modifies file attributes
PID:5112

C:\Windows\SYSTEM32\diskpart.exe
diskpart /s C:\Users\Admin\Downloads\scr.txt
5⤵
PID:1888

C:\Windows\SYSTEM32\takeown.exe
takeown /f V:\Boot /r
5⤵
- Possible privilege escalation attempt
- Modifies file permissions
- Enumerates connected drives
PID:5816

C:\Windows\SYSTEM32\takeown.exe
takeown /f V:\Recovery /r
5⤵
- Possible privilege escalation attempt
- Modifies file permissions
- Enumerates connected drives
PID:6068

C:\Windows\SYSTEM32\taskkill.exe
taskkill /im lsass.exe /f
5⤵
- Kills process with taskkill
PID:5744

C:\Users\Admin\Downloads\PCToaster.exe
"C:\Users\Admin\Downloads\PCToaster.exe"
3⤵
- Executes dropped EXE
PID:5008

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\PCToaster.exe"
4⤵
- Suspicious use of SetWindowsHookEx
PID:1072

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --field-trial-handle=3824,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6172 /prefetch:1
3⤵
PID:4188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6832,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6580 /prefetch:8
3⤵
PID:1504

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5876,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6224 /prefetch:8
3⤵
PID:784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5704,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6816 /prefetch:8
3⤵
PID:864

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6424,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=7044 /prefetch:8
3⤵
PID:1076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5608,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6948 /prefetch:8
3⤵
PID:1600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3376,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3480 /prefetch:8
3⤵
- NTFS ADS
PID:1784

C:\Users\Admin\Downloads\TaskILL.exe
"C:\Users\Admin\Downloads\TaskILL.exe"
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:1588

C:\Windows\SYSTEM32\mountvol.exe
mountvol c:\ /d
4⤵
PID:5256

C:\Users\Admin\Downloads\TaskILL.exe
"C:\Users\Admin\Downloads\TaskILL.exe"
3⤵
- Executes dropped EXE
PID:3884

C:\Users\Admin\Downloads\TaskILL.exe
"C:\Users\Admin\Downloads\TaskILL.exe"
3⤵
- Executes dropped EXE
PID:388

C:\Users\Admin\Downloads\TaskILL.exe
"C:\Users\Admin\Downloads\TaskILL.exe"
3⤵
- Executes dropped EXE
PID:5948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --field-trial-handle=4944,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6136 /prefetch:1
3⤵
PID:3848

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6120,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6440 /prefetch:8
3⤵
PID:5244

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=7092,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4312 /prefetch:8
3⤵
PID:2916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6992,i,11243687083593217191,4502255879733783774,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6436 /prefetch:8
3⤵
- NTFS ADS
PID:5208

C:\Users\Admin\Downloads\VeryFun.exe
"C:\Users\Admin\Downloads\VeryFun.exe"
3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:5628

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe"
4⤵
PID:2672

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe"
4⤵
- Suspicious use of SetWindowsHookEx
PID:2448

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
PID:5024

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
3⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:4768

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1960 -parentBuildID 20240401114208 -prefsHandle 1876 -prefMapHandle 1868 -prefsLen 25455 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6e26608a-827a-495b-9d04-ff203722e6bc} 4768 "\\.\pipe\gecko-crash-server-pipe.4768" gpu
4⤵
PID:5076

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2364 -parentBuildID 20240401114208 -prefsHandle 2356 -prefMapHandle 2352 -prefsLen 25491 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {501ac4eb-f046-4e9a-8856-f70c50aacfcd} 4768 "\\.\pipe\gecko-crash-server-pipe.4768" socket
4⤵
- Checks processor information in registry
PID:4508

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3208 -childID 1 -isForBrowser -prefsHandle 2980 -prefMapHandle 3136 -prefsLen 25632 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {10b513e4-58a3-4f10-84be-6a9124b410d6} 4768 "\\.\pipe\gecko-crash-server-pipe.4768" tab
4⤵
PID:2288

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2756 -childID 2 -isForBrowser -prefsHandle 3808 -prefMapHandle 2728 -prefsLen 30865 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc3ba9d8-ae74-4b4a-8a36-97874eb6b4e6} 4768 "\\.\pipe\gecko-crash-server-pipe.4768" tab
4⤵
PID:4456

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4684 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4680 -prefMapHandle 4676 -prefsLen 30865 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7494b849-f3e7-4259-b2ab-086a28848c4e} 4768 "\\.\pipe\gecko-crash-server-pipe.4768" utility
4⤵
- Checks processor information in registry
PID:5220

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5300 -childID 3 -isForBrowser -prefsHandle 5384 -prefMapHandle 5252 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b9fc336-5382-420e-996e-12013f5dc546} 4768 "\\.\pipe\gecko-crash-server-pipe.4768" tab
4⤵
PID:5860

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5596 -childID 4 -isForBrowser -prefsHandle 5516 -prefMapHandle 5520 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {33dea4aa-57cf-4ece-ada7-2e328e0340a4} 4768 "\\.\pipe\gecko-crash-server-pipe.4768" tab
4⤵
PID:5872

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5788 -childID 5 -isForBrowser -prefsHandle 5708 -prefMapHandle 5712 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cbebda64-63d7-4659-a108-870c28e48d90} 4768 "\\.\pipe\gecko-crash-server-pipe.4768" tab
4⤵
PID:5884

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6312 -childID 6 -isForBrowser -prefsHandle 6288 -prefMapHandle 6292 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b7abac9d-df16-4b3d-8ac7-ceb240174af7} 4768 "\\.\pipe\gecko-crash-server-pipe.4768" tab
4⤵
PID:5292

C:\Users\Admin\Downloads\TaskILL.exe
"C:\Users\Admin\Downloads\TaskILL.exe"
2⤵
- Executes dropped EXE
PID:684

C:\Windows\SYSTEM32\mountvol.exe
mountvol c:\ /d
3⤵
PID:5716

C:\Users\Admin\Downloads\TaskILL.exe
"C:\Users\Admin\Downloads\TaskILL.exe"
2⤵
- Executes dropped EXE
PID:3084

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4192

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:2012

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3216

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1800

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1876

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5136

C:\Windows\System32\vdsldr.exe
C:\Windows\System32\vdsldr.exe -Embedding
1⤵
PID:5596

C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
1⤵
- Checks SCSI registry key(s)
PID:1056

C:\Windows\System32\PickerHost.exe
C:\Windows\System32\PickerHost.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:4856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

File and Directory Permissions Modification

T1222

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
Filesize
59KB

MD5
7626aade5004330bfb65f1e1f790df0c

SHA1
97dca3e04f19cfe55b010c13f10a81ffe8b8374b

SHA256
cdeaef4fa58a99edcdd3c26ced28e6d512704d3a326a03a61d072d3a287fd60e

SHA512
f7b1b34430546788a7451e723a78186c4738b3906cb2bca2a6ae94b1a70f9f863b2bfa7947cc897dfb88b6a3fe98030aa58101f5f656812ff10837e7585e3f74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007
Filesize
40KB

MD5
5ce7bdeeea547dc5e395554f1de0b179

SHA1
3dba53fa4da7c828a468d17abc09b265b664078a

SHA256
675cd5fdfe3c14504b7af2d1012c921ab0b5af2ab93bf4dfbfe6505cae8b79a9

SHA512
0bf3e39c11cfefbd4de7ec60f2adaacfba14eac0a4bf8e4d2bc80c4cf1e9d173035c068d8488436c4cf9840ae5c7cfccbefddf9d184e60cab78d1043dc3b9c4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
Filesize
24KB

MD5
87c2b09a983584b04a63f3ff44064d64

SHA1
8796d5ef1ad1196309ef582cecef3ab95db27043

SHA256
d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0

SHA512
df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a
Filesize
69KB

MD5
0ed8278b11742681d994e5f5b44b8d3d

SHA1
28711624d01da8dbd0aa4aad8629d5b0f703441e

SHA256
354730711c3ca9845bf98ec5dfb58a16e50984f9edcf0e8f432742326334f8a2

SHA512
d296ab1f1b418b125f09598ca6645d984a1cf67092a914956b8879d285ee35521b408363b47da195de79086e3be3ed9b1709bc8f9cd2e32d5dccb720a010bc8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b
Filesize
325KB

MD5
4ab2ee5fa59e4fcb7ec5f84be4acbb0c

SHA1
595a00c4d39407e7313dbcaad336ae8769624525

SHA256
895d37c1eccd7e893f1efb94c0dea15df057e25e6bf5fcda56ed6dce77625156

SHA512
4205a8e731c8ad2f92c6f4b731001f2d61121f957d4a86578d116582867830ec87c16e7371d19f861862f82af0b9b1a45847723e1afff73fca528d783f4d6826

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c
Filesize
141KB

MD5
226e5fa924a01b4f6632abc495c63d58

SHA1
783f430336661d2e023c770b8b49de5435fb33f6

SHA256
a29d0ce1eed3ff81cc6a816495948e52e6f49c412c5bf40afd37e07b39ef0fff

SHA512
904e88e1d09cacc67745b9e670dc6f58d303adbfb3d813f3f98e5ab275e7dcef19552b459124a724438af092a9da44464800a26bcc49996fa26830613f8a7dd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027
Filesize
33KB

MD5
d989f35706c62ce4a5c561586c55566e

SHA1
d32e7958e5765609bf08dcdefd0b2c2a8714ce34

SHA256
375dfe942a03ee024b5cc827b3efda5550d13df7530281f50862ce3b33fcb716

SHA512
84b9347471279e53ec5f151caf47fd125b9c137d4bf550a873c8f46e269098ea5e2882b1dc1fe3b44095308df78f56d53674928f44a1e76d3bd7dc9d888d91dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028
Filesize
148KB

MD5
f785f43e3293564019ebb6507960fb45

SHA1
100e4100693e84097f1e441e0aeac030af0d6e6d

SHA256
e3321c1359990e75f29b8676c449719fae1b545d89506cca3c280de1ed5b2736

SHA512
d4d30c850657f9e5fea15d3f81cdf816ae5908f7678a91eb571cf9d95443f18517bfb2c4bb78cbc19196e65a5a01df52b35ada444f5450d5222d05e8aa3f7021

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031
Filesize
71KB

MD5
be4576d86b310308718b014834f5831a

SHA1
bfd90a0ee5feb66d0e50c906f2f955a4a24eb4ef

SHA256
e3ab38217a28f40bfe948a218d9e5e77baaf44a19b0bfdb87c787162fef31dee

SHA512
80f27a36a560dccdd4aa4fa7101a2051a35c378de15b22e957937b8e1a55fb56595bca786598ddcc126fc7f3f13019c76475c5ed0f081f303c208139820c4f41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
ad142ddea418d147a4e19dbd9b478503

SHA1
0b95a2065d514ed85b443d90b05256a87989c7f2

SHA256
4cdb9e64a97efaca49624fd4aeb203753782785c3f360e5e820ec968540dd7cd

SHA512
93c60c8afe9624f4475fb26d032d7020ed95fd2c02fe3a44d3f82b48286cd3b35355a3998e7ecdc1ce5c6f435d8fce0f7ea42e45cdc69bd3db1d560595bbad57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
a8469da3a1999baf7b3f150edb502286

SHA1
70e7a05ac40113e21f0cbe4206a59191e8206bfb

SHA256
8d36e9b7e33cf94d252e8d721bbbcfdf029d5377b6f860fa0f376c0d35aaed37

SHA512
9fddca07219c8725db7e7575c614542a3f614f3e50e13d54ca43c2d475eff8c7a47eaecdc3bf26f0f489e7bc9fcf4281fa28f1b6793d424842f5195311ad5a3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
be475884b80d8bb900b29fd260e80959

SHA1
b928e3f90c395ba1f14de9e00ce78d75acf0e227

SHA256
daddb01ae7e323b552d28ce157438fdf814d5b7d06c37ff2fd02ac78c9ea29e9

SHA512
0b121328ce4be4d949161b39382e8a9772a1ef605d5ba9d1ff9241baa81d2bedcae6479fb2fa8497447dcaaf6f9346eea2926802fef2fe32f9bc07e216c13c67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
0b95ff02118f0c67a851b28156dd7bdb

SHA1
463a2f53a7b328da2b85c425fcdf15f260bc043a

SHA256
4b96da8dbd1a1e390457cc6960133899052c78dcbd2db120dcf96b83095260f8

SHA512
ba537f05c569e3c480c868274ed05b4b7524b594f77837aa7c7f1e7da32f8881e697905f53e04486467bef056e2892f138d9241ff873044c4bb1c9a5b073075a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
11KB

MD5
c71862644831a89479a272a83cf1fa75

SHA1
a5085f2949c79ead4a77712584417bad0dcdbcc4

SHA256
87fda4db5b6c39ce354eca79d379c0a648bf9a068a0c5b89ed2c27dbb0df2572

SHA512
990875428683200cdc10b2bc5b0d9bd73439e6751bd554226fc43cce62ed357b0a416a05e7282bb1a1524395dbd7bdba5f0215f965a1775d787d534541650bf4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
32182c55aa33ddfb8785e73040f6767f

SHA1
b4b0f1161a02771df067378e8b9019785495e679

SHA256
ba7969e76736b102c175a33885ba976bb8c907fe6f1fe49002c15213bddea357

SHA512
6385ac687abe89014fb41ed54c84b2f10c6e1df12c872120b22b0cb9901e56166b12ca250888acf57a70c37d6fba510f2b0d9933bd42e3a1576af6e4b0602e40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
8KB

MD5
330b95a824374f752130a6f175ca072a

SHA1
a1875a32d70f67783a9fff9496e23a292a89232e

SHA256
ead3bbd4a596805c87a3f133d4ae4452b5903b1b875cbb4e85f6754133aa516a

SHA512
6e602c5f165b3636f6c7ae281513cfaa968381f72b3dd520683f12a6fcbaaa4646380b2c5514761c01a8b47f8b4e6a6a324968871819f4f049379ba84d4061dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
c2864155563a23da2dd4933362177804

SHA1
a77b7cab3a805fbb1bc7bfb9f8b6b17f41a7973d

SHA256
243481773efc732abfb643afd120ff0f42c821a0cc28df8efe27d13d25758740

SHA512
ebdad0d1fbccee592d9339893ea3c6838b74dd009baa095a2f02174953e9874af465a0902b4ba223c1b5d078aa03291c9350a975cee1de70635464dde66160a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
8d5dac8f60afc1e1cad279bfb7ed2ba6

SHA1
59750c428e25ba049a712cd58091d38654b7f606

SHA256
5aecfa567c1252ac76e62214248a2e67f8520d5977ebe5b9209b981c365b207d

SHA512
e9e823a444251d6879c29bdb399633951f2f37d9b786f0c34ebe7495c506ab8230906fbd849432266ebb93ada4f9cf1751c89eb283179086906d3ce8429fa25f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
016bdf753cb5ab49bfe9648c4672142e

SHA1
d1688083f05ed07c207e10fb85d4c7916264f506

SHA256
73c9a8807d27532ae7f64585f8a68042226a7c58ca20769e293b1092f5403924

SHA512
e872745fa7e8ae0970b893673262bcbe698df26f4bcf9ea99628920d13c5f6ddbda08ac93851075cf7d1739b1d58f8f1ec08faddeeb37965b7c13d8685d998ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
6d54ad5e60dff3d52cd318c6ec983fd1

SHA1
b581d3aa2d42cd4bf26201dd2479b71206ea356f

SHA256
fe45c3a650dc66ce64d38f420bed6da8eadc9cf7ccff2dffbd8a958622416558

SHA512
dee156687465439a7705637f37db05eced57409793223afcd37bf338f21b5bb8124037714fb2f3531ef1b2e48372a5dc2a481980b6fbcb178a7d00c8de0cfae7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
c32f3837afaca25b85d1d734cd77e72a

SHA1
e7690508bcdaa32404cdbf8f57152e7058787b5b

SHA256
31655d059d10708060955547f065afea5b913790ba653c93d54c82e7cb8fba94

SHA512
fabb042ca5d6048dc8e7653281f61ec1d61496dc366fd399539fb24eaf8ba74ecd543c64a29a990cc61fcaf7d9216cae39f7ca56c63e699ee4026c02447656a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
f4e5990cd7628669d962d2b7f136bdcd

SHA1
350de3950d277496a185f295a13f099a1aa7eb22

SHA256
f29d50ee42a23164e63483cebcc548606210c120b965f22c38cbd9620826dba4

SHA512
34c29ac87b8c31a4526106465de3afbef030451b0b95819ab54f4f141efef8a02fa486c05aad561d7a0ac89576e9cc8ac6b4724384550f1f174358de4a42a1e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
7e678c484eecc7c7f3a86c543e6a8802

SHA1
86e75b145ec21cb70b2a41a10ddb8cb84a6049a9

SHA256
d6e6e1a95c390374cf82ff3041ba4b1f45f321fd0b8d06aeff1267475514a324

SHA512
7ca791af6fc59082b607940cd7eadf109d03bdbaa04b1fe767aaf7d41366f467dd07988e579a48dd444f502547a9f3bdc5e731d901e68b7755d59c8e985decc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
e90bc9d8312198b42c0ece2a8ad97dd9

SHA1
78a559c2f62b2e8c1655921d14469c8d78c0055c

SHA256
ccd47ae6d48840185c45a3fbd265b57f96e3258a33dadc47e9806128e3000188

SHA512
f83ac9206cc1e00abaaed6c0a11589f1541df11d5ec586c79973f8567dbd392f6446cbc5735b46cd6194f93afe4d0c4a4589ef49b01f0aa91092b226831518e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
0a3cba0a71454a6226d1da301bbd2d6c

SHA1
826d02424c71dab06329a2a24edefccfa87b2365

SHA256
d1654bb316433f8896d6f36c57ab75dc2c988044f1ac736d68eeada58ba7df72

SHA512
cea4dce72fa54dd648f3e6cd728eaa21a18197a188c94af0577819a2ab01ff281ab4bc7419b1b9667d2b0cc3c245e53d1f73f97736ad636b854bb1c246a9437f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
ba2d10a539c24c956bf8fdd7c9181dd2

SHA1
1a477a3d6ff160afbaccf02f2f9d80a7b90de1ea

SHA256
549a0203ce8bdba6396621140fd78f79492e5f55e35a15c8b28eb8092a77145b

SHA512
65dcddfd6bc8d96183a0173594e13fbb8af9b08841a5841b3111a40c975b10046aef7f208d5d4970558caf1c198c0736daed69e7772259f0665047ee69480ca7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
3b7a4f9993917d458b6504291120769b

SHA1
f35021e98c72e5fa2456d3e0cc77dbd32fd3305a

SHA256
b1b5ed7452c683798d1979d52046faf8b54c88a0f08cffc898663a03743a81dc

SHA512
7bc993a115537cd43e2d3e19fd8fc9ef725d65a80160588545a5714f6c71b2f784ea86a9c49cbde50174ce4e161fdb3b444f8e0fe1d84469270d58d261f8d6ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
21113da1946dc5590d1a2b9b76395793

SHA1
5a521bbd6b6626ff82ca743056aac33cdfbb97e4

SHA256
c00ce4824395da0405fb7ea33c52d44d3526aa826bcadb4c9681bc2def7f116b

SHA512
19e4f27d05ccb68c8fb3c5f106826296ebd8513defd578e2059ed59fe59eecde9ba42825fe0ffb15e5980d5856416b2f95482bf64e52c0cd635c9cafa5669001

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
18181cbdef15ca303a41a36d69a3526f

SHA1
2665d56549652b3b73350ad90d1b763632d9f6ee

SHA256
df4f96d67d3218260bc674fe29a1c510a42888f555d91b209a83940ad56073c0

SHA512
7f17b82d25bb44c3d96dffef9517deaee90ecddfc8c515df85abd88aeeb0e26220fd4085fc3b849c4b7cb525b68053b5b1afae7f97383ef37ea79687123c51e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
811c842d30cc4e00785ef7195d5529d1

SHA1
07bb13afa4d407300cff878c5ff15fff3ccf5f20

SHA256
8a9038bfa4721ab47c0ea14d977860a7d8cf05ce8a0ceecec426b2cb5abaab9b

SHA512
5bc9983908e2cc88824251ed4853a815aae5c5208ab29d837af3d1feda26ba2ec4428f69a30c2e5ec350568a84f1800d30fc9dc48c4c39901f427dff9b808b0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
214f1f36db4c8ed75ecbfdfd030bf145

SHA1
e38cd21d31e72f5ced2bdbb025324de16967198c

SHA256
365557285269c1258913e48d85d586d47e40367b459facfa57d45e0cba145055

SHA512
a4ca859fd1ebabed1284407094d666cf95d670ffc39b7e66f0729a96dc229458c1b4854b0dc2cda1981b4d4372c424e6c8da99595281e6bd018da3b45bbffcbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
c89be49fcf6ce23b51acc1d188434cb5

SHA1
709f68fcf28c2249e599d073e9fb7e90a2f41f81

SHA256
3530e450c3460f64183143f735e9254708d6da8f526efd42cf10e2117ff3e3ab

SHA512
b60ace8ac1d69a7ed2ec54dcdf50f05b6e9c82a2dbbcd96a8219c1c6486873fd2e7a41e2148266e8319517350fc1ccae247d64b723287ec8be8122b8872a2fcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
19492769efa799673163335b37aeb9da

SHA1
f45d04831cc48e1ac68c9ef97f2fd06817446aef

SHA256
2b92694b6ff48b80b5a415c01d54f59670d3839e62e35ae922beb2bb4d86a855

SHA512
b56004132569fd2ab09ed5e6cdde6dc48be542243f813679f552af7f65301ba1cacace2fe11bc1365b2d65c5b7fbaf07e85a087bb44e8999c48ce4273efe4095

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
715060c4246323e71b0ddeb18fb378da

SHA1
edbd516755c7eecd2f155f37c8ec05516c320f50

SHA256
c5a95cff896091b37ae85fcf02e9590e7ad14d55003cf2a7664bb9c403139643

SHA512
ef6a50541d9f6d83a76c3ad6444d6c02e1184515c6c6b4e1120c2fbcc61990215c3a2a3a0228e2ffc5455aaceb0a7a1882722d76c1cb0250215d4553d3b96847

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
72a5ba04911a42cac26215f445edeb0e

SHA1
76ba907dfc59c57c222ea3544e074d78d1ffe39e

SHA256
1309e0b927acd7000eaee47a626f50961ac1d5ef6cf5b03898f36702280e3daf

SHA512
767afc94509547c49f6404842b30871ce811b6c9c594c3d71b12c09312808c298b43e7335984b0373cd04feadebb2f3fc4829ea0ced225fbdd53869ea92bba4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\bd32c84a-78cb-476d-8c2c-20c5b6c60b09.tmp
Filesize
11KB

MD5
0081cb76ae42bcb133dbd687409e452a

SHA1
8c3116d425c8bee06a9ddffa8e413b7c622a6386

SHA256
321d00b9b3aef27c58627f80b739fd7dacefc48595af18ef0e7ecad19024c69f

SHA512
9d7834cc61cd523740575a8ecf4e7495456520dfb5fc3ace5792f15f92b372e7bb166fe0fad08cec51482a685562c0e28a4ee4cbb27de6f6d6fe2d4ac4a0d3c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
3bdf8b17f068f344317c5766334798c1

SHA1
e435260c7ae2f98be9edec0ace87d6903774bf7a

SHA256
c705bc411e5ad1e9bd80fb4ea574e04e5abe1d9dbf644db01f35734def047d20

SHA512
7c36662f37e10274f2ba88442c1dacaea6f105d9ab2528f9028df6c099fd97701813472a32d05a6ec54aec970c235f1b2788a495c308516a883d6e87fa29cade

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
fe138172ff240874f946de36e607b418

SHA1
57c331f49a3539285a7a8b1680a3442935ba738d

SHA256
28394a57c3a16e40ae0a8a2ba4d5b602b6ed0d4db9c8471a33dc4045cad698ad

SHA512
959c66367d05db1c6064673bdb9fe56aa3f63552512ec9c7e2c3c636dc26ea6560a276b7379d65bf9eb3cae6809476d4a073b52a5979b048d1d68b8d2c53b2e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
11KB

MD5
5a71e9f55a432a46536804da15c564b8

SHA1
f0c0d636782fa1903a7e30363fd69da826b7bc9b

SHA256
b98f1d5ce9bbce3264ec55c8969e7cc2b54888cba44901f1c79c2e230d6a82b5

SHA512
9921f87494a72f725d5436073a0262942c051c9a3d559d4aa07c313db9de3006ddc6ec81c963dd739039314860d3d2d5c69b5e27f843d6de8eca7ef3f90a7253

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
ab2047d89bb95d1339c4670b2c27b193

SHA1
b4da11a94b38f4c455ff6136efaf22608e48e7e3

SHA256
cd433e84063f13c6bbdd63f282ffb63bf515a451afcb3daf960c798c9d2aa360

SHA512
a95182b6b4b5c9fce15f7e3dc01bdddfe18220eac7376ba60e07ed5305634d715f90be0c5873216407efa7523d94ca49711fe85df3336ba40c90cb1ac4202c2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
6ced2482789c5ec292152c8c9e50e420

SHA1
cc047e9a82c803aa359da0e180121308c19ccb53

SHA256
83b837d73f2e5d673d43d2dabbdc77a5d345408088b96dc4aaab03191f6d0f5e

SHA512
ca45961abc6f9fadba6c30e8896492ca2e091315d45bc8dfed5a3f0d0464231548674ea8681e7c260416e4945772653b356b5cff607dd3660c021ae47bab4ae4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
11KB

MD5
0be0760742b7c58d39756f331f2b7a43

SHA1
8e87a44fd47a9d62aae72c323c2b5f13a752890f

SHA256
a3214b1a9544f8933e1c4684038ecc887bb2cca58a331fb4364cdbe73ce438ed

SHA512
48ee882e0f0eaa46ab960109d6ce23c09cb75d6aa13380cbe6f83de0da152671a9a2d05ea10b345df84f0f4357a6f47f6624c497cb8923926e17d0078488a4e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
11KB

MD5
a2c49df5b57239bb6a8cb32d457aaa6e

SHA1
651978f9097721a9ecc4929b1485003b9311c762

SHA256
48612d1ff719b2408cb0acdff0fc312621b0f0f8bf509ac8e9f937e9bd1759bc

SHA512
36c7e2330fe86913e1e3ee36e43190e6817c6a665e0a5c96382af9164ce9ce7c517d7d01918960fa4713e68a0aa15f7bb833c09adfba42a506cffa804a055b21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
11KB

MD5
df0f2c4b9a1a4e05cb71ce04466003f7

SHA1
a4e913bbec92119c193ab08d9a7b130fb732a25e

SHA256
02bdcf33d9c60865bdd7a51ce37d2ada6e8e2ad8588f0af524ae31345dfd4401

SHA512
2fef9b6437448bf25e477420cf2f44d8a94fce1a0302596d4165df46c5ac5e67f3b426ce67a91bf861c1efe1a421893c15b514347114a00c81083285b1d40ab3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
11KB

MD5
4e83f4c8b42a738e85fb8c7c29bb7e8a

SHA1
75173b23410e5dd02958f45fbb5bbdef66c0ffc6

SHA256
2a3377c35c4f55ea4f59cd88673e9e2e706cd2d4a3b99a25620e16a489ff42f5

SHA512
bcaf19013d527419d3b65e1ad786e7c80f1e5a08ae610c6b9574703d46a2c4ea484c36c715f6e18a903432df0e94153d1d76a01c0df269609f9c67c6f8171595

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
11KB

MD5
8b41d684ebc8fb502030b185073a44db

SHA1
dafd70a2cd7caa54fd48a54b4bab331f81556f4a

SHA256
85063d859cc45c106cf08339fe28b18395e52755aa1d034249b2b810b78182c9

SHA512
b68e40d56b12cb45cab1e3b2cada3ab15208430169d49905d9abc70df4f7cf422249441b2c4bcfca4ea329d971f21275657c5764b85af0fe1ab5871ac802f95d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
11KB

MD5
03e0451bef06be7ac155eb4cea3f4b37

SHA1
e4c569002df6dc1dc9c133303d6a1b426e270f1a

SHA256
e290bf97faa83db7e6454548aa78a673df991659eb216faefdf32878af876022

SHA512
028ee86e8232242f6fa20ddfe9bbfd248aba0de98ff396592e95661797ef04d3ac0b2525e902efa0664e4fd9e801106cb0598ec84cb3b4dfb478c032e6bfe5d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
11KB

MD5
7de03ab2ccc69ff6d63b2a95987b39e5

SHA1
48301eeeb57b30abca4e7c1004bdeff8557de93b

SHA256
287441fcf22eeecdb7e7a628e8ff300ccb6bf29931d005a01420d3de12ddb995

SHA512
dc7d6aa0a1b7cb2f249b94ab8045149dccf71c2cff47fa169f7f2f0236430617e7bdf56e1778307df3b0e09f936cdeda26402da4d725fe03839f68bd36617359

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
11KB

MD5
2a4ee6a911948ad0061e4a24067bd662

SHA1
5f231532cf3795790596d70f275b7035c2e3fe0f

SHA256
393043ed102f8d7dfb4766e694ac419fec7fa590699f267dea9a796fa7e5c3e9

SHA512
360fae42d6c9176c8a556436dc1917a2885df36aacfa98054af77fba88aafbde42a383a0ecf635c5c2c88569176b2a054c193d6de61f9eb86f4eb49a32e3edd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
11KB

MD5
e677fb45c2f8b20973c8642ce87cd0a9

SHA1
909ecc5ac26c16fec0be4b5c058c6e41b7ed760c

SHA256
447d56c8f98ebeee890f83560321536af2744fee780383f88461144b25d6ddee

SHA512
fac34fc770d7b3150f4d4c30ac5d01be6c5b3790960ad18a6e8849bbd264d7eab753dff086accef44fc52c8998bc7d2ef4696df05fe8f4fe0a353259c12a3b57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
11KB

MD5
4d0d416f9ef76aa6adbcbe47d4bc4a08

SHA1
3ddd118528e67b278c4a24e2413b1665c6fdc786

SHA256
cbaf87ae73e57b1f82a962bc151fa539cf4e8b7588f9bb82d90832421c9a2486

SHA512
a1e05aa23d9a25848406b14dd9cfd07c00346c80e1e27006ef48b469c304e1b221893803df8a2b0f3e29045cc16b6efb2a57fc5060d7d161fb83ad2832d1c187

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
11KB

MD5
68900fb8660e94ea39947f4277d7da39

SHA1
af0e645743c639ed04d76228587c03ad14ca80f5

SHA256
c03ceff301a50bdd02ba611942eb973bfa43f0edd9b7c3312bf9a8351df97377

SHA512
33888ebbdaf87bacf43d5589174fa9b5ef25e1a7f16db1dc33519b2c7ded17a2a3c7f0c21c1b646422e7c27fe53c121a587016c58174f7f1c25544c514d17f69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
03b00c296a4a8f48fd8403519454824a

SHA1
7de7bdbf4bf6f517000f5aa7fff30dced17054c6

SHA256
345a003bc9d239e2b7ab759cd5a550fdd4120ae390ff35604a182e2b8989ab14

SHA512
ba707db432d845042a469c9f893ffdbc05e1af8534b7426fc2bccbc8ee9d6bf654ecf0e9ccc38a47d3d2fb323c0cda1abdddb81f359c5ade2866f53ce2456e50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
11KB

MD5
575f5fb6556462b28f7f9eb11f05b244

SHA1
8fe5bc22c1e12289dff216ca9667dc702a366121

SHA256
c0bb09b62bad23fdbe2c9249d270f3fbce40589a381efc514bbe1338e2fae8dc

SHA512
e2816cca0a1e7f5ec8286c90a814fb73acf6ec8fd1bc48cd4685ef2c0e32dcac4de8360a8023a103ec97296b721a6cf1c7bd4147356204855381949bb702d86d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
11KB

MD5
2d46ebdf6aedb42042bf2701a6795cd5

SHA1
12ec385e7180cbe8535440bc70d9768dbdedce10

SHA256
fd7bf126cac1c1f38fa6480fcfb0b199dadb67ccaf1d2ed7bb79937d177816cc

SHA512
69a2dd92705a4bbf8e5a57f6447750d6b95d674e28fff842ef94f317141d28fe1e5fc5aa01b6e22c82ef53b7ba65aab5b6546f94fee4430c8d06c02e2a13f462

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
11KB

MD5
5d509bff5236f0753d462049fcfcbc23

SHA1
48310505e92752e48e213ddd5df2c56b0ae60d08

SHA256
964407898d1c82b6c6b24f70f282626a6f840f11a3f22f0de3766cc0e2e36be6

SHA512
b94c7b44c5f32137a6d1679c0ce4fa1e4bb0d8276f9551919562341e10b5ce5803f15bf8af9935ab95ecd12ec280d40b3c794ab2a3981a926bee1bf03bcb7663

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
11KB

MD5
3fe984ad2cf1510f4397e39a62ea9d54

SHA1
8d56dcdcb4088739ee7ace6a36f0908f034c729a

SHA256
95aaf540a1ec68bfb9a3f651d641be779cae75f02dd774cc21c6c3de665bc7c3

SHA512
1049b3d517dca710a8b8af05708fde3b44ec14becf2acd1d344dd463c53c234b38ab9e3ca9704082056724b586514d4f27f6a409671d142f36db82205d2e7e17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
11KB

MD5
90d73eaad371108995d3f4fc56d29ce3

SHA1
0cf8596eea210b76a42091339d8b4a9648040224

SHA256
d9cd1274c6e1d3ac9df9953c22b6b9e218992aa5408c107012c5976eb57422c4

SHA512
8631e2bd8535fda1493ebb689f39f496c9ea6b5b5ade4a6f1a5ecbbe8f24ded17305e93d2edcc796de5a9b8a65a81ddc3f98aaa76b2d5154babea5170eb50703

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
11KB

MD5
4f906ec848d7c712399cecef89bedbf6

SHA1
c57381a57e396be3abae6add932df54ad1f7f142

SHA256
ad61f8775ff146de2c505a34642009386e1d8ebadde1bf8fee121c4655d3c7f4

SHA512
d0245dcff61871388309a2e33017b2de707fa632ea3c6018e1c2b1b170e341d2c493785d851f879d90d1e054b723fe764598c7cce1cbcd272a6334ac96f17ef7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
63c19391f124576aec88758755710595

SHA1
e0960a2037c92a6f6d50e3de1a39c9dc1b77c2d5

SHA256
7db539a50338c463dce40d818710859ab021f6d7d4152d7aba670da0be25e815

SHA512
4e277f8fe52d882e75f48835091ccc61dd38f59b2f9dae26b0d6273334429b40f011581eaceade3900b4e3428c37e60d41e84e0c442faf427c46f958c3d7a980

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt
Filesize
76B

MD5
a7a2f6dbe4e14a9267f786d0d5e06097

SHA1
5513aebb0bda58551acacbfc338d903316851a7b

SHA256
dd9045ea2f3beaf0282320db70fdf395854071bf212ad747e8765837ec390cbc

SHA512
aa5d81e7ee3a646afec55aee5435dc84fe06d84d3e7e1c45c934f258292c0c4dc2f2853a13d2f2b37a98fe2f1dcc7639eacf51b09e7dcccb2e29c2cbd3ba1835

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe5d98a9.TMP
Filesize
140B

MD5
b4417e6298ecf214e76ba5efea401eec

SHA1
5f3377fd94036195e399173dfb5ebca8006ac14b

SHA256
afbf9b5ac42f23d3146145ac77834d08bdbefee288c4282d49a3f4ceff430745

SHA512
03ee8ea0b1430da3868099112bc329ea5d9c74fe20d4db6713682f7c45c534b2f5a7f5c280acf7aca76b8fdff2d6dae42550896740842c9a9095550bcb2f605d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\cbb47781-c098-421d-9238-8f76a3064b8e.tmp
Filesize
11KB

MD5
1c442403e84ce28307856a793d33fac4

SHA1
c5b4fbea12e26c5e1ed7a6621e6e3e236627ce3c

SHA256
af89c3b2f2abf8e9e77400022f2100688ab85963185001a1a4e91a92cdfb2542

SHA512
1e824fb3ebae6d7490b6839e9877e764b09b8c38242d0d53bb4068a92bc29b050dc500234711e2339323049a81abe2b38f1517fc7a25bffb2d2f61245572a2e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\cd1d0074-38c9-4deb-a160-3fb64a9a5e60.tmp
Filesize
649B

MD5
235184e2c8b4b09e57c06e8039c34b52

SHA1
a548122133da5589c8f0d643051ba9e8c78798f2

SHA256
c16fc83e8d28c534915fe0ab954401e46663ed309e21408d786eb344d0cfc225

SHA512
7d68aee2a5399337459d4391ac08fab9840417e785c35fed64f80ae27c9a4bd71a36bbbe14961ddbf1d437f4c751af1dc0631ae86fb33edd3ae33f2689520255

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e34f3f60-d220-48a1-bf62-e071cd764127.tmp
Filesize
10KB

MD5
c11763b8c3920d720fe037759e13cbbd

SHA1
04a7ba1ab981b15cb02fad624564446c7f398bad

SHA256
388c90d75e1c2b7bc19a249c534e31bbf4910004a395b5bb384f37a8704b2401

SHA512
66b0e38baa8b5e244abc4a373e2ebf5970dbad225e502b8f971fadc9ce48ccb0234beea0c3e9cd8edb77729b337eceae8e844ccd9fb08be3627170cbdbb93e9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
152KB

MD5
5748291a0ff5455be4516847b7df12d8

SHA1
4d4e4589e994cee84f66509f6d7d943eb1d114f2

SHA256
817c4649cb58f4f06d7d8ddf42fe7f13cf7182205e89479e7ac64eccb0049514

SHA512
43183008f3bd9d4671dc8e069e0c95e523ba21b3f8a0feeee3b65723dd01358be4f780eb5cb20da5295c1556f9ede232343e09d043e52678c3edf10e6e0ea4dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
152KB

MD5
7d8e67bbd96581ebec7afe1ad4527d2d

SHA1
145a06cc60a741fe6382d9f214c9ea0f5ec5ec30

SHA256
c47cfcf4e16439d864446837a55c8efb1575ba9dd13e8f486485083ae32e3236

SHA512
a305f95018210134ec362aeb9305c89cea6565e2bcf3887964060fa99a0f1f531f6f20b3c0f49265004856861a34b4dac527a3145de8627a11331f1b687cc648

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
152KB

MD5
17d327636cde455341f5829b63ef7402

SHA1
7219e4ffe4c4ab9ad10ff9923d50a02aeb8ef4bd

SHA256
8924083ad1cc50cfe95121a12c4d015e745aff59bb561d8c052d99a15f9cb33f

SHA512
9fb2c8d5a1250e685a7ddc28de382cff56805bfc0ad3ca56934f8812e33ca33708f40135f368d164d809954208135740de08991df20092506d913fa4d0f53679

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
152KB

MD5
9bc0b87e42b3a52e3c3ab6a886db3499

SHA1
9744cb3ff9b84f26b07cdc9411279244653a0752

SHA256
8e5db6c662d29d6d6733b7015625b248ba434c306ee29d94595b2ec852e4a84a

SHA512
d2acd216fea9470a2caedece0de322157f0564c93e9b7203740a3e2560319895b2fc864d941162035e75eff0c8b76c674971a6582cdcba167694a69a3af7e5a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
152KB

MD5
efeedffba255673f0e08d50b62e2f334

SHA1
d0d22ad89a3835cce36d103688ec5b400ebc6feb

SHA256
02fdcea7e41565cf2120d34b5992faf3646cc3b5d48432234e9fe3892d701f9a

SHA512
0a9083c62de76c12e50cefcc7e7dfe7220b82b4973253b74b6fb279e6a3acb0a5c07473b8684c2680459d24baf02c7c5e2525b284a354372de6af0834013292b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
152KB

MD5
3584b2e85cc7856d376a9c04115b9a77

SHA1
5e20692be09b582200658b547f874068a655d25e

SHA256
f7e9bfc1e12cfc1f67e93e5da4f26ddc75f8ffa2351dc7ef7f4988affcfa7a27

SHA512
9d0bbcfc3b4a7695867c291e67a017161011e266a530b971d1ca52ffa6eab55c1a2e8ff5f5354c39290da0b17d17f98bded53b381877bd9b9436c5fbb4e7d45d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
152KB

MD5
0ad41e78a1c1c433a5b8c69c5d467392

SHA1
6f0271769fb9fa576d452f6593eeaa9423588847

SHA256
e880483ed0989eef9f739eabdf3408a3419e6cfecd6346eb2ab0f5ed2e531f82

SHA512
b3e7ccc4338015cd1d6a24920ac5982a52a6ee3370d3154975f5a5e3c8562ab1abb1b774ddf7e8f5b62ae333d5a5a6bca913395c5d72b43cf96e1bf4ae794b09

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\0C18A63D07422C5BBF14C42DF4253232CC926410
Filesize
56KB

MD5
93ab8dfae384c7211a52fe777020e444

SHA1
ce3725d37eca16f990cbf5fbcba4f2db34887d4a

SHA256
bd6d5921b9181b0bb5058f97e26fdaf0f72bea691f99ad4292599fc0f3f1c61b

SHA512
23b5f1ec3d0745c806a8acd51ca7860df031bb414ecd14f3becf4510722695c411c28d8610f870dc35ea84f1a1384b1b55e3d06c721d0b7616db0c1d6e83dffd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\E6D1A2991276D9D4252EDDEDADA7FD348A02753A
Filesize
43KB

MD5
0ae863af95e76632ce6587d36e23fc69

SHA1
87950650b10763f8afe195f52a50eac59933b346

SHA256
7ce59a7b10f14b61103d81680fcfd4e88d13f08559b37984c99c3f91957ea171

SHA512
714d6c97532304029b9f0093e559595a81e66f86fe3d018307dd9550db0a3536dc0e991cc8442349ae34c053ddb959283fc6ad4eba72794d39a301d256d8f856

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon
Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\AlternateServices.bin
Filesize
10KB

MD5
8ac3c2f16c7adf2d941dcec2decbbd2a

SHA1
ce15ad3a2e1e92ed7030a3b9a728759bf1fe4565

SHA256
d5aea9b209ee73b44fda1943615539c34a9aeb1ed87c0b8736323632d0031330

SHA512
4c91516d8854561a97a6f901ca2a0f91a9b480964128256e4e2fc2d0de81b401a3268a605d81968b6eaa4277b366817550ae8e3581f6ea6b7af46dc59f8c76b1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp
Filesize
5KB

MD5
fb1f64e8d2d51b4fbc58c9d0ebf4c71c

SHA1
3839bc0ceca50f32647e570392f584b79e5ba8f2

SHA256
93e1b52afc8629635456b594a3a5d7eb9b2541d80ebd7d21acd967e841636476

SHA512
28d6c9b150f17f9249d3d665de68388a6cb55ef70e87e171ad20e1d22fe7d53afa0bc2db43ac127a3b4ab78df5f3a35f4c2828eb3f17542d9541d47f140f3621

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp
Filesize
7KB

MD5
1c5cc5e337c9c398466433b4fdc6ee95

SHA1
21f388c3e394f9455a68cb127aa48d399a837abf

SHA256
51cb6630f31d154fa1f9d8bff7dfd8dc448aa3add738868c507bea66da338e5e

SHA512
84618c9ff8819a174f1cd508f3dab743ca5ac4963aaa1ed019803d99d369f7ecae0f48ea6dfd3f43f92eb2429bc26ada41e9d3be1e8dfb0b206ae91e4e6a71b8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\a19549cf-7887-4bd1-9740-5d4afb22e082
Filesize
26KB

MD5
0fd54cf58d82811daae2b9f6ce08d8fe

SHA1
3106984bff0b2842d25edd052b8a60b023d95f88

SHA256
bc515f55cfd1ed4fed7da1fbe09ea6b908ff431bd4360625cb1633b291a8559e

SHA512
174e18045133beccb3719e416559df753cf47a23828aac895f7448faa4c47fcdd75abf3aabd2f953ea2b118c6cd50bf3e5f44fde4ffc6656c539a75117afd0b1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\c0e170ef-c3d2-43ca-9758-09471a9ea891
Filesize
671B

MD5
492af9f129f69e7387b8888ab46d221f

SHA1
bca4ac8ffdaf9641c1ebebecfbe238403b71e23c

SHA256
3ab5144f8d0b150e264da35a2532548bfa70e20e4fd3c38d7686ac3a23e03579

SHA512
9d75f05845ce8e403ab7ff3426991a459bc12b81853f94104f0734cddfbda4b63b18adb610bdfb147d8abe3d034cf26de0f795666fb65b44cd9875750d5753c1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\ea7fd51c-3489-4103-89eb-dca022952506
Filesize
982B

MD5
526deb8234738f9c371957d22f0f8bca

SHA1
37d1b83de222105fabac8a6cb6eb74b3b2dd8629

SHA256
3f902aadc8b241babd1765e71e8367b435c51c7dd3ae19b3ddfc19463812c7a7

SHA512
700c5548a2737793e5dc3f7c862540818fc2723cdd865f631341bf5b9108c96d2826bd97a02a71dd363d34716ffe35011dbda700bf376f755c15f88234c66834

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs-1.js
Filesize
8KB

MD5
a2c6841a68420f21513003d3520f58b4

SHA1
90990b15eeeaafbb67ceecfbf0da016ecfe397ec

SHA256
b44b25ebe55bd2860f0f14661a17fd4b9ac29dab21aa0137e42871f2d264bba8

SHA512
03fea116b1e9640898398e388fbec628fe94c605d0d5684edff0638e9dcdb0ff4fe240f445fcfbce640f20d1df0e522dccb6951b1fd144229d5787578cf6ed40

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs-1.js
Filesize
9KB

MD5
74a8af0c8c2a44c53c5f0d1231bf7566

SHA1
1d106b54ff179f9c3cce547a69b7c391259ebf5f

SHA256
489aa3d6a9f3f5cd330f1d95f9e8c246bdeeca621800edb15abf1403a35910dc

SHA512
619972e388745a205f54d9527c6fadbd55c5781fd78f1c18e9d32d136f34b7bdc512400aedf9cd59638c743e10aa229611385e43f43cbd5046b25935c00d4503

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs.js
Filesize
8KB

MD5
b83df547d37bcabc298b7a7b1003e6fa

SHA1
ae909905b4c879ad9ec92398e209e031e8009ced

SHA256
69d963e436b3f569a45a7c5f99a7e01d82950d19df8ddc318fa65a136203b643

SHA512
5cf9aca8b5d8ebebf29f9297623d6d660beabe1eb2e7d99e8b4c8e9f0e5777d1e97cd1d2ede557cc123f6b7319772c42549a1acea909780dbd5fc6dab5713646

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs.js
Filesize
8KB

MD5
b502a561bad1b7c8707463aa9e54cd5d

SHA1
b6cfa2744eb98b6226882e250a44e94fd308ee20

SHA256
5993e868a2a7f0eb2a75b49948707b88f60d1595083bac613e12d36fd925cddf

SHA512
72a6a3ef007a1a65ccc12fce55b3c60be11572ef2419336789b4f72c3849f48947ecf53715bf1dc4ef42221e57427b79df5ba2f9b2e2af6617844b29634b414f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionCheckpoints.json
Filesize
228B

MD5
a0821bc1a142e3b5bca852e1090c9f2c

SHA1
e51beb8731e990129d965ddb60530d198c73825f

SHA256
db037b650f36ff45da5df59bc07b0c5948f9e9b7b148ead4454ab84cb04fd0e2

SHA512
997528e2ecd24a7e697d95cd1a2a7de46a3d80b37fd67fac4fb0da0db756b60a24648b7074255dc38f7651302f70894a53c3d789f3d7cd9f80fb91bd0cade4be

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4
Filesize
4KB

MD5
babb4f32baf11d3bbbd2e18094db4f62

SHA1
8961f19333ef73331997839e33dbdd1fec99f9fa

SHA256
bd673c13d5f11340c9d613a5f85f8e3e3790230b186c04347b37321022f1e64b

SHA512
e0d8fbc40119c5c17f1865d9b2efd619fe60603154d2910fefcbb0c447d5ce62bd8a2a90ad58b43d5f0cd108828e31cfff952e376b2732399d6eb824f40570ca

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize
200KB

MD5
25e4300c801bfbb00dae8ba999e0d755

SHA1
06700161a74442f11b6b0950118dd670cdef8f44

SHA256
5292592931a8ccf65291aaee6db2f9ed380219dcb864f297df87cdd8c7668f90

SHA512
8cad74782f2e338bf1ba5dc907c4a031e86728d4d54d8efd6e3516c2c95b8b3ea5aea2c2b30e38447256dffe3038e7e5a119793f4d62281d9e719f1ff9775a36

Download Submit
C:\Users\Admin\Downloads\453468b86856665f2cc0e0e71668c0b6aac8b14326c623995ba5963f22257619 (1):Zone.Identifier
Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\453468b86856665f2cc0e0e71668c0b6aac8b14326c623995ba5963f22257619.crdownload
Filesize
8.7MB

MD5
682ac123d740321e6ba04d82e8cc4ed8

SHA1
088a8c8c2b7f9db92ec0ae39e1dc77c8707d3895

SHA256
453468b86856665f2cc0e0e71668c0b6aac8b14326c623995ba5963f22257619

SHA512
26ddc0a1b91337de2314465f82f3a02ec478f32708fa91b7cdf75fc235eda7b3cf7c495616145dc29fc081ac4398cab5aac0d42978ea694fa183518533fcf4ad

Download Submit
C:\Users\Admin\Downloads\453468b86856665f2cc0e0e71668c0b6aac8b14326c623995ba5963f22257619:Zone.Identifier
Filesize
179B

MD5
baf051abc36be28a35549abfd0ac5abb

SHA1
02e02cdeab09f8319e6f50af1cd8723adc3a46a3

SHA256
1c6b482f04d2f305c03cdec7e5bb11c9ef1704c38fb66d172b01f00a4684e1d4

SHA512
77b89c29e25d3320871d4b59fff7f354c2e27f13af6d7ec208ce4e087c19611ff09a1f5c51aea1770c4b5e2c5b1a69b7e4e351fd618bf7873745cccc52655f0b

Download Submit
C:\Users\Admin\Downloads\Gas.exe
Filesize
18KB

MD5
e7af185503236e623705368a443a17d9

SHA1
863084d6e7f3ed1ba6cc43f0746445b9ad218474

SHA256
da3f40b66cc657ea33dbf547eb05d8d4fb5fb5cf753689d0222039a3292c937a

SHA512
8db51d9029dfb0a1a112899ca1f1dacfd37ae9dec4d07594900c5725bc0f60212ab69395f560b30b20f6e1dffba84d585ef5ae2b43f77c3d5373fe481a8b8fc3

Download Submit
C:\Users\Admin\Downloads\Gas.exe:Zone.Identifier
Filesize
202B

MD5
ec47bfc446c40efecb0e1cb883fbb8bb

SHA1
4e9906396ce388c0bb3a35be56ea18f0a1cbd956

SHA256
3bb92500512b671162f465e2d9a58e6fb93fd6109ea739d68b5294b4200444ac

SHA512
bf6d30e2da7037a0f0c5f7bb08deddc4abc813540d206c3a07cc53b328b973484907ebeaa1cb7138d4ea61554bc2bd3703eefb8297e2a3d8d578d33e3c469bb4

Download Submit
C:\Users\Admin\Downloads\Grave.apk.crdownload
Filesize
560KB

MD5
61b29201190909e848107d93063726ca

SHA1
f6505a3b56fdbbc54e1624793581afe45010c890

SHA256
64c874d0a67387d174fbf18811ef23e9d9b0f532ed7f805e542dacdf3c9d42f9

SHA512
a2e8fa752d62e77e20e6fd86b7c6de3e683e41932eef448164944bd5f5dbb91ccf4380b3c13943e5c0264b9127b7f5e471ece68753af541d408caefae1065930

Download Submit
C:\Users\Admin\Downloads\Grave.apk:Zone.Identifier
Filesize
206B

MD5
c609d7c10350569680dabfbcf2b405d4

SHA1
18ef86e3d659f2f47505361b5ad4be415953ec6e

SHA256
3483cb7bba53b004fdfcfc4454484bb79db198d95886505503be8b57c1957f54

SHA512
9b41a8f2f270705711428e29b555845d322a5196b99b2f7f0002a3e386a80145243eeacc8216c8a49ee8a9e23ab2df3945856761270e7bd726989ff3a0ce2a54

Download Submit
C:\Users\Admin\Downloads\Illerka.C.exe
Filesize
378KB

MD5
c718a1cbf0e13674714c66694be02421

SHA1
001d5370d3a7ee48db6caaecb1c213b5dfdf8e65

SHA256
cde188d6c4d6e64d6abfdea1e113314f9cdf9417bca36eb7201e6b766e5f5a7f

SHA512
ba0ddff47b618740dfcb63024435c36d895889dd3cf6b4559969283ba8100e8063f5c7767e56dfab67a2b5c96e4ae22e141e5b09e81be5cec9aa7ca7827b4b8a

Download Submit
C:\Users\Admin\Downloads\Illerka.C.exe:Zone.Identifier
Filesize
214B

MD5
fd252ee744fcdb22ff89bfc6ec70cf64

SHA1
336a5151837a6d34973d10abc440ab66849e2281

SHA256
9518fe7f3912fab34d29682f1a4743018b78cde4c71d5fc234c035d6717c8c9e

SHA512
ca97b12bc0c23b83232030853a408b9be4a9192f33e24cc39d1774299167d4dce87c2770b61f272e3712bf1d3c5daf0e6367bbb015f0e926dbddcf5116234d9b

Download Submit
C:\Users\Admin\Downloads\PCToaster.exe
Filesize
411KB

MD5
04251a49a240dbf60975ac262fc6aeb7

SHA1
e211ca63af2ab85ffab1e5fbbdf28a4ef8f77de0

SHA256
85a58aa96dccd94316a34608ba996656a22c8158d5156b6e454d9d69e6ff38c3

SHA512
3422a231e1dadb68d3567a99d46791392ecf5883fd3bbc2cae19a595364dac46e4b2712db70b61b488937d906413d39411554034ffd3058389700a93c17568d2

Download Submit
C:\Users\Admin\Downloads\PCToaster.exe:Zone.Identifier
Filesize
214B

MD5
c17503dbe48b304327eeeca339397a2c

SHA1
0f7a00cfbb8a2b4156316df1b42bc6063121406a

SHA256
11ed6ddf64497ea702eb56f4774dec5c63bd49546b0302440a50e3f7efba5451

SHA512
1f8a181ee2c10648aa410ca1b5ebdd230d0d986a41766ccde93a4f90a287860951df8dd9004c77f1e7f6393e6a8ea961d37e2b26810b5052c4d0f0f0450d3b88

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 919497.crdownload
Filesize
3.0MB

MD5
ef7b3c31bc127e64627edd8b89b2ae54

SHA1
310d606ec2f130013cc9d2f38a9cc13a2a34794a

SHA256
8b04fda4bee1806587657da6c6147d3e949aa7d11be1eefb8cd6ef0dba76d387

SHA512
a11eadf40024faeb2cc111b8feee1b855701b3b3f3c828d2da0ae93880897c70c15a0ee3aeb91874e5829b1100e0abafec020e0bf1e82f2b8235e9cc3d289be5

Download Submit
\??\pipe\crashpad_476_JBDGVFWVENADCCZE
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1072-1965-0x000001A2A5730000-0x000001A2A5731000-memory.dmp

Filesize
4KB

Download
memory/1072-1907-0x000001A2A5730000-0x000001A2A5731000-memory.dmp

Filesize
4KB

Download
memory/1072-1914-0x000001A2A5730000-0x000001A2A5731000-memory.dmp

Filesize
4KB

Download
memory/1072-1924-0x000001A2A5730000-0x000001A2A5731000-memory.dmp

Filesize
4KB

Download
memory/1072-1911-0x000001A2A5730000-0x000001A2A5731000-memory.dmp

Filesize
4KB

Download
memory/1588-1940-0x0000000000D50000-0x0000000000D5E000-memory.dmp

Filesize
56KB

Download
memory/5008-1889-0x0000000000400000-0x000000000046E000-memory.dmp

Filesize
440KB

Download
memory/5168-1803-0x0000000000400000-0x000000000046E000-memory.dmp

Filesize
440KB

Download
memory/5320-1964-0x000001D7A59D0000-0x000001D7A59D1000-memory.dmp

Filesize
4KB

Download
memory/5320-1943-0x000001D7A59D0000-0x000001D7A59D1000-memory.dmp

Filesize
4KB

Download
memory/5320-1828-0x000001D7A59D0000-0x000001D7A59D1000-memory.dmp

Filesize
4KB

Download
memory/5320-1824-0x000001D7A59D0000-0x000001D7A59D1000-memory.dmp

Filesize
4KB

Download
memory/5320-1888-0x000001D7A59D0000-0x000001D7A59D1000-memory.dmp

Filesize
4KB

Download
memory/5320-1851-0x000001D7A59D0000-0x000001D7A59D1000-memory.dmp

Filesize
4KB

Download
memory/5320-1843-0x000001D7A59D0000-0x000001D7A59D1000-memory.dmp

Filesize
4KB

Download
memory/5628-2012-0x00000000000C0000-0x00000000006FD000-memory.dmp

Filesize
6.2MB

Download
memory/5628-2100-0x00000000000C0000-0x00000000006FD000-memory.dmp

Filesize
6.2MB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads