redline | hxxp://p1t[.]fun/?l=1031

max time kernel
600s
max time network
601s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
14/06/2024, 17:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://p1t.fun/?l=1031

Score

10^/10

redline 1467997772 discovery infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

1467997772

https://t.me/+7Lir0e4Gw381MDhi*https://steamcommunity.com/id/993846634744/

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 1 IoCs

resource	yara_rule
behavioral1/memory/6804-738-0x0000000000580000-0x00000000005A2000-memory.dmp	family_redline

Downloads MZ/PE file

Executes dropped EXE 3 IoCs

pid	Process
4720	7z2406-x64.exe
7556	7zG.exe
6332	Setup.exe

Loads dropped DLL 3 IoCs

pid	Process
3412	Process not Found
7556	7zG.exe
6332	Setup.exe

Registers COM server for autorun 1 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2406-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll"	7z2406-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2406-x64.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 6332 set thread context of 6804	6332	Setup.exe	148

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\7-Zip\Lang\ba.txt	7z2406-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\de.txt	7z2406-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fr.txt	7z2406-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku.txt	7z2406-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tr.txt	7z2406-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hr.txt	7z2406-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nb.txt	7z2406-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sl.txt	7z2406-x64.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	7z2406-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uz-cyrl.txt	7z2406-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip32.dll	7z2406-x64.exe
File opened for modification	C:\Program Files\7-Zip\7zCon.sfx	7z2406-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ca.txt	7z2406-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gu.txt	7z2406-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ja.txt	7z2406-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lv.txt	7z2406-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ro.txt	7z2406-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\yo.txt	7z2406-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\zh-cn.txt	7z2406-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\zh-tw.txt	7z2406-x64.exe
File opened for modification	C:\Program Files\7-Zip\descript.ion	7z2406-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\co.txt	7z2406-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fa.txt	7z2406-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ko.txt	7z2406-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pa-in.txt	7z2406-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\io.txt	7z2406-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nl.txt	7z2406-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ta.txt	7z2406-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\br.txt	7z2406-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\en.ttt	7z2406-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spl.txt	7z2406-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ug.txt	7z2406-x64.exe
File opened for modification	C:\Program Files\7-Zip\License.txt	7z2406-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nn.txt	7z2406-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.chm	7z2406-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\is.txt	7z2406-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\it.txt	7z2406-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lij.txt	7z2406-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mk.txt	7z2406-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uk.txt	7z2406-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ga.txt	7z2406-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hi.txt	7z2406-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hy.txt	7z2406-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pt.txt	7z2406-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\si.txt	7z2406-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\eu.txt	7z2406-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ms.txt	7z2406-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sq.txt	7z2406-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\af.txt	7z2406-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\an.txt	7z2406-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\vi.txt	7z2406-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\az.txt	7z2406-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\da.txt	7z2406-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kaa.txt	7z2406-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tt.txt	7z2406-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\he.txt	7z2406-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ps.txt	7z2406-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spc.txt	7z2406-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sw.txt	7z2406-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\et.txt	7z2406-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\be.txt	7z2406-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\bn.txt	7z2406-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lt.txt	7z2406-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sv.txt	7z2406-x64.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133628615257755164"	chrome.exe

Modifies registry class 20 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2406-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2406-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2406-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2406-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2406-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2406-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2406-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2406-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2406-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip	7z2406-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip	7z2406-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2406-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip	7z2406-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip	7z2406-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2406-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll"	7z2406-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2406-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll"	7z2406-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip	7z2406-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2406-x64.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1900	chrome.exe
1900	chrome.exe
6804	MSBuild.exe
6804	MSBuild.exe
6804	MSBuild.exe
6804	MSBuild.exe
6804	MSBuild.exe
6804	MSBuild.exe
6804	MSBuild.exe
6804	MSBuild.exe
6804	MSBuild.exe
6804	MSBuild.exe
6804	MSBuild.exe
6804	MSBuild.exe
6804	MSBuild.exe
6804	MSBuild.exe
6804	MSBuild.exe
7380	chrome.exe
7380	chrome.exe
6804	MSBuild.exe
6804	MSBuild.exe
6804	MSBuild.exe
6804	MSBuild.exe
6804	MSBuild.exe
6804	MSBuild.exe
6804	MSBuild.exe
6804	MSBuild.exe
6804	MSBuild.exe
6804	MSBuild.exe
6804	MSBuild.exe
6804	MSBuild.exe
6804	MSBuild.exe
6804	MSBuild.exe
6804	MSBuild.exe
6804	MSBuild.exe
6804	MSBuild.exe
6804	MSBuild.exe
6804	MSBuild.exe
6804	MSBuild.exe
6804	MSBuild.exe
6804	MSBuild.exe
6804	MSBuild.exe
6804	MSBuild.exe
6804	MSBuild.exe
6804	MSBuild.exe
6804	MSBuild.exe
6804	MSBuild.exe
6804	MSBuild.exe
6804	MSBuild.exe
6804	MSBuild.exe
6804	MSBuild.exe
6804	MSBuild.exe
6804	MSBuild.exe
6804	MSBuild.exe
6804	MSBuild.exe
6804	MSBuild.exe
6804	MSBuild.exe
6804	MSBuild.exe
6804	MSBuild.exe
6804	MSBuild.exe
6804	MSBuild.exe
6804	MSBuild.exe
6804	MSBuild.exe
6804	MSBuild.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 50 IoCs

pid	Process
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
7556	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4720	7z2406-x64.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1900 wrote to memory of 2640	1900	chrome.exe	74
PID 1900 wrote to memory of 2640	1900	chrome.exe	74
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 2880	1900	chrome.exe	76
PID 1900 wrote to memory of 4448	1900	chrome.exe	77
PID 1900 wrote to memory of 4448	1900	chrome.exe	77
PID 1900 wrote to memory of 1936	1900	chrome.exe	78
PID 1900 wrote to memory of 1936	1900	chrome.exe	78
PID 1900 wrote to memory of 1936	1900	chrome.exe	78
PID 1900 wrote to memory of 1936	1900	chrome.exe	78
PID 1900 wrote to memory of 1936	1900	chrome.exe	78
PID 1900 wrote to memory of 1936	1900	chrome.exe	78
PID 1900 wrote to memory of 1936	1900	chrome.exe	78
PID 1900 wrote to memory of 1936	1900	chrome.exe	78
PID 1900 wrote to memory of 1936	1900	chrome.exe	78
PID 1900 wrote to memory of 1936	1900	chrome.exe	78
PID 1900 wrote to memory of 1936	1900	chrome.exe	78
PID 1900 wrote to memory of 1936	1900	chrome.exe	78
PID 1900 wrote to memory of 1936	1900	chrome.exe	78
PID 1900 wrote to memory of 1936	1900	chrome.exe	78
PID 1900 wrote to memory of 1936	1900	chrome.exe	78
PID 1900 wrote to memory of 1936	1900	chrome.exe	78
PID 1900 wrote to memory of 1936	1900	chrome.exe	78
PID 1900 wrote to memory of 1936	1900	chrome.exe	78
PID 1900 wrote to memory of 1936	1900	chrome.exe	78
PID 1900 wrote to memory of 1936	1900	chrome.exe	78
PID 1900 wrote to memory of 1936	1900	chrome.exe	78
PID 1900 wrote to memory of 1936	1900	chrome.exe	78

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://p1t.fun/?l=1031
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc87b29758,0x7ffc87b29768,0x7ffc87b29778
  2⤵
  PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1524 --field-trial-handle=1776,i,3296857900106918990,2690410384703791279,131072 /prefetch:2
  2⤵
  PID:2880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1832 --field-trial-handle=1776,i,3296857900106918990,2690410384703791279,131072 /prefetch:8
  2⤵
  PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2076 --field-trial-handle=1776,i,3296857900106918990,2690410384703791279,131072 /prefetch:8
  2⤵
  PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2748 --field-trial-handle=1776,i,3296857900106918990,2690410384703791279,131072 /prefetch:1
  2⤵
  PID:3748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2764 --field-trial-handle=1776,i,3296857900106918990,2690410384703791279,131072 /prefetch:1
  2⤵
  PID:1960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3860 --field-trial-handle=1776,i,3296857900106918990,2690410384703791279,131072 /prefetch:1
  2⤵
  PID:628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3148 --field-trial-handle=1776,i,3296857900106918990,2690410384703791279,131072 /prefetch:8
  2⤵
  PID:396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3164 --field-trial-handle=1776,i,3296857900106918990,2690410384703791279,131072 /prefetch:8
  2⤵
  PID:996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=1512 --field-trial-handle=1776,i,3296857900106918990,2690410384703791279,131072 /prefetch:1
  2⤵
  PID:880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5028 --field-trial-handle=1776,i,3296857900106918990,2690410384703791279,131072 /prefetch:1
  2⤵
  PID:1356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4576 --field-trial-handle=1776,i,3296857900106918990,2690410384703791279,131072 /prefetch:1
  2⤵
  PID:2208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3456 --field-trial-handle=1776,i,3296857900106918990,2690410384703791279,131072 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3152 --field-trial-handle=1776,i,3296857900106918990,2690410384703791279,131072 /prefetch:1
  2⤵
  PID:2808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5692 --field-trial-handle=1776,i,3296857900106918990,2690410384703791279,131072 /prefetch:1
  2⤵
  PID:596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5816 --field-trial-handle=1776,i,3296857900106918990,2690410384703791279,131072 /prefetch:1
  2⤵
  PID:2000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6048 --field-trial-handle=1776,i,3296857900106918990,2690410384703791279,131072 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6368 --field-trial-handle=1776,i,3296857900106918990,2690410384703791279,131072 /prefetch:8
  2⤵
  PID:1416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6812 --field-trial-handle=1776,i,3296857900106918990,2690410384703791279,131072 /prefetch:1
  2⤵
  PID:996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6036 --field-trial-handle=1776,i,3296857900106918990,2690410384703791279,131072 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6244 --field-trial-handle=1776,i,3296857900106918990,2690410384703791279,131072 /prefetch:1
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=7120 --field-trial-handle=1776,i,3296857900106918990,2690410384703791279,131072 /prefetch:1
  2⤵
  PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=7140 --field-trial-handle=1776,i,3296857900106918990,2690410384703791279,131072 /prefetch:1
  2⤵
  PID:4256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=7224 --field-trial-handle=1776,i,3296857900106918990,2690410384703791279,131072 /prefetch:1
  2⤵
  PID:1120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=7248 --field-trial-handle=1776,i,3296857900106918990,2690410384703791279,131072 /prefetch:1
  2⤵
  PID:2400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=7264 --field-trial-handle=1776,i,3296857900106918990,2690410384703791279,131072 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=7272 --field-trial-handle=1776,i,3296857900106918990,2690410384703791279,131072 /prefetch:1
  2⤵
  PID:1632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=8100 --field-trial-handle=1776,i,3296857900106918990,2690410384703791279,131072 /prefetch:1
  2⤵
  PID:5544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=7996 --field-trial-handle=1776,i,3296857900106918990,2690410384703791279,131072 /prefetch:1
  2⤵
  PID:5556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=8536 --field-trial-handle=1776,i,3296857900106918990,2690410384703791279,131072 /prefetch:1
  2⤵
  PID:5816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=6032 --field-trial-handle=1776,i,3296857900106918990,2690410384703791279,131072 /prefetch:1
  2⤵
  PID:5824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=8940 --field-trial-handle=1776,i,3296857900106918990,2690410384703791279,131072 /prefetch:1
  2⤵
  PID:5976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=9104 --field-trial-handle=1776,i,3296857900106918990,2690410384703791279,131072 /prefetch:1
  2⤵
  PID:6028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=7916 --field-trial-handle=1776,i,3296857900106918990,2690410384703791279,131072 /prefetch:1
  2⤵
  PID:6136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=9468 --field-trial-handle=1776,i,3296857900106918990,2690410384703791279,131072 /prefetch:1
  2⤵
  PID:6160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=9568 --field-trial-handle=1776,i,3296857900106918990,2690410384703791279,131072 /prefetch:1
  2⤵
  PID:6168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=9584 --field-trial-handle=1776,i,3296857900106918990,2690410384703791279,131072 /prefetch:1
  2⤵
  PID:6176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=9396 --field-trial-handle=1776,i,3296857900106918990,2690410384703791279,131072 /prefetch:1
  2⤵
  PID:6184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=9404 --field-trial-handle=1776,i,3296857900106918990,2690410384703791279,131072 /prefetch:1
  2⤵
  PID:6192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=9752 --field-trial-handle=1776,i,3296857900106918990,2690410384703791279,131072 /prefetch:1
  2⤵
  PID:6200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=9240 --field-trial-handle=1776,i,3296857900106918990,2690410384703791279,131072 /prefetch:1
  2⤵
  PID:6208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=9772 --field-trial-handle=1776,i,3296857900106918990,2690410384703791279,131072 /prefetch:1
  2⤵
  PID:6216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=9788 --field-trial-handle=1776,i,3296857900106918990,2690410384703791279,131072 /prefetch:1
  2⤵
  PID:6224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=10040 --field-trial-handle=1776,i,3296857900106918990,2690410384703791279,131072 /prefetch:1
  2⤵
  PID:6232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=10200 --field-trial-handle=1776,i,3296857900106918990,2690410384703791279,131072 /prefetch:1
  2⤵
  PID:6240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=10216 --field-trial-handle=1776,i,3296857900106918990,2690410384703791279,131072 /prefetch:1
  2⤵
  PID:6248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=10244 --field-trial-handle=1776,i,3296857900106918990,2690410384703791279,131072 /prefetch:1
  2⤵
  PID:6256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=10260 --field-trial-handle=1776,i,3296857900106918990,2690410384703791279,131072 /prefetch:1
  2⤵
  PID:6268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=10276 --field-trial-handle=1776,i,3296857900106918990,2690410384703791279,131072 /prefetch:1
  2⤵
  PID:6276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=10292 --field-trial-handle=1776,i,3296857900106918990,2690410384703791279,131072 /prefetch:1
  2⤵
  PID:6284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=10308 --field-trial-handle=1776,i,3296857900106918990,2690410384703791279,131072 /prefetch:1
  2⤵
  PID:6292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=10324 --field-trial-handle=1776,i,3296857900106918990,2690410384703791279,131072 /prefetch:1
  2⤵
  PID:6300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=12084 --field-trial-handle=1776,i,3296857900106918990,2690410384703791279,131072 /prefetch:1
  2⤵
  PID:6492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=12484 --field-trial-handle=1776,i,3296857900106918990,2690410384703791279,131072 /prefetch:1
  2⤵
  PID:7192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=12104 --field-trial-handle=1776,i,3296857900106918990,2690410384703791279,131072 /prefetch:1
  2⤵
  PID:7200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=11096 --field-trial-handle=1776,i,3296857900106918990,2690410384703791279,131072 /prefetch:1
  2⤵
  PID:7668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=12848 --field-trial-handle=1776,i,3296857900106918990,2690410384703791279,131072 /prefetch:1
  2⤵
  PID:7676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5072 --field-trial-handle=1776,i,3296857900106918990,2690410384703791279,131072 /prefetch:8
  2⤵
  PID:2288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5264 --field-trial-handle=1776,i,3296857900106918990,2690410384703791279,131072 /prefetch:8
  2⤵
  PID:4204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4628 --field-trial-handle=1776,i,3296857900106918990,2690410384703791279,131072 /prefetch:8
  2⤵
  PID:8088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5260 --field-trial-handle=1776,i,3296857900106918990,2690410384703791279,131072 /prefetch:8
  2⤵
  PID:8156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7116 --field-trial-handle=1776,i,3296857900106918990,2690410384703791279,131072 /prefetch:8
  2⤵
  PID:1952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9284 --field-trial-handle=1776,i,3296857900106918990,2690410384703791279,131072 /prefetch:8
  2⤵
  PID:424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 --field-trial-handle=1776,i,3296857900106918990,2690410384703791279,131072 /prefetch:8
  2⤵
  PID:404
- C:\Users\Admin\Downloads\7z2406-x64.exe
  "C:\Users\Admin\Downloads\7z2406-x64.exe"
  2⤵
  - Executes dropped EXE
  - Registers COM server for autorun
  - Drops file in Program Files directory
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:4720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4568 --field-trial-handle=1776,i,3296857900106918990,2690410384703791279,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:7380

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4020

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6616

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Bandicam\" -spe -an -ai#7zMap8816:78:7zEvent10701
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
PID:7556

C:\Users\Admin\Downloads\Bandicam\Setup.exe
"C:\Users\Admin\Downloads\Bandicam\Setup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
PID:6332
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
c64929d71f8769929406b672778db163

SHA1
9dcbf05f8029ec6263ec43b6958a54626adb62d1

SHA256
b8d3e55babd999d4d2ada4cdae8d09b2b34321266395960c07ec811d08b91a0a

SHA512
9ce6eaea812713c9dc9de55875f5899b21b34e2fd09666590f0a4b3a4c6b3dcce382c5c1e73e01f4066c4b99024cda816ddb324701deabf2756c76e6f5977332

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
19KB

MD5
bb30ea3b46964f49ba85f475efd1fb6f

SHA1
1bb4aae7781af8b933e1dd4dee56879a3ef92d38

SHA256
7a5bfdc2463dfde6b169ca4555ce9f5a0fb21c15c3ac807967590df27dd800e6

SHA512
bc52e8de4712d416aebf1d403d6ee8dcb6386a93dfc6727613af487f73de69db90913a9e9781660d8dec121d720ceec9c84b260c76f0f6f565ae80967eee7474

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
acf7da2928280b4f5bb1fd03dd2c6bae

SHA1
e8b273ea0b51c0419e3b79a5510d4dac1b331fbd

SHA256
5fc15031556cea0330657f3a2992df19041a41481bde2a6b318d8d05c26d6008

SHA512
8ca414a273eb4bd8860c16c4a4879131419804229af24434a6d2676d8f92e0c2e556c154adddf8192d2982e7df6e5dc71fdb3bf50c8c035ef6932053ee54426b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
2e0fb45af7a850fd4262cf4514fcd202

SHA1
54e07913e813ae5c76319b3f08694b27fc3d5e6c

SHA256
c67ea0127aae6de86f64beed5c6ad6ebfa797896ca39e33190e9bcca3a91411d

SHA512
540a6e0981bd29e1e964b24c64637768c179eafcc9ab3e7140a32df7a4891c7f5120dc9fdba4dcdfd963798a67e00de41cc23f616972b24c09de8d80974539b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
17KB

MD5
8534ecffc3b66fd354f4292cc0a9a3dd

SHA1
3bc0fd14b7824afada8acd31aee8675124c15575

SHA256
4e104ab3f33d8f5d9af771f16c4001c3c68b2c20bc6dd45f7c2af537415e2b20

SHA512
22f8d9990740c0128cf8d3ec8d4c5d2e54ce48ac1557a61aff65823a5bdbf3d4fc46513f73c365e787604d55c0e369a5eebd4af634c97c0bc8347075036863cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
cad196e42481b006a1850d2a5becad9f

SHA1
5ec61a3a0f17b3d19a13356a0e0d92d9dea9a930

SHA256
aff70645787caac3b1a4a26707df5de2f43300800509b730828de21d96bca4fa

SHA512
5e2abc0db3de8ea7a57abe84405a7db2e76f728b12abda64ddef7c0246ad8fe625ea4f1d9b77c6a1a2adfefb4986723f4d09519952da30b0e88daab662c37480

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
17KB

MD5
77cbce4a0732885266d38cee6b485d4e

SHA1
ddf0bb7259b55b0d51636744c561eb74e9443591

SHA256
166cc7f13ae4638d2532458af5cfadc1b663ef9108c01f567fddc3f4ce9587b1

SHA512
5eaf394381cb75b0452a64a442c7d84a93b64b4d0393387b233b048501b540d3dc8968dfee79577eaf8459ebe2835745a85ecd8aff63a9fc31891d071583f36a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
d1882ae2c3c2928fa30373f0e99faa3a

SHA1
10c3a1a9359464b51d83a040e645b05d342977c5

SHA256
5a6564952b8e85900c45ed5dda7ffbe4fd42476cffb668db53e81fb976d9e6f7

SHA512
bbc6034c12b4841b7bd73ddab18d018d39bb35ccc660291bf715aa29a93478fdc5390f813790dc71e20394275fc710bd8cf9576d74abf5ea68c3be26a72076b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
508d302839e302d40a946aa533405507

SHA1
9e1a470a281c40c73d46114bd288830a53f93cfc

SHA256
b6fcf189462085cfda798d4a6d1409d58328e13186b99dc386a250b09a11732b

SHA512
67ac2ab29d3ad1321645ce375e67c40cb84e048517cca4dbf8cd87ce7ca28e5c85ec4232f76749d6ef2113f0541c544bbbbee0069e673d3163b0bb43be414e5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
ff3d464ee39ac3851cfc114997789f46

SHA1
cbbbf1c39c4e15b625bb441c96d63bb89ce684ca

SHA256
bfe120daea9a927b4ffd927cbdc0cd7f33300a65b4bb3259038ca1a073ac8c2d

SHA512
5b1fd4daa5ae3155d49f473f23ede998a362c49b9016d1744effe0bfd3427628ab06bc9ea06f855c850898cc5fd6eb97a65350019e4e0efadefdf927249dcae0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
64528e3cbf9e5a79003432dc2c0c7bb4

SHA1
c9419de54c991e2c0b33239c7727acf94b74880e

SHA256
0c345d117f0a98ca1470df20d7f24abadfca9315dffcb8a112049689528b711a

SHA512
4d8b06cd88ac2fdb2f7f91d05d62c77327b68a7df805568cf5b8b3dea27d210d082f665f83d631d53ce5d3391dad7704807a48c72e1114a6a3ed5c48eab9eaa9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
95d14b5b26e9e373b2fc78280ef977db

SHA1
93a07a4559066fed613fa80b8283fa1d126ab69a

SHA256
31066dc0e7ec3520da95d880557b2b25d743fc969be4f172d23a9755b08c252d

SHA512
faa3d3eb2bc9c03d4610495c15a234800f4dca04cc5419df976fd2170d11b15c1dbdb36ca124e335363d7c693f139994b9df5aa69a9a10949628053f58da363b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f060aec2f8c497388d2275f067c019ee

SHA1
72a046b0d657f8816f623770f8e52123cf1a84e5

SHA256
7084b949ca92d8f870ffcfbc60ff19d7bfbd44306c0be5e843f6609307974a94

SHA512
8c6b11b175683ae33824ef78a96bee35ca6ab048498761b7c2c37bf38f471fc6f2029de9fe8bff7ba6efe026fdf91807863d1c8144fee78a7579f7dc6155a385

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
581881ee62f8b19aaa3ce87509b9c1fc

SHA1
4bd742335fb37581507045068463a3a3500cdecf

SHA256
22bd7a08d0c25bb0af9b8437c6f43e0a371024889c25f07d025830290049cda0

SHA512
fe02c6a4335435d71a2bc9a3514ba75a196d8e9e54c48be93d79354b97f8eff137e8142590026486def566b32669a6070c0f36486f6c5994f9061e871883d594

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
5b70c9023c127f261dd41bca6a3e5979

SHA1
90a6349e6a5d9c430eba504ccd3220350e75ad05

SHA256
86104a7b4eda9fc36754d7f1fe4e1192d2eb660301a349edae3c73173edde1d3

SHA512
ee8ade1ad7a20931dbcd197f766942e71540fd7e615d0d6891e9b1d0fb3401da034d9bfc7272be68fedc6a7cbbd73cae6c2c1d9eb84a6f927c031486e21013b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
c25aa41c1d43a7698aff7acf49e78c47

SHA1
6653e315b1e98f624e5f852748e727221061fddf

SHA256
76778a9e65af7e9e7a713ee8f1b9698419176c2f4a8e77d094999d04384d730c

SHA512
8c9319768b6561f6ca40cd5ffb9271bd580b9e66c512c76861d5a3465663818a03d514c465706bd2a4362990cca6fa8428520e85ee62fdcaf109ffc0f7e60ec5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
694e9347e3328ddc0f8e619e8d1a3ae0

SHA1
0cca5a4ffba7899e75a00b3b8a06aefa3ec828a3

SHA256
def8794157f72e119f0d8db8dda5426e39d2e9bc16cda393be7f6c61991c49a2

SHA512
79d4850387dc616e3f539108caad5918ccc58c5516b13d6556328e2d6589df6bacb541883e23468fa92329106369befcff8a7ac41bfb9e8e0e206cffee9473d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
107KB

MD5
9cd6231b9e3ab3dcdb80b762aa544873

SHA1
b622ec6b78859fb4093e367c3f260563a59623d0

SHA256
4a93d7add986b3203fdeb1b3540f722909054992cd8ab12f17c8dc11d2625ebc

SHA512
47d7bff4225fdbcd32e3b91fc3e691240d791a9f082f35b6bcf36046c972e0f1c4cbc07de1de7c9e13d83f810835d4f988c83fe7e95e9f366c17b261380156c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
114KB

MD5
f50dfa6ed7930d406f59ec801b993a85

SHA1
981f904238c779080860e5270dbddaa79fed7cdd

SHA256
7585ba6db1f1a78428f91ab0748b549016f707638d5a1bae0349d803b69c71b2

SHA512
5752b91f323733f858aa3dd0029422d12dda94567888c98a9ab65d80f32dbb5f982e8fb2d3a8e07ff2ca362915582257b3c6fbe4d477534ff556bd4dba6b3687

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58a860.TMP

Filesize
100KB

MD5
b80758f182b63b28f90b52492ed8c21d

SHA1
6f7a22daf40631e9b6b4fd30d9a8f4dbe0274544

SHA256
c7e1e2c740ca184dd0ce9cb16790e1e68f94fe0c305ab8ffe99eb71ed2b2a4a6

SHA512
db2a53b0a9c02f2735aff97676269bd41a0b03e62ab8f6790b806eb25cf81057bfd1a575b6991da23ea813f544bdeb7a5cc307f95b406f1ce56bc64b74cf8049

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 224837.crdownload

Filesize
1.5MB

MD5
d8af785ca5752bae36e8af5a2f912d81

SHA1
54da15671ad8a765f3213912cba8ebd8dac1f254

SHA256
6220bbe6c26d87fc343e0ffa4e20ccfafeca7dab2742e41963c40b56fb884807

SHA512
b635b449f49aac29234f677e662be35f72a059401ea0786d956485d07134f9dd10ed284338503f08ff7aad16833cf034eb955ca34e1faf35a8177ccad1f20c75

Download Submit
\Program Files\7-Zip\7-zip.dll

Filesize
99KB

MD5
7ec019d8445f4dcdb91a380c9d592957

SHA1
15fd8375e2e282a90d3df14041272e5ac29e7c93

SHA256
1cc179f097ee439bb35a582059cbc727d9cea0d5c43dfaa57f9f03050cfaea03

SHA512
d71a79091fcc6a96c24d95662a18cc24145b9531145ef0bcb4e882c12f5bb5ca6c7a9b9e50024c9c0bf4cb6bf40dca7627cecbfddd637142d04a194e1956ae9b

Download Submit
memory/6332-731-0x0000000000EF0000-0x0000000000FB4000-memory.dmp

Filesize
784KB

Download
memory/6332-732-0x0000000003110000-0x0000000003116000-memory.dmp

Filesize
24KB

Download
memory/6804-741-0x00000000054F0000-0x0000000005AF6000-memory.dmp

Filesize
6.0MB

Download
memory/6804-742-0x0000000004F50000-0x0000000004F62000-memory.dmp

Filesize
72KB

Download
memory/6804-743-0x0000000005080000-0x000000000518A000-memory.dmp

Filesize
1.0MB

Download
memory/6804-744-0x0000000005D00000-0x0000000005D3E000-memory.dmp

Filesize
248KB

Download
memory/6804-745-0x0000000005D40000-0x0000000005D8B000-memory.dmp

Filesize
300KB

Download
memory/6804-740-0x00000000049F0000-0x0000000004A56000-memory.dmp

Filesize
408KB

Download
memory/6804-738-0x0000000000580000-0x00000000005A2000-memory.dmp

Filesize
136KB

Download