88c58b9843c1d6efb9794248800f784f4e2d8f568d031325f86f6f86ea433188

Resubmissions

13/07/2024, 23:33

240713-3js3za1bnr 8

13/07/2024, 23:29

240713-3g2x4atald 5

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
13/07/2024, 23:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

launcher-matrix.exe
Size

1.0MB
MD5

2233b9847d3e48b00de43fcfff7e9561
SHA1

7b9e8f65f21ca4cd135cc9a8eaee8f904829b663
SHA256

88c58b9843c1d6efb9794248800f784f4e2d8f568d031325f86f6f86ea433188
SHA512

eb43aaf8e75c89b14c476a384dffbeb2220deb35871e7280fe7a60efc0834d2f14d16e444c811485ed107b0dbde07888669e6cd16f1660ae89b42c9ae72c66ca
SSDEEP

24576:PJbz+4Yn3lEz1mbAWn0o/lomzzRR8sdL0lDA:P04Yn1EziGYl1nRR8sdwD

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\devmgmt.msc	mmc.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
1728	launcher-matrix.exe

Drops file in Windows directory 57 IoCs

description	ioc	Process
File created	C:\Windows\INF\c_fscfsmetadataserver.PNF	mmc.exe
File created	C:\Windows\INF\digitalmediadevice.PNF	mmc.exe
File created	C:\Windows\INF\PerceptionSimulationSixDof.PNF	mmc.exe
File created	C:\Windows\INF\c_fsphysicalquotamgmt.PNF	mmc.exe
File created	C:\Windows\INF\c_volume.PNF	mmc.exe
File created	C:\Windows\INF\c_fscontinuousbackup.PNF	mmc.exe
File created	C:\Windows\INF\c_fssystem.PNF	mmc.exe
File created	C:\Windows\INF\c_barcodescanner.PNF	mmc.exe
File created	C:\Windows\INF\c_monitor.PNF	mmc.exe
File created	C:\Windows\INF\rdcameradriver.PNF	mmc.exe
File created	C:\Windows\INF\c_fshsm.PNF	mmc.exe
File created	C:\Windows\INF\c_fsvirtualization.PNF	mmc.exe
File created	C:\Windows\INF\c_fsopenfilebackup.PNF	mmc.exe
File created	C:\Windows\INF\c_camera.PNF	mmc.exe
File created	C:\Windows\INF\c_swcomponent.PNF	mmc.exe
File created	C:\Windows\INF\c_fssecurityenhancer.PNF	mmc.exe
File created	C:\Windows\INF\c_processor.PNF	mmc.exe
File created	C:\Windows\INF\c_apo.PNF	mmc.exe
File created	C:\Windows\INF\miradisp.PNF	mmc.exe
File created	C:\Windows\INF\c_ucm.PNF	mmc.exe
File created	C:\Windows\INF\c_fsactivitymonitor.PNF	mmc.exe
File created	C:\Windows\INF\c_mcx.PNF	mmc.exe
File created	C:\Windows\INF\c_diskdrive.PNF	mmc.exe
File created	C:\Windows\INF\c_scmdisk.PNF	mmc.exe
File created	C:\Windows\INF\c_cashdrawer.PNF	mmc.exe
File created	C:\Windows\INF\c_fscopyprotection.PNF	mmc.exe
File created	C:\Windows\INF\c_linedisplay.PNF	mmc.exe
File created	C:\Windows\INF\c_netdriver.PNF	mmc.exe
File created	C:\Windows\INF\wsdprint.PNF	mmc.exe
File created	C:\Windows\INF\c_sslaccel.PNF	mmc.exe
File created	C:\Windows\INF\c_fsreplication.PNF	mmc.exe
File created	C:\Windows\INF\c_display.PNF	mmc.exe
File created	C:\Windows\INF\c_fsquotamgmt.PNF	mmc.exe
File created	C:\Windows\INF\c_fsantivirus.PNF	mmc.exe
File created	C:\Windows\INF\remoteposdrv.PNF	mmc.exe
File created	C:\Windows\INF\c_media.PNF	mmc.exe
File created	C:\Windows\INF\oposdrv.PNF	mmc.exe
File created	C:\Windows\INF\c_smrdisk.PNF	mmc.exe
File created	C:\Windows\INF\c_smrvolume.PNF	mmc.exe
File created	C:\Windows\INF\rawsilo.PNF	mmc.exe
File created	C:\Windows\INF\c_extension.PNF	mmc.exe
File created	C:\Windows\INF\c_fssystemrecovery.PNF	mmc.exe
File created	C:\Windows\INF\c_proximity.PNF	mmc.exe
File created	C:\Windows\INF\c_receiptprinter.PNF	mmc.exe
File created	C:\Windows\INF\xusb22.PNF	mmc.exe
File created	C:\Windows\INF\c_fscontentscreener.PNF	mmc.exe
File created	C:\Windows\INF\c_scmvolume.PNF	mmc.exe
File created	C:\Windows\INF\c_holographic.PNF	mmc.exe
File created	C:\Windows\INF\c_fscompression.PNF	mmc.exe
File created	C:\Windows\INF\c_magneticstripereader.PNF	mmc.exe
File created	C:\Windows\INF\ts_generic.PNF	mmc.exe
File created	C:\Windows\INF\c_computeaccelerator.PNF	mmc.exe
File created	C:\Windows\INF\dc1-controller.PNF	mmc.exe
File created	C:\Windows\INF\c_fsencryption.PNF	mmc.exe
File created	C:\Windows\INF\c_fsinfrastructure.PNF	mmc.exe
File created	C:\Windows\INF\c_firmware.PNF	mmc.exe
File created	C:\Windows\INF\c_fsundelete.PNF	mmc.exe

Checks SCSI registry key(s) 3 TTPs 20 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	mmc.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133653870618306096"	chrome.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	Process not Found
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	Process not Found
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1750093773-264148664-1320403265-1000\{D6933B71-7D99-453E-A0FA-4D4C63D6133B}	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1728	launcher-matrix.exe
1728	launcher-matrix.exe
1728	launcher-matrix.exe
1728	launcher-matrix.exe
1728	launcher-matrix.exe
1728	launcher-matrix.exe
2420	chrome.exe
2420	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
3420	Process not Found
2460	mmc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1728	launcher-matrix.exe
Token: SeDebugPrivilege	1728	launcher-matrix.exe
Token: SeLoadDriverPrivilege	1728	launcher-matrix.exe
Token: SeShutdownPrivilege	3420	Process not Found
Token: SeCreatePagefilePrivilege	3420	Process not Found
Token: SeShutdownPrivilege	3420	Process not Found
Token: SeCreatePagefilePrivilege	3420	Process not Found
Token: SeShutdownPrivilege	3420	Process not Found
Token: SeCreatePagefilePrivilege	3420	Process not Found
Token: SeShutdownPrivilege	3420	Process not Found
Token: SeCreatePagefilePrivilege	3420	Process not Found
Token: SeShutdownPrivilege	3420	Process not Found
Token: SeCreatePagefilePrivilege	3420	Process not Found
Token: SeShutdownPrivilege	3420	Process not Found
Token: SeCreatePagefilePrivilege	3420	Process not Found
Token: SeShutdownPrivilege	3420	Process not Found
Token: SeCreatePagefilePrivilege	3420	Process not Found
Token: SeShutdownPrivilege	3420	Process not Found
Token: SeCreatePagefilePrivilege	3420	Process not Found
Token: SeShutdownPrivilege	3420	Process not Found
Token: SeCreatePagefilePrivilege	3420	Process not Found
Token: SeShutdownPrivilege	3420	Process not Found
Token: SeCreatePagefilePrivilege	3420	Process not Found
Token: SeShutdownPrivilege	3420	Process not Found
Token: SeCreatePagefilePrivilege	3420	Process not Found
Token: SeShutdownPrivilege	3420	Process not Found
Token: SeCreatePagefilePrivilege	3420	Process not Found
Token: SeShutdownPrivilege	3420	Process not Found
Token: SeCreatePagefilePrivilege	3420	Process not Found
Token: SeShutdownPrivilege	3420	Process not Found
Token: SeCreatePagefilePrivilege	3420	Process not Found
Token: SeShutdownPrivilege	3420	Process not Found
Token: SeCreatePagefilePrivilege	3420	Process not Found
Token: SeShutdownPrivilege	3420	Process not Found
Token: SeCreatePagefilePrivilege	3420	Process not Found
Token: SeShutdownPrivilege	3420	Process not Found
Token: SeCreatePagefilePrivilege	3420	Process not Found
Token: SeShutdownPrivilege	3420	Process not Found
Token: SeCreatePagefilePrivilege	3420	Process not Found
Token: 33	2460	mmc.exe
Token: SeIncBasePriorityPrivilege	2460	mmc.exe
Token: 33	2460	mmc.exe
Token: SeIncBasePriorityPrivilege	2460	mmc.exe
Token: SeShutdownPrivilege	3420	Process not Found
Token: SeCreatePagefilePrivilege	3420	Process not Found
Token: SeShutdownPrivilege	3420	Process not Found
Token: SeCreatePagefilePrivilege	3420	Process not Found
Token: SeShutdownPrivilege	3420	Process not Found
Token: SeCreatePagefilePrivilege	3420	Process not Found
Token: SeShutdownPrivilege	3420	Process not Found
Token: SeCreatePagefilePrivilege	3420	Process not Found
Token: SeShutdownPrivilege	3420	Process not Found
Token: SeCreatePagefilePrivilege	3420	Process not Found
Token: SeShutdownPrivilege	3420	Process not Found
Token: SeCreatePagefilePrivilege	3420	Process not Found
Token: SeShutdownPrivilege	3420	Process not Found
Token: SeCreatePagefilePrivilege	3420	Process not Found
Token: SeShutdownPrivilege	3420	Process not Found
Token: SeCreatePagefilePrivilege	3420	Process not Found
Token: SeShutdownPrivilege	3420	Process not Found
Token: SeCreatePagefilePrivilege	3420	Process not Found
Token: SeShutdownPrivilege	3420	Process not Found
Token: SeCreatePagefilePrivilege	3420	Process not Found
Token: SeShutdownPrivilege	3420	Process not Found

Suspicious use of FindShellTrayWindow 37 IoCs

pid	Process
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found
3420	Process not Found

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2460	mmc.exe
2460	mmc.exe
1116	msconfig.exe
1116	msconfig.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3420 wrote to memory of 1116	3420	Process not Found	101
PID 3420 wrote to memory of 1116	3420	Process not Found	101
PID 3420 wrote to memory of 2420	3420	Process not Found	103
PID 3420 wrote to memory of 2420	3420	Process not Found	103
PID 2420 wrote to memory of 3064	2420	chrome.exe	105
PID 2420 wrote to memory of 3064	2420	chrome.exe	105
PID 2420 wrote to memory of 2572	2420	chrome.exe	106
PID 2420 wrote to memory of 2572	2420	chrome.exe	106
PID 2420 wrote to memory of 2572	2420	chrome.exe	106
PID 2420 wrote to memory of 2572	2420	chrome.exe	106
PID 2420 wrote to memory of 2572	2420	chrome.exe	106
PID 2420 wrote to memory of 2572	2420	chrome.exe	106
PID 2420 wrote to memory of 2572	2420	chrome.exe	106
PID 2420 wrote to memory of 2572	2420	chrome.exe	106
PID 2420 wrote to memory of 2572	2420	chrome.exe	106
PID 2420 wrote to memory of 2572	2420	chrome.exe	106
PID 2420 wrote to memory of 2572	2420	chrome.exe	106
PID 2420 wrote to memory of 2572	2420	chrome.exe	106
PID 2420 wrote to memory of 2572	2420	chrome.exe	106
PID 2420 wrote to memory of 2572	2420	chrome.exe	106
PID 2420 wrote to memory of 2572	2420	chrome.exe	106
PID 2420 wrote to memory of 2572	2420	chrome.exe	106
PID 2420 wrote to memory of 2572	2420	chrome.exe	106
PID 2420 wrote to memory of 2572	2420	chrome.exe	106
PID 2420 wrote to memory of 2572	2420	chrome.exe	106
PID 2420 wrote to memory of 2572	2420	chrome.exe	106
PID 2420 wrote to memory of 2572	2420	chrome.exe	106
PID 2420 wrote to memory of 2572	2420	chrome.exe	106
PID 2420 wrote to memory of 2572	2420	chrome.exe	106
PID 2420 wrote to memory of 2572	2420	chrome.exe	106
PID 2420 wrote to memory of 2572	2420	chrome.exe	106
PID 2420 wrote to memory of 2572	2420	chrome.exe	106
PID 2420 wrote to memory of 2572	2420	chrome.exe	106
PID 2420 wrote to memory of 2572	2420	chrome.exe	106
PID 2420 wrote to memory of 2572	2420	chrome.exe	106
PID 2420 wrote to memory of 2572	2420	chrome.exe	106
PID 2420 wrote to memory of 4592	2420	chrome.exe	107
PID 2420 wrote to memory of 4592	2420	chrome.exe	107
PID 2420 wrote to memory of 2152	2420	chrome.exe	108
PID 2420 wrote to memory of 2152	2420	chrome.exe	108
PID 2420 wrote to memory of 2152	2420	chrome.exe	108
PID 2420 wrote to memory of 2152	2420	chrome.exe	108
PID 2420 wrote to memory of 2152	2420	chrome.exe	108
PID 2420 wrote to memory of 2152	2420	chrome.exe	108
PID 2420 wrote to memory of 2152	2420	chrome.exe	108
PID 2420 wrote to memory of 2152	2420	chrome.exe	108
PID 2420 wrote to memory of 2152	2420	chrome.exe	108
PID 2420 wrote to memory of 2152	2420	chrome.exe	108
PID 2420 wrote to memory of 2152	2420	chrome.exe	108
PID 2420 wrote to memory of 2152	2420	chrome.exe	108
PID 2420 wrote to memory of 2152	2420	chrome.exe	108
PID 2420 wrote to memory of 2152	2420	chrome.exe	108
PID 2420 wrote to memory of 2152	2420	chrome.exe	108
PID 2420 wrote to memory of 2152	2420	chrome.exe	108
PID 2420 wrote to memory of 2152	2420	chrome.exe	108
PID 2420 wrote to memory of 2152	2420	chrome.exe	108
PID 2420 wrote to memory of 2152	2420	chrome.exe	108
PID 2420 wrote to memory of 2152	2420	chrome.exe	108
PID 2420 wrote to memory of 2152	2420	chrome.exe	108
PID 2420 wrote to memory of 2152	2420	chrome.exe	108
PID 2420 wrote to memory of 2152	2420	chrome.exe	108
PID 2420 wrote to memory of 2152	2420	chrome.exe	108
PID 2420 wrote to memory of 2152	2420	chrome.exe	108
PID 2420 wrote to memory of 2152	2420	chrome.exe	108

C:\Users\Admin\AppData\Local\Temp\launcher-matrix.exe
"C:\Users\Admin\AppData\Local\Temp\launcher-matrix.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1728

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:2740

C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe" C:\Windows\system32\devmgmt.msc
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2460

C:\Windows\system32\msconfig.exe
"C:\Windows\system32\msconfig.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff98338cc40,0x7ff98338cc4c,0x7ff98338cc58
  2⤵
  PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1960,i,8671286735115201485,3902944352645193997,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1956 /prefetch:2
  2⤵
  PID:2572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2056,i,8671286735115201485,3902944352645193997,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2308,i,8671286735115201485,3902944352645193997,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2520 /prefetch:8
  2⤵
  PID:2152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3176,i,8671286735115201485,3902944352645193997,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:1836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3320,i,8671286735115201485,3902944352645193997,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3712,i,8671286735115201485,3902944352645193997,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4564 /prefetch:1
  2⤵
  PID:2192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4792,i,8671286735115201485,3902944352645193997,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4812 /prefetch:8
  2⤵
  PID:972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4876,i,8671286735115201485,3902944352645193997,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4812 /prefetch:8
  2⤵
  PID:3864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5100,i,8671286735115201485,3902944352645193997,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5228,i,8671286735115201485,3902944352645193997,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:4220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4596,i,8671286735115201485,3902944352645193997,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5268 /prefetch:8
  2⤵
  PID:2984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3516,i,8671286735115201485,3902944352645193997,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5320 /prefetch:8
  2⤵
  - Modifies registry class
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5568,i,8671286735115201485,3902944352645193997,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:1044

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:2652

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
51KB

MD5
a1852b5323e1e4948f64c40799dc605b

SHA1
45799a41d7d105ecf1f20ddec0b858f0023701b0

SHA256
3dd244b14869619ad7208852d0cc32ca2ba0440bca1ca593280710c91e40a2c5

SHA512
83ff1136339dc73e38444fc3f9e778b007245979c43d5e0bba0c4261489cd27004239b760fdd6ea462818b5a348c8f323b854df5a8116e1bcab23abab185d1b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
50c715a34b068f6cc6114022da49fdd6

SHA1
61253ffe7544a4de6ef1f8a37e38bb09b58a8449

SHA256
d8e5ca253b8bfeefb7193230b78d6aec50c9c0014aa2d498da40ce07aa753334

SHA512
6809a85441328464dca73aaf492af7345be96babbed73f6e81b0ed36c55cf29b9491259c39d8ed24670fb79214f2e923040007ee2b15a25b788aed9503bca911

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
02dbf9bf80b64ca4a26d093490d06a04

SHA1
419aada0f8c6d3aab70af792ffd524ee355d603f

SHA256
6065d7bb69ce0e8f3b6b0d26856afde63e4b81ac0892f3988deec6bc4985ee5e

SHA512
c13fe1467ff7bdf5783b8018fdf8870e3b4501d1e9490c875e62e1f2c4b9832d1269bc13c5f73eb325a17b0d59e6b52062c3785ac34674c2db5238fe14bdbc92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
387B

MD5
c8846b34291207d9c8eea30224da5bfe

SHA1
f9929b7c6ad0b9fe82d6d9a11d1f9637cdd0f067

SHA256
41d40ecb81799f7f8b30aed6d3108edbfd9e24c9eb69155f09548c48b28d7eaa

SHA512
2d28c5d3c7fa1cd6c5b5c405fb803c543c8749d948fd52710cbe21eebd8fbbd8184faa4b21fe7539263c3cd08c6d4c2c4b8639cba92db9417167016a7dc9b68b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old~RFe596a59.TMP

Filesize
347B

MD5
aea98fb8ec7f49aa2e6bd97ad51c1f1a

SHA1
26155d6c2687d2e9a46bfa609c20a570ebbf7a70

SHA256
0aa5340a7187f45ec9e6a2d38437635d4bb94c334bfaaa264cd7db51211d4dfb

SHA512
9ef9ff4fdb260b25ed8bab07bf0c701fb1e78d5d43ee9ee3806016ba9034c3b87e23817c2861fb4413be276cc081225f86a85e2875f4bce842806d3d39d38207

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
8509a5e8494fb2e3183c465e99ab8c5b

SHA1
0bf1a7d5b0ceef2cfe2f2a765ae038188d4550a4

SHA256
6bed00f5b20675e96567063ec1b329540a155b5f39dec34965f732af358a3bc4

SHA512
0769f87d06962934792aec93a67ecf020def084a0c0be855d5e637450b05a8a0dc5c5065df12e7a8747876feccaa9900c87957dba4ebc32a8677eb336d91ab55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
78dea010195be6ece25a5cf75d719b0e

SHA1
5e3851a30bec7c42838f0b15feaa3f3e33b47180

SHA256
aca9e902477893012c2d1f78c769f8df0cec47dbb821eb83330fe002e4705f9c

SHA512
8ddbfda8197a3e49158242b1e1211eac662800588debb52cbc90d0f16c5bb9e4e656792da4d2b16c21d95ebcc4987589293d04a2658fdb9d57b0bc9482f031fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fcd23aef1c2be4cdf1c691e612d1c1f1

SHA1
a1c738dde3d6a09726f8d2e4d263ddcf89c03679

SHA256
25b6594dce31701b27dd4b7ab7c3c034b72ed25babc3556545a5085e6248404d

SHA512
0aad4640268b1c361b6dc57fda074e385fe7d17db8419d7ddc2790293704b2e393127b145caae2f81d77927c9cf22d020ae74b91ffa638a0d163032b990e99e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
179c5580fcf4a66651bc26891505dee8

SHA1
213bb6245737b63f9dd80e9aa8e108659628a9e8

SHA256
52802887883ec3584bc806345a5296d5c5f2983983fac138bf55987dd11b8adb

SHA512
2552219686b723554ae3719120cbc86dd120b5a10dd2dc4abc9caac2793f7b0aeb5cab043ade11f6dba5d2b6ca0b9fa179928b3d12ce88c767aceb46c32dd47f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
8bc5f95d4ca04d67772a1ac4122c9ae4

SHA1
531c4d65154f689df438b6b06bb9cb09ddc322c8

SHA256
05ff15d1a600df0ea67840b15ccd440076cd2f7b4b3fb67be873665f10556a4b

SHA512
f4405485a4fb5e18d4be77601ffb68d14e52a312f9a2e298fef7f74aae053a840042b379699540ee5ad171d6cacffc3e2a0a2040f0dcfcd1fd7b29f875f99223

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
a87dbe32ebbbd52fc8a9ff53a1447a97

SHA1
47936b7881dbc79c0b4741ee22e8bc4e4d9b3c21

SHA256
e7d0408b09d428e4cb5fbbb073ef96b57f575e1359016ef418c913c417ebb085

SHA512
75efb1660a9e73d481686f5ba56268a23a06768a298e0c5c002325a0826245b74678e4a7003b41187a1253cdb1435ed8b7d36d309a307f830982bf6e46cb3dda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
b0c0b7cfdb6fa55ff6a0894690449a88

SHA1
754f91a120a0f553bbc3f6889438f35eea37c278

SHA256
854820e317c9f01cf1d77aee84f32830b32500caf6f51488009155eb1627701d

SHA512
9cd1f7cd70d66031e3503f4fe32a3e9c6bea097003701765d0de717191ebcbb6fb57805c5509141292c2099d9165a77d9b1c6c955c8264f74194a0527693e762

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
01cf86690a0ad436d35d0ee6c3f4ddbb

SHA1
e10304dfc18827d32f6c2dd8bf092c11748d71ce

SHA256
ea60a1f863d3921dcc78351392cd844c6fb4c055d23c414641f1bde5f03e7039

SHA512
d5e1f613f4b2e18dc3656117d758e99971905ba0706b64461e01005cd1d450519236da2531b889713e9300eca7cfb245982bb27a513bccd0628220b211498135

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
c9b4d4412d0cae6ff8d55855badb592e

SHA1
c12719dc05de622c518caaaa4868ffdf08b77261

SHA256
321aef9355d168a6188e04abdc951dce820a889c7e7d81c9bf868f2ab53a23e8

SHA512
c4f80edcaf77023162e7dced5d8938a926728876f1bd63e85245e7aee17ecc6f72527a6010e42ace664ed972c96b061f10f40ac979cea9a64fc1584e598bd767

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6f46e1eb839ffae7e9df1b737b150cd6

SHA1
4283186d58dab49bdb5802de0fe38e386cf50aaa

SHA256
bb0acf45a0230792bf71c4fabddf5ef74503cce24f9a3fd206a850509e451f04

SHA512
8ff4a5104e7d2e8d820feb464a82a24d77e02a3b7565125fcf1e3234363bf256a3c7c8b352754e701a8aa71f4c29d0c36da17673608cadad6c1f9674015217ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
4191f4c03dfcb672b4d6fa7344e21b25

SHA1
2ef35e48c0a6eae37a21948092aff2f6a710ac17

SHA256
5e2e2e35b534e32feae1bf422ae2b1f44e7e4671a7d05388bb35e238d576286c

SHA512
f3ce685b0d389898786765c97f517e1ee61a3694b86703d843abaa347152612942a10ed47aee735bd20b3bc96301d3a138bedd2de0750ed17b0ad9d1f66bdc74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3eba8852d1f6e71112406266a6fdb123

SHA1
c9fdc4e10c66231e3ccd2ae17a61fdd6fafc8f1c

SHA256
f55512f8177301168fcbe13146ee6f57fd8125ffe5396accb09554eab794cc01

SHA512
0be0aaa67b0c9b1799bcd8ab63bf2d01fe3b0e36ce440e910be53eeb8b289b15e1fbcb2fd9dc715464e5a2da9025f36bb6e8dd4e737c82e59e7e0a8d5c87e5b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
47497cfd437cd0d91b561537d99749df

SHA1
faa194051c27c448f4cbb37bdffa4e35346fdaf6

SHA256
c2310c7b2c0334750efbd0f30f613319b158cde40dc5930e115d4d19728e79fa

SHA512
cded5f6cfe018acdd818c022fa88b1da9e73a42a2a6938b69d3828ea1931beb66e44ba06fbeaa6a4c8b08413fa2274e42b3cd3cb8877665ddc73527226e8bdd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
69c4870ffefceb6c8e44612ce3e6789e

SHA1
de63665b9a91ed4a5e1d227ea0c1459204a1bf27

SHA256
b6eebce5014d046d1b8ef22cd10a034dcc263735868b0de6fa258799c119ced4

SHA512
989c96ead39f35c0219863a0399d435788a940a1d5caa7010c72a7b9ff132b548ca14eaf36db91280600e1ba5c4c197c3b2ab83ec850c3e8377e13acaf23578f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3de76de267a955e60913cc2038769e5c

SHA1
abb2868b3f9ed0176f3bee805f00ac9a2d4b65c7

SHA256
8ce22a7d546d7e7c272e85026c9eb894fc2e433b2fbe2c9fa4caedcbf9fb05a0

SHA512
e7a5c8d82c1e260f2ece5b3ead09a49298e72d834384a2590d20f9e4a44b42874fe31ae773d5517f32d25ee9c02c808ae196fd76b2e3082915af20bf6fa2abaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
852ec21b7611f9577ae908a8a4ddae35

SHA1
5ab3fbdb6bf79a1d01052893615e6c4056e5662f

SHA256
da34962a0602c859b6b2fbc4ba1aa64f2ec0bbf575d6476b5568994ea6179887

SHA512
12d8acfd26b8a7368a3a5423fae8e94e6cd45122659eb614d1eeb2e318080836e57fdf98aaffd45ddf1b10c5dc737e09f4552ab3ed8af7ecfe6d954b99abc390

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
183KB

MD5
c7bd2d695da49299bd5774b6f4c1eac9

SHA1
9671f55fc603c80062b4343f197dfd4e6ccf1584

SHA256
5c6f582abc3031e88e3f6eae09602742a4b1b53519559667f63f1f51c94077e6

SHA512
03da4c48b1656d77d02c6cb745860d148726b5fc6e1f75af6b1486983e33898b499de3e7bce41d66ffdea37c9df28caef82f9170a1485be59dcb4326f4a1dd1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
183KB

MD5
e899f5b0033aca2466a7ae6a832e1a23

SHA1
f95e71a3941e88cebf0fae69362ff6be8a4755b2

SHA256
f6ddc38824feeeebdf66c8f0dd7e5633c43750acb09ce9208df1ee16af0d33b1

SHA512
bef9daa01bd962029cad4196fb12fb153144ba34434fad3bc718cba43e2ecc2f9bfdf4c4fd8c038867c3b79d0c4b2fdb10211cc46cd1673bb4a3bc4531cd5125

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/1728-17-0x00000208623B0000-0x0000020862E5B000-memory.dmp

Filesize
10.7MB

Download
memory/1728-16-0x00007FF6EC220000-0x00007FF6EC3D9000-memory.dmp

Filesize
1.7MB

Download
memory/1728-9-0x00000208623B0000-0x0000020862E5B000-memory.dmp

Filesize
10.7MB

Download
memory/1728-8-0x00000208623B0000-0x0000020862E5B000-memory.dmp

Filesize
10.7MB

Download
memory/1728-0-0x00007FF6EC220000-0x00007FF6EC3D9000-memory.dmp

Filesize
1.7MB

Download
memory/1728-4-0x00000208623B0000-0x0000020862E5B000-memory.dmp

Filesize
10.7MB

Download
memory/1728-5-0x0000020861740000-0x0000020861741000-memory.dmp

Filesize
4KB

Download