Analysis

  • max time kernel
    110s
  • max time network
    107s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/08/2024, 22:56

General

  • Target

    https://github.com/NatroTeam/NatroMacro/releases/tag/v1.0.0.1

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 1 IoCs
  • Modifies registry class 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 41 IoCs
  • Suspicious use of SendNotifyMessage 27 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/NatroTeam/NatroMacro/releases/tag/v1.0.0.1
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:400
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8efddcc40,0x7ff8efddcc4c,0x7ff8efddcc58
      2⤵
        PID:2332
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2072,i,7941516311069120124,10813133529336949606,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2068 /prefetch:2
        2⤵
          PID:3824
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1984,i,7941516311069120124,10813133529336949606,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2104 /prefetch:3
          2⤵
            PID:3324
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2248,i,7941516311069120124,10813133529336949606,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2456 /prefetch:8
            2⤵
              PID:4596
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3084,i,7941516311069120124,10813133529336949606,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3128 /prefetch:1
              2⤵
                PID:640
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3100,i,7941516311069120124,10813133529336949606,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3152 /prefetch:1
                2⤵
                  PID:2484
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4568,i,7941516311069120124,10813133529336949606,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4452 /prefetch:8
                  2⤵
                    PID:3020
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5016,i,7941516311069120124,10813133529336949606,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5116 /prefetch:8
                    2⤵
                      PID:4648
                  • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                    1⤵
                      PID:924
                    • C:\Windows\system32\svchost.exe
                      C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                      1⤵
                        PID:1844
                      • C:\Windows\System32\rundll32.exe
                        C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                        1⤵
                          PID:3888
                        • C:\Windows\system32\OpenWith.exe
                          C:\Windows\system32\OpenWith.exe -Embedding
                          1⤵
                          • Modifies registry class
                          • Suspicious use of SetWindowsHookEx
                          PID:3348
                        • C:\Windows\system32\cmd.exe
                          C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1\Natro_Macro_v1.0.0.1a\START.bat" "
                          1⤵
                            PID:468
                            • C:\Windows\system32\chcp.com
                              chcp 65001
                              2⤵
                                PID:4912
                              • C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey32.exe
                                "C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey32.exe" "C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1\Natro_Macro_v1.0.0.1a\submacros\natro_macro.ahk"
                                2⤵
                                • System Location Discovery: System Language Discovery
                                • Modifies registry class
                                • Suspicious behavior: EnumeratesProcesses
                                • Suspicious behavior: GetForegroundWindowSpam
                                • Suspicious use of FindShellTrayWindow
                                • Suspicious use of SendNotifyMessage
                                • Suspicious use of SetWindowsHookEx
                                PID:2364
                                • C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey32.exe
                                  "C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey32.exe" /script "C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1\Natro_Macro_v1.0.0.1a\submacros\Heartbeat.ahk"
                                  3⤵
                                  • System Location Discovery: System Language Discovery
                                  PID:1660
                                • C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey64.exe
                                  "C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey64.exe" /script /Validate /ErrorStdOut *
                                  3⤵
                                    PID:3008
                                  • C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey64.exe
                                    "C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey64.exe" /script /Validate /ErrorStdOut *
                                    3⤵
                                      PID:5004
                                    • C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey64.exe
                                      "C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey64.exe" /script /Validate /ErrorStdOut *
                                      3⤵
                                        PID:2720
                                      • C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey64.exe
                                        "C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey64.exe" /script /Validate /ErrorStdOut *
                                        3⤵
                                          PID:2448
                                        • C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey64.exe
                                          "C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey64.exe" /script /Validate /ErrorStdOut *
                                          3⤵
                                            PID:4368
                                          • C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey64.exe
                                            "C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey64.exe" /script /Validate /ErrorStdOut *
                                            3⤵
                                              PID:2824
                                            • C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey64.exe
                                              "C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey64.exe" /script /Validate /ErrorStdOut *
                                              3⤵
                                                PID:1576
                                              • C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey64.exe
                                                "C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey64.exe" /script /Validate /ErrorStdOut *
                                                3⤵
                                                  PID:2512
                                                • C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey64.exe
                                                  "C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey64.exe" /script /Validate /ErrorStdOut *
                                                  3⤵
                                                    PID:4244
                                                  • C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey64.exe
                                                    "C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey64.exe" /script /Validate /ErrorStdOut *
                                                    3⤵
                                                      PID:1796
                                                    • C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey64.exe
                                                      "C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey64.exe" /script /Validate /ErrorStdOut *
                                                      3⤵
                                                        PID:1680
                                                      • C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey64.exe
                                                        "C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey64.exe" /script /Validate /ErrorStdOut *
                                                        3⤵
                                                          PID:2972
                                                        • C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey64.exe
                                                          "C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey64.exe" /script "C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1\Natro_Macro_v1.0.0.1a\submacros\Status.ahk" "0" "0" "" "" "1" "" "1" "" "0" "0" "0" "1" "1" "1" "1" "1" "1" "1" "0" "0" "" "1" "1" "1" "1" "0" "0" "?" "0" "" "" "" "" "1" "0"
                                                          3⤵
                                                            PID:3292
                                                      • C:\Windows\system32\OpenWith.exe
                                                        C:\Windows\system32\OpenWith.exe -Embedding
                                                        1⤵
                                                        • Suspicious use of SetWindowsHookEx
                                                        PID:1980

                                                      Network

                                                            MITRE ATT&CK Enterprise v15

                                                            Replay Monitor

                                                            Loading Replay Monitor...

                                                            Downloads

                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                              Filesize

                                                              1KB

                                                              MD5

                                                              8608ec7381f606f939df334c53018ba1

                                                              SHA1

                                                              f0bce8251bd62ef2760af7a1a7df180ea0679ed6

                                                              SHA256

                                                              31a5aefced3536d6bf6ee2cabba24a9fa41eb3a1b69c1a01cb1a8260247a0a93

                                                              SHA512

                                                              26704a60f6087b19464b83edd941116107815b0483ed0ddd710851f4e39d6e7b3dfddd6e373047830a289590734cdffd5a412dc1450ad50b80fa0fdc2b4d5377

                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                              Filesize

                                                              2KB

                                                              MD5

                                                              10ce86890294a111a0ded6c606f732df

                                                              SHA1

                                                              ebbf3ac7c322b1124ead5954221972a5ce22ecde

                                                              SHA256

                                                              5077853455ce36061a8634f4ca731d2fce56c1e6ba335bea7788f7b8c5e6fec2

                                                              SHA512

                                                              73955f7e91b86848771d39b4267c0fe9de064555c62acaa3003f6632167699fa6071124c7ebbffa78eda70a642a125fa4a44d66ec08206ecd76268e294c1fdc4

                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                                              Filesize

                                                              2B

                                                              MD5

                                                              d751713988987e9331980363e24189ce

                                                              SHA1

                                                              97d170e1550eee4afc0af065b78cda302a97674c

                                                              SHA256

                                                              4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                              SHA512

                                                              b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                              Filesize

                                                              1KB

                                                              MD5

                                                              826b11058594760f7d9b9353be5b7a1a

                                                              SHA1

                                                              67b4c2245e0d522b3e1ddd0027b600d41d340da0

                                                              SHA256

                                                              fedc3201c8699aaac715b14d051ddbaa1bd851dc3a6f46d756928ad744f623a6

                                                              SHA512

                                                              ce48a866b23dcef694525e45a7d4a9aa575a28bcaf61173791251a94bd0a3560568c569800a05312b5ae634dfea954a147bdb55ca854438b1f5d058f83bb5d81

                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                              Filesize

                                                              1KB

                                                              MD5

                                                              adf81bfde0685be74d34f23415c60642

                                                              SHA1

                                                              561ac5d8b7a6ae8e46ef554458a15d3bdf48458e

                                                              SHA256

                                                              7c2a500372ad4e7ac3e97cb61043f51d8582c1e11e306a5e79e2aaff7db367a1

                                                              SHA512

                                                              f753c66e832ca4a27a652c5f82da46ca187e7ab6a791974901e49311ca9ae44fdb621f98eb0d7e8c09f710631e9ca28e69e6b59c9c24aa4a277e40cf0356f210

                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                              Filesize

                                                              8KB

                                                              MD5

                                                              e644dba9b92154e6230380ee5ce915bf

                                                              SHA1

                                                              312352390826df64d54f7a7d4f8dbb996e0a29e6

                                                              SHA256

                                                              fe8c08b4f4f610e2a3b14efe62df1daf04d7fbafafac7361fe1824daa81036ea

                                                              SHA512

                                                              848ffc18e0fb05e506368b9ff71a249f9cdbc224d6985960463fb9ea44806b8aab3503db58895309d4639cd62c559febba049be29bbcb5387dde4e1184f8096d

                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                              Filesize

                                                              8KB

                                                              MD5

                                                              a7c96fe91faf6225c8b816ad421eef83

                                                              SHA1

                                                              14f413f5768d21eb6b8afb5ecd0f6965e6b756eb

                                                              SHA256

                                                              5e534127bda10d2be7df4d31c788009c89dd76a37ee8390f2e06c1addc939c1d

                                                              SHA512

                                                              c7ac3f026a8b33235e7ef47d1a34a80cca8db288a6ae3d278f2fc8a6e9244cbff596559ada1215406e611784599ebfcb1f67f69aa219210e00c930af25f4835a

                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                              Filesize

                                                              8KB

                                                              MD5

                                                              f9d33435fe7d709a01afefb7150dc3dd

                                                              SHA1

                                                              0f276ee8d1c4c1aec7afbb779522ff106be83c97

                                                              SHA256

                                                              f6ba17193e5f1de0bb31c3481ebb6a1a552a06d108c8ba6397f3765f0a34303a

                                                              SHA512

                                                              2eb21d05d98e9d940123d165deea03fd0d3b29865e29a9ae07b83a03f74e80339e13a3bb56ca121312eeb01a4dfde771321caee00ced23b421e1a1adb159e4a0

                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                              Filesize

                                                              8KB

                                                              MD5

                                                              b4c82e36a14144896f6ae43b306bcb8d

                                                              SHA1

                                                              de4266dcb870af7a68e39240cba809e82d1de3d5

                                                              SHA256

                                                              2210c582e3f4db97428cce291dd40fe28458553e47156c52dc9260a4db3dc611

                                                              SHA512

                                                              fd5c86c2f6bf5c1dcd42bb4b398a80da04033f2d09895c5734b4e329d14cfeb61293243bdd10bc1196e26612fec2bbd59adea02e9825954ec7579a894b92eedb

                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                              Filesize

                                                              8KB

                                                              MD5

                                                              1486ee2c4c5f1f0f19ac44888e3e973c

                                                              SHA1

                                                              80a76e3bbf2fbaa98188c3016d8ee41a26e4ecd2

                                                              SHA256

                                                              8b3568628757310657717d9dcd63387f653ff649f51d2df63c09f393545bda71

                                                              SHA512

                                                              14a2432b4a2229a76104d7a02c021d037ff47dd65e54ba4fe5a7805abc567fac59153c03b573f3f0da08b4fbbcc91aab56ef6e8e0a2a569618c610857610e94e

                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                              Filesize

                                                              8KB

                                                              MD5

                                                              044bb4349438da7257740d02ebb897e0

                                                              SHA1

                                                              80d806adfd9848ed74e724c5891b59c510eabc63

                                                              SHA256

                                                              78190167d4d9b3d60219d2c10f6581d26a6e7cbdcd9bff27107dbaa9214f3392

                                                              SHA512

                                                              d7f068dc2114d2a258023a1b795dac97d0d12b15f6bbb3cdeaa7f27b44ced208aadae19872da5a41d18ad30d647e003ba45c864b26d8a18bbd671db99260b283

                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                              Filesize

                                                              8KB

                                                              MD5

                                                              cf0a951bd54f45c7c5083c0ff4e70022

                                                              SHA1

                                                              6857b17c994b15510cbc714a961f30d36d07ad59

                                                              SHA256

                                                              d7d712479259087f55882cbf81eb92086e4a21d950b006fa1a303d8f94c7d44e

                                                              SHA512

                                                              b6608349237bc3d62960f92b9005c4082ae1fc9b734a593d9335781e8f5bbb3e3841806964c413b1a57e68da419740dabe42a89f5f5ef03f04cfe10139a7edfb

                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                              Filesize

                                                              99KB

                                                              MD5

                                                              27c883bd9b67d25bd704d5a3bbd6c8f8

                                                              SHA1

                                                              bda27a80a11c4bc2e24b825f0f291cec8cdc0d5d

                                                              SHA256

                                                              be83162198d522989138970cf4f5be101a7bc45eb1175cd06f6e2a37a21ff37e

                                                              SHA512

                                                              6b55118bb0e91d2596ed7518ebf0441db30e93765bc8d0b26a0a8bcb6cb656212279e1a0335195a16ed37b16535048a2808ec21e8ff7463077a85cdd22ae6c8c

                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                              Filesize

                                                              99KB

                                                              MD5

                                                              2132e641d54f150d9b6edcd86b4cdc3c

                                                              SHA1

                                                              a00ca7434ab0fe9b613b67335991730a7ad7c175

                                                              SHA256

                                                              34f08daa0926df0df996c34bf7262f790c6028f671a522f44ad2344af0a0037a

                                                              SHA512

                                                              29e1f03767b025e1fbd79b118f83a3d46b02289294296e0b8584f72edb13c084bd57dc1479129dc1a7185db0f2a8e22fa6d268d91cfe497eee1f07366b5aab7e

                                                            • C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1.zip.crdownload

                                                              Filesize

                                                              6.9MB

                                                              MD5

                                                              4f32d2e2ea54c71524e3f2c77a92c91d

                                                              SHA1

                                                              a863c33cca3b3c2cf6cefa18a599ae9989f06d84

                                                              SHA256

                                                              2da12b9469f2f6dfd0f0ded1dd9978d36e081bebee7e01d10b16b81492c0241d

                                                              SHA512

                                                              690eb146832fb174a3e0a69c1cf0919c72331b1fec7791c23c4f037fb1916c520b7c954a64e847765eea4db7ac506790db3f36c24eafada174a268e4f2232374

                                                            • C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1\Natro_Macro_v1.0.0.1a\settings\nm_config.ini

                                                              Filesize

                                                              10KB

                                                              MD5

                                                              1fb95a4056d882fc25fd225a511d49d3

                                                              SHA1

                                                              30e4b4c9196427d6ff018b718b0da4bf0e006e33

                                                              SHA256

                                                              7205d5bb70e2bfd54f325bfe4085a6e23b019931682f27e06d64655396652568

                                                              SHA512

                                                              5307a23c6b28feb2309a54647b6c739e83c5296e610ac72c7d9d578a4f00decd9d391571cfcd3169da132413a1ed9fe26689ee877409cee581d810d830d08de1

                                                            • memory/2364-264-0x00000000743C0000-0x0000000074529000-memory.dmp

                                                              Filesize

                                                              1.4MB

                                                            • memory/2364-255-0x0000000010000000-0x00000000100B1000-memory.dmp

                                                              Filesize

                                                              708KB

                                                            • memory/2364-259-0x0000000075460000-0x0000000075670000-memory.dmp

                                                              Filesize

                                                              2.1MB

                                                            • memory/2364-267-0x0000000000400000-0x00000000004F5000-memory.dmp

                                                              Filesize

                                                              980KB

                                                            • memory/2364-280-0x0000000000400000-0x00000000004F5000-memory.dmp

                                                              Filesize

                                                              980KB

                                                            • memory/2364-284-0x0000000075E40000-0x0000000075F13000-memory.dmp

                                                              Filesize

                                                              844KB

                                                            • memory/2364-283-0x0000000076010000-0x00000000765C3000-memory.dmp

                                                              Filesize

                                                              5.7MB

                                                            • memory/2364-282-0x0000000074F90000-0x0000000075004000-memory.dmp

                                                              Filesize

                                                              464KB

                                                            • memory/2364-281-0x0000000075460000-0x0000000075670000-memory.dmp

                                                              Filesize

                                                              2.1MB

                                                            • memory/2364-279-0x0000000077600000-0x00000000776AF000-memory.dmp

                                                              Filesize

                                                              700KB

                                                            • memory/2364-278-0x0000000010000000-0x00000000100B1000-memory.dmp

                                                              Filesize

                                                              708KB

                                                            • memory/2364-277-0x0000000075E40000-0x0000000075F13000-memory.dmp

                                                              Filesize

                                                              844KB

                                                            • memory/2364-276-0x0000000075850000-0x0000000075875000-memory.dmp

                                                              Filesize

                                                              148KB

                                                            • memory/2364-275-0x0000000076010000-0x00000000765C3000-memory.dmp

                                                              Filesize

                                                              5.7MB

                                                            • memory/2364-274-0x0000000074F90000-0x0000000075004000-memory.dmp

                                                              Filesize

                                                              464KB

                                                            • memory/2364-273-0x0000000075460000-0x0000000075670000-memory.dmp

                                                              Filesize

                                                              2.1MB

                                                            • memory/2364-272-0x0000000077600000-0x00000000776AF000-memory.dmp

                                                              Filesize

                                                              700KB

                                                            • memory/2364-271-0x0000000010000000-0x00000000100B1000-memory.dmp

                                                              Filesize

                                                              708KB

                                                            • memory/2364-270-0x0000000076010000-0x00000000765C3000-memory.dmp

                                                              Filesize

                                                              5.7MB

                                                            • memory/2364-269-0x0000000074F90000-0x0000000075004000-memory.dmp

                                                              Filesize

                                                              464KB

                                                            • memory/2364-268-0x0000000075460000-0x0000000075670000-memory.dmp

                                                              Filesize

                                                              2.1MB

                                                            • memory/2364-266-0x0000000077600000-0x00000000776AF000-memory.dmp

                                                              Filesize

                                                              700KB

                                                            • memory/2364-265-0x0000000010000000-0x00000000100B1000-memory.dmp

                                                              Filesize

                                                              708KB

                                                            • memory/2364-249-0x0000000010000000-0x00000000100B1000-memory.dmp

                                                              Filesize

                                                              708KB

                                                            • memory/2364-263-0x0000000075E40000-0x0000000075F13000-memory.dmp

                                                              Filesize

                                                              844KB

                                                            • memory/2364-262-0x0000000077510000-0x00000000775F3000-memory.dmp

                                                              Filesize

                                                              908KB

                                                            • memory/2364-261-0x0000000076010000-0x00000000765C3000-memory.dmp

                                                              Filesize

                                                              5.7MB

                                                            • memory/2364-260-0x0000000074F90000-0x0000000075004000-memory.dmp

                                                              Filesize

                                                              464KB

                                                            • memory/2364-258-0x0000000076AA0000-0x0000000076B7C000-memory.dmp

                                                              Filesize

                                                              880KB

                                                            • memory/2364-257-0x0000000000400000-0x00000000004F5000-memory.dmp

                                                              Filesize

                                                              980KB

                                                            • memory/2364-256-0x0000000077600000-0x00000000776AF000-memory.dmp

                                                              Filesize

                                                              700KB

                                                            • memory/2364-251-0x0000000075460000-0x0000000075670000-memory.dmp

                                                              Filesize

                                                              2.1MB

                                                            • memory/2364-254-0x00000000743C0000-0x0000000074529000-memory.dmp

                                                              Filesize

                                                              1.4MB

                                                            • memory/2364-253-0x0000000077510000-0x00000000775F3000-memory.dmp

                                                              Filesize

                                                              908KB

                                                            • memory/2364-252-0x0000000076010000-0x00000000765C3000-memory.dmp

                                                              Filesize

                                                              5.7MB

                                                            • memory/2364-248-0x00000000746B0000-0x00000000746D3000-memory.dmp

                                                              Filesize

                                                              140KB

                                                            • memory/2364-247-0x0000000075850000-0x0000000075875000-memory.dmp

                                                              Filesize

                                                              148KB

                                                            • memory/2364-246-0x0000000000400000-0x00000000004F5000-memory.dmp

                                                              Filesize

                                                              980KB

                                                            • memory/2364-245-0x0000000010000000-0x00000000100B1000-memory.dmp

                                                              Filesize

                                                              708KB

                                                            • memory/2364-244-0x0000000074660000-0x0000000074690000-memory.dmp

                                                              Filesize

                                                              192KB

                                                            • memory/2364-243-0x00000000746B0000-0x00000000746D3000-memory.dmp

                                                              Filesize

                                                              140KB

                                                            • memory/2364-242-0x0000000010000000-0x00000000100B1000-memory.dmp

                                                              Filesize

                                                              708KB

                                                            • memory/2364-241-0x0000000074660000-0x0000000074690000-memory.dmp

                                                              Filesize

                                                              192KB

                                                            • memory/2364-240-0x00000000746B0000-0x00000000746D3000-memory.dmp

                                                              Filesize

                                                              140KB

                                                            • memory/2364-239-0x0000000075850000-0x0000000075875000-memory.dmp

                                                              Filesize

                                                              148KB

                                                            • memory/2364-238-0x0000000075F90000-0x000000007600A000-memory.dmp

                                                              Filesize

                                                              488KB

                                                            • memory/2364-237-0x0000000000400000-0x00000000004F5000-memory.dmp

                                                              Filesize

                                                              980KB

                                                            • memory/2364-236-0x0000000010000000-0x00000000100B1000-memory.dmp

                                                              Filesize

                                                              708KB

                                                            • memory/2364-235-0x0000000074660000-0x0000000074690000-memory.dmp

                                                              Filesize

                                                              192KB

                                                            • memory/2364-234-0x00000000746B0000-0x00000000746D3000-memory.dmp

                                                              Filesize

                                                              140KB

                                                            • memory/2364-233-0x0000000075850000-0x0000000075875000-memory.dmp

                                                              Filesize

                                                              148KB

                                                            • memory/2364-232-0x0000000075F90000-0x000000007600A000-memory.dmp

                                                              Filesize

                                                              488KB

                                                            • memory/2364-231-0x0000000000400000-0x00000000004F5000-memory.dmp

                                                              Filesize

                                                              980KB

                                                            • memory/2364-230-0x0000000010000000-0x00000000100B1000-memory.dmp

                                                              Filesize

                                                              708KB

                                                            • memory/2364-228-0x00000000746B0000-0x00000000746D3000-memory.dmp

                                                              Filesize

                                                              140KB

                                                            • memory/2364-227-0x0000000075F90000-0x000000007600A000-memory.dmp

                                                              Filesize

                                                              488KB

                                                            • memory/2364-226-0x0000000010000000-0x00000000100B1000-memory.dmp

                                                              Filesize

                                                              708KB

                                                            • memory/2364-225-0x0000000075F90000-0x000000007600A000-memory.dmp

                                                              Filesize

                                                              488KB

                                                            • memory/2364-224-0x0000000000400000-0x00000000004F5000-memory.dmp

                                                              Filesize

                                                              980KB

                                                            • memory/2364-250-0x0000000010000000-0x00000000100B1000-memory.dmp

                                                              Filesize

                                                              708KB

                                                            • memory/2364-229-0x0000000074660000-0x0000000074690000-memory.dmp

                                                              Filesize

                                                              192KB

                                                            • memory/2364-222-0x0000000075F90000-0x000000007600A000-memory.dmp

                                                              Filesize

                                                              488KB

                                                            • memory/2364-223-0x0000000010000000-0x00000000100B1000-memory.dmp

                                                              Filesize

                                                              708KB

                                                            • memory/2364-221-0x0000000000400000-0x00000000004F5000-memory.dmp

                                                              Filesize

                                                              980KB