Overview

overview

10

Static

static

10

Client.exe

windows7-x64

10

Client.exe

windows10-2004-x64

10

Resubmissions

05-09-2024 13:44

240905-q16deasbkr 10

02-09-2024 17:59

240902-wk51lavbpn 10

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-09-2024 17:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Client.exe

  • Size

    158KB

  • MD5

    ff04efb632b00fdd46fd3fe992ea8a37

  • SHA1

    8a6f3fd785ac3d78e8de79656a9fa8f0c9527fb7

  • SHA256

    dee58e8a247eab9726675a03ddc8485c66a204d7b9f2211d8fea89729d45e7a5

  • SHA512

    a5747653fcaa76aea2cf7bc601b87e583c37f9fa34e399f30d4eaa816655b04c1ec14807477ddb965d6f276e4023560618550d124483e9608585fcbf392dde5a

  • SSDEEP

    3072:qbzGH+0OoCthfbEFtbcfjF45gjryKKqH6JY2doszEmQotEPPcfPTKO8Y:qbzGe0ODhTEPgnjuIJzo+PPcfPT18

Score
10/10
arrowratclientcredential_accessdiscoveryexecutionpersistenceratstealer

Malware Config

Extracted

Family

arrowrat

Botnet

Client

C2

6.tcp.eu.ngrok.io:13114

Mutex

rLGiSBuYa

Signatures

  • ArrowRat

    Remote access tool with various capabilities first seen in late 2021.

    ratarrowrat
  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Credentials from Password Stores: Credentials from Web Browsers 1 TTPs

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer
  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 1 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

    Run Powershell and hide display window.

    execution
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops desktop.ini file(s) 1 IoCs
  • Enumerates connected drives 3 TTPs 2 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Program Files directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 22 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 42 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 57 IoCs
  • Suspicious use of SendNotifyMessage 23 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\Client.exe
    "C:\Users\Admin\AppData\Local\Temp\Client.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Checks computer location settings
    • Suspicious use of SetThreadContext
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2792
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      2⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Drops desktop.ini file(s)
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:832
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe" Client 6.tcp.eu.ngrok.io 13114 rLGiSBuYa
      2⤵
        PID:1472
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe" Client 6.tcp.eu.ngrok.io 13114 rLGiSBuYa
        2⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:3808
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --no-sandbox --allow-no-sandbox-job --disable-accelerated-layers --disable-accelerated-plugins --disable-audio --disable-gpu --disable-d3d11 --disable-accelerated-2d-canvas --disable-deadline-scheduling --disable-ui-deadline-scheduling --aura-no-shadows --mute-audio
          3⤵
          • Enumerates system info in registry
          • Modifies data under HKEY_USERS
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of WriteProcessMemory
          PID:828
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Pandora /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Pandora --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb8cbdcc40,0x7ffb8cbdcc4c,0x7ffb8cbdcc58
            4⤵
              PID:4300
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --field-trial-handle=2012,i,6386611956974961025,17420569228484047524,262144 --variations-seed-version --mojo-platform-channel-handle=2008 /prefetch:2
              4⤵
                PID:4860
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --no-appcompat-clear --field-trial-handle=1836,i,6386611956974961025,17420569228484047524,262144 --variations-seed-version --mojo-platform-channel-handle=2068 /prefetch:3
                4⤵
                  PID:4024
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --no-appcompat-clear --field-trial-handle=2036,i,6386611956974961025,17420569228484047524,262144 --variations-seed-version --mojo-platform-channel-handle=2124 /prefetch:8
                  4⤵
                    PID:2632
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --no-appcompat-clear --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2828,i,6386611956974961025,17420569228484047524,262144 --variations-seed-version --mojo-platform-channel-handle=2848 /prefetch:1
                    4⤵
                      PID:1768
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --no-appcompat-clear --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2852,i,6386611956974961025,17420569228484047524,262144 --variations-seed-version --mojo-platform-channel-handle=2876 /prefetch:1
                      4⤵
                        PID:1652
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --extension-process --no-appcompat-clear --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3376,i,6386611956974961025,17420569228484047524,262144 --variations-seed-version --mojo-platform-channel-handle=3396 /prefetch:2
                        4⤵
                          PID:4888
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --extension-process --no-appcompat-clear --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3348,i,6386611956974961025,17420569228484047524,262144 --variations-seed-version --mojo-platform-channel-handle=3408 /prefetch:2
                          4⤵
                            PID:4532
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --no-appcompat-clear --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4092,i,6386611956974961025,17420569228484047524,262144 --variations-seed-version --mojo-platform-channel-handle=3228 /prefetch:1
                            4⤵
                              PID:672
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-sandbox --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --no-appcompat-clear --field-trial-handle=3116,i,6386611956974961025,17420569228484047524,262144 --variations-seed-version --mojo-platform-channel-handle=4060 /prefetch:8
                              4⤵
                                PID:1684
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-sandbox --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --no-appcompat-clear --field-trial-handle=4332,i,6386611956974961025,17420569228484047524,262144 --variations-seed-version --mojo-platform-channel-handle=4344 /prefetch:8
                                4⤵
                                  PID:3008
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --no-appcompat-clear --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4336,i,6386611956974961025,17420569228484047524,262144 --variations-seed-version --mojo-platform-channel-handle=4404 /prefetch:1
                                  4⤵
                                    PID:4312
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --no-appcompat-clear --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4440,i,6386611956974961025,17420569228484047524,262144 --variations-seed-version --mojo-platform-channel-handle=4384 /prefetch:1
                                    4⤵
                                      PID:4736
                                    • C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe
                                      "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --force-configure-user-settings
                                      4⤵
                                      • Drops file in Program Files directory
                                      • Suspicious use of WriteProcessMemory
                                      PID:5192
                                      • C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe
                                        "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x26c,0x270,0x274,0x268,0x244,0x7ff7e1f94698,0x7ff7e1f946a4,0x7ff7e1f946b0
                                        5⤵
                                        • Drops file in Program Files directory
                                        PID:5252
                                      • C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe
                                        "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\Google\Chrome\Application\initial_preferences" --create-shortcuts=1 --install-level=0
                                        5⤵
                                        • Drops file in Program Files directory
                                        • Modifies registry class
                                        • Suspicious use of FindShellTrayWindow
                                        • Suspicious use of WriteProcessMemory
                                        PID:5292
                                        • C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe
                                          "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x268,0x26c,0x270,0x244,0x274,0x7ff7e1f94698,0x7ff7e1f946a4,0x7ff7e1f946b0
                                          6⤵
                                          • Drops file in Program Files directory
                                          PID:5316
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --no-appcompat-clear --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4488,i,6386611956974961025,17420569228484047524,262144 --variations-seed-version --mojo-platform-channel-handle=4396 /prefetch:1
                                      4⤵
                                        PID:5588
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-sandbox --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --no-appcompat-clear --field-trial-handle=4476,i,6386611956974961025,17420569228484047524,262144 --variations-seed-version --mojo-platform-channel-handle=4448 /prefetch:8
                                        4⤵
                                          PID:5596
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --no-appcompat-clear --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4516,i,6386611956974961025,17420569228484047524,262144 --variations-seed-version --mojo-platform-channel-handle=4392 /prefetch:1
                                          4⤵
                                            PID:5604
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --no-appcompat-clear --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4412,i,6386611956974961025,17420569228484047524,262144 --variations-seed-version --mojo-platform-channel-handle=4420 /prefetch:1
                                            4⤵
                                              PID:5860
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-sandbox --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --no-appcompat-clear --field-trial-handle=4428,i,6386611956974961025,17420569228484047524,262144 --variations-seed-version --mojo-platform-channel-handle=4624 /prefetch:8
                                              4⤵
                                                PID:5876
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --no-appcompat-clear --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=4668,i,6386611956974961025,17420569228484047524,262144 --variations-seed-version --mojo-platform-channel-handle=4680 /prefetch:1
                                                4⤵
                                                  PID:4476
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-sandbox --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --no-appcompat-clear --field-trial-handle=4460,i,6386611956974961025,17420569228484047524,262144 --variations-seed-version --mojo-platform-channel-handle=4480 /prefetch:8
                                                  4⤵
                                                    PID:1760
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --no-appcompat-clear --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=4456,i,6386611956974961025,17420569228484047524,262144 --variations-seed-version --mojo-platform-channel-handle=4724 /prefetch:1
                                                    4⤵
                                                      PID:5220
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-sandbox --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --no-appcompat-clear --field-trial-handle=4732,i,6386611956974961025,17420569228484047524,262144 --variations-seed-version --mojo-platform-channel-handle=4500 /prefetch:8
                                                      4⤵
                                                        PID:5880
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --extension-process --no-appcompat-clear --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=4500,i,6386611956974961025,17420569228484047524,262144 --variations-seed-version --mojo-platform-channel-handle=3956 /prefetch:2
                                                        4⤵
                                                          PID:5112
                                                    • C:\Windows\System32\ComputerDefaults.exe
                                                      "C:\Windows\System32\ComputerDefaults.exe"
                                                      2⤵
                                                      • Suspicious use of WriteProcessMemory
                                                      PID:1140
                                                      • C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe
                                                        "PowerShell.exe" -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Pan\dora'
                                                        3⤵
                                                        • Command and Scripting Interpreter: PowerShell
                                                        • Suspicious behavior: EnumeratesProcesses
                                                        • Suspicious use of AdjustPrivilegeToken
                                                        PID:3764
                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                    1⤵
                                                    • Modifies registry class
                                                    • Suspicious use of SetWindowsHookEx
                                                    PID:2180
                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                    1⤵
                                                    • Modifies Internet Explorer settings
                                                    • Modifies registry class
                                                    • Suspicious use of SetWindowsHookEx
                                                    PID:4876
                                                  • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                                    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                                    1⤵
                                                      PID:5112
                                                    • C:\Windows\system32\svchost.exe
                                                      C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                                      1⤵
                                                        PID:5204

                                                      Network

                                                      MITRE ATT&CK Enterprise v15

                                                      Replay Monitor

                                                      Loading Replay Monitor...

                                                      Downloads

                                                      • C:\Program Files\Crashpad\settings.dat
                                                        Filesize

                                                        40B

                                                        MD5

                                                        5dfde63f027a7a06602d44b08a5c6146

                                                        SHA1

                                                        a7e56fa442e4a5dc5dcba1386928e0ee64b0fa62

                                                        SHA256

                                                        a523945e3f1cbc365dd8b53f51c9824167478d8133790ca2d4bff4cd06cea172

                                                        SHA512

                                                        37210c50c4a9105ae6906f74f167a2ff2b49bf6c40c2624c584d7f2147b8a54d03a36a95d15ccd0f5ce52339ef858ae641dc7951c6838ab734397f28163705af

                                                        Download Submit

                                                      • C:\Program Files\Google\Chrome\Application\SetupMetrics\20240902180109.pma
                                                        Filesize

                                                        520B

                                                        MD5

                                                        d7bdecbddac6262e516e22a4d6f24f0b

                                                        SHA1

                                                        1a633ee43641fa78fbe959d13fa18654fd4a90be

                                                        SHA256

                                                        db3be7c6d81b2387c39b32d15c096173022cccee1015571dd3e09f2a69b508a9

                                                        SHA512

                                                        1e72db18de776fe264db3052ce9a842c9766a720a9119fc6605f795c36d4c7bf8f77680c5564f36e591368ccd354104a7412f267c4157f04c4926bce51aeeaa1

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Cache\Cache_Data\data_1
                                                        Filesize

                                                        264KB

                                                        MD5

                                                        d0d388f3865d0523e451d6ba0be34cc4

                                                        SHA1

                                                        8571c6a52aacc2747c048e3419e5657b74612995

                                                        SHA256

                                                        902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

                                                        SHA512

                                                        376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Code Cache\js\index-dir\the-real-index
                                                        Filesize

                                                        96B

                                                        MD5

                                                        122d25d08182c3998d2b047e68636b75

                                                        SHA1

                                                        a0758991cc312081d43591619b43afbfc9e04a9c

                                                        SHA256

                                                        138b8863d4c98aa4ae0545a6567c7e41853e678ef50fb88cf2c9f2edaf8752bc

                                                        SHA512

                                                        379c33973190b88728b4c89be55dd8b19d78a5d3005af46811a25ad2d969c76dc1c517f3459d78826d599dc5a7a8214679d61ba0c45734d23e77fbb911c0d44c

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Code Cache\js\index-dir\the-real-index
                                                        Filesize

                                                        48B

                                                        MD5

                                                        e2b3396a8d3c722e7764a9337a3e1452

                                                        SHA1

                                                        19dd5da481c1e6c077c19f44dfa8121f744f32d2

                                                        SHA256

                                                        0b2f1e2c381e7854d2fa9d936800866f6339700559879f755dea5143b95393c4

                                                        SHA512

                                                        6ee547eda3008916431cd04da3fea8ca64d2ed49aa7345935fd553f10c5d84997723c6389cf85789acfd9c947d72731e851b4091b3c909d2b0428f17a7b2d14a

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\en_CA\messages.json
                                                        Filesize

                                                        851B

                                                        MD5

                                                        07ffbe5f24ca348723ff8c6c488abfb8

                                                        SHA1

                                                        6dc2851e39b2ee38f88cf5c35a90171dbea5b690

                                                        SHA256

                                                        6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

                                                        SHA512

                                                        7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\dasherSettingSchema.json
                                                        Filesize

                                                        854B

                                                        MD5

                                                        4ec1df2da46182103d2ffc3b92d20ca5

                                                        SHA1

                                                        fb9d1ba3710cf31a87165317c6edc110e98994ce

                                                        SHA256

                                                        6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

                                                        SHA512

                                                        939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Local Storage\leveldb\CURRENT
                                                        Filesize

                                                        16B

                                                        MD5

                                                        46295cac801e5d4857d09837238a6394

                                                        SHA1

                                                        44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                        SHA256

                                                        0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                        SHA512

                                                        8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Local Storage\leveldb\MANIFEST-000001
                                                        Filesize

                                                        41B

                                                        MD5

                                                        5af87dfd673ba2115e2fcf5cfdb727ab

                                                        SHA1

                                                        d5b5bbf396dc291274584ef71f444f420b6056f1

                                                        SHA256

                                                        f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                                        SHA512

                                                        de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Network\Network Persistent State
                                                        Filesize

                                                        1KB

                                                        MD5

                                                        73a6ba23fc882ea211336f705bf1b1f8

                                                        SHA1

                                                        dc70ec1b807932b16d2dd321fabf7d0e881a3dfa

                                                        SHA256

                                                        062500beed24d92dbe3a81e7f42577b96679e6f6e5a3ed16176d8d13b8d081d3

                                                        SHA512

                                                        49249a269f59c6163b4be2f948a53350870464c4fb6d051b820fd5e4b364bead34de38a3622dd84066e71e90cb2b748e7247ebf40077ca6d07bcb24539755d1d

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Network\Network Persistent State~RFe59df5a.TMP
                                                        Filesize

                                                        59B

                                                        MD5

                                                        2800881c775077e1c4b6e06bf4676de4

                                                        SHA1

                                                        2873631068c8b3b9495638c865915be822442c8b

                                                        SHA256

                                                        226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

                                                        SHA512

                                                        e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Network\SCT Auditing Pending Reports
                                                        Filesize

                                                        2B

                                                        MD5

                                                        d751713988987e9331980363e24189ce

                                                        SHA1

                                                        97d170e1550eee4afc0af065b78cda302a97674c

                                                        SHA256

                                                        4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                        SHA512

                                                        b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Preferences
                                                        Filesize

                                                        8KB

                                                        MD5

                                                        6efea4f4f8bfa8bde445e9c47589d9ad

                                                        SHA1

                                                        abf2e75da4c7773cbe8f8e086787a48804c8af6a

                                                        SHA256

                                                        68d30c041cfa4c34d2890e17bc0947da2b3bd74bd8d4853efd976649d69a6bda

                                                        SHA512

                                                        8ae481a5e073801e03f107f2634eaa9f663defd8dddce479f706dcaecc761e4d3e03a849d7b10659bacdadb5dc0e5be2c43caadbbf2e3bc2ae73685fba1866be

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Preferences
                                                        Filesize

                                                        8KB

                                                        MD5

                                                        52fa07f0ae40ac2d960e90c2e2d56615

                                                        SHA1

                                                        2774cc1e3e2b65e51ea24c3e53863b83b9e89005

                                                        SHA256

                                                        15c8e5c5d7185d6ea42599a5b5a3116f828a56d4f87f83c3fe2fa8425cd50fd6

                                                        SHA512

                                                        9895bacd341562acce3b265956b005861df7e97dda777e6675982a2a4058f1e4d8716d3829e7c46b5444ca64442f5ddbad7e6032b9a935c1c1fcda3e21f017b0

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Preferences
                                                        Filesize

                                                        8KB

                                                        MD5

                                                        40255d90fe719a72f6651e94ef355943

                                                        SHA1

                                                        0ca22441563aa2aadea0238b91270a989208133f

                                                        SHA256

                                                        e4462074b474f92924c360289af5e2e4399d40eda57ba9a5eb2ec75ce0008606

                                                        SHA512

                                                        d24d2928b10dc6252de0acc83e939183d8c7882b7f90b11ef66937b60afd8002379a2fec6091fc3db2821b36a5deff8877fa5941a154a7954b46438c7b6cdc4b

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Preferences
                                                        Filesize

                                                        8KB

                                                        MD5

                                                        120064306d57fd5ab39270f05179b8ec

                                                        SHA1

                                                        64ef0a210e5ecca1a20d8667db52a1c5db4c36d7

                                                        SHA256

                                                        471fcb05b9600a5c5ed28bcccbb286b3794a75bb61c7c86df744ad93aaf6eb0c

                                                        SHA512

                                                        c0e118e9815824f66d13739276def448361786ef923827e657fc86bf1260de8413d2ab47cc0ed9d43ce134a888de4ad408a0400df1c0858ad63e0d023c61e9b5

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Preferences
                                                        Filesize

                                                        8KB

                                                        MD5

                                                        f5c4a4848513155c98777df2fe206d39

                                                        SHA1

                                                        df81592437e3b2dc91a42474405e17ac1a63a625

                                                        SHA256

                                                        8fd0267c152f1fe28c3de451b28cbb8e006c7d206988c4bc0131b4736628296e

                                                        SHA512

                                                        edad61a2745fefea9e39284fb55c1d64c2201f39b4c6e3fc7e4754de263ff3beaa5460ec816ea3f818dcd5f2f593c64a3938c461edde9293debed947a37b1d2f

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Preferences~RFe58ef3d.TMP
                                                        Filesize

                                                        1KB

                                                        MD5

                                                        e9ca0f8ac42bca7ad831341b78f8e5bd

                                                        SHA1

                                                        f387996aaae397096791395765fc823e269c5209

                                                        SHA256

                                                        803c5f0591e1990ec46ecd173e71c3799fbf5cd518d579c68cd693436563c53b

                                                        SHA512

                                                        49662870d6e936eec167b52000af5f0c889da9bb34920a28f8c54aec646e747233af8ff4af7b2af0d14fde530fa1a9a76722bbd3d7ccd6d0ade8c2bca237ced4

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Service Worker\ScriptCache\index-dir\the-real-index
                                                        Filesize

                                                        72B

                                                        MD5

                                                        292fe4143b94974857845727b78d1981

                                                        SHA1

                                                        51a84f00eb0718d3146869533683bf890ff3ab50

                                                        SHA256

                                                        08dc714c704dbfc2499bb1cdfc733e7e5a20196e2b5afe52d6930c0c3cd42463

                                                        SHA512

                                                        a7d3c212d78cc62d56814620b36ffbb1d0ddd4755b364356e0e78160e4593de8bae7cc602ff345ba5d346eae347c32aa251b61179b525540dc2e7c7c598b9706

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59306d.TMP
                                                        Filesize

                                                        48B

                                                        MD5

                                                        0c289f59ca7dc93ccc5b349b5535da2e

                                                        SHA1

                                                        f72445a343e1ec30cd605b3e1e7c9f668fb44653

                                                        SHA256

                                                        33f1fd437cf85ef7a4d98528192165ffccb712b42202091b4392d6715d0a08cb

                                                        SHA512

                                                        95b2f7f4d86e1bd062257874614b1795086c2967fabaccea8b65af6ed9383d67788cea941749e044fdad7f66196e7f2b1aed4eb19539974b6d8ae8e48504dada

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\32.png
                                                        Filesize

                                                        1KB

                                                        MD5

                                                        40c4ea664da063cccf37a00d0dea5f88

                                                        SHA1

                                                        f524c4c8544d5e8b7d5a29ba74fbe865c0fa303b

                                                        SHA256

                                                        91289705a496311822aa52d067f2a029025293f1c22779f3a8bc483e211ce1d8

                                                        SHA512

                                                        bbe182958560fa196423bc1b50575b078e4a3b2b170427074442a42a3f21ae7d91d3115e75f38335c778070142d2d1bc929bfa22bf0fb2ae644c0478f6d58d51

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\48.png
                                                        Filesize

                                                        2KB

                                                        MD5

                                                        9e1a6c45e7a5b26e6dfcb060fe4ec411

                                                        SHA1

                                                        8895839baaf4a6ce1189fd8c5572c3c8298ddcc0

                                                        SHA256

                                                        102aeb88e02ce1cd5c91ce4ab3c5880be33b6a440ee7f24c9e38741e79b46273

                                                        SHA512

                                                        323180dbdb0ebed3f398d5e7233f681ec85bd0815ef463d8351e17e99ee6f9f47badc9bdd9ab197249fe85e2c0d2457760f7bb7550c9c55110f333d13bfbe8fb

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\64.png
                                                        Filesize

                                                        3KB

                                                        MD5

                                                        65e00211feede352e87ff869cd3d1b1e

                                                        SHA1

                                                        2ede8e165651f24a165f31bd2b4591d124d5fdde

                                                        SHA256

                                                        dc78a4be5b92c40c32dbbd4bcc3c65057105db062c088fadcf835a5e161095a1

                                                        SHA512

                                                        1fec808d0591868de3e27863e095ded619cfb825239eb05aab61f9ddb09bca28534e5a1a6f0d39a47affb7a3371d07cca9701b8dabcd297ff2fd116c9123fe61

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\32.png
                                                        Filesize

                                                        1KB

                                                        MD5

                                                        44188def4e01c25516ca590c90499b2f

                                                        SHA1

                                                        0a9258ac71dbd02eb2e5a592365c9e8a3744d3c7

                                                        SHA256

                                                        be3a2fe70a27da2e9836e8b96a0dcfdd980702f69124f984f82de2b8699fe977

                                                        SHA512

                                                        f202686756dd603d4d98b36421e2613003279601328aae2214ffa3226a6a7c6102703808877818a989f2927677210dbb7bfa49ccd870771b399abdfa2431dca8

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\48.png
                                                        Filesize

                                                        2KB

                                                        MD5

                                                        b87bfabaff9e7370835ea8790c87409b

                                                        SHA1

                                                        d9641aa79839fa5067ee9054cd61e0eecccfc7ec

                                                        SHA256

                                                        d67823095d8a91a0d4638ba75216c2f4b467f4fca5a56c4e45e88091b17dfdc5

                                                        SHA512

                                                        d8e3e59056076919afc7b5640d4f5964abbaac8537bb547da68f7a91c314a72615059024fa6e517134da81a38d4701138f50e37bf99a37ac3353ca5d92ed162e

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\64.png
                                                        Filesize

                                                        3KB

                                                        MD5

                                                        72af0c1352184e984612088a6df54e53

                                                        SHA1

                                                        12faf6f7b28cc2d4be9d639a770e54d895d6fe58

                                                        SHA256

                                                        e036bcb9f333d3d7e12492247e02fc6d599e12c42cc008fcbbac37def93ca0da

                                                        SHA512

                                                        8dfed220c6391592aa1bc06000548f1f18ce1e6b47b6e3b47f11185cb0d0c48f961c82c6abb598ee1dcde7ed87c59026cd282ee56f5e0dd1f48ec89a207f4623

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons\32.png
                                                        Filesize

                                                        1024B

                                                        MD5

                                                        ca6289a7d8f9ecc17f8de717faf1af27

                                                        SHA1

                                                        4ccf3c6a9291f0a8a3090c22aca6f1872c860073

                                                        SHA256

                                                        3d7283090cf1a87baae4032266e4d144f7ec2ea465e7b2bf02728aa394c678f0

                                                        SHA512

                                                        100fb108d3eb74eea016af82a5a6758f22173b3d9a60c5237e9a570aa14549397b224d9d4234661855ffec47930a33536d05c0eb56ac61c551184fa89b18697c

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons\48.png
                                                        Filesize

                                                        1KB

                                                        MD5

                                                        06c47df56a44e6ec6ed68a0c1b13fcf1

                                                        SHA1

                                                        d081069ab4c69925e2c5a8e7bb9a683f620dadb2

                                                        SHA256

                                                        6e21221baad8ccd2b71542f9d3194dc5868c0f424fea640cd4915fbdb32f4804

                                                        SHA512

                                                        e23731119c43850604eaa83c7fc17cff43681890ba3e144cc0b97cc8b33dc3f90a5370c7ae599c5469e33fcffed6492308451a0f3699bca51df665a70329a569

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons\64.png
                                                        Filesize

                                                        1KB

                                                        MD5

                                                        fa9b6bd6c167dc772018d4105b7f3afd

                                                        SHA1

                                                        5a8b1a8bec14f864d559667c79683735508a8036

                                                        SHA256

                                                        2a8f1a1cfac4fbe96a6cb69e9e621201875cc45b2e60bc75b08ea193c759e346

                                                        SHA512

                                                        db8b36ed049e357346a6c249dacf54a78bf7395ab8a3c8f8d2aa8d575193f59959cddfc7e1ec18b32a029aa1cfd42ffe30149d74de56d88baa0583a6c00d9a9f

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\32.png
                                                        Filesize

                                                        1KB

                                                        MD5

                                                        cfd1c4fa219ea739c219d4fb8c9ccf8d

                                                        SHA1

                                                        1bd9c4a0c08a594966efe48802af8cdd46aa724c

                                                        SHA256

                                                        36670568a87c7b3cd1a4448ffe5bde9b6fd3d65b58e6dca38cc4ea2e9e8c11b3

                                                        SHA512

                                                        59918179057447aa18668abbdaacd11ee3f5e83c25a93f916a050a559ea1457d6ab61abd3db9def22b5214a1767911e9cf9fa8e638852032cca3696424c6a903

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\48.png
                                                        Filesize

                                                        2KB

                                                        MD5

                                                        f484337ddad3b425b5788e5ce7082bc8

                                                        SHA1

                                                        79c7e4c0202a06ef3a287cc76ea498fcf26009c2

                                                        SHA256

                                                        fa58e3209e408e4f0d60a7ed330d6f62884ccf9b593e37cde03e7916c116dd1f

                                                        SHA512

                                                        518a8e3d53fe86dc714a59cc70f8f0c44396d7569d25837c1cfe6212a10204080e0c4d19c43729f1815093af9f075693decbb9496700a2f00bd57dd3ed0b0a3c

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\64.png
                                                        Filesize

                                                        2KB

                                                        MD5

                                                        9ca95e4d4941acee74cd1bef23eaba35

                                                        SHA1

                                                        1717e5136bf97a89b5dca5178f4d4d320b21fb48

                                                        SHA256

                                                        80c1e2f4d89d5266f82dc0295f232eda894812820c5c625a036adf980536e5a8

                                                        SHA512

                                                        9fb11e36e626b0d9eb43548ba0e90cda27e70d027361c52437f01287e94f07d07da01a385ee2466963e305516f56e37020644ce03d1132322d7e796440c633b5

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Web Applications\Temp\scoped_dir828_198689631\Icons\128.png
                                                        Filesize

                                                        5KB

                                                        MD5

                                                        c592b8809b071c071577fff963bd1ad5

                                                        SHA1

                                                        f628a6edd48da4aebdfdc05ee3ce852b27706cee

                                                        SHA256

                                                        8a9434f0ede8c6edf65f8d5750852be574847a62a4534e1b6b372078463b6d04

                                                        SHA512

                                                        418f074fe6b91e4393bc670a75d26db28ddfa370e3b33c17db2a402dd008175be910c3fe9714051d55c13fb28d3901fc6e7e81f73587144d053d8b25bf9c8c90

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\GraphiteDawnCache\data_0
                                                        Filesize

                                                        8KB

                                                        MD5

                                                        cf89d16bb9107c631daabf0c0ee58efb

                                                        SHA1

                                                        3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

                                                        SHA256

                                                        d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

                                                        SHA512

                                                        8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\GraphiteDawnCache\data_2
                                                        Filesize

                                                        8KB

                                                        MD5

                                                        0962291d6d367570bee5454721c17e11

                                                        SHA1

                                                        59d10a893ef321a706a9255176761366115bedcb

                                                        SHA256

                                                        ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

                                                        SHA512

                                                        f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\GraphiteDawnCache\data_3
                                                        Filesize

                                                        8KB

                                                        MD5

                                                        41876349cb12d6db992f1309f22df3f0

                                                        SHA1

                                                        5cf26b3420fc0302cd0a71e8d029739b8765be27

                                                        SHA256

                                                        e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

                                                        SHA512

                                                        e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Local State
                                                        Filesize

                                                        107KB

                                                        MD5

                                                        f82fa9aca19a193753a758dccbdd3259

                                                        SHA1

                                                        d8f2e8d632e01d3f0f3fb4a216a5f2cef4b9ed8b

                                                        SHA256

                                                        4f3c2756df250477a5c9df1e27463726e753a3d61ecc1116f797d1fbd98d2ba6

                                                        SHA512

                                                        9d9bb723d5b6e158b4b3e6efffa42af4f325392ed4b077f77687d86d3102a8d8c33b28f366cef638ebcc96cc9aaec7ca9334d83b562830e4e19688a631ecf038

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Local State
                                                        Filesize

                                                        107KB

                                                        MD5

                                                        5f568756b62291a9e9a3bc76205d9561

                                                        SHA1

                                                        7552f1fa345cd663acf308cc0496c4aa1dbb57ef

                                                        SHA256

                                                        6780d9bce8eec6b46d798518f0833bcaf54331844f0d42b6fe22f55f550a4016

                                                        SHA512

                                                        94eab2aff2f876dcec51802e9746e25a6b8e79042c9c02c4438b0cf8041cbd037e602e043ca5c7bb042deac8a3be2490b4f24644cf7d059028ca29a8b0390cea

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Local State~RFe58ef2d.TMP
                                                        Filesize

                                                        931B

                                                        MD5

                                                        c3b75a64d0ff1effe0954039077d5917

                                                        SHA1

                                                        18312a8ffbbab9225193fdc5b3877c0297b682e3

                                                        SHA256

                                                        92e27feb6e2286c41865c76c3a686be700a82e9606254fe1da3322bfd816208f

                                                        SHA512

                                                        eec3cc79ab7eb9ed15acce84847c2ea5f72e70b79d52ec64cf4d0e19dd0bdc328eff6be753083b841fad26e2f1959b3791aa13bb1988476ab4f1ff280c562575

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{bf02ed0d-1dcd-4cb7-a8ab-87203a310a87}\0.0.filtertrie.intermediate.txt
                                                        Filesize

                                                        28KB

                                                        MD5

                                                        ab6db363a3fc9e4af2864079fd88032d

                                                        SHA1

                                                        aa52099313fd6290cd6e57d37551d63cd96dbe45

                                                        SHA256

                                                        373bb433c2908af2e3de58ede2087642814564560d007e61748cdb48d4e9da3f

                                                        SHA512

                                                        d3d13d17df96705d0de119ad0f8380bfe6b7bc44c618e2fcd0233061a0ab15beae44d38c48a880121b35f90f56c1529e5f4cf1a19acb9e2cbba5d1c402c749c0

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{bf02ed0d-1dcd-4cb7-a8ab-87203a310a87}\0.1.filtertrie.intermediate.txt
                                                        Filesize

                                                        5B

                                                        MD5

                                                        34bd1dfb9f72cf4f86e6df6da0a9e49a

                                                        SHA1

                                                        5f96d66f33c81c0b10df2128d3860e3cb7e89563

                                                        SHA256

                                                        8e1e6a3d56796a245d0c7b0849548932fee803bbdb03f6e289495830e017f14c

                                                        SHA512

                                                        e3787de7c4bc70ca62234d9a4cdc6bd665bffa66debe3851ee3e8e49e7498b9f1cbc01294bf5e9f75de13fb78d05879e82fa4b89ee45623fe5bf7ac7e48eda96

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{bf02ed0d-1dcd-4cb7-a8ab-87203a310a87}\0.2.filtertrie.intermediate.txt
                                                        Filesize

                                                        5B

                                                        MD5

                                                        c204e9faaf8565ad333828beff2d786e

                                                        SHA1

                                                        7d23864f5e2a12c1a5f93b555d2d3e7c8f78eec1

                                                        SHA256

                                                        d65b6a3bf11a27a1ced1f7e98082246e40cf01289fd47fe4a5ed46c221f2f73f

                                                        SHA512

                                                        e72f4f79a4ae2e5e40a41b322bc0408a6dec282f90e01e0a8aaedf9fb9d6f04a60f45a844595727539c1643328e9c1b989b90785271cc30a6550bbda6b1909f8

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{bf02ed0d-1dcd-4cb7-a8ab-87203a310a87}\Apps.ft
                                                        Filesize

                                                        38KB

                                                        MD5

                                                        84ac0c242b77b8fc326db0a5926b089e

                                                        SHA1

                                                        cc6b367ae8eb38561de01813b7d542067fb2318f

                                                        SHA256

                                                        b1557167a6df424f8b28aabd31d1b7e8a469dd50d2ae4cbbd43afd8f9c62cf92

                                                        SHA512

                                                        8f63084bd5a270b7b05e80454d26127b69bcb98ec93d9fad58d77203934f46b677a3aaf20f29e73dcd7035deb61f4c0aa3b10acbc4c0fc210632c1d74f705d2f

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{bf02ed0d-1dcd-4cb7-a8ab-87203a310a87}\Apps.index
                                                        Filesize

                                                        1.0MB

                                                        MD5

                                                        f4514c93191e0efc0f61036e4ebb341a

                                                        SHA1

                                                        c80478e9a734790c18584f67a43518aa4a7dcf58

                                                        SHA256

                                                        43da4fa5f62affe399ceaac2d489b7cde610963a48e72d445bebe6f2c63a3600

                                                        SHA512

                                                        8aecb3491767e040a52f351908004db2c8f2f083397744585c2832212ec8aa288d3492be941a48b04774e16b43672ab167209776cbdef6692fef684fc54666a6

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133697736029197031.txt
                                                        Filesize

                                                        76KB

                                                        MD5

                                                        2557891ff7a69eb2348ecd485e8161b4

                                                        SHA1

                                                        b45340391f67a58441f666beb075b53c38ab5869

                                                        SHA256

                                                        38ce129420f314bb136b6748cf56ba1443a837d7c3a53794e6fbc24a379a5c90

                                                        SHA512

                                                        f4a8c5393be6022ca3ea5d50d464d0ca8c1d4538359e7054549730daaa55b9938fbca5e8396baf95f2e480b62872a18748f70017029e40ae9a9c6fca6e1fbda6

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_eizqm5o4.1pa.ps1
                                                        Filesize

                                                        60B

                                                        MD5

                                                        d17fe0a3f47be24a6453e9ef58c94641

                                                        SHA1

                                                        6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                        SHA256

                                                        96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                        SHA512

                                                        5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Temp\cb38340b-5d00-40fd-bc94-6a1401f3309d.tmp
                                                        Filesize

                                                        132KB

                                                        MD5

                                                        83ef25fbee6866a64f09323bfe1536e0

                                                        SHA1

                                                        24e8bd033cd15e3cf4f4ff4c8123e1868544ac65

                                                        SHA256

                                                        f421d74829f2923fd9e5a06153e4e42db011824c33475e564b17091598996e6f

                                                        SHA512

                                                        c699d1c9649977731eea0cb4740c4beaaceec82aecc43f9f2b1e5625c487c0bc45fa08a1152a35efbdb3db73b8af3625206315d1f9645a24e1969316f9f5b38c

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Temp\chrome_installer.log
                                                        Filesize

                                                        8KB

                                                        MD5

                                                        221fc0047aa200c94c72bf1ab8613a2c

                                                        SHA1

                                                        12cac7721b542d30c99a506a7bac833811ab15fb

                                                        SHA256

                                                        64e4b8071f6d4f9db74661a791b7dda290b9c3e4f037395a10f624b62df4689f

                                                        SHA512

                                                        eec236cd1b17061d36cc1a59fe6a0070acd8a8117483a9b2a1c39b32d1730e8e629d88ad0e8ab52f55a1916488224925d7929d4cf35839a2967bb8a2a3d1938f

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Temp\scoped_dir828_50070895\CRX_INSTALL\_locales\en_CA\messages.json
                                                        Filesize

                                                        711B

                                                        MD5

                                                        558659936250e03cc14b60ebf648aa09

                                                        SHA1

                                                        32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

                                                        SHA256

                                                        2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

                                                        SHA512

                                                        1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome (2).lnk
                                                        Filesize

                                                        2KB

                                                        MD5

                                                        36ac1a7c73f0fd2f5f5eb3bd2b752f05

                                                        SHA1

                                                        881856bb7c0f40f98b12dfb19414bfb5d116d916

                                                        SHA256

                                                        9b2722920113bde2898a39d91bdd6038bbca518db0b254da506496c003454246

                                                        SHA512

                                                        c79fa68656e3ffd5c4b973371b14144e6af5c5937a9ef86cd2f58e2ba49b535a303699aa25077ee19d9492b084fbce002d27567bf693bfa527f030d06ac86bb8

                                                        Download Submit

                                                      • \??\pipe\crashpad_828_LVDALFZIPHVHZNML
                                                        MD5

                                                        d41d8cd98f00b204e9800998ecf8427e

                                                        SHA1

                                                        da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                        SHA256

                                                        e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                        SHA512

                                                        cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                        Download Submit

                                                      • memory/832-30-0x0000000002E80000-0x0000000002E81000-memory.dmp

                                                        Filesize

                                                        4KB

                                                        Download

                                                      • memory/2792-15-0x00007FFB88240000-0x00007FFB88D01000-memory.dmp

                                                        Filesize

                                                        10.8MB

                                                        Download

                                                      • memory/2792-1-0x00000247F0E90000-0x00000247F0EBE000-memory.dmp

                                                        Filesize

                                                        184KB

                                                        Download

                                                      • memory/2792-199-0x00007FFB88240000-0x00007FFB88D01000-memory.dmp

                                                        Filesize

                                                        10.8MB

                                                        Download

                                                      • memory/2792-0-0x00007FFB88243000-0x00007FFB88245000-memory.dmp

                                                        Filesize

                                                        8KB

                                                        Download

                                                      • memory/2792-181-0x00007FFB88243000-0x00007FFB88245000-memory.dmp

                                                        Filesize

                                                        8KB

                                                        Download

                                                      • memory/3764-25-0x000001D89C510000-0x000001D89C532000-memory.dmp

                                                        Filesize

                                                        136KB

                                                        Download

                                                      • memory/3808-224-0x0000000005D70000-0x0000000005D7A000-memory.dmp

                                                        Filesize

                                                        40KB

                                                        Download

                                                      • memory/3808-7-0x0000000005C50000-0x0000000005CB6000-memory.dmp

                                                        Filesize

                                                        408KB

                                                        Download

                                                      • memory/3808-6-0x0000000005DD0000-0x0000000006374000-memory.dmp

                                                        Filesize

                                                        5.6MB

                                                        Download

                                                      • memory/3808-5-0x0000000005550000-0x00000000055EC000-memory.dmp

                                                        Filesize

                                                        624KB

                                                        Download

                                                      • memory/3808-4-0x00000000054B0000-0x0000000005542000-memory.dmp

                                                        Filesize

                                                        584KB

                                                        Download

                                                      • memory/3808-2-0x0000000000400000-0x0000000000418000-memory.dmp

                                                        Filesize

                                                        96KB

                                                        Download

                                                      • memory/3808-10-0x0000000006510000-0x0000000006560000-memory.dmp

                                                        Filesize

                                                        320KB

                                                        Download

                                                      • memory/4876-37-0x000002A1032E0000-0x000002A103300000-memory.dmp

                                                        Filesize

                                                        128KB

                                                        Download

                                                      • memory/4876-66-0x000002A1038C0000-0x000002A1038E0000-memory.dmp

                                                        Filesize

                                                        128KB

                                                        Download

                                                      • memory/4876-50-0x000002A1032A0000-0x000002A1032C0000-memory.dmp

                                                        Filesize

                                                        128KB

                                                        Download