a9527e885eec985e9d3c8542ef13383bda4cbffe56f0e0c3966fbc137b8f94c7

Analysis

max time kernel
149s
max time network
437s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11/09/2024, 15:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

777.txt
Size

789B
MD5

8ca02c32ddb591b527ace1eedc6f5b4c
SHA1

0cfb0e038c4bc23a3948fc794f1279b9d7c014c5
SHA256

a9527e885eec985e9d3c8542ef13383bda4cbffe56f0e0c3966fbc137b8f94c7
SHA512

56d7f3cfd7702c07c4279187ff3a9a6c528790600b2458b25a8d706dc49df763dcf1d7c5cfda535bfb2ad453abe681dffd279ee8ff1ec6aa897895f391f13016

Score

8^/10

discovery pyinstaller

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
844	systeminformer-3.1.24244-canary-setup.exe
1784	SystemInformer.exe

Loads dropped DLL 16 IoCs

pid	Process
844	systeminformer-3.1.24244-canary-setup.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1212	Process not Found
1212	Process not Found
1212	Process not Found

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 47 IoCs

description	ioc	Process
File created	C:\Program Files\SystemInformer\plugins\ExtendedNotifications.dll	systeminformer-3.1.24244-canary-setup.exe
File created	C:\Program Files\SystemInformer\plugins\HardwareDevices.dll	systeminformer-3.1.24244-canary-setup.exe
File created	C:\Program Files\SystemInformer\plugins\OnlineChecks.dll	systeminformer-3.1.24244-canary-setup.exe
File created	C:\Program Files\SystemInformer\systeminformer-setup.exe	systeminformer-3.1.24244-canary-setup.exe
File created	C:\Program Files\SystemInformer\CapsList.txt	systeminformer-3.1.24244-canary-setup.exe
File created	C:\Program Files\SystemInformer\ksidyn.sig	systeminformer-3.1.24244-canary-setup.exe
File created	C:\Program Files\SystemInformer\peview.sig	systeminformer-3.1.24244-canary-setup.exe
File created	C:\Program Files\SystemInformer\plugins\DotNetTools.dll	systeminformer-3.1.24244-canary-setup.exe
File created	C:\Program Files\SystemInformer\plugins\UserNotes.dll	systeminformer-3.1.24244-canary-setup.exe
File created	C:\Program Files\SystemInformer\x86\plugins\DotNetTools.dll	systeminformer-3.1.24244-canary-setup.exe
File created	C:\Program Files\SystemInformer\icon.png	systeminformer-3.1.24244-canary-setup.exe
File created	C:\Program Files\SystemInformer\ksidyn.bin	systeminformer-3.1.24244-canary-setup.exe
File created	C:\Program Files\SystemInformer\plugins\NetworkTools.sig	systeminformer-3.1.24244-canary-setup.exe
File created	C:\Program Files\SystemInformer\plugins\UserNotes.sig	systeminformer-3.1.24244-canary-setup.exe
File created	C:\Program Files\SystemInformer\x86\SystemInformer.exe	systeminformer-3.1.24244-canary-setup.exe
File created	C:\Program Files\SystemInformer\dbghelp.dll	systeminformer-3.1.24244-canary-setup.exe
File created	C:\Program Files\SystemInformer\PoolTag.txt	systeminformer-3.1.24244-canary-setup.exe
File created	C:\Program Files\SystemInformer\LICENSE.txt	systeminformer-3.1.24244-canary-setup.exe
File created	C:\Program Files\SystemInformer\dbgcore.dll	systeminformer-3.1.24244-canary-setup.exe
File created	C:\Program Files\SystemInformer\SystemInformer.exe	systeminformer-3.1.24244-canary-setup.exe
File created	C:\Program Files\SystemInformer\SystemInformer.sig	systeminformer-3.1.24244-canary-setup.exe
File created	C:\Program Files\SystemInformer\plugins\ExtendedNotifications.sig	systeminformer-3.1.24244-canary-setup.exe
File created	C:\Program Files\SystemInformer\plugins\OnlineChecks.sig	systeminformer-3.1.24244-canary-setup.exe
File created	C:\Program Files\SystemInformer\x86\plugins\ExtendedTools.dll	systeminformer-3.1.24244-canary-setup.exe
File created	C:\Program Files\SystemInformer\EtwGuids.txt	systeminformer-3.1.24244-canary-setup.exe
File created	C:\Program Files\SystemInformer\peview.exe	systeminformer-3.1.24244-canary-setup.exe
File created	C:\Program Files\SystemInformer\plugins\ExtendedServices.sig	systeminformer-3.1.24244-canary-setup.exe
File created	C:\Program Files\SystemInformer\plugins\ExtendedTools.dll	systeminformer-3.1.24244-canary-setup.exe
File created	C:\Program Files\SystemInformer\plugins\NetworkTools.dll	systeminformer-3.1.24244-canary-setup.exe
File created	C:\Program Files\SystemInformer\COPYRIGHT.txt	systeminformer-3.1.24244-canary-setup.exe
File created	C:\Program Files\SystemInformer\symsrv.dll	systeminformer-3.1.24244-canary-setup.exe
File created	C:\Program Files\SystemInformer\x86\plugins\DotNetTools.sig	systeminformer-3.1.24244-canary-setup.exe
File created	C:\Program Files\SystemInformer\x86\plugins\ExtendedTools.sig	systeminformer-3.1.24244-canary-setup.exe
File created	C:\Program Files\SystemInformer\plugins\WindowExplorer.sig	systeminformer-3.1.24244-canary-setup.exe
File created	C:\Program Files\SystemInformer\README.txt	systeminformer-3.1.24244-canary-setup.exe
File created	C:\Program Files\SystemInformer\plugins\ExtendedServices.dll	systeminformer-3.1.24244-canary-setup.exe
File created	C:\Program Files\SystemInformer\plugins\ExtendedTools.sig	systeminformer-3.1.24244-canary-setup.exe
File created	C:\Program Files\SystemInformer\plugins\Updater.sig	systeminformer-3.1.24244-canary-setup.exe
File created	C:\Program Files\SystemInformer\plugins\WindowExplorer.dll	systeminformer-3.1.24244-canary-setup.exe
File created	C:\Program Files\SystemInformer\plugins\ToolStatus.sig	systeminformer-3.1.24244-canary-setup.exe
File created	C:\Program Files\SystemInformer\plugins\Updater.dll	systeminformer-3.1.24244-canary-setup.exe
File created	C:\Program Files\SystemInformer\x86\SystemInformer.sig	systeminformer-3.1.24244-canary-setup.exe
File created	C:\Program Files\SystemInformer\ksi.dll	systeminformer-3.1.24244-canary-setup.exe
File created	C:\Program Files\SystemInformer\SystemInformer.sys	systeminformer-3.1.24244-canary-setup.exe
File created	C:\Program Files\SystemInformer\plugins\DotNetTools.sig	systeminformer-3.1.24244-canary-setup.exe
File created	C:\Program Files\SystemInformer\plugins\HardwareDevices.sig	systeminformer-3.1.24244-canary-setup.exe
File created	C:\Program Files\SystemInformer\plugins\ToolStatus.dll	systeminformer-3.1.24244-canary-setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
behavioral1/files/0x000700000001926b-410.dat	pyinstaller

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	systeminformer-3.1.24244-canary-setup.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	SystemInformer.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	SystemInformer.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies system certificate store 2 TTPs 4 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	SystemInformer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	SystemInformer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	SystemInformer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	SystemInformer.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
548	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1760	chrome.exe
1760	chrome.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe
1784	SystemInformer.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1760 wrote to memory of 280	1760	chrome.exe	32
PID 1760 wrote to memory of 280	1760	chrome.exe	32
PID 1760 wrote to memory of 280	1760	chrome.exe	32
PID 1760 wrote to memory of 2908	1760	chrome.exe	34
PID 1760 wrote to memory of 2908	1760	chrome.exe	34
PID 1760 wrote to memory of 2908	1760	chrome.exe	34
PID 1760 wrote to memory of 2908	1760	chrome.exe	34
PID 1760 wrote to memory of 2908	1760	chrome.exe	34
PID 1760 wrote to memory of 2908	1760	chrome.exe	34
PID 1760 wrote to memory of 2908	1760	chrome.exe	34
PID 1760 wrote to memory of 2908	1760	chrome.exe	34
PID 1760 wrote to memory of 2908	1760	chrome.exe	34
PID 1760 wrote to memory of 2908	1760	chrome.exe	34
PID 1760 wrote to memory of 2908	1760	chrome.exe	34
PID 1760 wrote to memory of 2908	1760	chrome.exe	34
PID 1760 wrote to memory of 2908	1760	chrome.exe	34
PID 1760 wrote to memory of 2908	1760	chrome.exe	34
PID 1760 wrote to memory of 2908	1760	chrome.exe	34
PID 1760 wrote to memory of 2908	1760	chrome.exe	34
PID 1760 wrote to memory of 2908	1760	chrome.exe	34
PID 1760 wrote to memory of 2908	1760	chrome.exe	34
PID 1760 wrote to memory of 2908	1760	chrome.exe	34
PID 1760 wrote to memory of 2908	1760	chrome.exe	34
PID 1760 wrote to memory of 2908	1760	chrome.exe	34
PID 1760 wrote to memory of 2908	1760	chrome.exe	34
PID 1760 wrote to memory of 2908	1760	chrome.exe	34
PID 1760 wrote to memory of 2908	1760	chrome.exe	34
PID 1760 wrote to memory of 2908	1760	chrome.exe	34
PID 1760 wrote to memory of 2908	1760	chrome.exe	34
PID 1760 wrote to memory of 2908	1760	chrome.exe	34
PID 1760 wrote to memory of 2908	1760	chrome.exe	34
PID 1760 wrote to memory of 2908	1760	chrome.exe	34
PID 1760 wrote to memory of 2908	1760	chrome.exe	34
PID 1760 wrote to memory of 2908	1760	chrome.exe	34
PID 1760 wrote to memory of 2908	1760	chrome.exe	34
PID 1760 wrote to memory of 2908	1760	chrome.exe	34
PID 1760 wrote to memory of 2908	1760	chrome.exe	34
PID 1760 wrote to memory of 2908	1760	chrome.exe	34
PID 1760 wrote to memory of 2908	1760	chrome.exe	34
PID 1760 wrote to memory of 2908	1760	chrome.exe	34
PID 1760 wrote to memory of 2908	1760	chrome.exe	34
PID 1760 wrote to memory of 2908	1760	chrome.exe	34
PID 1760 wrote to memory of 2808	1760	chrome.exe	35
PID 1760 wrote to memory of 2808	1760	chrome.exe	35
PID 1760 wrote to memory of 2808	1760	chrome.exe	35
PID 1760 wrote to memory of 2852	1760	chrome.exe	36
PID 1760 wrote to memory of 2852	1760	chrome.exe	36
PID 1760 wrote to memory of 2852	1760	chrome.exe	36
PID 1760 wrote to memory of 2852	1760	chrome.exe	36
PID 1760 wrote to memory of 2852	1760	chrome.exe	36
PID 1760 wrote to memory of 2852	1760	chrome.exe	36
PID 1760 wrote to memory of 2852	1760	chrome.exe	36
PID 1760 wrote to memory of 2852	1760	chrome.exe	36
PID 1760 wrote to memory of 2852	1760	chrome.exe	36
PID 1760 wrote to memory of 2852	1760	chrome.exe	36
PID 1760 wrote to memory of 2852	1760	chrome.exe	36
PID 1760 wrote to memory of 2852	1760	chrome.exe	36
PID 1760 wrote to memory of 2852	1760	chrome.exe	36
PID 1760 wrote to memory of 2852	1760	chrome.exe	36
PID 1760 wrote to memory of 2852	1760	chrome.exe	36
PID 1760 wrote to memory of 2852	1760	chrome.exe	36
PID 1760 wrote to memory of 2852	1760	chrome.exe	36
PID 1760 wrote to memory of 2852	1760	chrome.exe	36
PID 1760 wrote to memory of 2852	1760	chrome.exe	36

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\777.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7059758,0x7fef7059768,0x7fef7059778
  2⤵
  PID:280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1100 --field-trial-handle=1300,i,8596095947762150222,10176728162608104556,131072 /prefetch:2
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 --field-trial-handle=1300,i,8596095947762150222,10176728162608104556,131072 /prefetch:8
  2⤵
  PID:2808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1600 --field-trial-handle=1300,i,8596095947762150222,10176728162608104556,131072 /prefetch:8
  2⤵
  PID:2852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2244 --field-trial-handle=1300,i,8596095947762150222,10176728162608104556,131072 /prefetch:1
  2⤵
  PID:1848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2252 --field-trial-handle=1300,i,8596095947762150222,10176728162608104556,131072 /prefetch:1
  2⤵
  PID:1392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1140 --field-trial-handle=1300,i,8596095947762150222,10176728162608104556,131072 /prefetch:2
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3196 --field-trial-handle=1300,i,8596095947762150222,10176728162608104556,131072 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3680 --field-trial-handle=1300,i,8596095947762150222,10176728162608104556,131072 /prefetch:8
  2⤵
  PID:1732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3688 --field-trial-handle=1300,i,8596095947762150222,10176728162608104556,131072 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3856 --field-trial-handle=1300,i,8596095947762150222,10176728162608104556,131072 /prefetch:8
  2⤵
  PID:1784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4100 --field-trial-handle=1300,i,8596095947762150222,10176728162608104556,131072 /prefetch:8
  2⤵
  PID:2452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4140 --field-trial-handle=1300,i,8596095947762150222,10176728162608104556,131072 /prefetch:8
  2⤵
  PID:2256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1792 --field-trial-handle=1300,i,8596095947762150222,10176728162608104556,131072 /prefetch:8
  2⤵
  PID:2884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1956 --field-trial-handle=1300,i,8596095947762150222,10176728162608104556,131072 /prefetch:8
  2⤵
  PID:1680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1880 --field-trial-handle=1300,i,8596095947762150222,10176728162608104556,131072 /prefetch:8
  2⤵
  PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=1196 --field-trial-handle=1300,i,8596095947762150222,10176728162608104556,131072 /prefetch:1
  2⤵
  PID:1260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3716 --field-trial-handle=1300,i,8596095947762150222,10176728162608104556,131072 /prefetch:8
  2⤵
  PID:2372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3680 --field-trial-handle=1300,i,8596095947762150222,10176728162608104556,131072 /prefetch:8
  2⤵
  PID:880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3760 --field-trial-handle=1300,i,8596095947762150222,10176728162608104556,131072 /prefetch:8
  2⤵
  PID:3056
- C:\Users\Admin\Downloads\systeminformer-3.1.24244-canary-setup.exe
  "C:\Users\Admin\Downloads\systeminformer-3.1.24244-canary-setup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:844
- - C:\Program Files\SystemInformer\SystemInformer.exe
    "C:\Program Files\SystemInformer\SystemInformer.exe" -channel canary
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    - Modifies system certificate store
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SendNotifyMessage
    PID:1784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4056 --field-trial-handle=1300,i,8596095947762150222,10176728162608104556,131072 /prefetch:1
  2⤵
  PID:2760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4156 --field-trial-handle=1300,i,8596095947762150222,10176728162608104556,131072 /prefetch:8
  2⤵
  PID:2668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=684 --field-trial-handle=1300,i,8596095947762150222,10176728162608104556,131072 /prefetch:8
  2⤵
  PID:1552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3728 --field-trial-handle=1300,i,8596095947762150222,10176728162608104556,131072 /prefetch:8
  2⤵
  PID:1796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1272 --field-trial-handle=1300,i,8596095947762150222,10176728162608104556,131072 /prefetch:8
  2⤵
  PID:2232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3720 --field-trial-handle=1300,i,8596095947762150222,10176728162608104556,131072 /prefetch:8
  2⤵
  PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4212 --field-trial-handle=1300,i,8596095947762150222,10176728162608104556,131072 /prefetch:8
  2⤵
  PID:2384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2012 --field-trial-handle=1300,i,8596095947762150222,10176728162608104556,131072 /prefetch:8
  2⤵
  PID:776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=4240 --field-trial-handle=1300,i,8596095947762150222,10176728162608104556,131072 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4092 --field-trial-handle=1300,i,8596095947762150222,10176728162608104556,131072 /prefetch:8
  2⤵
  PID:764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4368 --field-trial-handle=1300,i,8596095947762150222,10176728162608104556,131072 /prefetch:8
  2⤵
  PID:2756
- C:\Users\Admin\Downloads\xy_extractor_reworked.exe
  "C:\Users\Admin\Downloads\xy_extractor_reworked.exe"
  2⤵
  PID:1740
- - C:\Users\Admin\Downloads\xy_extractor_reworked.exe
    "C:\Users\Admin\Downloads\xy_extractor_reworked.exe"
    3⤵
    PID:2496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=1552 --field-trial-handle=1300,i,8596095947762150222,10176728162608104556,131072 /prefetch:1
  2⤵
  PID:1864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=4404 --field-trial-handle=1300,i,8596095947762150222,10176728162608104556,131072 /prefetch:1
  2⤵
  PID:2084

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2780

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\SystemInformer\plugins\DotNetTools.dll

Filesize
197KB

MD5
0da865fa031c594cd38b2cc1ada8c9e8

SHA1
97dcce0ba0d0f6101209fac6c22156d172118d16

SHA256
4b493756a2e44beaa25dedd6b1ac3561e155bdd1dbd1940163910054a7cf7e63

SHA512
c92df5ec8a048f4df76a157417d8e36e657bada7c02379eed3538cfdec3b746759c521ce67529f9537202f5d93f3798ec07bc0abe6c38e794613e1efca98aeb7

Download Submit
C:\Program Files\SystemInformer\plugins\ExtendedNotifications.dll

Filesize
148KB

MD5
b99ca7fdc8bb3ce2189a2d26bf0077ac

SHA1
293c39ab4bd0a85f2ff576c5be2aad04e5b450f0

SHA256
9b8eb65ad151efa341d515cb94863d61cc832b2c5099abfba9a58d0909f35fa4

SHA512
dd97a0b911a7f5cb9a7cb02fdbe0bfb5004f8372619987017a5e559868fd8238e499aad0d0744241bc14bd33a5f704d1bff4caebe5c42aeb4e1aa9a455b5380f

Download Submit
C:\Program Files\SystemInformer\plugins\ExtendedServices.dll

Filesize
193KB

MD5
5c1ef350589509f2b98ce0c95597f26e

SHA1
1472d70bc129dab58bdf29e5e691280da4f71cc6

SHA256
aa898e5c6b9c005b532b063dbe29bd9b5b0f5c46eb8a2d735ec661dd1dfcfa06

SHA512
6c89a947d4c889d65e0d2e7d8e2c3abe3a018de15d24aefd04e8ba2d4814f3af73013ad5419dd184aef6f93620c93636f0a8d8196dcf0ab937da1ce85ae53be7

Download Submit
C:\Program Files\SystemInformer\plugins\ExtendedTools.dll

Filesize
1.3MB

MD5
ae9ef6a0875b0a19e71c38929d8c0048

SHA1
d94c82a4a09b07f9afda3d071f832520cf918836

SHA256
5f3ba15d98bd583a2cc3f533a24b3f490475407a8c6d0f267d58b4f233f6fa66

SHA512
9b83b18f7ba43ebcc911a37759d9c9fdb33110846f33877e9aa46c13aeb2e62221c8c38b97745ab7a966816d29e45a4b7ddc132dd4d6c33332441b701c7106ef

Download Submit
C:\Program Files\SystemInformer\plugins\OnlineChecks.dll

Filesize
197KB

MD5
2997374f2fc4539e1452548f4f32261b

SHA1
71898ef5ef3af439884a56ac8b8c599b57d745bf

SHA256
1968bc03c9c301fc1c89052d5cbfa0a3800ebb24ac77fc5752f4d33b2e6a5b68

SHA512
3b0a0b40416a651562eacc9d3415cb587347f066bfcca4498436b64aa10fce12094b73374fc3bdf6b54b0654f116f2f384445021cb039c1e7aca6084191b139c

Download Submit
C:\Program Files\SystemInformer\plugins\ToolStatus.dll

Filesize
402KB

MD5
53c4a2edaee16176793c6fe314ee75bd

SHA1
08f01a789dfcb57837efe96e9d26d62131872e28

SHA256
b895b2b548c599d67c739a672560ec1b66b20b3698b3f3dd34254d2ca0c20125

SHA512
fee58a0854cd13b1346ccd93b4e9a9647a285dd9439d631d4dd6be9750446f666af6fccd13ea338bb7390dc8f5aac5964b94a4a3fbad4c8669b9559eb27c6870

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ef8513cb15e73c7cb9ad857500710b56

SHA1
99201f49acc0de72c3686c245743110e4ac39a72

SHA256
ac6d21db0445c70abb1e372377d4a470a13878b63e6f49bf06cac0cfc411234e

SHA512
b7b406701b9bd378efc7925dd699db9c18fd3d8b1d2d42307becde3abbc31c6a130a23f5a7af8ec869657da58883a2e7b51798bfd8c5663c3a8d8266810da44a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\3233399c-36c8-4c66-b436-da98b6feaf44.tmp

Filesize
5KB

MD5
764042d3c658cdab12a737048fd8d9b6

SHA1
5786d03e90f5ec53167120fc944d116094d4c5f4

SHA256
08ae2c11a66cbd2afa85ae4d92510b04134e45dd889a82bedbf229103676f616

SHA512
430020657a53a64b2f33da06b8c0fbf8d867fbccbd97a30df520cd9e130d8c4aa5047dd7b0aa42deb40b8058c0b908dce2e25ed22092d0ccf9b63a1512150536

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\3d525508-c53e-46fb-b7eb-50e8ae8c943d.tmp

Filesize
5KB

MD5
1e37638512e221084fed7c422a8ba8f5

SHA1
f8f9a2f3b0d56220fc36138450c0298917c65a08

SHA256
44c2779998ba64fe7ebcae115329aa791a2040a1a86fdd12b438a196c90e5cd3

SHA512
584ca4f68aa39144c3d67056ee751c0285adbe2552ac47c920b935af370e1172d30a5c5bb5f6082cbfe10b62be867ebb73ca39704599839a973c208491259665

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\82445b9f-5d96-46f3-8165-6bc62674cbe6.tmp

Filesize
5KB

MD5
96965439967584a88c1e7f543f059864

SHA1
04e699d14bfd0f792cb50b561e13fbf0a3aade1a

SHA256
c25d33e90f3109f1bc744ce9bdf29ca75b99c27d9ee05a7b05a8dab8c94c4772

SHA512
764784e65ed5b05f20600210e5521ec981ee6ebddacc89460fef18d73114f0c6a589c1c3342e1b2ab4931a4d0bb7eef068b494fd2c88500d56f2e73b0a8933f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
3.2MB

MD5
cfa999c15a29fe0c85a465a92b8e8777

SHA1
578500a5a3a96464a46b18dcea7d4f9177fbc62d

SHA256
c81d4a4c60b1e96bd907e65f5c699a8e90a6029c355c520c63a379b273e10b33

SHA512
070bb01211e36ebc5f61ed94aef048c392ca1e0699662e8c09bad35635bfd394bcf955a86dd5d555183fdb785639ab4d0ce6e33ada65175165d09c047c97003f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
6d2ecaa34aac288699f60e1acb2ac8b6

SHA1
b583051dc223663be3f89dc8cf7e630467c10ec1

SHA256
66812ce7bbdb7172d73f633217371aaef5e73f153d22b15cec6bfa4424525595

SHA512
ed6db6f1bc859506a258ec814165db9c80108bb3ca65971a315b5aca8170c661b680a04947d0ba57f1c3e3eb64209fc5b147c2d84a4cefeabda0709c0e169ca3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
a08675a45b72df94bbc9db6fb5abeafa

SHA1
c12966d8845ba868ff862fd6e824ce67dfc845c2

SHA256
02974ab59fe679d1a83973f0049c3df0c2f4e0f3a556b24f45466e294dd6a283

SHA512
abdaf0b2ba95e30d760afdd34a306fc22336b0c994133941f3f0f035e462bd05908bf0d27a6e9a2c231a073c160991d42d1fa273301d16b05f4e7cac2b205a1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
7f43ca1e7c310cc8393f85b07b8eee48

SHA1
2a4a3ddf629b7cc092644a610872fad197ccd83e

SHA256
28dd9b1af8f0a21e4cf9fbeadd1ea074e8523468b56f61a949f4381758bfb8ac

SHA512
a955cdee76f82a7cc3d93ee4b6185215b2c8231e045b7f45db1165c220b1b0f327abbec50bf60e035616af6b2c66f1ece7616f0b48f9e4084dccaca46d8103a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
de74ac07d4c4441c01808e6faad2eb3f

SHA1
5037bd738086bda9ba3938da09dd6805428966c4

SHA256
cc38d78942724835384913a232b3988be1ae8d5e3472e647012f4b7e52ff3c11

SHA512
c0159b81466204c81074880d0b4f44eae24d8bc60ee6c0b126908330a3cdb5e7519686b44cf2dadec1ccbaaf60aeb16b4b2a628f00de6511355a21d4a2894c8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
1d6e2cb5c8e474e603e0631458965f12

SHA1
1d79522344b858812558de113a4bfbec41021b4d

SHA256
ab771aacf1fa286ee6e8aad601f3a9d39a6c8acd3a3994f2a0282bb093c0556e

SHA512
6552d587f98b3a3a7f71764ab75ee9cbd75bbdf10dc61765557f24f6ab6dd188bf34ea1a631b6818a11e47bce129016ff7ea5baae50196f48758545f514e478b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
440cb743b7c374b201c0fea5882ef82f

SHA1
f626587758b20dcb40dcb026d25cc52933f34ccb

SHA256
8279f418cbb60aad253a85db52a2e344ae14e85718aeeac81a44fddf84d0b756

SHA512
bc044380ee40a5b6d0789fe1ee09ba8a1c8bd50276fcb3331f75ee2ebdafeb5920ea4ae43f6eb50b1d10a1e6e583b74ecf31974e0f57b111a6037d1b8a7a5721

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
fc02e7721a184de8af9fa4385c7ce4cb

SHA1
65572cb037304d65445eab96b924d56157cfd65f

SHA256
986daa8819cf0050c7effa088cfd1e793e27a2f447640d0d8ce15dc3709d904b

SHA512
4ab9e1168d6b96ce4d871442f9219663052e0004d839f0e4593b200cca4c2067f575a4b40f7126f525545ee633b50de76b05750d1c5360ae339e1fdc6337ea6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
13a7b23330fd465a735257e19209b756

SHA1
27f8b4746be3713842852e230a63cbb4610ebc93

SHA256
670cab05afa4705b8ca1d82c1cb9abc5776cb54feb30277a84c3b7a5860ec49d

SHA512
d542c2c0cb190ece96d038ed98042dbd433c5ff102234d85a9360ee0de4188111d080563e8d367dd7b03f8fc7a877e3e0567574651af4f81f1fc99c3691e9d16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
fdce64b36f928db7dd1edb6e9fa92310

SHA1
cc5f8f7578366a77fcf842a6d317ff163126d655

SHA256
6d49f4797ef9f2a44e3309820e219d5714c6592f1270617a9b8d49512b409971

SHA512
68ceaa4a246e9203783efbc54574b08639d5efc5b52b34e6f11b78dbd19a4e7612a171435a1dc399972d89c881bbed9a5568e77599be2fa79ada3b7a628904fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
f569c58541db921d0d846032d9ce5aa2

SHA1
6e0180dfa18f980a8e0dc9d15aecfe63d02303e1

SHA256
8a4398097fbea6a2543f8c6ed9d505300347bfac53fe27e1b22329ef580349f5

SHA512
a527bd1b418bd3ead7c29c574788dff04f6c00aca82f0792bf087a9c335aa008cec72132d561728d470812aa9bfd6296ca4b71a288cfba57d9700294cbd7738b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\add18ad8-ffd2-4824-9d51-d598f7e8b412.tmp

Filesize
987B

MD5
0d849b64c59398f69451c3c26b6bd812

SHA1
fc5836ab8b4e80f2d42df443f42e926459403d07

SHA256
c76d09db970faa85eacf3ccfc00cbabc0591a710cb2521d5e44eac31f550a64e

SHA512
8abbb3a24a5f608659a1ade01232419fb93b4b3f47dbad3a25e22b66ed66287f908b55dc8026dfee25e6814ad72031b83f10790a16db960021e559fbd23ec129

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
152e27e372da7dfc9fc8df4c17d2c269

SHA1
d428098b0e9a108e9070bb62154ccf80b22b0f79

SHA256
84af37ef4653300010bc48ade5af4fe3ab1bf1b00e54748cd329ae52f16043a7

SHA512
7e7c2a37bc82ecd72f955c53ab1fae606214e6c6a2b9f3d313e6ebf985f19c93ed9c56a1aa3adbe58f2a97298a06e356a1909fce942a01a73cb2e2da9a95fa76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
018cc4292b4406ba409a387a40238fde

SHA1
559a1ade4c1fbd7beaf0be63f0ebcdd59353927f

SHA256
8941454835b98c413eea6713b9b187d61ee688d447c90b138b3403d965abc008

SHA512
a109c04bb41ca01f538a69239f19b48b036f2b3e2e465fb4e989f4e1d20ba37522efb5dbf4a2788118882d7b155495205010df734dfa8ac4940c70db8d27180d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d7f978d8-6129-49f1-9b04-a99f25f2e903.tmp

Filesize
5KB

MD5
fb8a470db4d7bfe996ebac87020cd6e0

SHA1
c403da46ecce6589a228897c1b9325b2277333eb

SHA256
47b24ac46364d810892136a03c356778038324a60de7c8a976b1ea18faa8f6ac

SHA512
a9dfadd551f56e74ff7172905eded01c85a49f91e34cea964fdc55678c673ca8e0d39403189b2e5f844ff98b7993b2d28c62625f18fd68a1b62a48c7afe1fc11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
337KB

MD5
bf36cbd2326cee04932b4a9bc4f6377e

SHA1
04d0019bcbace80dbc786d8750c488ccb7640e17

SHA256
f7142c34880b97b746b39ac39b33b443386059429d0659df0a72bcece52f1213

SHA512
722b608254e7c92206ecae586190da2a7bde624e95dca25f4e5df9b0827a3cab4d90508a4af64b9714827203449c5da93fd7cfc249ec0f3b2ee619f2608ca2ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
337KB

MD5
252f44e7c8804f69d41435052688252f

SHA1
08a74cdefe661aca1f53115e0ba4ae5dd9d640a2

SHA256
e44fdf1f37bbd9b2e3d85abe35f0e7987459ac0be7b9dfe5df8c17c218ec358e

SHA512
c499ef67fd4a60345155d122799aa94d051b8a9a3267bf982fa162ee052c1f37c0352a987abd367ddc628315e39face9fc2b552936e16be6ea06994a66ed1209

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
337KB

MD5
31627048e73c07f2d82cc4dab03d2d04

SHA1
26cc86e5358a411a462c6dd60272fa2ee7c5658c

SHA256
835e2e9a4bb80d9fbe51d6204835aa4a6e8b516a137f5e30cc422bc5c558dab4

SHA512
9e939801ba17359d4c784579f27763d96859aaa29b48e751b9b35cafa3928768ee754efbf10a9b7828ea88dbdba56a09bf3d88a423b67c5f8b3c6fb528e685b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
337KB

MD5
a02de0128e9f28f0a85157310f3b3087

SHA1
127cc6c72167ac8bb64b115f8515fa0379120c9b

SHA256
b22373e09a6b2f9d9b87d10d041b541c3ca84eb14cbb4de461042925dc71c6ea

SHA512
769f8d690e0d168bb2d65c2e17f8ebabb8837ffbce22daf6b38153133e9939ded9609a7fe103e4e47a66aec437a5bc2d41e0b710ee359f11102cc86d08c46084

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
337KB

MD5
0a216537fb68b89dbe3e49f1aade0aa4

SHA1
86a70d1e2565efe6f6cdf5c45a426505649dae53

SHA256
63f2b11aae8874fdd654e4d7587c3b1196e5cacf5599833d8b4b934d91ff8255

SHA512
1b8cfa503f36ee29a037ac2cb40f026cb0bf9e8d144f3882de6bc46587ff158e4b8d87a0a11c8d740c845593b05da118828047f81970c5a6257a84034d54e0d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
337KB

MD5
846f94614937fa892711f9a2a8d2d6e5

SHA1
d278b7ae85875a198eccf70eaf4678c90a965733

SHA256
7f16c789a6c303fa262696c0c30ab320892f52b08ab5f4e6c2b40a945d447e12

SHA512
2aa8049a36222904ac28f342ca9e8d17f937cb5e76be9bc40b3220bf1baca89666fc7ae7697869c6f6ab30ccfec1e0c8bc3dabdbb350b93313fb2186281c3217

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
81KB

MD5
eef9013fa6f23ce1d9eae05738211995

SHA1
accebc00511e976c1aeaa7a54836721d622f5a85

SHA256
c9fdc4e536d63c316509b3e7e5a66a7a3fae9d5237137770a71285294ce4c977

SHA512
26547b0a27599db5622e0cae95b0c4b5e2499acda951c78feba66c650018e96219ddcfb656ce844edfcbe88c935702fc6acb54d365a3b89310abcf12362a08c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF672.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF6B3.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\Downloads\systeminformer-3.1.24244-canary-setup.exe.crdownload

Filesize
19.8MB

MD5
e19efed1ee74d0df0025d29656a1256f

SHA1
ede576a3af32f441b747ee2ebc09c362dc2d1ce6

SHA256
d1f0bcffe5e8b4b912f617315036812731131c94bf691b90abb1be45c87b5211

SHA512
b5837b98354cc27e78e75504d180c28d7098f3fe2bc1d01a04886ef68eb2f6269dd8f76f7ca6bf07e4d85e8df1adb719faa5c762b0044be9f36ce7bfe9dc7a5a

Download Submit
\Program Files\SystemInformer\SystemInformer.exe

Filesize
3.2MB

MD5
90092d74ca19856370a5a52852c75a9c

SHA1
91a60eedfc2364c9536320a424c71fab226137b1

SHA256
1351d7e3f6fb5714ce2fb83617671d9fd985a9d8c87694a6fb2e0c0d42de2e89

SHA512
fd9823e17aaa011492295c2036beffd5126a8545d7489f47b8b2f0b003f41d364e916230e2d25daf9a45fc355cbeeb2f95d36f502b23e5142bd7367b3552b11e

Download Submit
\Program Files\SystemInformer\plugins\HardwareDevices.dll

Filesize
342KB

MD5
667abfe4358235a8ea43452393391c93

SHA1
102298d9acf090011b069a0a3fd10ee844fc50ae

SHA256
e92ff30071b8338f62212d83dbdecf3a0564aa0499674420cb607cf141e5d0a9

SHA512
a1db780432deb74fd4dcaa0479ed8edd7f70ad0f591bb2e0a7db8c42ae74aa70e66555c58e203fb2b8a3dd2f9eec65d0ceb941f28fc40213c1d8ec597ce1ebc6

Download Submit
\Program Files\SystemInformer\plugins\NetworkTools.dll

Filesize
737KB

MD5
26df94a327cd7748d60936c0363fbbfa

SHA1
5f531009c17ec2dda3f4ab7375d059da34529d63

SHA256
6485b6d73897ba11917c8fb8823b03d04b816165d44c89a296e99cdfe379c872

SHA512
0d04230dccda238a3d62dc7164f8fae92a248ebda562e1f0ee4a8083a3f32f416efb7f6a0003fde41b109b0b89f0ad3a88c41e0665c8b7651dccc64b244c5973

Download Submit
\Program Files\SystemInformer\plugins\Updater.dll

Filesize
181KB

MD5
5cc9829e8847bf65efcd1073decc48da

SHA1
835d860320e50a5c08d8c2e698988e5bddb08c4d

SHA256
51df37813303d5368e13d4f551a311035ea5eceb65bc21fb0cefab2e361c0f9b

SHA512
c46253326e1b903524984a3c55fd8c80a48ff46643ab523d743f4b30dd1d8d2f3932eed1b77ebd189ed06056272d0398701ec2f3749316091ff7095a932e830e

Download Submit
\Program Files\SystemInformer\plugins\UserNotes.dll

Filesize
181KB

MD5
e470f1c78daaf54b9c529c3c52d81216

SHA1
5508a04e0f70b14a515a9b59f1d0ca27d482f405

SHA256
0832e79ac55d6194c0848f0b4d3c280a31f93101b4c369a03220657a675d68de

SHA512
dcff957b47e38839fc26da18d9e955d4b876ff2faf27b631c286074ed9643500fdeab8791e3f9de1531cc6a50fcd784f7d84c56a8ffcc6b0bc1aa2fab47b9000

Download Submit
\Program Files\SystemInformer\plugins\WindowExplorer.dll

Filesize
209KB

MD5
c750a1d86d0d9e5184d37ade93f64a77

SHA1
e609944265184b3bbf35a51e2792682603fe61c5

SHA256
00d0c15703cdbb1ad9ac8a4061d54b594e5998cd57823a22c2127ebe2a2fc3b4

SHA512
d03240fe5e144555f00e032315f8c916e1e253646b5f7eda2bb1c7c582d7d3db6b5c247ab7e0596093e72cdf18749ecb1a2c9c3fa82b651c873a5b5d11401047

Download Submit
\Users\Admin\Downloads\xy_extractor_reworked.exe

Filesize
8.3MB

MD5
d491bedc32612858c3b94df73e41d192

SHA1
2b6a7adfbd31ec1c7071073cf47e47989f203a31

SHA256
a8bfaf929e99a99e601bed89d6c31435304de846c50cce1f33a18a8ed9bdbb57

SHA512
5b8e218b6461ba34bec5efa53131dd7b8440ebefdf557367c3c150a7a7e77701405049164a40f06fd0706e1b627b38b5c8b9425aab45f460eb782c0570541993

Download Submit
memory/844-176-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/1784-346-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1784-253-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1784-365-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1784-361-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download