9cd1e21f6b9822da794b027d24542834cbf39e2af8a21d0819aba865486d0ee5

Analysis

max time kernel
140s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07/08/2024, 08:54

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

SG9uZXlwb3Q.exe
Size

1.9MB
MD5

4be7c025aabed43775c8b891ad1ecfc3
SHA1

7007863269bf8d3145d1e6bc61e3507e15f524a5
SHA256

9cd1e21f6b9822da794b027d24542834cbf39e2af8a21d0819aba865486d0ee5
SHA512

e5d8b9ce7f82bd444f3e22eb05679f17d685569e4f1b5444917014774996a92abbe721237d1d698a430f8434609a5cd6639571c40702ada25a1b52e2c7eafdf6
SSDEEP

24576:m5lYe0j3Z6o2GEr8RgE9QRhAmnjtVLFFAVWtOwjV3SFDFnN65qsyHiPOMXB8sN/l:vEoTgYyU1zaCXDXFWGebMYEG

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2980	x64dbg.exe

Loads dropped DLL 34 IoCs

pid	Process
2980	x64dbg.exe
2980	x64dbg.exe
2980	x64dbg.exe
2980	x64dbg.exe
2980	x64dbg.exe
2980	x64dbg.exe
2980	x64dbg.exe
2980	x64dbg.exe
2980	x64dbg.exe
2980	x64dbg.exe
2980	x64dbg.exe
2980	x64dbg.exe
2980	x64dbg.exe
2980	x64dbg.exe
2980	x64dbg.exe
2980	x64dbg.exe
2980	x64dbg.exe
2980	x64dbg.exe
2980	x64dbg.exe
2980	x64dbg.exe
2980	x64dbg.exe
2980	x64dbg.exe
2980	x64dbg.exe
2980	x64dbg.exe
2980	x64dbg.exe
2980	x64dbg.exe
2980	x64dbg.exe
2980	x64dbg.exe
2980	x64dbg.exe
2980	x64dbg.exe
2980	x64dbg.exe
2980	x64dbg.exe
2980	x64dbg.exe
2980	x64dbg.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
57	camo.githubusercontent.com
67	raw.githubusercontent.com

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2980 set thread context of 2956	2980	x64dbg.exe	114

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133674945119343810"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	chrome.exe

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431	x64dbg.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431\Blob = 0f0000000100000014000000327fc447408de9bf596f83d4b2fa4b8e3e7097d8090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b060105050703076200000001000000200000006dc47172e01cbcb0bf62580d895fe2b8ac9ad4f873801e0c10b9c837d21eb1770b000000010000001e00000045006e00740072007500730074002000280032003000340038002900000014000000010000001400000055e481d11180bed889b908a331f9a1240916b9701d0000000100000010000000e871723e266f38af5d49cda2a502669c7e000000010000000800000000c001b39667d601030000000100000014000000503006091d97d4f5ae39f7cbe7927d7d652d343120000000010000002e0400003082042a30820312a00302010202043863def8300d06092a864886f70d01010505003081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f7269747920283230343829301e170d3939313232343137353035315a170d3239303732343134313531325a3081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f726974792028323034382930820122300d06092a864886f70d01010105000382010f003082010a0282010100ad4d4ba91286b2eaa320071516642a2b4bd1bf0b4a4d8eed8076a567b77840c07342c868c0db532bdd5eb8769835938b1a9d7c133a0e1f5bb71ecfe524141eb181a98d7db8cc6b4b03f1020cdcaba54024007f7494a19d0829b3880bf587779d55cde4c37ed76a64ab851486955b9732506f3dc8ba660ce3fcbdb849c176894919fdc0a8bd89a3672fc69fbc711960b82de92cc99076667b94e2af78d665535d3cd69cb2cf2903f92fa450b2d448ce0532558afdb2644c0ee4980775db7fdfb9085560853029f97b48a46986e3353f1e865d7a7a15bdef008e1522541700902693bc0e496891bff847d39d9542c10e4ddf6f26cfc3182162664370d6d5c007e10203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041455e481d11180bed889b908a331f9a1240916b970300d06092a864886f70d010105050003820101003b9b8f569b30e753997c7a79a74d97d7199590fb061fca337c46638f966624fa401b2127cae67273f24ffe3199fdc80c4c6853c680821398fab6adda5d3df1ce6ef6151194820cee3f95af11ab0fd72fde1f038f572c1ec9bb9a1a4495eb184fa61fcd7d57102f9b04095a84b56ed81d3ae1d69ed16c795e791c14c5e3d04c933b653ceddf3dbea6e5951ac3b519c3bd5e5bbbff23ef6819cb1293275c032d6f30d01eb61aacde5af7d1aaa827a6fe7981c479993357ba12b0a9e0426c93ca56defe6d840b088b7e8dead79821c6f3e73c792f5e9cd14c158de1ec2237cc9a430b97dc80908db3679b6f48081556cfbff12b7c5e9a76e95990c57c8335116551	x64dbg.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431\Blob = 19000000010000001000000091fad483f14848a8a69b18b805cdbb3a030000000100000014000000503006091d97d4f5ae39f7cbe7927d7d652d34317e000000010000000800000000c001b39667d6011d0000000100000010000000e871723e266f38af5d49cda2a502669c14000000010000001400000055e481d11180bed889b908a331f9a1240916b9700b000000010000001e00000045006e0074007200750073007400200028003200300034003800290000006200000001000000200000006dc47172e01cbcb0bf62580d895fe2b8ac9ad4f873801e0c10b9c837d21eb1777f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b06010505070307530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000014000000327fc447408de9bf596f83d4b2fa4b8e3e7097d820000000010000002e0400003082042a30820312a00302010202043863def8300d06092a864886f70d01010505003081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f7269747920283230343829301e170d3939313232343137353035315a170d3239303732343134313531325a3081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f726974792028323034382930820122300d06092a864886f70d01010105000382010f003082010a0282010100ad4d4ba91286b2eaa320071516642a2b4bd1bf0b4a4d8eed8076a567b77840c07342c868c0db532bdd5eb8769835938b1a9d7c133a0e1f5bb71ecfe524141eb181a98d7db8cc6b4b03f1020cdcaba54024007f7494a19d0829b3880bf587779d55cde4c37ed76a64ab851486955b9732506f3dc8ba660ce3fcbdb849c176894919fdc0a8bd89a3672fc69fbc711960b82de92cc99076667b94e2af78d665535d3cd69cb2cf2903f92fa450b2d448ce0532558afdb2644c0ee4980775db7fdfb9085560853029f97b48a46986e3353f1e865d7a7a15bdef008e1522541700902693bc0e496891bff847d39d9542c10e4ddf6f26cfc3182162664370d6d5c007e10203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041455e481d11180bed889b908a331f9a1240916b970300d06092a864886f70d010105050003820101003b9b8f569b30e753997c7a79a74d97d7199590fb061fca337c46638f966624fa401b2127cae67273f24ffe3199fdc80c4c6853c680821398fab6adda5d3df1ce6ef6151194820cee3f95af11ab0fd72fde1f038f572c1ec9bb9a1a4495eb184fa61fcd7d57102f9b04095a84b56ed81d3ae1d69ed16c795e791c14c5e3d04c933b653ceddf3dbea6e5951ac3b519c3bd5e5bbbff23ef6819cb1293275c032d6f30d01eb61aacde5af7d1aaa827a6fe7981c479993357ba12b0a9e0426c93ca56defe6d840b088b7e8dead79821c6f3e73c792f5e9cd14c158de1ec2237cc9a430b97dc80908db3679b6f48081556cfbff12b7c5e9a76e95990c57c8335116551	x64dbg.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431\Blob = 040000000100000010000000ee2931bc327e9ae6e8b5f751b43471900f0000000100000014000000327fc447408de9bf596f83d4b2fa4b8e3e7097d8090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b060105050703076200000001000000200000006dc47172e01cbcb0bf62580d895fe2b8ac9ad4f873801e0c10b9c837d21eb1770b000000010000001e00000045006e00740072007500730074002000280032003000340038002900000014000000010000001400000055e481d11180bed889b908a331f9a1240916b9701d0000000100000010000000e871723e266f38af5d49cda2a502669c7e000000010000000800000000c001b39667d601030000000100000014000000503006091d97d4f5ae39f7cbe7927d7d652d343119000000010000001000000091fad483f14848a8a69b18b805cdbb3a20000000010000002e0400003082042a30820312a00302010202043863def8300d06092a864886f70d01010505003081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f7269747920283230343829301e170d3939313232343137353035315a170d3239303732343134313531325a3081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f726974792028323034382930820122300d06092a864886f70d01010105000382010f003082010a0282010100ad4d4ba91286b2eaa320071516642a2b4bd1bf0b4a4d8eed8076a567b77840c07342c868c0db532bdd5eb8769835938b1a9d7c133a0e1f5bb71ecfe524141eb181a98d7db8cc6b4b03f1020cdcaba54024007f7494a19d0829b3880bf587779d55cde4c37ed76a64ab851486955b9732506f3dc8ba660ce3fcbdb849c176894919fdc0a8bd89a3672fc69fbc711960b82de92cc99076667b94e2af78d665535d3cd69cb2cf2903f92fa450b2d448ce0532558afdb2644c0ee4980775db7fdfb9085560853029f97b48a46986e3353f1e865d7a7a15bdef008e1522541700902693bc0e496891bff847d39d9542c10e4ddf6f26cfc3182162664370d6d5c007e10203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041455e481d11180bed889b908a331f9a1240916b970300d06092a864886f70d010105050003820101003b9b8f569b30e753997c7a79a74d97d7199590fb061fca337c46638f966624fa401b2127cae67273f24ffe3199fdc80c4c6853c680821398fab6adda5d3df1ce6ef6151194820cee3f95af11ab0fd72fde1f038f572c1ec9bb9a1a4495eb184fa61fcd7d57102f9b04095a84b56ed81d3ae1d69ed16c795e791c14c5e3d04c933b653ceddf3dbea6e5951ac3b519c3bd5e5bbbff23ef6819cb1293275c032d6f30d01eb61aacde5af7d1aaa827a6fe7981c479993357ba12b0a9e0426c93ca56defe6d840b088b7e8dead79821c6f3e73c792f5e9cd14c158de1ec2237cc9a430b97dc80908db3679b6f48081556cfbff12b7c5e9a76e95990c57c8335116551	x64dbg.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431\Blob = 5c00000001000000040000000008000019000000010000001000000091fad483f14848a8a69b18b805cdbb3a030000000100000014000000503006091d97d4f5ae39f7cbe7927d7d652d34317e000000010000000800000000c001b39667d6011d0000000100000010000000e871723e266f38af5d49cda2a502669c14000000010000001400000055e481d11180bed889b908a331f9a1240916b9700b000000010000001e00000045006e0074007200750073007400200028003200300034003800290000006200000001000000200000006dc47172e01cbcb0bf62580d895fe2b8ac9ad4f873801e0c10b9c837d21eb1777f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b06010505070307530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000014000000327fc447408de9bf596f83d4b2fa4b8e3e7097d8040000000100000010000000ee2931bc327e9ae6e8b5f751b434719020000000010000002e0400003082042a30820312a00302010202043863def8300d06092a864886f70d01010505003081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f7269747920283230343829301e170d3939313232343137353035315a170d3239303732343134313531325a3081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f726974792028323034382930820122300d06092a864886f70d01010105000382010f003082010a0282010100ad4d4ba91286b2eaa320071516642a2b4bd1bf0b4a4d8eed8076a567b77840c07342c868c0db532bdd5eb8769835938b1a9d7c133a0e1f5bb71ecfe524141eb181a98d7db8cc6b4b03f1020cdcaba54024007f7494a19d0829b3880bf587779d55cde4c37ed76a64ab851486955b9732506f3dc8ba660ce3fcbdb849c176894919fdc0a8bd89a3672fc69fbc711960b82de92cc99076667b94e2af78d665535d3cd69cb2cf2903f92fa450b2d448ce0532558afdb2644c0ee4980775db7fdfb9085560853029f97b48a46986e3353f1e865d7a7a15bdef008e1522541700902693bc0e496891bff847d39d9542c10e4ddf6f26cfc3182162664370d6d5c007e10203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041455e481d11180bed889b908a331f9a1240916b970300d06092a864886f70d010105050003820101003b9b8f569b30e753997c7a79a74d97d7199590fb061fca337c46638f966624fa401b2127cae67273f24ffe3199fdc80c4c6853c680821398fab6adda5d3df1ce6ef6151194820cee3f95af11ab0fd72fde1f038f572c1ec9bb9a1a4495eb184fa61fcd7d57102f9b04095a84b56ed81d3ae1d69ed16c795e791c14c5e3d04c933b653ceddf3dbea6e5951ac3b519c3bd5e5bbbff23ef6819cb1293275c032d6f30d01eb61aacde5af7d1aaa827a6fe7981c479993357ba12b0a9e0426c93ca56defe6d840b088b7e8dead79821c6f3e73c792f5e9cd14c158de1ec2237cc9a430b97dc80908db3679b6f48081556cfbff12b7c5e9a76e95990c57c8335116551	x64dbg.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2980	x64dbg.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
4500	chrome.exe
4500	chrome.exe
2980	x64dbg.exe
2980	x64dbg.exe
2980	x64dbg.exe
2980	x64dbg.exe
2980	x64dbg.exe
2980	x64dbg.exe
2980	x64dbg.exe
2980	x64dbg.exe
2980	x64dbg.exe
2980	x64dbg.exe
2980	x64dbg.exe
2980	x64dbg.exe
2980	x64dbg.exe
2980	x64dbg.exe
2980	x64dbg.exe
2980	x64dbg.exe
2980	x64dbg.exe
2980	x64dbg.exe
2980	x64dbg.exe
2980	x64dbg.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2980	x64dbg.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
2280	7zG.exe
2980	x64dbg.exe
2980	x64dbg.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
2980	x64dbg.exe
2980	x64dbg.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2980	x64dbg.exe
2980	x64dbg.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4500 wrote to memory of 2888	4500	chrome.exe	94
PID 4500 wrote to memory of 2888	4500	chrome.exe	94
PID 4500 wrote to memory of 2536	4500	chrome.exe	95
PID 4500 wrote to memory of 2536	4500	chrome.exe	95
PID 4500 wrote to memory of 2536	4500	chrome.exe	95
PID 4500 wrote to memory of 2536	4500	chrome.exe	95
PID 4500 wrote to memory of 2536	4500	chrome.exe	95
PID 4500 wrote to memory of 2536	4500	chrome.exe	95
PID 4500 wrote to memory of 2536	4500	chrome.exe	95
PID 4500 wrote to memory of 2536	4500	chrome.exe	95
PID 4500 wrote to memory of 2536	4500	chrome.exe	95
PID 4500 wrote to memory of 2536	4500	chrome.exe	95
PID 4500 wrote to memory of 2536	4500	chrome.exe	95
PID 4500 wrote to memory of 2536	4500	chrome.exe	95
PID 4500 wrote to memory of 2536	4500	chrome.exe	95
PID 4500 wrote to memory of 2536	4500	chrome.exe	95
PID 4500 wrote to memory of 2536	4500	chrome.exe	95
PID 4500 wrote to memory of 2536	4500	chrome.exe	95
PID 4500 wrote to memory of 2536	4500	chrome.exe	95
PID 4500 wrote to memory of 2536	4500	chrome.exe	95
PID 4500 wrote to memory of 2536	4500	chrome.exe	95
PID 4500 wrote to memory of 2536	4500	chrome.exe	95
PID 4500 wrote to memory of 2536	4500	chrome.exe	95
PID 4500 wrote to memory of 2536	4500	chrome.exe	95
PID 4500 wrote to memory of 2536	4500	chrome.exe	95
PID 4500 wrote to memory of 2536	4500	chrome.exe	95
PID 4500 wrote to memory of 2536	4500	chrome.exe	95
PID 4500 wrote to memory of 2536	4500	chrome.exe	95
PID 4500 wrote to memory of 2536	4500	chrome.exe	95
PID 4500 wrote to memory of 2536	4500	chrome.exe	95
PID 4500 wrote to memory of 2536	4500	chrome.exe	95
PID 4500 wrote to memory of 2536	4500	chrome.exe	95
PID 4500 wrote to memory of 3492	4500	chrome.exe	96
PID 4500 wrote to memory of 3492	4500	chrome.exe	96
PID 4500 wrote to memory of 3664	4500	chrome.exe	97
PID 4500 wrote to memory of 3664	4500	chrome.exe	97
PID 4500 wrote to memory of 3664	4500	chrome.exe	97
PID 4500 wrote to memory of 3664	4500	chrome.exe	97
PID 4500 wrote to memory of 3664	4500	chrome.exe	97
PID 4500 wrote to memory of 3664	4500	chrome.exe	97
PID 4500 wrote to memory of 3664	4500	chrome.exe	97
PID 4500 wrote to memory of 3664	4500	chrome.exe	97
PID 4500 wrote to memory of 3664	4500	chrome.exe	97
PID 4500 wrote to memory of 3664	4500	chrome.exe	97
PID 4500 wrote to memory of 3664	4500	chrome.exe	97
PID 4500 wrote to memory of 3664	4500	chrome.exe	97
PID 4500 wrote to memory of 3664	4500	chrome.exe	97
PID 4500 wrote to memory of 3664	4500	chrome.exe	97
PID 4500 wrote to memory of 3664	4500	chrome.exe	97
PID 4500 wrote to memory of 3664	4500	chrome.exe	97
PID 4500 wrote to memory of 3664	4500	chrome.exe	97
PID 4500 wrote to memory of 3664	4500	chrome.exe	97
PID 4500 wrote to memory of 3664	4500	chrome.exe	97
PID 4500 wrote to memory of 3664	4500	chrome.exe	97
PID 4500 wrote to memory of 3664	4500	chrome.exe	97
PID 4500 wrote to memory of 3664	4500	chrome.exe	97
PID 4500 wrote to memory of 3664	4500	chrome.exe	97
PID 4500 wrote to memory of 3664	4500	chrome.exe	97
PID 4500 wrote to memory of 3664	4500	chrome.exe	97
PID 4500 wrote to memory of 3664	4500	chrome.exe	97
PID 4500 wrote to memory of 3664	4500	chrome.exe	97
PID 4500 wrote to memory of 3664	4500	chrome.exe	97
PID 4500 wrote to memory of 3664	4500	chrome.exe	97
PID 4500 wrote to memory of 3664	4500	chrome.exe	97

C:\Users\Admin\AppData\Local\Temp\SG9uZXlwb3Q.exe
"C:\Users\Admin\AppData\Local\Temp\SG9uZXlwb3Q.exe"
1⤵
PID:3372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff9a91ccc40,0x7ff9a91ccc4c,0x7ff9a91ccc58
  2⤵
  PID:2888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2000,i,7865697671028689437,5150864173081048081,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1988 /prefetch:2
  2⤵
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2060,i,7865697671028689437,5150864173081048081,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  PID:3492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2312,i,7865697671028689437,5150864173081048081,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2324 /prefetch:8
  2⤵
  PID:3664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3180,i,7865697671028689437,5150864173081048081,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3264,i,7865697671028689437,5150864173081048081,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:1260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3700,i,7865697671028689437,5150864173081048081,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4576 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4692,i,7865697671028689437,5150864173081048081,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4884 /prefetch:8
  2⤵
  PID:4236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5032,i,7865697671028689437,5150864173081048081,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5044 /prefetch:8
  2⤵
  PID:3428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4728,i,7865697671028689437,5150864173081048081,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4428 /prefetch:1
  2⤵
  PID:992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3308,i,7865697671028689437,5150864173081048081,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3408 /prefetch:8
  2⤵
  PID:4792

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2280

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4352

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4904

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\snapshot_2024-08-05_13-47\" -spe -an -ai#7zMap11216:112:7zEvent13691
1⤵
- Suspicious use of FindShellTrayWindow
PID:2280

C:\Users\Admin\Downloads\snapshot_2024-08-05_13-47\release\x64\x64dbg.exe
"C:\Users\Admin\Downloads\snapshot_2024-08-05_13-47\release\x64\x64dbg.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Modifies system certificate store
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2980
- C:\Users\Admin\AppData\Local\Temp\SG9uZXlwb3Q.exe
  "C:\Users\Admin\AppData\Local\Temp\SG9uZXlwb3Q.exe"
  2⤵
  PID:2956

C:\Users\Admin\AppData\Local\Temp\SG9uZXlwb3Q.exe
"C:\Users\Admin\AppData\Local\Temp\SG9uZXlwb3Q.exe"
1⤵
PID:784

C:\Users\Admin\AppData\Local\Temp\SG9uZXlwb3Q.exe
"C:\Users\Admin\AppData\Local\Temp\SG9uZXlwb3Q.exe"
1⤵
PID:1728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
adf823e6b3e5ae6dfed5f324481ecbb4

SHA1
308af11adb73c81beca4d2700152592f588bb1d6

SHA256
37808802c72e5e672b7c6bef9234a1e44b571efbedc37589c98ec62ff27ab773

SHA512
dbaf67ad73cad5b35a1988961de208218381cce0412c4d03d54b5f2e24ab0e2edb50fc73412fb7a58955f127df38ecb8226feaf3dcabdd79b8a2cedc30d42d6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
df73d33fab7505d3bd24a9c782ef2aed

SHA1
5b67e7415626685e6e28fe6afebcf4545f42631d

SHA256
eb3142d490ab6ba6fdd9e4e1b3f13434638f6de1eb27f7a3c801eefb23b4c039

SHA512
6c1d983cec964ec02deb18dde397f50e52f83915733d176e915329aa96cc5e642be4d6e005a932b794b186aa4e3a3f7c54037d1995a6ba9f1b4d64927e0efa74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
30987638eaaabed83598fc8bb0be4c45

SHA1
4c862159d689141f3f793361ffd10cc75d9705fd

SHA256
4b9f0e8cb1dac510dd36e79ba08a201bce45b8ea2bead2ba354233f09a621d23

SHA512
0e54be0fec1063b713268a5ee2a79d61b6f9b92e5703473be2167526ef99a6ec617c73e65edbebc2fe547ad13981f16e39091a49510f83c25ccad2bceee5adb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
ea0d84a18ad59576e009f10b15f8af8f

SHA1
642414dd8fa8f0bf4fd33d4f9c5a266f8c9bebe7

SHA256
35e5ad59d0346b355e33ec0ecc6de6fe60e494a9498861a7aad64b9dfd9ca237

SHA512
140679fcf1ba0501dc3d23040699b618ef7f97299780e0f30fff57f508299309045f5a8fa2b2219bbd5ac61066d161f03622d7bb5e238535f65abbb2f98510e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
c75081d09c389ef045f5ed2b5bb32bd6

SHA1
a423d7cb22b0acddcdbd84fbe26b37a361d9190f

SHA256
7b65bac6b21427dade86445ec851ef186afc2b369b831cf17698969f95e28534

SHA512
1f2115fb5b29879e38ce902c14fcc35563dc7b32a3c604a528aeb957d48e48df441eb32635d814957392e32bb731d32b1986b1598c43e01248269775edad1710

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0ddf0363e7b9b77e231cb6e4e6279b9f

SHA1
549b366303443e06bd4b05e98defc81cb0259a37

SHA256
2e0306c0d5f07e80a47526efd326fec439935a44c6e509d5ea957cfae9365a37

SHA512
54a55391eb09db55ebdb310d93332c7a61aa3476c880f260b986a520b01785dc8a715de700ad8474df52a0a9a124e51cbd798a34a40c6c42a5fb0f2e060661f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e247d84fda9e0eb9e99b7b3f809c96dd

SHA1
5bffeb7f48079ce0df4f2af9b430b10f528157a6

SHA256
628335f8f9fb5160920e8ce752e0b70433180898f9d634a785b6f9edea9e7d99

SHA512
8985069f0f21ad142c565b22ed651213e57f1af435259cee0c3125fcae02317b8b859489289586536c363d0ddf7943c6d86c1a30ef13b59463085d788386f2d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
fa32118f2a7e8a334368245a9a45a50e

SHA1
c5b2ab651954d6889ca951703f5c67e0e6cd6454

SHA256
41d45869d6696e0978461dfa94cd11e292f44dad3a6b93019aff3b310c8ace51

SHA512
20e6fee7228efdabe7b07049dec264f297579be605e76fd6492cbb25f39e34ff5c36704c779e436606404dbe30e6f755876a7a48661c6e11dee9cb82c274cb3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4f5a8e59fa04598ada2ed62dc110df97

SHA1
eacf5bbcb7b74a633f4832903569f7477fd9b186

SHA256
f721ad6348ff04e906cc8d3885ae3dd9f6235445b9a5e9f73ef955c33857cc6f

SHA512
9b5527b2d8984b9fc587b37ec0a787cd5a64fbbfa2615353a0f7e1c1117ed8fcc9437e6afd921fa061b9dcb94752649f641c9c84525d2ac3869a7c050ad8a6e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c7182d75b1a031a36aeac788b32d3daa

SHA1
b4ee6a0adfebad3d3b9d8e005c2846337a1d646a

SHA256
dc9bd092ae7d5a3b28b1665c9146825c20e3ae78d6dd95622448e69fde47731f

SHA512
206fe359d1311a3b6294d9615565bdc6dcb81e313dc9a59272fa60476715f46203ec8cb34cb233459758d98d0794008b0b39153659b023266d0bbb9e41e99e7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4c119678c8d930156587b2d205377680

SHA1
602b0b3c47bdc64e489f23619a31f9d7926beb24

SHA256
8de0a836f9f34d1cd281771d67658964fa8d9b08a382bee07fb559b4aa05f69a

SHA512
b31ee734e13b5113edc9d94555eb5e6de42122776f8252b237e3a3b5e2da2c52c1f6fce29337ee3b29ab130b6f01b42468d984b235d610581c01c308afb816ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a9e4ad9f620a087713f478100dd6b0fd

SHA1
1d8510596d3abfd489b5ca6bd118e1e3465c2b0b

SHA256
e690bbb51ed40cd4b173408564744693d6c7dfde7712e880ff1da1f6d091127d

SHA512
999d71e6146d09325002ec8c2d18eb370b24cf087618b00cae1e6322424d85f3646e893058d8d4f17eecbb5ee92e25be91861e50e5b2cbfe6a77bb5b81163662

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
50be70b49e5d3e98b2db5fabdf667aad

SHA1
5da161a5c8f5fe2dcf3664aaf41c9934964c1b41

SHA256
05a105dba17c308c9f586f1c4f527e52dcc7234dde729be164fff7bfe661bcb1

SHA512
37fd46d25e01fb151c40abc4f3452c4ef52cd6ba95136ae5a8196a806582f3c2e30e9959eb059a24c3835f55541855f7cdf953f0baf3ac3a75ca890761624505

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
d39f9a1ef895880caf03add65279a5fe

SHA1
1c17bfd72c6e358f5bfade49772134f9947c4995

SHA256
902e7b1d64de41f6ff7e67f6de214da5a568b1dd03e3a518661c042da762648e

SHA512
40b725ca7f018d1173e9cfd4b86ed277802781a4ad1f6a34e1c51d3c81deeff6b0081602e9d51b4f4eeaf10277139ae2d42babbc0627e9ce1d7a27a9d45330f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
f7634a2ae86bb895a84649c4509cb79e

SHA1
8724c7c8acef4606f3197b27185090793ca78cb4

SHA256
393fad1004ba2f2efd57e9623e160ed7ff210491f95ddb514d4538954fd6eb9e

SHA512
a71fd7cce21e1303a55e8f48db5ad5d3191106e7443da99e4dc7d16132f4f81eb87c350d1cf0dffb0324f7fc5b86edd7029a7d875fd4761e394bd19eaba2c586

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
d56536f25011f5b670da25f21fd783f4

SHA1
48847e34c186494e04238180574f9f0cf68c4474

SHA256
894f6e02a922efe105a00b0a9bc9c0b9daf0a96e0a59f8f028f06f7ab4dc7b97

SHA512
1ae049ea4f0bb9d9b6f459ab986b9def6fe7fdce95dbaac562ff3e0b117d575ad3c291c2df38b14e83a3446310b7d92c1b8c824f3e46ee7e6fa14e11e41f52f3

Download Submit
C:\Users\Admin\Downloads\snapshot_2024-08-05_13-47.zip

Filesize
33.3MB

MD5
d6fdfe5bb3c9eb6f9bf1b0b608ee943d

SHA1
4be83594cb9c136f0aabc8d4d3ef1b9d6aaed192

SHA256
e945bb13fbe41c69d19ad88632d5db0a17db11df8bc3cf736503453aff7c4f1d

SHA512
6e7059cb36f5b6aa372e4c1943a1353781f09beb06e588463425717f8c1a6caa76ee23cb8d09992563937676fbcddf897ead777b4199f89521e7d23a7074fae1

Download Submit
C:\Users\Admin\Downloads\snapshot_2024-08-05_13-47\release\x64\DeviceNameResolver.dll

Filesize
74KB

MD5
1a4a1e71f2e948608ba80e901bb2b969

SHA1
6dbd88b0dd59ea30647ccda1830d33d454044990

SHA256
c6702029a705fb5db2775f31331b8314566dd84d9702b0c6ff513515c160629c

SHA512
a285f2ae8d9021da5c2e05ecef5b62945e442cf62c234fb748a8644f77d55462b129c6583e290cc6e7aa43055509c9d75f6eafa2a76bdd324fac1d8b5a07ee8a

Download Submit
C:\Users\Admin\Downloads\snapshot_2024-08-05_13-47\release\x64\LLVMDemangle.dll

Filesize
593KB

MD5
1228e59df447f4e6476546ae24638071

SHA1
7ec87e01e60f8f571684cc929fec414c224156e9

SHA256
8de391f11ceeafa007badf71b62560368f8c71623486ff1c2e4c5373fe482834

SHA512
acccedd27f10123e9f572d868fe11cd5d600b4f1a45a9e38fc263dd4d75cde022eb0d3c74fc3700148b4cfba7146c45d4591cda5fcbef8814427980658975c60

Download Submit
C:\Users\Admin\Downloads\snapshot_2024-08-05_13-47\release\x64\Qt5Core.dll

Filesize
5.3MB

MD5
2f997eb6ba34065496cb088f1489aebb

SHA1
29fd1c8a3e71cfbc49c9f160dce2749cecaf0cb6

SHA256
7a4cb4ced60598ed0a4f31dfdc01a8019df5cca6cbbfd3ec7f629edd99db6007

SHA512
4b1fd309cae1205bd3eff3b48b21893a20211356779b29c9f7739bbe6eabfa3e83e256e8406aa0af0b223b1376ec139e9605a0451359c0cccd21d3360477c233

Download Submit
C:\Users\Admin\Downloads\snapshot_2024-08-05_13-47\release\x64\Qt5Gui.dll

Filesize
5.7MB

MD5
0097fe1fdf80e2b515ab5ab2f6bad47c

SHA1
fce79b37dfc8b142dfd32c233c9ac9eec248bd6d

SHA256
3506bd2e291fe85a675d268e705f46dd0da7c274ec43dcb2330b8cee2b8c1d24

SHA512
cddb67a0d4bc60d7c26dfb4f03fbccc7d82ace7605b9d8fa20b46a970ffca134d5904303b91caa1e19b9c153a4b61ece3bde27095075dce344835e2cdbc531fc

Download Submit
C:\Users\Admin\Downloads\snapshot_2024-08-05_13-47\release\x64\Qt5Network.dll

Filesize
1.0MB

MD5
911b28d088a35d3f56a23a63ee837dca

SHA1
c110efd1c33bd8ffc2062f92a95c8f915a8db6f7

SHA256
4708ed9604e731f3b7b9b1fd774f3962a80bdf36a1845a3bb7684e8507eb0be0

SHA512
f645cfee2c5a348f01b1aa0ff3b7a039dd47117c86390b7d5fedf253ffaac1894edc36949b29776a0ab24680d022ad468d9468fe9e470d05f7178a5e9ac8df6a

Download Submit
C:\Users\Admin\Downloads\snapshot_2024-08-05_13-47\release\x64\Qt5Svg.dll

Filesize
312KB

MD5
b2c941e7a8b23664b36c70a655acd958

SHA1
3fb796251fec2ed2b2bc9c87008361992616e945

SHA256
78a031f1a8254e20c3e63357a2a87f8f6f2ba807e8edd74df6c2539b019ec309

SHA512
bfea52e55261f1fbfc9b6c8c5bde587dc0fcc29dbda5a4cb05bd30fb3ebc8ad024cf75cb9bffb04b5f8228c17adb1fa1cc1023178297f6a3efbfaf3a86a37edc

Download Submit
C:\Users\Admin\Downloads\snapshot_2024-08-05_13-47\release\x64\Qt5Widgets.dll

Filesize
5.3MB

MD5
82a8cd1f9b519d1aa8e6ad779c9e5c4f

SHA1
536da03f5389ea83009436a3197ec860ac6f0448

SHA256
6fbc262e506dc957dfdf72852cfc3b2c8b7850ec5eef4dc30f9fc9e066a8b911

SHA512
a7f178291f65edc4d4de2dddba624dc1b0c51c1b45ed92c0c35d5b3ecb496a0b8308fc1244b8846991d7580a684a9dadda1aab6f04bf4cac13ddc0cd2be31429

Download Submit
C:\Users\Admin\Downloads\snapshot_2024-08-05_13-47\release\x64\Qt5WinExtras.dll

Filesize
284KB

MD5
de7154814975f02e171f637f8222f8b1

SHA1
33198b358078341748ce5ea01ed8caf85501e0ce

SHA256
8dc1c6ad37a164639ef75093d8a0179f6f8efdf1a22877c59bac745968738e6d

SHA512
dde3c8e0fa96627dfe9ffe1067a9afacde3a69fc7ddc43d5823d091e4c449182b4c90a3fe7823f8480d889da2ae72a835b088ead54e135a197e5ad63efd4f4cf

Download Submit
C:\Users\Admin\Downloads\snapshot_2024-08-05_13-47\release\x64\TitanEngine.dll

Filesize
616KB

MD5
9140a45af6c323d407b7af06aae4d816

SHA1
f88bbb6fcab811ba3b3459f35b390fd6bbe561f5

SHA256
a1e643f082115df56c10238246fd2da0a65547ee9859024e3140de0b2843019c

SHA512
156122f7e55316235e3599cc9bceb9e7e49f3ad66555f26cf4b62b86d4399cc7fecb20c6de7e3af1bb4494cdab930745926e8fc4c216643df289003b00273aa9

Download Submit
C:\Users\Admin\Downloads\snapshot_2024-08-05_13-47\release\x64\XEDParse.dll

Filesize
1.4MB

MD5
e9d2d4b4e5c2eaed37f9e27232339858

SHA1
b6ef7424c927b788e5875198c690e96be1f23f99

SHA256
7237ace651d8ae8e3285c9a0256bf34d50e7a4c9722ce016bbcf74e80c3071d6

SHA512
5444f5516c74a96cd3152039469ea79f0e7d9262f21410a8e92593e4f870c2da3b8c67a4c85c742338ee6af582fc905ecb4f3704096dca3a791377e48aa1dd2a

Download Submit
C:\Users\Admin\Downloads\snapshot_2024-08-05_13-47\release\x64\dbghelp.dll

Filesize
1.4MB

MD5
65ce67f745501049e0ca0f970e3d283f

SHA1
dc2ee958785e5b5ec2da602daae2e86a37bc156f

SHA256
5dff20c99a370dc5cc37949c2d749b084d2d7af1c29758121cb0e16ee15034f0

SHA512
4248bfa9797a248a450686ba5c35d09dad1a76c52f94f1eed374e2f40c379fe929ebeedcebb090422fb61f49b898bb05f4ab25455f8ad5214d4439961bbbb015

Download Submit
C:\Users\Admin\Downloads\snapshot_2024-08-05_13-47\release\x64\imageformats\qgif.dll

Filesize
38KB

MD5
506a7c157ca05b5478b513b6b52f7b71

SHA1
54d5d132a7aaa857d33c0e118a56283a862be84a

SHA256
c2fce71c35bd6e22e2ea3a7e0554fe9a726f55d7027bcdbe587fab8983c3e421

SHA512
d4207de7eb2fff4f305209a3f4e51190eb6d2168a333dfaafe5cf00ffd838a0f6d324d3db50a35e696cd1dec4bce593201155ce231270679a15f0deaaaa1a42e

Download Submit
C:\Users\Admin\Downloads\snapshot_2024-08-05_13-47\release\x64\imageformats\qicns.dll

Filesize
45KB

MD5
f33b24d2e545afe46385879a57f8dbc7

SHA1
0ae0880f9ac8f5c2c2c1064479b20f88e280101d

SHA256
0a0f36c046fff544e335a0d0d80a2c36ac6064f474793426172899fe85d3e91d

SHA512
069ff4d9acd3adf9eed58bc210d758b5c35d8e34bdf2305cb8514593be3c3b41ece216895dbed3f986bebaf3839b7c5efb5f4f02e8b4999c75e6d4595d910ad8

Download Submit
C:\Users\Admin\Downloads\snapshot_2024-08-05_13-47\release\x64\imageformats\qico.dll

Filesize
39KB

MD5
e16542376c59af7240393f39ee36781a

SHA1
cf35dd7d08bc091d8a48cfd46f1b0eb9f14ff5fb

SHA256
98aa16bc5192ec26ba1ba6b290acd984d50732a91e563eaa1016bcf923643f7e

SHA512
96482eef825dada740e5cbf67d69125f7f038a93b75f76027a8f7af71156b0b9f0b5fd83c9138c1b40a5ecfdc2719c1349a29cd5a9240189b884d167b8511adb

Download Submit
C:\Users\Admin\Downloads\snapshot_2024-08-05_13-47\release\x64\imageformats\qjpeg.dll

Filesize
240KB

MD5
e082093ac545273490e3dcd92116b8e1

SHA1
c97a9e505482cd655bcc485ce3230a1649c7df28

SHA256
1a0d4ded8487a727b27dff67ef2f3794d40e1bab2e4d42b8250cc1e8525f5faa

SHA512
cf28e70d29230eb82229db372781429ab1c3cd9f1ed9a577c12641155484c12e6052cc3061ddf3ebd970bd84768b157dcd71ca41113102259d5fa2a0b94fdc60

Download Submit
C:\Users\Admin\Downloads\snapshot_2024-08-05_13-47\release\x64\imageformats\qsvg.dll

Filesize
32KB

MD5
db0ea846f201e4eb446160d18e80fa3a

SHA1
0f3075f63b70cf02297c9f22ad1896bfc996eac4

SHA256
0548ef18dec7ee2d6d2ff51cd0e78136f9f6002fa389158df2ac841425201ec5

SHA512
81bcccf2d8be8857cdeb524b616175f3c707a7340b1b0753db1fa800b7d01c0e2fd66d32ad48f5935bb6f2c0cdb4eb1c64dc54e18d65391001a9ffd0492dcb38

Download Submit
C:\Users\Admin\Downloads\snapshot_2024-08-05_13-47\release\x64\imageformats\qtga.dll

Filesize
31KB

MD5
c179cb633c05651ff0cdec84cdd71b5a

SHA1
cd9510003824b3ed2257770a86ad5f2c29f6e676

SHA256
37d36178f5c4e0bc546e05951c4da799ca21fa82690c0fdef1f1761703fd1b66

SHA512
37ee1faaea5297d3a77ce259ec14dc528c901f59f427bb448333f5bd6298eb21958f918d1846f147968c1695fef09886453d6a741886d9e4a8b87bf7053200cb

Download Submit
C:\Users\Admin\Downloads\snapshot_2024-08-05_13-47\release\x64\imageformats\qtiff.dll

Filesize
355KB

MD5
f860955e157bbc2972d9804486c54bd9

SHA1
40b9340cd934046b944c7ec1abf19a355f082892

SHA256
b9a79722472ffaa7a8e3025254fcd053ee1193ffd59353d8e9f28de99ffe7ed4

SHA512
3e4731196932f93955895b2eccae29b18a6d90eee1f8dbb4a1044cf833afab69ffced1f4f673cefdd7689d4f40ad81acd642944cda01811bbbb892c70e4379b5

Download Submit
C:\Users\Admin\Downloads\snapshot_2024-08-05_13-47\release\x64\imageformats\qwbmp.dll

Filesize
30KB

MD5
54b60b85caa948565c05a9a72861b83f

SHA1
04e233d466a7ccbd2e6d465600a5fe491bcc5cdf

SHA256
3ffa4adc5b5d9aab693f845f53b99774b7daec78c1aefc525b07bf794ac596c7

SHA512
3f56e60cb00b1725befc00e308c40f2b73b6eb57c34fe5ef6bf85e8a097ba657b3ec10fde8729b65956afca17ff2553e974aaae67888d91b30f3c2fcc2a6d4d1

Download Submit
C:\Users\Admin\Downloads\snapshot_2024-08-05_13-47\release\x64\jansson.dll

Filesize
146KB

MD5
89d701f3bcd052251e023441d5fdf97f

SHA1
3771038e2de2135d9bfb62254fe83e5c996a9e53

SHA256
eb704b761c638dc9cc4690941dd0de71e4f0575280d41243a5b0d40ebd38f4e8

SHA512
ea377bb175ba51a63625352156ed4c848868def18af9bfdcb0eb76bab6b4b63ef091ef5ece49f47de652d508bd437f2f113766b86fe53ca1174fb1c13cd4b122

Download Submit
C:\Users\Admin\Downloads\snapshot_2024-08-05_13-47\release\x64\ldconvert.dll

Filesize
56KB

MD5
5ed39b88a4a05adde32153e5d583e424

SHA1
c139a5761b5e8e2cb06c3229d70ee6eea9bfad9d

SHA256
293539875b478fc2b554104f8c1e0e80a169e75c829a5b882e10b601e6e99744

SHA512
9c9e438abca22502e0430bae7cb3292ff768cb9de0ab06ec1bf261ac2b67750a0172b084b05e7b21f786feac622990edb674619602d118e94e8b0202cc5fd3e0

Download Submit
C:\Users\Admin\Downloads\snapshot_2024-08-05_13-47\release\x64\lz4.dll

Filesize
96KB

MD5
be36901afd7394b0355d787c407d2d5f

SHA1
1d9c3bb6d06efd4b56a55140361f747e0b40d475

SHA256
5cfae56f5319dc343799ac7e9738bc367f9843ce4bf4e795d2ee2ca268fa9c5d

SHA512
1356c7cc6ab1625d0fa055ed57fb79e4009fd354b72c4e4357d07a9c8c40e8dc2389cc9134638daea4a6f065d5457d60985a9c378fd9d53748621a4c9a14c019

Download Submit
C:\Users\Admin\Downloads\snapshot_2024-08-05_13-47\release\x64\msdia140.dll

Filesize
1.5MB

MD5
73e0349829750676b7791ac210e304e8

SHA1
38d8faa45f57ea050bff328bf0f23a8cd1f4e73f

SHA256
46351bd350799dc196481cbe2b26f628b489a280a9e2f49bace71930f3dc80d3

SHA512
7ae086c3dec0fb33a648cc2bd5fde69804b6b752e05c6ef4f45c00780b13ba086183a9adc4c432e38748d05c551107c3ab01fcbb8e29d966588a3ab220e4e311

Download Submit
C:\Users\Admin\Downloads\snapshot_2024-08-05_13-47\release\x64\platforms\qwindows.dll

Filesize
1.2MB

MD5
0cdac0e449902682182f78a552c35de2

SHA1
c370e79c472c4973178a9b666194edceb1c02a62

SHA256
85dbcaf6965fb146cde7825465add3e890e13d2c67390b8b3c6fbcaecd503c68

SHA512
9516091abb61b91dd0c90d2e85f6de1463f075e64451dab48b535a119d5a04e66cfe674ee85c8ac41772c98d22c946f8be85f0d80c2e50c247939fc66aaa7cff

Download Submit
C:\Users\Admin\Downloads\snapshot_2024-08-05_13-47\release\x64\x64bridge.dll

Filesize
77KB

MD5
4bf331fa06dda1d74313e0645c54ee38

SHA1
5d2c4e37b56592f2c2ce513e202344449c92a952

SHA256
6f2e5b28ae5e1047717f1d0a89b56c1a329a8927acf62b0ddff51244fa0ae9dd

SHA512
1db9b4bf99652caa9ce40f2b54883a5f9d6fca8738d2a04da23efc87a06e5a6cf5e35014d5415f93c3c98e07d40b4e2ce0a7dd4bcc4811971b407f1d7cee2481

Download Submit
C:\Users\Admin\Downloads\snapshot_2024-08-05_13-47\release\x64\x64dbg.dll

Filesize
2.3MB

MD5
8e5ca87027450eb867a5bb52b4833d76

SHA1
d71fb183699c449c18ae95c1a34df9aef7f47dcc

SHA256
b9b55331c8d817b753e8063ea1cf752c2e48530fc9a7d2cb073d9b54134e7561

SHA512
ef3d09d9b5c6b13fde6384283484ac36fe18de3069d0f11ceee5977caec0bb7a114818ee28d3830438a2d061dd53a9e77547d8382bd1ba74e3d6358e65bca3e9

Download Submit
C:\Users\Admin\Downloads\snapshot_2024-08-05_13-47\release\x64\x64dbg.exe

Filesize
182KB

MD5
1b03af12adea3adeec805c5a017fae4f

SHA1
1961397a4818222fccc1ffd5fb3bb1a4e83feaf2

SHA256
89e426ecb39a22bea0af72dc6270b61d49bfac357b6db1af0de50b0ce28a51f8

SHA512
fd358d793ac38ef37123c234c7f1018a952e2b6240ad2a5372ae9942c1436a90ba67649da509a1cea9d8bf8ffcd8a9d8eafa0ac13760391ebfd9978da75217c9

Download Submit
memory/2980-913-0x0000000072480000-0x00000000729CA000-memory.dmp

Filesize
5.3MB

Download
memory/2980-912-0x0000000072480000-0x00000000729CA000-memory.dmp

Filesize
5.3MB

Download
memory/2980-936-0x0000000072F30000-0x0000000072F45000-memory.dmp

Filesize
84KB

Download
memory/2980-941-0x0000000072F30000-0x0000000072F45000-memory.dmp

Filesize
84KB

Download