3a601c07be6a92f8f5111a31145080a53d72fd48ca6d90fabb38d7bcb2dca4dc

Analysis

max time kernel
205s
max time network
203s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
18/09/2024, 21:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Cryptic-Executor
Size

311KB
MD5

3fd6788291d3c2c14c88bf44e88c6c0f
SHA1

eb4eb7fd67199c169836735eaedd1283d7983bd2
SHA256

3a601c07be6a92f8f5111a31145080a53d72fd48ca6d90fabb38d7bcb2dca4dc
SHA512

d4075a87d2df5eb904f9b906784a676d9cb4be6d412f9de5b2ac9a5d9d8c71e2be2c109074730e713384aa251da27d64d24ad9c80d2b1f3cce0b9d1938085da3
SSDEEP

6144:ECoMR3uokeOvHS1d1+CNs8wbiWQB9/vZJT3CqbMrhryf65NRPaCieMjAkvCJv1VM:9oMR3uokeOvHS1d1+CNs8wbiWQB9/vZv

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
7	camo.githubusercontent.com
21	camo.githubusercontent.com
22	camo.githubusercontent.com
23	camo.githubusercontent.com

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
1	ip-api.com

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\Setup\Scripts\ErrorHandler.cmd	compiler.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	compiler.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	compiler.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133711674071999195"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Version = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Generic"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000c0b0332aefe4da0140c85512f4e4da01565c8a690f0adb0114000000	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	chrome.exe

NTFS ADS 4 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Software.zip:Zone.Identifier	chrome.exe
File created	C:\Users\Admin\AppData\Local\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\lua51.dll\:Zone.Identifier:$DATA	compiler.exe
File created	C:\Users\Admin\AppData\Local\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\ODA1.exe\:Zone.Identifier:$DATA	compiler.exe
File created	C:\Users\Admin\AppData\Local\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\conf.txt\:Zone.Identifier:$DATA	compiler.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
1256	schtasks.exe
4492	schtasks.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
904	OpenWith.exe
1836	chrome.exe
3416	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe

Suspicious use of FindShellTrayWindow 41 IoCs

pid	Process
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe

Suspicious use of SendNotifyMessage 16 IoCs

pid	Process
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe

Suspicious use of SetWindowsHookEx 30 IoCs

pid	Process
904	OpenWith.exe
904	OpenWith.exe
904	OpenWith.exe
904	OpenWith.exe
904	OpenWith.exe
904	OpenWith.exe
904	OpenWith.exe
904	OpenWith.exe
904	OpenWith.exe
904	OpenWith.exe
904	OpenWith.exe
904	OpenWith.exe
904	OpenWith.exe
904	OpenWith.exe
904	OpenWith.exe
904	OpenWith.exe
904	OpenWith.exe
904	OpenWith.exe
904	OpenWith.exe
904	OpenWith.exe
904	OpenWith.exe
904	OpenWith.exe
904	OpenWith.exe
904	OpenWith.exe
904	OpenWith.exe
904	OpenWith.exe
904	OpenWith.exe
1836	chrome.exe
3416	chrome.exe
3420	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2792 wrote to memory of 3756	2792	chrome.exe	86
PID 2792 wrote to memory of 3756	2792	chrome.exe	86
PID 2792 wrote to memory of 4768	2792	chrome.exe	87
PID 2792 wrote to memory of 4768	2792	chrome.exe	87
PID 2792 wrote to memory of 4768	2792	chrome.exe	87
PID 2792 wrote to memory of 4768	2792	chrome.exe	87
PID 2792 wrote to memory of 4768	2792	chrome.exe	87
PID 2792 wrote to memory of 4768	2792	chrome.exe	87
PID 2792 wrote to memory of 4768	2792	chrome.exe	87
PID 2792 wrote to memory of 4768	2792	chrome.exe	87
PID 2792 wrote to memory of 4768	2792	chrome.exe	87
PID 2792 wrote to memory of 4768	2792	chrome.exe	87
PID 2792 wrote to memory of 4768	2792	chrome.exe	87
PID 2792 wrote to memory of 4768	2792	chrome.exe	87
PID 2792 wrote to memory of 4768	2792	chrome.exe	87
PID 2792 wrote to memory of 4768	2792	chrome.exe	87
PID 2792 wrote to memory of 4768	2792	chrome.exe	87
PID 2792 wrote to memory of 4768	2792	chrome.exe	87
PID 2792 wrote to memory of 4768	2792	chrome.exe	87
PID 2792 wrote to memory of 4768	2792	chrome.exe	87
PID 2792 wrote to memory of 4768	2792	chrome.exe	87
PID 2792 wrote to memory of 4768	2792	chrome.exe	87
PID 2792 wrote to memory of 4768	2792	chrome.exe	87
PID 2792 wrote to memory of 4768	2792	chrome.exe	87
PID 2792 wrote to memory of 4768	2792	chrome.exe	87
PID 2792 wrote to memory of 4768	2792	chrome.exe	87
PID 2792 wrote to memory of 4768	2792	chrome.exe	87
PID 2792 wrote to memory of 4768	2792	chrome.exe	87
PID 2792 wrote to memory of 4768	2792	chrome.exe	87
PID 2792 wrote to memory of 4768	2792	chrome.exe	87
PID 2792 wrote to memory of 4768	2792	chrome.exe	87
PID 2792 wrote to memory of 4768	2792	chrome.exe	87
PID 2792 wrote to memory of 1792	2792	chrome.exe	88
PID 2792 wrote to memory of 1792	2792	chrome.exe	88
PID 2792 wrote to memory of 248	2792	chrome.exe	89
PID 2792 wrote to memory of 248	2792	chrome.exe	89
PID 2792 wrote to memory of 248	2792	chrome.exe	89
PID 2792 wrote to memory of 248	2792	chrome.exe	89
PID 2792 wrote to memory of 248	2792	chrome.exe	89
PID 2792 wrote to memory of 248	2792	chrome.exe	89
PID 2792 wrote to memory of 248	2792	chrome.exe	89
PID 2792 wrote to memory of 248	2792	chrome.exe	89
PID 2792 wrote to memory of 248	2792	chrome.exe	89
PID 2792 wrote to memory of 248	2792	chrome.exe	89
PID 2792 wrote to memory of 248	2792	chrome.exe	89
PID 2792 wrote to memory of 248	2792	chrome.exe	89
PID 2792 wrote to memory of 248	2792	chrome.exe	89
PID 2792 wrote to memory of 248	2792	chrome.exe	89
PID 2792 wrote to memory of 248	2792	chrome.exe	89
PID 2792 wrote to memory of 248	2792	chrome.exe	89
PID 2792 wrote to memory of 248	2792	chrome.exe	89
PID 2792 wrote to memory of 248	2792	chrome.exe	89
PID 2792 wrote to memory of 248	2792	chrome.exe	89
PID 2792 wrote to memory of 248	2792	chrome.exe	89
PID 2792 wrote to memory of 248	2792	chrome.exe	89
PID 2792 wrote to memory of 248	2792	chrome.exe	89
PID 2792 wrote to memory of 248	2792	chrome.exe	89
PID 2792 wrote to memory of 248	2792	chrome.exe	89
PID 2792 wrote to memory of 248	2792	chrome.exe	89
PID 2792 wrote to memory of 248	2792	chrome.exe	89
PID 2792 wrote to memory of 248	2792	chrome.exe	89
PID 2792 wrote to memory of 248	2792	chrome.exe	89
PID 2792 wrote to memory of 248	2792	chrome.exe	89
PID 2792 wrote to memory of 248	2792	chrome.exe	89

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Cryptic-Executor
1⤵
PID:1904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7fff3eb5cc40,0x7fff3eb5cc4c,0x7fff3eb5cc58
  2⤵
  PID:3756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1876,i,8895796983848052790,6501151947121477223,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1856 /prefetch:2
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2136,i,8895796983848052790,6501151947121477223,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  PID:1792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2224,i,8895796983848052790,6501151947121477223,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2192 /prefetch:8
  2⤵
  PID:248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,8895796983848052790,6501151947121477223,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3164,i,8895796983848052790,6501151947121477223,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:1196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4464,i,8895796983848052790,6501151947121477223,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4476 /prefetch:1
  2⤵
  PID:3272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4764,i,8895796983848052790,6501151947121477223,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4772 /prefetch:8
  2⤵
  PID:1884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4956,i,8895796983848052790,6501151947121477223,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4968 /prefetch:8
  2⤵
  PID:476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=228,i,8895796983848052790,6501151947121477223,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5056 /prefetch:8
  2⤵
  PID:2972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4680,i,8895796983848052790,6501151947121477223,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5024 /prefetch:8
  2⤵
  PID:1192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5096,i,8895796983848052790,6501151947121477223,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3552,i,8895796983848052790,6501151947121477223,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3364 /prefetch:8
  2⤵
  - NTFS ADS
  PID:3528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4896,i,8895796983848052790,6501151947121477223,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:2872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4396,i,8895796983848052790,6501151947121477223,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:1092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5636,i,8895796983848052790,6501151947121477223,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5676,i,8895796983848052790,6501151947121477223,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5436,i,8895796983848052790,6501151947121477223,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5812,i,8895796983848052790,6501151947121477223,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5916,i,8895796983848052790,6501151947121477223,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5912 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=4804,i,8895796983848052790,6501151947121477223,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5500,i,8895796983848052790,6501151947121477223,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3556 /prefetch:8
  2⤵
  PID:2824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4284,i,8895796983848052790,6501151947121477223,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6140 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:1836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5372,i,8895796983848052790,6501151947121477223,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4924 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:3416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5936,i,8895796983848052790,6501151947121477223,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5552 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:3420

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2560

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4564

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3780

C:\Users\Admin\Downloads\Software\compiler.exe
"C:\Users\Admin\Downloads\Software\compiler.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1504

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Software\Launcher.bat" "
1⤵
PID:1328
- C:\Users\Admin\Downloads\Software\compiler.exe
  compiler.exe conf.txt
  2⤵
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - NTFS ADS
  PID:476
- - C:\Windows\SysWOW64\schtasks.exe
    schtasks /create /sc daily /st 14:10 /f /tn BackupSyncTask_ODA1 /tr ""C:\Users\Admin\AppData\Local\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\ODA1.exe" "C:\Users\Admin\AppData\Local\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\conf.txt""
    3⤵
    - System Location Discovery: System Language Discovery
    - Scheduled Task/Job: Scheduled Task
    PID:1256
- - C:\Windows\SysWOW64\schtasks.exe
    schtasks /create /sc daily /st 14:10 /f /tn Setup /tr "C:/Windows/System32/oobe/Setup.exe" /rl highest
    3⤵
    - System Location Discovery: System Language Discovery
    - Scheduled Task/Job: Scheduled Task
    PID:4492

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:904

C:\Users\Admin\Downloads\Software\compiler.exe
"C:\Users\Admin\Downloads\Software\compiler.exe"
1⤵
PID:4764

C:\Users\Admin\Downloads\Software\compiler.exe
"C:\Users\Admin\Downloads\Software\compiler.exe"
1⤵
PID:3676

C:\Users\Admin\Downloads\Software\compiler.exe
"C:\Users\Admin\Downloads\Software\compiler.exe"
1⤵
PID:2760

C:\Users\Admin\Downloads\Software\compiler.exe
"C:\Users\Admin\Downloads\Software\compiler.exe"
1⤵
PID:4460

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
ca25372312eabe944afa8c0700aef748

SHA1
5ddec43941da208d20b75c5b57a105b45c4550aa

SHA256
92d22c51c1113c3989c15288c909996ee09ddcb591b9224d81df31cb03c4c73c

SHA512
589fafe562bff43d996ad371c7250c480faf8532806ade2d90efc609641a18f758969195a43414827708f2e000eff3fc8dde59b40ee65272a8e1b187f8a29682

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

Filesize
27KB

MD5
6b5c5bc3ac6e12eaa80c654e675f72df

SHA1
9e7124ce24650bc44dc734b5dc4356a245763845

SHA256
d1d3f1ebec67cc7dc38ae8a3d46a48f76f39755bf7d78eb1d5f20e0608c40b81

SHA512
66bd618ca40261040b17d36e6ad6611d8180984fd7120ccda0dfe26d18b786dbf018a93576ebafe00d3ce86d1476589c7af314d1d608b843e502cb481a561348

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d6c8ad4bc2f64af85631b0fdffdb6f00

SHA1
531698984695f5025bf5e19a9d869c798d33a50b

SHA256
17510b5b7245e154c922b4e5a642c1f46674d507db521e3368defd14bcc32203

SHA512
81a8b12a6028004957d31827d6e4cb44bba75eb7f95aecc3f4d4fd25fe87895688d6171a1f08a0b58d77ac7c325025cd0eb579519a34db6afd61401e4ecc9e3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ead89afd1a09a3ff70488e150d44db3a

SHA1
46fe5cbe4a6943e9114373313d022110803364e8

SHA256
67a65a8370d8ab3cddf417898eb71c9e137d03afa723399a35089f2d5b7753f5

SHA512
25b20f900282d4672b5927c289446382c613210bbab235ba4fae3c5981baab0636ec6e4104c511b16f7163955b34eec45707e5efabfc2bd66a8d46681d16a81a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
543e8059ae6114c058e0fa1102297a8c

SHA1
c68a3b789e736f71ffd1ddbe30659d00850225fd

SHA256
e79a47718d2398ac57ddceaabe5f6f3da03f355beff6cd59fb33afc2edc6fee1

SHA512
28ac31c479acddf33d1248d099b5429250e53281e5b93920de1ecb7baf314563ff1e0051f11a8f542b53bbc9a143eadf771a2a79e6991b18a58dd412dabee95d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
7e6cc46613193b3a8d0de5811614fc07

SHA1
99a7e251f1cd8cde1698dfc15b2656eba686fa1a

SHA256
d0c9f1ac200fba18b4b7a1bac73da89746966f18d5fed9321455ff137cd6ba0f

SHA512
535523485b7ad5183018925047c7e14e2cb3de80831c5d0a95ca16f64786b6c177fbfb633f007f9929220c0852e4024363e7d794069581a30687bcce01101f42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f08a3d0bdff81646ff42e7ac4758c0c1

SHA1
4c77db20c560814ccac467f16b70219753208f74

SHA256
fb608ef35d3abd105f134463b0831340eac9bb543b2fc35253da67626fba055f

SHA512
8aaa238c8184bb1e8226941f5b6b8155c18977eb0e833afd2708a620108830e48ed64332244d15128c728645fccf3fc938c453de85c6809ef317b2aa843c653d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5b32253f64616a508dff4238465dd6c9

SHA1
754b458ab4996dba027563e902028f63222494a1

SHA256
a0424650daf7b8a9fcd0304e12c722f022dae38b0448d764267923de955e6877

SHA512
2dee519dc113a47b106eb06b2f13fb042b8f130c42b68209576298b7f60bdaebfe923279ecfd46a6aa2fd781f71557b9b665cb30f25914988fe770ae7e19d2f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fd46e7591222451d6e03e88ee1992413

SHA1
e7e0cfb6e9c3832fad02b48a8f96e8af6301f6bf

SHA256
993ac58842836648cabc3ecc82a5df5b1ebd8dc11b8e025142c58a0b947570b7

SHA512
4abb1841a9bdd3c847d2fa693c152ecdffb35f164842ffb50ca38331994f5466c6b1f4e88b6aa6f789122e55e04c8d6ed8b359161d6aa1f0e6cbe36ccbe4986b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1864ac655f4f59b7f4783725eee1d611

SHA1
93042f66949edab222fe6fd962bc9f550824e2f4

SHA256
1a269c621ecbe199a2d5f3bc0f8269342889632e9fd1b54c6b72995d06b9caf4

SHA512
7a82e5e75a10a27f605a4ca0b2865ab14087d9fc4831cd4b775fc7256272101ff8d7812511347828c73a83dfcd4486c598e56f682dd6f9e88f91c6169ce9e940

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
352B

MD5
4855680f2fa2d5789269f08cf83aa5e4

SHA1
764a7fa428fcae71798d87eea09d7c15443ff88f

SHA256
326c328525df2d4ce5c224006aab9bd870f30fefd3aa6b25670b6bb4464102bb

SHA512
bbed255ece7cf5e641806a723bcfd92801048a18b02e5702ba556b338c81bef8a42ee2f3d48e2de998dca92f03799935785736e1e03f3a5bb6c4c06c1045ec61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8ee35ee6c6a33517d1ffae45e16ac34c

SHA1
bbe5412ca3af5747c3b1ebed2ac9947bf9bb7776

SHA256
a1f39699d5979e14a785d0549a59a89fbe079bb456b1d7f9f134db4a1096425c

SHA512
bb013c735d174d436a86709226b3f4a38c1c717132862e05e320474136c4aa178ad85b0018f0b4928509d696249a4715ef3d592faecc75397710a557cbe6ac2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d2e9643fcd5efa81b2b24667aa35117d

SHA1
61cb67ad446fec5d98e1584ab8b90fad2c472874

SHA256
d03096cab959f37397385f88caa6cd15475a989aae097a946ad993cf6b9344ed

SHA512
370bbbc51ad533c8e9a663800b867af4f93a5bba512ec02889b4bbf7c984b0f9f902849a8b9e2c30fb0c8fa9adad3634bfca2cf33774c7e2f1e56d19edc95986

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4922e8c6a4685767c28436eb01bf52e5

SHA1
da71ab5de498e311698a527c9912a0cd7b07e502

SHA256
9b990cb5ab1f4b2d70b53f83c25ef953b059390b3a3b326a2ebb684b177b3bc6

SHA512
2687eb8bcf285699693fd43514db3794597f8e790d8348e08adf09bc43d592662793c438f56777ab6f68fa4d25d9e904480d27d67e6b23f523b5f9d1c20ff6f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
3d751929b2ee1b41de4f7c1770d17b93

SHA1
32a3cf710e699daf7782166aef4cfc3b8ba31785

SHA256
7d8dfe1507d49154a655d2b8f60aa824d25ac8c99e6651fd376de7e02b8d9b7a

SHA512
3ed7ca7d63cf5711799fa5b9412a54fbb81cb2d6ed3d309bc7940b3694b8627212e5a2cf33fadb1c95970360fc18c58152cd2f088e05e9d3208cf62dd5a244c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d8d89b79d4a58c4f07dbdc2b8473289e

SHA1
c06ea5edfff6c93c26000bcbcb6d801e5753e2b5

SHA256
24a8a074f8a7016223e84b9b7fb299252c8747dbd198d82e4520ac4957d40051

SHA512
71c74d26fdec034f610ba05cc677a60eebf6e1426dde3273f17074fea164bd25dfc177e7b24470f383475e5258dbfe566c4ef18bf3d14cd18a5149a5ccd99bd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8501a3d25644f5def34cbabb306d78fb

SHA1
1e74957df84b1e83361b84074187102242e7252c

SHA256
20b85396eb23a307decaedb4376716782f7544a7278fc14724e05991adf7dd11

SHA512
a36d2b935f8db1bf5c85b55649c05bd5b409aacece31f8b9284088e04e37c6bfbaa1e6140c9d4252b0e90bf8e9adb9179f2366032da4b209300ca7bb8be13657

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
44e3685fd9df2fab968e012573236ed7

SHA1
11aa02fa9f45792b472f42739dae1a8cdb23a746

SHA256
4348db0db4977adc95b4586b94bca5ae72360c902cff384f22b68f18dcdb02e7

SHA512
a83c3c5a4c46ad710645091f8850a6845904b6ec056b9e808b5dc6d3c6cc285d69a71c5a378eec917d0b8d98395439f33e4739ef6cf9f4b27ae035be75141d13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
5d932dd82f935efcdc6c0139f893f476

SHA1
5112194f4b7c675c476f78de4b590024bb5826c0

SHA256
aad4b8c2731413017edc341770c79add03a7e09b7d0c8c79995c240c6857aa3e

SHA512
ebdb9208d8073bf2d8030c0480c57136f972afc54ced4a65e01de3fce3b05f0ff6ba2c007106716a41779be2185f01b902d1424f6adbf5c9aeab3b4e2ae28ad9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
072f6196bf18d40e85b3932a55727dde

SHA1
4674a10cbe4d4e598cb274b199b25e763bf9ab7b

SHA256
63192ecc6887435560a9d106c57746acd67f3bd4d6e67762e410a0bf56854172

SHA512
5addd11005eb4c34c312591e1bb418ce6a562d2ba9ef5a510be7c54d0ff7b5af190aad73e9325f750b70d278e1bd47407afe0c14e33cb1a23b49c2be909d31c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e397d3737be4508d9cb08492caa38332

SHA1
4b508118d9658df07cbc401f01f106abc4813ab2

SHA256
e3c0cd458d459cb2eda8e5804479c966c0216fd97800ec5442ffb38ed227bd50

SHA512
b7e801b8d641c72ac5eb759c674fc4cc4dfe3897f77f5d04bee04389e2ac5d1331d21ad079b2a64617cca102612252254bb73d55d44b9f2212b682557fe2587e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
32dd09550f7b061c64b983047a790ab2

SHA1
6563fb3fc1b79a0c64bfbecdfc294beb261c333a

SHA256
775e06c204c5921300aef6ecbb16480684fca586fa07bf6fbd7b590f1c030a87

SHA512
b3baa949564bbd728d4c2579118b9f98e10de11ed31e1f53693ca623c7b20c997b2309f3fdcd15bb533a0cd5abdd1c79c432ea741ff785716b0df206073064d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
541e294100cd8e7bd9eafb54d5db4973

SHA1
9efcee09ce674454df2af07999cddfb129523c6c

SHA256
fc0587e1da75e2b9f8583b0fcb054b1c3d4e7b0afee96005ca519e44b8c1fe2e

SHA512
96e70328e055c2b13f9b5e4af19736d9529bbc8543a4e77da85a949a9a4f5d221b82e0375b12d938645cae7c1b0b6681c8766be05caa0533a84870049ee699f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
26c181b5394a1144e9fcab7f832bc085

SHA1
4bc60d8134ac41caaef9c747ebaf93bf1a63e12d

SHA256
cf6e7479eae21f33f46a7b5a220855fd384d4f532f59201d4b7d7c8256c0febd

SHA512
144b285fc1356396d6a57249f10b9852899939d0b001aa274644f90e9547a27b235078bb19d577ee4b660099cc2e1432f457fa84d1493eac42d75dd7398cd720

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
65a2b8d0823c94fa413301599d027735

SHA1
f622dbbc713d044340c57605bfa1b5da47d06622

SHA256
1959925e6e9b181b81a9e34fc1e6d590b3391b1839dd0d491194cce8bf9dd613

SHA512
ec66ac5cd0d742e514597c004517794c771611b4a9c57bdeea52f4ebd4af68594bd6051b7d6d0da947d52e513febec6a9e8acb590632b34a3d5998c2bede162d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
343897bab5910cde8b4503e3764ae0b8

SHA1
f278e658c06c67387964a17ed4664285fe33921f

SHA256
befed01ddfdb719e0efa2202fdff64a013a89d5baeca3b2a793976373f925062

SHA512
7dac73ff7cba9ec60565cb47107ce45e39be5722d19521cc19af9794777ea7dc733e9cc42b1b8cf94c9844c3f030be26403976f29471cd43b7ab3636eaaa93bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
210KB

MD5
f6a21200cce7ac74e9056ebb83dbeeb0

SHA1
3ee35f3d0d8d82b2a94738d7fd724e39962b83e4

SHA256
e2522c21f1d3dd9151cf505151586523f95bf8463a0fb442b0a07fd74dc79573

SHA512
24e3197ce74a525658411cf5f41d871a542f9788b146dc9ad066114b0d3a437ecb97045131978b5dba5cdc6d506ff557ecb6e578ed981bd8bdaabca9ca98e06d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
210KB

MD5
2144726d77a35b6c4c8d7bca61ff5720

SHA1
555858a03f365de9c3e0722a43bd40bd6cf2c4f5

SHA256
22239bcbe00a010f2479e941d2b4f9e52c07ed48af351237b3356ac7438cd0a6

SHA512
4a71e7541b14b1ebc881aaaac1b24c3eb9c3eb6e232e49031318fa9a1ef3ce3f028e1775e405bae6820f262b4fe4dbbd7eff978cfaff0fa0ce6ace9b66048b6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
210KB

MD5
5457be3a2a0aa030265a81c3b1601510

SHA1
407bc4b78b8bbfbbf5bcab7f29b61fa81ccfcb27

SHA256
ee2f2469d1d84f0ad700d22349f602e07eec7afcc4e98a1b60179daf2a423df1

SHA512
af408c39f60f2a93acfc187919090373bf47c4024b8d527c28ec1c176a8b38a08e99e17ef9807f3e8e361e8e1ce1ef23422c5567297f8bf19233d3a1c248badf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
210KB

MD5
48b667cfded8ccc534a1a00ac7948965

SHA1
182df921164dd1fdde372f0e193f8a7c1e762622

SHA256
16c0321c457edd5ed51d49dbd45c4dc70592cc11055010ef9bf0bf68088284ac

SHA512
27c39d2488a478b9e1934c7389d6fe8db3f1d737fc4284b2cac8340d9334aaca7ba6d911d382d433f3fb829724602c9b44694ac22f6bc4db57b600ef715aac23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
9da53e07438890d14c7b73f670126f05

SHA1
7f19559c6c82d4e24c32254e325dae03fe79fa76

SHA256
afde93656bcf009edab1f9f3e9952823028ed4cb76ed96231e8354ca55559028

SHA512
1580406b0ac02d536bd9d49f94087f813019612cc7ad10669f18fff02c076fbe070040186e8bd387e4f933619e30d07743c3970c1fa29dfd537c3af5cefdfb8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
210KB

MD5
95f5bc7d6faf1fd9fd5ddd304479d997

SHA1
6e533843475f04de75e8abc70ad2bc738a9a9b52

SHA256
b4325d657c543f17b2c9f182a9c5ab1aa40a49dbb267b2ccf3309bffbc2f9f1b

SHA512
6f1ff00c4e68edb63fb456cef6219d7648907c9ee61aed50b52a3db0dd0aba979da5d85e6660173f9741a22fdfd89b6e610acf5eeaf2627dcca4ff358be20fed

Download Submit
C:\Users\Admin\Downloads\Software.zip

Filesize
436KB

MD5
76729b9161b4d9793058c34d9eb5f3c2

SHA1
ab8f05cec0087d79621580c698c3d1cb39f4465a

SHA256
9f2275456aa10c7ec0c170d3517d19b92facd9170c1cfa775182918121a92f7e

SHA512
5d7080e78d1392d43ebad6b3bff1aaa91457edbaba86a856f5e1b783359347684da1200efdd7f9aefff5e2399f6c22b2b5c2aadcf469846f1fccddbf73c6765b

Download Submit
C:\Users\Admin\Downloads\Software.zip:Zone.Identifier

Filesize
589B

MD5
acba3ebab65f059dd29bb70cdc3d4d2c

SHA1
bd7b499c1c3baaad219b9a544a2b0d52469f5e95

SHA256
7b55774ffb19cfe44fb3039570e184cbb2140a716837b5e71e350959798b3f35

SHA512
f7d26ae1b18597ee959523e5fd2246d0716c78a0259445060e26d55e56a6e346918c808c995d59f6a6398c84c6bb5a36ce688542116e1f1da9e2f54d9318f9a1

Download Submit
memory/476-351-0x000000007FD00000-0x000000007FD10000-memory.dmp

Filesize
64KB

Download
memory/476-376-0x000000007FD00000-0x000000007FD10000-memory.dmp

Filesize
64KB

Download
memory/476-363-0x000000007FD00000-0x000000007FD10000-memory.dmp

Filesize
64KB

Download
memory/476-361-0x000000007FD00000-0x000000007FD10000-memory.dmp

Filesize
64KB

Download
memory/476-360-0x000000007FD00000-0x000000007FD10000-memory.dmp

Filesize
64KB

Download
memory/476-359-0x000000007FD00000-0x000000007FD10000-memory.dmp

Filesize
64KB

Download
memory/476-358-0x000000007FD00000-0x000000007FD10000-memory.dmp

Filesize
64KB

Download
memory/476-357-0x000000007FD00000-0x000000007FD10000-memory.dmp

Filesize
64KB

Download
memory/476-356-0x000000007FD00000-0x000000007FD10000-memory.dmp

Filesize
64KB

Download
memory/476-355-0x000000007FD00000-0x000000007FD10000-memory.dmp

Filesize
64KB

Download
memory/476-354-0x000000007FD00000-0x000000007FD10000-memory.dmp

Filesize
64KB

Download
memory/476-353-0x000000007FD00000-0x000000007FD10000-memory.dmp

Filesize
64KB

Download
memory/476-352-0x000000007FD00000-0x000000007FD10000-memory.dmp

Filesize
64KB

Download
memory/476-366-0x000000007FD00000-0x000000007FD10000-memory.dmp

Filesize
64KB

Download
memory/476-350-0x000000007FD00000-0x000000007FD10000-memory.dmp

Filesize
64KB

Download
memory/476-349-0x000000007FD00000-0x000000007FD10000-memory.dmp

Filesize
64KB

Download
memory/476-348-0x000000007FD00000-0x000000007FD10000-memory.dmp

Filesize
64KB

Download
memory/476-347-0x000000007FD00000-0x000000007FD10000-memory.dmp

Filesize
64KB

Download
memory/476-346-0x000000007FD00000-0x000000007FD10000-memory.dmp

Filesize
64KB

Download
memory/476-345-0x000000007FD00000-0x000000007FD10000-memory.dmp

Filesize
64KB

Download
memory/476-344-0x000000007FD00000-0x000000007FD10000-memory.dmp

Filesize
64KB

Download
memory/476-343-0x000000007FD00000-0x000000007FD10000-memory.dmp

Filesize
64KB

Download
memory/476-342-0x000000007FD00000-0x000000007FD10000-memory.dmp

Filesize
64KB

Download
memory/476-341-0x000000007FD00000-0x000000007FD10000-memory.dmp

Filesize
64KB

Download
memory/476-340-0x000000007FD00000-0x000000007FD10000-memory.dmp

Filesize
64KB

Download
memory/476-339-0x000000007FD00000-0x000000007FD10000-memory.dmp

Filesize
64KB

Download
memory/476-338-0x000000007FD00000-0x000000007FD10000-memory.dmp

Filesize
64KB

Download
memory/476-337-0x000000007FD00000-0x000000007FD10000-memory.dmp

Filesize
64KB

Download
memory/476-336-0x000000007FD00000-0x000000007FD10000-memory.dmp

Filesize
64KB

Download
memory/476-335-0x000000007FD00000-0x000000007FD10000-memory.dmp

Filesize
64KB

Download
memory/476-333-0x000000007FD00000-0x000000007FD10000-memory.dmp

Filesize
64KB

Download
memory/476-332-0x000000007FD00000-0x000000007FD10000-memory.dmp

Filesize
64KB

Download
memory/476-331-0x000000007FD00000-0x000000007FD10000-memory.dmp

Filesize
64KB

Download
memory/476-330-0x000000007FD00000-0x000000007FD10000-memory.dmp

Filesize
64KB

Download
memory/476-374-0x000000007FD00000-0x000000007FD10000-memory.dmp

Filesize
64KB

Download
memory/476-364-0x000000007FD00000-0x000000007FD10000-memory.dmp

Filesize
64KB

Download
memory/476-371-0x000000007FD00000-0x000000007FD10000-memory.dmp

Filesize
64KB

Download
memory/476-365-0x000000007FD00000-0x000000007FD10000-memory.dmp

Filesize
64KB

Download
memory/476-362-0x000000007FD00000-0x000000007FD10000-memory.dmp

Filesize
64KB

Download
memory/476-328-0x000000007FD00000-0x000000007FD10000-memory.dmp

Filesize
64KB

Download
memory/476-327-0x000000007FD00000-0x000000007FD10000-memory.dmp

Filesize
64KB

Download
memory/476-319-0x000000007FD00000-0x000000007FD10000-memory.dmp

Filesize
64KB

Download
memory/476-318-0x000000007FD00000-0x000000007FD10000-memory.dmp

Filesize
64KB

Download
memory/476-317-0x000000007FD00000-0x000000007FD10000-memory.dmp

Filesize
64KB

Download
memory/476-315-0x000000007FD00000-0x000000007FD10000-memory.dmp

Filesize
64KB

Download
memory/476-316-0x000000007FD00000-0x000000007FD10000-memory.dmp

Filesize
64KB

Download
memory/476-434-0x0000000000B30000-0x0000000000B31000-memory.dmp

Filesize
4KB

Download
memory/476-435-0x00000000028D0000-0x00000000028D1000-memory.dmp

Filesize
4KB

Download
memory/476-367-0x000000007FD00000-0x000000007FD10000-memory.dmp

Filesize
64KB

Download
memory/476-368-0x000000007FD00000-0x000000007FD10000-memory.dmp

Filesize
64KB

Download
memory/476-370-0x000000007FD00000-0x000000007FD10000-memory.dmp

Filesize
64KB

Download
memory/476-369-0x000000007FD00000-0x000000007FD10000-memory.dmp

Filesize
64KB

Download
memory/476-372-0x000000007FD00000-0x000000007FD10000-memory.dmp

Filesize
64KB

Download
memory/476-373-0x000000007FD00000-0x000000007FD10000-memory.dmp

Filesize
64KB

Download
memory/476-375-0x000000007FD00000-0x000000007FD10000-memory.dmp

Filesize
64KB

Download
memory/476-392-0x0000000000B30000-0x0000000000B31000-memory.dmp

Filesize
4KB

Download
memory/476-393-0x0000000000B30000-0x0000000000B31000-memory.dmp

Filesize
4KB

Download
memory/476-394-0x0000000000FE0000-0x0000000000FE1000-memory.dmp

Filesize
4KB

Download
memory/476-377-0x000000007FD00000-0x000000007FD10000-memory.dmp

Filesize
64KB

Download
memory/476-378-0x000000007FD00000-0x000000007FD10000-memory.dmp

Filesize
64KB

Download
memory/476-334-0x000000007FD00000-0x000000007FD10000-memory.dmp

Filesize
64KB

Download
memory/476-329-0x000000007FD00000-0x000000007FD10000-memory.dmp

Filesize
64KB

Download
memory/476-320-0x000000007FD00000-0x000000007FD10000-memory.dmp

Filesize
64KB

Download
memory/476-321-0x000000007FD00000-0x000000007FD10000-memory.dmp

Filesize
64KB

Download
memory/476-322-0x000000007FD00000-0x000000007FD10000-memory.dmp

Filesize
64KB

Download
memory/476-323-0x000000007FD00000-0x000000007FD10000-memory.dmp

Filesize
64KB

Download
memory/476-324-0x000000007FD00000-0x000000007FD10000-memory.dmp

Filesize
64KB

Download
memory/476-325-0x000000007FD00000-0x000000007FD10000-memory.dmp

Filesize
64KB

Download
memory/476-326-0x000000007FD00000-0x000000007FD10000-memory.dmp

Filesize
64KB

Download