xworm | hxxps://gofile[.]io/d/VRI1By

Analysis

max time kernel
337s
max time network
338s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07-08-2024 18:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gofile.io/d/VRI1By

Score

10^/10

xworm defense_evasion discovery execution persistence rat trojan

Malware Config

Extracted

Family

xworm

Version

5.0

las-protected.gl.at.ply.gg:59571

Mutex

57uEOC4VgAs3IeCB

Attributes

Install_directory
%Userprofile%
install_file
Uni.exe

aes.plain

Signatures

Detect Xworm Payload 2 IoCs

resource	yara_rule
behavioral1/memory/3124-1793-0x0000000000830000-0x0000000000840000-memory.dmp	family_xworm
behavioral1/files/0x000f0000000233d4-1880.dat	family_xworm

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm

Command and Scripting Interpreter: PowerShell 1 TTPs 4 IoCs

Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

execution

PowerShell

T1059.001

pid	Process
5712	powershell.exe
448	powershell.exe
6040	powershell.exe
1072	powershell.exe

Downloads MZ/PE file

Manipulates Digital Signatures 1 TTPs 3 IoCs

Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.60.3.2!7\Name = "szOID_ROOT_PROGRAM_AUTO_UPDATE_END_REVOCATION"	certutil.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.60.3.3!7\Name = "szOID_ROOT_PROGRAM_NO_OCSP_FAILOVER_TO_CRL"	certutil.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.60.3.1!7\Name = "szOID_ROOT_PROGRAM_AUTO_UPDATE_CA_REVOCATION"	certutil.exe

Checks computer location settings 2 TTPs 5 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	SeroXn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	SeroXn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	Uni.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	SeroXn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	SeroXn.exe

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uni.lnk	Uni.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uni.lnk	Uni.exe

Executes dropped EXE 20 IoCs

pid	Process
4192	winrar-x64-701.exe
3324	winrar-x64-701.exe
1372	winrar-x64-701.exe
5808	SeroXn.exe
5896	SeroXen.exe
3124	Uni.exe
5960	Uni.exe
5988	SeroXn.exe
3948	SeroXen.exe
5488	Uni.exe
5384	SeroXn.exe
4188	SeroXen.exe
5840	Uni.exe
5900	SeroXn.exe
1340	SeroXen.exe
5448	Uni.exe
3872	Uni.exe
4428	Uni.exe
5472	Uni.exe
5268	Uni.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Uni = "C:\\Users\\Admin\\Uni.exe"	Uni.exe

Deobfuscate/Decode Files or Information 1 TTPs 7 IoCs

Payload decoded via CertUtil.

defense_evasion

Deobfuscate/Decode Files or Information

T1140

pid	Process
2764	certutil.exe
5828	certutil.exe
2936	certutil.exe
5844	certutil.exe
5468	certutil.exe
3664	certutil.exe
3960	certutil.exe

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
766	ip-api.com

Obfuscated Files or Information: Command Obfuscation 1 TTPs
Adversaries may obfuscate content during command execution to impede detection.
defense_evasion

Command Obfuscation
T1027.010

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Drops file in Windows directory 8 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SeroXen.exe	SeroXn.exe
File opened for modification	C:\Windows\Uni.bat	SeroXn.exe
File created	C:\Windows\SeroXen.exe	SeroXn.exe
File created	C:\Windows\Uni.bat	SeroXn.exe
File opened for modification	C:\Windows\SeroXen.exe	SeroXn.exe
File opened for modification	C:\Windows\Uni.bat	SeroXn.exe
File opened for modification	C:\Windows\SeroXen.exe	SeroXn.exe
File opened for modification	C:\Windows\Uni.bat	SeroXn.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 16 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SeroXn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SeroXn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	certutil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	certutil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	certutil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SeroXn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	certutil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SeroXn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133675302733981456"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000af522a6dd7e4da013aec53f5e3e4da01995e9d2ffbe8da0114000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616193"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Version = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	chrome.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
5776	schtasks.exe

Suspicious behavior: EnumeratesProcesses 32 IoCs

pid	Process
2920	chrome.exe
2920	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
5980	powershell.exe
5980	powershell.exe
5980	powershell.exe
5712	powershell.exe
5712	powershell.exe
5712	powershell.exe
448	powershell.exe
448	powershell.exe
448	powershell.exe
6040	powershell.exe
6040	powershell.exe
6040	powershell.exe
1072	powershell.exe
1072	powershell.exe
1072	powershell.exe
3124	Uni.exe
3124	Uni.exe
5968	powershell.exe
5968	powershell.exe
5968	powershell.exe
5412	powershell.exe
5412	powershell.exe
5412	powershell.exe
5408	powershell.exe
5408	powershell.exe
5408	powershell.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
5028	OpenWith.exe
2548	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 59 IoCs

pid	Process
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe

Suspicious use of SetWindowsHookEx 39 IoCs

pid	Process
5028	OpenWith.exe
5028	OpenWith.exe
5028	OpenWith.exe
5028	OpenWith.exe
5028	OpenWith.exe
5028	OpenWith.exe
5028	OpenWith.exe
5028	OpenWith.exe
5028	OpenWith.exe
5028	OpenWith.exe
5028	OpenWith.exe
5028	OpenWith.exe
5028	OpenWith.exe
5028	OpenWith.exe
5028	OpenWith.exe
5028	OpenWith.exe
5028	OpenWith.exe
5028	OpenWith.exe
5028	OpenWith.exe
5028	OpenWith.exe
5028	OpenWith.exe
5028	OpenWith.exe
5028	OpenWith.exe
4192	winrar-x64-701.exe
4192	winrar-x64-701.exe
4192	winrar-x64-701.exe
3324	winrar-x64-701.exe
3324	winrar-x64-701.exe
3324	winrar-x64-701.exe
1372	winrar-x64-701.exe
1372	winrar-x64-701.exe
1372	winrar-x64-701.exe
2548	chrome.exe
3848	chrome.exe
5808	SeroXn.exe
3124	Uni.exe
5988	SeroXn.exe
5384	SeroXn.exe
5900	SeroXn.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2920 wrote to memory of 232	2920	chrome.exe	84
PID 2920 wrote to memory of 232	2920	chrome.exe	84
PID 2920 wrote to memory of 3588	2920	chrome.exe	85
PID 2920 wrote to memory of 3588	2920	chrome.exe	85
PID 2920 wrote to memory of 3588	2920	chrome.exe	85
PID 2920 wrote to memory of 3588	2920	chrome.exe	85
PID 2920 wrote to memory of 3588	2920	chrome.exe	85
PID 2920 wrote to memory of 3588	2920	chrome.exe	85
PID 2920 wrote to memory of 3588	2920	chrome.exe	85
PID 2920 wrote to memory of 3588	2920	chrome.exe	85
PID 2920 wrote to memory of 3588	2920	chrome.exe	85
PID 2920 wrote to memory of 3588	2920	chrome.exe	85
PID 2920 wrote to memory of 3588	2920	chrome.exe	85
PID 2920 wrote to memory of 3588	2920	chrome.exe	85
PID 2920 wrote to memory of 3588	2920	chrome.exe	85
PID 2920 wrote to memory of 3588	2920	chrome.exe	85
PID 2920 wrote to memory of 3588	2920	chrome.exe	85
PID 2920 wrote to memory of 3588	2920	chrome.exe	85
PID 2920 wrote to memory of 3588	2920	chrome.exe	85
PID 2920 wrote to memory of 3588	2920	chrome.exe	85
PID 2920 wrote to memory of 3588	2920	chrome.exe	85
PID 2920 wrote to memory of 3588	2920	chrome.exe	85
PID 2920 wrote to memory of 3588	2920	chrome.exe	85
PID 2920 wrote to memory of 3588	2920	chrome.exe	85
PID 2920 wrote to memory of 3588	2920	chrome.exe	85
PID 2920 wrote to memory of 3588	2920	chrome.exe	85
PID 2920 wrote to memory of 3588	2920	chrome.exe	85
PID 2920 wrote to memory of 3588	2920	chrome.exe	85
PID 2920 wrote to memory of 3588	2920	chrome.exe	85
PID 2920 wrote to memory of 3588	2920	chrome.exe	85
PID 2920 wrote to memory of 3588	2920	chrome.exe	85
PID 2920 wrote to memory of 3588	2920	chrome.exe	85
PID 2920 wrote to memory of 4972	2920	chrome.exe	86
PID 2920 wrote to memory of 4972	2920	chrome.exe	86
PID 2920 wrote to memory of 3008	2920	chrome.exe	87
PID 2920 wrote to memory of 3008	2920	chrome.exe	87
PID 2920 wrote to memory of 3008	2920	chrome.exe	87
PID 2920 wrote to memory of 3008	2920	chrome.exe	87
PID 2920 wrote to memory of 3008	2920	chrome.exe	87
PID 2920 wrote to memory of 3008	2920	chrome.exe	87
PID 2920 wrote to memory of 3008	2920	chrome.exe	87
PID 2920 wrote to memory of 3008	2920	chrome.exe	87
PID 2920 wrote to memory of 3008	2920	chrome.exe	87
PID 2920 wrote to memory of 3008	2920	chrome.exe	87
PID 2920 wrote to memory of 3008	2920	chrome.exe	87
PID 2920 wrote to memory of 3008	2920	chrome.exe	87
PID 2920 wrote to memory of 3008	2920	chrome.exe	87
PID 2920 wrote to memory of 3008	2920	chrome.exe	87
PID 2920 wrote to memory of 3008	2920	chrome.exe	87
PID 2920 wrote to memory of 3008	2920	chrome.exe	87
PID 2920 wrote to memory of 3008	2920	chrome.exe	87
PID 2920 wrote to memory of 3008	2920	chrome.exe	87
PID 2920 wrote to memory of 3008	2920	chrome.exe	87
PID 2920 wrote to memory of 3008	2920	chrome.exe	87
PID 2920 wrote to memory of 3008	2920	chrome.exe	87
PID 2920 wrote to memory of 3008	2920	chrome.exe	87
PID 2920 wrote to memory of 3008	2920	chrome.exe	87
PID 2920 wrote to memory of 3008	2920	chrome.exe	87
PID 2920 wrote to memory of 3008	2920	chrome.exe	87
PID 2920 wrote to memory of 3008	2920	chrome.exe	87
PID 2920 wrote to memory of 3008	2920	chrome.exe	87
PID 2920 wrote to memory of 3008	2920	chrome.exe	87
PID 2920 wrote to memory of 3008	2920	chrome.exe	87
PID 2920 wrote to memory of 3008	2920	chrome.exe	87

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://gofile.io/d/VRI1By
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8f8b8cc40,0x7ff8f8b8cc4c,0x7ff8f8b8cc58
  2⤵
  PID:232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1900,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1888 /prefetch:2
  2⤵
  PID:3588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2132,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1236,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2456 /prefetch:8
  2⤵
  PID:3008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:4228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:4700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4532,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4556 /prefetch:1
  2⤵
  PID:3260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3376,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3388 /prefetch:8
  2⤵
  PID:2500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3292,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4460 /prefetch:1
  2⤵
  PID:920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4980,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3664 /prefetch:8
  2⤵
  PID:1340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5148,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:1252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5464,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5136,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5604,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:3996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5224,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5024 /prefetch:8
  2⤵
  PID:3276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5360,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4024 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5788,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5408 /prefetch:8
  2⤵
  PID:2120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5240,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5600 /prefetch:8
  2⤵
  PID:2216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5564,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5516 /prefetch:8
  2⤵
  PID:2500
- C:\Users\Admin\Downloads\winrar-x64-701.exe
  "C:\Users\Admin\Downloads\winrar-x64-701.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4192
- C:\Users\Admin\Downloads\winrar-x64-701.exe
  "C:\Users\Admin\Downloads\winrar-x64-701.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4600,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3340 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:3276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=1456,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1452 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5832,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5592,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5568 /prefetch:8
  2⤵
  PID:2716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5984,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5568,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6084 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:2548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=6056,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6332 /prefetch:1
  2⤵
  PID:2448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6420,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6348 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:3848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=6268,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6276 /prefetch:1
  2⤵
  PID:3816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=6524,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6572 /prefetch:1
  2⤵
  PID:180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=6304,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=6060,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6252 /prefetch:1
  2⤵
  PID:2572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=6748,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6744 /prefetch:1
  2⤵
  PID:3000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=6736,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6884 /prefetch:1
  2⤵
  PID:2932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=6904,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7028 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=7068,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7192 /prefetch:1
  2⤵
  PID:4116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=7368,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7360 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=7480,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6892 /prefetch:1
  2⤵
  PID:3384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=7500,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7644 /prefetch:1
  2⤵
  PID:984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=7512,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7800 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=7932,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7984 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=8100,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8088 /prefetch:1
  2⤵
  PID:2440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=8248,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8232 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=7832,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8096 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=7588,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7956 /prefetch:1
  2⤵
  PID:1256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=8296,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7348 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=7844,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8088 /prefetch:1
  2⤵
  PID:3872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=8292,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8020 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=8344,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8068 /prefetch:1
  2⤵
  PID:3324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=6924,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6988 /prefetch:1
  2⤵
  PID:3360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=8324,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7424 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=7276,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8516 /prefetch:1
  2⤵
  PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --field-trial-handle=8612,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8644 /prefetch:1
  2⤵
  PID:1132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --field-trial-handle=7688,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8024 /prefetch:1
  2⤵
  PID:2028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --field-trial-handle=8616,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8348 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --field-trial-handle=6896,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8064 /prefetch:1
  2⤵
  PID:3404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --field-trial-handle=8156,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6884 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --field-trial-handle=7244,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6888 /prefetch:1
  2⤵
  PID:1244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --field-trial-handle=8652,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7576 /prefetch:1
  2⤵
  PID:940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --field-trial-handle=7592,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8020 /prefetch:1
  2⤵
  PID:3084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --field-trial-handle=8372,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7292 /prefetch:1
  2⤵
  PID:1556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --field-trial-handle=6372,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8216 /prefetch:1
  2⤵
  PID:5324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --field-trial-handle=8532,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8364 /prefetch:1
  2⤵
  PID:5380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --field-trial-handle=7976,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8348 /prefetch:1
  2⤵
  PID:5812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --field-trial-handle=8244,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:6108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --field-trial-handle=7548,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7484 /prefetch:1
  2⤵
  PID:6116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --field-trial-handle=9036,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6872 /prefetch:1
  2⤵
  PID:6124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --field-trial-handle=8168,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8360 /prefetch:1
  2⤵
  PID:2384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --field-trial-handle=9140,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9156 /prefetch:1
  2⤵
  PID:3324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --field-trial-handle=9312,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9040 /prefetch:1
  2⤵
  PID:4180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --field-trial-handle=9180,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7852 /prefetch:1
  2⤵
  PID:5268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --field-trial-handle=8976,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9032 /prefetch:1
  2⤵
  PID:5260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --field-trial-handle=9028,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8972 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --field-trial-handle=8684,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8696 /prefetch:1
  2⤵
  PID:5624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=9700,i,5430109781818637434,5855359319301542593,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9652 /prefetch:8
  2⤵
  PID:5788

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3468

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3816

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5028

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\8802a252035b439286f3411d814846fa /t 4876 /p 4192
1⤵
PID:2400

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\5a5f72b04bbf4883b4a0f36c6f178034 /t 3676 /p 3324
1⤵
PID:1556

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2392

C:\Users\Admin\Downloads\winrar-x64-701.exe
"C:\Users\Admin\Downloads\winrar-x64-701.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1372

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\c1f480b4be664d82b4111a2f4fa0fa36 /t 3884 /p 1372
1⤵
PID:1204

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\SeroXen\" -ad -an -ai#7zMap6346:76:7zEvent16853
1⤵
PID:680

C:\Users\Admin\Downloads\SeroXen\SeroXn.exe
"C:\Users\Admin\Downloads\SeroXen\SeroXn.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5808
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGcAaABnACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAG0AcgBtACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGsAYQB6ACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHcAcwBrACMAPgA="
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:5980
- C:\Windows\SeroXen.exe
  "C:\Windows\SeroXen.exe"
  2⤵
  - Executes dropped EXE
  PID:5896
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Windows\Uni.bat" "
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6008
- - C:\Windows\SysWOW64\certutil.exe
    certutil -decodehex temp.hex "Uni.exe"
    3⤵
    - Manipulates Digital Signatures
    - Deobfuscate/Decode Files or Information
    - System Location Discovery: System Language Discovery
    PID:5468
- - C:\Users\Admin\Downloads\SeroXen\Uni.exe
    Uni.exe
    3⤵
    - Checks computer location settings
    - Drops startup file
    - Executes dropped EXE
    - Adds Run key to start application
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:3124
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\Downloads\SeroXen\Uni.exe'
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      PID:5712
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Uni.exe'
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      PID:448
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\Uni.exe'
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      PID:6040
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Uni.exe'
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      PID:1072
  - - C:\Windows\System32\schtasks.exe
      "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "Uni" /tr "C:\Users\Admin\Uni.exe"
      4⤵
      Scheduled Task/Job: Scheduled Task
      PID:5776

C:\Users\Admin\Downloads\SeroXen\Uni.exe
"C:\Users\Admin\Downloads\SeroXen\Uni.exe"
1⤵
- Executes dropped EXE
PID:5960

C:\Users\Admin\Downloads\SeroXen\SeroXn.exe
"C:\Users\Admin\Downloads\SeroXen\SeroXn.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5988
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGcAaABnACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAG0AcgBtACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGsAYQB6ACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHcAcwBrACMAPgA="
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:5968
- C:\Windows\SeroXen.exe
  "C:\Windows\SeroXen.exe"
  2⤵
  - Executes dropped EXE
  PID:3948
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Windows\Uni.bat" "
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5876
- - C:\Windows\SysWOW64\certutil.exe
    certutil -decodehex temp.hex "Uni.exe"
    3⤵
    - Deobfuscate/Decode Files or Information
    - System Location Discovery: System Language Discovery
    PID:3664
- - C:\Users\Admin\Downloads\SeroXen\Uni.exe
    Uni.exe
    3⤵
    - Executes dropped EXE
    PID:5488

C:\Users\Admin\Downloads\SeroXen\SeroXn.exe
"C:\Users\Admin\Downloads\SeroXen\SeroXn.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5384
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGcAaABnACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAG0AcgBtACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGsAYQB6ACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHcAcwBrACMAPgA="
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:5412
- C:\Windows\SeroXen.exe
  "C:\Windows\SeroXen.exe"
  2⤵
  - Executes dropped EXE
  PID:4188
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Windows\Uni.bat" "
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6020
- - C:\Windows\SysWOW64\certutil.exe
    certutil -decodehex temp.hex "Uni.exe"
    3⤵
    - Deobfuscate/Decode Files or Information
    - System Location Discovery: System Language Discovery
    PID:3960
- - C:\Users\Admin\Downloads\SeroXen\Uni.exe
    Uni.exe
    3⤵
    - Executes dropped EXE
    PID:5840

C:\Users\Admin\Downloads\SeroXen\SeroXn.exe
"C:\Users\Admin\Downloads\SeroXen\SeroXn.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5900
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGcAaABnACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAG0AcgBtACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGsAYQB6ACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHcAcwBrACMAPgA="
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:5408
- C:\Windows\SeroXen.exe
  "C:\Windows\SeroXen.exe"
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Windows\Uni.bat" "
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5456
- - C:\Windows\SysWOW64\certutil.exe
    certutil -decodehex temp.hex "Uni.exe"
    3⤵
    - Deobfuscate/Decode Files or Information
    - System Location Discovery: System Language Discovery
    PID:2764
- - C:\Users\Admin\Downloads\SeroXen\Uni.exe
    Uni.exe
    3⤵
    - Executes dropped EXE
    PID:5448

C:\Users\Admin\Downloads\SeroXen\Uni.exe
"C:\Users\Admin\Downloads\SeroXen\Uni.exe"
1⤵
- Executes dropped EXE
PID:3872

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\SeroXen\Aimbots Rat Builder.bat" "
1⤵
PID:3472
- C:\Windows\system32\certutil.exe
  certutil -decodehex temp.hex "Uni.exe"
  2⤵
  - Deobfuscate/Decode Files or Information
  PID:5828
- C:\Users\Admin\Downloads\SeroXen\Uni.exe
  Uni.exe
  2⤵
  - Executes dropped EXE
  PID:4428

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\SeroXen\Aimbots Rat Builder.bat" "
1⤵
PID:5480
- C:\Windows\system32\certutil.exe
  certutil -decodehex temp.hex "Uni.exe"
  2⤵
  - Deobfuscate/Decode Files or Information
  PID:2936
- C:\Users\Admin\Downloads\SeroXen\Uni.exe
  Uni.exe
  2⤵
  - Executes dropped EXE
  PID:5472

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\SeroXen\fixer.bat" "
1⤵
PID:6124
- C:\Windows\system32\certutil.exe
  certutil -decodehex temp.hex "Uni.exe"
  2⤵
  - Deobfuscate/Decode Files or Information
  PID:5844
- C:\Users\Admin\Downloads\SeroXen\Uni.exe
  Uni.exe
  2⤵
  - Executes dropped EXE
  PID:5268

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Deobfuscate/Decode Files or Information

T1140

Modify Registry

T1112

Obfuscated Files or Information

T1027

Command Obfuscation

T1027.010

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
210KB

MD5
48d2860dd3168b6f06a4f27c6791bcaa

SHA1
f5f803efed91cd45a36c3d6acdffaaf0e863bf8c

SHA256
04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77

SHA512
172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000033

Filesize
52KB

MD5
13c7e1354ccf38ce8915d19ebd7f7d29

SHA1
6f7360b70a06d596d856d7c3057e954d7c2eab72

SHA256
655710c3b495dde2b91a1d87ba6bc1977e4c020d82f72c75d75ce0b0cf5d381c

SHA512
6a18f8e701316c7b6aba7b874039976e85df60118b9ce2066d0d609b8475c21f25dc39dd107572f5d230552854e200b9a54ce3f14cb00b56cad18b5d2474de98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006f

Filesize
20KB

MD5
6931123c52bee278b00ee54ae99f0ead

SHA1
6907e9544cd8b24f602d0a623cfe32fe9426f81f

SHA256
c54a6c3031bf3472077c716fa942bd683119dc483b7e0181e8a608fa0b309935

SHA512
40221fe98816aa369c45f87dc62e6d91fcdb559d9756cb6a05819f1cde629e23a51803e71371f4e4f27112a09489d58ed45b2b901a5f2f00c69c082b3576057f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000070

Filesize
54KB

MD5
01ad880ee50b786f74a5e4fae9ba3d71

SHA1
111387dbe885b7f3af44cdbbeea17eeb04bbf803

SHA256
9368f2d586a1d2727921605892048bf5201ef8caa044f2e939ef431aa881d83e

SHA512
d8dc47e5d55e6598988281539205936c56b716eb02b4e643fc917a68ba4407ece36a9d4115d5d0e32ac630d44eadb94ad2607330de082629fea82a9bd35fb83c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000072

Filesize
28KB

MD5
13d4f13cd34f37afc507ac239d82ddbd

SHA1
6d500935a441d438ed052e90de0443bccc8c6d17

SHA256
76464e77d22532976bbe5d1829e97854d5c37ed5a46ff300ad9680876ec81d01

SHA512
152e6449d09a7b544cf6f986c9695ae07c330f4b13068cca028ab56ffdad6ff2467f371ea4385ad71da023f3beb83fe0ba1d6d413f1ddde14372efe82ae36b6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00007d

Filesize
40KB

MD5
230ab95d87a717be265134072eb17c25

SHA1
71a3d3dd6f952057ba0c6025d39c9792ff606828

SHA256
3fdfeaa675697f08f1c7c0fd6b77512f4bf9465e670637e8e332e65ebb9db068

SHA512
9b0636421ad14161f211e846521149ab0a7c866e77db309dba79718487835204cee3821c9f4678e48e134614be6a02421c155a34b7c9bc424012137705960b11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\03e36a3941d3db89_0

Filesize
374KB

MD5
ac5c6fe062096a618c3394f043d91f8a

SHA1
8d6635673bcda35add2ecd7ef76070a1d96783f5

SHA256
7396c5f8e56dba2c7680fba55a04d682be6d71b2eb4f0d58749f95666ad4476d

SHA512
4b9d2e46b95a61910a148f92560aaba620429ef4e4af248a4156e180a445008b981baf38cc1f5368603db761a9704f10983cec4c841ee9e8e43de7d7a82eb175

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\26428a3cf80884ef_0

Filesize
55KB

MD5
e1e6bd552e8b9a1ffd408a29583a3ffb

SHA1
615e9dee1f569861377198fdc1084503817619b8

SHA256
11f8c18299041604f18e5a784a97d596b9656d14f2a7aafa961cb409f3586dc5

SHA512
e67959ef29c9aafec845b6bc033a9cad58b31a95964f32932f5b5f800b3576203c0efb9c7688879fa22394a00662b43d241a42a4a64beeda2727ac320ccbb568

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2bfde39962961371_0

Filesize
267B

MD5
7da81f2ff4fae713a29c49ad2dcd3dba

SHA1
41e859b0d77baa7cb32906247df9a91008ceaaf9

SHA256
7a7a779bddc77417e1580e5d79b4eea36b83d957e450b8bfc8a90b3fab305243

SHA512
7259cf487dbb263bfb55c3dfd0af8e70cfbf6fd5a2907bcb646feb09a41b7c62874126f7f300f017d4712c0bca8867b42e6d64828a316f8d4ad8c830ec67e55c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2d1a60d94cb115fb_0

Filesize
289B

MD5
e8975d427faf1f224cf05903b3b015a6

SHA1
c03afb0f533aa623b1ab9696c4bc2f9588e49b93

SHA256
0882f0a14c80aa823cea5a26fb745ef088a603b303f9d5eebd303d97d9174a3d

SHA512
58e1fd21da2afd54b6e73537e565341c97b34beb10648644118329d02b50bcf6c9e66719a0bd81eb4734511470acfc629f62281cefca9af14aefc1962ce85b5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\462af6135c2a293a_0

Filesize
7KB

MD5
0bce40fe944029af3dc6b67c2c433e74

SHA1
27930c32308f7fc04f3450a33f26ea113a97b96b

SHA256
221fa36d892ce34c464b50f1f2c559a8195d57fdb72263d3d51342ecacc6987a

SHA512
058b40bac65ffdae92445f568736e6c94e1c23940e3f0f179050542b821804176b0a92fad4e4ae25d2f69da6718221d0fa2eeb4421ac01de3348b95d5446c8d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4c6388e8654a5c07_0

Filesize
302B

MD5
98d889be5b2ee9337322ca5c2d21af45

SHA1
4e40cbf52e268955b2f107b92f004db6b234427a

SHA256
429fb9d3fd24f0b0885c62593fa69aedfa27f7de36f871b02e4f75f74e19d1e5

SHA512
0d01ff976e4e88c34a97a26216bf52d96ffaed7eda260ba65721d6f2fe9356831c73807698c159f59609cb3f3af6809b80689b1f8f8ea58f2e19c345d3454733

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7b508899820079f3_0

Filesize
303B

MD5
9fdd1906226536b03e476542b279cb95

SHA1
16563e6d1472b25d1bcff4952b4f25671604daf4

SHA256
59cb25dce0fbb3a3aebce9cd67909a8547ca8ba5f689a008009300a8d4c8ad65

SHA512
c3d25dac170e7ce304bb78a9a92a96e93366093567c0d43fbdba00871b8eab5657454868333ff0b8d10ceb0781c3ec6c21b8d364863741b76aafb402bdc82933

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e5caca2d4f4087fa_0

Filesize
4KB

MD5
78cb3e1b98fc055016ab662ad6ef631c

SHA1
0258f228425e03eaa40b4da8a6eef0eb8c52b30b

SHA256
35555b5c9c2f762b76662ff55718e4908eea473f2e97e84ba6f2e6c4bf269503

SHA512
90454739b183db4cdf6064416cf32161979017e9c9025efe44bcbcea975467827da48735f54e76d8028ccb82c7301239bb249943b03f2b356c96cd45b5122a0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
ce194939e9de34ade5881a59dce30370

SHA1
8d787813774708f5ae69b89eeaa9feb839115577

SHA256
0e6e25311928b25feeeed27e0ce250a7d5789dfef8b5c84e98941d176175fe61

SHA512
b26cebf564f1a38b43c6dec171a69dd3cf4329f0d861e6d0759d5ed20ce70f653c2b35e95d1774f26fb58df524c1ec2befd7542cd65e94d39b8eaf84c055df12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
12da8a1d6c2fb0434bdca1257f978523

SHA1
4885c63584fbbdbb15d2d10fafb1eccd2f2261b4

SHA256
8af6f6ffb1134bfd11549d62dd1a9af7e39205f2792afa60e9bbf2bd0a0110e9

SHA512
0a9e19d17f58a392a9afd0857ae8fd621756952764124c33e94d7165522b93fe1f9b0b13162f365d530fcc398c378ec01c1bb951968658b1cad6b71566a77389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
4fef5180683aeccdc08283bbab0fec32

SHA1
c997d565f955f70982d082abfe18faa963c0d980

SHA256
ad1d46358457af40b926ae0856177bcd38636f747760dd672bb7e0b8b811d020

SHA512
95265bb1b1ec593c6e16e9283b53db639f6ef5a58e44fd6112195f596dea5d6808f4d4c1fe8fdb8356fea58389eb84e6954efe56cf72d1c220a91204d1a62e83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
d9fb0138dd98e8d07d0bb46715a5a4d4

SHA1
c35545595e581dd32bbc820d3878318ade038671

SHA256
344700a821b3bd08f96511684942122bdeb6df2d0017f11394446cc22160b976

SHA512
6c7e32f72ef0a9fa04ed57f5304c42045bde27728a863d8dcc117ccfd2827f552e7295d34052e67f09f75283f166847f57b7848192785b799e12f0f00f407f5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
2cd8a860556871ab57246ce5f7b08b44

SHA1
9578517451fb1d1137927c007fda9d182bb304cc

SHA256
24dbd9ef363110208f318c8c228f6c670306ec3ed708f630d0224d210a8c5967

SHA512
a4391211e5ef77ffa980df3f6e880d24ec51cace14892c99bab0711d9a51acfb4c4f175e844d16da229e9ba79e351cf22a7046c541c089ad40dc6de8aa4caeac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
3b59dafdc67082746b3a4369fabfa5f1

SHA1
778384b2e80cd8f12ec72855e101ae815ffa687a

SHA256
5e3ed3475726a0590de13090c72cb8b722be6a181bc9fb6b8e795099fd051e8d

SHA512
570c8a3ec1af645372ea34c0789eb77b844b701b1445df8cc1320164942af9063c3cbc98c88537150dfb430fb45e2ce93c538d2ecbc18a8ee2c2338d4de21cc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
ec92a786b73bbfebce71842b521cb7b3

SHA1
d5b46731ee119ea58ebb4b649e7f62d00dee124f

SHA256
7d82121a241265cb2da4003e50774e3d62b5dc3372ec2baac8520d1eb7d2cb28

SHA512
8f74258205392c49231a182025a84fa03cd410f461e1b81aaf1ecc33cf32ccb3511fd299ed047a03b0a601b6cf8f5a5620a905bf139328c57744bfec1ca383f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
27KB

MD5
a7c570daf61c63f933e21c2f0a4eee85

SHA1
90e3aa64b425f3d98e488aa5d9be766af019a9a5

SHA256
2f8e4478fdb06296743f455d47669d72f022ad11424736bd18a0727c6494c8b8

SHA512
67c8a94ee9996eeb3f4e245b73cd004902ef7b687861c2cfdeb99ad3db32a0f17a76826eb1eefc27240b10efabcba51dc1befe291848bd993d587809c9d0983b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
0589211cfcceb2137f530e11e5064f26

SHA1
f6d59238dadf7e2d6dac611534ddd044d324ec32

SHA256
95940c9d06db0648278137d79cb9ac702ebf87cd6873bc2d7dd82932b385d0ae

SHA512
d48ab463fb5a53d5b362b590674670238fb9d68509f0576e24dbb9223a0bcee591139e032dbd44b65dc79630b86828e901226cc5a08a6385cb7fc25d1344480a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
a6d3d9c7a0b8189bba4ea1ff415c0482

SHA1
9be202d96ca25a46c2a044c3ccb869a59a5f1326

SHA256
dda9df4f1273622cf09e78e731bf22b60b1fa402e6244592dc3d207ae606609b

SHA512
e87412f11b7f1b803b28dab0700fb1402a827419fd1a02c07e71726b4fb33e3caa32fafeb1571ca43b8287e120c0b2ac2a2ed5608c891d3290c3763a1b9f36b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1a91a87cb1a72b7f064d618d041392f0

SHA1
b7b182898facfbb72aac18feebde073630105904

SHA256
a6bfe7a838bcac503144416d1e8e419e37daf13fd0f25ed2e2a674a222ec4276

SHA512
055b83691cca51b01ea16fe513337b4cc828252b7eb70262ed2148e9074eebc92ef019e9251563016b40256ed5eaa5edf161d9cb9e6fccfae0662b93f53e4d6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fb71191bf46537d5c836ebb885394772

SHA1
6de6b8f9d59b6e3f8f03a6972d0f4766c9b2710a

SHA256
3fbb190319599dfa8469b4b5be96063b6ed37f0af26fdaa5c3a4bc5780c2cba5

SHA512
321b2e4aecd80fbd4e279381a4b384279bf3a9da4f062b42a58dcc403aa7bb9874296ab7bc98a50b657c5a0fb74534a7e989245e7422662d12e943b03bf55553

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b0b6383c4dc13f1f9270c844ce0e9e7e

SHA1
6d3e957dbcf8ca8ab8455970d07ff28663e5f277

SHA256
99ae106bc03e5be6662ae1f1ae22696607bc107aa7f8b35f9ee416c6584c36db

SHA512
09a742f62005d06a1e0d1378e5369bb77f73c3bc068853a17e179c1b8d2ffddbcd14f2befe032219796f4388d74d1bcdf1590c345af77cdb78ac68dac5e96ee3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
26e67d8a940cb22760d1e373c10d7ae5

SHA1
aae493b4b471d7c15d5bdbf37e4f12f8dc71c416

SHA256
e88f1db038b4ef02a9f61812a00ca1a961fb1e6e8bcac1638ef77b78b646e880

SHA512
00cfd5e399a0ee26855ac571057c1a081772b9dc7ea15fff1ffc32c8a9d0ad82777323147831d67add8e97b2d9986e7a952512468c2435195c52d861b366e501

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
12fec10d929cecce073a1d9e6f167def

SHA1
b2c5b84f668913fad9dfb8a04ed7fa3ac30a8218

SHA256
e2a3fb53005cf8592a25a4207ebee9b7daabf749fdc279e1ddf5ba01d27516f1

SHA512
7c3c80e3b79125f8009b52d847c85477b2850c3d7f5f42b40123927452e6920264d6dad4a0899d848f2764e5910c5ad64c447028a901430f87e627dab1c7f59b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
a8e7960ddea9cfc5264b9b4ea322a282

SHA1
65f698e598cf310c621749500742f171d66ecaeb

SHA256
96671de4ad3e4feeb9a5cc93cb428e8dd5502d2900a0cc0a75e9726f13fe9562

SHA512
2b3c1f78cad229d663d44e10ef20fe77bef207354b03f842dd06c99329946f208afddeda279f0f6d4970e432a9c75f0484e89b9809e0fde851431a1791971979

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0024766c1676c6217f2241357c119253

SHA1
c9734759243344102cef72ba2d785ee799f30e92

SHA256
e3da34ead61c13e54ed269321f887e824cacba1a14e20a3f4ea9a536d0d6b972

SHA512
db7083330e31c6d04d38a90256a64877679e31f8d6514175dac896832256d6aff70ab64c25ad385436fc031d7a76177e2751f69139bd84a6ffc0ae78ffccfa30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d687b4494b46d3245932ccf2023560ab

SHA1
abdd86015c2907705e4e19fc3ef189ecb91db700

SHA256
4592650443eec052e6aeee3cf410dc9cdf8090bc8d25c4a3ae5a00d3ae56f372

SHA512
364ef45074a01a2b07520d43caead0cbe1583c8e112bd0865414594e542250b3abf3e47984932c8909be65eb068123c6d8c0446b73b3d10e175549d8b7a30d16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
6daf97b9de99fb5c139df0839d578ecb

SHA1
7ad4c0c0621fe160b966410140e1f3a52b4f01cf

SHA256
dde752c6110ea1dda8f5860270ff64d07b78b4a0bbbd820b7648e4d970f9cfd8

SHA512
21fe122910f30a02d6ed9d41beff38f62f301a16f412361b8bd1058660399ec837b1434f73a3d30786153fd232de5b59b469949e033aa498e05df631de54b6d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
f46d7b752be13f7919a4e47ca96f0a37

SHA1
e768e979bdb19a385a1224b42c24922fe55bdd08

SHA256
97b99fb3f304a7e55c8cf1415d28894c8e5c70c5eb1f2e670aaae36f7ca38235

SHA512
c55fb2727030bb2811f108974f274b4df9bb3c572d2135fbd7e021dd1100ec2dabf90d94e3181a8d6b0ddb9a4c64ad5dc63fde4c356c2fcabe46fd727b314dcb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
c68fbfb1b0135b966a4d0451903fc0bb

SHA1
17769b4b3fee903186ebf58e8fa4596bef0acb5b

SHA256
5910a2e1e831541783c47f22a508c193693f97006d2413134edb424fad002c15

SHA512
77c219c8a1697cf3052548c1fac5b04fa6457677621229ce058bf8d8d757cd1cf19804425aae389e24eb33970b6ebc1f2ed6f61c37c8ea170f031331c304a299

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
16c272700a2680c05c671a9394fb4c2d

SHA1
bfd40179e96489f9d2b8ec93c8d42d25ff954c2b

SHA256
aed2238251325411cabf5f8abb3a1396d89408ac441be76c91612689f69859ed

SHA512
e4c99c321e476a98e38eb8a7b1238ad000f47a4529e6f81fc1730f66ce9406fab04ce2b874ad11a83b4ec9a2192f46a1d7a1151dab2ad5e95ab307913d2f49ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
89bb66e3bf5939cb479f962e099c6d01

SHA1
13cc24ae20556db104b938d088bf8076dfd28aa2

SHA256
817ae4c60d6145553b5fd3d9538f062b962d413c1ee17fad6b16b4067e391fe0

SHA512
503fd57cee5248148517fc647dc522e7900f4eefd4402fc0dc194c667c26351a345ffc274d9feca47a137e631b57b6f758f4b76c308ba5b85d48d1251bb5aca1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
6e966b1e27dbae6f40f372bcc050aba1

SHA1
bc52166d4d7751f0f5cc3df2d9bbfca43e8eb2e5

SHA256
3d3ce90d8b04fdd523a6e6ad045543f9875b3d58756b8d740f36cb5339ae5840

SHA512
c8584108de5d8947e4b0e1fb42e2a78331db0228f0c6555be164282661fd4d5c3a317f07f16009c8dc740eb443c4d354ac8dc33fc0951b75713418058448155d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bf1aaae9b06db282e35b8f35bf459ec8

SHA1
46ef71676cd13fbb8fd023e9dbb9cfd4701faa79

SHA256
f9713e984627d5fccea17f4a11c5aeea16c1d61aaf72255933e66ed0a165950f

SHA512
f259cedb5242a8cec6242127f2c333240faab25704f4d899fd7847bb3e37484ad21e7edcb5714d917441a377f067bcbc87aa2bdbca9601dfcee995633670be16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
883dc201e98ed9f084e28699a0173ad2

SHA1
95de0c7654802dbeb9fa7f932ecd5af126c573c2

SHA256
f6a6a245722001ad6e52e8e600a6a3a477e88cd806d83cbd91e339e9d1b81440

SHA512
88877adc988696139543dde38cf9bb47945d8c6418d72bd175276d02e3a9596cc0e41a703ea06c3b7ed0395c899f719172a2d51aeb7974ce447a5285619dd13a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7001e5a9f3888d5c592bc70325fbd476

SHA1
076d5127ca31841064fd695c03707afbec49b465

SHA256
0783953a192658f794031cb62899616d73b41b382334b17685f9f657258700c4

SHA512
405785c3a554212f28952881bada587d6d50535bfd83104a065eecec516f7d4cbea89f2e8cb5f9437f87e7b73a72446b2fe9479b6bb0eff7987b2c3d197ab4b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b30982e1be4f9208e935f7c62070a04f

SHA1
af439283a26d986a76c33dd5c338b0f0c46cb220

SHA256
08fe3c9b3cb29a06ea1e57fc1d10082064839c1e01e1b844b7dcced7647d3989

SHA512
327fe17b22ef62048b4a52fa50f37c3f309e6905b832bed5e634ce4fb4da54255f0bba3865326aeffcf0aff899b35586d418217163958587599d025f36a2218d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a357cc66c7fd6283e7835aa42b871393

SHA1
e50f85a34a14c429db3a6b7a8cee92eda1e19c1d

SHA256
39782ce0f159be1ff6bc2782971450d3cefd52f13a5730717a007b6fac24801a

SHA512
a37fd9815d6f9d3508e9864c9b9c92d6a3eefd1b7f55c5d8fa2560e04330c444a41c245dc6045c7e48aa2ddddb2bb171333565d5583b540d72b34d9cf6e4be67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cab5de9009ed250034b85c47d85179a4

SHA1
99b79b6859e479c3d0dbda49413175419822fd21

SHA256
d2dbb2827a413139b95d09c079204b5a463a112e51f62340dffb33b12cbeb30a

SHA512
0515cb8a477412b1fc0b5697f2bd71d45622b317bcb691be7f93d0b745bacd8f069a726d7f180565eb8b8bf9f82b0f7fa163735d164e318e56e0957fa412d57c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ea667a948b68f377ce8ddf5fac11667f

SHA1
c60ac8303251e4bb6e679dd430ceaff09bbb86d2

SHA256
59cbd4aa59a93cc872e1ab1920b554766bdb610061093840d2a5298b329db3fd

SHA512
f8cf214ad5af0b8881e8b334a14095bc90fa1a4cc4b0980b6b876ca53c99a8b8304fa9876caab069aab5de24a5ffbed029ca1f85a6b28e2d70694c833b06bf39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
1a68c25cef6927c9f30f500762fa5353

SHA1
4af6d9078c6e421e8a022e22835e4ab0a4427191

SHA256
7b4dd6a5a22f442263b186593588129484b136273f27c65a696ca6dfa12e0ac1

SHA512
ed2a850be5310c55a3c36cdf91240b4c74863f4148a805ef39dc6339121e2d00d0b6ba134017a977bfbb00ab6ec18aa2a4ab93199d13ee1728bbdfebbf29a685

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
af66c507d53df397b1d6fdc19ea2eec3

SHA1
cb42b313e4717df1919a0e1ac572e3803c4afd24

SHA256
f2bcf56c70d8b84665468f22f64478e8b4fe99b353af139341384d2a9bcd942d

SHA512
1a8ff84144400a4eb42d15dbc72db7bbd3135d61f2ad761cf335b74b8e5088374c47600750b6d6fa267953ff3922999f4d0f33a8d94619fc15b08fddcafc7446

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bc59c10beea92572f809a49c8fb5768f

SHA1
5229c8d233b8dc35133d66a209b66cf50332a21c

SHA256
2be5dff50ecb40d116159351e693183ce78efeb5f09a2be376eadb641836451d

SHA512
de487ea719b4921029df9c4ac71f36a272de5dcefac67de46122ff2d978b06aacac1f9d66a2ad64169dff8ab6e01b1d0fe2b6cac04ca20f7372859c36d0fd046

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5481496f73a0ac347e697530f1146d4d

SHA1
6a4acee575e15da759ad93b149ed2840b6bc0f26

SHA256
71bc33a4e08d7cd8d6813c64b9d603f1a69b0d179ca0567813ebae40f5f56dd3

SHA512
31123e1f5e431000f62905ae81b3027118b16feaa170c1f07dbec256d1c1ddf2b1c39d62334ab81fdb023e18eaf84409a6fa48c947e6cda0c921bf549a9ade70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d444f21c05536eb7f7ed0b9623a35884

SHA1
b2d0641dcf1b7cb1489497b767beb04dce96f109

SHA256
6909e02ee2538157ecca2cdab60841e86103c2f4e4c8599de0aa06af9c9dd7d4

SHA512
4330ebb05db6182a5f94dca64e2765f83e3be6a5e74dd30721842e8eb0b4c06656d8b7bc1b1b6255c7db16c19c779c82bad34520c7c4775e897ccc0e8ed10bfe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7216da8a6963c7de8343a2a1ec4fe093

SHA1
ecf85452dda10582df5231e14522edf8d715f64d

SHA256
771c6c0d8b3e33cd77e12d3490cebe17d738a3f2e63ae3a43b84723d99287185

SHA512
a3dde645e918e1cca6128e1a19de1c430a634f0c86d7f8015007f10e3bf7382701c5df6392b6171101d6ca166c2a56dba92920e0504d5ed9983c8c5e5f940c4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
84b2259759d08f825bbd17cf9d312c74

SHA1
67ce4854d70a005c77db4946f7260171fca2ba6f

SHA256
d904beedeb8f241ec3560d9af042a32768eb5540c0eb66ffecbc8dc641343355

SHA512
b2bdff055cd3a7137e4e8dda1a50b9f3f073278442869aff2deece5bd536ff72f74166671afdfc6c5369c8c92726995c9c6123eac434cdacbb1b15e26169a27d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
6ef303f57dc600f97ec8d1dd9e6b4767

SHA1
e69edfc6848945d07b1b74bb1765dd12450e29f7

SHA256
efaf280523f4f6f267635a8a5fe38f60f609be9e720900ba00d5ac66311c7364

SHA512
1028a9ef1713286d43094684ef2148644718ac6a7add6f94f2387f9db95bfca95bc9dd67cfb8bcfc09cf883cbe0c9fc4dc9c972d2030e37b0591b1af1620106c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ad3e4fbfaf6ff88565a3a21940bd9d7c

SHA1
e769f94c0895072b3e325716d1003470ef9f0a72

SHA256
10623002bec93f6ef73671f13b98a697610b6f468a663b50c56565eb1e73c3c2

SHA512
4eedaa7ccfa05788d45f28c53dc8b023008a32471e1c53ebef16582bd0b9718bc88b42941a53a88fb3294b585d320f8cac3920f49f30b7957ddfd1f743138f76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bd83fd8cf61287168a851769b6f1c76f

SHA1
d6413b98d284864cf2950a5ae9a7f387b24cb29d

SHA256
7aa158670e15cec9423049177097237fce541fb454f91b81e31d876bc39e1d61

SHA512
9b6cebe7be924f62a61074b72105281fbaff47fb8a3f2656ffb59168fb0bcc6b41772e556e57b1289f1bc579e9e88594e47a5c4e9e133b664cc1d18fe43bd3f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
2c2f2cabfeb36853e68cc11cc88b6cf7

SHA1
463606408a850843341ec6bc7f0a4499c43e25d1

SHA256
36c32e3190e3ae4b23db7150fd4a99f999d1b3aef9a7dac5f45816e5d59d1ac1

SHA512
ae92044acb71d2847a7f8593e59fe83c7a07907c6384c60d16fe3e2686bd006b2088c37886286b76829c290f8aedbba9416849f25ad76a7425219f45ae375cf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a4c115637ac9ebb411c17ccb556fcc21

SHA1
adfc54e07dc4f65e79b0456eb2f188e7856c9f5b

SHA256
f2529f3d1b9f72baf607a4ec9e5cc6cd61403a354e24a1e6f3ddbfbb395e4211

SHA512
50a71083b2972973a93f42426b2cdaa85d6a46f80e26f346d05ae246980a449e81fe2f5a7eb3a2171e0a979be40b70bd650f715690927f6eaeca0ca35a49a9cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ca4260eb717b2aafef667fc4c79c994f

SHA1
adfa33e4f0561be4693a0fa0c2b8f4a01e684f98

SHA256
f26cdb442e34698a5d18253ab98b1a6f96f98fa42fcae0777923cb99b85c5577

SHA512
4292a86a3a10fef2db5cfab4ae012251644311522d1335d7c111d2418398abfdbb07e461cf2ed2cd346e6ea6a644f968bec886604a0d67ffa453ccb8b1fef5c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
65eba893742d797647a273b5988dc2c3

SHA1
320a19e273b04b4f119d34ba98cf3a9dc3b8548b

SHA256
71156f32a19ae44732e72b301cd772fa63f3670d1360fb3cd78e9fe3234419f3

SHA512
44f6b36a094fa1b04a3b96094b23ab1140e1152207e8e4736f07ba2ef90b4aff1f7fcd2343677a682e8d3ea374e220f50cc66cb240f7084e2593d16bcb2f797c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f9ab781f5f476ec1ec80330a03d96aa8

SHA1
ba155bf922b16c9acbcc873e1a09c39c7887d974

SHA256
4fdb3e1743720851ad3a67ce2e93b203f2d446baf9454f64d2a640f7ef3de9a5

SHA512
88e7ab0ac2c9823c54e96d7a35ab35ce488394be2d4dad70e90f93c0de5f7a7378f744e6a9e0183b20f7d574169372467c2314befc49f1797fedd6fab5fec264

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
15941983a900da61f17ebcb71531d98d

SHA1
51cc7e39dd94906cddc9eea48abe914b34e0c68d

SHA256
067a261a86a75fc74be59aee81aaff65cc43a695c0ee2a96d60d96af9b3e2c99

SHA512
f7b76d39464f37d93a35ad5ecefb726d07c534ddfc875c5f344f7a4e49b2074261d05716c34e28d062522fdd9403d934ae488c9aa9b75992fcf7fda63ebc1a2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
f7ef3b4f0a091243b975c25a2f754bd9

SHA1
a4006322e10345741e854c8be25b1dedd5f96bb7

SHA256
ff134ad736e402f7bab5f4a6af6171e5dc1d2121998117ea6409c54add2a5df8

SHA512
beec8900dd600b87b7c321c2967f6eb04e04e0fe378ac0f32ac2bf7447d228d4aa76f2b13a841c446fe5f663d16fbb347c3e92921cf0bb8bec245ca618619850

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
98e292d90827aeb2cef4572376a974c4

SHA1
3423f8775b73705205c49bb1125d8e95b611d6f4

SHA256
b36fd65d8b07c26ae2b6e82d3d8ef6d2ddb42e9405e0f0d244a240aece4b5bc9

SHA512
b9d6861669bad04691aaba702a89221af7ae973bca6f436443d0bfa4158c5ec731314a221f97aa854479eabbcd3a4de2aec44879b90a0abdc17e0164ab4eb610

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
39b41a2eb8bfa0198690935f7e41755e

SHA1
c12d773ec6e5997ab4152c15f0deaac031ea125e

SHA256
94728428df34b8d7ea96ecd4ed5aad76a39fb83345ad2ab2ada0d8a7b3cb20ae

SHA512
b586bfb3b1bc8c30cde541fd819dbc40aabfcca23698a66f745c3ed0fa98ef960169c3fa1354728a19352a49a6e9155a057fb99007f6a1f4d543bc275651a7b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
4baee3f9b8ebafca4d48bd8783cf7c26

SHA1
faaa2bd8d11bc803259d51a245fbdcc46feb636b

SHA256
e1c9bdd8f9dee4173bfc5e4d0d66209b93abe930c3174ec8b793f9c679462146

SHA512
3aebe81304c6664ea737b0473cefd3d67ffd7dac70a5b8f19cd9f57dd0bb5cc766050c2dc14cc4cb05b921067c5486637929b05ff40df2ed4d1f02b5811f4c81

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_444q1me0.l5f.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\SeroXen.rar

Filesize
23.1MB

MD5
32765ffe043fffdffb2ba8a8b6f89a4e

SHA1
47ea61de920c04f9254098ef2d37f1958b3d9306

SHA256
cbabea244b59711714b5d6661d0f5e9281bad97e7b8a67d45080b31dccc30dc4

SHA512
d05071286fd590f260b4b0251ba2277a4d915732b91c488bc30161679c2b4a57c6437a59dad6938cd725bcde878e31c2f8f5c00998755547fe35bdcab940ab52

Download Submit
C:\Users\Admin\Downloads\SeroXen.zip.crdownload

Filesize
25.3MB

MD5
ef9d9c6850bb2d073f10bfdf4ec15bd0

SHA1
eb6c07c9c2b5e9ebaeeba6429541f93adb6c76e3

SHA256
83682cf0550359b45a122310c12566d25bf6be2f8946686ddac149c0a33ae2ca

SHA512
1754132977951c8a54f73ec3df154157889a9436a40697024264e7c0dd7e72e863ebef8fa7a2f13e724ede93399850bc3c6d9f456325bc56578c3165e94f1a9a

Download Submit
C:\Users\Admin\Downloads\SeroXen\Icons\icon (15).ico

Filesize
361KB

MD5
e3143e8c70427a56dac73a808cba0c79

SHA1
63556c7ad9e778d5bd9092f834b5cc751e419d16

SHA256
b2f57a23ecc789c1bbf6037ac0825bf98babc7bf0c5d438af5e2767a27a79188

SHA512
74e0f4b55625df86a87b9315e4007be8e05bbecca4346a6ea06ef5b1528acb5a8bb636ef3e599a3820dbddcf69563a0a22e2c1062c965544fd75ec96fd9803fc

Download Submit
C:\Users\Admin\Downloads\SeroXen\temp.hex

Filesize
85KB

MD5
fad3aaf3015914e834a9d0313fcd371b

SHA1
a4715a153a79263436819905b87b54acae4b2227

SHA256
917674ca36b5345dccd41f4ce772c6ffe8c3054520ebd2923fba768cbee77690

SHA512
64c9bd116ad70abf9e8bf444f248915383d4b4680de1f6dadad649e0279803c9575952b0e1995a34e47c5a73eb42e23e964437a4a7828d3214f3f694383db83a

Download Submit
C:\Users\Admin\Downloads\winrar-x64-701.exe

Filesize
3.8MB

MD5
46c17c999744470b689331f41eab7df1

SHA1
b8a63127df6a87d333061c622220d6d70ed80f7c

SHA256
c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a

SHA512
4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6

Download Submit
C:\Users\Admin\Uni.exe

Filesize
41KB

MD5
09e870076cfaa16f20be5050834ba8ff

SHA1
0b8b26cdaf08a07b8e86b1643ca23e249c8f3840

SHA256
f3fcb094f57ddd9e4c29eccc62e3ad3ce50d40230fbe0f00324ccf18acd68bc4

SHA512
d655030bf9bb84ecdd7109aab55c33976e2a2cbd63ccece48d3e881b1dd378e4e17f157a3dd9a07e8786650cbf46b8d742a115cb9906c9b69d7143c2b4de0643

Download Submit
C:\Windows\SeroXen.exe

Filesize
13.4MB

MD5
43187e3b9c5a826cd84f0b7c5db6513e

SHA1
881fd6c6e4201951fddc18b5c3f4d98024837294

SHA256
2bb96b6ab92c923027acb944f62d78838471866c5821a5d536c8524faef336de

SHA512
34803f750e4f61a43efc9b3126a3f2051de31e7756a86ec3c44fc3824bd811e0359235e0bb74b1df98b978ed22c1f4e13ff1a86cd076967a0be1afbe90d239e7

Download Submit
C:\Windows\Uni.bat

Filesize
90KB

MD5
011e90b162cf67f34f91d6d563859817

SHA1
30ce18995be9545ae88189bc3ff5defbd2392d11

SHA256
6cced62e6af36a52c48fdf0efb1571a44d6469f4ca66ca510020e5da407ed613

SHA512
51d47a852b27540154c8b3ccb295dae4874475bf631be931bf8a4cf271805e927162c7f01e8df7f0aea8b9a860dac3500e59208cb60440bfa8e827325be7a36d

Download Submit
memory/3124-2011-0x000000001CEA0000-0x000000001CEAC000-memory.dmp

Filesize
48KB

Download
memory/3124-1793-0x0000000000830000-0x0000000000840000-memory.dmp

Filesize
64KB

Download
memory/5408-2042-0x0000000074950000-0x000000007499C000-memory.dmp

Filesize
304KB

Download
memory/5412-2006-0x00000000079B0000-0x0000000007A53000-memory.dmp

Filesize
652KB

Download
memory/5412-1985-0x0000000005ED0000-0x0000000006224000-memory.dmp

Filesize
3.3MB

Download
memory/5412-2009-0x0000000007CF0000-0x0000000007D04000-memory.dmp

Filesize
80KB

Download
memory/5412-2007-0x0000000007CB0000-0x0000000007CC1000-memory.dmp

Filesize
68KB

Download
memory/5412-1996-0x0000000074310000-0x000000007435C000-memory.dmp

Filesize
304KB

Download
memory/5412-1995-0x0000000006A10000-0x0000000006A5C000-memory.dmp

Filesize
304KB

Download
memory/5712-1836-0x0000015CECAB0000-0x0000015CECAD2000-memory.dmp

Filesize
136KB

Download
memory/5896-1764-0x000001CFB0360000-0x000001CFB10C2000-memory.dmp

Filesize
13.4MB

Download
memory/5968-1970-0x0000000007C10000-0x0000000007C21000-memory.dmp

Filesize
68KB

Download
memory/5968-1971-0x0000000007C60000-0x0000000007C74000-memory.dmp

Filesize
80KB

Download
memory/5968-1956-0x0000000006130000-0x0000000006484000-memory.dmp

Filesize
3.3MB

Download
memory/5968-1957-0x0000000006C80000-0x0000000006CCC000-memory.dmp

Filesize
304KB

Download
memory/5968-1958-0x0000000074950000-0x000000007499C000-memory.dmp

Filesize
304KB

Download
memory/5968-1968-0x00000000078F0000-0x0000000007993000-memory.dmp

Filesize
652KB

Download
memory/5980-1765-0x0000000004BB0000-0x00000000051D8000-memory.dmp

Filesize
6.2MB

Download
memory/5980-1824-0x0000000007020000-0x0000000007028000-memory.dmp

Filesize
32KB

Download
memory/5980-1823-0x00000000070D0000-0x00000000070EA000-memory.dmp

Filesize
104KB

Download
memory/5980-1822-0x0000000006FF0000-0x0000000007004000-memory.dmp

Filesize
80KB

Download
memory/5980-1821-0x0000000006FE0000-0x0000000006FEE000-memory.dmp

Filesize
56KB

Download
memory/5980-1820-0x0000000006FA0000-0x0000000006FB1000-memory.dmp

Filesize
68KB

Download
memory/5980-1819-0x0000000007030000-0x00000000070C6000-memory.dmp

Filesize
600KB

Download
memory/5980-1818-0x0000000006E10000-0x0000000006E1A000-memory.dmp

Filesize
40KB

Download
memory/5980-1817-0x0000000006DA0000-0x0000000006DBA000-memory.dmp

Filesize
104KB

Download
memory/5980-1816-0x00000000073F0000-0x0000000007A6A000-memory.dmp

Filesize
6.5MB

Download
memory/5980-1806-0x0000000006C90000-0x0000000006D33000-memory.dmp

Filesize
652KB

Download
memory/5980-1795-0x0000000074B20000-0x0000000074B6C000-memory.dmp

Filesize
304KB

Download
memory/5980-1805-0x0000000006090000-0x00000000060AE000-memory.dmp

Filesize
120KB

Download
memory/5980-1794-0x0000000006050000-0x0000000006082000-memory.dmp

Filesize
200KB

Download
memory/5980-1790-0x0000000005AB0000-0x0000000005AFC000-memory.dmp

Filesize
304KB

Download
memory/5980-1789-0x0000000005A90000-0x0000000005AAE000-memory.dmp

Filesize
120KB

Download
memory/5980-1778-0x0000000005490000-0x00000000057E4000-memory.dmp

Filesize
3.3MB

Download
memory/5980-1767-0x0000000005380000-0x00000000053E6000-memory.dmp

Filesize
408KB

Download
memory/5980-1768-0x00000000053F0000-0x0000000005456000-memory.dmp

Filesize
408KB

Download
memory/5980-1766-0x00000000051E0000-0x0000000005202000-memory.dmp

Filesize
136KB

Download
memory/5980-1763-0x00000000044B0000-0x00000000044E6000-memory.dmp

Filesize
216KB

Download