Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-05-2024 15:34

General

  • Target

    nursultan nexgen fix.exe

  • Size

    1.5MB

  • MD5

    a3d07c747770c9a471a44446e46e33d5

  • SHA1

    8340534fb1770bae9660287ddb0496e243efcfe4

  • SHA256

    16015088c3352a8257f420555e7ce6245aa0e6682deeca79bf7e08c24e1ac3de

  • SHA512

    307cbdddaa9f426f8ceec060c2c0b1ab5ed3573e327dbcfdda7b1dfd22cf17559f017d835d71bdd15397fa95b0c7dfbfb4cd6b51cd5b2adc1d1cddc8ffe27f99

  • SSDEEP

    24576:U2G/nvxW3Ww0tpfnNGcvUCxt9groiK5Cg3ZRvm43TzvmF2cK07:UbA30pfnLRRgrheJROuTzvIR

Malware Config

Signatures

  • DcRat

    DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

  • Process spawned unexpected child process 39 IoCs

    This typically indicates the parent process was compromised via an exploit or macro.

  • DCRat payload 2 IoCs

    Detects payload of DCRat, commonly dropped by NSIS installers.

  • Disables Task Manager via registry modification
  • Checks computer location settings 2 TTPs 3 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Drops file in Program Files directory 10 IoCs
  • Drops file in Windows directory 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Creates scheduled task(s) 1 TTPs 39 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 3 IoCs
  • Modifies registry key 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 25 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 27 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\nursultan nexgen fix.exe
    "C:\Users\Admin\AppData\Local\Temp\nursultan nexgen fix.exe"
    1⤵
    • Checks computer location settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:1648
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\portagentbrowserweb\WRLLAAz5wgYRSh1EMNi6f5aM.vbe"
      2⤵
      • Checks computer location settings
      • Suspicious use of WriteProcessMemory
      PID:3452
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c ""C:\portagentbrowserweb\6X9rFgrS3wv5iM7PLkmLFP1j.bat" "
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:4036
        • C:\portagentbrowserweb\Containerruntime.exe
          "C:\portagentbrowserweb\Containerruntime.exe"
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Modifies registry class
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:5112
          • C:\Windows\System32\cmd.exe
            "C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\EJw9Wgz0Nc.bat"
            5⤵
            • Suspicious use of WriteProcessMemory
            PID:1844
            • C:\Windows\system32\w32tm.exe
              w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
              6⤵
                PID:3564
              • C:\Users\Public\Desktop\fontdrvhost.exe
                "C:\Users\Public\Desktop\fontdrvhost.exe"
                6⤵
                • Executes dropped EXE
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious behavior: GetForegroundWindowSpam
                • Suspicious use of AdjustPrivilegeToken
                PID:4228
          • C:\Windows\SysWOW64\reg.exe
            reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
            4⤵
            • Modifies registry key
            PID:2440
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "conhostc" /sc MINUTE /mo 7 /tr "'C:\Recovery\WindowsRE\conhost.exe'" /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:2756
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "conhost" /sc ONLOGON /tr "'C:\Recovery\WindowsRE\conhost.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:3472
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "conhostc" /sc MINUTE /mo 13 /tr "'C:\Recovery\WindowsRE\conhost.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:536
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 5 /tr "'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\RuntimeBroker.exe'" /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:3780
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\RuntimeBroker.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:4704
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 9 /tr "'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\RuntimeBroker.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:3988
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 5 /tr "'C:\Windows\Logs\DISM\RuntimeBroker.exe'" /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:404
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Windows\Logs\DISM\RuntimeBroker.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:1364
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 10 /tr "'C:\Windows\Logs\DISM\RuntimeBroker.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:4888
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "fontdrvhostf" /sc MINUTE /mo 7 /tr "'C:\Users\Public\Desktop\fontdrvhost.exe'" /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:228
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "fontdrvhost" /sc ONLOGON /tr "'C:\Users\Public\Desktop\fontdrvhost.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:4076
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "fontdrvhostf" /sc MINUTE /mo 13 /tr "'C:\Users\Public\Desktop\fontdrvhost.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:3608
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "SystemS" /sc MINUTE /mo 9 /tr "'C:\portagentbrowserweb\System.exe'" /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:1516
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "System" /sc ONLOGON /tr "'C:\portagentbrowserweb\System.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:3604
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "SystemS" /sc MINUTE /mo 10 /tr "'C:\portagentbrowserweb\System.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:748
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "conhostc" /sc MINUTE /mo 9 /tr "'C:\Program Files (x86)\Windows Mail\conhost.exe'" /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:3852
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "conhost" /sc ONLOGON /tr "'C:\Program Files (x86)\Windows Mail\conhost.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:3144
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "conhostc" /sc MINUTE /mo 7 /tr "'C:\Program Files (x86)\Windows Mail\conhost.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:1156
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "SystemS" /sc MINUTE /mo 11 /tr "'C:\Program Files\Mozilla Firefox\fonts\System.exe'" /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:5076
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "System" /sc ONLOGON /tr "'C:\Program Files\Mozilla Firefox\fonts\System.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:4500
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "SystemS" /sc MINUTE /mo 12 /tr "'C:\Program Files\Mozilla Firefox\fonts\System.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:2536
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "TextInputHostT" /sc MINUTE /mo 14 /tr "'C:\Program Files\Common Files\TextInputHost.exe'" /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:1524
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "TextInputHost" /sc ONLOGON /tr "'C:\Program Files\Common Files\TextInputHost.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:1028
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "TextInputHostT" /sc MINUTE /mo 8 /tr "'C:\Program Files\Common Files\TextInputHost.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:1044
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "TextInputHostT" /sc MINUTE /mo 11 /tr "'C:\Recovery\WindowsRE\TextInputHost.exe'" /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:3372
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "TextInputHost" /sc ONLOGON /tr "'C:\Recovery\WindowsRE\TextInputHost.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:1268
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "TextInputHostT" /sc MINUTE /mo 7 /tr "'C:\Recovery\WindowsRE\TextInputHost.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:5004
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 10 /tr "'C:\portagentbrowserweb\dllhost.exe'" /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:864
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "dllhost" /sc ONLOGON /tr "'C:\portagentbrowserweb\dllhost.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:908
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 13 /tr "'C:\portagentbrowserweb\dllhost.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:2032
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "dwmd" /sc MINUTE /mo 11 /tr "'C:\Recovery\WindowsRE\dwm.exe'" /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:2792
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "dwm" /sc ONLOGON /tr "'C:\Recovery\WindowsRE\dwm.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:384
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "dwmd" /sc MINUTE /mo 7 /tr "'C:\Recovery\WindowsRE\dwm.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:4668
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 7 /tr "'C:\Program Files\Reference Assemblies\Microsoft\RuntimeBroker.exe'" /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:3184
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Program Files\Reference Assemblies\Microsoft\RuntimeBroker.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:3332
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 11 /tr "'C:\Program Files\Reference Assemblies\Microsoft\RuntimeBroker.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:3060
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 13 /tr "'C:\Windows\Panther\actionqueue\RuntimeBroker.exe'" /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:2468
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Windows\Panther\actionqueue\RuntimeBroker.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:3820
    • C:\Windows\system32\schtasks.exe
      schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 10 /tr "'C:\Windows\Panther\actionqueue\RuntimeBroker.exe'" /rl HIGHEST /f
      1⤵
      • Process spawned unexpected child process
      • Creates scheduled task(s)
      PID:4980
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe"
      1⤵
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:4520
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffff75dab58,0x7ffff75dab68,0x7ffff75dab78
        2⤵
          PID:3184
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=1932,i,10493878173490385753,2790694115700871235,131072 /prefetch:2
          2⤵
            PID:3796
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1868 --field-trial-handle=1932,i,10493878173490385753,2790694115700871235,131072 /prefetch:8
            2⤵
              PID:4408
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2248 --field-trial-handle=1932,i,10493878173490385753,2790694115700871235,131072 /prefetch:8
              2⤵
                PID:4048
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3124 --field-trial-handle=1932,i,10493878173490385753,2790694115700871235,131072 /prefetch:1
                2⤵
                  PID:2344
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3132 --field-trial-handle=1932,i,10493878173490385753,2790694115700871235,131072 /prefetch:1
                  2⤵
                    PID:532
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4444 --field-trial-handle=1932,i,10493878173490385753,2790694115700871235,131072 /prefetch:1
                    2⤵
                      PID:2212
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4556 --field-trial-handle=1932,i,10493878173490385753,2790694115700871235,131072 /prefetch:8
                      2⤵
                        PID:4480
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4672 --field-trial-handle=1932,i,10493878173490385753,2790694115700871235,131072 /prefetch:8
                        2⤵
                          PID:3988
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4528 --field-trial-handle=1932,i,10493878173490385753,2790694115700871235,131072 /prefetch:8
                          2⤵
                            PID:3608
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4804 --field-trial-handle=1932,i,10493878173490385753,2790694115700871235,131072 /prefetch:8
                            2⤵
                              PID:4904
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4440 --field-trial-handle=1932,i,10493878173490385753,2790694115700871235,131072 /prefetch:8
                              2⤵
                                PID:3916
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4604 --field-trial-handle=1932,i,10493878173490385753,2790694115700871235,131072 /prefetch:1
                                2⤵
                                  PID:5032
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4172 --field-trial-handle=1932,i,10493878173490385753,2790694115700871235,131072 /prefetch:1
                                  2⤵
                                    PID:3860
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4804 --field-trial-handle=1932,i,10493878173490385753,2790694115700871235,131072 /prefetch:8
                                    2⤵
                                      PID:4728
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3112 --field-trial-handle=1932,i,10493878173490385753,2790694115700871235,131072 /prefetch:8
                                      2⤵
                                        PID:5104
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4624 --field-trial-handle=1932,i,10493878173490385753,2790694115700871235,131072 /prefetch:8
                                        2⤵
                                        • Modifies registry class
                                        PID:2868
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4660 --field-trial-handle=1932,i,10493878173490385753,2790694115700871235,131072 /prefetch:8
                                        2⤵
                                          PID:376
                                      • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                                        "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                                        1⤵
                                          PID:4592
                                        • C:\Windows\system32\AUDIODG.EXE
                                          C:\Windows\system32\AUDIODG.EXE 0x320 0x308
                                          1⤵
                                          • Suspicious use of AdjustPrivilegeToken
                                          PID:5092

                                        Network

                                        MITRE ATT&CK Enterprise v15

                                        Replay Monitor

                                        Loading Replay Monitor...

                                        Downloads

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
                                          Filesize

                                          720B

                                          MD5

                                          74a0197f853d3734488f136c6d082f3a

                                          SHA1

                                          a4032e5b5ea02ccc7137ecce6fbcaab59e40bcae

                                          SHA256

                                          3b815c49931b2f8569986218fe3fda784ae2b18d44856112786e9be74cb33f56

                                          SHA512

                                          d4fccecccd1b41c9a766797bb1cfe02be015b1cc285f1000d337b9687f82e97befdfb824d9665938f4ae30946239ead13a2553d1516e0581f19ca8e8dd7628b1

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\80e55cff-e03e-4abd-9591-7bb97bb746ce.tmp
                                          Filesize

                                          2B

                                          MD5

                                          d751713988987e9331980363e24189ce

                                          SHA1

                                          97d170e1550eee4afc0af065b78cda302a97674c

                                          SHA256

                                          4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                          SHA512

                                          b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                          Filesize

                                          356B

                                          MD5

                                          d381812f029f85d4a82be0161b343cbc

                                          SHA1

                                          38b98048ccdacc945bc918ace94d97d173baa3ec

                                          SHA256

                                          55cc0de4bcf24a25a3e9700c73001a0de7a6427281f33779e9d74ebebebcadc2

                                          SHA512

                                          1a0e0c3f9550f7eb85380de9c597e1c08df1e1b8fc6373aa70949da2094a960d7b89079253d5dba485be908002f40fab3e2b16d4495309ee10dee1060bae0e52

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                          Filesize

                                          692B

                                          MD5

                                          bcf02199b95907258a3192f319f30535

                                          SHA1

                                          314e6d08347f16c8047e44fc3807db82bd5e793a

                                          SHA256

                                          3d8baf73ebfc91c8c65ec779b56046b63945489083bcbb63e4e80392a5301d60

                                          SHA512

                                          1128292c690ec46252bfdf784e6b817050d032b32c132086c7a57a3edd1a7dac03a33c86332f948c4c8c0d7d567d8969e2c64b083a4ccb6493093e0611d235c3

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                          Filesize

                                          859B

                                          MD5

                                          6c2558e900bc47f5d4fa9c4d5a09202a

                                          SHA1

                                          19c8e918d3df9ae02697c615201b6498feb972a1

                                          SHA256

                                          4598197de0e9b837497211d0c3ec56dc543c46b1ce0735c263dadd051a151b38

                                          SHA512

                                          64b4aff01bd8025a9aecb67f3d30431df6437263ad7faddcbf9761500021a37dc5d788d84081f8cced6756ee83ca635c68311112cab9f5101b0faa0272ef8270

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\d9ad88c7-788f-43d2-95d8-5ad17563cbad.tmp
                                          Filesize

                                          4KB

                                          MD5

                                          5903c024a28d8ae91e2ae6a92821b537

                                          SHA1

                                          74f1a212965d8e4350aeafa14f9009cafa7e93d8

                                          SHA256

                                          6a809f77fae02767114c9c719b99935a6ff0b490c37978555641383d63ad264f

                                          SHA512

                                          af0094c380173ecfaa5e8d0735f13cdd4a1fd8227c21da81ec36f3c6e561e3086df9228ad239d80db494e02d7c656da700caf68304bb22bb3f79505cd0c67eeb

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                          Filesize

                                          7KB

                                          MD5

                                          a616483afa3c99b9580753de2f1daabc

                                          SHA1

                                          d85091f8f4c5a058ce440473bc78457ba7b9c92b

                                          SHA256

                                          9d65fb2f0a26cc8349d5c805f6c750b0c9884a1c3bd02b1941ea6685448ebc7e

                                          SHA512

                                          822300cf1a448496af72d2a28541555260a70e532a1b730536547e706adc0cfc762dafa0e9b9e8f771b986151b6ff1d76775f8e56ab92a0b5f3fda678acb60bb

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                          Filesize

                                          7KB

                                          MD5

                                          c3bd54b8a2b8b3a7ed21a43bd4bac9dc

                                          SHA1

                                          3394f1913d30d5873b140f9d4321fa63394d1983

                                          SHA256

                                          4ef7c6ee765c0bc3d36c9551f5f566c823358bf33cddccc56c44eeba5f4b5745

                                          SHA512

                                          2475636288d938b6b545d942fcaa4a12e461e9cc8605321da45b5e17b928e62ee50052ab3a3efbb207da4fc5ad0cb71750056e7444090295eef80eb6e4f52240

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                          Filesize

                                          8KB

                                          MD5

                                          3840675bd41b26cdfecb6546ed9f87ec

                                          SHA1

                                          b4ef57ea9d4c2aa613cb38fb6faadca352793ffd

                                          SHA256

                                          67a7e83b581a11e29350d7fe4801f11b799bea229ed5abeddd20fda63e562e7b

                                          SHA512

                                          c77ef72e54fc08d279051b52b601885598f23f66ef606911b1f15261a75ea642553d0c6d070d2431bf442c4a8f6ec3ebde78cace4a6d881325299fe8484d451a

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
                                          Filesize

                                          16KB

                                          MD5

                                          83a32e3ee0e368aa94a0afbfd43762e2

                                          SHA1

                                          3f9545af2bdce39af622d48f2ffc0d3c271dbe4a

                                          SHA256

                                          f70bb9a5ebb43ae614d61ec3ff53439d45dd835d3ff9fbd87729ae37843e0994

                                          SHA512

                                          83832de519bc7aab45cad392dc608c7393e63f33a55cc92a6b06a21fe0d66388d43619aed7d84677a625a41ff38045e92505148913b5f1d932a0d2575b5ca95a

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\7b6981e3-5851-433a-978b-bb220df6f291\d40dda17c15dd1b3_0
                                          Filesize

                                          2KB

                                          MD5

                                          a02d9854af41305d9d379b7da2e430ea

                                          SHA1

                                          3bc1d37722be54a982eb0ec9a947695b0ae99864

                                          SHA256

                                          2725e19b127b6adea4c98b2f347215ba590d9ec3761fc02ceb884117912e7848

                                          SHA512

                                          fcd8b58d03931b7f2f85f2cb2347b64eacda5743d3113baf7aeacd9b4a03f0a4f07de7db0e4b86e37bdfe22426cf9a73df13d7ae7be53c5034abf1413d904a0a

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\7b6981e3-5851-433a-978b-bb220df6f291\index-dir\the-real-index
                                          Filesize

                                          624B

                                          MD5

                                          794d28a3eee7910101f8b9d3f18e7c4d

                                          SHA1

                                          ab7e574742f4feb53e826cda5902c87e1229d1a0

                                          SHA256

                                          cb2c6f77cbcbaa6600f670f81dac7a9638de09fb7d8e82eff8e25b96e64a2de4

                                          SHA512

                                          794c73b5fc130f1837e31a9d1954f1698387d11e17f81bf896bbf67ed94612906579e9e1d36d5c363f2aee7d15afd993c9af15f2e2012351f14a86880df3f6aa

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\7b6981e3-5851-433a-978b-bb220df6f291\index-dir\the-real-index~RFe58ec01.TMP
                                          Filesize

                                          48B

                                          MD5

                                          84062a83280cb3d2c074b4c6638a05bb

                                          SHA1

                                          0c0c63c08a33cbc6086a4fb69416f80b62e0f5fe

                                          SHA256

                                          de256d2825c5a4637a6e75206402787e03991e98abd98712a65c67bbbdce1801

                                          SHA512

                                          3d98c189d7a435dd61e5aee1b1154a6eba723a112ff3594e172a1b3d607bf78cdb293e7a9f97ee0743cf762ce048acad38d6e5745ae4f77d6ee213365e5381c6

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\fec6ad1b-348a-4103-b789-66e8c8eeb78e\index-dir\the-real-index
                                          Filesize

                                          2KB

                                          MD5

                                          912516eb07fa80105b7ce054a4cd7bed

                                          SHA1

                                          326eb3519aabcfa244d9d17f658c62c1034fda08

                                          SHA256

                                          cef137a4fcbac3e349b2b0cf684ad4ea43b3f4e7dad11b9f439d3b55ead00ede

                                          SHA512

                                          937f5e4c5e5a1a8f65b230fcd8b69ba28ce18ab65913a4b175a5a4e872ab8bc24393f5d0518cf2da610bc00dbf422662823fd7115f27f73c9978afef3b2ef6c3

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\fec6ad1b-348a-4103-b789-66e8c8eeb78e\index-dir\the-real-index~RFe58fefc.TMP
                                          Filesize

                                          48B

                                          MD5

                                          76f8b09a32aeab56d403557eeff61de4

                                          SHA1

                                          d9b3dc33709a22e3501f5318435bdf37fbcfea68

                                          SHA256

                                          1c8695448485d6f6c3f5a55de77a98045b26d9e162cbf5e2580d643a612656fa

                                          SHA512

                                          31f8474996e2897cdee25b7143dc295d1f83652b74128d1482927fe144e39d019c7f8ae8588f0a4a1c6080454a3f4444c4e40e04d45852978c06ab2779f1e607

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
                                          Filesize

                                          176B

                                          MD5

                                          402523bdf85bf38d13d620b7c99781d1

                                          SHA1

                                          c0eaa450fa84f8264f0d26378fbba26937dee854

                                          SHA256

                                          9b69698e1af8337e1d74444ff6527bcf577c3daa001920668cb7e9b3e7c46159

                                          SHA512

                                          d9be56296f8e662142ac9fa0cc5e41ef02f606cb38088a98102372b8d3488d411ae9376fb1fffea7dd59357a5025ff1c3edfb5e7292b53d93b437f252d73a3f2

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
                                          Filesize

                                          112B

                                          MD5

                                          d6dcb12a9ee26a75f3fb9df43a4acd0c

                                          SHA1

                                          9130f62989e904f2fa466513b8ddacd73192247f

                                          SHA256

                                          dbc396e1bf48a8c34e329e02af57cc61430403fd239d4f3c539893c10ab423f5

                                          SHA512

                                          8f3b339d2c8983b93ce4653f412fb9ffc917fe1e57be83807ac1e263f37835c053f93787852ae1150b33dd0c1eed88a766e2fbfc980fdf50c24322a7b700011f

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
                                          Filesize

                                          183B

                                          MD5

                                          9b6dd1a537100411d4d386fdc0505ee6

                                          SHA1

                                          aa02c3d6e4f2c4a1258bee0166fcb4b57a94ef9c

                                          SHA256

                                          145d41b39ceab598d3addcd74e9a40e4ab6011ee630a6f51eef8a513f0ac0d66

                                          SHA512

                                          eb6f54b8ab83a660a88c92f95cd42b6b6242382a38a88939c98d17af18fc738b3a2a9a928c445309cd35f53b40cd42ac818d8e44f7c8d62defd92688b5588408

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
                                          Filesize

                                          186B

                                          MD5

                                          ae1c64c93a85a20bfb7c1857f907caf3

                                          SHA1

                                          5291772e3da8ff0dcbd5b8d9894c28e6c40d82ae

                                          SHA256

                                          2c3a1ded2282b45528c027b2b685c4146de7be596ea80eab84783c34fcb34ef0

                                          SHA512

                                          f2991a135a6deba3e676ddeb06155f2021529f801b94e2b099348b96ff3345b08ebfd0fb13ced738a773195fee7cd33b18807440e83c43575283f492a3663b7e

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe589381.TMP
                                          Filesize

                                          119B

                                          MD5

                                          cf863f6d94c58018c4be239a82e22264

                                          SHA1

                                          afa127305662b553f83a324e13212e6bbaedceba

                                          SHA256

                                          a46edf39b3ffc8f7b6c167c45460ce9826219ffed5444f05a406381405eda226

                                          SHA512

                                          459dd333652f54595a51118d01e7d0509850532b8522a47c9a4c9eeef7f4df9cdfb11db2a399b2cb1aec8cd7a1348996847461fbceaba89400174185e71bc431

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
                                          Filesize

                                          120B

                                          MD5

                                          74877c27d8b21ca04693b879fce91c6f

                                          SHA1

                                          41c227a7d1be20a5e5b97e4821b7b42297b33c48

                                          SHA256

                                          7a6456af83ffc6a3910b8a1563c0759c17a83b7ddb7df9492b86586298f73622

                                          SHA512

                                          8c50e9ab1c095d653419f494c1f7dad9ba508ef433c2d212888525f25f75d25a74d042098ed995ae01ff5fbee1272ee323c78aafdcfac92faf5bfadc0c8bcc7e

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4520_1240002705\Shortcuts Menu Icons\Monochrome\0\512.png
                                          Filesize

                                          2KB

                                          MD5

                                          12a429f9782bcff446dc1089b68d44ee

                                          SHA1

                                          e41e5a1a4f2950a7f2da8be77ca26a66da7093b9

                                          SHA256

                                          e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37

                                          SHA512

                                          1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4520_1240002705\Shortcuts Menu Icons\Monochrome\1\512.png
                                          Filesize

                                          10KB

                                          MD5

                                          7f57c509f12aaae2c269646db7fde6e8

                                          SHA1

                                          969d8c0e3d9140f843f36ccf2974b112ad7afc07

                                          SHA256

                                          1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f

                                          SHA512

                                          3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4520_304493042\Icons Monochrome\16.png
                                          Filesize

                                          216B

                                          MD5

                                          a4fd4f5953721f7f3a5b4bfd58922efe

                                          SHA1

                                          f3abed41d764efbd26bacf84c42bd8098a14c5cb

                                          SHA256

                                          c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3

                                          SHA512

                                          7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                          Filesize

                                          261KB

                                          MD5

                                          0fb7a209b4879926a2fc47d28b8ab206

                                          SHA1

                                          b3879883d4001d0cbeb5c0e384be2d7596bbf16c

                                          SHA256

                                          482e2743b5be4ef58e9f3e104e00624474030111dc0a53932cabae0affb3f5f9

                                          SHA512

                                          bb2e5d56de688986d0280ed4d55a1c0792a40f11229b95d1bce24f690f4b7e5287c95f19fd6964a1ae51622b8a2858159ea6486e3edbc8d1806a905235feea51

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
                                          Filesize

                                          90KB

                                          MD5

                                          82689d804638968b3691274dd3b72063

                                          SHA1

                                          d730399d95a16e33669f765c1c4cf87930f92422

                                          SHA256

                                          1a8db9c9b19910694436a50a61378afe8e4cc1e3e28863abbf8e16f72f337800

                                          SHA512

                                          02dbf35f8da148cf5697b8d67e76caa615d72e44393a301976c2f6b3d998edff9e8a91d37435135eae43d8b19a38a80abd630149bd4aa3d3fe94d891b6133757

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe595bf1.TMP
                                          Filesize

                                          89KB

                                          MD5

                                          46516e4c9016b77af2f73b46a56ecc14

                                          SHA1

                                          6ba6ce8bfe440620c32825533a2909fb7dd9219b

                                          SHA256

                                          a83fed4bf348c2df9008508a3928688df85b5007e44f8cd9fe2df750e2fb5b10

                                          SHA512

                                          29a245916a634dc6afae148ec33123347879bd9f885ebfd5cffca0871f0d28a93f90f3a6b6a0a43fdd6f55d95d5edd666842e96db47b24b9c81ac746975c36b5

                                        • C:\Users\Admin\AppData\Local\Temp\EJw9Wgz0Nc.bat
                                          Filesize

                                          204B

                                          MD5

                                          89115e5f83155cc6cbb08538cdcc2343

                                          SHA1

                                          7c836125949f06fb0c7b107b14212f9a01968eae

                                          SHA256

                                          e619dc8c7b68c8841815370f544acb834a11b8907a8543895ccfefb658de1c3c

                                          SHA512

                                          2a500deee7ad1c3fb213240461277967a521717abb267c38cd328fc962b140f36d85673909f61f88ca49c83907121258fe9e99a443d811302e10cdbfce132fcd

                                        • C:\portagentbrowserweb\6X9rFgrS3wv5iM7PLkmLFP1j.bat
                                          Filesize

                                          157B

                                          MD5

                                          c8f8a078dace2ff4cb106803c9199643

                                          SHA1

                                          a5029ff4c4f0f24b0fbe2951c9a8002501ebd3b5

                                          SHA256

                                          1b99d39fa273f33b072c67e0df7d33b1699fa17b7c7139467a658302a5ed0e0d

                                          SHA512

                                          efaea3b4653768bbd135a0ec55319df2464f1d440ad982f31a5eff05c5ba5032f4718683ff6419c668bf1f34a117b5a101f56d1efc1d74ad93e692c52686f999

                                        • C:\portagentbrowserweb\Containerruntime.exe
                                          Filesize

                                          1.2MB

                                          MD5

                                          5887a563351ca99247b7e2c448bd9f2e

                                          SHA1

                                          b24695e88143863297535989900bb7521ea86d67

                                          SHA256

                                          e74cbd74c838db604926e27322342c02f803b95f98680d4089b5c01ed93fb390

                                          SHA512

                                          b7d82bd09ba64891b75bbb9356de74a1ed0835709a391698c1301825777418f57e4f2ae3c260d3f7b6ada05d0e7ddeb4a6b75901fdf53bdd82ffa2febb685107

                                        • C:\portagentbrowserweb\WRLLAAz5wgYRSh1EMNi6f5aM.vbe
                                          Filesize

                                          220B

                                          MD5

                                          61a07f2f9e8e9b1f5175b2d60c3e3f18

                                          SHA1

                                          e695b0c2b43c786453bf3f6ae504f0626951d281

                                          SHA256

                                          5c75708ec9e4fe419a2fd1067bd5793bacb28140177cc6b36300fbf28e7c23d1

                                          SHA512

                                          8ef3529f6bf504224e7803019f1e162aead7961bc1a5115f50fb5f580570e8b04707da21a7aab4eb7f1554a3b5333597fb3335e5f6a74dabfdb0583eecb35b5d

                                        • \??\pipe\crashpad_4520_LIKIKYIAJXBXWHJV
                                          MD5

                                          d41d8cd98f00b204e9800998ecf8427e

                                          SHA1

                                          da39a3ee5e6b4b0d3255bfef95601890afd80709

                                          SHA256

                                          e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                          SHA512

                                          cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                        • memory/5112-15-0x000000001BD80000-0x000000001BDD0000-memory.dmp
                                          Filesize

                                          320KB

                                        • memory/5112-12-0x00007FFFFC943000-0x00007FFFFC945000-memory.dmp
                                          Filesize

                                          8KB

                                        • memory/5112-13-0x0000000000960000-0x0000000000A92000-memory.dmp
                                          Filesize

                                          1.2MB

                                        • memory/5112-17-0x000000001B6E0000-0x000000001B6EC000-memory.dmp
                                          Filesize

                                          48KB

                                        • memory/5112-16-0x000000001B6C0000-0x000000001B6D6000-memory.dmp
                                          Filesize

                                          88KB

                                        • memory/5112-14-0x0000000002B20000-0x0000000002B3C000-memory.dmp
                                          Filesize

                                          112KB