Analysis

  • max time kernel
    300s
  • max time network
    300s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-09-2024 10:30

General

  • Target

    https://gofile.io/d/E8ookh

Malware Config

Extracted

Family

asyncrat

Version

Venom Pwn3rzs' Edtition v6.0.1

Botnet

Default

Mutex

oevtobrbpcmpahavl

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

  • pastebin_config

    https://pastebin.com/raw/LwwcrLg4

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

  • Executes dropped EXE 6 IoCs
  • Loads dropped DLL 1 IoCs
  • Obfuscated with Agile.Net obfuscator 1 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Looks up external IP address via web service 4 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in System32 directory 2 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 7 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://gofile.io/d/E8ookh
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4400
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffcfe12cc40,0x7ffcfe12cc4c,0x7ffcfe12cc58
      2⤵
        PID:4936
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1900,i,9716977762141426090,2729239515367426478,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1892 /prefetch:2
        2⤵
          PID:4556
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2176,i,9716977762141426090,2729239515367426478,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2180 /prefetch:3
          2⤵
            PID:4640
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2268,i,9716977762141426090,2729239515367426478,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2232 /prefetch:8
            2⤵
              PID:4956
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,9716977762141426090,2729239515367426478,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3200 /prefetch:1
              2⤵
                PID:2020
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3164,i,9716977762141426090,2729239515367426478,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3236 /prefetch:1
                2⤵
                  PID:3600
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4064,i,9716977762141426090,2729239515367426478,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4508 /prefetch:1
                  2⤵
                    PID:656
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4492,i,9716977762141426090,2729239515367426478,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4656 /prefetch:1
                    2⤵
                      PID:1180
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4260,i,9716977762141426090,2729239515367426478,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4788 /prefetch:8
                      2⤵
                        PID:2848
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5060,i,9716977762141426090,2729239515367426478,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4992 /prefetch:1
                        2⤵
                          PID:3692
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5124,i,9716977762141426090,2729239515367426478,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5316 /prefetch:8
                          2⤵
                            PID:4948
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3016,i,9716977762141426090,2729239515367426478,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5316 /prefetch:8
                            2⤵
                            • Drops file in System32 directory
                            PID:5320
                        • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                          "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                          1⤵
                            PID:3708
                          • C:\Windows\system32\svchost.exe
                            C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                            1⤵
                              PID:1372
                            • C:\Windows\System32\rundll32.exe
                              C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                              1⤵
                                PID:4644
                              • C:\Users\Admin\Desktop\S-500-RAT-Cracked\S-500-RAT-Cracked\xKeyGenerator.exe
                                "C:\Users\Admin\Desktop\S-500-RAT-Cracked\S-500-RAT-Cracked\xKeyGenerator.exe"
                                1⤵
                                • Suspicious use of AdjustPrivilegeToken
                                PID:2328
                                • C:\Windows\System32\schtasks.exe
                                  "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN SearchFilterHost /TR "C:\ProgramData\SearchFilterHost\SearchFilterHost.exe"
                                  2⤵
                                  • Scheduled Task/Job: Scheduled Task
                                  PID:4992
                              • C:\Users\Admin\Desktop\S-500-RAT-Cracked\S-500-RAT-Cracked\S500RAT.exe
                                "C:\Users\Admin\Desktop\S-500-RAT-Cracked\S-500-RAT-Cracked\S500RAT.exe"
                                1⤵
                                • System Location Discovery: System Language Discovery
                                PID:1560
                                • C:\ProgramData\vshost\vshost.exe
                                  C:\ProgramData\\vshost\\vshost.exe ,.
                                  2⤵
                                  • Executes dropped EXE
                                  • System Location Discovery: System Language Discovery
                                  PID:1528
                                • C:\Users\Admin\Desktop\S-500-RAT-Cracked\S-500-RAT-Cracked\core32.cfg
                                  core32.cfg
                                  2⤵
                                  • System Location Discovery: System Language Discovery
                                  PID:844
                                  • C:\Windows\system32\cmd.exe
                                    "C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\5658.tmp\5659.tmp\565A.bat C:\Users\Admin\Desktop\S-500-RAT-Cracked\S-500-RAT-Cracked\core32.cfg"
                                    3⤵
                                      PID:3488
                                      • C:\Windows\system32\chcp.com
                                        chcp 65001
                                        4⤵
                                          PID:1456
                                        • C:\Users\Admin\Desktop\S-500-RAT-Cracked\S-500-RAT-Cracked\ServerRegistrationManager.exe
                                          ServerRegistrationManager.exe
                                          4⤵
                                          • Loads dropped DLL
                                          • Suspicious behavior: EnumeratesProcesses
                                          • Suspicious use of SetWindowsHookEx
                                          PID:3428
                                    • C:\ProgramData\winst\winst.exe
                                      C:\ProgramData\\winst\\winst.exe YXbxdIZqKpSeXDvrL7vTIuTjmPqAqanw7SaFcVOST9dW3mkVLaBAu1UJKDlIEqmD
                                      2⤵
                                      • Executes dropped EXE
                                      • System Location Discovery: System Language Discovery
                                      PID:1048
                                  • C:\Windows\system32\wbem\WmiApSrv.exe
                                    C:\Windows\system32\wbem\WmiApSrv.exe
                                    1⤵
                                      PID:5656
                                    • C:\Windows\system32\taskmgr.exe
                                      "C:\Windows\system32\taskmgr.exe" /4
                                      1⤵
                                      • Checks SCSI registry key(s)
                                      • Modifies registry class
                                      • Suspicious behavior: EnumeratesProcesses
                                      • Suspicious use of FindShellTrayWindow
                                      • Suspicious use of SendNotifyMessage
                                      PID:5884
                                    • C:\ProgramData\SearchFilterHost\SearchFilterHost.exe
                                      C:\ProgramData\SearchFilterHost\SearchFilterHost.exe
                                      1⤵
                                      • Executes dropped EXE
                                      PID:6092
                                    • C:\Windows\System32\grpconv.exe
                                      "C:\Windows\System32\grpconv.exe"
                                      1⤵
                                        PID:5232
                                      • C:\ProgramData\SearchFilterHost\SearchFilterHost.exe
                                        C:\ProgramData\SearchFilterHost\SearchFilterHost.exe
                                        1⤵
                                        • Executes dropped EXE
                                        PID:5380
                                      • C:\ProgramData\SearchFilterHost\SearchFilterHost.exe
                                        C:\ProgramData\SearchFilterHost\SearchFilterHost.exe
                                        1⤵
                                        • Executes dropped EXE
                                        PID:5780
                                      • C:\ProgramData\SearchFilterHost\SearchFilterHost.exe
                                        C:\ProgramData\SearchFilterHost\SearchFilterHost.exe
                                        1⤵
                                        • Executes dropped EXE
                                        PID:5664

                                      Network

                                      MITRE ATT&CK Enterprise v15

                                      Replay Monitor

                                      Loading Replay Monitor...

                                      Downloads

                                      • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vshost.lnk

                                        Filesize

                                        493B

                                        MD5

                                        29a978468ca21adf7a2306fed4c085d1

                                        SHA1

                                        192d0a23292eeae8e9c625d0cde7197887cf795a

                                        SHA256

                                        566bde2411a128b5ef5983e576fc297508df8bf41d1bb2a301a23723e6f77b0c

                                        SHA512

                                        fdcacb5d123f1df6655e96b76a49b16fe69e54933960bf545dc8555fbf4f063a01663067d754c8413e25359c191a60960286f0d3f88fdea2c85fc795e76c3380

                                      • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\winst.lnk

                                        Filesize

                                        603B

                                        MD5

                                        f15b62419c49bc86c3a212f0da79ed5b

                                        SHA1

                                        b741cbd7b269e522b168f5f72827a3f7c846d673

                                        SHA256

                                        63dfded92188ffc7e1fd4d322bd5e3faf1490efd25279068eacd045fdae8dd49

                                        SHA512

                                        e81826d97963cb330fad283a7ca707da3e824178b151a5cc86d1ba7a8a28359bbd97a1adbbd2ce91c7d86be08f9a9534d6fe92db5f44669a93b5ca04676c1442

                                      • C:\ProgramData\SearchFilterHost\SearchFilterHost.exe

                                        Filesize

                                        301KB

                                        MD5

                                        622aed98f14dc668ff4f7bbe9abd320f

                                        SHA1

                                        c07b1c7b7cbf4b65d5b7d4717cbb6405087857a3

                                        SHA256

                                        46d8c13876da79dc93cac213a93fbc04a6e3ebddbc23cc003acebd7941d5f1ae

                                        SHA512

                                        f24148f0cab6c97b00a84e047d61690558b599aa3fa26895082f49ab485ec5b9e837899908ca631fc258c4f8d4c29765a5b4e05066965239935fb2e28f4dca92

                                      • C:\ProgramData\vshost\vshost.exe

                                        Filesize

                                        238KB

                                        MD5

                                        4e6a7ee0e286ab61d36c26bd38996821

                                        SHA1

                                        820674b4c75290f8f667764bfb474ca8c1242732

                                        SHA256

                                        f67daf4bf2ad0e774bbd53f243e66806397036e5fde694f3856b27bc0463c0a3

                                        SHA512

                                        f9d99d960afce980421e654d1d541c1fdb81252615c48eed5c4a5c962cb20123d06dbdf383a37a476aa41e4ffabca30e95a8735739c35f66efbaa1dee8a9ba8a

                                      • C:\ProgramData\winst\winst.exe

                                        Filesize

                                        211KB

                                        MD5

                                        59238144771807b1cbc407b250d6b2c3

                                        SHA1

                                        6c9f87cca7e857e888cb19ea45cf82d2e2d29695

                                        SHA256

                                        8baa5811836c0b4a64810f6a7d6e1d31d7f80350c69643dc9594f58fd0233a7b

                                        SHA512

                                        cf2f8b84526ae8a1445a2d8a2b9099b164f80a7b7290f68058583b0b235395d749ad0b726c4e36d5e901c18d6946fd9b0dd76c20016b65dc7a3977f68ee4a220

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                                        Filesize

                                        649B

                                        MD5

                                        0a4b5d087eecc56f6b5dbf41a16ee2ca

                                        SHA1

                                        f2aab3c1ec3078543a5c8f2735870af7ea58cffe

                                        SHA256

                                        2148e0d9c995fd1d86d3d265772f38eec18b4c6215dab748165662215e950ebe

                                        SHA512

                                        e2e162c9ee679f0360e1e69b38851572a6af3f18519b6bbffb457b23c7b15b2a775a38679ec25fede451aa6df09fc5c7f280646d91aa97b4cd2e4722274f96ff

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                        Filesize

                                        336B

                                        MD5

                                        b14d04f4d1242b69a64e47741eade263

                                        SHA1

                                        e32b8613f216ed159dd6b3b8df9c68505331cd88

                                        SHA256

                                        88de28c6f7190075c4484a267c745aaaf012627ba01540467aa27a26d6ce9e0d

                                        SHA512

                                        03e51649a70a903481b1641fe121d6e81469b6b5bddb5a6717c2d156173f14f293c337021f67c12241884a2b222410ed78710565ac9c9cda34bfec2279c77efb

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                        Filesize

                                        3KB

                                        MD5

                                        a422bbf3031c8793f3a23598c9d56a7e

                                        SHA1

                                        af490ab6d9948a3b6419e0f3a3ce44fb3895f4a3

                                        SHA256

                                        462bd1d5068f0dba6c8700e6badb18ded39cebb389c79e863727b69fd440fd40

                                        SHA512

                                        d9d3451814cd4dd167a320febc89f02a6da4d39336dbbea1cd23cce063c49b769561ad28c71f172add4547b093f4d4ea03d62f6b9db4e14ff8987e3bd839a234

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                        Filesize

                                        3KB

                                        MD5

                                        e68cf3b06da4f5d1666f7836430785a0

                                        SHA1

                                        8420eaf71f1e321340b3fa0cd67c95e28de79f27

                                        SHA256

                                        6a6823c96e5ea4104ef66d1f77d36b3f6745b571b6d2e088ce68fe7aa5c3e6e5

                                        SHA512

                                        99baa0d7d5f9f862f20954d7565901b1ebf540e2622928122eed53b3012f6679f6c865e07a10a8160e3996d2a13b542cf1f20a51177326d18f79bf4dfa58357d

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                        Filesize

                                        2B

                                        MD5

                                        d751713988987e9331980363e24189ce

                                        SHA1

                                        97d170e1550eee4afc0af065b78cda302a97674c

                                        SHA256

                                        4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                        SHA512

                                        b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                        Filesize

                                        858B

                                        MD5

                                        74a14174b7cf4687a8d3419895e39e24

                                        SHA1

                                        47a3d617e97eb0e0414f40d94167f57f6182166e

                                        SHA256

                                        8443904f61f485ff58109f47da0ba6c45c21128e2af7a93fe1d11157ab71ac56

                                        SHA512

                                        55971a0759d5cbfb1bf22486c5d3f90db6007da52c821e275698ab071d5f452b17708eaac9b3583a30e60c241883826d048430f63cf3b8063c846c8c972e00a7

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                        Filesize

                                        9KB

                                        MD5

                                        72f7d23da7b0a10a80f39c4811864c4a

                                        SHA1

                                        5d29cf0110b53ddb8ce8ca3ea74086615029ba53

                                        SHA256

                                        7866f89b5d02bea54da585fc9675e9d1aad11175e2fa01c83c347d5dc3712e18

                                        SHA512

                                        4d5b96848f3ac58a24282df0640abbabae4cdcfe466d6de2bef5e0dd9ff00b7a64d9f1bf1b9209c155aac3396456bf1d7326e00fa4b7773e0a995f604063b0c4

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                        Filesize

                                        9KB

                                        MD5

                                        8c7a2d6a74ad1995a76ce50faac50f32

                                        SHA1

                                        b0860f7c8c11362125367d3cc92226938f8551d0

                                        SHA256

                                        3ff33a43fd963f76dbb53a46b44efb29f2995b291e8bfefc45d47b470cef5978

                                        SHA512

                                        31b630b19a9e682d867fe51cceabb8d5186d1669cd5f4c067cc139d054a3e436b561b090272f8cda1fd93634305f21c17c901fc5350fec28eaf5eeb3455c3e62

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                        Filesize

                                        9KB

                                        MD5

                                        bcb9464eae5bf08bfed3e38dd9fd90f1

                                        SHA1

                                        64f280c7383bfa1f07c9daf1a525eea96ef2f065

                                        SHA256

                                        e3eb028f525dfcbdf998ce7f359748c1f51a5d73b6872432ed6ef95ce8ed2add

                                        SHA512

                                        6b41238f8dabeeda4379113ba12b19ca48bdffa48f32d4fc24173efbdb0a560f176a8c55f4689ba3d42efdd16561ee51fe8cb77de30df1abac9e52d8e5e3acae

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                        Filesize

                                        9KB

                                        MD5

                                        3e97760ed8cec786ab7dbb0784de7182

                                        SHA1

                                        119526dbf6fe73fb0a065e854720795ea9f44782

                                        SHA256

                                        7f62717307539b34d22d090e854f852d65019139e15bc8ecdee80ebe893db6e5

                                        SHA512

                                        a2181701134a72a18fee5f5d8a1c3d73cfc1a8dec2d2b0e965083a88a9271013bc56a026ccd3df318c99e480057d60ec30e134319443c850ac93ca561acc9700

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                        Filesize

                                        9KB

                                        MD5

                                        5d9f7ee7f1b14b33f701aee78be88587

                                        SHA1

                                        32ebe01de75d9ed6eac7004f275693e63cff8be2

                                        SHA256

                                        090ad40799be1f088609865da2687da2bfde0a8dc81df2f1cc972ba8ecfbeee7

                                        SHA512

                                        e550d1b8f2747baaa80257c60d2abb558dceade2f038ac481175077f747247a0aeec66eb97386299d7839490f43eefc0b7abf724e6412792ebc4b7195c7b439f

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                        Filesize

                                        9KB

                                        MD5

                                        ad146ff9da16537b634710205280012f

                                        SHA1

                                        9f0aa6843d049777c38f291d44673bbc47342c17

                                        SHA256

                                        21f5a0d850f054d10acc63e1ceecf41956817f494649e7dec1bdd56ab725a524

                                        SHA512

                                        468e211c098ff1c53ce4f2bd27390bfd0b1bbbf255f0e729831b688574e53019eebac9fc1831542f07d0cb5b0961badfcf5375dc7c29fafb2b7d1cda33b363ed

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                        Filesize

                                        9KB

                                        MD5

                                        a34b581f4e1ec6a779ec10cd070ffaeb

                                        SHA1

                                        ad76418a9cf216738ba17a20a8b1e04b8071a02c

                                        SHA256

                                        18f3af67173f3444e5ba493aab40ba2f6d19b13cc0ecfc97d17f231ef3dcc447

                                        SHA512

                                        3579e82106cd31615d14abd617851faf14e845d489ac93c33f99e902f05dd2f352508ca9b4a696e495d232fe39340d67ec49aaeeb45dd9ae1dc0da24751d7405

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                        Filesize

                                        9KB

                                        MD5

                                        6209fd5aecaef99817c38c1780a31095

                                        SHA1

                                        ec893887494a7604eaa2ce20e0dac789286ea290

                                        SHA256

                                        61d185288705a6bbc6b61cb234dd260ce4561d599240384b1a5c5c3c1b210a2f

                                        SHA512

                                        26dbc5f88d9ac13881eee1aebd461fa98a28e1ece15e19e65b561554b8758f1a1cf86729dc9bb2e2dde3b2fd708b9544d13cf00720e63735e1a880654c334f2b

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                        Filesize

                                        9KB

                                        MD5

                                        b6d527dfbb352df8d2a7599ebe776698

                                        SHA1

                                        88299ceeaf2c7b4d3536cc53f374c15da9efe4a6

                                        SHA256

                                        3ba8050eb39c824f1a22b477fb62d70c4f911af161ad4e3447c29fadaa414fb6

                                        SHA512

                                        a54ec8c2fe4ab0029cc9510687f0fea9b71bf14ceb661bd51cda87eabce4e67bf103c57658feeb69f6300404fa224d25ee9adee21dff58f77225059aa11946ac

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                        Filesize

                                        9KB

                                        MD5

                                        32127fe92fe172e14191506611ddb43a

                                        SHA1

                                        436f3aba383b89b5f4655b703af083200ce71365

                                        SHA256

                                        37908305c696286ec9e018d027984398cbefd85c726a5192ac56088cd325e469

                                        SHA512

                                        6b4b88b565f387a7bcf2ab2e24f6a432a8484fafaa7622d89eccbcfbdbb553594c81249f3aac301e0c24fc21f9215039261390958393decf1d9f08f0cf8e3cc5

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                        Filesize

                                        9KB

                                        MD5

                                        ca25fa6afc6b226e65805842e6d9534f

                                        SHA1

                                        e2abe708bdd327a79f39194e1e4963dbcc69b502

                                        SHA256

                                        b7eb9ea810855a23b716e832ba0d88de1baae6614171d9e1c396d3046b1983c5

                                        SHA512

                                        d1039e712375ffe696e2036a95b54baa618fc952accfb131c819af0e965ca14228b7d70ada978ed0852f36ee24af6bd1ccbc938baa10e47ee98fffd0d2516014

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                        Filesize

                                        9KB

                                        MD5

                                        5417f38deece91ce951cee9d4c5af8f0

                                        SHA1

                                        a899f2a9fb6524ff5b9522ff9bb567ea4016bf16

                                        SHA256

                                        5409f1448b4ebb3c90c70f62835264bfb84d5f13d137530c319ab9d2d7a48e74

                                        SHA512

                                        b58553b01b540dd31fbbe48733bbbe8b819c5c95f69897ffeaa06a8183562e32043c44ee4857045bc3769b3112edcf9db41b115f0de9614474812e1d08d26876

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                        Filesize

                                        9KB

                                        MD5

                                        8aa32a4c2ccfe32e0b65e1bd4e04cd40

                                        SHA1

                                        00ebebac077615e96c25e818c57297c5034dace6

                                        SHA256

                                        e6639230bc60c1069fd7f6365b22bd3c2700ead14689456cdc342b5294e32829

                                        SHA512

                                        ec872da931de7bbcf530e156034084f106cf06f55affdd4cdda271de923b2ea93efbca0b18c4559556077369beb2bb1ad4abb56eda36436ba457bd8340e3c958

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                        Filesize

                                        9KB

                                        MD5

                                        d54a9baee802ddbf5204ac15ef435358

                                        SHA1

                                        4d44770da78ee727ddcee4a5ddf9d984b49cd5f1

                                        SHA256

                                        12ae4f2d59f95a990056e2c1a6b4d654c2bc4635f007b1912c29fe5e8fce17c4

                                        SHA512

                                        cdc5b90a0efe7b1ad681147ba0e941508812d93f859d16c579be5c4ea77a275c2f637730e5ea35caa88c6fc4939392d9c4fb929254a2620d798a530eaa5d4479

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                        Filesize

                                        9KB

                                        MD5

                                        b78b9a3236222d4d5cf4ed80a764e047

                                        SHA1

                                        0a7c5f947bf595da8e49c2755fc20a316b9a90cf

                                        SHA256

                                        c8c82b10d1ea5692670498b263e9265bbd0a534e2443ef5d251ba716d2b5801a

                                        SHA512

                                        b77f9c86515b3505f211e46800eedec4b474deac7fedc522d326f8510b08d120492a7af2db847262edad7c610cc0737d5087e17061cd0b7a9afd5ccb47d435a0

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                        Filesize

                                        9KB

                                        MD5

                                        4e1d76e953b36b64781dac893a9c55f9

                                        SHA1

                                        63916ce95b63d396fb1bc102e858ac359c160afb

                                        SHA256

                                        dcfc4b8818b70ca40b97d6918d47160c70f33d716a1034bfd5d57297270f30fe

                                        SHA512

                                        7767d6b4c2e08bcab28133bf3932d4d25aa8173778dd2188067c72b97e6ea9ef20bbd2b250fe8dae915497181d2d835ec93dd5e6c6f9b09d44f1d6c75641c557

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                        Filesize

                                        9KB

                                        MD5

                                        6ed37138170ede1e23022e7ab0d4efbd

                                        SHA1

                                        c39de50d1a3543dbd98cc523c2ecce644d84ae8e

                                        SHA256

                                        cc8b92fa454c44a50eaa29c580d47323397498197fe0850ac9741ed2461d4118

                                        SHA512

                                        8cb9aae8573c89885defe2650d25626eacd77ffebf7c98804b6d2b353ca4bb182b77bb73b156e2ac63159ec1a85d398e509de516f7a5b686e77f8e2ac0af5ac3

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                        Filesize

                                        9KB

                                        MD5

                                        a1bd7ff177120f033c74709c695e2b2c

                                        SHA1

                                        cc599f9d820a444e3a0bbbcf0ff64d3d05059e24

                                        SHA256

                                        1e4ad1a959d2c2c9e329831d93a523ea33e8ad7e1e7ece0d3ac1e9f4248c40ab

                                        SHA512

                                        911341d64ef327b40d7426a7a4948228a17cc4f2ce544cede8db6d2e0f801b0a8ab0e7556b7e38949768022e9dae3edaaf7986d7fe98785bbedb0eab5d1940e4

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                        Filesize

                                        9KB

                                        MD5

                                        cb2da287fd2d1cac98993bc19cf838af

                                        SHA1

                                        58c8bbedc6d86803f07750b44d6be888787d1006

                                        SHA256

                                        c085595fa82a0513c73ef9d976d091026f8cc55b731285f19dc7bc530f4e28da

                                        SHA512

                                        1185ada6c5cd2837b404eb4d6c48637753c83440c181c9cddf44354bf5ab47e2e153de42cc75b53e83d6847e8483e86122401571a1d390863c9ddc32bb080155

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                        Filesize

                                        9KB

                                        MD5

                                        5f3dd32188dc1360c542aebfeb3428b4

                                        SHA1

                                        4cf1e064a5e844aa1b7a94a222ed4f8bd559954a

                                        SHA256

                                        6fcee4cade35b3c280e2cef191d45908fab1ebba514bf0d5d173308259fb48bd

                                        SHA512

                                        1995574d7edc7db03aaed87d19d0d56f535b9dec6567d67d94ee712cd1b0e9a5240cf90515111143c96af13a0c7e9368c77f068266b774d62863a9c9a0e5b43c

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                        Filesize

                                        99KB

                                        MD5

                                        98945b235a56811e0b3aaaf4e9419420

                                        SHA1

                                        902e4f7d65c49fd38b9d8be61e3ae58201b1efc7

                                        SHA256

                                        3feebfb5c0b32f1a1097f84113733e1b35d89da0d5e30bbdcc3a65e2bf6c5720

                                        SHA512

                                        3001913e442f5e3fe47cfd306745d47c31d6da3230fd39ed09319855827f12651d1ea78f987fe9bd1595c5042c3ffcf6b5f640feb195272d0ce57831c762eae9

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                        Filesize

                                        99KB

                                        MD5

                                        6541a2a9b3d890e2d35b55571a8eb86f

                                        SHA1

                                        c4578533d7cfc131bb020dffc3bd9f74205e8655

                                        SHA256

                                        653a5bbcd973a32557c21518b56b23be39ec727b41e8a0629b5ffe1096a00e97

                                        SHA512

                                        2d4d65b244b01ee90928e349430bf3ebf7abfaf40d0e7a28c1447ff291e22589e96f89f39ed246e298045276ee49709b785302791e8af9df83b71a6866dc46a6

                                      • C:\Users\Admin\AppData\Local\Temp\5658.tmp\5659.tmp\565A.bat

                                        Filesize

                                        1KB

                                        MD5

                                        fc4af7384f0b6f274dd3e745f0aceeaa

                                        SHA1

                                        31b310f869b15b84e52ef282cabaee974e5043cf

                                        SHA256

                                        f27a781bd4e8788990ceecac17ba4b9642e15f0d311e17d62c70db694c207a34

                                        SHA512

                                        dc7b542d89236105c8b8976e5af0e9e557eaa919adb2e8384b55b70c0b5bc6f00d2010538b9abaca90bb797d24fd509acdc1b3a6beea27f11405bf198349f57f

                                      • C:\Users\Admin\AppData\Local\Temp\c6ef4c2b-9a55-40b4-957b-c3cb74191397\GunaDotNetRT64.dll

                                        Filesize

                                        142KB

                                        MD5

                                        9c43f77cb7cff27cb47ed67babe3eda5

                                        SHA1

                                        b0400cf68249369d21de86bd26bb84ccffd47c43

                                        SHA256

                                        f25b9288fe370dcfcb4823fb4e44ab88c7f5fce6e137d0dba389a3dba07d621e

                                        SHA512

                                        cde6fb6cf8db6f9746e69e6c10214e60b3646700d70b49668a2a792e309714dd2d4c5a5241977a833a95fcde8318abcc89eb9968a5039a0b75726bbfa27125a7

                                      • C:\Windows\System32\h920ln.exe

                                        Filesize

                                        7.2MB

                                        MD5

                                        f6d8913637f1d5d2dc846de70ce02dc5

                                        SHA1

                                        5fc9c6ab334db1f875fbc59a03f5506c478c6c3e

                                        SHA256

                                        4e72ca1baee2c7c0f50a42614d101159a9c653a8d6f7498f7bf9d7026c24c187

                                        SHA512

                                        21217a0a0eca58fc6058101aa69cf30d5dbe419c21fa7a160f44d8ebbcf5f4011203542c8f400a9bb8ee3826706417f2939c402f605817df597b7ff812b43036

                                      • \??\pipe\crashpad_4400_FAWPDDPYSLQBFUMF

                                        MD5

                                        d41d8cd98f00b204e9800998ecf8427e

                                        SHA1

                                        da39a3ee5e6b4b0d3255bfef95601890afd80709

                                        SHA256

                                        e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                        SHA512

                                        cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                      • memory/844-170-0x0000000000400000-0x0000000000439000-memory.dmp

                                        Filesize

                                        228KB

                                      • memory/844-134-0x0000000000400000-0x0000000000439000-memory.dmp

                                        Filesize

                                        228KB

                                      • memory/2328-110-0x00007FFCE8213000-0x00007FFCE8215000-memory.dmp

                                        Filesize

                                        8KB

                                      • memory/2328-111-0x0000000000490000-0x00000000005B8000-memory.dmp

                                        Filesize

                                        1.2MB

                                      • memory/2328-113-0x00007FFCE8210000-0x00007FFCE8CD1000-memory.dmp

                                        Filesize

                                        10.8MB

                                      • memory/2328-115-0x00007FFCE8210000-0x00007FFCE8CD1000-memory.dmp

                                        Filesize

                                        10.8MB

                                      • memory/3428-160-0x00007FFCEA220000-0x00007FFCEA247000-memory.dmp

                                        Filesize

                                        156KB

                                      • memory/3428-161-0x00007FFCE7560000-0x00007FFCE76AE000-memory.dmp

                                        Filesize

                                        1.3MB

                                      • memory/3428-142-0x000001FC830C0000-0x000001FC84184000-memory.dmp

                                        Filesize

                                        16.8MB

                                      • memory/3428-152-0x000001FC9EA50000-0x000001FC9EC42000-memory.dmp

                                        Filesize

                                        1.9MB

                                      • memory/3428-169-0x000001FCA5530000-0x000001FCA556C000-memory.dmp

                                        Filesize

                                        240KB

                                      • memory/3428-172-0x00007FFCEA220000-0x00007FFCEA247000-memory.dmp

                                        Filesize

                                        156KB

                                      • memory/3428-166-0x000001FCA54B0000-0x000001FCA54BA000-memory.dmp

                                        Filesize

                                        40KB

                                      • memory/3428-165-0x000001FCA54D0000-0x000001FCA54E2000-memory.dmp

                                        Filesize

                                        72KB

                                      • memory/3428-164-0x000001FCA54A0000-0x000001FCA54AC000-memory.dmp

                                        Filesize

                                        48KB

                                      • memory/3428-163-0x000001FC9F050000-0x000001FC9F082000-memory.dmp

                                        Filesize

                                        200KB

                                      • memory/3428-162-0x000001FC9F0D0000-0x000001FC9F310000-memory.dmp

                                        Filesize

                                        2.2MB

                                      • memory/5884-186-0x000001E2174B0000-0x000001E2174B1000-memory.dmp

                                        Filesize

                                        4KB

                                      • memory/5884-185-0x000001E2174B0000-0x000001E2174B1000-memory.dmp

                                        Filesize

                                        4KB

                                      • memory/5884-190-0x000001E2174B0000-0x000001E2174B1000-memory.dmp

                                        Filesize

                                        4KB

                                      • memory/5884-184-0x000001E2174B0000-0x000001E2174B1000-memory.dmp

                                        Filesize

                                        4KB

                                      • memory/5884-191-0x000001E2174B0000-0x000001E2174B1000-memory.dmp

                                        Filesize

                                        4KB

                                      • memory/5884-192-0x000001E2174B0000-0x000001E2174B1000-memory.dmp

                                        Filesize

                                        4KB

                                      • memory/5884-193-0x000001E2174B0000-0x000001E2174B1000-memory.dmp

                                        Filesize

                                        4KB

                                      • memory/5884-194-0x000001E2174B0000-0x000001E2174B1000-memory.dmp

                                        Filesize

                                        4KB

                                      • memory/5884-195-0x000001E2174B0000-0x000001E2174B1000-memory.dmp

                                        Filesize

                                        4KB

                                      • memory/5884-196-0x000001E2174B0000-0x000001E2174B1000-memory.dmp

                                        Filesize

                                        4KB

                                      • memory/6092-201-0x0000000000840000-0x000000000088E000-memory.dmp

                                        Filesize

                                        312KB