remcos | hxxps://bazaar[.]abuse[.]ch/sample/1df5b2a41831081a752bfd626acb7e216d0c03b0e1b1a7c829a7348a54833c58/#intel

Analysis

max time kernel
102s
max time network
107s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
12-09-2024 23:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://bazaar.abuse.ch/sample/1df5b2a41831081a752bfd626acb7e216d0c03b0e1b1a7c829a7348a54833c58/#intel

Score

10^/10

remcos remotehost discovery rat

Malware Config

Extracted

Family

remcos

Botnet

RemoteHost

127.0.0.1:52121

officerem.duckdns.org:52121

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-6GPUH1
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
startup_value
Remcos
take_screenshot_option
false
take_screenshot_time
5

Signatures

Remcos
Remcos is a closed-source remote control and surveillance software.
rat remcos

Executes dropped EXE 2 IoCs

pid	Process
5144	1df5b2a41831081a752bfd626acb7e216d0c03b0e1b1a7c829a7348a54833c58.exe
5928	1df5b2a41831081a752bfd626acb7e216d0c03b0e1b1a7c829a7348a54833c58.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
5428	4092	WerFault.exe	120
6016	5960	WerFault.exe	128

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 5144 set thread context of 4092	5144	1df5b2a41831081a752bfd626acb7e216d0c03b0e1b1a7c829a7348a54833c58.exe	120
PID 5928 set thread context of 5960	5928	1df5b2a41831081a752bfd626acb7e216d0c03b0e1b1a7c829a7348a54833c58.exe	128

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133706592135812987"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2872	chrome.exe
2872	chrome.exe
6084	chrome.exe
6084	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe

Suspicious use of FindShellTrayWindow 62 IoCs

pid	Process
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
6096	7zG.exe
2872	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe
6084	chrome.exe

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
5960	iexplore.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2872 wrote to memory of 2696	2872	chrome.exe	90
PID 2872 wrote to memory of 2696	2872	chrome.exe	90
PID 2872 wrote to memory of 5116	2872	chrome.exe	91
PID 2872 wrote to memory of 5116	2872	chrome.exe	91
PID 2872 wrote to memory of 5116	2872	chrome.exe	91
PID 2872 wrote to memory of 5116	2872	chrome.exe	91
PID 2872 wrote to memory of 5116	2872	chrome.exe	91
PID 2872 wrote to memory of 5116	2872	chrome.exe	91
PID 2872 wrote to memory of 5116	2872	chrome.exe	91
PID 2872 wrote to memory of 5116	2872	chrome.exe	91
PID 2872 wrote to memory of 5116	2872	chrome.exe	91
PID 2872 wrote to memory of 5116	2872	chrome.exe	91
PID 2872 wrote to memory of 5116	2872	chrome.exe	91
PID 2872 wrote to memory of 5116	2872	chrome.exe	91
PID 2872 wrote to memory of 5116	2872	chrome.exe	91
PID 2872 wrote to memory of 5116	2872	chrome.exe	91
PID 2872 wrote to memory of 5116	2872	chrome.exe	91
PID 2872 wrote to memory of 5116	2872	chrome.exe	91
PID 2872 wrote to memory of 5116	2872	chrome.exe	91
PID 2872 wrote to memory of 5116	2872	chrome.exe	91
PID 2872 wrote to memory of 5116	2872	chrome.exe	91
PID 2872 wrote to memory of 5116	2872	chrome.exe	91
PID 2872 wrote to memory of 5116	2872	chrome.exe	91
PID 2872 wrote to memory of 5116	2872	chrome.exe	91
PID 2872 wrote to memory of 5116	2872	chrome.exe	91
PID 2872 wrote to memory of 5116	2872	chrome.exe	91
PID 2872 wrote to memory of 5116	2872	chrome.exe	91
PID 2872 wrote to memory of 5116	2872	chrome.exe	91
PID 2872 wrote to memory of 5116	2872	chrome.exe	91
PID 2872 wrote to memory of 5116	2872	chrome.exe	91
PID 2872 wrote to memory of 5116	2872	chrome.exe	91
PID 2872 wrote to memory of 5116	2872	chrome.exe	91
PID 2872 wrote to memory of 4148	2872	chrome.exe	92
PID 2872 wrote to memory of 4148	2872	chrome.exe	92
PID 2872 wrote to memory of 696	2872	chrome.exe	93
PID 2872 wrote to memory of 696	2872	chrome.exe	93
PID 2872 wrote to memory of 696	2872	chrome.exe	93
PID 2872 wrote to memory of 696	2872	chrome.exe	93
PID 2872 wrote to memory of 696	2872	chrome.exe	93
PID 2872 wrote to memory of 696	2872	chrome.exe	93
PID 2872 wrote to memory of 696	2872	chrome.exe	93
PID 2872 wrote to memory of 696	2872	chrome.exe	93
PID 2872 wrote to memory of 696	2872	chrome.exe	93
PID 2872 wrote to memory of 696	2872	chrome.exe	93
PID 2872 wrote to memory of 696	2872	chrome.exe	93
PID 2872 wrote to memory of 696	2872	chrome.exe	93
PID 2872 wrote to memory of 696	2872	chrome.exe	93
PID 2872 wrote to memory of 696	2872	chrome.exe	93
PID 2872 wrote to memory of 696	2872	chrome.exe	93
PID 2872 wrote to memory of 696	2872	chrome.exe	93
PID 2872 wrote to memory of 696	2872	chrome.exe	93
PID 2872 wrote to memory of 696	2872	chrome.exe	93
PID 2872 wrote to memory of 696	2872	chrome.exe	93
PID 2872 wrote to memory of 696	2872	chrome.exe	93
PID 2872 wrote to memory of 696	2872	chrome.exe	93
PID 2872 wrote to memory of 696	2872	chrome.exe	93
PID 2872 wrote to memory of 696	2872	chrome.exe	93
PID 2872 wrote to memory of 696	2872	chrome.exe	93
PID 2872 wrote to memory of 696	2872	chrome.exe	93
PID 2872 wrote to memory of 696	2872	chrome.exe	93
PID 2872 wrote to memory of 696	2872	chrome.exe	93
PID 2872 wrote to memory of 696	2872	chrome.exe	93
PID 2872 wrote to memory of 696	2872	chrome.exe	93
PID 2872 wrote to memory of 696	2872	chrome.exe	93

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://bazaar.abuse.ch/sample/1df5b2a41831081a752bfd626acb7e216d0c03b0e1b1a7c829a7348a54833c58/#intel
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe7a28cc40,0x7ffe7a28cc4c,0x7ffe7a28cc58
  2⤵
  PID:2696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1940,i,2650694006752223836,13140593081829886189,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2144,i,2650694006752223836,13140593081829886189,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  PID:4148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2244,i,2650694006752223836,13140593081829886189,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2384 /prefetch:8
  2⤵
  PID:696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3144,i,2650694006752223836,13140593081829886189,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:3376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3160,i,2650694006752223836,13140593081829886189,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:2800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4436,i,2650694006752223836,13140593081829886189,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4548 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4764,i,2650694006752223836,13140593081829886189,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4772 /prefetch:8
  2⤵
  PID:2560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4792,i,2650694006752223836,13140593081829886189,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5036 /prefetch:8
  2⤵
  PID:5776

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2148

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3804,i,3387628439405076340,17957358341235678872,262144 --variations-seed-version --mojo-platform-channel-handle=4152 /prefetch:8
1⤵
PID:2900

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5916

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap236:190:7zEvent30675
1⤵
- Suspicious use of FindShellTrayWindow
PID:6096

C:\Users\Admin\Downloads\1df5b2a41831081a752bfd626acb7e216d0c03b0e1b1a7c829a7348a54833c58.exe
"C:\Users\Admin\Downloads\1df5b2a41831081a752bfd626acb7e216d0c03b0e1b1a7c829a7348a54833c58.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:5144
- C:\Windows\System32\svchost.exe
  "C:\Windows\System32\svchost.exe"
  2⤵
  PID:5248
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"
  2⤵
  PID:4092
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 12
    3⤵
    - Program crash
    PID:5428
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"
  2⤵
  PID:5384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 4092 -ip 4092
1⤵
PID:3644

C:\Users\Admin\Downloads\1df5b2a41831081a752bfd626acb7e216d0c03b0e1b1a7c829a7348a54833c58.exe
"C:\Users\Admin\Downloads\1df5b2a41831081a752bfd626acb7e216d0c03b0e1b1a7c829a7348a54833c58.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:5928
- C:\Program Files (x86)\Internet Explorer\iexplore.exe
  "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
  2⤵
  - Suspicious use of UnmapMainImage
  PID:5960
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5960 -s 12
    3⤵
    - Program crash
    PID:6016
- C:\Program Files (x86)\Internet Explorer\iexplore.exe
  "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
  2⤵
  PID:5956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 5960 -ip 5960
1⤵
PID:5272

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:6084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffe7a28cc40,0x7ffe7a28cc4c,0x7ffe7a28cc58
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1868,i,4709577128877503627,10485168966657033471,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1860 /prefetch:2
  2⤵
  PID:6100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2192,i,4709577128877503627,10485168966657033471,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  PID:2416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2264,i,4709577128877503627,10485168966657033471,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2460 /prefetch:8
  2⤵
  PID:8
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3172,i,4709577128877503627,10485168966657033471,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:5500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3196,i,4709577128877503627,10485168966657033471,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:5520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4584,i,4709577128877503627,10485168966657033471,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4612 /prefetch:1
  2⤵
  PID:5572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4904,i,4709577128877503627,10485168966657033471,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4856 /prefetch:8
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5004,i,4709577128877503627,10485168966657033471,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4928 /prefetch:8
  2⤵
  PID:3656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3584,i,4709577128877503627,10485168966657033471,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3896 /prefetch:1
  2⤵
  PID:3024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5160,i,4709577128877503627,10485168966657033471,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:4988

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
4fd2e1e0ee89ab2efcf64b13813dfb57

SHA1
f1469469ac1884f002fbe3cba1d8be88cfdf39af

SHA256
b94064c9e6abef05638da45947d0760325acfec963626406aa73bdeb3f3e77a6

SHA512
f28e540f5e356191f33a7e5cb091d9e6fcafac73a94e87d6b96823ff9cd8d914ed319cb3ad1ea76a5e788b7637826b6b5fa6b3a6c96f24353c0c44f9ce0b00cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\1ae2816e-3e4a-4c24-b6f8-3d5337bd4f33.tmp

Filesize
9KB

MD5
39a1fb18be441a856b01f9ec28ed52e2

SHA1
d41d5ad23ccfb27d9f08481e36e88a198f6ca8a3

SHA256
c3fe5e2383c9d42c2ae1047468bb0a5b47f3956d32c2f0a4d0e88678c25e3865

SHA512
f6f64df93139421a7f23cb4a9e58bb5114b3e0a3a6e69aff6843112c5a8d5ecc39973845700436dd459685a71cf2ad62b7ae06f1930661c85461084351fa7dee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
38d1842e4ba305f8ae5423e7ffad05c7

SHA1
fd5845fe93c4ed97516987799520f9df8b2e8fd1

SHA256
b8bbe172a5633bc19797d2a648cb1430f69bd14c06a8191cd1d8c19c89f96013

SHA512
86c2f7556feba7847d22c432e16f42051a51d4bba784ed046e36ef4118fc06f5ce308a3ce51bcb1b138de5d504ad24e5c0ae38dbd3ad597391b3a32d73e764b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
3604abff4e9c25d731bd27ad86b2c5ab

SHA1
e218824d3d8ab51120663cc73ed847fa2265e77b

SHA256
98175672d1e804505f789791a6ddaa2aec5f0e88125a4e6dcff77ce3908e55b7

SHA512
cb4a775b411012039a8cd416d14488ae7972681b34a2929ebfbc85ea30e15105d09a202a17f98ba1b55c5c3f179872924a1a9215a17e8effb46269d80945778f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
81c0e15d04ac1081b205c0b6ce32417c

SHA1
0d89d1622fb12ab964b47e9538ad423597128f7d

SHA256
fd5c799a90a77c0e8729725486f2c086c1a5553507fad68fc1d47c479a0ca5c8

SHA512
909130b40404373f9b78177369005455a728b8f1c16c63185c911d8dde61295be8728c129282332cf81dbd13a4d140084fc7b069635bb77875df860ff07c228b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
87f0a01d8c246612cd3c9043565c422e

SHA1
839a286beb7cad3bf9573d0546743298a8863f94

SHA256
e92609557065e117a523ad6b96318fbe9d738a25b80d8451c1ca64223e629f83

SHA512
3ee27400762f0c1e6e18ea4184794901f27ec9239dee680dbb47c0aba4bc5b638a265cb426a53ba9f0fd2568163c414b26d5d797e2d721881c3210baa69814c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
c4bd260d6fe494e7a5bf785ab09ec25d

SHA1
25bc74c1ce8f1e9a96ab9edb0066c6a5a4c3635f

SHA256
5c530fa2731afff9da9f655b84834bf4697815f6d19f04b9e059dbdf69978c84

SHA512
85d36f2a63f79f049de5eb7df9edd051649eb530253a01f0b090dbdaf8b9241ebee211a797219168e41991e8ec987d95f3c7d5cfa0be0fe09ed70cbfea75a15e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
22KB

MD5
3b5537dce96f57098998e410b0202920

SHA1
7732b57e4e3bbc122d63f67078efa7cf5f975448

SHA256
a1c54426705d6cef00e0ae98f5ad1615735a31a4e200c3a5835b44266a4a3f88

SHA512
c038c334db3a467a710c624704eb5884fd40314cd57bd2fd154806a59c0be954c414727628d50e41cdfd86f5334ceefcf1363d641b2681c1137651cbbb4fd55d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
30KB

MD5
888c5fa4504182a0224b264a1fda0e73

SHA1
65f058a7dead59a8063362241865526eb0148f16

SHA256
7d757e510b1f0c4d44fd98cc0121da8ca4f44793f8583debdef300fb1dbd3715

SHA512
1c165b9cf4687ff94a73f53624f00da24c5452a32c72f8f75257a7501bd450bff1becdc959c9c7536059e93eb87f2c022e313f145a41175e0b8663274ae6cc36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
77KB

MD5
b15db15f746f29ffa02638cb455b8ec0

SHA1
75a88815c47a249eadb5f0edc1675957f860cca7

SHA256
7f4d3fd0a705dbf8403298aad91d5de6972e6b5d536068eba8b24954a5a0a8c7

SHA512
84e621ac534c416cf13880059d76ce842fa74bb433a274aa5d106adbda20354fa5ed751ed1d13d0c393d54ceb37fe8dbd2f653e4cb791e9f9d3d2a50a250b05f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
95KB

MD5
d0ca9d125e32188b1a806dd871326db0

SHA1
4acddbe003e14b42f792ac4d5b852f3f142f4f59

SHA256
06c83ca2530bb2d924d2b3fcaaae87acd185a229c8519cd541822fc6d1ed795c

SHA512
f086cde539e6ff0d4d649c14ceff359f9191ef2b32ba6d205426376dad55df08620631609d4c981aa26f1a520449b99796cd97643ba17ec41774ade51ba7adc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
20KB

MD5
a370f8ad917b15809ca744525fc65499

SHA1
6bdcbef8e0ac0d05e99a9d4b47aafed9bb3a3f56

SHA256
b71840861413e27232c7550f489f36c49f13340499152642096759b76c4829e3

SHA512
b81949d3a7f0532a8af4d24021a91cd2593fcd86c12c70429e7220b98e6f30bc4ed47863a2980ae5f9ac13da72ae142222ea6ffed12ce745625da3116de79432

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
31KB

MD5
6ea2e4e0dc585dd7456eb5375bf1bc1d

SHA1
d657004bb6b457debe944cce8f9a7b84f7f1dbf1

SHA256
edc948d32d997031d350ad40ae8055e870f7f9cac9ad0f3d1760bf1ad3766f3c

SHA512
6c3eae3f7297aad536ec5afa55baab0c0b981293aa322b77dbb35cc829336b87bef583f11a613145968c21ecd1d0858e4d4e4b2ddf7720a548c1a91616dd9607

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
29KB

MD5
4b5f5ce5cdb6735a8fcab7d685d26591

SHA1
7720a7085c65dcbceb3ca16ae3ca64970a560178

SHA256
cdaf653ebdf166097a754c2a80e4c3342ca8a478cd0ba6e0d7796c7a041ceea9

SHA512
f562ac205d0b62442e41626a2e60d5de4d22ce2e3fe2d239649604340a36a24807c4986f2b7b8ab3eae55338fde4a3a60c2bc14e326aa4c08974f1a9d645013a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
8c3bce92a71a5b521782b43e5f86804f

SHA1
32f4fb490298aa2993ee5c5d4058919682861885

SHA256
07872114d3c1194b56e8fe6f4e9c992d2a3b54624698304da5dfd39f6cf3d57a

SHA512
1986bfeabca0be6ae06b7047ba508fb1be7244b681e2f1482d9db22754e25ebae927381929922d7e2ac988b8392fa0a80c9a0227fb892fe033d1bb6c5be6beed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
8eca61062e40815bb415d819c672330f

SHA1
685aa07464c996cf0b9877f89fdc0f343e954607

SHA256
1e50b1be78012a3bed1410da00034a99e9d6046f284c31a4d857e80e1a04e28d

SHA512
c8250eac0339149b60c5756865bf3c313da5451adc2ce5955d4aec6c0c6e8a7aeca10c7549e6f880fec2abbb50a316033157122330c17c36a3dece107070b1c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
69fd37a06c32b7d0e6f1a6ec10726bd3

SHA1
a808625c27b637a8f533608e4d55a55db5dcf6bb

SHA256
79b3bf3ddd29bbc4da9ca95968f4b5d3e95b3533f155a880f723a023c762dc68

SHA512
ecbfe762ee840cb20deb363ee039261d9e2230dbffb4ce570d088903895bdd7bf819289aac7e6ffdcaedf6a4fbf0f654eb6b085068f9b9c215bbfd3e4944fbf4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

Filesize
20KB

MD5
f43aaf6da71f550aa70d71f9056c4912

SHA1
f6e2d6695591c24e68cc40b818c050d5139c09ba

SHA256
aad61d8c505fb64072c8e9f48c5016e0c7cc988b17b85ecdd51535367006cf92

SHA512
5e0ef747b6c5dccc9708e4e12cc61755b604aa2198c3714909810c4220af7df2e7336213e17a024284c2ab2f677a6df464303d13378d8daf642c13d9520752be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0

Filesize
44KB

MD5
9a159b9e58c8373764d2eaeae0a009f4

SHA1
9f4cec813bdef51fa3c7928312855c64281f3ac5

SHA256
652a318869712f0f36a8d2923139bc7874db5aecb00ae580f62017b7d02b6bb5

SHA512
f5b3b9ad8c24d4e2e80e1ec16db07cc056254271de51b8ee85ce360c9c46d335351d1bc9299bc9ffa6038f9fb8c6cf4ea94cdd46ffdead2dd554aa9b79312eb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
677355ddd8d8aeb1d59a599f11cc437e

SHA1
a8ac6b904323157d0abe8bb01dbdd55a39279e93

SHA256
bfc8e97575812945784888039c2bdac1f984c46ef0c763c7884188e40bafa4ef

SHA512
882f273dca43577f3f92b68c76f514f651f2373eb8a06ba6466f31a572e16b0abfdc6d6374bbf29db889840e1aa9fdf998c7b75b80c19b428ea2a4881ee02b72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2

Filesize
1.0MB

MD5
380c1c9e8581caa1fe269e0510ce1a62

SHA1
06c6a325c3e590e989390d4eca412dc00b3d14a6

SHA256
8b6b078e206d099d7fd3ab8757397ff343bfc031bab1109f0abb5c352ea9fda1

SHA512
acc0f46287eb8947a85845f72ea01671f81fef2421071902843ba96b8ba2e0ec065d62ad2c349293e688319182fc69bb95b33c1fabdb27064bce1a9fa845cafa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_3

Filesize
4.0MB

MD5
2a2d636938915580e45e1b1a7de05072

SHA1
bd498d44ef69244d1a7075f07f0163559551a027

SHA256
156f31ec5ae26b387a348cb285a24aef5efb44cfc39642c9468f86e72ed6f979

SHA512
76787bdd6f3d7aa623af536f0fb9875cf46462cd14c95a0153e12f594f64b08b928508e1d1ea475cd94513b75b6e59fade886024cd50feab954a27598f92927a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
160KB

MD5
533c69c2bf936320c0db8e7510301f7a

SHA1
7bab431a8f91067b1713b9504ebd0261ad46d6e3

SHA256
433fe0f75aabaef95ebc35ebd2316aad924d7a027134913ac0da9d89cfc422b7

SHA512
5fa3b487d04ff1fbf191df037d400a0d74915512389e5e3c757e1c556218dc24f62139e91a25522e8ee60b71893e56e9169c8c35d7313d3996eefc82a7b65f61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log

Filesize
556B

MD5
603c13db5a125d37f5a451ef921bc342

SHA1
9e813afe6be81f2a4972a6bf976f68b2b233cc21

SHA256
3b669bd41b5a11a554af2309befcb22e24570939f2be309cff4627d34c64fed8

SHA512
952791c85b048ad52a9b0625452dba64adee97500340f62a2833afd40a77bd4effcefe52c7305ba232376d366f0b64aa37177f9d6262a208d0015449682c91a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
a05ba127d59208c4165660fc8eb5bdd6

SHA1
1796244697b1a2a0e71fe4c7e5d44871ba404221

SHA256
dc89d31c652970a820e950543195ab3747ffaa734def634fccb4a8521767ab31

SHA512
13e51165184dd5ebee3a5832b5e27de763f832816bde9cc0a013955efbb27247fea6ac341d15f9b15fb0e01eb7a00615d71148755b1c08df22226dffa54170ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
20KB

MD5
2dc446ad53e09b1e03b25215110edd40

SHA1
2f424a39a3ce58253bc20ce8073d13000cd1b605

SHA256
c58fea7e393a03d066620c45d3bc59833cab0fcb7ac10624ae2f651e52bb843e

SHA512
796a285bbaadf0eb7f773e7d54a6327b44891293b9031ea320dad5a44e2baad829f0fa78204a7765ee4874e6a78f5be782d90af32fd83a00c4436803ece9fa25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
14417c5e88d182c7c04d1d82e16d0431

SHA1
57c8c7e97fae6705f7ebb1336eafc1d88d95b4b0

SHA256
d3029bc2852faf85f9065ce4cd1cb0d40dc0d239715b3286813150ac654a48d3

SHA512
9e630e2e0c2ff48460c5c2cb70d75014004319aa1c0fd3d57b7ce753d6eab0d95362bc5d975ec2e997998aa4290bf23334eb17512e6fffc4b469c060a8f00bcf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
7461e5e0c2511971693d600115031255

SHA1
66b5fe92d93f88cb79dff63b826ef891cf04c554

SHA256
735356121f0bdeaa39bf9155e60081afecb667a4ec7b745c174c8bcc5757ac78

SHA512
853db761e5763252af3f50b13f26d815b0734c169b0ae23b8db77d4e3a9fb8319c6d780c07b2f52c4d3d197e4debd03b7624f67b2d8d5d23fc3f11d3c1b44693

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
058bcf4564523c3de1df68b25afa065b

SHA1
f088e7598f0af56cbb091a065152292b700d2982

SHA256
c39de0fd84b9b12485c0e9113b56aa1bb2b16fcf89df6e64f32a210badd9c72a

SHA512
f5b5b2acad884f9b7efa998265246b5453ada74a05e6e1879a019d554cfbca9ae97c8861c4758c44ae8b0139cdb03a895c635b3e9890065b713c42ffea31cc0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
b6b3dafddc46488b2e4e2f6d4439ebb3

SHA1
6c56640cbeae530bd893e9607337859e8c228afc

SHA256
c87dcab395b5b022d12d38e0afd06208de9ae4c11f1326c9ca9d2fde5efc3b6e

SHA512
94f2c0c442beeccc15ba91c05954ee6b60d961b00758b62af4ef0c9cc59b23e88bd51e790bc6ec456294dfc2a32e82b09a7cb8385a2fa1330fb228df9625f978

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
b8526a7af008a4921bc4002864eed00a

SHA1
a2a1ceaff398b88b1ef7e90fe282832660690f38

SHA256
a47c7ae62355c093fa6bdf5b915d5b08c5d6cf6746f7fc2a7109aa17436f9bd7

SHA512
5a1bf9d2c4d0a3373c023a024782b4a5ecf3f83ec289bb34aa77e4c2b1803a586970981d9c98399d32a59fd2c2b1d60ef46e3cc3f39bab630c4d2664ce951edd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
8903a618e94d0bec10b9cabf9a2efd24

SHA1
4c99be134b38fc3795fc6c054a7e347ab4440d0c

SHA256
09f929f88af17ecb7454929ca2fee3351218652306b8a66f694f1b880a724721

SHA512
6e67ad74f0d612dfaefa34650146812859507e101bb0306787a373d2f135a71eca16fb9a3a0576139d8f3580835637861dbce5d2e2cfa301dcd69d7816fc5554

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
a88980f8e0a5ec4c74834f2daf4095dc

SHA1
f74e85692328ffcf8673962fcd8d39839a8a5437

SHA256
83f1e8d524788e3257f0c1d6807b791e33f1e5dc491a1446dd0e49e21de2b88e

SHA512
848053f219f38c86901fabd6c0f40d19f5c08f9d3c335d646e61ed812bb7364a74676e6ef84ece4a8d44e1ea15890928845cbaa47b5969e9e8834735af1bceda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\e210a6ef-3db2-43e9-947e-2f2a1f46bf91.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
86b479007e4df3cc00cdb677b2f3cb02

SHA1
cb70972c2524da12534ea557360ad83665408ddd

SHA256
456152808acdab5d79a04d691995f44c4524f6226bf082538cf786068bd80299

SHA512
5b0669ef3de7763a07e427ce54c2d4d0f9add0092b736a3f478b5839548cdfdd5506951ee5b174f886084a97d3579b570f99311ccce913430b838b079626b827

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
14805f6da82a091b625d0ce04899ab73

SHA1
5818771010efa41ab161f1cf029a8deaca1866e6

SHA256
3e38945778d6b817ef5874a55775f22543695dbff98afe3eada77c9804d66346

SHA512
f161a3e17898f0a1a40ff26e571d3a9bf970775f838be352d68c60285b0ebd6ca5d4ad0c81d4c2a21ee4267ddaec2a46aa7fcb5b73c9cadffe5759ef8526cdb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
084440d973b3d220b8c1504a3870ada0

SHA1
04750389f69ed6346ac899f049fa646166a378f0

SHA256
9ec58dd761ced4d6e881e503da43a98b60450a45c1d3b558f75911fb0f741e85

SHA512
aa1dc8a23a64cc0084972204eb27eb4284dc91365c38dfaf8f0dec024356b090543fc31d81654558b994c876badc335ded1b597a6642cf35746d2ef391e5e103

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
156d56da5fca6cafae4926aa4c3a3108

SHA1
5f91acff8aa0469d4f581ca29f6064f6bef8553a

SHA256
fc4df3703c17b90f2d3d6203457482f2ff3ccb3202854ef40b9955f02219135e

SHA512
c70a1d90b06306af250206c420828c42ae9c1492dac48e093669c0bd1b7eb0e32b5c21717fbf3864743d4a1396622dd08a4f14a1353d6d1382069480a52e6532

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
db1dd1e62fae4a81c18fc2b1dcaf4dc5

SHA1
142ae49900e4a43db5150a1951040b9cee782a4f

SHA256
a1b6b814aa989e87b0615d90363c0fabf5efbe35a4a8d2cde1af54e12fb76486

SHA512
3b18b6a9cc87349a93494336479ecd147e63b6bd52afe14078c74d43cdabe818431ecfe93ff47ce1dbb66b3e5c3863f61c19478075382bcce8f0b4a21c862327

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bb97503b15ab6b1d5bf33c32ba940397

SHA1
cddeac0c06eccdfd36e565c9811ade94211db672

SHA256
c5005a242d6374f474fdf6fd9474f2569b2c154d2ce2952d3bfb98c474cfe41c

SHA512
97c70eaffd2981cb81814f63502cd58bb90298b58ced486035518c42df2bf37a1ff5441d27c6db1a358f904788c4c804c82d404af9d740ab903f005e63e358e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
1a755b4555e94994cf649154d6e2317b

SHA1
2cc4919c38d0ae7db38c9d957cc1ea3e33c6be5c

SHA256
8330a3620016602fb917a7d50af85bb215bb857f88c5cc03e451cea5e22fe10f

SHA512
41817bf89d67bc1ffd0c95b845f3c01959d326e7c53ceb5a224025e19fd054cf81f12c3bb19b109beb0109d2b0507f2052116b9159a676a6187358d6c3848075

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

Filesize
333B

MD5
cc807a05387b65965872bb4fc5aa0319

SHA1
c005cc414313ed13686474d88109de43c19fbff6

SHA256
3670eb2bccd9a096eb7cc7ad877d13472407b39207c42edc0af4c78eb43eae94

SHA512
ebe9bd3af994f43300463002910d9f3db74a7150012a1a06707b9b02b8680f87c8abc9c831cb858a9a9b44e06e4bf17ff23e18c191ebca0ac8c4f02c33daf8f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
317B

MD5
9484634b8fc89fddb4eec59bd4bfcf42

SHA1
80ec14e91a770e86c6d3185d15fe3f653257ca39

SHA256
c991e50b26137861f7268ecc4b74ec83cc601586e31483658cfd39956c23b435

SHA512
d338d4d71cef7907dea96a6e5ac68209ff9da943e9313148b6fc0f13e10d0e7c43de597b94d3df6a3c693427e5fd39e3cf8b158982eb2609add736b446e39538

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13370659275402461

Filesize
7KB

MD5
400d449bd0acbaa928bebef0ed027119

SHA1
85bd37b48046323ca13488d05aeb5cf280c23654

SHA256
74f31ee16bc96f5ccfbacaf938260c411d6407560918155ea6bab18addcfb616

SHA512
2b6835e368e3e3138658f1230556749c969caeccb06a066f1339149eb9785fb6b039fee57999f624a480555aa5262bd3564ead935ff9bc54a961d66b12b4bf0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
71120091835a37be3e415f5911842cbf

SHA1
a16f761203dffe0b26dd5918ecb1891edff35334

SHA256
dd4fd3b8a23f9b5c7f39ba1170e2bd8aef8281bb85caa0d58807ace0bb1c2efc

SHA512
70f52433529823811d2679dbd6ba683b25d0445a8655aba9784f59bca39dc1b3c69c8c55a13292e126c5ced08ee3fc2818d8ebdeb956425b077f89f3807b15d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
43dbeae21426f5498d8bf35846846cdd

SHA1
e4c5cf819e91a2d06728becad7c775fbd3ef015c

SHA256
c6277ecbfda1d35a9e349fc51883c095f98c1f430c3cd23269c2a4b904baf96a

SHA512
5212fcc2b847d96f402b996a43c5551f66228657aad6df8d80e93e5eca7a52781a3d6b04c909cd864b301bd7cb4436cccab1c8a00df1397fb594e02c65e6a17e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
0850d669c7b8ab89f36eacaf96a5925c

SHA1
3e8452d81807699c2ce0f2b2973fdfe37e056b5e

SHA256
ff65ebf0b8aa3f932ac6711a164774b799c5f5614cb9ef790ae25b7ac728382d

SHA512
835d247cc8f67c3dc183aee421ec36f82404027ea39d469af76bf0496ec5fd4b592c0a07415cdbca8ca16d5a190eb9c4555e2a512150eb2dbab275e417c630ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

Filesize
128KB

MD5
a8a84a805067c64c7d0906e673c4d3ab

SHA1
b3373b596863a3ec9dd67006dcb9e31211a3ae2e

SHA256
d7ef1b6ac0b7ec4cd4f6b16f076597636ae3b559cced37837d0fca0eebb78924

SHA512
c4b8f308208ef5cd586ceb94dd94f44153114873f3e9d67b1b35aebcf4aa12531406b634e184ad74bddd5737671068421a9b2b1f28aafa3e5343f8b503ea47f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager

Filesize
40KB

MD5
3fd9edd3898aec8176b9fecd3facb052

SHA1
e315c4c8bdff7e34cba19adfc93e4b18cbf30922

SHA256
6d78f83f364c7fa77059728673f3c6891a93eedceecdeed302176054c5f6fad3

SHA512
e7835793f91b752c054fda53b30c16668d4680758e024380be920fd00a421046152c4b4184be50600676556f2290c9aa672879cc42ae297c5c3f138032d4dc48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager-journal

Filesize
8KB

MD5
b6246718d3bf6b559295febd5773bc73

SHA1
5a84f0a883861690416759eedfd5f4a859d18a31

SHA256
20cbf66e47e4cb37154f8c17e338c8e377cf609f42949ea83a071ce3624a49e6

SHA512
3fa00b8969185c880d0c60dade44cab631b3dd04356f53ad12e5530b1c7a80b54f27b2304d55c14a9aa306e2983b4ad908d12910de7af8c89b8a4b0848c566a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
335B

MD5
f363952d5cb1aa6fca0ce9743dc6d2ed

SHA1
aba52d2708f6e03f049e185f9e29d271c6060d0f

SHA256
41f94159b6b62cce4d5063a54992a6f2c3887e6e78faaedf229e25f171d16a43

SHA512
930aa16665c56fd1b73a84c157da674d61c52aebee69e57bcaf258bf560c46c73cec0cac7365ea505ad7118ab140f45e558dada2348c940260848a460d0058c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
ef48733031b712ca7027624fff3ab208

SHA1
da4f3812e6afc4b90d2185f4709dfbb6b47714fa

SHA256
c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

SHA512
ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
207KB

MD5
94b06b104ee1cbf081b92c69bb984231

SHA1
bb1ecb7baf6aec0649b89765f73e88db3cc3386f

SHA256
1de563512a73e8d2eaadbafef7680289fe8dad71a773685fccc01c9d48ebee64

SHA512
6ec5331fe89bcc4baaa90b78ee7af9e937b1d328686859ac3b7b40a7f786a4d0db7d010e64a3256842195faa401f27f050be4ae830932fa61c12765cfa5ff67f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
207KB

MD5
198b863177be129d274a2e08694e7de3

SHA1
c2f3242cb97837b7776829ffe6d274c72f2b1167

SHA256
b0ae254f69e0fc18b044e6cd27b1fa04adb83d8cea29ea15ea48c01c77b35a33

SHA512
772cb7927ef9ae1781f66ccb00912ac8b546a87bba3ef1df5fbfcc3b1ea1a9fb55a5ef49f146e316f34973b840b65525dc24685764e490332098a4b798e0ac2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
ac66374e892bc4694241dcf036342349

SHA1
2a9769febafa5d30b1db2c6f37a9f8d8ba0e33ae

SHA256
ff4f360e0024f7a5aed21f7e215667b0344be50144a18e4fc9e000c994106581

SHA512
a71163f4889bbd6916e69369468fa0657c89eef2adc4cdf3b264b4c7706f90cd1d0d38b08ee5769ed8d4fd4681e20e26be20653592cef55b0650e4875a5600d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
a1d21981c4077c3067a01bfcf96d916c

SHA1
0bb2db19acd78085db92e300cffae54dbbc2fe05

SHA256
88b21bde9b34b6502fa68254b10465e94924829c4f40bcc01bd21e0f322a0c42

SHA512
b260a15d8e6090f0656ff94e6c9da9084325d368dc26ae898859bdee4b7dcd7b20d8f5295325c65a4ff74062822a2f717656d2fccea031e385b0e0f9fe5d8876

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
45a69cbee6da47cb89c2a3ea39989200

SHA1
bd565dd96c659867884db2b87c0ae157cb5d3cab

SHA256
2a3e3b70c771440af6443d7d0afe7ad1047c75dfd104520ee933cba054d6bef2

SHA512
0b0365000011fd8de240bbb5b44ebfd3b5d32cb6a90e75965851f013c097b429fc49cb2b2a88d3b3c2c107315cc02abdff56fd2c914e75b5574e756614863990

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
0882149ef7ca1cffe0807e5e9c9c0f7e

SHA1
df8ee1136063db64cd04480b2dc89b6a14278467

SHA256
e127939d52cd8ce8edc2f2bfab3ae3d59d0cde18804c7f99912d491085234611

SHA512
e1c9ffdef26ad201ab7aeb4ae9e24230998a43c1e21d9e918092a633f9cb3cd0bea85e9e7355817fdba5cb36244f9b2ff73c2b8488a1db4fc1b776a82e733b60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform\ukm_db

Filesize
28KB

MD5
5369d8c7797d2e64d96107c6b6b84c98

SHA1
594271f46db1738d116d90f6dde586814eec36ed

SHA256
97b7422018d3873bf5b3a1a75c75b15f09649c64695452d106cb3b9bd09f9e9d

SHA512
9129b09beff587de4073dcfc5f5024b856adca9a440a6287a3676fa46f88db104d577e57ff62d66d37b0a3f9c6a18e497ac3e3a1f3e0232464a48f9fabb3866b

Download Submit
C:\Users\Admin\Downloads\1df5b2a41831081a752bfd626acb7e216d0c03b0e1b1a7c829a7348a54833c58.exe

Filesize
1.7MB

MD5
2ba2caed8e7776c9895db0a3e5e0714c

SHA1
a3db8f2e22f6674ec60f6fbb11adf1bf65986827

SHA256
1df5b2a41831081a752bfd626acb7e216d0c03b0e1b1a7c829a7348a54833c58

SHA512
5ca99a0247c154b78a48f0e1b9e663f4ed6f4f1a78f0ff0d93e8d8579d419051ace94d8b91d3889b83f4c227ed387641614365e0ee5e81f23f409654b86677ee

Download Submit
C:\Users\Admin\Downloads\1df5b2a41831081a752bfd626acb7e216d0c03b0e1b1a7c829a7348a54833c58.zip

Filesize
827KB

MD5
77a18b98e81524241887c06c4a53cbfc

SHA1
37c3c62c3c76ada2a9f50bf155bbd818020a1804

SHA256
d8c79f0a336803b9c6c5555678071ecbfdc9645fa1ee5e260eddedfb58002c73

SHA512
beb74a671796efab24280ab418227927c195778c53b9b61e973f7448c59f03a0672ca68b28881043744de5cb937937bc7bae8f28c85e7010458f97650bededec

Download Submit
memory/4092-170-0x0000000000400000-0x000000000047F000-memory.dmp

Filesize
508KB

Download
memory/5144-167-0x0000024B22E50000-0x0000024B22E58000-memory.dmp

Filesize
32KB

Download
memory/5144-169-0x0000024B3D540000-0x0000024B3D60E000-memory.dmp

Filesize
824KB

Download