ploutus | d9f553bfe5254e734f2c687a69d9a61f082b87c74fc03af1a51dff715a6d7e9d

Resubmissions

11-07-2024 20:08

240711-ywph4avapg 10

11-07-2024 20:05

240711-yt1hksthre 10

11-07-2024 20:04

240711-ytal6athpc 10

Analysis

max time kernel
337s
max time network
284s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
11-07-2024 20:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PCPS.exe
Size

2.8MB
MD5

483da837d70e72105520ea82033c49ff
SHA1

4339212b959c1ead23bb5cc31dcf12736ee3e1d4
SHA256

d9f553bfe5254e734f2c687a69d9a61f082b87c74fc03af1a51dff715a6d7e9d
SHA512

1501cef6c13fd7285749b27ff1f1cb7bcbd4e75543eb3b3d78da649c3603028731b361a24d724d68dc41737e550ac826baf829806a69d7a90366e1768a58d23f
SSDEEP

49152:B3+xTCM1oVeG0kGj/esU462SJJm0tjRU+hT9Lgr84zMG8qK7kyjF3U4RRGef++fd:BLGefGh

Score

10^/10

ploutus atm backdoor discovery

Malware Config

Signatures

Detected Ploutus loader 1 IoCs

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000069	family_ploutus

Ploutus
Ploutus is an ATM malware written in C#.
backdoor atm ploutus

Drops file in Drivers directory 3 IoCs

Processes:

NPFInstall.exe

description	ioc	process
File opened for modification	C:\Windows\system32\DRIVERS\SETC082.tmp	NPFInstall.exe
File created	C:\Windows\system32\DRIVERS\SETC082.tmp	NPFInstall.exe
File opened for modification	C:\Windows\system32\DRIVERS\npcap.sys	NPFInstall.exe

Executes dropped EXE 10 IoCs

Processes:

PCPS.exePCPS.exeNDP452-KB2901907-x86-x64-AllOS-ENU.exenpcap-0.9994.exeNPFInstall.exeNPFInstall.exeNPFInstall.exeNPFInstall.exeSetup.exePCPS.exe

pid	process
2524	PCPS.exe
4184	PCPS.exe
3672	NDP452-KB2901907-x86-x64-AllOS-ENU.exe
1872	npcap-0.9994.exe
5296	NPFInstall.exe
5620	NPFInstall.exe
5832	NPFInstall.exe
6008	NPFInstall.exe
5936	Setup.exe
5304	PCPS.exe

Loads dropped DLL 42 IoCs

Processes:

PCPS.exePCPS.exePCPS.exenpcap-0.9994.exeSetup.exePCPS.exe

pid	process
4852	PCPS.exe
4852	PCPS.exe
4852	PCPS.exe
2524	PCPS.exe
2524	PCPS.exe
2524	PCPS.exe
4184	PCPS.exe
4184	PCPS.exe
4184	PCPS.exe
1872	npcap-0.9994.exe
1872	npcap-0.9994.exe
1872	npcap-0.9994.exe
1872	npcap-0.9994.exe
1872	npcap-0.9994.exe
1872	npcap-0.9994.exe
1872	npcap-0.9994.exe
1872	npcap-0.9994.exe
1872	npcap-0.9994.exe
1872	npcap-0.9994.exe
1872	npcap-0.9994.exe
1872	npcap-0.9994.exe
1872	npcap-0.9994.exe
1872	npcap-0.9994.exe
1872	npcap-0.9994.exe
1872	npcap-0.9994.exe
1872	npcap-0.9994.exe
1872	npcap-0.9994.exe
1872	npcap-0.9994.exe
1872	npcap-0.9994.exe
1872	npcap-0.9994.exe
1872	npcap-0.9994.exe
1872	npcap-0.9994.exe
5936	Setup.exe
5936	Setup.exe
5936	Setup.exe
5936	Setup.exe
5936	Setup.exe
5304	PCPS.exe
5304	PCPS.exe
5304	PCPS.exe
5304	PCPS.exe
5304	PCPS.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 44 IoCs

Processes:

DrvInst.exeNPFInstall.exechrome.exenpcap-0.9994.exe

description	ioc	process
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{e06edfb0-cc02-ec44-87da-0a95ff19dc20}	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netbrdg.inf_amd64_3debe5e78bab1bca\netbrdg.PNF	NPFInstall.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	C:\Windows\system32\Npcap\Packet.dll	npcap-0.9994.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\npcap.inf_amd64_47a1d461362892df\NPCAP.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\npcap.inf_amd64_47a1d461362892df\npcap.cat	DrvInst.exe
File created	C:\Windows\SysWOW64\Npcap\Packet.dll	npcap-0.9994.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{e06edfb0-cc02-ec44-87da-0a95ff19dc20}\npcap.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{e06edfb0-cc02-ec44-87da-0a95ff19dc20}\npcap.sys	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netvwififlt.inf_amd64_882899f2b1006416\netvwififlt.PNF	NPFInstall.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_netservice.inf_amd64_bc519c177a90877a\c_netservice.PNF	NPFInstall.exe
File created	C:\Windows\System32\DriverStore\FileRepository\npcap.inf_amd64_47a1d461362892df\npcap.PNF	NPFInstall.exe
File created	C:\Windows\system32\Npcap\WlanHelper.exe	npcap-0.9994.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{e06edfb0-cc02-ec44-87da-0a95ff19dc20}\SETBE80.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{e06edfb0-cc02-ec44-87da-0a95ff19dc20}\SETBE81.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{e06edfb0-cc02-ec44-87da-0a95ff19dc20}\NPCAP.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\npcap.inf_amd64_47a1d461362892df\npcap.sys	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netpacer.inf_amd64_8074ac14f1ab2957\netpacer.PNF	NPFInstall.exe
File created	C:\Windows\system32\Packet.dll	npcap-0.9994.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{e06edfb0-cc02-ec44-87da-0a95ff19dc20}\SETBE6F.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ndiscap.inf_amd64_d34968d7b3e6da21\ndiscap.PNF	NPFInstall.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wfpcapture.inf_amd64_54cf91ab0e4c9ac2\wfpcapture.PNF	NPFInstall.exe
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	C:\Windows\SysWOW64\wpcap.dll	npcap-0.9994.exe
File created	C:\Windows\SysWOW64\Npcap\NpcapHelper.exe	npcap-0.9994.exe
File created	C:\Windows\SysWOW64\Npcap\WlanHelper.exe	npcap-0.9994.exe
File created	C:\Windows\SysWOW64\NpcapHelper.exe	npcap-0.9994.exe
File created	C:\Windows\system32\WlanHelper.exe	npcap-0.9994.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netserv.inf_amd64_56c163d21e8c2b62\netserv.PNF	NPFInstall.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netnwifi.inf_amd64_0525128a3d54207e\netnwifi.PNF	NPFInstall.exe
File created	C:\Windows\system32\Npcap\NpcapHelper.exe	npcap-0.9994.exe
File created	C:\Windows\System32\DriverStore\Temp\{e06edfb0-cc02-ec44-87da-0a95ff19dc20}\SETBE80.tmp	DrvInst.exe
File created	C:\Windows\SysWOW64\Packet.dll	npcap-0.9994.exe
File created	C:\Windows\SysWOW64\WlanHelper.exe	npcap-0.9994.exe
File created	C:\Windows\system32\wpcap.dll	npcap-0.9994.exe
File created	C:\Windows\system32\NpcapHelper.exe	npcap-0.9994.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrass.inf_amd64_72f156a5ee3f59e8\netrass.PNF	NPFInstall.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netnb.inf_amd64_10acfa4b924dd181\netnb.PNF	NPFInstall.exe
File created	C:\Windows\SysWOW64\Npcap\wpcap.dll	npcap-0.9994.exe
File created	C:\Windows\system32\Npcap\wpcap.dll	npcap-0.9994.exe
File created	C:\Windows\System32\DriverStore\Temp\{e06edfb0-cc02-ec44-87da-0a95ff19dc20}\SETBE6F.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{e06edfb0-cc02-ec44-87da-0a95ff19dc20}\SETBE81.tmp	DrvInst.exe

Drops file in Program Files directory 16 IoCs

Processes:

npcap-0.9994.exeNPFInstall.exeNPFInstall.exeNPFInstall.exeNPFInstall.exe

description	ioc	process
File created	C:\Program Files\Npcap\npcap_wfp.inf	npcap-0.9994.exe
File created	C:\Program Files\Npcap\CheckStatus.bat	npcap-0.9994.exe
File created	C:\Program Files\Npcap\DiagReport.ps1	npcap-0.9994.exe
File created	C:\Program Files\Npcap\npcap.cat	npcap-0.9994.exe
File created	C:\Program Files\Npcap\NPFInstall.exe	npcap-0.9994.exe
File created	C:\Program Files\Npcap\npcap.inf	npcap-0.9994.exe
File opened for modification	C:\Program Files\Npcap\install.log	npcap-0.9994.exe
File created	C:\Program Files\Npcap\Uninstall.exe	npcap-0.9994.exe
File opened for modification	C:\Program Files\Npcap\NPFInstall.log	NPFInstall.exe
File opened for modification	C:\Program Files\Npcap\NPFInstall.log	NPFInstall.exe
File created	C:\Program Files\Npcap\LICENSE	npcap-0.9994.exe
File opened for modification	C:\Program Files\Npcap\NPFInstall.log	NPFInstall.exe
File created	C:\Program Files\Npcap\FixInstall.bat	npcap-0.9994.exe
File created	C:\Program Files\Npcap\npcap.sys	npcap-0.9994.exe
File opened for modification	C:\Program Files\Npcap\NPFInstall.log	NPFInstall.exe
File created	C:\Program Files\Npcap\DiagReport.bat	npcap-0.9994.exe

Drops file in Windows directory 7 IoCs

Processes:

chrome.exeNPFInstall.exesvchost.exeDrvInst.exe

description	ioc	process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	NPFInstall.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	svchost.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\inf\oem3.inf	DrvInst.exe
File created	C:\Windows\inf\oem3.inf	DrvInst.exe
File created	C:\Windows\INF\oem3.PNF	NPFInstall.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Program crash 3 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exe

pid pid_target process target process

3144 4852 WerFault.exe PCPS.exe
3108 2524 WerFault.exe PCPS.exe
2664 4184 WerFault.exe PCPS.exe

pid	pid_target	process	target process
3144	4852	WerFault.exe	PCPS.exe
3108	2524	WerFault.exe	PCPS.exe
2664	4184	WerFault.exe	PCPS.exe

NSIS installer 2 IoCs

installer

Processes:

resource	yara_rule
C:\Users\Admin\Downloads\Unconfirmed 286333.crdownload	nsis_installer_1
C:\Users\Admin\Downloads\Unconfirmed 286333.crdownload	nsis_installer_2

Checks SCSI registry key(s) 3 TTPs 38 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

NPFInstall.exeDrvInst.exesvchost.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	NPFInstall.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	NPFInstall.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	NPFInstall.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	NPFInstall.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	NPFInstall.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	NPFInstall.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	NPFInstall.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	NPFInstall.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	NPFInstall.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	NPFInstall.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	NPFInstall.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	NPFInstall.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	DrvInst.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Setup.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Setup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Setup.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 43 IoCs

Processes:

DrvInst.exechrome.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133652021195365651"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe

Modifies registry class 1 IoCs

Processes:

MiniSearchHost.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-2087971895-212656400-463594913-1000_Classes\Local Settings\MuiCache MiniSearchHost.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2087971895-212656400-463594913-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

NTFS ADS 3 IoCs

Processes:

chrome.exechrome.exechrome.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\PCPS.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\npcap-0.9994.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\NDP452-KB2901907-x86-x64-AllOS-ENU.exe:Zone.Identifier	chrome.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence execution

Scheduled Task
T1053.005

Processes:

SCHTASKS.EXE

pid process

5460 SCHTASKS.EXE

pid	process
5460	SCHTASKS.EXE

Suspicious behavior: EnumeratesProcesses 16 IoCs

Processes:

chrome.exechrome.exeNPFInstall.exeSetup.exe

pid	process
2808	chrome.exe
2808	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
5296	NPFInstall.exe
5296	NPFInstall.exe
5936	Setup.exe
5936	Setup.exe
5936	Setup.exe
5936	Setup.exe
5936	Setup.exe
5936	Setup.exe
5936	Setup.exe
5936	Setup.exe

Suspicious behavior: LoadsDriver 4 IoCs

Processes:

pid process

652
652
652
652

pid	process
652
652
652
652

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs

Processes:

chrome.exe

pid	process
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exe

pid	process
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe

Suspicious use of SendNotifyMessage 16 IoCs

Processes:

chrome.exe

pid	process
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe

Suspicious use of SetWindowsHookEx 8 IoCs

Processes:

MiniSearchHost.exeNDP452-KB2901907-x86-x64-AllOS-ENU.exenpcap-0.9994.exeNPFInstall.exeNPFInstall.exeNPFInstall.exeNPFInstall.exeSetup.exe

pid	process
2648	MiniSearchHost.exe
3672	NDP452-KB2901907-x86-x64-AllOS-ENU.exe
1872	npcap-0.9994.exe
5296	NPFInstall.exe
5620	NPFInstall.exe
5832	NPFInstall.exe
6008	NPFInstall.exe
5936	Setup.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2808 wrote to memory of 1688	2808	chrome.exe	chrome.exe
PID 2808 wrote to memory of 1688	2808	chrome.exe	chrome.exe
PID 2808 wrote to memory of 4232	2808	chrome.exe	chrome.exe
PID 2808 wrote to memory of 4232	2808	chrome.exe	chrome.exe
PID 2808 wrote to memory of 4232	2808	chrome.exe	chrome.exe
PID 2808 wrote to memory of 4232	2808	chrome.exe	chrome.exe
PID 2808 wrote to memory of 4232	2808	chrome.exe	chrome.exe
PID 2808 wrote to memory of 4232	2808	chrome.exe	chrome.exe
PID 2808 wrote to memory of 4232	2808	chrome.exe	chrome.exe
PID 2808 wrote to memory of 4232	2808	chrome.exe	chrome.exe
PID 2808 wrote to memory of 4232	2808	chrome.exe	chrome.exe
PID 2808 wrote to memory of 4232	2808	chrome.exe	chrome.exe
PID 2808 wrote to memory of 4232	2808	chrome.exe	chrome.exe
PID 2808 wrote to memory of 4232	2808	chrome.exe	chrome.exe
PID 2808 wrote to memory of 4232	2808	chrome.exe	chrome.exe
PID 2808 wrote to memory of 4232	2808	chrome.exe	chrome.exe
PID 2808 wrote to memory of 4232	2808	chrome.exe	chrome.exe
PID 2808 wrote to memory of 4232	2808	chrome.exe	chrome.exe
PID 2808 wrote to memory of 4232	2808	chrome.exe	chrome.exe
PID 2808 wrote to memory of 4232	2808	chrome.exe	chrome.exe
PID 2808 wrote to memory of 4232	2808	chrome.exe	chrome.exe
PID 2808 wrote to memory of 4232	2808	chrome.exe	chrome.exe
PID 2808 wrote to memory of 4232	2808	chrome.exe	chrome.exe
PID 2808 wrote to memory of 4232	2808	chrome.exe	chrome.exe
PID 2808 wrote to memory of 4232	2808	chrome.exe	chrome.exe
PID 2808 wrote to memory of 4232	2808	chrome.exe	chrome.exe
PID 2808 wrote to memory of 4232	2808	chrome.exe	chrome.exe
PID 2808 wrote to memory of 4232	2808	chrome.exe	chrome.exe
PID 2808 wrote to memory of 4232	2808	chrome.exe	chrome.exe
PID 2808 wrote to memory of 4232	2808	chrome.exe	chrome.exe
PID 2808 wrote to memory of 4232	2808	chrome.exe	chrome.exe
PID 2808 wrote to memory of 4232	2808	chrome.exe	chrome.exe
PID 2808 wrote to memory of 4064	2808	chrome.exe	chrome.exe
PID 2808 wrote to memory of 4064	2808	chrome.exe	chrome.exe
PID 2808 wrote to memory of 3812	2808	chrome.exe	chrome.exe
PID 2808 wrote to memory of 3812	2808	chrome.exe	chrome.exe
PID 2808 wrote to memory of 3812	2808	chrome.exe	chrome.exe
PID 2808 wrote to memory of 3812	2808	chrome.exe	chrome.exe
PID 2808 wrote to memory of 3812	2808	chrome.exe	chrome.exe
PID 2808 wrote to memory of 3812	2808	chrome.exe	chrome.exe
PID 2808 wrote to memory of 3812	2808	chrome.exe	chrome.exe
PID 2808 wrote to memory of 3812	2808	chrome.exe	chrome.exe
PID 2808 wrote to memory of 3812	2808	chrome.exe	chrome.exe
PID 2808 wrote to memory of 3812	2808	chrome.exe	chrome.exe
PID 2808 wrote to memory of 3812	2808	chrome.exe	chrome.exe
PID 2808 wrote to memory of 3812	2808	chrome.exe	chrome.exe
PID 2808 wrote to memory of 3812	2808	chrome.exe	chrome.exe
PID 2808 wrote to memory of 3812	2808	chrome.exe	chrome.exe
PID 2808 wrote to memory of 3812	2808	chrome.exe	chrome.exe
PID 2808 wrote to memory of 3812	2808	chrome.exe	chrome.exe
PID 2808 wrote to memory of 3812	2808	chrome.exe	chrome.exe
PID 2808 wrote to memory of 3812	2808	chrome.exe	chrome.exe
PID 2808 wrote to memory of 3812	2808	chrome.exe	chrome.exe
PID 2808 wrote to memory of 3812	2808	chrome.exe	chrome.exe
PID 2808 wrote to memory of 3812	2808	chrome.exe	chrome.exe
PID 2808 wrote to memory of 3812	2808	chrome.exe	chrome.exe
PID 2808 wrote to memory of 3812	2808	chrome.exe	chrome.exe
PID 2808 wrote to memory of 3812	2808	chrome.exe	chrome.exe
PID 2808 wrote to memory of 3812	2808	chrome.exe	chrome.exe
PID 2808 wrote to memory of 3812	2808	chrome.exe	chrome.exe
PID 2808 wrote to memory of 3812	2808	chrome.exe	chrome.exe
PID 2808 wrote to memory of 3812	2808	chrome.exe	chrome.exe
PID 2808 wrote to memory of 3812	2808	chrome.exe	chrome.exe
PID 2808 wrote to memory of 3812	2808	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\PCPS.exe
"C:\Users\Admin\AppData\Local\Temp\PCPS.exe"
1⤵
- Loads dropped DLL
PID:4852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 1152
2⤵
- Program crash
PID:3144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4852 -ip 4852
1⤵
PID:4056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2808

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0x94,0x108,0x7ffb98dfcc40,0x7ffb98dfcc4c,0x7ffb98dfcc58
2⤵
PID:1688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1828,i,16689025799324559857,10334551938651114699,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1824 /prefetch:2
2⤵
PID:4232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1924,i,16689025799324559857,10334551938651114699,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2108 /prefetch:3
2⤵
PID:4064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2188,i,16689025799324559857,10334551938651114699,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2204 /prefetch:8
2⤵
PID:3812

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,16689025799324559857,10334551938651114699,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3152 /prefetch:1
2⤵
PID:3404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3176,i,16689025799324559857,10334551938651114699,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3192 /prefetch:1
2⤵
PID:4160

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4528,i,16689025799324559857,10334551938651114699,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4532 /prefetch:1
2⤵
PID:2420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4776,i,16689025799324559857,10334551938651114699,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4800 /prefetch:8
2⤵
PID:3596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4828,i,16689025799324559857,10334551938651114699,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4824 /prefetch:8
2⤵
PID:1932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4332,i,16689025799324559857,10334551938651114699,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4788 /prefetch:1
2⤵
PID:4680

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3324,i,16689025799324559857,10334551938651114699,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3472 /prefetch:1
2⤵
PID:2084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3204,i,16689025799324559857,10334551938651114699,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3148 /prefetch:8
2⤵
PID:1732

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3124,i,16689025799324559857,10334551938651114699,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4616 /prefetch:8
2⤵
PID:4856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4596,i,16689025799324559857,10334551938651114699,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4552 /prefetch:1
2⤵
PID:4948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4496,i,16689025799324559857,10334551938651114699,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4628 /prefetch:1
2⤵
PID:2308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3508,i,16689025799324559857,10334551938651114699,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5216 /prefetch:1
2⤵
PID:1184

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5356,i,16689025799324559857,10334551938651114699,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5384 /prefetch:1
2⤵
PID:3476

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5360,i,16689025799324559857,10334551938651114699,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5536 /prefetch:1
2⤵
PID:4116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3156,i,16689025799324559857,10334551938651114699,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3120 /prefetch:1
2⤵
PID:5004

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5328,i,16689025799324559857,10334551938651114699,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5300 /prefetch:1
2⤵
PID:3012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5456,i,16689025799324559857,10334551938651114699,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3256 /prefetch:1
2⤵
PID:4868

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=3564,i,16689025799324559857,10334551938651114699,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5144 /prefetch:1
2⤵
PID:4744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5136,i,16689025799324559857,10334551938651114699,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3268 /prefetch:1
2⤵
PID:4996

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5388,i,16689025799324559857,10334551938651114699,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5896 /prefetch:1
2⤵
PID:4020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6176,i,16689025799324559857,10334551938651114699,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=6204 /prefetch:8
2⤵
PID:3932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6192,i,16689025799324559857,10334551938651114699,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=6340 /prefetch:8
2⤵
PID:5000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5816,i,16689025799324559857,10334551938651114699,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=6544 /prefetch:8
2⤵
PID:1856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6528,i,16689025799324559857,10334551938651114699,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=6672 /prefetch:8
2⤵
PID:1732

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6824,i,16689025799324559857,10334551938651114699,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=6820 /prefetch:8
2⤵
PID:2748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5764,i,16689025799324559857,10334551938651114699,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5464 /prefetch:8
2⤵
- NTFS ADS
PID:1516

C:\Users\Admin\Downloads\PCPS.exe
"C:\Users\Admin\Downloads\PCPS.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 1152
3⤵
- Program crash
PID:3108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5108,i,16689025799324559857,10334551938651114699,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5768 /prefetch:8
2⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
PID:4372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=6160,i,16689025799324559857,10334551938651114699,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=6504 /prefetch:1
2⤵
PID:1296

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=5788,i,16689025799324559857,10334551938651114699,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5704 /prefetch:1
2⤵
PID:3292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=5812,i,16689025799324559857,10334551938651114699,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1168 /prefetch:1
2⤵
PID:4036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=6344,i,16689025799324559857,10334551938651114699,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5204 /prefetch:1
2⤵
PID:464

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=6188,i,16689025799324559857,10334551938651114699,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=6852 /prefetch:1
2⤵
PID:4932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=6836,i,16689025799324559857,10334551938651114699,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=6832 /prefetch:1
2⤵
PID:4592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=6220,i,16689025799324559857,10334551938651114699,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=6948 /prefetch:1
2⤵
PID:2448

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6712,i,16689025799324559857,10334551938651114699,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=6792 /prefetch:8
2⤵
PID:1632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6764,i,16689025799324559857,10334551938651114699,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=6700 /prefetch:8
2⤵
PID:1736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=6472,i,16689025799324559857,10334551938651114699,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=6432 /prefetch:1
2⤵
PID:2820

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=7008,i,16689025799324559857,10334551938651114699,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=7012 /prefetch:1
2⤵
PID:5064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=7120,i,16689025799324559857,10334551938651114699,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5140 /prefetch:8
2⤵
- NTFS ADS
PID:1560

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4476,i,16689025799324559857,10334551938651114699,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5648 /prefetch:8
2⤵
PID:464

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=7156,i,16689025799324559857,10334551938651114699,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5400 /prefetch:8
2⤵
- NTFS ADS
PID:2752

C:\Users\Admin\Downloads\PCPS.exe
"C:\Users\Admin\Downloads\PCPS.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4184 -s 1128
3⤵
- Program crash
PID:2664

C:\Users\Admin\Downloads\NDP452-KB2901907-x86-x64-AllOS-ENU.exe
"C:\Users\Admin\Downloads\NDP452-KB2901907-x86-x64-AllOS-ENU.exe"
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3672

F:\74a9514b92490e8c5549706a56\Setup.exe
F:\74a9514b92490e8c5549706a56\\Setup.exe /x86 /x64 /redist
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5936

C:\Users\Admin\Downloads\npcap-0.9994.exe
"C:\Users\Admin\Downloads\npcap-0.9994.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
PID:1872

C:\Users\Admin\AppData\Local\Temp\nsoB096.tmp\NPFInstall.exe
"C:\Users\Admin\AppData\Local\Temp\nsoB096.tmp\NPFInstall.exe" -n -check_dll
3⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5296

C:\Program Files\Npcap\NPFInstall.exe
"C:\Program Files\Npcap\NPFInstall.exe" -n -c
3⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
PID:5620

C:\Windows\SYSTEM32\pnputil.exe
pnputil.exe -e
4⤵
PID:5720

C:\Program Files\Npcap\NPFInstall.exe
"C:\Program Files\Npcap\NPFInstall.exe" -n -iw
3⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
PID:5832

C:\Program Files\Npcap\NPFInstall.exe
"C:\Program Files\Npcap\NPFInstall.exe" -n -i
3⤵
- Drops file in Drivers directory
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of SetWindowsHookEx
PID:6008

C:\Windows\SysWOW64\SCHTASKS.EXE
SCHTASKS.EXE /Create /F /RU SYSTEM /SC ONSTART /TN npcapwatchdog /TR "'C:\Program Files\Npcap\CheckStatus.bat'" /NP
3⤵
- Scheduled Task/Job: Scheduled Task
PID:5460

C:\Users\Admin\Downloads\PCPS.exe
"C:\Users\Admin\Downloads\PCPS.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5304

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:2436

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3112

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 2524 -ip 2524
1⤵
PID:3656

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 356 -p 4184 -ip 4184
1⤵
PID:1124

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
PID:5160

C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{9a214f9e-3e77-0d45-87ae-059be11e9376}\NPCAP.inf" "9" "405306be3" "0000000000000150" "WinSta0\Default" "0000000000000160" "208" "C:\Program Files\Npcap"
2⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
PID:3180

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe"
1⤵
PID:5184

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Npcap\NPFInstall.log
Filesize
1KB

MD5
75948e603e2f69d2eb6d5327b4166363

SHA1
1cb7c56e70588b4b89918f14fba783072521133e

SHA256
798e9806716a49c5e0d91b258f64415ada1ab396d478e60695607d2dabcd8717

SHA512
bd5e910a79d40dc7eaa5a9f765cc75cbf083b704ae982d06505672fd306ab7bd195c996f80908b465a8d43601b17b4d8c161e2323f1918f43a77943a95590d0f

Download Submit
C:\Program Files\Npcap\NPFInstall.log
Filesize
1KB

MD5
28e4521e8b6d4c802d4374b345409e07

SHA1
a55cc52af7a9293a5f69c80fd3e85f88fcd31b2f

SHA256
bdbd7a6b48fd6e4e3ab8cf89fdf34e4d8d7052258840ce28e25cd12b9cf904b0

SHA512
3ede53f9c21c10b5e4cb0114b2f1910e369e655e787e97c048ba947fe536c90000c074720d37acd4939405fde465396138c601c9bec5a2835dda17c25609ff94

Download Submit
C:\Program Files\Npcap\NPFInstall.log
Filesize
2KB

MD5
a281a4ded27ef5d3f557f6241fec73fb

SHA1
8a3e814f785d4c21a13fe4ad258533979460076a

SHA256
655e476991550d23a36e7c5dce20724decda0237cbfb87a6a57729ce334eff53

SHA512
60277270d8080a4aee27004eee1578ff2d777c6a22b0cd2854e26f0e21af4092912fd9fe57451eca0cf9add6f4ffcf216f36f68471a3c3724c1ea0fc884f5ed1

Download Submit
C:\Program Files\Npcap\NPFInstall.log
Filesize
3KB

MD5
b0357dc6d4ff457009b67289166c6975

SHA1
bad673e560461c936012077c232006e24aa6fd82

SHA256
f628e755f467863758f4bc95f853c4a60d466f96e2150e6bd9fb4360e6f16d07

SHA512
0a3fcda543c4c82f9ee5b20a7acfe9d2b14543719517539f12b8daf6112ac3905ff9292808529aa0f941868447480b01a86bc3bba2aa615e02109ad1a9677675

Download Submit
C:\Program Files\Npcap\NPFInstall.log
Filesize
4KB

MD5
36e71d7c3305560a6b73ca6b820a2db5

SHA1
fa88d158b24105dd91060d313e7fa09adfd41a83

SHA256
23605a7a1f51a8739bf615e6a1e73735210bc7d67db1a9ddbe55dcb31e472c69

SHA512
c1c64ae6b7ca969e76b70f28cfe7a7e394b93fb5f465967e50066e1f35ecdbabb1e054cff393cf52d4a6440432eb11eee2b8e29fc61bf637726ebdd619b9f08e

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001
Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000033
Filesize
20KB

MD5
96cb9fd0f36824d8c27addd06b8ab8ba

SHA1
a421246caa146de02879cbab8faf1c1707c40a00

SHA256
55f249b6067221ab0ecbc5e528d650544bb328ee950fa609873e9a5c39e28f63

SHA512
08696a0acad67522ba038440076c55320a17eea4be34750868d3aa7413a53f3d94a22e5a2541c152a02db59ee1fcc746e9859366d37a092057f4380f96d36734

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000034
Filesize
16KB

MD5
7cf890f06d02eedd578b09cbe5924f99

SHA1
6e450bbfac60dd22569abad70c57712d24e288e9

SHA256
eb7c7acbe612614cd6ebd0383c4f0011b86e697a55e0aec1d7d0c5e301840ced

SHA512
73210c4f81ebd54c880818b424dfaded8d431063e757a4aabbc932f580cf23138e66b5042d2915fe30b6f062385448b1e812d7120b12b61a74e83923de24f8d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000035
Filesize
23KB

MD5
08383bcd07c9f5800c4c58fac1d48f87

SHA1
b8689cd9a7525974881d25720c43d74409bcf228

SHA256
2f0e7313966b1ec3673d320d929815989e8bccacea7ed141a3f36794042eb75a

SHA512
494ce08495d6083036729df040515173f875c143822fcd2e4a2ed36be600d0a9e74dfb6b7eb0e1d3d9984dc1abff4c9c139d98772d36554030c5fe7e815b6beb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000036
Filesize
27KB

MD5
46914fd60f9a94011894414e498eb276

SHA1
5676f1494164e9fd0c1d0a1d1ed52b4dd8ea1db3

SHA256
ff09d5500f74fc5a2426e5d6df9de0b43feb0618b6c8f1ca5bf0feb843addb3c

SHA512
8ad1364723c90f3a1f5fbc5ee3c820087a549551c037639e04119a776739c107cfa62fb4483e2314b0c2a8bc020088cd971f555f90037b0e2f402b520b8d70aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000037
Filesize
20KB

MD5
59cf60eb079b936fb897c70aab9d77a2

SHA1
6db9b46af8b74a7d555201bdde2c66ad3f4fb782

SHA256
2a561c87c37d4fa9c98e5af246708615d099081150665b51da5624772421a55b

SHA512
1f69c01473770051c043cd5d23f6cf0881dffe21ff2b2be95794ddc3edb89828b4430cab760b54881ebc4d29cde5f5f8abcda2bf074905345e6b6713c3a9586d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000038
Filesize
43KB

MD5
c7e77ec5df82c134bef4a1401991f81f

SHA1
07b4c346f3ea7f53873500ee5884a664147e7578

SHA256
9df05c465f3fdfd834a984753d695356a5d0de449edabe6d141db1162f0afdc6

SHA512
039c23ab3efe6c405a49b9f5138eca322b8464c4033bd27a1b25da0c884d0acadc3b0ef7e9f8b09fca3ba668b87e30d6a667fabc27d4d28777759a0ccea7cda2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000039
Filesize
50KB

MD5
c6b55566d0e5a2d62a37137e78f17efa

SHA1
62cdbf84f064ade5d33855ada3feeafad8e69aa7

SHA256
085afe4b8733a8223788df16c1119a2d404e119d2e674f0340fa2af8b09b53eb

SHA512
cc0e46558c206ca3daef1767befb0bd2822c28835e828a79ba890cdd58971fc42becdafdd869845d155cf3a7493c2ae6d5e641c2670e80e991263a442dc22ec2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003a
Filesize
16KB

MD5
60225d9d1ff9fc0c10ef8581a57db30c

SHA1
0878a39cbb55e650acc0f1802b6091100fc407d9

SHA256
ca37df2fdb792a5f90bcbb48c3b2a3456b4af6f18c571a7ab0ada998cc97c80e

SHA512
0917609fa28003eabca912791394e1ddd5337eba64c262fe2a9c7979c0b391d12accfc6790bd9aea020567d06fe0835d9299ed6ebb639a60bf1674c47845a400

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003b
Filesize
30KB

MD5
41e2df579e72738961c19f52bdb1f923

SHA1
574666e3c43952471c49505f3b5142cd70f5f766

SHA256
f9761b451840099f5780e512509c8b762d60e7cac36186d398c13b3e004922d1

SHA512
d9d3262abdc198d887d12b2a8b0192a378edd292120abef15c445ad34a0f8f2aec8f0c5e03d7286fd5f8389b06a7e664b52574c6dfa46189b13b9e87d3a3f13e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003c
Filesize
52KB

MD5
6c2e29d077d526a86c5900567616d372

SHA1
56d69c325f18d57b70ec1ed02350b728439b9aec

SHA256
bb9d6b2bfba1916378083c45468ffedffe21b1d871990fcf8d522d912f2997cc

SHA512
f76480cff81834200c72cf576df784124013abffe9cbc6b0169a779f4cb244c2530e8df30ce8c3c6acd94bdb55e90f4e4efb0418ba5c35cbbe7fe9af0fa290de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003d
Filesize
21KB

MD5
4d1df84918ecdf6c5d2ff7b1c218bb39

SHA1
56cfcc5ab4a5b28378e72d0d06fce9928c055f7f

SHA256
f36a0434567bd7f7ed772fab06a02ee12bc9e6c426ef1d1729e849df858fc02d

SHA512
0f4e2e9a19bf7d2bf2994e73cb3773d4fa7f8475c0a5cdef91952e6b75461811b744a12bd5c2054035ba079747e8d9fde1b37c3acf742d3265d86cc96503a3b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003f
Filesize
36KB

MD5
d2d55bca983cc759fffac883ef0ea3b2

SHA1
76b310ca24a1835bed13e221af39609740f72e8c

SHA256
0ff1ab42e1f0d09bb9a8a56ced802ae6baab2bee211cb1a9e67e67a14c5c2c2d

SHA512
ba9d7c77cd511b221673717062fec56294b48e1ea2caacc186197b0183ed4b785e0777c818fc0f40691f7a515cde401d0358557107b1c173445b685797e1bb92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000040
Filesize
16KB

MD5
724d4ef7a3179f770d15ddb05cf95362

SHA1
4630acbd1db7e7db6b27daa7b84c02075fcce617

SHA256
90aacb00ac10dfd9ee67a6c0f3486a2118932177a46c2dfc443bcbbe1b993425

SHA512
757279365354b06da97257d48304a79b8a1b8827a2124c9c2530d3660b9eba80ad3af2969bd1b380433627f0e8c2a945bf65488cab1847c09d82f00f71a00644

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000045
Filesize
52KB

MD5
b4c922c663c12a95a89233875fccd951

SHA1
ee04f0ea07bd3ab1e243fd7c399991eaf9374d0a

SHA256
ae3b4d218a1a000633f83e9e3c7915a6c1d79c6605d5255cbf456d8eaf9a527a

SHA512
3237746a2e2a3b5ddd68d7236745f31ae2a0ef2a2f44b0459b65e59922fd6cd36b267adcc0565033b2c0e0c2d447318ff61c9324a26c53559fe38221f1b99091

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000046
Filesize
143KB

MD5
af42ad6e63ea4b7322ad5ebda0443796

SHA1
23239695799f22ef1d251e873c3db3f3cd705cf8

SHA256
26c5bd93fb09053fd1db0d4e6b732c849bad81a47e162f3fc07d79dd0284f405

SHA512
8314eb83460832daeef5fd845aa23c4acf15d580ddeb482d554d06e6bff0b0e33178694d9889c25c6e7d091137a44983e4aa4cda728c41a659ca90123d6afff4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000059
Filesize
20KB

MD5
3360aff2a346478c4f2122aaef59a710

SHA1
580c82d5a89e221a023d9bf9d5a810d15942c1b9

SHA256
f2ce1582f2ebd45939c926c29a6c7a97b6000afa9dffa457e8c4b02ba8a9c995

SHA512
d26809f7d7d39bca26f41446e0537e64580afe0600b9e40af2038900611f9373f54b423ced7b3eba80840e78fc6667c45ccc68d608f1663b3d6fa279530cfbca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000069
Filesize
2.8MB

MD5
483da837d70e72105520ea82033c49ff

SHA1
4339212b959c1ead23bb5cc31dcf12736ee3e1d4

SHA256
d9f553bfe5254e734f2c687a69d9a61f082b87c74fc03af1a51dff715a6d7e9d

SHA512
1501cef6c13fd7285749b27ff1f1cb7bcbd4e75543eb3b3d78da649c3603028731b361a24d724d68dc41737e550ac826baf829806a69d7a90366e1768a58d23f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0a578627083cb551_0
Filesize
1KB

MD5
69229f4a2ed68c90872cc46165f3d681

SHA1
46677e28b7885c01907f59e19c163e3aa51312b2

SHA256
e0f2107b1cdf44bf546f25d7f416d972280aa6fd89aa31f392ac8829f0f08fa7

SHA512
6c0e8f7d86dc230ebf10fcbfe7e3373ced3273dd15466befcf19f1185127e2b6ab85d3adfa039878e728417fed22e77327a274d53122d4f93814b1a944b7b22c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1cc25a23df2a9cb0_0
Filesize
297B

MD5
288ea9398f29177a4b919bdca1ba710a

SHA1
252ce26024d14f62cd984c33a5c735eec01333eb

SHA256
a9e50776ab34158aaadc1814f83dc45c737631a0f48d7ca2dc5bd0ef53b27f04

SHA512
98119081043a994fd47410dae1d50382e1ddab0674ba0e0806e794f018fb3ac337a49f49d2f15a9828de7d8a01036a0e3c3662a39851c1fc8f035d395a1150fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4ef24ec0041715d4_0
Filesize
34KB

MD5
2a197f613699eb9691a72da6dcd40b22

SHA1
f8fc3833e9ada642bc565904c462f2e0660ec675

SHA256
5f5911038851de23c491b395c8af87a199abc18f7a49170c59ea0a80674d60d4

SHA512
6fe8913d65713f7154381d09cf539476110df863f8d8966b3a84a9df06c5df4ac8c9600baddf763d86af2d3e9d79a6f1d8f8136284b1e54ddd8b387edd3085f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\70eeddcd4fb36d06_0
Filesize
183KB

MD5
da31ab447b39d6d281ce0c3d05920aa1

SHA1
8626649b3db10167ddba5097ff8c1ac3284de376

SHA256
ca9b6801ba1db459814909351836944ec18418d711655b6f07887b8363b99954

SHA512
e1bbd384241873bb9fd9a5dc4bbcb11d797d1ae9ed16beb2f002fd4460492331a948f51a06c356479caf1d06328ac3816558e16dd6962e4b4758646278c69ac7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9c2c456b529cc7dd_0
Filesize
292B

MD5
a2f5c645c2ef85317a708aea9a5de3b7

SHA1
0e579b9096a28ba41ec1580004b23ecaf8eb889c

SHA256
8e261221686f7802b4bb01583e51a2c3f220fadad9f677d8c17b238408570d3d

SHA512
467e65af32b7c813f9bc5e151439fbdf7d405594ffc52a72263b605048ca1d32b56f35edbac5456dd644c159462f040c85b0f16aac799e94eb9721db0ca6d7ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9eda2c807d0d3e54_0
Filesize
279B

MD5
9105fcd1487d2f34515c05150ce7c13c

SHA1
b2c949b2ab9cff578cb62e008eb226a143f88842

SHA256
de1ad39706eadeaa6b5654c912cf29cd98d0cb767a58d52e15df7532b4296dc8

SHA512
694a47d1663859ed873acfc106c0960b7059912ef5e3fa28248702b745310742a7e5dd87ee57bf956adab23f64394399b303cd0c5878d7822c7676bf8ea0f8cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d3aa6a0c04064e52_0
Filesize
3KB

MD5
5e61a0080f0f8f4d620fcdb0df1b0433

SHA1
73c7a16791473348ab728fbf9b0e10dcdff791ad

SHA256
5ca93d970e33e78b0bd997620dd43c3442fe11695aa537ae9f59dab5b6d8b843

SHA512
246a4cc05f8946d88eee61a3867fd5cd4426f5471ad7a72318aff7a6bf6292fbd66f6209d615b571103e90fffeac213b4fa61b4e54cee965a4be4263e16d68ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\df53bad28ea1e322_0
Filesize
263B

MD5
9fdd3405f37025f28cc26f68e34c135c

SHA1
4b026d2b906d40ec5d741ad053ccc358fa91779c

SHA256
0e03702ff1e8a8311c9e13044c0f00f34270db8599419fbf46520c6a4ab855eb

SHA512
1cf5f23511bfb17160eae4a207495ba05d7c9100bca8300a4753c16516cad2f16eff85c4368424e03bf46f7913390db17bc333719a8b72fd52de32975e5112cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
d3ec650097a0d97eafb35091cdbf2801

SHA1
4e7164d192bf4ae5a1fef8451c6824741a1f270e

SHA256
6ddd09dacf61ab46c52ec74683fd45e5c4fb4fff164e7da63346d8deb476efdb

SHA512
673a4de02398b7c341a1871fdc98e9325b902820c4ba013854d74b53edda70a7ebbc9c9f6de2141d736a83b6130d3e20b8321f00c2fd53e8cfba1dfd6444573a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
4KB

MD5
3b15b66d5332da9b2875b3f4173315b2

SHA1
83548acf3f942ed69c21324e9b21b2d6b096b3a9

SHA256
831ecd6ba05235abfc91011f3d8a5b87223915d7f0bd3145a2265be4150802e5

SHA512
dfdd4112541e32d145ae5851586ef10c1dbac5c18b97adb7f3bed7b25446fc94bf61028d7b348354a5de0d655fcf92d630996bb09e9bc51c488e8211860d8471

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1
Filesize
264KB

MD5
9add632d563623992140b5fb0f775b30

SHA1
fcf051505fea47b4bd35eb19c77e9b69503d0741

SHA256
a1956f63bcd22484c6a26537efa8bb47bd1d009d219229e7aa9189a85b5825bb

SHA512
ad5248b54880d537f00a348227bf67aee7e8b93eb2d07c50f3a19188ff734e9171014d9fc36cf93319f9545b1e474f852012d6224c941b659b0f0d085ed5c0ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
8KB

MD5
fc4f68e45aa1d513aaf709c21a529032

SHA1
612b9bfc32efbefd46cb1c7e24f14dab61b8fda4

SHA256
e85937e0eac2c03394af3bd6b8f613846bb8a92a4b783789360501c5dba2a5d4

SHA512
277a115161e09f4587adb34e8fbf414efcd660cc07162b8aa0106d7369482b368615b614338b88c0e90c7ae2547c739f6430198a940620733feeb753350cd1c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
7KB

MD5
a73c9117e5536fa00fb173f8ea7182ec

SHA1
34469fb3daf0891eca83109e57bcf1f91879eb53

SHA256
473a6a373d43f270c1461544eb7c6c5b5505b6dec335a813f0d63bce5ea38b30

SHA512
7947589215cd12219d878bc75281cd40e35982cbb52131803dc4fbcf8a1116e948ff77918cdec1af2c2556def756bc3b50b0de433fbe62f2587ab5d0ef74d397

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
10KB

MD5
8016faa6089f48b4af7e767465d75ffd

SHA1
ef1b46df8bd1fba24da62609f4d3c0114256f477

SHA256
c78fde363058c250f96ecdeb5facb80df5d5b9d7fd1957f8ecf9bcdcd871e376

SHA512
51851e912d52a73d736e96fe4422d585bd317dbf263487f83d61caf86fb40bf85827ec59883977f1b79f0a99f20aad324af01d1edf484db59ebb90c8935f33e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
692B

MD5
ce334ed387a0975b25fca9628dcb7e3d

SHA1
81a85b6bf8c2944e27f8b80c5ac246d177092374

SHA256
11a6f43eae40df2b4a598a0354daf18c0ac8676a4a1b6e7e81c389176cd05c6f

SHA512
d42db2851b81b8fd8c97428da216cbe9527a819cc49ed45dc6d5459fdd86d28e6a14634c1d29ae53f89f39be0d9c2ba2bcef0d2f1b0748c1978c64418cfdfb78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
ac742c0b4b900f0a79eb6e0ffdf0f611

SHA1
459a50cd6d5b47b3a010977ee7b72b2c0c050825

SHA256
427e998edde08bedbb078eb1681cc5b6f0d3d4a98e26c8aec5a2837430cee537

SHA512
c2d3738c050408797102529c2b3e6dc9a37ab9843cc0dbd584a5ee6598999491654d4a23ae9a4c05203c161eb4ffaf2676b44a474b194b4c19f9a67b139e9383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
fd3c883d9c60adaa756a738633846637

SHA1
bc477805675ea709cd3168681d75f64358f9c92e

SHA256
df89c0ecfca01deeb378902afc266765e5ec5c52d2f92e826f6e3cccae1d1a0f

SHA512
94641d843f2a786d3130c2484e7cd9f8340b3d0daabfc27b8e588928940ad2b52144479da05b4b47fac7cf783e35c36a3af6d81ba4402842e98f16c836304200

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
fba5348422503692a7a8d4efc5ecf9aa

SHA1
1a662c30f3a428c4a24beb995b32901281227632

SHA256
401466e059a546e18ec673a87eef8e4bb612deaf2d0b890e5d324910befe6f7c

SHA512
4bce28f39ea0d4042e9d22c1b02da58da25dc0fa10d73111174410f21c0546f8eff167186e84fcebab2b087242353bf9f7fec1937d044a7feec8a3d350142999

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
029de3f5c2dbcab5e7db32280f6e884e

SHA1
c48d83ce51c87ff7a2ee76725ce51c749c034457

SHA256
814e6bebc33bf7f16281ca833a295e16f04cadd2eb7c5788bf3d91a627eb3a72

SHA512
8517009092bfd77dea859cbdee6ab6dff770e948a315ef5a044e5392112d24957b6cd757c45d03f1f3cedca65b4486396d40f1ceaa7d8b06d5b6d1110a527982

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
da6d430ea7c1b76fe4a9f3e8fba193dd

SHA1
0097bc7be9acf90bc37b18af9e529cc73c89ddd3

SHA256
4d86117cacd86333d3d2382a9f90ecd43debf1921324c766bdad00dc25f65d42

SHA512
4b631c54a7bed61c73ba0d98379f0c8de723a451a5eba4824e7ab358e253bfd2b29c3e9d731814374cd72a7e73882f14eae52b720cf46d3499c5fd5cfbadeccf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
cb6eef5582def81b36fbc8dc30ca22e6

SHA1
02f2e6c3e7d79021046188e5affb2cda968dd28c

SHA256
2063ab8acf80576393424ca0a0eb718772120ffbaad2b0e121a645eea5e7c0c6

SHA512
9dc4325131459585a92a28c2eddf0b0667bd939b98b2c722dda15dc54b5ee03fa6bb49f7f1880eaab8baf478cc8a1f5ae5bd0af2f7c49d4c501de4ea37c7cef2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
ae8a27676134aa0e2e5b36d337d8c4ce

SHA1
a5dc58fc86ee83f28e5c4aa83c3155efa22f0d52

SHA256
92efc6705d4f016144a4a7b9d88a47abf67b0e191167b7e334037d3545b0d49c

SHA512
3d413807bc4e8fe97248359048844c46efc0925b5c8430736705ab285834b38ccca95e128f81e09e92b5c2ac131241791e6be21d444e6df3a52080196c656b12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
17d27954029dc87791aae1db406dcf69

SHA1
839dc978f983cedfa5eb0f2602cd7b001a88e1a6

SHA256
269d30207b64d9507c25dfdaa20d83026b9d36f63e16bab478ab31db53194b8a

SHA512
8ec8e3320b8b3c4a2d581d8e0c2f45e4ce44a8c5ba65279bf9e28a7c3f252d07ac7740ecf791d4ad5c363b3bbd8ae355df6f8e9db8a54f4176171de15c140b6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
a00d0cfacf428b7a8f19e2775e4a7941

SHA1
21a9ae4ba33e2d584dce2204de615346e0914bcc

SHA256
7c96916f67854eeacf52a5f37c171401abf267d600f045705f1e4c7c3990baac

SHA512
b5be0b055e848813b29ed225a2f950c32e3feff1fead35119c0c0d8cf57a5aaf16ad3b23b6fbe8c2369290fe85b1595343afd8c7a1610e5c382c657e4a783813

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
77484df6bee039b65462fb5ed5ba083b

SHA1
571d4e68b8c0a211256cd6507c981a60cb6446a6

SHA256
6f703b0e7d8af78ee5509c47f986b74f48468997b5acce72eb3b15369abf379c

SHA512
32bfe1b73c0021deb3da7bc570590c18fc2f6997e1725ee14ee9035e6fe65e52ac385f1bd7fcaf19618d44b8f318496d4d9d4dee03a7a15cb54939d0bfa4b1d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
6bebda8d0b01023bc910974c7ac55156

SHA1
09df0c3df2358b918f8295b1dde4c07a91140a57

SHA256
989a804f853c872bc8ccc2dc75a031812daaae3900a087a5c398e803c2d30af7

SHA512
b41a6d5bc36c8e551905a998a94c752bd37f76f7da531e5f87ae477a2b6b688816be016e59c8c1989a836144be068aa26c675adc981e168cc9a9c42dbc500d6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
1fcbe713ca15b868afd65dea4f5ead85

SHA1
3b59f29d3ea57a33a2ac86ece35d254521ef3778

SHA256
2c32a9c2803e8e2f771fc95dce688b47a204b5d8ee03bc53cf896c3dd3c76c94

SHA512
4414658ae085ac7a7fbdb2b094f8fc3ffb07d9f7001ee3f2feb8c53ac6e63fae6e5b030e2189758ba898f654ff3d8c5a37ac7192c78f64108a1149e37ac757d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
a43a66ba3db133d50cf00ca7a395b6a8

SHA1
96b1e1cf7667cc041761de731e9e934e7367a94c

SHA256
f41459562039a8ae22cb096015337ebeeada1d257085372f3285c26a471804bc

SHA512
3249aa846047b9edde25ac7c65acaa17b00bd40b30ab32ec2af9921fc830821b0bdf61e46817846b0024c8546b55668facae29e121331b93b6485cc68bb0e6d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
13924296911e3fea1ed1d123d0c90af6

SHA1
09fcb8f7ee1113fbbefc7f5764d8d5101b2e907c

SHA256
5f09ec77435d7aa648c322617a1da2460af986e355cfd58d362a3a42379e915d

SHA512
1a120192af9db8b80e8f00de51117584c2c3922bb111d0ebccf08a4b178f8c5f195bf0b402b89413d72d45ccda5af9b12ec64683da07f70c33a251d97afcc781

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
11KB

MD5
965139b9ddbe905af0608c1bab452b5e

SHA1
671c7f3da9b69e3571c1784d8b5ef04c48887175

SHA256
512d5318973c8f0d5e2b7ebf5459eccfd121018b17d2d381b3e48d93f7399eb3

SHA512
48f40b76236f5d5b21aea4df0e905dc15e7f416e195a3df5762129a52b6a13e6ccec57aaba1b7d5143dfea2f1f2fe0513d3975dad9caec1dccb6618e32f2e51f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
11KB

MD5
32c9fec9dd5d9b2b6740bd986fb7385a

SHA1
e5e252d8f60295658f238fee8a29efac9965dd93

SHA256
8176ecb60d798b7e9079827be3bbe911b9a21b3ed51477c65459325b7915ae98

SHA512
89f91fc85c6e22d19f9926f81c5b357e05e657fbf31374aafb9757815f8c6149cd5b262328893a28485ea3e32f83ef1a1075f807ce6b03fdd6a3139592680b53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
11KB

MD5
36a58820da9bd290802c6b82db0374ec

SHA1
ecf075830c0eb9064f174d068695bf0d3969d3b3

SHA256
03734db65ee4ed0412a3c4e21e077faa8f1dbca075d1ea643f5aa546d2f0f9f0

SHA512
863577f9bb92529cbf4fa33a9898fc8edd28c20c9be5d4f3172c039ea9db7c6bcdac4b8756ce5a820e4b0f1efbcaad889f6078cde89d497ec85ec90e4345ed97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
11KB

MD5
f273aecd0974e765b4e8c55c97aa4128

SHA1
011da6f29ec3d46140c84622996b1edebe31710e

SHA256
56f7dbd0269088debb18f058b8537117764e71c0c47d589714d1b5a477081423

SHA512
a8c54648f3ee98fdc16bcf17c1821b1d5ed84daad816e8d96ef1625bc97eeae88f436b7b7fa3316dadd4e071452ea2da987d9328726c1733aad3f6fa37f6bddc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
11KB

MD5
95b625e432c6be7d8d6aed89a3bfd703

SHA1
e49d85fee0af5d88f184becad4b719576db29d35

SHA256
819030ec7a727495990d1efaa19614732113535ad6a82310564dea065f4e9b61

SHA512
ffc4082d292ccaf3e03f091bdf4ede211332d323690544fc1d577bc678e110d633d99bdd62046e30cbc985bfa37a8a65b3109f3af1875a9e182f791248fef001

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
cf923b9ec13fb98891bfb489f2b83626

SHA1
30b8cfd8d10918e32b0c14978957a06f4ea20751

SHA256
1245221514adb0abd10c6a4b7440169093fee300920ee9d185f028b3e5560f20

SHA512
c61007f963e5982507d61431e084e65ef9cd2fea113a03a7c823d1447e73d9edc5e1d68d6782fb7df07f05f3e3b9531fbbcc17a34d2551ea6eea1da4cc14781d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
96276ad8bebad57cd0e41c5245c18096

SHA1
50d62f5c4ccdc65c3434246c072827743034a73e

SHA256
ca5f7e9e08865255227a1480f9b5f21eb626d96f3312c6f22a83fbd9682cb834

SHA512
c2077d7f5d109e7d74b8f2bce0b7b27c1162ac439699dc2d0603afe7256583103e007d5790a0f7b0e56c8abc76d3d2263cf37fd10b44dd90aad2f9ed8a378e05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
39cb2421606458ce329a508de215b8b2

SHA1
013812aef2482939f73f9a8affb1d666bdc8beb4

SHA256
3e5be6c6bb4aeb724b56295b0e1ab37065dbbbcbbb9482881b90069baf7694b8

SHA512
0179d9f2093f1999630f7cc26a5a5da3ffd030d543cdcbfab5c90b0a348734d3b6bf7fe34997713e65c7f8a80522d56baa3e0ab03595c3ae3acdc309a083571c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
11KB

MD5
9e7a9e2c2b87e4b118bbb68bb3071387

SHA1
67c00dc58125421d2633468ab65902fb0b8504a5

SHA256
17d2fd1cf838155e6110c1575f5c1565e1c89f67f8997c0f1099582960ab6925

SHA512
9e5c2b1b645beaf7bf08f16b347aefe406292cd217b56e6e8f5fed5c26479e31650ba7f359a69140df192fb8422ae758e1525ce53994504d7a8437ad55584e91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
11KB

MD5
5b17c32c0ccf711d39ff78cd8d31bc10

SHA1
fcc6c52112b79b57717b4ab859dbd32cb5619a16

SHA256
3741447c467164c69a60865aa3c1990729cac212c7eec8324a6bdb814dbe560e

SHA512
9ec2da526707eaac9e0612a37b9e9e087174a6294fcd231f7b1f3a7f4df599e9582c67c9bbdb31b3e425c178c8f7bda566b15be59003214393020360ef85f636

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
997fe8d612349047f66acc8db9f5b1e7

SHA1
6fbbf96723ca95da215dc2cd366f5d1098ee3801

SHA256
bad07fbbd12216866fd1709e73b1f8caa194cbcf37bd2693fc1824b315309ce5

SHA512
fdc8539b68952b03e3c7affdd5a3052e13d7fb358660df88926920ef883d8eb434e22607ddf5fbf667707b6a837956a2f0353833b59fcb2b29c8a0e10b5b96a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
d55b123239a508e87b1150cb481908c1

SHA1
04fe71a9b1cafcfdc3d0bd9d59d038008704f406

SHA256
3013928507398d7d6bf6cf83924b5da77ed9ca562811899f6864eef27b371826

SHA512
5c18d2caab6a94a32a4164a7da75f899021b95d4d12b93a2ee7ac0801ce7b5b5a0d5bcdde03b09b0e8b3e92a1bb3ba82e07642f011bba045b79db99097a1937a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
189637f2f4848cedf9a8a6f6520b6e83

SHA1
a807059c9d46aea944c6dfcdc21e6581a0da4253

SHA256
ee94750fcf0c0f07e73ceedbaeee944ad60996e56ef3e791bc20d66b28c51712

SHA512
35739cc560cc950ee43d427cff735f650e81f1c6c7a78a39f661163c82511c01fc67f886f394ca431d578141101eb6dbe66dad5a87f3e3dd3e20175d2280f760

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
744cddace17ec6e1cd8190c3da63b97e

SHA1
de9fd9b531e620539376fbf6305979ba27fb2de5

SHA256
dd60e6a38a3ce8550b180130756976e92e024c9c2296f488baf083b4c8cf956c

SHA512
5ad93404c32676fa25bde329f7193362e900e8d39b198040f633d6a319bedbc6f84ac014ef02d847b5730c0b20fe64f008be03d8f37ec059522c745530ca047a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
182KB

MD5
564da1ede4c02b5a730e09210d19df69

SHA1
8f529c1b2f283302b0772732941b0b9b0e969f5b

SHA256
07a6b514cdf5ac3cfc2a280d4d99f211a73bbfb83b811bfbd1515acd42670a16

SHA512
de16b2dea4d97cfd75962997bbe42cf57b38832218106df441ace2110f3c509b755ab592b5ccfe262ef30421cb911c752583dada1d31b7949355b6699648d4a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
182KB

MD5
d8791e73a89ca8ece9581c8195912084

SHA1
a2dabe44cadbe1a41bca40a4fe6a8e27087703f5

SHA256
fb0b082a68538ec917288f4a75cf8472bb3c82923e9db7ce38c0017be61f1a4b

SHA512
a02afdb121a14e63e0ba7b2328a684d280ee4ba714b8774addbb73b43d5814f2e7ffb8a08ecb4d02efe53da6cd84dbe3d82da5ba2c34a5401a519798174b036f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
182KB

MD5
17b53b170f0b9205263c335c8540950c

SHA1
d2934cb2cb71ef42fd5feb4fae2b538ec39d431c

SHA256
007004ab44ec31f7cc9a767f6c99ebfadafac7132ca1a51bb445cab74459b461

SHA512
30931edb0930606f4ab6c20e5cf8e63547dc4e7096fdf409431343ecb026e551fafeb16d39cd8d1326b818f3727ca64673f14e21b7710df275f62f50f56e007a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
182KB

MD5
59d85653376303bbeb13442f1a5c48dc

SHA1
cef92ee035dad5efb6c406846fd25c0b4b1ae197

SHA256
bbcfbebdea4fb36c087c1f0df7bd9442795753fc0d2df36da7ba5838b2a60e8d

SHA512
779fa937f83e23062a2021eeb9e136456a7cf4dcc2362ff49c7c7a8dc7e6deb707ec8fad838bf1b56df88fc708507e1dc60fc5a490208a442151c2fc7116338d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
182KB

MD5
8399de7ce3ef3bd4d28425094543464e

SHA1
b903a6ddf1f900a76ae8d83af1fc70286dae3963

SHA256
c72e9682e44accf1793ca660a5fcde3f32740657ee6a7b052b7e9c72c35fa268

SHA512
ee08f263e52ddd3584e10564f6a1460ea6b886bcebc01590f48e95999e3ee782466e88b6bb9b46301ce5382b6c8f344a9e76257a00e402b6d92e024bf5fb14fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
182KB

MD5
bc9b21ddf34d9be8f6bf01991d2fadae

SHA1
6fa1b5343a2f4a46772af3ac459edea33941c2e0

SHA256
51c3f88d9747efe68871935f117b688cee2928790f855ebacbeea5c7351cc8ab

SHA512
e725a404331488126e1a7659659eb2a95f7d0f69d74aa75686080879b6ac65f63c6ac9068ba3df0dfdf83d195953906f29882c4516d80f93bd0b5be10fc968ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
182KB

MD5
8b237d27abf5c81c6ef7a2df6579e906

SHA1
e39175732d0a0677fc6d27393c549cfdff5c25db

SHA256
5b0a60f6ca8d769218caa42c4b2b0982ddcb265c1e1104c04c47041b45970d27

SHA512
b9b2a537b370c31df1a7d3d9827f0459eb6e0697d88456b13c8657d3feca14def4dc9a4081719894a20e05a9f7b025437151f1901a7780879b777620a40318ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\HFID6AB.tmp.html
Filesize
17KB

MD5
3f7175106bd517e919fdb1d3d35ca38c

SHA1
ee357d71296218743e18b64c27a7e4a8532ec851

SHA256
1d63cf79dab984dffe96f4099f2b85429b6f7351b51e85114e850454131f757d

SHA512
b8ca393e40b50c4750836cedf0412a1db8221eb1d1346c054b5fb0c1864ace8c7f56b997ba689118f0b9856dd59ef067486b0f764cef2f2c038631de40f46714

Download Submit
C:\Users\Admin\AppData\Local\Temp\PcapDotNet.Core.dll
Filesize
69KB

MD5
45fa4315c7631b828e2871db89b3df27

SHA1
f34f3a5344abbb67a21348be9eaeba7831c7333e

SHA256
e580ca9c0382a8663d6bdff6e53802bd73fa8a71689d7f38521ca02269775a58

SHA512
1dd74a83b0435674d61e0e752e3d671334970fd7d235203faf1791c67965eee2324a7dd18e03be575138d3c3639d106534a084c3f9a78d37ff4ff77ead4cfd96

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoB096.tmp\InstallOptions.dll
Filesize
23KB

MD5
d8bfba73978801ed5c291b847ae6ed0f

SHA1
afd973df6c0fd92372b787f2a06a02fa4c03b877

SHA256
75fca8af133756a0d36ad9b6177ef8ee01b6dd18ede216d82b2eb5f8092a84cd

SHA512
62b921725c727247b96622765caa4ddec1126980e677764f9bdb5e68eae50044747f0ee99744c44b7a7253a57e3c28a2fc19a99d479787aa4944499871db92f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoB096.tmp\SimpleSC.dll
Filesize
70KB

MD5
4a2b58bd7cab29463d9e53fcb9a252b6

SHA1
4679ba66db7989a64c41892bbb3f7cec38fb5597

SHA256
18b17999996d73fe911a8eb676c231cb0bf002174954b552f880bdabf4c78124

SHA512
e6a69b5bb52467e7b8168a3e0ad45252b196b8eaea87b91f8d3b150545ce6bc7ee586ebe1d83da6c04203a9a9bab5f4af66759ba35b73306f7962ca5b6ff2fff

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoB096.tmp\System.dll
Filesize
19KB

MD5
6a2f80ed640b6c2458329c2d3f8d9e3f

SHA1
c6dba02a05dbf15aa5de3ac1464bc9dce995eb80

SHA256
1e981423fda8f74e9a7079675c1a6fe55c716d4c0d50fb03ea482ff7500db14b

SHA512
00d49b1874d76b150a646ac40032b34608e548cfd806642982e446619c9852a0ab5389791468651c4d51d118aad502174e7b887c2b5b6a7a3e35ddd9bd50d722

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoB096.tmp\final.ini
Filesize
309B

MD5
6529081665c724b7fe2af5673676b665

SHA1
31f0c9c4300f4db5a956f9a2894eb1590acd4139

SHA256
55842ee13428a39b1d3c94c8368b64ba978d4e2edcb9d750cde3ea713dc96589

SHA512
718a08a2e5def2b3532ddfeedcadde6a1e723f6d0bbb0e926eb369df0d30d1c3688865e1477fcb1b30a8099ee11992c1adc8704980662c6c12336607fbb632d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoB096.tmp\nsExec.dll
Filesize
15KB

MD5
78bda400d7b80858c014fc79bd8fc49b

SHA1
f5bb0e85ba892611cf79b3c2756e87a59e1e213c

SHA256
6bd24522cd139c978cc259d5612188053577ba9de46e2d77642bd4d19fc959d4

SHA512
95a1aced8deaad51ad7990b83f0e5768fab9e1c7aa64d9fd656baa850d81c0955b7989ce08a02fedbb8c9d77ec135b2a9d132effbfc0f8478a052095140c74cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoB096.tmp\options.ini
Filesize
1KB

MD5
2bb91c18bae6fa722a9030ad78b8a8aa

SHA1
394e249d76b977bd4c1a9afd6b2f7268b41639bb

SHA256
b1fe8bf6367a3c285b05c9a7f936c1d0d198933d4760d0477174d5aff6649c17

SHA512
3161e4294c3dc5ce125030fbdd93bdc6dcdf555577253d8eed3ea0797940737f3f3e6b5d6d00a40dabd3f8b403782d26ed9ae967818866debcbce088031905ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoB096.tmp\options.ini
Filesize
1KB

MD5
434f65d7d57e5cd9b83ce0310a7dded2

SHA1
0b1fb4adf23a87591c2c6c65bc2245e3fcea15dc

SHA256
de0036a8b7b0426cc2bb1dbdeabf8df4865aaeb8565eebbafe2cff5698e032fd

SHA512
cb45518ad845643e59d3a85ec8710a8449627f9a0be8094b9f1608b3bb4ede95754fd4bfe44be6949781681c45c6498bd892429e3b297de34297f99b4a6f1ecf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoB096.tmp\options.ini
Filesize
1KB

MD5
aea32c7f19e65eec5af377c14ba1838f

SHA1
a767dd1b248214868e56b1379647de22aae24adc

SHA256
37d2b3288102ba9dcf3ab191631393067480c1437d3cd132be0a14965377c2c5

SHA512
69cb9741014749ffc667eff22a33b50a093b8ac466be5951a533ba4ee05711c3038eae7f57be6e104b71e9bba8a55a4cade3a2879c4a4d4dc2e55a707c0a6463

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\PCPS.exe:Zone.Identifier
Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 286333.crdownload
Filesize
776KB

MD5
5891ebabfbfa7a3ec54165a9e42db25d

SHA1
5d17404b58a5f0890d82bbd48c296e2d834439cb

SHA256
2d9335373378aebe416c682b6f80fe0357a11d1c9921f3a3e95bc6ea9e288262

SHA512
472b12f0e64f16172028571fb6a0316a598f7be6c0dfc3d383a9d83a1ab7a931c29dc179e5f1095709259c43d39df8f029dda02dc6075797a2f313d5b3b50646

Download Submit
C:\Windows\System32\DriverStore\Temp\{e06edfb0-cc02-ec44-87da-0a95ff19dc20}\SETBE6F.tmp
Filesize
10KB

MD5
d375acc2a2fa53f2c14d3b499706cbce

SHA1
3c6e1008dac945c7977892e8cffc03eb504b1f12

SHA256
b3e9f2f1c0f7159b9e3c878823074639650dbe43d402f8a8bb7951ed5434a8c0

SHA512
68e0c8cea193753ddfcb8f4c0ad94048835b89a22fb5db5beacbadf718038f7d17bf1da6a6b9ca6a200cd4207f8117c9dfbec9c643fa9548009d8ae76839b635

Download Submit
C:\Windows\System32\DriverStore\Temp\{e06edfb0-cc02-ec44-87da-0a95ff19dc20}\SETBE80.tmp
Filesize
8KB

MD5
0cd1363104790d449a5cc916a5d25709

SHA1
5a8a8743409e0f50bad7a7f717c126e8188b503e

SHA256
8498f99f47b69d6607bed9f920e24b1b14de98d4620d8c9034be6c93f152e7ed

SHA512
a61484501f6cfbda3fa29a4d55a3b8d2a6ac1c6a10fc87260cf00bdf1093bdc69aeb6dcb9b0cc67f30e8f9578788f1a9841dd098b182895af387b7851b099312

Download Submit
C:\Windows\System32\DriverStore\Temp\{e06edfb0-cc02-ec44-87da-0a95ff19dc20}\SETBE81.tmp
Filesize
78KB

MD5
c6bcafebc9fcb8d87367b13555c0ab26

SHA1
7cd384d49d2b714d2e975672472a16a11eab553c

SHA256
49129b2a848ae97e34486b22c69310db299756606a80603b281411d0805cad24

SHA512
72eb456fe87a3c3fe244de3fd0f201d141f6389a803de34cde5db0721a38030aae5451f6b2b16d4aae48029f6155ad7fdb94b1f0b215b2441bcdcec65bd62562

Download Submit
F:\74a9514b92490e8c5549706a56\1040\eula.rtf
Filesize
143KB

MD5
67a9f0946d135a41e51d90220c0c8c67

SHA1
81079fbfe8423e87fd5a7ea2b42e34dca7385587

SHA256
1478376f05d1bbe824cf1efdebc485d736e3ba1aa72dc8dff69cc9e3b8127cf8

SHA512
7b4087bf0e6ffdac910bf1ea004247f89c64ef65b717ae69971d71e3d3d223809fd0a58b5dd618bce242dbdd19c355cfabdf0613c0c1787e20d5072f2edc1a8c

Download Submit
F:\74a9514b92490e8c5549706a56\1053\eula.rtf
Filesize
145KB

MD5
8ca89fafa113bdca3dfb5a141e206b84

SHA1
529075ffb30e400e4a24f4aac678295b04502c62

SHA256
411414181d515ad8ca0ed1b1f462a067648a98d26451b7414d91601c1e6c449a

SHA512
a90179a9a8a14e6d6ddefcbc1641ebeff567fa028d65705429fa81b352647c6a973b5fb5bc585c23ef9dc2587566ce3e0086f9cfb31b8eeb5d4fc2fd7a7b1bf7

Download Submit
F:\74a9514b92490e8c5549706a56\netfx_Full_GDR_x64.msi
Filesize
1.5MB

MD5
f5e400909357d421afb5b84d68e1412c

SHA1
3de3481b4063f27a252730eaf81d8aa3971c9893

SHA256
3d1f65abcafc82f8abb40e763c302263d95789e958a96ef4a3300b07b0edaff1

SHA512
505a47be4beab39028462ab6f3fb69c6c20b46896aed23000da8fbbc4464adfb680b23956634c6542bbf049def96f25e7a0ab981e32cd757c7c827adf2241ee9

Download Submit
\??\pipe\crashpad_2808_ZZMEJBGOTOBJEGHK
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1872-1803-0x0000000002410000-0x0000000002423000-memory.dmp

Filesize
76KB

Download
memory/4184-1407-0x0000000005A00000-0x0000000005A15000-memory.dmp

Filesize
84KB

Download
memory/4852-12-0x0000000005C90000-0x0000000005CA5000-memory.dmp

Filesize
84KB

Download
memory/4852-3-0x0000000005DC0000-0x0000000005E52000-memory.dmp

Filesize
584KB

Download
memory/4852-0-0x0000000074B2E000-0x0000000074B2F000-memory.dmp

Filesize
4KB

Download
memory/4852-6-0x0000000005C60000-0x0000000005C6A000-memory.dmp

Filesize
40KB

Download
memory/4852-1-0x0000000000F40000-0x0000000001220000-memory.dmp

Filesize
2.9MB

Download
memory/4852-7-0x0000000005C70000-0x0000000005C85000-memory.dmp

Filesize
84KB

Download
memory/4852-5-0x0000000005C40000-0x0000000005C5E000-memory.dmp

Filesize
120KB

Download
memory/4852-4-0x0000000005C30000-0x0000000005C42000-memory.dmp

Filesize
72KB

Download
memory/4852-2-0x0000000006370000-0x0000000006916000-memory.dmp

Filesize
5.6MB

Download
memory/5304-2268-0x0000000005650000-0x000000000565E000-memory.dmp

Filesize
56KB

Download
memory/5304-2271-0x0000000008400000-0x000000000849C000-memory.dmp

Filesize
624KB

Download
memory/5304-2270-0x0000000005950000-0x000000000595A000-memory.dmp

Filesize
40KB

Download
memory/5304-2267-0x0000000005730000-0x000000000575C000-memory.dmp

Filesize
176KB

Download
memory/5304-2269-0x0000000005760000-0x00000000057D8000-memory.dmp

Filesize
480KB

Download
memory/5304-2266-0x0000000005640000-0x000000000564A000-memory.dmp

Filesize
40KB

Download