2292ff743d56d7dfbfcf9e0c187739615f0d943010e59b9c0cecc95b541a2bf3

Analysis

max time kernel
600s
max time network
578s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
14/08/2024, 18:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

idk.exe
Size

34.2MB
MD5

25fc564ab1e9c47caf1c21d5e7b2cf91
SHA1

cec136b3071e3b62f115839dc998b348db5c8fee
SHA256

2292ff743d56d7dfbfcf9e0c187739615f0d943010e59b9c0cecc95b541a2bf3
SHA512

156a45745ab481dea11d5c41174a39f3c4fc0190874619a4000447112665f7b794f6d44039be40ba2d09f5d4d8a51576f48bbb67b007049caab4c8918e6a3318
SSDEEP

786432:iRp1g9UHsBy8oaxgDUukWXOJJhYivSnP5SAWsjxe/MnaB:UTgFooLuV+JJhYi6nEAWscMnaB

Score

8^/10

defense_evasion discovery

Malware Config

Signatures

Downloads MZ/PE file

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyApp.lnk	idk.exe

Executes dropped EXE 3 IoCs

pid	Process
492	idk.exe
4104	idk.exe
1044	idk.exe

Loads dropped DLL 64 IoCs

pid	Process
492	idk.exe
492	idk.exe
492	idk.exe
492	idk.exe
492	idk.exe
492	idk.exe
492	idk.exe
492	idk.exe
492	idk.exe
492	idk.exe
492	idk.exe
492	idk.exe
492	idk.exe
492	idk.exe
492	idk.exe
492	idk.exe
492	idk.exe
492	idk.exe
492	idk.exe
492	idk.exe
492	idk.exe
492	idk.exe
492	idk.exe
492	idk.exe
492	idk.exe
492	idk.exe
492	idk.exe
492	idk.exe
492	idk.exe
492	idk.exe
492	idk.exe
492	idk.exe
492	idk.exe
492	idk.exe
492	idk.exe
492	idk.exe
492	idk.exe
492	idk.exe
492	idk.exe
492	idk.exe
492	idk.exe
492	idk.exe
492	idk.exe
492	idk.exe
492	idk.exe
1044	idk.exe
1044	idk.exe
1044	idk.exe
1044	idk.exe
1044	idk.exe
1044	idk.exe
1044	idk.exe
1044	idk.exe
1044	idk.exe
1044	idk.exe
1044	idk.exe
1044	idk.exe
1044	idk.exe
1044	idk.exe
1044	idk.exe
1044	idk.exe
1044	idk.exe
1044	idk.exe
1044	idk.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 11 IoCs

Web Service

T1102

flow	ioc
1	discord.com
58	discord.com
60	discord.com
2	discord.com
6	discord.com
8	discord.com
9	discord.com
10	discord.com
56	discord.com
57	discord.com
61	discord.com

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\idk.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133681351719438671"	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\idk.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4208	chrome.exe
4208	chrome.exe
788	chrome.exe
788	chrome.exe
788	chrome.exe
788	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	492	idk.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe

Suspicious use of FindShellTrayWindow 39 IoCs

pid	Process
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5112	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 796 wrote to memory of 492	796	idk.exe	78
PID 796 wrote to memory of 492	796	idk.exe	78
PID 4208 wrote to memory of 3892	4208	chrome.exe	91
PID 4208 wrote to memory of 3892	4208	chrome.exe	91
PID 4208 wrote to memory of 1144	4208	chrome.exe	92
PID 4208 wrote to memory of 1144	4208	chrome.exe	92
PID 4208 wrote to memory of 1144	4208	chrome.exe	92
PID 4208 wrote to memory of 1144	4208	chrome.exe	92
PID 4208 wrote to memory of 1144	4208	chrome.exe	92
PID 4208 wrote to memory of 1144	4208	chrome.exe	92
PID 4208 wrote to memory of 1144	4208	chrome.exe	92
PID 4208 wrote to memory of 1144	4208	chrome.exe	92
PID 4208 wrote to memory of 1144	4208	chrome.exe	92
PID 4208 wrote to memory of 1144	4208	chrome.exe	92
PID 4208 wrote to memory of 1144	4208	chrome.exe	92
PID 4208 wrote to memory of 1144	4208	chrome.exe	92
PID 4208 wrote to memory of 1144	4208	chrome.exe	92
PID 4208 wrote to memory of 1144	4208	chrome.exe	92
PID 4208 wrote to memory of 1144	4208	chrome.exe	92
PID 4208 wrote to memory of 1144	4208	chrome.exe	92
PID 4208 wrote to memory of 1144	4208	chrome.exe	92
PID 4208 wrote to memory of 1144	4208	chrome.exe	92
PID 4208 wrote to memory of 1144	4208	chrome.exe	92
PID 4208 wrote to memory of 1144	4208	chrome.exe	92
PID 4208 wrote to memory of 1144	4208	chrome.exe	92
PID 4208 wrote to memory of 1144	4208	chrome.exe	92
PID 4208 wrote to memory of 1144	4208	chrome.exe	92
PID 4208 wrote to memory of 1144	4208	chrome.exe	92
PID 4208 wrote to memory of 1144	4208	chrome.exe	92
PID 4208 wrote to memory of 1144	4208	chrome.exe	92
PID 4208 wrote to memory of 1144	4208	chrome.exe	92
PID 4208 wrote to memory of 1144	4208	chrome.exe	92
PID 4208 wrote to memory of 1144	4208	chrome.exe	92
PID 4208 wrote to memory of 1144	4208	chrome.exe	92
PID 4208 wrote to memory of 1496	4208	chrome.exe	93
PID 4208 wrote to memory of 1496	4208	chrome.exe	93
PID 4208 wrote to memory of 1184	4208	chrome.exe	94
PID 4208 wrote to memory of 1184	4208	chrome.exe	94
PID 4208 wrote to memory of 1184	4208	chrome.exe	94
PID 4208 wrote to memory of 1184	4208	chrome.exe	94
PID 4208 wrote to memory of 1184	4208	chrome.exe	94
PID 4208 wrote to memory of 1184	4208	chrome.exe	94
PID 4208 wrote to memory of 1184	4208	chrome.exe	94
PID 4208 wrote to memory of 1184	4208	chrome.exe	94
PID 4208 wrote to memory of 1184	4208	chrome.exe	94
PID 4208 wrote to memory of 1184	4208	chrome.exe	94
PID 4208 wrote to memory of 1184	4208	chrome.exe	94
PID 4208 wrote to memory of 1184	4208	chrome.exe	94
PID 4208 wrote to memory of 1184	4208	chrome.exe	94
PID 4208 wrote to memory of 1184	4208	chrome.exe	94
PID 4208 wrote to memory of 1184	4208	chrome.exe	94
PID 4208 wrote to memory of 1184	4208	chrome.exe	94
PID 4208 wrote to memory of 1184	4208	chrome.exe	94
PID 4208 wrote to memory of 1184	4208	chrome.exe	94
PID 4208 wrote to memory of 1184	4208	chrome.exe	94
PID 4208 wrote to memory of 1184	4208	chrome.exe	94
PID 4208 wrote to memory of 1184	4208	chrome.exe	94
PID 4208 wrote to memory of 1184	4208	chrome.exe	94
PID 4208 wrote to memory of 1184	4208	chrome.exe	94
PID 4208 wrote to memory of 1184	4208	chrome.exe	94
PID 4208 wrote to memory of 1184	4208	chrome.exe	94
PID 4208 wrote to memory of 1184	4208	chrome.exe	94
PID 4208 wrote to memory of 1184	4208	chrome.exe	94
PID 4208 wrote to memory of 1184	4208	chrome.exe	94

C:\Users\Admin\AppData\Local\Temp\idk.exe
"C:\Users\Admin\AppData\Local\Temp\idk.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:796
- C:\Users\Admin\AppData\Local\Temp\onefile_796_133681351195510219\idk.exe
  C:\Users\Admin\AppData\Local\Temp\idk.exe
  2⤵
  - Drops startup file
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  PID:492

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:5112

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:1912

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb8ed2cc40,0x7ffb8ed2cc4c,0x7ffb8ed2cc58
  2⤵
  PID:3892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1836,i,6162837039673195481,18377921844231860258,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1832 /prefetch:2
  2⤵
  PID:1144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2116,i,6162837039673195481,18377921844231860258,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2128 /prefetch:3
  2⤵
  PID:1496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2200,i,6162837039673195481,18377921844231860258,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2152 /prefetch:8
  2⤵
  PID:1184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,6162837039673195481,18377921844231860258,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3176,i,6162837039673195481,18377921844231860258,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3100,i,6162837039673195481,18377921844231860258,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4436 /prefetch:1
  2⤵
  PID:2512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4756,i,6162837039673195481,18377921844231860258,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4768 /prefetch:8
  2⤵
  PID:4796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4872,i,6162837039673195481,18377921844231860258,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4984 /prefetch:8
  2⤵
  PID:1652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3752,i,6162837039673195481,18377921844231860258,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4832 /prefetch:1
  2⤵
  PID:4216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4624,i,6162837039673195481,18377921844231860258,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=212 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:3452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5240,i,6162837039673195481,18377921844231860258,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5272 /prefetch:8
  2⤵
  PID:392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4772,i,6162837039673195481,18377921844231860258,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5380 /prefetch:8
  2⤵
  PID:1612
- C:\Users\Admin\Downloads\idk.exe
  "C:\Users\Admin\Downloads\idk.exe"
  2⤵
  - Executes dropped EXE
  PID:4104
- - C:\Users\Admin\AppData\Local\Temp\onefile_4104_133681352094957944\idk.exe
    C:\Users\Admin\Downloads\idk.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4444,i,6162837039673195481,18377921844231860258,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4920 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:788

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3008

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\3ae8a517-2775-4e24-a01e-4c6bb4a3aafe.tmp

Filesize
195KB

MD5
75cdcc5144c0e6c87edeef0705e030a6

SHA1
8a758a5ea05dd6b21c15ec696036c8ac66a003b3

SHA256
08c2becbc9239c9eb88dbfcf48c1a238051839536491a2268fb505b6fa1771f9

SHA512
7f1f448d79f984c5fe44aa884b9021831c21f1e7a970791d49eb26323a8baab1b1db2ce9ea12cbe122b826e2ef3320f9cc84754d8ef3cb062c44e7008747f59d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
f336a52c81b3be684d69b23428d5b5ad

SHA1
2166c58735202818a6379a142dc4e344495306f8

SHA256
44f721fc2cea7bcca80acbaad5acd89d8a1d81694f766a668cc409439e5d2398

SHA512
3095aa51f46346c8a6b6049f9e36d73eb2b0ebc8b495bcc44a332c8da3837dcc20d71aab6a7fa1b649bd46deeb5eaf64261ba09c2e668d5e7def457cd1816112

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
b7cb421d65407ebb1f86fe85fd0ed5a1

SHA1
71158ef195e396a9b5d38287d8874e32ffb95ace

SHA256
5070c35c3f319d84c95693863bee941d3025f268011b3eea0f77a28486758e2b

SHA512
52a78fd6c49d91238ecf4718ae00e996770b66670f2b7721fe2b85e6c90c86f8431428628975da0135c29a987e8328f00420dddb82aff159e6efca61e8aa8dca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
9223e162407e3086c3ce9879152ec597

SHA1
24231c68f12ea1aa85f2b6b1f2151925def34723

SHA256
4cf46796da1533242507f336c400f7672b18bb9f38e72de4f9f33d553a1445ed

SHA512
418d09438fd8f05faca9ba268c2d5cd560c88ef5586bec0fe30a45457ce92f933a3afc32f572f9e8bfe539928b03c8379bd1dd6b9830167b465349f1a29025c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
29b2f106005349c93f189f2cedc70217

SHA1
27e42ba21528c5c1ba34bcfa3635f5a449a6c07a

SHA256
cc1cc563bd35a6afa759f2e6fc7c31ae1ef97dab23bc1843b6f0696f7408b2e0

SHA512
089781f7c606c8be99ff9f5693f2a091ec2e59644213a4ffb9db979087bf42a83944abeb203f4ce7af241b9adbe27c2237449b0138e317006c80b13c70dc62b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
e5e72a297a39d0216af371107ed4b9c7

SHA1
d5d8fb9eeb4d104b48105b04a4bfc9b6da81d36d

SHA256
e3e1c416299ee6b1b1592a69a38aa8fe03b6d4ad10e7e3fae8dc03849b98ccd3

SHA512
82d81b0ad68025ce9261e9f179d21c0c3cdd570f8bdf3103056f392ba5ebcf90dfb45b405411445675620e1066082452dfe21fd17397c4901bd14d3c7ea05528

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
a2a4096551f368e6f24e02017a3cf163

SHA1
590185fc6c8892dfe301668c85d6e1fe8c4c2573

SHA256
98eb39718a6e93c0a10e14c8c979aff32037fab09f6d620cbab4871d975c88de

SHA512
574c5a5f1bad72ab29fb56e9ca71213604694db70bd15fd57ed63ef9c51e9cf7be090e7aba51a850f4dcc33c8d27bc67ac5e5c42e4e0cd80c7b573e6cea0a6dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
ffdbfb30d7940d506ad0cc0f6ed74a22

SHA1
b0007e49fe97be933a684665d3d075388835b5a5

SHA256
a8708a590f4a7867364399ff99fa8c949bcaec4b4bc52f18ed0ab373100861ca

SHA512
68d51356fbda45e56fa1fdb6a5b81866bf8e10a4e164eb224f3bb09be56be6b5ef8531e009cfbe0f8efeae3657cd7c8e7c0f636bee91f73093f90158e6870136

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1daf542d5950bfa4b3033055374a8a57

SHA1
b4627e32dc4f5056b396ce93447580e90bfca513

SHA256
5801a6485b1b2387eb06959a87f9301cef698513fe2725e25f2b4786ee64cb43

SHA512
420571eba23cf995fe609816b65ccc25e1127c050ce73a08a02fb1bd9bc281c504a35d6adb931958c3d2148ac609bd27cd3074fc64ead0d77d2a7d7712e49b88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3c7e5fc5b0f4df2fc221153b8d73a6aa

SHA1
164dbc91183f329967c4c6dc352820dca583e095

SHA256
d318afd74c0c95769022a060ba9d1f82bd74baf19736d8bef326908ce4b92838

SHA512
500d3cee47f1b6307f53f831908bdb6d491208ee3859415f62f7c445513e6f551a413bda4381773abebc7d1e3596e97caefd0dc5be27f37cf7b9d0ca51b67763

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
46e3993f4dab34d96a345990906332a0

SHA1
afaf380f09bde6dff881d3e198d2581d7a1b0446

SHA256
d3986370973b97ff7d5824e5b43c42f1c34cc9ca37d186c722e2553789806e71

SHA512
9e0f63af62ced25951b5df9b94a709770d7aa51a0e0bffc3533271b36324c7f0ad06fbce26875c81daf9c84008d08b4f1c7f1e0d84dbcb9fc9d91959b6e0a9da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
eca4bf5637880ac2f1de49d6de7914e5

SHA1
184c96c123f7032539c97cadec131546a5cc7eb7

SHA256
fa1423a280b5f2cf61f76786323112f4e119a8e0625833cd341f6f47ad4a1efc

SHA512
89355f7698442395df47f2c4043e2e7c33c0e98dbf4fba418671514a1b2b80c26040c16e5ebaa1e05f9aa76a49c1cf01c48f6927262abad84a60880767b3abc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
4002c6eb94b026d84e367371e4a8680a

SHA1
edbe553d97c0a63e100ecdaa1f08963e932ed722

SHA256
bb968380a926c9ad464623f5987a5b033ae273f0f3e4318487c551bca0d0dfd9

SHA512
17c148124b55982c7759407b171b08bb72d24464843cf59eb21beaccdbd9ca5a9a689938412eb1a15e562335a6dcb4530ef83bce2b400419e7113a39239e46dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fedb1b1553970a495dd5b3a932a9c649

SHA1
f1f2bdd1f6826dd24c5e3b6cbfe56ffa2b100830

SHA256
79880884bff5be7262deabf8ad6cc22261a47a358a844445045f4aaefc0a7d2f

SHA512
d2119d68993abbd38fe540fb4dba596bb0b90467b100d3add0adbd167a393aed9ecce6a1dff9e15bc411d5e518cc5f2e95c1d344798f2c9bb26ebc7e55933cb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b6e252b484978fcb543b536a7167fd45

SHA1
73004b3028993abab933db6034ec6844f16eaf32

SHA256
f39eb3dda091b75a888571897bba7dee0f926646584dad685479f53dc6561cd7

SHA512
c313e06b9b07cb2171eee63b572ec5ad860a5a7b201e9497a1f6f893376012b447540fe8820396594fa1456ea371fecd1a15054482df54c84d3c4dbd6e08122f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e9a959e4dabb79b87db433b31df9545a

SHA1
c4334cec1732838db8eaf1cc4d6613767409174a

SHA256
0c38df0a5e591cdf2d7038790a93ecc9e98e4b01f9fe12fcfeab4fa79d95d5c1

SHA512
6a02cbedd98ab304ff2fd99a09fbc9cb3358bf9703dc3be5bc07aeded44c8464e216a950c9261527fb2ee568a09f9cfc8d84bf20d4828045d74514a77609f2e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a5fb8767243939de5cfc68a170e6176a

SHA1
4118297852c92b34bb3d3c56653815bd049f479a

SHA256
49090489ac6249e8a253d0a972a0c057e64dead69df97e7c345197b9b3d3d4ef

SHA512
c65c337673c86018f921acbbd2c6aadfb5a4ced3febbe861e4cb21351acc1521a1f2941eadda1dde1b7511a13d1b661dbb9a57bff1ea3857edaacc2bdb1a0cc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
256c3d132c9eea1b5463184f51c80cd6

SHA1
98af94c7f30dd403184aecd1aba45b07d12e14fc

SHA256
c932903b4f9d6b3f6692397557bcb6e65ec1ccf5d41d5683f68ae2425ffa4354

SHA512
9e90c7410b35be3cdac561229923222750727eefb4d49a099e1559bb2811543009129f63f031287749e193a6b0babef46861b5a7262839a01a9be7045ae03cbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6573f305263429e0be4ddd0f692a6973

SHA1
98e89ad6a644e8d19fe67585761f46306efc5e57

SHA256
ef03c8e53dbd8e05a025eda523794d164b995fbbc0c3d8efcc7dc5958a1eea80

SHA512
f87e1bda30736a6b5563d433c47facec2be6ed09fc086712ef93e46ed45b8460fc62b22f7b11d71c1291b84ddcf5f03637be4884bb0fc32923544e25d94ac987

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1b67c2e35b9bed867797c7aaa18e9073

SHA1
e6a9fd5386d774deb3978bfbbb088230452e25e1

SHA256
ed7634005213c7092b053560f961124f2f84a30a904ecc26783a0c9e84d12db0

SHA512
c86c698321d7fad8f21956ced21ee30a3debaa6735d8da4f43b46cce3f9e7f3c238ddc39c3d2e31c579b143f98e018ad5f448cbb7d52ee9406a580e6a0c42075

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
10e4897b3ec2fd36c6d31c4339794018

SHA1
ff13f537532dc21e1998cd5e01844d57884be701

SHA256
3e214b830ab8ccd42d846f2c9741da53f09984266d647e44a2ac7f2dc73b7f95

SHA512
d22fdc4bbb12e11c684ea0773cfae84dc1a0881ca0efe80e045bd084c50908aba72beb0e86f9c2ea73ec696d3a6a0729ab17dc14c8be58a913c38cd8d46cb442

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c9f7570e5b9cf321a9561525b755913c

SHA1
bb38ab191661d63bdffd5b0cc766a2e4a82f4fc1

SHA256
8ad573f7907da7583353c268b7f47c48fc4dcc11682ed84d8b67cf9eddd3e9f7

SHA512
f9828d2135fe6ec001e9997642abc60e9756c1cd3656a839f6a9f9858a99cdafa884550ee55d69730e653b9a755d4a42b46169b4c0453466ee9be0771e0a5919

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
aecb3b82c84de81bc0db94c721f90eb3

SHA1
803cccaf005a549ea508d4255b99b0c5a3aac963

SHA256
5d10603d8fb09ea179e25c2e2916ea583f4dd061fe1ba15dd317c7b02d5ad4db

SHA512
92b7a91a4861df7ff670bba801ad52b8897135d47f0255ce85909f70363fd1dbff9c9d9fad15caf533cf1f0e86bd00bd8d9e0fb9118f9a8c46adf67422e17674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
532c3e27daea13e33d206653939e9f83

SHA1
e2d7eefe9a3a1e12f83323f2f9f18a16cc1dae8d

SHA256
0b2504eeb264757ef7acb69003a7905a826eadb1389337f82b1096f63addb7de

SHA512
242abc2583522d7c6330065fc1a12d0f2adbd3f3f9fd5e2583dd55518cec0972aa87610e40b975c88634169c5961701aabe41eff93038e8e24ca58b54128a9e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6bbdadf777a7c327f1475ba2c384e413

SHA1
3c62307d512df9bc8ea9d87dfe0ea9ed27e0187a

SHA256
2558c3c8753f1fdafa0668d9b935dbdbe2e08a3a18c441b095c1b05f568d22ad

SHA512
688b483973f1eb13fb355f299aecb9ffd6c9a7b7e1daca8470eb45e3134b7e215f4f634ac02a724d7a306cbf06a01da352f31faf8917ce9199057d01fee67f48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fe8de91985f593f19e20f9433751002b

SHA1
778bcbd830207c3c1fb0aa017c4572a1d5e977d5

SHA256
7e7d6e085094bb149dfbfd896c3fbdd914732248149d6857463c722ac178de92

SHA512
f8191ee67df1b85a312906fdfdbf96746b7af9a6a9e0a4b804fb77667193336867fb5102b127c772372161082e6a2c05a0778cab2ed48e0d51e98035ff4c9179

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e3c8c0fe7a82cdbeb487c704a84d78f2

SHA1
795a64ca55d584e427e017ed606b7910b46ec7f6

SHA256
fabf4be66e54524a7a88accd315bf4c3152cacfe17c1c7e3f3d85a80d56376fc

SHA512
bdce6db3952fd0acd1dc4c32952848571d91995958b59a73b232821459cdb60aa3a954db539d9c582871a4c522c50335308395ddf178f88fcb80340e0f9c52db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cc1b4badf7b900ba242e6ca623c9f798

SHA1
67c9ef216f8e6a2de6fefc9bd0591090fa6dbf0c

SHA256
71e66b69c02a01d5ce750bcdea9e3aef9a5c3b64f7fd070bf000095cddbf4579

SHA512
37ab0b0f68448e7f516435e9b96a64eb461ae2a6868e5a3121eeb25928d013a4328c066c29022738dc5bba484d4ea7ace74e78ca7b61f207e1888b53b25f5362

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8a030fe307b63fea8f025f75a172e479

SHA1
93f9d424e04695fa07b283053d8b21fa2aabff32

SHA256
0bff5df2cca08b4b06c27b2a382dc054c04e6a9d8968d632e218759a86b5c520

SHA512
46d607b628e043994738302f22e9540a6e527776300e143180a3e765bc1f1c01d80ad0121c5e2ce3ed244d1aa025c7af632d9b809d17bc155a6df0f7177ab3f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
72e349a36b809a8ecfc2fefdccbaae66

SHA1
3d804faf4ab74dc6a29c1a4ae6dad70d9432aa58

SHA256
7bb6d3e44fc4cf37f5ab6080bfc4f5e175ba6be6ac82824b87797437b4514de3

SHA512
a2102977feb17c1acc79a4ad9f17d72ca427ea261a4e6c3aaf4fda51c19f49aa28ca5458b0475788c1f63dcb7386da227ea21d94b12d5f84072026a761672dd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2ff72601c4f48ca8c33ffe753eb26308

SHA1
8d961848d402a0f3724ca239c2e29a8256c32297

SHA256
a3e43dd2e71781523411d4db7f22e0e1b5ab99c5eb7efbd2ad7fcf9a9caf5bbd

SHA512
99d926c96923c48ea86ee3db40f1aa1fa5680cf21ce4a882bd5664d7b9caacf62028fcf0b85d3e47e41821ddede023c2d59507083f17aa7d6e936b1bb3403007

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2856c165ba30dd27157b3d3b1fb836b7

SHA1
73b0a3b41d9a0a78fabf317a0af6b624d1ae0f98

SHA256
9f776f536bfdb43966a5c750e0c0a7268783f4fefd902e095eb933b9228dff9f

SHA512
dc55fd4da7ac63f63e9d1b85d7e9175a70afc160c3766e872358c9b1318ce350968bda23d1c3ee101ce834c0b94d8fea61814f73aca442651541e301b0862aef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f4b040406d6d9064f111ea013757d8ec

SHA1
9700c76ae4b54dc7268b55eb8b90f229fff88626

SHA256
befb188269c45199223bcb96941ead4574265874a1b67ef1a2101e5894b63297

SHA512
7cb6d83be93ede3065e3ad3f81f5a64540b00675a04c84fc4a3a1a25c2aea409019067f49aad81b16ba7c4aa3977bfb08a9ae33bb63d5143e015d9ebd6717f62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2bb0ba6cec715f291b5efe95f9f594f3

SHA1
18a61e0c56ca7800f444ebf7113441f9a1fea878

SHA256
0f0d54a565b60983aee68b8a84b3fbece5875106b78c277e7281e065e505be37

SHA512
3407a06307745467fbe34b9c9b68bf69b9153a75bfa5e5dd4b20c271ad1e633480ef9354aa14373121b22b5501c6f4047d33387a68c4134be9e09f95b0f49951

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4f63c61db27931fab5ec30aefdd739e4

SHA1
03970f11aafb2e193f6636b14a28ae043e0c71b1

SHA256
4410d64fb278d78343535dafa1996d503bb7348ad47fce26bb476a5d14a01500

SHA512
d3eb051379594a7bb908b93a8dc283aeb74614869156385628af00c3b977ebd78986de4f8e1c78878cb943e457c0c79b9a141a8166bb824b1f11d6773733f443

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3447b008fe5a5fb388f8869f3770f76a

SHA1
70aa30b336f5592715d51b61e6e4cbb0e2e58897

SHA256
69ebfc932c365a709eaeea5836d2bf2b8531a47de26b0be9c2bb8be0b6e84304

SHA512
04432fbcea3363f6be5a93e1fb2d90c3aa69de1748b96369658806afd549fb5553586d4c469ca58f677235ef5a8e230ad68a09e10c82eceffe4f4fc5553c553a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3e5c3b73d8a31719d2284af285269947

SHA1
4356bf95a20b0e82faaa69a18c05adbb0cf6fbad

SHA256
4b237f32f341e015b3ba31a06e78a0369a6f1fe4519249a9d5b2a0303cf2fa65

SHA512
3a75a57e344d2387b8e4b35a7348b132626e1f682771375cd49a32736c5654df11b660c277fa434be6f8dda36e8aaaafcdb5668f0bb9d5cf35e860c82a0cc040

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
41600ab0d621df26c9bde5e9a2beb2ee

SHA1
a789c7991557c815846f239923a47791cd6bca96

SHA256
f691899a9af362f2e3843e36dc2194e0337224fc958f01759abddc06c40d76c5

SHA512
fd1afbe519d4a940381e4135aedd547f7cd7e310ab89f3ff1ec4c149aa37c9ba30b952ed0193d76437a0450ae867daea123839ab0da57382f5ac67d72cf5bd3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
b520b99461f66cdde7362996f0bf3f78

SHA1
2d71581070de405d84ccc31ed561b2bb6fb4b17e

SHA256
9e564f86d71b534bdf5ce2755664ef1dd7485f7b3025344c089a38e213b89440

SHA512
0579655441f3790c605cdc83e98dee6ad127cfc08d389eb6d6027e7b6360dfd70acf00e961abd885cf2323303fbcbbade127a1380747c70631a1b5254683c699

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
fc8338ee4286984d80c370cf5ca6ee70

SHA1
9829761f8ea0e3668f56f66f3f296320e79c5089

SHA256
dc3823bd828a03ac3495ccdee269243cab5780c3886fcd5c4f4fb12a2b606e59

SHA512
e8b807deda8d1d80ec11096e1c53265ca083fe47ae339298aca03cdd45385e5a33e4c144695d31611999fed2985bf7ac329ee3f7ed264834b04a3d4ca7fbc145

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\VCRUNTIME140_1.dll

Filesize
48KB

MD5
f8dfa78045620cf8a732e67d1b1eb53d

SHA1
ff9a604d8c99405bfdbbf4295825d3fcbc792704

SHA256
a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5

SHA512
ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_cffi_backend.pyd

Filesize
175KB

MD5
d8caf1c098db12b2eba8edae51f31c10

SHA1
e533ac6c614d95c09082ae951b3b685daca29a8f

SHA256
364208a97336f577d99bbaaed6d2cf8a4a24d6693b323de4665f75a964ca041d

SHA512
77e36f4fb44374b7c58a9005a1d7dfeb3214eabb90786e8a7c6593b5b1c7a305d6aa446be7a06ae0ff38f2bedea68cacb39053b7b7ec297bff3571b3922fd938

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_ssl.pyd

Filesize
174KB

MD5
c87c5890039c3bdb55a8bc189256315f

SHA1
84ef3c2678314b7f31246471b3300da65cb7e9de

SHA256
a5d361707f7a2a2d726b20770e8a6fc25d753be30bcbcbbb683ffee7959557c2

SHA512
e750dc36ae00249ed6da1c9d816f1bd7f8bc84ddea326c0cd0410dbcfb1a945aac8c130665bfacdccd1ee2b7ac097c6ff241bfc6cc39017c9d1cde205f460c44

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\aiohttp\_helpers.pyd

Filesize
54KB

MD5
549077ff9a5df39d7af0461df5777cea

SHA1
462130783945c0c311c23451dcbdf498d601949b

SHA256
d21e4954ccc8b10dbadea32b32c831ea2a35d9ccec7aa84ff5b24c266e50edc9

SHA512
1ccbf6866dfa0a44141cbceebd62003a6a3f2f5cc3994be63fd47fdec81b0b5b4170fd11e9ec7681c158e860dfc9c313642994f5a9989f77da0fd617365c236b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\aiohttp\_http_writer.pyd

Filesize
49KB

MD5
4cf1b9d0c03be809148393602f201bc1

SHA1
be89a11e077cdaf879e5e3f1911c48bc95e8f897

SHA256
6cad1732e9bb8664f49b248ceba9d5551fd0c491f1a2fe364ec1b2675cb76ff5

SHA512
04fa288f0bef49b61ad4269e473ca3ab9bb5601e2fc4469cea30bfd80a8a2f6ec6d18716ffc25d58a22d806a21d324c4d87f117ac012c2e82e428a7a96974811

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\aiohttp\_websocket.pyd

Filesize
36KB

MD5
975cdeeb9a2eae687bbd8dcbe07c4835

SHA1
739f4554e180c61a497cd280390e0bc7ff17d4a6

SHA256
b819911fc2e252ae9e35b91ede5408b66c6a31c27b1dedd4ee998c148f1a1cd5

SHA512
6c9e2d14d778efcc24c44af669d401372019a1b71a0813476a783ff08854de60f7c719d44b4564741a36516267877df2205f8305b15af639d29d8fcd36b50976

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\frozenlist\_frozenlist.pyd

Filesize
84KB

MD5
d7193bea71087b94502c6b3a40120b04

SHA1
51aa3825a885a528356ba339f599c557e9973ec3

SHA256
886375bc6f0ff2bbd1e8280f8f1cb29c93f94b8e25b5076043cd796654c3a193

SHA512
c65cef39362a75814d40132f4f54f25f258c484dd011b12ae7051fa52865f025c960e4a3130c699b7eb1be375a3d2c3c3b733d6543338d7e40aad0488d305056

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\libcrypto-3.dll

Filesize
5.0MB

MD5
e547cf6d296a88f5b1c352c116df7c0c

SHA1
cafa14e0367f7c13ad140fd556f10f320a039783

SHA256
05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de

SHA512
9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\libssl-3.dll

Filesize
768KB

MD5
19a2aba25456181d5fb572d88ac0e73e

SHA1
656ca8cdfc9c3a6379536e2027e93408851483db

SHA256
2e9fbcd8f7fdc13a5179533239811456554f2b3aa2fb10e1b17be0df81c79006

SHA512
df17dc8a882363a6c5a1b78ba3cf448437d1118ccc4a6275cc7681551b13c1a4e0f94e30ffb94c3530b688b62bff1c03e57c2c185a7df2bf3e5737a06e114337

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\multidict\_multidict.pyd

Filesize
45KB

MD5
ab3685f651c7821bbf03baf1d436b617

SHA1
f6306217ecaf5fa1dc8c78260d02dd2716903316

SHA256
1ef9e6eaff88cdcc0a32346b7b266a0e1d19716ecac07f16a189a7057ce971f9

SHA512
08e4d615ce5f9c565d54a16b1f475b6ad746b5d8e7f17248d235b5acd474333036bb33671c887bb64794b56ec910af28efbb7bed8bdea2eddd4bcd81c1b1fb70

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\nacl\_sodium.pyd

Filesize
340KB

MD5
9d1b8bad0e17e63b9d8e441cdc15baee

SHA1
0c5a62135b072d1951a9d6806b9eff7aa9c897a3

SHA256
d733c23c6a4b21625a4ff07f6562ba882bcbdb0f50826269419d8de0574f88cd

SHA512
49e7f6ab825d5047421641ed4618ff6cb2a8d22a8a4ae1bd8f2deefe7987d80c8e0acc72b950d02214f7b41dc4a42df73a7f5742ebc96670d1c5a28c47b97355

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\psutil\_psutil_windows.pyd

Filesize
65KB

MD5
3e579844160de8322d574501a0f91516

SHA1
c8de193854f7fc94f103bd4ac726246981264508

SHA256
95f01ce7e37f6b4b281dbc76e9b88f28a03cb02d41383cc986803275a1cd6333

SHA512
ee2a026e8e70351d395329c78a07acb1b9440261d2557f639e817a8149ba625173ef196aed3d1c986577d78dc1a7ec9fed759c19346c51511474fe6d235b1817

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\select.pyd

Filesize
30KB

MD5
d0cc9fc9a0650ba00bd206720223493b

SHA1
295bc204e489572b74cc11801ed8590f808e1618

SHA256
411d6f538bdbaf60f1a1798fa8aa7ed3a4e8fcc99c9f9f10d21270d2f3742019

SHA512
d3ebcb91d1b8aa247d50c2c4b2ba1bf3102317c593cbf6c63883e8bf9d6e50c0a40f149654797abc5b4f17aee282ddd972a8cd9189bfcd5b9cec5ab9c341e20b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\unicodedata.pyd

Filesize
1.1MB

MD5
cc8142bedafdfaa50b26c6d07755c7a6

SHA1
0fcab5816eaf7b138f22c29c6d5b5f59551b39fe

SHA256
bc2cf23b7b7491edcf03103b78dbaf42afd84a60ea71e764af9a1ddd0fe84268

SHA512
c3b0c1dbe5bf159ab7706f314a75a856a08ebb889f53fe22ab3ec92b35b5e211edab3934df3da64ebea76f38eb9bfc9504db8d7546a36bc3cabe40c5599a9cbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\yarl\_quoting_c.pyd

Filesize
94KB

MD5
44eb05d3c409e626ad417ed117068160

SHA1
dc0c4446e0601a2d341a09cda68ce6d2e466c040

SHA256
f306e375e186c011585dea2bc875530fb7d734861db388764a2aa307b1b68df3

SHA512
51194721d5ed968d40394f784a4708e6282d7c28b45b387165ae44eb5798f58432e85f743f798dae2c79722c88f5e8bb61c31ea37110781aa2368c6b4a4a45a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\zstandard\backend_c.pyd

Filesize
508KB

MD5
0fc69d380fadbd787403e03a1539a24a

SHA1
77f067f6d50f1ec97dfed6fae31a9b801632ef17

SHA256
641e0b0fa75764812fff544c174f7c4838b57f6272eaae246eb7c483a0a35afc

SHA512
e63e200baf817717bdcde53ad664296a448123ffd055d477050b8c7efcab8e4403d525ea3c8181a609c00313f7b390edbb754f0a9278232ade7cfb685270aaf0

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_796_133681351195510219\VCRUNTIME140.dll

Filesize
116KB

MD5
be8dbe2dc77ebe7f88f910c61aec691a

SHA1
a19f08bb2b1c1de5bb61daf9f2304531321e0e40

SHA256
4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83

SHA512
0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_796_133681351195510219\_asyncio.pyd

Filesize
69KB

MD5
477dba4d6e059ea3d61fad7b6a7da10e

SHA1
1f23549e60016eeed508a30479886331b22f7a8b

SHA256
5bebeb765ab9ef045bc5515166360d6f53890d3ad6fc360c20222d61841410b6

SHA512
8119362c2793a4c5da25a63ca68aa3b144db7e4c08c80cbe8c8e7e8a875f1bd0c30e497208ce20961ddb38d3363d164b6e1651d3e030ed7b8ee5f386faf809d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_796_133681351195510219\_bz2.pyd

Filesize
83KB

MD5
5bebc32957922fe20e927d5c4637f100

SHA1
a94ea93ee3c3d154f4f90b5c2fe072cc273376b3

SHA256
3ed0e5058d370fb14aa5469d81f96c5685559c054917c7280dd4125f21d25f62

SHA512
afbe80a73ee9bd63d9ffa4628273019400a75f75454667440f43beb253091584bf9128cbb78ae7b659ce67a5faefdba726edb37987a4fe92f082d009d523d5d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_796_133681351195510219\_ctypes.pyd

Filesize
122KB

MD5
fb454c5e74582a805bc5e9f3da8edc7b

SHA1
782c3fa39393112275120eaf62fc6579c36b5cf8

SHA256
74e0e8384f6c2503215f4cf64c92efe7257f1aec44f72d67ad37dc8ba2530bc1

SHA512
727ada80098f07849102c76b484e9a61fb0f7da328c0276d82c6ee08213682c89deeb8459139a3fbd7f561bffaca91650a429e1b3a1ff8f341cebdf0bfa9b65d

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_796_133681351195510219\_hashlib.pyd

Filesize
64KB

MD5
da02cefd8151ecb83f697e3bd5280775

SHA1
1c5d0437eb7e87842fde55241a5f0ca7f0fc25e7

SHA256
fd77a5756a17ec0788989f73222b0e7334dd4494b8c8647b43fe554cf3cfb354

SHA512
a13bc5c481730f48808905f872d92cb8729cc52cfb4d5345153ce361e7d6586603a58b964a1ebfd77dd6222b074e5dcca176eaaefecc39f75496b1f8387a2283

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_796_133681351195510219\_lzma.pyd

Filesize
156KB

MD5
195defe58a7549117e06a57029079702

SHA1
3795b02803ca37f399d8883d30c0aa38ad77b5f2

SHA256
7bf9ff61babebd90c499a8ed9b62141f947f90d87e0bbd41a12e99d20e06954a

SHA512
c47a9b1066dd9744c51ed80215bd9645aab6cc9d6a3f9df99f618e3dd784f6c7ce6f53eabe222cf134ee649250834193d5973e6e88f8a93151886537c62e2e2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_796_133681351195510219\_overlapped.pyd

Filesize
54KB

MD5
7e4553ca5c269e102eb205585cc3f6b4

SHA1
73a60dbc7478877689c96c37107e66b574ba59c9

SHA256
d5f89859609371393d379b5ffd98e5b552078050e8b02a8e2900fa9b4ee8ff91

SHA512
65b72bc603e633596d359089c260ee3d8093727c4781bff1ec0b81c8244af68f69ff3141424c5de12355c668ae3366b4385a0db7455486c536a13529c47b54ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_796_133681351195510219\_socket.pyd

Filesize
81KB

MD5
dd8ff2a3946b8e77264e3f0011d27704

SHA1
a2d84cfc4d6410b80eea4b25e8efc08498f78990

SHA256
b102522c23dac2332511eb3502466caf842d6bcd092fbc276b7b55e9cc01b085

SHA512
958224a974a3449bcfb97faab70c0a5b594fa130adc0c83b4e15bdd7aab366b58d94a4a9016cb662329ea47558645acd0e0cc6df54f12a81ac13a6ec0c895cd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_796_133681351195510219\_uuid.pyd

Filesize
25KB

MD5
50521b577719195d7618a23b3103d8aa

SHA1
7020d2e107000eaf0eddde74bc3809df2c638e22

SHA256
acbf831004fb8b8d5340fe5debd9814c49bd282dd765c78faeb6bb5116288c78

SHA512
4ee950da8bbbd36932b488ec62fa046ac8fc35783a146edadbe063b8419a63d4dfb5bbd8c45e9e008fe708e6fc4a1fee1202fce92ffc95320547ba714fed95e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_796_133681351195510219\_wmi.pyd

Filesize
36KB

MD5
8a9a59559c614fc2bcebb50073580c88

SHA1
4e4ced93f2cb5fe6a33c1484a705e10a31d88c4d

SHA256
752fb80edb51f45d3cc1c046f3b007802432b91aef400c985640d6b276a67c12

SHA512
9b17c81ff89a41307740371cb4c2f5b0cf662392296a7ab8e5a9eba75224b5d9c36a226dce92884591636c343b8238c19ef61c1fdf50cc5aa2da86b1959db413

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_796_133681351195510219\aiohttp\_http_parser.pyd

Filesize
256KB

MD5
580373358ec72ec7c2b9c9cfdc984788

SHA1
3ba971fcb00fb09633ad259706900ca4ddef2f97

SHA256
292d45f5f6c1dfae8e0c8407a5e2b2b3eca4f8107dbb9d9d9afd3436919f0dfa

SHA512
06c0e7b366a5773d25f8af25d77d3761e4fbdbd675a3aaeec36eaec901950c759129dd2ddb7be1caea835f2ffd20b93920e989ad49e4adeafb38d60495f3c72b

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_796_133681351195510219\python3.dll

Filesize
66KB

MD5
a07661c5fad97379cf6d00332999d22c

SHA1
dca65816a049b3cce5c4354c3819fef54c6299b0

SHA256
5146005c36455e7ede4b8ecc0dc6f6fa8ea6b4a99fedbabc1994ae27dfab9d1b

SHA512
6ddeb9d89ccb4d2ec5d994d85a55e5e2cc7af745056dae030ab8d72ee7830f672003f4675b6040f123fc64c19e9b48cabd0da78101774dafacf74a88fbd74b4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_796_133681351195510219\python312.dll

Filesize
6.6MB

MD5
d521654d889666a0bc753320f071ef60

SHA1
5fd9b90c5d0527e53c199f94bad540c1e0985db6

SHA256
21700f0bad5769a1b61ea408dc0a140ffd0a356a774c6eb0cc70e574b929d2e2

SHA512
7a726835423a36de80fb29ef65dfe7150bd1567cac6f3569e24d9fe091496c807556d0150456429a3d1a6fd2ed0b8ae3128ea3b8674c97f42ce7c897719d2cd3

Download Submit
memory/492-138-0x00007FF61D000000-0x00007FF621BC0000-memory.dmp

Filesize
75.8MB

Download
memory/796-164-0x00007FF6BE8F0000-0x00007FF6C0B45000-memory.dmp

Filesize
34.3MB

Download
memory/1044-337-0x00007FF6FF1D0000-0x00007FF703D90000-memory.dmp

Filesize
75.8MB

Download
memory/4104-363-0x00007FF6680E0000-0x00007FF66A335000-memory.dmp

Filesize
34.3MB

Download