06693efbcf7024eb07f918f0972eecf05d3eefdffc70d6cc24f627a0a1992b29

Analysis

max time kernel
246s
max time network
301s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
04-06-2024 05:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Loader.exe
Size

1.4MB
MD5

333820706e661defdc1185858d44b5c0
SHA1

5da5320fa35e8104d56a792ef72bd390f9bb6acd
SHA256

06693efbcf7024eb07f918f0972eecf05d3eefdffc70d6cc24f627a0a1992b29
SHA512

7c16d2116ebe9f7eaf847f7f57c28e81fc60ccf4686ddd74bcf93057a6d4b4df80e54d848f1322c084385e6f57da97c5754531c08e2493be1c999353841922c8
SSDEEP

24576:mJkC8BOJyvqvKMqnPKixoftztHm1UuPL9R9KWyYyAIZx/o1QN7nOA6oW5gwVdN9P:aKMrNt5HQUuPLL9ryLoe5nOtoWfVZ

Score

7^/10

agilenet

Malware Config

Signatures

Loads dropped DLL 3 IoCs

Processes:

ExternalSpoofer.exeExternalSpoofer.exeLoader.exe

pid process

5992 ExternalSpoofer.exe
1556 ExternalSpoofer.exe
6664 Loader.exe

pid	process
5992	ExternalSpoofer.exe
1556	ExternalSpoofer.exe
6664	Loader.exe

Obfuscated with Agile.Net obfuscator 35 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

Processes:

resource	yara_rule
C:\Users\Admin\Downloads\ExternalDownloads-main.zip.crdownload	agile_net
behavioral2/memory/5992-424-0x0000000005470000-0x000000000564C000-memory.dmp	agile_net
behavioral2/memory/5992-479-0x0000000005470000-0x0000000005648000-memory.dmp	agile_net
behavioral2/memory/5992-490-0x0000000005470000-0x0000000005648000-memory.dmp	agile_net
behavioral2/memory/5992-495-0x0000000005470000-0x0000000005648000-memory.dmp	agile_net
behavioral2/memory/5992-493-0x0000000005470000-0x0000000005648000-memory.dmp	agile_net
behavioral2/memory/5992-491-0x0000000005470000-0x0000000005648000-memory.dmp	agile_net
behavioral2/memory/5992-487-0x0000000005470000-0x0000000005648000-memory.dmp	agile_net
behavioral2/memory/5992-483-0x0000000005470000-0x0000000005648000-memory.dmp	agile_net
behavioral2/memory/5992-485-0x0000000005470000-0x0000000005648000-memory.dmp	agile_net
behavioral2/memory/5992-481-0x0000000005470000-0x0000000005648000-memory.dmp	agile_net
behavioral2/memory/5992-477-0x0000000005470000-0x0000000005648000-memory.dmp	agile_net
behavioral2/memory/5992-473-0x0000000005470000-0x0000000005648000-memory.dmp	agile_net
behavioral2/memory/5992-471-0x0000000005470000-0x0000000005648000-memory.dmp	agile_net
behavioral2/memory/5992-469-0x0000000005470000-0x0000000005648000-memory.dmp	agile_net
behavioral2/memory/5992-467-0x0000000005470000-0x0000000005648000-memory.dmp	agile_net
behavioral2/memory/5992-465-0x0000000005470000-0x0000000005648000-memory.dmp	agile_net
behavioral2/memory/5992-463-0x0000000005470000-0x0000000005648000-memory.dmp	agile_net
behavioral2/memory/5992-461-0x0000000005470000-0x0000000005648000-memory.dmp	agile_net
behavioral2/memory/5992-459-0x0000000005470000-0x0000000005648000-memory.dmp	agile_net
behavioral2/memory/5992-458-0x0000000005470000-0x0000000005648000-memory.dmp	agile_net
behavioral2/memory/5992-455-0x0000000005470000-0x0000000005648000-memory.dmp	agile_net
behavioral2/memory/5992-453-0x0000000005470000-0x0000000005648000-memory.dmp	agile_net
behavioral2/memory/5992-451-0x0000000005470000-0x0000000005648000-memory.dmp	agile_net
behavioral2/memory/5992-449-0x0000000005470000-0x0000000005648000-memory.dmp	agile_net
behavioral2/memory/5992-447-0x0000000005470000-0x0000000005648000-memory.dmp	agile_net
behavioral2/memory/5992-443-0x0000000005470000-0x0000000005648000-memory.dmp	agile_net
behavioral2/memory/5992-441-0x0000000005470000-0x0000000005648000-memory.dmp	agile_net
behavioral2/memory/5992-439-0x0000000005470000-0x0000000005648000-memory.dmp	agile_net
behavioral2/memory/5992-437-0x0000000005470000-0x0000000005648000-memory.dmp	agile_net
behavioral2/memory/5992-435-0x0000000005470000-0x0000000005648000-memory.dmp	agile_net
behavioral2/memory/5992-434-0x0000000005470000-0x0000000005648000-memory.dmp	agile_net
behavioral2/memory/5992-475-0x0000000005470000-0x0000000005648000-memory.dmp	agile_net
behavioral2/memory/5992-445-0x0000000005470000-0x0000000005648000-memory.dmp	agile_net
behavioral2/memory/1724-17703-0x00000000059F0000-0x0000000005BCC000-memory.dmp	agile_net

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

3212 3004 WerFault.exe Loader.exe
Delays execution with timeout.exe 4 IoCs
evasion

Processes:

timeout.exetimeout.exetimeout.exetimeout.exe

pid process

5048 timeout.exe
5368 timeout.exe
5092 timeout.exe
6896 timeout.exe

pid	pid_target	process	target process
3212	3004	WerFault.exe	Loader.exe

pid	process
5048	timeout.exe
5368	timeout.exe
5092	timeout.exe
6896	timeout.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133619529382084123"	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

chrome.exechrome.exemsedge.exe

pid process

4892 chrome.exe
4892 chrome.exe
4892 chrome.exe
4892 chrome.exe
3360 chrome.exe
3360 chrome.exe
5136 msedge.exe
5136 msedge.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

chrome.exe

pid process

4892 chrome.exe
4892 chrome.exe
4892 chrome.exe
4892 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

Processes:

chrome.exe

pid	process
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4892 wrote to memory of 1692	4892	chrome.exe	chrome.exe
PID 4892 wrote to memory of 1692	4892	chrome.exe	chrome.exe
PID 4892 wrote to memory of 1784	4892	chrome.exe	chrome.exe
PID 4892 wrote to memory of 1784	4892	chrome.exe	chrome.exe
PID 4892 wrote to memory of 1784	4892	chrome.exe	chrome.exe
PID 4892 wrote to memory of 1784	4892	chrome.exe	chrome.exe
PID 4892 wrote to memory of 1784	4892	chrome.exe	chrome.exe
PID 4892 wrote to memory of 1784	4892	chrome.exe	chrome.exe
PID 4892 wrote to memory of 1784	4892	chrome.exe	chrome.exe
PID 4892 wrote to memory of 1784	4892	chrome.exe	chrome.exe
PID 4892 wrote to memory of 1784	4892	chrome.exe	chrome.exe
PID 4892 wrote to memory of 1784	4892	chrome.exe	chrome.exe
PID 4892 wrote to memory of 1784	4892	chrome.exe	chrome.exe
PID 4892 wrote to memory of 1784	4892	chrome.exe	chrome.exe
PID 4892 wrote to memory of 1784	4892	chrome.exe	chrome.exe
PID 4892 wrote to memory of 1784	4892	chrome.exe	chrome.exe
PID 4892 wrote to memory of 1784	4892	chrome.exe	chrome.exe
PID 4892 wrote to memory of 1784	4892	chrome.exe	chrome.exe
PID 4892 wrote to memory of 1784	4892	chrome.exe	chrome.exe
PID 4892 wrote to memory of 1784	4892	chrome.exe	chrome.exe
PID 4892 wrote to memory of 1784	4892	chrome.exe	chrome.exe
PID 4892 wrote to memory of 1784	4892	chrome.exe	chrome.exe
PID 4892 wrote to memory of 1784	4892	chrome.exe	chrome.exe
PID 4892 wrote to memory of 1784	4892	chrome.exe	chrome.exe
PID 4892 wrote to memory of 1784	4892	chrome.exe	chrome.exe
PID 4892 wrote to memory of 1784	4892	chrome.exe	chrome.exe
PID 4892 wrote to memory of 1784	4892	chrome.exe	chrome.exe
PID 4892 wrote to memory of 1784	4892	chrome.exe	chrome.exe
PID 4892 wrote to memory of 1784	4892	chrome.exe	chrome.exe
PID 4892 wrote to memory of 1784	4892	chrome.exe	chrome.exe
PID 4892 wrote to memory of 1784	4892	chrome.exe	chrome.exe
PID 4892 wrote to memory of 1784	4892	chrome.exe	chrome.exe
PID 4892 wrote to memory of 1784	4892	chrome.exe	chrome.exe
PID 4892 wrote to memory of 3248	4892	chrome.exe	chrome.exe
PID 4892 wrote to memory of 3248	4892	chrome.exe	chrome.exe
PID 4892 wrote to memory of 3804	4892	chrome.exe	chrome.exe
PID 4892 wrote to memory of 3804	4892	chrome.exe	chrome.exe
PID 4892 wrote to memory of 3804	4892	chrome.exe	chrome.exe
PID 4892 wrote to memory of 3804	4892	chrome.exe	chrome.exe
PID 4892 wrote to memory of 3804	4892	chrome.exe	chrome.exe
PID 4892 wrote to memory of 3804	4892	chrome.exe	chrome.exe
PID 4892 wrote to memory of 3804	4892	chrome.exe	chrome.exe
PID 4892 wrote to memory of 3804	4892	chrome.exe	chrome.exe
PID 4892 wrote to memory of 3804	4892	chrome.exe	chrome.exe
PID 4892 wrote to memory of 3804	4892	chrome.exe	chrome.exe
PID 4892 wrote to memory of 3804	4892	chrome.exe	chrome.exe
PID 4892 wrote to memory of 3804	4892	chrome.exe	chrome.exe
PID 4892 wrote to memory of 3804	4892	chrome.exe	chrome.exe
PID 4892 wrote to memory of 3804	4892	chrome.exe	chrome.exe
PID 4892 wrote to memory of 3804	4892	chrome.exe	chrome.exe
PID 4892 wrote to memory of 3804	4892	chrome.exe	chrome.exe
PID 4892 wrote to memory of 3804	4892	chrome.exe	chrome.exe
PID 4892 wrote to memory of 3804	4892	chrome.exe	chrome.exe
PID 4892 wrote to memory of 3804	4892	chrome.exe	chrome.exe
PID 4892 wrote to memory of 3804	4892	chrome.exe	chrome.exe
PID 4892 wrote to memory of 3804	4892	chrome.exe	chrome.exe
PID 4892 wrote to memory of 3804	4892	chrome.exe	chrome.exe
PID 4892 wrote to memory of 3804	4892	chrome.exe	chrome.exe
PID 4892 wrote to memory of 3804	4892	chrome.exe	chrome.exe
PID 4892 wrote to memory of 3804	4892	chrome.exe	chrome.exe
PID 4892 wrote to memory of 3804	4892	chrome.exe	chrome.exe
PID 4892 wrote to memory of 3804	4892	chrome.exe	chrome.exe
PID 4892 wrote to memory of 3804	4892	chrome.exe	chrome.exe
PID 4892 wrote to memory of 3804	4892	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\Loader.exe
"C:\Users\Admin\AppData\Local\Temp\Loader.exe"
1⤵
PID:3004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 1072
2⤵
- Program crash
PID:3212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 3004 -ip 3004
1⤵
PID:776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4892

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffba326ab58,0x7ffba326ab68,0x7ffba326ab78
2⤵
PID:1692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1840 --field-trial-handle=1940,i,11184969604782893602,704058534111205446,131072 /prefetch:2
2⤵
PID:1784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1940,i,11184969604782893602,704058534111205446,131072 /prefetch:8
2⤵
PID:3248

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1916 --field-trial-handle=1940,i,11184969604782893602,704058534111205446,131072 /prefetch:8
2⤵
PID:3804

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3112 --field-trial-handle=1940,i,11184969604782893602,704058534111205446,131072 /prefetch:1
2⤵
PID:368

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3144 --field-trial-handle=1940,i,11184969604782893602,704058534111205446,131072 /prefetch:1
2⤵
PID:2468

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4264 --field-trial-handle=1940,i,11184969604782893602,704058534111205446,131072 /prefetch:1
2⤵
PID:1272

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3632 --field-trial-handle=1940,i,11184969604782893602,704058534111205446,131072 /prefetch:8
2⤵
PID:2432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4604 --field-trial-handle=1940,i,11184969604782893602,704058534111205446,131072 /prefetch:8
2⤵
PID:2060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4596 --field-trial-handle=1940,i,11184969604782893602,704058534111205446,131072 /prefetch:8
2⤵
PID:1888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4480 --field-trial-handle=1940,i,11184969604782893602,704058534111205446,131072 /prefetch:8
2⤵
PID:996

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 --field-trial-handle=1940,i,11184969604782893602,704058534111205446,131072 /prefetch:8
2⤵
PID:1500

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4568 --field-trial-handle=1940,i,11184969604782893602,704058534111205446,131072 /prefetch:8
2⤵
PID:1280

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4928 --field-trial-handle=1940,i,11184969604782893602,704058534111205446,131072 /prefetch:8
2⤵
PID:3136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 --field-trial-handle=1940,i,11184969604782893602,704058534111205446,131072 /prefetch:8
2⤵
PID:3440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1928 --field-trial-handle=1940,i,11184969604782893602,704058534111205446,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3360

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=1288 --field-trial-handle=1940,i,11184969604782893602,704058534111205446,131072 /prefetch:1
2⤵
PID:4332

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3360 --field-trial-handle=1940,i,11184969604782893602,704058534111205446,131072 /prefetch:8
2⤵
PID:4940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4456 --field-trial-handle=1940,i,11184969604782893602,704058534111205446,131072 /prefetch:8
2⤵
PID:1292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5072 --field-trial-handle=1940,i,11184969604782893602,704058534111205446,131072 /prefetch:8
2⤵
PID:1724

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4324

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x31c 0x4fc
1⤵
PID:4964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault0c7e8328h290bh48dch8828h8de19473f224
1⤵
PID:4728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffb9f8546f8,0x7ffb9f854708,0x7ffb9f854718
2⤵
PID:4456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,4121639710176403008,10261588371396824729,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
2⤵
PID:5128

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,4121639710176403008,10261588371396824729,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,4121639710176403008,10261588371396824729,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
2⤵
PID:5216

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5396

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5436

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5716

C:\Users\Admin\Downloads\ExternalDownloads-main\ExternalDownloads-main\ex\ExternalSpoofer.exe
"C:\Users\Admin\Downloads\ExternalDownloads-main\ExternalDownloads-main\ex\ExternalSpoofer.exe"
1⤵
- Loads dropped DLL
PID:5992

C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c start cmd /C "color b && title Error && echo Application not found && timeout /t 5"
2⤵
PID:6748

C:\Windows\SysWOW64\cmd.exe
cmd /C "color b && title Error && echo Application not found && timeout /t 5"
3⤵
PID:8124

C:\Windows\SysWOW64\timeout.exe
timeout /t 5
4⤵
- Delays execution with timeout.exe
PID:6896

C:\Users\Admin\Downloads\ExternalDownloads-main\ExternalDownloads-main\ex\ExternalSpoofer.exe
"C:\Users\Admin\Downloads\ExternalDownloads-main\ExternalDownloads-main\ex\ExternalSpoofer.exe"
1⤵
- Loads dropped DLL
PID:1556

C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c start cmd /C "color b && title Error && echo Application not found && timeout /t 5"
2⤵
PID:5548

C:\Windows\SysWOW64\cmd.exe
cmd /C "color b && title Error && echo Application not found && timeout /t 5"
3⤵
PID:4612

C:\Windows\SysWOW64\timeout.exe
timeout /t 5
4⤵
- Delays execution with timeout.exe
PID:5368

C:\Users\Admin\Downloads\ExternalDownloads-main\ExternalDownloads-main\ex\Loader.exe
"C:\Users\Admin\Downloads\ExternalDownloads-main\ExternalDownloads-main\ex\Loader.exe"
1⤵
- Loads dropped DLL
PID:6664

C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c start cmd /C "color b && title Error && echo Application not found && timeout /t 5"
2⤵
PID:5512

C:\Windows\SysWOW64\cmd.exe
cmd /C "color b && title Error && echo Application not found && timeout /t 5"
3⤵
PID:4524

C:\Windows\SysWOW64\timeout.exe
timeout /t 5
4⤵
- Delays execution with timeout.exe
PID:5092

C:\Users\Admin\Downloads\ExternalDownloads-main\ExternalDownloads-main\External\Loader.exe
"C:\Users\Admin\Downloads\ExternalDownloads-main\ExternalDownloads-main\External\Loader.exe"
1⤵
PID:1724

C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c start cmd /C "color b && title Error && echo Application not found && timeout /t 5"
2⤵
PID:5144

C:\Windows\SysWOW64\cmd.exe
cmd /C "color b && title Error && echo Application not found && timeout /t 5"
3⤵
PID:6516

C:\Windows\SysWOW64\timeout.exe
timeout /t 5
4⤵
- Delays execution with timeout.exe
PID:5048

C:\Users\Admin\Downloads\ExternalDownloads-main\ExternalDownloads-main\ex\Usermode\AMIDEWINx64.EXE
"C:\Users\Admin\Downloads\ExternalDownloads-main\ExternalDownloads-main\ex\Usermode\AMIDEWINx64.EXE"
1⤵
PID:6108

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\ExternalDownloads-main\ExternalDownloads-main\ex\Usermode\gpu.bat" "
1⤵
PID:6556

C:\Users\Admin\Downloads\ExternalDownloads-main\ExternalDownloads-main\ex\Usermode\GPU-UUID-Changer.exe
GPU-UUID-Changer.exe GPU.sys
2⤵
PID:7448

C:\Users\Admin\Downloads\ExternalDownloads-main\ExternalDownloads-main\ex\Usermode\SMBIOSMapper.exe
"C:\Users\Admin\Downloads\ExternalDownloads-main\ExternalDownloads-main\ex\Usermode\SMBIOSMapper.exe"
1⤵
PID:5556

C:\Users\Admin\Downloads\ExternalDownloads-main\ExternalDownloads-main\ex\Usermode\GPU-UUID-Changer.exe
"C:\Users\Admin\Downloads\ExternalDownloads-main\ExternalDownloads-main\ex\Usermode\GPU-UUID-Changer.exe"
1⤵
PID:8000

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029
Filesize
21KB

MD5
b1dfa46eee24480e9211c9ef246bbb93

SHA1
80437c519fac962873a5768f958c1c350766da15

SHA256
fc79a40b2172a04a5c2fe0d5111ebeb401b9a84ce80c6e9e5b96c9c73c9b0398

SHA512
44aefedf8a4c0c8cbc43c1260dc2bbc4605f83a189b6ef50e99058f54a58b61eb88af3f08164671bad4bd9c5e3b97b755f2fa433490bef56aa15cdf37fb412b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c
Filesize
17KB

MD5
950eca48e414acbe2c3b5d046dcb8521

SHA1
1731f264e979f18cdf08c405c7b7d32789a6fb59

SHA256
c0bbe530abfce19e06697bc4358eb426e076ccdb9113e22df4a6f32085da67a2

SHA512
27e55525ade4d099a6881011f6e2e0d5d3a9ca7181f4f014dc231d40b3b1907d0d437b0c44d336c25dd7b73209cd773b8563675ac260c43c7752e2d2d694d4d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
72B

MD5
468b18753dc1f60ca3beafe2b972ef9d

SHA1
50a4fb64881f22d728cd0e778780cb26895b2859

SHA256
edc2b81570ea942c0788d3569b505a971e6dfcc3230ab33d2f7486a5fb8193da

SHA512
21fdec1f1e59f69cf41b0b0a2a66e954633a1f4cd10816aae6dd245a87b2a2deeaec31979c666a06b8e592fd682ad4ce85eca99380e32b4197b43015eff11899

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
a2e468e8edc290c1e0bde59087fa08ab

SHA1
d2c20d24f2510342d21a19312b60d14d07332f95

SHA256
e35f403b61d65c91d2334af7a73645e88bf5cd55ccf317534ea475613a8194c2

SHA512
8aa0b8e4675d37960cb347e0ef7a715653e9d90bd1615780449fd17767895db2e24b5257d79c2f45162c5d492ccbc1e06fa524dcf6e82dc3a131083223bfa782

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
c6a1820d607ef5eb1e45516224d4a8bd

SHA1
39f57e39284ca4a6e24e56c3fb4b7ff5ec3aee5e

SHA256
6d101f59d964f571bb2737fae0f70ba8dfd7076db46b1abce17a62e5191d8335

SHA512
e95c1f4e30095c0e4183df0661c10f62d837b617d8385cf103999810a3aed32147a3e9f1dd075da64cb303c4fc34a81c27b7bdc81f20d890a6a9b5131d935451

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
12f2a36695241c834e34f9951d69a532

SHA1
ac328e0d9a1a4077b5ca7f35eda03f1b40455983

SHA256
ccad73847e15affc639f0ac3c61434bfc543177388a748f1ff796c0445645830

SHA512
244e8ebd09b5a23121e532c20080f831ca81080e49ab5cd4cabb473bbd6db568b0eaabcaba984f73b1e631ff5c6c34ab12cdf98da69ba2cfaf52101e16288155

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\a301bb90-ce9d-4660-a132-1c734a18d483.tmp
Filesize
523B

MD5
b40cad688bf1ffdc52d22ea2b3e7ae13

SHA1
a253b74223d65392422234cadee70fc187d5a577

SHA256
d4c5870c55845f85e22432a57d5173e4caf93e090d661111861db75f3c8070aa

SHA512
34af5abc5c3b1c3e399c4bafeff7bee99ce8ae0ddd156fbea5581d75fdf1e032ded5ad670ec00a82524be1334a32b6afc2ed0dce295f421f88b9e2e33e06804d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
7cc8f55c14900492a5f06b85341cefbe

SHA1
9695e3e350ee2532c2e58ae0ff69e4e0c704c99d

SHA256
511a08722b8a40920dc4ef3c52cb2f5c190a762bc2cb040a831ddf4a77b1ca2b

SHA512
deffa19a7a959f16319df8bb849c5dd7ed87ca6668b55f7bd4831444acf6cdbdebb91933e32f4ce9731c35cc450ed4b4cfaf5f946531212f9b490ae3d0b2fa5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
f5015f357d8874dc3d048829ff7e87a6

SHA1
072ccde77aacd98e44441b2a0f2de4b3531c0a87

SHA256
a4263ea19f22722b032829636c6a3caf10b1500b9d5a8aa56a85d5ff1157cec0

SHA512
bce288331b948f977fd7024e02124eae125b95eab1e2bd0b2cbb110fddbcbf1608f2d3655b51a2e299496426c0b7486761a61c0314190979e4dcadb52d9a5aff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
373033598adbd39833d1403f22ebe9be

SHA1
ae8c081fa79ab4d4c4b2d48aa3a5ca291b451c38

SHA256
194f34c8275bdea53b2713e9f562517a395e4a7b919b6ea82d3fb06f6e86d8f4

SHA512
e80165d34b856baac2df41cf6e48b77f799547f64896f5fc419e5da60499caa74f05fe662777458a588508eb64d03cb3fdbcc0b422b9b7927571b753299c9998

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
16KB

MD5
8ac5b29b51bd2ad652296f375a1c90cf

SHA1
6c3421b6774631ba2039332cb328009625af2f25

SHA256
11207ca50a03281a6743dbad09c03fc40cd7c852c8544c413e692b4b4fb33b63

SHA512
905f4e68d903724b4bb3d2c42724947508ce8dff126e0e6e0c66441a7950aa31ec432fa748ef0bfa36bf5fbb43dfa2c78c328f5fe565e6e3f684fba47486c24a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
72B

MD5
8513c59d4a3d1ee201906b3bd3000532

SHA1
0d71cd1b78b0784c0ec54176d5379a0c8ef06df5

SHA256
24d4230c6a7a10dd40fb6435d66831f97df982c205a7b1eaf9ed654a0df1ad60

SHA512
a8e875284c83ae81882090acbc05790e2ae8a70e7d8bc07f275d5daa34cd921a0905b376088c5704fa8c084a6e6781af13a0645aba872d87a27c4c90b662b70e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59be74.TMP
Filesize
48B

MD5
20951cac3a122e5bbe2cb950cac59092

SHA1
63cd4a8a69aa1023d587e9366b891d7d4d63da68

SHA256
331195a2a0c18b088e2e6a18f2eb7924d80d825d2145e3bd10062d24b9465751

SHA512
b750db15e1581cbaf596dd66a79d181b306591a18a0f260476a5fc7c971d704d32d51039b15fd769fd119c675a37be367f974ad7dfc84d1b70ba826ef6624594

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
261KB

MD5
9478d8dfa1fdf17ecd5dd114ffd74031

SHA1
f8d68b4798555be401b2839250a1583f33e26988

SHA256
af7f2c6a8a06bc5ba7eabb8888c59074bde01cf2d2fdd86ebc8aa493bfb644a9

SHA512
4f0e12082fdd93d793185da467e03c2699f5f65bd774dcbeca55c4421f95797e4cd6ddef153c588698230e5e325b9406b99c6c9de717672facc673d51f6bf807

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
262KB

MD5
d743d4d400b9b8afdf18a12e4e08140e

SHA1
566cc3af355889f456d6d8353c0bd5cb2ad4ad13

SHA256
3b1528eb6b74b61971c82c9736ec67c24423d7969e77ddd24476b98879a58545

SHA512
153070b1259ca366b38ee0f505fc8b0d06965f12de948b4d55f1f9587ad668503f46a8bc671ad7c8fd0c20c78eb6843dc9a38cc83eba6a6cc0859bdff1159067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
281KB

MD5
7213157e6880573c1d0a61caf94a742a

SHA1
f7bf87113d350db17388a7e9d4a09dde94ff427d

SHA256
1c8ce378720aa4fa23e9b1175535857e2561dcac7929cd41ce41603962bea730

SHA512
8e544ac0ab0ba76d5ca8ac47ac9d5841f0f489e3e99dff13dd3301895439cd43d1ee941986ae7b383a847ec95d221af6eb95e991679acbc9bb564059df392654

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
257KB

MD5
173414576e1d1689204efb3a09deb821

SHA1
de1fe06579c1e965ecec3685842f94c0a1f3ff4c

SHA256
c6e8381f044564c576324fa096ae83c9fa454e5ee8ef591e60f191daa1fef92a

SHA512
d617e6918a7e27180011af886ac4c880055f432f967e7061ce865923e234492f7aea65a5f4bf986466eba179ef0a3f6b025788eb68ce4fc38c59827bad5f842b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
96KB

MD5
0e07f8d3c6e5791cb0d6395e4cc25d21

SHA1
faa50579224cce68c08712743c21539230ca852e

SHA256
85cfac5ffc87695d80e42f2a4743461fbfe3fc218df7fbac4c22247b09e710e3

SHA512
df2f839c52740e6991ea1fa02cf7f51643f7821e9721bb1f1f2837c8032fed528e6af2f83ec4045ea45f34ccec13a181e07628b15a381b385b678e0b8ac62cec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
90KB

MD5
0db4d0a50df9efb7bbadb0d6f49de9b4

SHA1
d6178fa0a429772f5d4190b5831ea98c9ea9d652

SHA256
8629d5f346176a1a7abcb1770a61dc80481a83e552d315352fa8e1472cebfd9a

SHA512
465e230b52337265844cf2f26842d0867dfedbe1cfac00786d1ba44a055af92b2f72fc29b6b07786c682d022c7ee28008cfb59e0bc29bb93e812b8cab3ec90eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57f405.TMP
Filesize
87KB

MD5
eecb87bafbef077a984b6cfb3bb732ea

SHA1
2cae91f6727a5aef257739b38aa4e35dae9b7c9e

SHA256
d930cdcde9258aadb4f1e710b4baa252b6ab09cc20175d346b4457484dcb2dd9

SHA512
688c4d5ef52a324005bc04cc0c579b84d6625d5f941a909b61ecfa97d6bb81dbb81df70f6228dcec622a00f1231438cc42c90d2b60411055f46272c8e00548f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ExternalSpoofer.exe.log
Filesize
1KB

MD5
9d137b9f8f11ed42481bdb298e0a894d

SHA1
90cb45ef8f80b80fafd58d0d567964bfb02f9e54

SHA256
e157945c0f009c6c2747c44f976a749aed25e5ae42fcbeffa0725756fd7cf68e

SHA512
af4d2d2c6bd5407a1f901dc9134fa2f98c37f9038632fd599bea475544cd82b6b3603b5e4ad1617e4a416c9ccc2ff5818a40d9f0dd354242ad069949d451244f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Loader.exe.log
Filesize
1KB

MD5
dc6bbb85c2fe52160940269dbc17de6d

SHA1
2ffc10c936d3e52d4a2bb12d25a5c93579536c2d

SHA256
d8fd1e5fe5e7a0e52f81f17c12616aedaf8c414cade0a50d92c82fc965e88727

SHA512
e8e50166018ed1a3ef3b1b52775135d7f32cb7bddc4e99c126399853ffab086446aa881ac654b5b3ae5a95bef982ada282ff1bf9822e19c4bb6ebd757440b9ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
55f0eaee85d254ce286a936b4ba53636

SHA1
01947c3e1f0b7486adf06f19e4e67e36225645ac

SHA256
39caff3f8692c032a309165e0c3b6518a2875c2065f3fe3a400d3963a299de48

SHA512
7fde0a10ca43fc02b64aa5e2e0397bc8477834578890e857f53876f25c1cf928d5b6404c7098ae77b5c51d3e65d93a30268441704de663fe15008c3b8e7f0276

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
8KB

MD5
1db4e82d144e71ce0db54970a7f0f063

SHA1
e6e05bd88427e387473786774a4e7dc9934ea383

SHA256
fe2818a1cb9ac3210398a5d411e193c7ee41741af97c54a9bf2b57524f37ae3a

SHA512
a219d4cbd83f698b50bc65850b5f1c8c2d926ae6970c46b22f7946b8c88c9dd6338644847f5e0947653cddec9169a3d39ecef73ea87ad9b9523e6404b18481df

Download Submit
C:\Users\Admin\AppData\Local\Temp\fe18e516-f12f-4073-bf13-52a839118bfb\GunaDotNetRT.dll
Filesize
136KB

MD5
9af5eb006bb0bab7f226272d82c896c7

SHA1
c2a5bb42a5f08f4dc821be374b700652262308f0

SHA256
77dc05a6bda90757f66552ee3f469b09f1e00732b4edca0f542872fb591ed9db

SHA512
7badd41be4c1039302fda9bba19d374ec9446ce24b7db33b66bee4ef38180d1abcd666d2aea468e7e452aa1e1565eedfefed582bf1c2fe477a4171d99d48772a

Download Submit
C:\Users\Admin\Downloads\ExternalDownloads-main.zip.crdownload
Filesize
18.8MB

MD5
372b398d2dad5f416caeefcbf1202020

SHA1
7327a89e9bb5f644037f00d7ad40ae972a95ca51

SHA256
200fe089126f6065ae5059418c8832de95d36e5c23f78c478a3a639f34dd4ae1

SHA512
1bde2a26a5dfbd834a458cc7cb38246dc62b92273ed2803b5b2278d28d0eac297e3ac38be9445cda9e9aba5ef35edf87d042da8faac647fdf5ee7cf1ba1f54b7

Download Submit
\??\pipe\crashpad_4892_MBVNFEBMEACBNZUI
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1556-30826-0x0000000000D70000-0x0000000000D84000-memory.dmp

Filesize
80KB

Download
memory/1556-33234-0x0000000070BF0000-0x0000000070C27000-memory.dmp

Filesize
220KB

Download
memory/1556-4127-0x0000000070BF0000-0x0000000070C27000-memory.dmp

Filesize
220KB

Download
memory/1724-18801-0x0000000006070000-0x000000000610C000-memory.dmp

Filesize
624KB

Download
memory/1724-19408-0x0000000006260000-0x00000000063AE000-memory.dmp

Filesize
1.3MB

Download
memory/1724-17703-0x00000000059F0000-0x0000000005BCC000-memory.dmp

Filesize
1.9MB

Download
memory/1724-18594-0x0000000070BF0000-0x0000000070C27000-memory.dmp

Filesize
220KB

Download
memory/1724-19474-0x0000000005CD0000-0x0000000005CE4000-memory.dmp

Filesize
80KB

Download
memory/1724-27742-0x0000000070BF0000-0x0000000070C27000-memory.dmp

Filesize
220KB

Download
memory/1724-19788-0x0000000006180000-0x0000000006210000-memory.dmp

Filesize
576KB

Download
memory/3004-6-0x00000000747D0000-0x0000000074F80000-memory.dmp

Filesize
7.7MB

Download
memory/3004-3-0x0000000005FE0000-0x0000000006584000-memory.dmp

Filesize
5.6MB

Download
memory/3004-5-0x0000000005980000-0x000000000598A000-memory.dmp

Filesize
40KB

Download
memory/3004-2-0x00000000747D0000-0x0000000074F80000-memory.dmp

Filesize
7.7MB

Download
memory/3004-4-0x0000000005B10000-0x0000000005BA2000-memory.dmp

Filesize
584KB

Download
memory/3004-0-0x00000000747DE000-0x00000000747DF000-memory.dmp

Filesize
4KB

Download
memory/3004-1-0x0000000000D80000-0x0000000000EE6000-memory.dmp

Filesize
1.4MB

Download
memory/5992-485-0x0000000005470000-0x0000000005648000-memory.dmp

Filesize
1.8MB

Download
memory/5992-445-0x0000000005470000-0x0000000005648000-memory.dmp

Filesize
1.8MB

Download
memory/5992-471-0x0000000005470000-0x0000000005648000-memory.dmp

Filesize
1.8MB

Download
memory/5992-469-0x0000000005470000-0x0000000005648000-memory.dmp

Filesize
1.8MB

Download
memory/5992-467-0x0000000005470000-0x0000000005648000-memory.dmp

Filesize
1.8MB

Download
memory/5992-465-0x0000000005470000-0x0000000005648000-memory.dmp

Filesize
1.8MB

Download
memory/5992-463-0x0000000005470000-0x0000000005648000-memory.dmp

Filesize
1.8MB

Download
memory/5992-461-0x0000000005470000-0x0000000005648000-memory.dmp

Filesize
1.8MB

Download
memory/5992-459-0x0000000005470000-0x0000000005648000-memory.dmp

Filesize
1.8MB

Download
memory/5992-458-0x0000000005470000-0x0000000005648000-memory.dmp

Filesize
1.8MB

Download
memory/5992-455-0x0000000005470000-0x0000000005648000-memory.dmp

Filesize
1.8MB

Download
memory/5992-453-0x0000000005470000-0x0000000005648000-memory.dmp

Filesize
1.8MB

Download
memory/5992-451-0x0000000005470000-0x0000000005648000-memory.dmp

Filesize
1.8MB

Download
memory/5992-449-0x0000000005470000-0x0000000005648000-memory.dmp

Filesize
1.8MB

Download
memory/5992-447-0x0000000005470000-0x0000000005648000-memory.dmp

Filesize
1.8MB

Download
memory/5992-443-0x0000000005470000-0x0000000005648000-memory.dmp

Filesize
1.8MB

Download
memory/5992-441-0x0000000005470000-0x0000000005648000-memory.dmp

Filesize
1.8MB

Download
memory/5992-439-0x0000000005470000-0x0000000005648000-memory.dmp

Filesize
1.8MB

Download
memory/5992-437-0x0000000005470000-0x0000000005648000-memory.dmp

Filesize
1.8MB

Download
memory/5992-435-0x0000000005470000-0x0000000005648000-memory.dmp

Filesize
1.8MB

Download
memory/5992-434-0x0000000005470000-0x0000000005648000-memory.dmp

Filesize
1.8MB

Download
memory/5992-433-0x00000000731E0000-0x0000000073269000-memory.dmp

Filesize
548KB

Download
memory/5992-475-0x0000000005470000-0x0000000005648000-memory.dmp

Filesize
1.8MB

Download
memory/5992-473-0x0000000005470000-0x0000000005648000-memory.dmp

Filesize
1.8MB

Download
memory/5992-477-0x0000000005470000-0x0000000005648000-memory.dmp

Filesize
1.8MB

Download
memory/5992-422-0x0000000000330000-0x000000000063A000-memory.dmp

Filesize
3.0MB

Download
memory/5992-481-0x0000000005470000-0x0000000005648000-memory.dmp

Filesize
1.8MB

Download
memory/5992-423-0x0000000004FC0000-0x0000000004FD2000-memory.dmp

Filesize
72KB

Download
memory/5992-483-0x0000000005470000-0x0000000005648000-memory.dmp

Filesize
1.8MB

Download
memory/5992-487-0x0000000005470000-0x0000000005648000-memory.dmp

Filesize
1.8MB

Download
memory/5992-491-0x0000000005470000-0x0000000005648000-memory.dmp

Filesize
1.8MB

Download
memory/5992-493-0x0000000005470000-0x0000000005648000-memory.dmp

Filesize
1.8MB

Download
memory/5992-495-0x0000000005470000-0x0000000005648000-memory.dmp

Filesize
1.8MB

Download
memory/5992-490-0x0000000005470000-0x0000000005648000-memory.dmp

Filesize
1.8MB

Download
memory/5992-22393-0x0000000000B00000-0x0000000000B14000-memory.dmp

Filesize
80KB

Download
memory/5992-22612-0x0000000000CB0000-0x0000000000D40000-memory.dmp

Filesize
576KB

Download
memory/5992-22392-0x00000000061C0000-0x000000000630E000-memory.dmp

Filesize
1.3MB

Download
memory/5992-479-0x0000000005470000-0x0000000005648000-memory.dmp

Filesize
1.8MB

Download
memory/5992-29810-0x0000000070BF0000-0x0000000070C27000-memory.dmp

Filesize
220KB

Download
memory/5992-430-0x0000000070BF0000-0x0000000070C27000-memory.dmp

Filesize
220KB

Download
memory/5992-424-0x0000000005470000-0x000000000564C000-memory.dmp

Filesize
1.9MB

Download
memory/6664-9572-0x0000000070BF0000-0x0000000070C27000-memory.dmp

Filesize
220KB

Download
memory/6664-33236-0x00000000010E0000-0x0000000001170000-memory.dmp

Filesize
576KB

Download
memory/6664-33235-0x0000000000F20000-0x0000000000F34000-memory.dmp

Filesize
80KB

Download
memory/6664-6819-0x0000000000720000-0x0000000000A2A000-memory.dmp

Filesize
3.0MB

Download
memory/6664-33238-0x0000000070BF0000-0x0000000070C27000-memory.dmp

Filesize
220KB

Download