f2c64477b3aee675bab1c569e9ede4d06edc281e5fcd74b75332afc16213bda1

Analysis

max time kernel
370s
max time network
370s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
28-05-2024 15:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

xmrig.exe
Size

4.4MB
MD5

57f0fdec4d919db0bd4576dc84aec752
SHA1

82e6af04eadb5fac25fbb89dc6f020da0f4b6dca
SHA256

5e5b5171a95955ecb0fa8f9f1ba66f313165044cc1978a447673c0ac17859170
SHA512

b770ae250ebdff7eb6a28359b1bb55a0b1cc91a94b907cc1107c1ffe6d04582dd71eec80008031f2a736bb353676b409512bfe3470def6c4ba7cda50e4e78998
SSDEEP

98304:txsO/8CMAVvEjF6xC2ZXWTP6jL/VrNwcEMh:tqOygxC8XWTPIL/FCcEMh

Score

1^/10

Malware Config

Signatures

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133613842837899901"	chrome.exe

Modifies registry class 53 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\SniffedFolderType = "Documents"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1226833921"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 14002e80922b16d365937a46956b92703aca08af0000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\NodeSlot = "10"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\NodeSlot = "9"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe1100000096c7af35d697da015734dbe014b1da015734dbe014b1da0114000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202020202	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell\SniffedFolderType = "Generic"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 020000000100000000000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1226833921"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
4260	chrome.exe
4260	chrome.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2220	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4260	chrome.exe
4260	chrome.exe
4260	chrome.exe
4260	chrome.exe
4260	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2220	taskmgr.exe
Token: SeSystemProfilePrivilege	2220	taskmgr.exe
Token: SeCreateGlobalPrivilege	2220	taskmgr.exe
Token: SeShutdownPrivilege	4260	chrome.exe
Token: SeCreatePagefilePrivilege	4260	chrome.exe
Token: SeShutdownPrivilege	4260	chrome.exe
Token: SeCreatePagefilePrivilege	4260	chrome.exe
Token: SeShutdownPrivilege	4260	chrome.exe
Token: SeCreatePagefilePrivilege	4260	chrome.exe
Token: SeShutdownPrivilege	4260	chrome.exe
Token: SeCreatePagefilePrivilege	4260	chrome.exe
Token: SeShutdownPrivilege	4260	chrome.exe
Token: SeCreatePagefilePrivilege	4260	chrome.exe
Token: SeShutdownPrivilege	4260	chrome.exe
Token: SeCreatePagefilePrivilege	4260	chrome.exe
Token: SeShutdownPrivilege	4260	chrome.exe
Token: SeCreatePagefilePrivilege	4260	chrome.exe
Token: SeShutdownPrivilege	4260	chrome.exe
Token: SeCreatePagefilePrivilege	4260	chrome.exe
Token: SeShutdownPrivilege	4260	chrome.exe
Token: SeCreatePagefilePrivilege	4260	chrome.exe
Token: SeShutdownPrivilege	4260	chrome.exe
Token: SeCreatePagefilePrivilege	4260	chrome.exe
Token: SeShutdownPrivilege	4260	chrome.exe
Token: SeCreatePagefilePrivilege	4260	chrome.exe
Token: SeShutdownPrivilege	4260	chrome.exe
Token: SeCreatePagefilePrivilege	4260	chrome.exe
Token: SeShutdownPrivilege	4260	chrome.exe
Token: SeCreatePagefilePrivilege	4260	chrome.exe
Token: SeShutdownPrivilege	4260	chrome.exe
Token: SeCreatePagefilePrivilege	4260	chrome.exe
Token: SeShutdownPrivilege	4260	chrome.exe
Token: SeCreatePagefilePrivilege	4260	chrome.exe
Token: SeShutdownPrivilege	4260	chrome.exe
Token: SeCreatePagefilePrivilege	4260	chrome.exe
Token: SeShutdownPrivilege	4260	chrome.exe
Token: SeCreatePagefilePrivilege	4260	chrome.exe
Token: SeShutdownPrivilege	4260	chrome.exe
Token: SeCreatePagefilePrivilege	4260	chrome.exe
Token: SeShutdownPrivilege	4260	chrome.exe
Token: SeCreatePagefilePrivilege	4260	chrome.exe
Token: SeShutdownPrivilege	4260	chrome.exe
Token: SeCreatePagefilePrivilege	4260	chrome.exe
Token: SeShutdownPrivilege	4260	chrome.exe
Token: SeCreatePagefilePrivilege	4260	chrome.exe
Token: SeShutdownPrivilege	4260	chrome.exe
Token: SeCreatePagefilePrivilege	4260	chrome.exe
Token: SeShutdownPrivilege	4260	chrome.exe
Token: SeCreatePagefilePrivilege	4260	chrome.exe
Token: SeShutdownPrivilege	4260	chrome.exe
Token: SeCreatePagefilePrivilege	4260	chrome.exe
Token: SeShutdownPrivilege	4260	chrome.exe
Token: SeCreatePagefilePrivilege	4260	chrome.exe
Token: SeShutdownPrivilege	4260	chrome.exe
Token: SeCreatePagefilePrivilege	4260	chrome.exe
Token: SeShutdownPrivilege	4260	chrome.exe
Token: SeCreatePagefilePrivilege	4260	chrome.exe
Token: SeShutdownPrivilege	4260	chrome.exe
Token: SeCreatePagefilePrivilege	4260	chrome.exe
Token: SeShutdownPrivilege	4260	chrome.exe
Token: SeCreatePagefilePrivilege	4260	chrome.exe
Token: SeShutdownPrivilege	4260	chrome.exe
Token: SeCreatePagefilePrivilege	4260	chrome.exe
Token: SeShutdownPrivilege	4260	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3688	chrome.exe
3688	chrome.exe
3688	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4260 wrote to memory of 4188	4260	chrome.exe	123
PID 4260 wrote to memory of 4188	4260	chrome.exe	123
PID 4260 wrote to memory of 3092	4260	chrome.exe	124
PID 4260 wrote to memory of 3092	4260	chrome.exe	124
PID 4260 wrote to memory of 3092	4260	chrome.exe	124
PID 4260 wrote to memory of 3092	4260	chrome.exe	124
PID 4260 wrote to memory of 3092	4260	chrome.exe	124
PID 4260 wrote to memory of 3092	4260	chrome.exe	124
PID 4260 wrote to memory of 3092	4260	chrome.exe	124
PID 4260 wrote to memory of 3092	4260	chrome.exe	124
PID 4260 wrote to memory of 3092	4260	chrome.exe	124
PID 4260 wrote to memory of 3092	4260	chrome.exe	124
PID 4260 wrote to memory of 3092	4260	chrome.exe	124
PID 4260 wrote to memory of 3092	4260	chrome.exe	124
PID 4260 wrote to memory of 3092	4260	chrome.exe	124
PID 4260 wrote to memory of 3092	4260	chrome.exe	124
PID 4260 wrote to memory of 3092	4260	chrome.exe	124
PID 4260 wrote to memory of 3092	4260	chrome.exe	124
PID 4260 wrote to memory of 3092	4260	chrome.exe	124
PID 4260 wrote to memory of 3092	4260	chrome.exe	124
PID 4260 wrote to memory of 3092	4260	chrome.exe	124
PID 4260 wrote to memory of 3092	4260	chrome.exe	124
PID 4260 wrote to memory of 3092	4260	chrome.exe	124
PID 4260 wrote to memory of 3092	4260	chrome.exe	124
PID 4260 wrote to memory of 3092	4260	chrome.exe	124
PID 4260 wrote to memory of 3092	4260	chrome.exe	124
PID 4260 wrote to memory of 3092	4260	chrome.exe	124
PID 4260 wrote to memory of 3092	4260	chrome.exe	124
PID 4260 wrote to memory of 3092	4260	chrome.exe	124
PID 4260 wrote to memory of 3092	4260	chrome.exe	124
PID 4260 wrote to memory of 3092	4260	chrome.exe	124
PID 4260 wrote to memory of 3092	4260	chrome.exe	124
PID 4260 wrote to memory of 3092	4260	chrome.exe	124
PID 4260 wrote to memory of 2328	4260	chrome.exe	125
PID 4260 wrote to memory of 2328	4260	chrome.exe	125
PID 4260 wrote to memory of 884	4260	chrome.exe	126
PID 4260 wrote to memory of 884	4260	chrome.exe	126
PID 4260 wrote to memory of 884	4260	chrome.exe	126
PID 4260 wrote to memory of 884	4260	chrome.exe	126
PID 4260 wrote to memory of 884	4260	chrome.exe	126
PID 4260 wrote to memory of 884	4260	chrome.exe	126
PID 4260 wrote to memory of 884	4260	chrome.exe	126
PID 4260 wrote to memory of 884	4260	chrome.exe	126
PID 4260 wrote to memory of 884	4260	chrome.exe	126
PID 4260 wrote to memory of 884	4260	chrome.exe	126
PID 4260 wrote to memory of 884	4260	chrome.exe	126
PID 4260 wrote to memory of 884	4260	chrome.exe	126
PID 4260 wrote to memory of 884	4260	chrome.exe	126
PID 4260 wrote to memory of 884	4260	chrome.exe	126
PID 4260 wrote to memory of 884	4260	chrome.exe	126
PID 4260 wrote to memory of 884	4260	chrome.exe	126
PID 4260 wrote to memory of 884	4260	chrome.exe	126
PID 4260 wrote to memory of 884	4260	chrome.exe	126
PID 4260 wrote to memory of 884	4260	chrome.exe	126
PID 4260 wrote to memory of 884	4260	chrome.exe	126
PID 4260 wrote to memory of 884	4260	chrome.exe	126
PID 4260 wrote to memory of 884	4260	chrome.exe	126
PID 4260 wrote to memory of 884	4260	chrome.exe	126
PID 4260 wrote to memory of 884	4260	chrome.exe	126
PID 4260 wrote to memory of 884	4260	chrome.exe	126
PID 4260 wrote to memory of 884	4260	chrome.exe	126
PID 4260 wrote to memory of 884	4260	chrome.exe	126
PID 4260 wrote to memory of 884	4260	chrome.exe	126
PID 4260 wrote to memory of 884	4260	chrome.exe	126

C:\Users\Admin\AppData\Local\Temp\xmrig.exe
"C:\Users\Admin\AppData\Local\Temp\xmrig.exe"
1⤵
PID:5072

C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\ConnectSwitch.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
1⤵
PID:812

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:688

C:\Users\Admin\Desktop\xmrig.exe
"C:\Users\Admin\Desktop\xmrig.exe"
1⤵
PID:4708

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\6029f933db8749819dfc0dfb3033da2c /t 2080 /p 812
1⤵
PID:560

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2220

C:\Users\Admin\Desktop\xmrig.exe
"C:\Users\Admin\Desktop\xmrig.exe"
1⤵
PID:2128

C:\Users\Admin\Desktop\xmrig.exe
"C:\Users\Admin\Desktop\xmrig.exe"
1⤵
PID:4372

C:\Users\Admin\Desktop\xmrig.exe
"C:\Users\Admin\Desktop\xmrig.exe"
1⤵
PID:4492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ff8db2dab58,0x7ff8db2dab68,0x7ff8db2dab78
  2⤵
  PID:4188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 --field-trial-handle=1940,i,10164188430155602350,15106303369810876981,131072 /prefetch:2
  2⤵
  PID:3092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 --field-trial-handle=1940,i,10164188430155602350,15106303369810876981,131072 /prefetch:8
  2⤵
  PID:2328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2260 --field-trial-handle=1940,i,10164188430155602350,15106303369810876981,131072 /prefetch:8
  2⤵
  PID:884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3128 --field-trial-handle=1940,i,10164188430155602350,15106303369810876981,131072 /prefetch:1
  2⤵
  PID:3732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3160 --field-trial-handle=1940,i,10164188430155602350,15106303369810876981,131072 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4032 --field-trial-handle=1940,i,10164188430155602350,15106303369810876981,131072 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4552 --field-trial-handle=1940,i,10164188430155602350,15106303369810876981,131072 /prefetch:8
  2⤵
  PID:412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4736 --field-trial-handle=1940,i,10164188430155602350,15106303369810876981,131072 /prefetch:8
  2⤵
  PID:4132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4660 --field-trial-handle=1940,i,10164188430155602350,15106303369810876981,131072 /prefetch:8
  2⤵
  PID:1732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4584 --field-trial-handle=1940,i,10164188430155602350,15106303369810876981,131072 /prefetch:8
  2⤵
  PID:3060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 --field-trial-handle=1940,i,10164188430155602350,15106303369810876981,131072 /prefetch:8
  2⤵
  PID:2272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5056 --field-trial-handle=1940,i,10164188430155602350,15106303369810876981,131072 /prefetch:1
  2⤵
  PID:2052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3364 --field-trial-handle=1940,i,10164188430155602350,15106303369810876981,131072 /prefetch:1
  2⤵
  PID:4236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3216 --field-trial-handle=1940,i,10164188430155602350,15106303369810876981,131072 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:3688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 --field-trial-handle=1940,i,10164188430155602350,15106303369810876981,131072 /prefetch:8
  2⤵
  PID:1888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3208 --field-trial-handle=1940,i,10164188430155602350,15106303369810876981,131072 /prefetch:8
  2⤵
  PID:116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4388 --field-trial-handle=1940,i,10164188430155602350,15106303369810876981,131072 /prefetch:8
  2⤵
  PID:1732

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2464

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\57a25f75-57da-460e-997b-d86301a8cc2c.tmp

Filesize
91KB

MD5
3bd3eb68dc97c579d59e1537a8fee396

SHA1
50dbe75fea730c1f1ca84e264ce18cdd1763acdd

SHA256
28118e5a378616a29fa8d8dc60ad085c61758f35eb8b19aa5841bb0e899d13f8

SHA512
bc0c38bb2830fbe1b6343d68e41a6c36359cf47ff5f801bfd8e53d315fc30cda0c8da2c02b243e2ded3fe6b3096ace10662baea1cc2de09e33976222ef0d19c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c7beba6126928ba6eef2f6ad7d0603ef

SHA1
e10de77dbc8768bbdf8eac4904634b7905f1288c

SHA256
5a35d1d000e6c2b4ca9f72e008a5112fd1455daa6a9c24478cdbebf01c3ef43e

SHA512
a3bb427879e3b2817ff17b636f9bdd56194327c841c56823ccb5ecbf2d521dafc0eeeb62d93a240739c3bf57ee91b0cf9fd0263b29a1afaa9782e6863537e814

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
b33272ca765e4963ca6dccca296203b5

SHA1
3fa44e9801fb764e604f1a14a0f67fa1a12a913e

SHA256
b61d857c8745f701432359dae2c0d8e1c3633f793b23bcaf666c9c802dd8f3ac

SHA512
c3d0f4d328ba423f9099428391b4eb2265721879274029d512cbf6847486a1cee2b7f8356a1dca60d4ef9d38151cab228d2367ade028ca4e33a217c1c7f2ed5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
302dbe0f08619ed720f19dae6a7beceb

SHA1
ec2dbcc83ee1f23f66a7944cced9f5f7900e6d9a

SHA256
ffb4b09ae92ce300fccfc956070aeff1ab68e84b100f1840484f301e9929dd0d

SHA512
51ddb2f8671aa0fbd4f86f0d662486f2020654cb69b619eae9b37b8a6ba60edcd355f058a8de783d79ad8c8bfb528bdfc33d922988ed9610fb73ee286f76d3d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
01747bb5adfa748162333b5d1c1dc479

SHA1
b21dafbbe7c76443ac1a405df972e6f3d7c01fd5

SHA256
bd6abf47ee422040b902c6e79b045fff8b10d6d2c8e9d833734263624a6f5baa

SHA512
6a669c590b726ca9400264bd4946b49f10ddf2f240fef4fad7525c6a0ee20fa46cc0754884d19a8cd85c767fc1d353a14c5c071a64ae53355cda559ebb4082b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8dde84f901558b85543b5fa51f25da95

SHA1
4017589665fdadc149b4f88ccaca8e4e1ad963b9

SHA256
6923fd7df38afddbdc19e793f256fbea69bd83941955d7a046b6de61984cea9b

SHA512
c35e52d2a0315e6017c0e7e5f9f718610fb50d8ff4ab414800c285cb360179c70414166cddfa56a6da22becbc7c8c9eb8772b7c1f22a9497db85a88dbaf99246

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
564fdd37363914e4ca4092027c994cdc

SHA1
0b496796ea1902a47b0348bd07846371cbd7e69e

SHA256
ac78dda8a58baaf910a4c5e684d9846f8ac7d5c2834e8b30ed19a648a77fd768

SHA512
ce2fa6ea2fd7c5491001eb39f2516d90c8ddfbcbca159bd66af0819e7d1b88b6921400d8efa949b8df994d6ab9365fdc8dd01b3ee71a869c644dd348d693c5c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0b27dbbb184e10047242ec682d37bf61

SHA1
9337dae013f6dadaf4e92f4674ddfc1282ddee02

SHA256
7660a8e4ae5e81b23cdd2a72dd227d78aebca6640071deca0da99000da15839a

SHA512
d7c6db77c46ca48650d6575e3214a13ffd4bc144cacf16366368a719e6438f48eaf9cee7458a186d2c91173bc58b422e2348b467e0878e322ad8aa4f7644b50f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a96d9cb1ee538f51528cb4f18101006c

SHA1
c0849693cfdcaf5e07070525db77bac28259a788

SHA256
729f75cd6c9f8c27ffb8f3e48404177464597a0c2ede774a13b1c55e23383b55

SHA512
bc84f328131a5f7812cad5cf459b6b0e49d6b28d8336a159c74c671a18a4def719431e75fc92e2bc62a89a4b3b458fb8d8a3df3f127bb7f85785a643448c12e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f99b121bdb4341a6e264a11e29f3658e

SHA1
65716a76162a80a484b9ca72016cd5009573775d

SHA256
eec81b82175d672cbf167aa24e46957e6a407019d33b16b7ad4ba9deaeb28f81

SHA512
5b829931396012cbe631bc376ec0baa63f5322f99990dca8a374416e68a2d775b153fa5862334bd17fa52c0752d03db25cc54c3ac1b68380d413a5d7e41284d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
af08a352f232081b4137b58a41848faa

SHA1
9c910ce330a31def2eba069a3cd97e9d72594d80

SHA256
f1fd7232423a11a6bee47dba936b7d5ce4d786ab0db3965bc6a99f556ef875b8

SHA512
fc6b5514c608d964ad56c34a28bd07cdf636ffda6398358fed253f6736070cdd318254b571f6242f97b06c46fc1cb5c7c9237769ca8feec3b9055ae7b1f9c6b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
01b84c122ed432e6be7f5d648d57ad67

SHA1
175fb1139ad5acaa55f48596b2bdba1319b1a53f

SHA256
c66ceb0a6cb9ad1bc7fa2af30ce4cbfd0a865022f19a9acf56b3552d3833e6c7

SHA512
1b0289f0d55f629102ea1ba1ed1604b9a6cea626b96dcd5c807af3327a07bab18dbe2e0e4a6f18bf5c0cc2d752d69444eba051c3d719070254d380a2fd7ed364

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
262KB

MD5
751ed7690c630fed6d6162930ac7b5ae

SHA1
085b1c0ddb8bdc234170bdb5e5034e6b51b3bb2b

SHA256
9cbceae7066aff464ecaf1e2569b435d4a290f477b94dd05f753f3686cec0f6b

SHA512
7b32629beb949ec70c937bfc4043305ddb6e856821a906d125b1c2709a9748b9225beec8f495075450e84dc120b123bb3eb5e57cece7b8c2e7d032c9de4afb80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
262KB

MD5
50293755e622c719c10bcfbd3eab70fd

SHA1
0ce6bb934537dba7e7184901793f41d3cc862088

SHA256
86cdd915dded612678715527d1075ff91a3b36684f8100191eacb927ad3b1594

SHA512
c84a08b293cc9da9612f682207a5d0fdfa5c341c09b2647629510c6793b3cd1a40abfa8e33e969ffde67d792619c8de20150a58f7932e491f28042fe24745fd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
131KB

MD5
4da9c24b1dfc8d20fa5ed26554994c06

SHA1
44113858b1fc3686416a3e649c9f5c24d13596a2

SHA256
1e48ca53f771e7c2af9ed1c69846a868a6e4a2f7b5ff68de3bdeda8ad79c1bbf

SHA512
b255a2002871479a2b47faa7e7360f409dc3cc0157634f564189f71d42e23dc42a921ae6c8ebab2f72c9e18d47b6c7fa3bdee01608afd297bba424abfcbf4dc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
262KB

MD5
bba1bce564d4885d6c8c938216561895

SHA1
aa7134b46dd1b9b1fd4df5c902db902f35c40f42

SHA256
40201c550707b039330819a684ce5a8cbcf15440fd0a6c741d743faef0dd687f

SHA512
14878c5ad94a86d3c1e4dc8d7fa2c2d3f778c06c5ef9a09c5f341722e6309bd958a24d5744f0c092a2e88ee2ce0199ff44ee3d0d63bf2692f006931314ce8e55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
282KB

MD5
6a795a01e7c6b4efc8607d2bcf92e353

SHA1
289e7b9b39e397d7881dc682f542d3a0ebd09f63

SHA256
ab4a7f0618ee315ae475f06910ef64001176d2cdb54bdda969f5b7b358e9c3db

SHA512
939a9694cd86807b16b5ae1697c8fbd986b36b7c7fc4bf01e234ee55fb34ffc4cc1c8dfd0030a65ffd7b821f32aa2101cbbba59f2e5741e57b22194fa2d0ad2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
269KB

MD5
f3ec46856b7f7b0033e99aaf0328be27

SHA1
8b7c62a8eb5e66e0a6385ae76c5f1a7882583abe

SHA256
fe3528d937d9c1f33a4a25768faa206db1448ca445a58274decd4257e9d57f2e

SHA512
99cc190184ba7a9f74199724bbb4cc991d29204e4a0e538f36dc317a3e9a8deb3f1fcb20b18f8a1fc9b32dba21b43ecb0475028ac21f3d41e420f54e1be1cb76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5bfde4.TMP

Filesize
88KB

MD5
eb85cbb739a31074667831f9ecec70df

SHA1
a97499b14989baecce95309f57c33cdbad6007cb

SHA256
07974abcab9a8a312cd508034ca71b4ce0f9fad422e800d1040cbec00263cf15

SHA512
dbd5d2e3a654239d6fde42592c56deca0a5e6eea26ade25a2a395677aab367f07bad1471989040c13d8e3b911055935c852dbd7a37b2fc95ab156a95372657bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
e67c815b42288a9fbbac8383740faa17

SHA1
4be8bc8674447b4092d400214a50967f79a72cb3

SHA256
6e007b48a0a5562f77e47ab429055e3405f062419785bbfb90fd97b614a8847b

SHA512
5563a337cd6777cea4a74f2d322b9c5149cdf8f99ef09fdbc5c61300f57e687a001f43047dee79394880fef2a776b910b227602c8de4584fbe4b38678bd52b87

Download Submit
memory/2220-4-0x00000209D1B40000-0x00000209D1B41000-memory.dmp

Filesize
4KB

Download
memory/2220-14-0x00000209D1B40000-0x00000209D1B41000-memory.dmp

Filesize
4KB

Download
memory/2220-3-0x00000209D1B40000-0x00000209D1B41000-memory.dmp

Filesize
4KB

Download
memory/2220-10-0x00000209D1B40000-0x00000209D1B41000-memory.dmp

Filesize
4KB

Download
memory/2220-11-0x00000209D1B40000-0x00000209D1B41000-memory.dmp

Filesize
4KB

Download
memory/2220-12-0x00000209D1B40000-0x00000209D1B41000-memory.dmp

Filesize
4KB

Download
memory/2220-8-0x00000209D1B40000-0x00000209D1B41000-memory.dmp

Filesize
4KB

Download
memory/2220-9-0x00000209D1B40000-0x00000209D1B41000-memory.dmp

Filesize
4KB

Download
memory/2220-2-0x00000209D1B40000-0x00000209D1B41000-memory.dmp

Filesize
4KB

Download
memory/2220-13-0x00000209D1B40000-0x00000209D1B41000-memory.dmp

Filesize
4KB

Download
memory/5072-0-0x00000203C61C0000-0x00000203C61D4000-memory.dmp

Filesize
80KB

Download