f318613552f2e4986c316edc4877701d557a6a0ada0ddf4ebb86f08e518d9dba

Analysis

max time kernel
188s
max time network
198s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
05/07/2024, 11:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

vsgarcello.exe
Size

14.2MB
MD5

87e3f4d5dc47f1abebac00fa5cf5d7ce
SHA1

38c0180676c94748d468e32f280da00c40248cc2
SHA256

f318613552f2e4986c316edc4877701d557a6a0ada0ddf4ebb86f08e518d9dba
SHA512

7a0c63bb2b5285f2aa055c8d682742762c6aba1dd00b2cb18ce15104e90d3820e964aee3253fe09d44f1857dff04036af33066e3ce7e28dc4cef0b5c39f01aac
SSDEEP

98304:2YBcA3gCWfQb/lXwNCB5ji/Plm3CIMEfo4TeFirfgGx:ZBcA3gCW4RXw0B5ji/PltIMNFG

Score

3^/10

persistence privilege_escalation

Malware Config

Signatures

Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133646529306806113"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
4376	WINWORD.EXE
4376	WINWORD.EXE

Suspicious behavior: EnumeratesProcesses 9 IoCs

pid	Process
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
460	sdiagnhost.exe
460	sdiagnhost.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3056	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
4376	WINWORD.EXE
4376	WINWORD.EXE
4376	WINWORD.EXE
4376	WINWORD.EXE
4376	WINWORD.EXE
4376	WINWORD.EXE
4376	WINWORD.EXE
3880	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3056 wrote to memory of 992	3056	chrome.exe	86
PID 3056 wrote to memory of 992	3056	chrome.exe	86
PID 3056 wrote to memory of 2300	3056	chrome.exe	87
PID 3056 wrote to memory of 2300	3056	chrome.exe	87
PID 3056 wrote to memory of 2300	3056	chrome.exe	87
PID 3056 wrote to memory of 2300	3056	chrome.exe	87
PID 3056 wrote to memory of 2300	3056	chrome.exe	87
PID 3056 wrote to memory of 2300	3056	chrome.exe	87
PID 3056 wrote to memory of 2300	3056	chrome.exe	87
PID 3056 wrote to memory of 2300	3056	chrome.exe	87
PID 3056 wrote to memory of 2300	3056	chrome.exe	87
PID 3056 wrote to memory of 2300	3056	chrome.exe	87
PID 3056 wrote to memory of 2300	3056	chrome.exe	87
PID 3056 wrote to memory of 2300	3056	chrome.exe	87
PID 3056 wrote to memory of 2300	3056	chrome.exe	87
PID 3056 wrote to memory of 2300	3056	chrome.exe	87
PID 3056 wrote to memory of 2300	3056	chrome.exe	87
PID 3056 wrote to memory of 2300	3056	chrome.exe	87
PID 3056 wrote to memory of 2300	3056	chrome.exe	87
PID 3056 wrote to memory of 2300	3056	chrome.exe	87
PID 3056 wrote to memory of 2300	3056	chrome.exe	87
PID 3056 wrote to memory of 2300	3056	chrome.exe	87
PID 3056 wrote to memory of 2300	3056	chrome.exe	87
PID 3056 wrote to memory of 2300	3056	chrome.exe	87
PID 3056 wrote to memory of 2300	3056	chrome.exe	87
PID 3056 wrote to memory of 2300	3056	chrome.exe	87
PID 3056 wrote to memory of 2300	3056	chrome.exe	87
PID 3056 wrote to memory of 2300	3056	chrome.exe	87
PID 3056 wrote to memory of 2300	3056	chrome.exe	87
PID 3056 wrote to memory of 2300	3056	chrome.exe	87
PID 3056 wrote to memory of 2300	3056	chrome.exe	87
PID 3056 wrote to memory of 2300	3056	chrome.exe	87
PID 3056 wrote to memory of 2300	3056	chrome.exe	87
PID 3056 wrote to memory of 2392	3056	chrome.exe	88
PID 3056 wrote to memory of 2392	3056	chrome.exe	88
PID 3056 wrote to memory of 3600	3056	chrome.exe	89
PID 3056 wrote to memory of 3600	3056	chrome.exe	89
PID 3056 wrote to memory of 3600	3056	chrome.exe	89
PID 3056 wrote to memory of 3600	3056	chrome.exe	89
PID 3056 wrote to memory of 3600	3056	chrome.exe	89
PID 3056 wrote to memory of 3600	3056	chrome.exe	89
PID 3056 wrote to memory of 3600	3056	chrome.exe	89
PID 3056 wrote to memory of 3600	3056	chrome.exe	89
PID 3056 wrote to memory of 3600	3056	chrome.exe	89
PID 3056 wrote to memory of 3600	3056	chrome.exe	89
PID 3056 wrote to memory of 3600	3056	chrome.exe	89
PID 3056 wrote to memory of 3600	3056	chrome.exe	89
PID 3056 wrote to memory of 3600	3056	chrome.exe	89
PID 3056 wrote to memory of 3600	3056	chrome.exe	89
PID 3056 wrote to memory of 3600	3056	chrome.exe	89
PID 3056 wrote to memory of 3600	3056	chrome.exe	89
PID 3056 wrote to memory of 3600	3056	chrome.exe	89
PID 3056 wrote to memory of 3600	3056	chrome.exe	89
PID 3056 wrote to memory of 3600	3056	chrome.exe	89
PID 3056 wrote to memory of 3600	3056	chrome.exe	89
PID 3056 wrote to memory of 3600	3056	chrome.exe	89
PID 3056 wrote to memory of 3600	3056	chrome.exe	89
PID 3056 wrote to memory of 3600	3056	chrome.exe	89
PID 3056 wrote to memory of 3600	3056	chrome.exe	89
PID 3056 wrote to memory of 3600	3056	chrome.exe	89
PID 3056 wrote to memory of 3600	3056	chrome.exe	89
PID 3056 wrote to memory of 3600	3056	chrome.exe	89
PID 3056 wrote to memory of 3600	3056	chrome.exe	89
PID 3056 wrote to memory of 3600	3056	chrome.exe	89

C:\Users\Admin\AppData\Local\Temp\vsgarcello.exe
"C:\Users\Admin\AppData\Local\Temp\vsgarcello.exe"
1⤵
PID:2744

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1604

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Documents\These.docx" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc0f3cab58,0x7ffc0f3cab68,0x7ffc0f3cab78
  2⤵
  PID:992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1552 --field-trial-handle=1888,i,1494826824069540029,14922436806928585179,131072 /prefetch:2
  2⤵
  PID:2300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1824 --field-trial-handle=1888,i,1494826824069540029,14922436806928585179,131072 /prefetch:8
  2⤵
  PID:2392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2244 --field-trial-handle=1888,i,1494826824069540029,14922436806928585179,131072 /prefetch:8
  2⤵
  PID:3600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3076 --field-trial-handle=1888,i,1494826824069540029,14922436806928585179,131072 /prefetch:1
  2⤵
  PID:1044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3204 --field-trial-handle=1888,i,1494826824069540029,14922436806928585179,131072 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4164 --field-trial-handle=1888,i,1494826824069540029,14922436806928585179,131072 /prefetch:1
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4528 --field-trial-handle=1888,i,1494826824069540029,14922436806928585179,131072 /prefetch:8
  2⤵
  PID:4112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4684 --field-trial-handle=1888,i,1494826824069540029,14922436806928585179,131072 /prefetch:8
  2⤵
  PID:4180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4720 --field-trial-handle=1888,i,1494826824069540029,14922436806928585179,131072 /prefetch:1
  2⤵
  PID:976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4344 --field-trial-handle=1888,i,1494826824069540029,14922436806928585179,131072 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3332 --field-trial-handle=1888,i,1494826824069540029,14922436806928585179,131072 /prefetch:1
  2⤵
  PID:2004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4308 --field-trial-handle=1888,i,1494826824069540029,14922436806928585179,131072 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4676 --field-trial-handle=1888,i,1494826824069540029,14922436806928585179,131072 /prefetch:1
  2⤵
  PID:1916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4884 --field-trial-handle=1888,i,1494826824069540029,14922436806928585179,131072 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3332 --field-trial-handle=1888,i,1494826824069540029,14922436806928585179,131072 /prefetch:8
  2⤵
  PID:3216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4300 --field-trial-handle=1888,i,1494826824069540029,14922436806928585179,131072 /prefetch:8
  2⤵
  PID:3856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3440 --field-trial-handle=1888,i,1494826824069540029,14922436806928585179,131072 /prefetch:8
  2⤵
  PID:2004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2188 --field-trial-handle=1888,i,1494826824069540029,14922436806928585179,131072 /prefetch:1
  2⤵
  PID:1096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2896 --field-trial-handle=1888,i,1494826824069540029,14922436806928585179,131072 /prefetch:8
  2⤵
  PID:484
- C:\Windows\system32\msdt.exe
  -modal "131726" -skip TRUE -path "C:\Windows\diagnostics\system\networking" -af "C:\Users\Admin\AppData\Local\Temp\NDF4963.tmp" -ep "NetworkDiagnosticsWeb"
  2⤵
  PID:4392

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2080

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:2132

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3880

C:\Windows\System32\sdiagnhost.exe
C:\Windows\System32\sdiagnhost.exe -Embedding
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:460
- C:\Windows\system32\netsh.exe
  "C:\Windows\system32\netsh.exe" trace diagnose Scenario=NetworkSnapshot Mode=NetTroubleshooter
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:3496

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc0f3cab58,0x7ffc0f3cab68,0x7ffc0f3cab78
  2⤵
  PID:748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1604 --field-trial-handle=1840,i,5910846270662325339,3550930991410363807,131072 /prefetch:2
  2⤵
  PID:2552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=1840,i,5910846270662325339,3550930991410363807,131072 /prefetch:8
  2⤵
  PID:776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2224 --field-trial-handle=1840,i,5910846270662325339,3550930991410363807,131072 /prefetch:8
  2⤵
  PID:3748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3040 --field-trial-handle=1840,i,5910846270662325339,3550930991410363807,131072 /prefetch:1
  2⤵
  PID:2072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3064 --field-trial-handle=1840,i,5910846270662325339,3550930991410363807,131072 /prefetch:1
  2⤵
  PID:2444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3992 --field-trial-handle=1840,i,5910846270662325339,3550930991410363807,131072 /prefetch:1
  2⤵
  PID:4088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4656 --field-trial-handle=1840,i,5910846270662325339,3550930991410363807,131072 /prefetch:8
  2⤵
  PID:1340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4724 --field-trial-handle=1840,i,5910846270662325339,3550930991410363807,131072 /prefetch:8
  2⤵
  PID:996

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024070511.000\NetworkDiagnostics.debugreport.xml

Filesize
68KB

MD5
3c04c54f68bb66cff468d8fcb3668de5

SHA1
2fe417bf3c9f1b4fea61de781daeeef6235ee766

SHA256
e750b45f6463f1054344b8f45889ecf8d5e90a68d3e05a5e7315d5d2d3f13452

SHA512
d24914c6ed5f4069a77d03ebea91b16e88855233630f8f215e161ba499292f6132f4a7758b0f2b11765c3f2a9ae67f090dcbb4dcf6199bc63b0d58c251a2d55f

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024070511.000\results.xsl

Filesize
47KB

MD5
90df783c6d95859f3a420cb6af1bafe1

SHA1
3fe1e63ca5efc0822fc3a4ae862557238aa22f78

SHA256
06db605b5969c93747313e6409ea84bdd8b7e1731b7e6e3656329d77bcf51093

SHA512
e5dcbb7d8f42eabf42966fccee11c3d3e3f965ecc7a4d9e4ecd0382a31c4e8afea931564b1c6931f6d7e6b3650dc01a4a1971e317dab6c1f03932c6b6b7d399f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma

Filesize
1024KB

MD5
d9a49a7d6d5ca840cf0f0e937007e278

SHA1
90197e483cc1bf8970cb6012997b1968f43d8e78

SHA256
183acf4a52e283da352ac2e3d51d43dbdd1534325f4585b6763a4ef38151b876

SHA512
142acbf150500db5f703b3e56c42895cb4374927f6e26adb02f090cf18e9797b8f4e34b7e621de6daf03093cc0a7df73cb4328525ac7a1a4f36e2b61dfde0642

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
00f5c4a9a141cc379bc9a130bebdc3a8

SHA1
0effb629afca971619e6dd31c10e6c33f4fc39cb

SHA256
9bb958b97dafec04a3d58740e47a6cb7749791128234a3cb758d08ed3a557572

SHA512
c8c4e44a5db48076f1bc51dd9aa4b7ab0cb26b9f58d26c8b9aa91afccd7ca76f4863f7416a9b85eb2ca6508ec5240f38a9a2f940907a359ed8b0957632568135

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
a580b8ae405992706434a226674faf81

SHA1
2e40564aa68b5c1544a1357df911d154cc4b61d2

SHA256
0f8bc525b5ed7516566ee809ecc824a8dbb803778b6cc85534d6d9ca77927670

SHA512
c9f1d973da0da5c6ddc1c828a68e8daa0181efc2108db191e78a838df95eab0480feaf839a2775936b2e1c2908c127c12a570894094696d41f3b325ea2279473

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
c6e18837054a115358a0eac09b58da84

SHA1
18863aa1aa175ae2ccbafa1a198ae1fdfa71a975

SHA256
6788b7df04c116015473988796343f09eb8db9e4196a70fe2ac7901ed3fa9354

SHA512
19628df248f7cbb6f008d0a24d46fcb0682248a9274993badd32de4aa51753af6f98626aa4ad2c65e8734b21cfd4d43135835c5273a239c5f9413411db731eb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
3ffaf6e7eb2e6a3607378aec214452fb

SHA1
fa62edfa4d516d2a5f9c9b27b52e53b4717f0451

SHA256
870c8fafdc7bf03e117f95ee4b803710f790b4c137069da3f2d1834f056aa83b

SHA512
ab9e3b13e0229f3582dc6e2a69a7408a02031d4855ba9b8709397079a506728a5bd22ec718517744365367fd2e9b1835ecc1ca947272b1e14eed96b2d16ecc58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
317B

MD5
dba3de9fcb13e8acf85a86daedab6473

SHA1
49bbbfa1743e2aa866efd56f7db8315dd0fd48d5

SHA256
2b2aa586430cf84517ceba9ce7160450fe105639b914f4ec705056e9622b2442

SHA512
f128950fd5e77d3c37fc81897052444e444fcad6f86465c15ec495df400ef9f867f812860e2361a21a4f43c4f754061199f8e2f1d41097270d7b32ff55756e03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
152KB

MD5
84d3205fbb8fc3e7b5bcd948ed3557b7

SHA1
48e00ac1619fb9195a774f02c184fb7bf30a7b8c

SHA256
b9192548c5913dde1db76d6ed1f02d35bfc403a85f5d7d6dc50c316a38f58dd1

SHA512
a893529b88e07e4c3b7bbe36cb278de943a60c4e211f843a10179db554d945205d5e8975a6563494a968f9fb20a58cd7448885a2da863b010d858cb9a5a98cb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
f7e09e384074c5a00564d2317f772cf4

SHA1
270750c121ebb6dadbd28c3c6d6418187008f0e2

SHA256
6ee48f1faa20177595532763f079fd0befda8578af05a14a9d8295a1b908d72e

SHA512
101920d047f0da03c34f23bc2b0ace901b31b469ff4269e7a40bae0ddc60e35eb0ee6a57e11180ba7981ebee0276a81ead0459e4584d465f8208457f688b6bee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
810B

MD5
ad48ad32b192ef0a7632b7eb44100f08

SHA1
554b6f1d8da3c4bc6a0434c1090d2724e8098f22

SHA256
52d427d1418d9f1f57b4ee1e09d8acd73af65ace30665ddf48ae1f6ecaff0108

SHA512
9534564396b21989405c67d14ef2419d48c04a180b725dfdd44d62eb0c9b09b97ccbc896bf6cefa19e0b2606e8e428bc7071c8b6f4fde8096072afdbd4576c0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
77acd0b93d60d617f9cbbd559e7f3fb8

SHA1
bc57070f66dc25c14754643f5db9ea93a982451e

SHA256
a431b945ca0a1acfe8938f23fd5549b6f91f9816eb64a2d1a8da3ee96ff04504

SHA512
c05b185ba4a81ae29f570596f4a9c485a339dc244de7ad73a64fc08e3129946fd83ffe2e15644ff4a5a5dc4d48dcc7aecc967f88f039ccbc6f402437b5069e50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
42ccb7bae64114b82db35a0676945508

SHA1
839d5a315da6484909acfe7366f49b7b9e082301

SHA256
441d125796ec745812ab299614cb01175c6071335cb0fe17e1e11e76c7284b3e

SHA512
9e8eede2b3459c2c87739df2e469c1d8b75498784f52c1bbb292ade036e57b45de4f558feecd837531c14be02c0c8e00604caca6e06e13e3d364462262166753

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c8ce2156762704ad55e03cdd13e63808

SHA1
c66fb4b34f67e2659dc7ebcd1b6792d60626ebbb

SHA256
28c13fdf4b1d1446d646acc7e5011c965b034a8b48836aa7fecdc1866db734b0

SHA512
316c6237805bb130c2f474ea9b7bb572b2ab85553026a81c1f9e51d147435628fc60209443b9040343356ab586fbf774bea6ade048666d382ab8b30753c41872

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
931d8c6f985e578654677e67c51fb717

SHA1
cafb3bfb675366fc93833e9bf6ef1f59df6d21bc

SHA256
faa8b10ddd52d16f230c150b8706a9182bf77add54d2ddb7f6f7b50433e558a5

SHA512
ece8dd05d7d7161e9002628e678b2e556947363e66a7206940ee0fec8a44509c5239c8f9cfdb84d59f8bcc9af05ad7e2f98f1493a28dbc2e7a934719d63db715

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b70c5963bbf1d6b1d7a1373523ad2a2a

SHA1
7cd07a1d2c5a5eba89b740f7ccc31e03a2787636

SHA256
88b3bcc2a74ebe19cc0a646cd912b314ec358db5f93d8669efcf17c1de6fd503

SHA512
70aec2ce59658083d239542d4575b3cb4f27f2ea734d0c2a914757394f95664e857458a82c396470a25d23b659af7cc4cc34c91efc161971aad1870203242bce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

Filesize
232B

MD5
8a30a1fdd0459d9ea8b1e78a8e636856

SHA1
9d7225e97f9cfcfb225cfbfd0b0bba21d4efdd20

SHA256
88fe1d31608930f2738d102d45c75dc77acdf01a1b69bfb7e7c0281575b75e33

SHA512
b529bce870cd8165bf82f3ebf94f07552467bd0993b9d35145182e54e26fb2ae8e7bb167d88267b632757e2146f27dfddf8867db0c66e5dcc306db12ec6b7bef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
320B

MD5
b8b462cc7203886fcd5ee1e30164606b

SHA1
d60e3737750f699e3d5246d1bc3e9a2b4a7294a5

SHA256
760b2feb730bd42a5d77764e65a7c1d91d7b3c6dbee7fe3d0c0fb4bce4166173

SHA512
f2218228ee744d04f0973a7838df8bea6debf950c7ee05d429bda30f5d94db4e9de659f9353ea7e7dd956d56925ed5ddf73a5996c3eaf39907757e5f0131f03a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13364652929896750

Filesize
11KB

MD5
6a9172ccf2d6837b66fff41e5ec9e769

SHA1
38a2e7cf02609eb05a3a0704479810391b13da36

SHA256
99e05a0dd826d30ebd7704b57b493dd71162e6480627ffdf1c67576deb04b2a0

SHA512
807b9771e0b8e052a2716fb3e1e35d832e073618588059cc37628dccea84c20d648128d772c163b0cfeec99e0bbf6ce5647de58a3e3fd67bc21f0271a4e5ea18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13364653032010534

Filesize
2KB

MD5
ed222fec9f0b63a23981cb92e3cc13a3

SHA1
534237823de012ff20fdf99ad06b6f2a778d2ae6

SHA256
a926d7f47a97ed5f53dd5775d38b8fc848dcb46489a9329b38c32ec27f5e1f90

SHA512
4ae812eb49465aab70574b69976449b8a85d576d4f3443b4b61edf78f764c18b1197e47c2ed27dd8b5e204fd8715ca3fc8e78ebb2ce79a1317a1e50891cdc823

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
bd703da143f643834c15ef9264c4da1d

SHA1
2f37592884e972b1c078d4b980c9c142f5da05a0

SHA256
a3a2e1feb72a48385d80fbbbb67f8cdd74a3b194333c31b2ac04bd2948c5a1d1

SHA512
c10c7e80a330d35ecf1c5419ec4eadba2ea55f754f312f0ebcb4358879754aa16739054ec48d35ae914ea8346b70eb82925313107c9d9ceada22fd7259aaefb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
71d0a4acf03a2ecc2311893de0fc966d

SHA1
9313b8218824d49eff3ed7fbc6fbf3d897a4aed8

SHA256
09ab4ed79645f31bf75fe603849ad05e95ad04380e54bae378a17902259018af

SHA512
d641487631078c996b1ae1df6008f082f4fba3407f89a417a933eb23834e799031c42f0aa68cbcc922228e42241f1a727d373c37b7ee69117875acb9bfe9ec2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

Filesize
15KB

MD5
9d1ef628a9d93b761bab5dbadbbe8985

SHA1
778307eb9bfc6b47f9b3d9c648d65d6e3c5cbdb2

SHA256
4ff9cce06ef20a9aac920a3ee1e25340a37ede4decfff17a00d39e6ef91b175f

SHA512
3546c454a479a2bad590a11ea066639b8d411c8eac98f188bac3b40649a16dfa6161099294e4802bd92988b6e8739f20c693ecf5b102cd854214b297c059ddc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
ad50766a4dd88087b56476bcbb8b25ed

SHA1
f2e3d2ba223e9e29987030c33ad339ae3cd8f4d2

SHA256
9da65a590f139fcb7ea98b6923cc688f0b38bdecfa5fd9748a1845f519b67639

SHA512
06db7ed5e021ffee8d7130d1ba66b167c67efa90567b8bdb7c9c2a890a7ae9fd9b08b800fec619ddf729816e865227a06b7100cf22cf770e48adb1be4abf413e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

Filesize
3KB

MD5
f00fdc2d1d971a37770437913109904f

SHA1
932d6af32428b3666ba7c0f586ef4e2939f644a9

SHA256
45b0e6391ce2bb09323bfeb19c3168897414b19a42b0530238d1ffbae19bf1d9

SHA512
2e41bfe37f5b4ca697df0de1051b55d7f363b031b421e38adbc9640798f12682782ad9c53d051f1df2ef724153f60dfe995151a67c033fd6c51a54dac995cf52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
317B

MD5
5ea6966c557d0ca352f4edce37306e04

SHA1
386f4c2d704a1bc2053c9f23125cc71a09f05fe7

SHA256
0a069024b4232930a47e0f22035d45db6bf12b772ae9f3b8e9dfd0a43d1cb29a

SHA512
ff0ca07a03ade501dfddae9ff3932be505b6dcd3fd336bf967803c3132313bbfcdfd716825f76d0a53ba29e8cbc06b68801933ee32414224b7953aacc00a9360

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
918B

MD5
70679db81f1932275c468f8702df787f

SHA1
679b9f268cd94fed964ea73c52c7f18cb5f440a9

SHA256
1091013ab3bb1fbfd5002dad9909b67b00d4051cfeb303db9545ad6cec494a1c

SHA512
2babe463ee529bd547f34fd86b12abbb950583284154cecdbc87759d25cd0b806ff97f2e58d6ce247cb5ac500645c738c3cce45839755b5fabdd0f22c24ea79a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
335B

MD5
debcff8a5f7d064e504f81147f9f6efe

SHA1
2bace0a450c66163f2a21106c7866599e780cc30

SHA256
27709940c04888dc5289c56cdf810df3dd29b4809c312206bf02e7bdc05dbd7a

SHA512
c304ffe163bb078f4e07481a93da743b082a41d8e00730856abde6bbad1212cbc623052a5c0aaa740a22b15b3e0b5f8bc96e43e6fc518e2fbc2b5ac7729b8cfa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
8ed4d8fa280720bf2a7a0f9f18248945

SHA1
06f41cbe40ac1ab2b69bcef5dbe0d18e9f47d941

SHA256
21054689af32af2c0597f7a26c35f56224f428457528336bb3e2b53de85c9614

SHA512
846fe4a5945bddfa7f4bbff3c1607f8904b485f6b6b27ec55c629e227b44a64a3595e060d7768645350133e8e56112ef2c6c4ad6c16d5213fb76517e9acd6f8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
8f6216753c7f64cf46059f5886110ec2

SHA1
5ccc2f2578e5ed1b0ed38b15c7d56bc0059cbd7a

SHA256
f57754e4f12d44aec991c21c076a83b55c675a6061adf3685877eb6645659650

SHA512
eb405f63fcba5b3f4e9cfe129a19633de04634dd3bc82571fc93723d52e87a924e35d30576c5cbbb51c0279a22403bcef823f3f04897d99de0f35af01b62a3c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
3da63753ba6d412eff404d5b5b2087b7

SHA1
71f626a2346c29ef66d219798bfd3880da268a71

SHA256
11e73714f70aa7198f0dfbaa56ca14fb2aefdba5cec2e87b398344e3c0c167d0

SHA512
807ab0d67fb1ec944d52e388db7bbf8eaf3ad8a07b2bca90aa61fb10f973f4b471d39ccdbb57917af17df23855fca1e1ca037795b20ed376333a1acdf528708c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\f_000001

Filesize
16KB

MD5
ae9c274e26878d5f3f7aa93d8571b0e2

SHA1
559b7adc9cb68cfaba7e34f8a2e11e78a1f60d77

SHA256
1eba1ce6fb0dc8c765a4a21ee41a404ff63ea599c51383a53fadf5800fa8b03f

SHA512
fd63e27d4c0bf40b1245251ce75b1de114db47ccfb65dee437696696c130c45359bac4f1a60248a8db1b9cc2b6d20bef614b0c72ab40ec292c944b9338ff7079

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
009b9a2ee7afbf6dd0b9617fc8f8ecba

SHA1
c97ed0652e731fc412e3b7bdfca2994b7cc206a7

SHA256
de607a2c68f52e15a104ead9ecbaa3e6862fdb11eac080e408ba4d69f1f7a915

SHA512
6161dd952ae140a8fb8aa5e33f06bc65fdc15ce3fbfe4c576dc2668c86bce4a1d5c1112caee014e5efa3698547faad3bc80ec253eedb43148e36e1a02ce89910

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
5c485b67bc665c9fe6fe4af535c9e6f9

SHA1
9a769dc96443acc52e8780d68f6694cedcbd7103

SHA256
75a83ebc97f088012226872d778fb29cc53bfa07ee215112a9bfe0d56a9cbc71

SHA512
a6a873064310ad840f977da24b79eb13115a95de858c740350e80b3601d9d9434592551c154c7975b787fce74daed38678be37579fde1a1105ad7dc17251a521

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
334KB

MD5
9def77534d0a5fd988dee649441fc0b8

SHA1
5d5b4ccf559409bb529834189c28ee2e488c68e5

SHA256
1f9fd031d56b3a31d51ec133de46c47773e585ade9ecad086cc63b41014cce9e

SHA512
c8c6985b7962cd54df14d7991088f9d41ce1a049fd5a32a9b29c5538b8494ed403294da9da92b4fb2355ec7176d24d392eb0ce8e1d9d68e49361dfcfdb6f1d18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
333KB

MD5
f3e38aee2b90b05c95993d5cf2582eac

SHA1
8ca5a363ce0fd2db157d051aa12c3654c2d7ecf9

SHA256
c57473356a7b1c4ad6f6b9a8d6b20b1900d391e0a04fec342887e5870d604fb5

SHA512
eb82471a250b56ccc0b651fdbaa6ba6516eb52e47230668eadcdf8342fffb8dfd10d4b9243f3c802e843dca44ef63447f7e54e6555eac7467eb393a9ddd80bd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
492957f86e06c44169f4dd5d16f33361

SHA1
5ccf5ab5c7d0476fa8e2c1e36b7865bc4008e1c7

SHA256
4548c1473a99417364c4aba4e9deb45e72ecbabff818396bb033a8e676df55a5

SHA512
ef2d66108199306a6706d5b1ac0371c15c00abaa73748f10bb329695ad9783030d822454320f06f82fd667f788fe7c9b2f4bf03dc97d2958027108eb8a799016

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State~RFe59572e.TMP

Filesize
290KB

MD5
c8b4c325c7412c99048f1e226bd916fb

SHA1
78119d5f838461c16aa1cb16ca4e6150d46516fb

SHA256
727323b87167fbdd4cb2f8b9b19290e155c41acc988d5d16985a4ac0d66525a1

SHA512
8d11c237bc73dba70ea9935fed6f0a11cfbd1670ddc072f946abf79f5a1644476f83600e1c4c79b8b1d1bf6caed64e42a6ad34aa4a8093b4f7fb975a94963639

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
86KB

MD5
ac2600cf131ea78f0958764339963d40

SHA1
095f1e1ec0136a42ca241cb392d549e389a2c143

SHA256
5393431826e7a01e6fd5513c3448e7e81ac917688fc685d2810c6923de6d64e2

SHA512
2644c07a0f760fe9ab65d3207f7c40e3ed7b81d60c6168421bee8fb786669187e76ad0222daffc4e8647c0ec39865984f40a0e899bb5bce5c2c5c2de21eedf90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe585afc.TMP

Filesize
83KB

MD5
849ef4a8d51ca63d12a749801a1e28cb

SHA1
94f6b0950b37c8db2f25f66286221933990dddac

SHA256
f7f6f06bc816c97e79d354b3b909de0c06e321418e1db1e072a7863c7b65c84f

SHA512
2f339aa4cd29149d5e46667549df39d27ecac3fcfd3eb297aacbd79498829a203dc9879752c038181b87593f062fc935ca9da0cfb3a4ef41eefb22600c00e5e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
57178972220bd075dd10d3a0e6b65632

SHA1
03ff35b3d35c39b53adaa6222a322640c906c840

SHA256
9f339d4fd0176780a8e627d679bb179befefcf3ffb85cbb8816d959cafb1d6db

SHA512
0f814997a45a9e034be0aa0407ec356f9da5ec0ff4b42899d863ec6cfd4927305ebd4c61ee116da14db4a8dee4543ccfdc33c54f0aed8ca4ca26a289463dbf4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt

Filesize
4B

MD5
9e058ada5a2c6cc5eed963a3237af725

SHA1
be93a3e0b4dc6660dd09472420981b3f5962b501

SHA256
d657197f438782dea00c4919a51f54cdda8ca1b9ed86a97682f08595f588330c

SHA512
4a962c81cbd7d26472507c47b1b33289dec2aa779a010b4f6d23a64a712d3eb29f7380cdf21df931f4de96906672d9f3e147e5baf646c201f44a605bff5018ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\NDF4963.tmp

Filesize
3KB

MD5
e310e5578a38aa0803fe501af84e061d

SHA1
ec4e52893b7da842778df8d6658b356de731249b

SHA256
904b48d7f7c6f079ddf5453bfe05bd98118a7e69d0bba17a75f2209a7a5389bd

SHA512
36465ac3ee139947b6623b0efc85cbf66dc8640dbb41abb613057b7d4b48e816bb67cc4893bd994f4f81d2978397f0a8361b2300eb5fb38cb0dcf01a546bceb2

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_zsc3zcd4.i4f.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
202B

MD5
4566d1d70073cd75fe35acb78ff9d082

SHA1
f602ecc057a3c19aa07671b34b4fdd662aa033cc

SHA256
fe33f57205e2ebb981c4744d5a4ddc231f587a9a0589e6565c52e1051eadb0c0

SHA512
b9584ebfdd25cc588162dd6525a399c72ac03bf0c61709b96a19feba7217d840ae2c60d7b0d3b43307a2776f497a388e79ef8a646c12ae59a7f5cc4789bbf3c8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
3KB

MD5
4cd73774ffffff204c391c029bcbbe24

SHA1
4d5c03e983b70da0c2c61bae41615357c9a2e737

SHA256
1fd173a9a8828b45e4490059dea48f06fbf051185b922d635e83970813416650

SHA512
10d9124cfea1ccda1aed82b15ef2cf9130483ab30029173e79651a2d542db36930a884da03e7d5a31c655412eeac0368edf3f3895056b17cdce5a84c5d41d8d1

Download Submit
C:\Windows\TEMP\SDIAG_cf2cf0f9-3e6f-46f2-a9e7-cec645bf361b\NetworkDiagnosticsTroubleshoot.ps1

Filesize
25KB

MD5
d0cfc204ca3968b891f7ce0dccfb2eda

SHA1
56dad1716554d8dc573d0ea391f808e7857b2206

SHA256
e3940266b4368c04333db89804246cb89bf2073626f22b8de72bea27c522282a

SHA512
4d2225b599ad8af8ba8516f12cfddca5ec0ce69c5c80b133a6a323e9aaf5e0312efbcfa54d2e4462a5095f9a7c42b9d5b39f3204e0be72c3b1992cf33b22087c

Download Submit
C:\Windows\TEMP\SDIAG_cf2cf0f9-3e6f-46f2-a9e7-cec645bf361b\UtilityFunctions.ps1

Filesize
53KB

MD5
c912faa190464ce7dec867464c35a8dc

SHA1
d1c6482dad37720db6bdc594c4757914d1b1dd70

SHA256
3891846307aa9e83bca66b13198455af72af45bf721a2fbd41840d47e2a91201

SHA512
5c34352d36459fd8fcda5b459a2e48601a033af31d802a90ed82c443a5a346b9480880d30c64db7ad0e4a8c35b98c98f69eceedad72f2a70d9c6cca74dce826a

Download Submit
C:\Windows\TEMP\SDIAG_cf2cf0f9-3e6f-46f2-a9e7-cec645bf361b\UtilitySetConstants.ps1

Filesize
2KB

MD5
0c75ae5e75c3e181d13768909c8240ba

SHA1
288403fc4bedaacebccf4f74d3073f082ef70eb9

SHA256
de5c231c645d3ae1e13694284997721509f5de64ee5c96c966cdfda9e294db3f

SHA512
8fc944515f41a837c61a6c4e5181ca273607a89e48fbf86cf8eb8db837aed095aa04fc3043029c3b5cb3710d59abfd86f086ac198200f634bfb1a5dd0823406b

Download Submit
C:\Windows\TEMP\SDIAG_cf2cf0f9-3e6f-46f2-a9e7-cec645bf361b\en-US\LocalizationData.psd1

Filesize
5KB

MD5
91f545459be2ff513b8d98c7831b8e54

SHA1
499e4aa76fc21540796c75ba5a6a47980ff1bc21

SHA256
1ccd68e58ead16d22a6385bb6bce0e2377ed573387bdafac3f72b62264d238ff

SHA512
469571a337120885ee57e0c73a3954d0280fa813e11709ee792285c046f6ddaf9be5583e475e627ea5f34e8e6fb723a4681289312f0e51dc8e9894492407b911

Download Submit
C:\Windows\Temp\SDIAG_cf2cf0f9-3e6f-46f2-a9e7-cec645bf361b\DiagPackage.dll

Filesize
488KB

MD5
ec287e627bf07521b8b443e5d7836c92

SHA1
02595dde2bd98326d8608ee3ddabc481ddc39c3d

SHA256
35fa9f66ed386ee70cb28ec6e03a3b4848e3ae11c8375ba3b17b26d35bd5f694

SHA512
8465ae3ca6a4355888eecedda59d83806faf2682431f571185c31fb8a745f2ef4b26479f07aaf2693cd83f2d0526a1897a11c90a1f484a72f1e5965b72de9903

Download Submit
C:\Windows\Temp\SDIAG_cf2cf0f9-3e6f-46f2-a9e7-cec645bf361b\en-US\DiagPackage.dll.mui

Filesize
17KB

MD5
44b3399345bc836153df1024fa0a81e1

SHA1
ce979bfdc914c284a9a15c4d0f9f18db4d984cdd

SHA256
502abf2efedb7f76147a95dc0755723a070cdc3b2381f1860313fd5f01c4fb4d

SHA512
a49ba1a579eedca2356f8a4df94b1c273e483ceace93c617cddee77f66e90682836c77cea58047320b2c2f1d0e23ee7efa3d8af71e8ee864faef7e68f233bec4

Download Submit
memory/460-565-0x0000022DFF9B0000-0x0000022DFF9D2000-memory.dmp

Filesize
136KB

Download
memory/4376-15-0x00007FFC3C720000-0x00007FFC3C929000-memory.dmp

Filesize
2.0MB

Download
memory/4376-13-0x00007FFC3C720000-0x00007FFC3C929000-memory.dmp

Filesize
2.0MB

Download
memory/4376-129-0x00007FFC3C720000-0x00007FFC3C929000-memory.dmp

Filesize
2.0MB

Download
memory/4376-19-0x00007FFC3C720000-0x00007FFC3C929000-memory.dmp

Filesize
2.0MB

Download
memory/4376-20-0x00007FFC3C720000-0x00007FFC3C929000-memory.dmp

Filesize
2.0MB

Download
memory/4376-21-0x00007FFC3C720000-0x00007FFC3C929000-memory.dmp

Filesize
2.0MB

Download
memory/4376-22-0x00007FFC3C720000-0x00007FFC3C929000-memory.dmp

Filesize
2.0MB

Download
memory/4376-23-0x00007FFC3C720000-0x00007FFC3C929000-memory.dmp

Filesize
2.0MB

Download
memory/4376-18-0x00007FFC3C720000-0x00007FFC3C929000-memory.dmp

Filesize
2.0MB

Download
memory/4376-17-0x00007FFC3C720000-0x00007FFC3C929000-memory.dmp

Filesize
2.0MB

Download
memory/4376-16-0x00007FFBFA3B0000-0x00007FFBFA3C0000-memory.dmp

Filesize
64KB

Download
memory/4376-0-0x00007FFBFC7B0000-0x00007FFBFC7C0000-memory.dmp

Filesize
64KB

Download
memory/4376-14-0x00007FFBFA3B0000-0x00007FFBFA3C0000-memory.dmp

Filesize
64KB

Download
memory/4376-112-0x00007FFC3C720000-0x00007FFC3C929000-memory.dmp

Filesize
2.0MB

Download
memory/4376-11-0x00007FFC3C720000-0x00007FFC3C929000-memory.dmp

Filesize
2.0MB

Download
memory/4376-12-0x00007FFC3C720000-0x00007FFC3C929000-memory.dmp

Filesize
2.0MB

Download
memory/4376-10-0x00007FFC3C720000-0x00007FFC3C929000-memory.dmp

Filesize
2.0MB

Download
memory/4376-9-0x00007FFC3C720000-0x00007FFC3C929000-memory.dmp

Filesize
2.0MB

Download
memory/4376-6-0x00007FFC3C720000-0x00007FFC3C929000-memory.dmp

Filesize
2.0MB

Download
memory/4376-8-0x00007FFC3C720000-0x00007FFC3C929000-memory.dmp

Filesize
2.0MB

Download
memory/4376-7-0x00007FFC3C720000-0x00007FFC3C929000-memory.dmp

Filesize
2.0MB

Download
memory/4376-1-0x00007FFBFC7B0000-0x00007FFBFC7C0000-memory.dmp

Filesize
64KB

Download
memory/4376-5-0x00007FFC3C7C3000-0x00007FFC3C7C4000-memory.dmp

Filesize
4KB

Download
memory/4376-2-0x00007FFBFC7B0000-0x00007FFBFC7C0000-memory.dmp

Filesize
64KB

Download
memory/4376-4-0x00007FFBFC7B0000-0x00007FFBFC7C0000-memory.dmp

Filesize
64KB

Download
memory/4376-3-0x00007FFBFC7B0000-0x00007FFBFC7C0000-memory.dmp

Filesize
64KB

Download