Malware Analysis Report

2024-11-30 19:33

Sample ID 240923-a6ybzs1fmk
Target Mercurial.exe
SHA256 890fd59af3370e2ce12e0d11916d1ad4ee9b9c267c434347dbed11e9572e8645
Tags
agilenet discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

890fd59af3370e2ce12e0d11916d1ad4ee9b9c267c434347dbed11e9572e8645

Threat Level: Shows suspicious behavior

The file Mercurial.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

agilenet discovery

Obfuscated with Agile.Net obfuscator

Legitimate hosting services abused for malware hosting/C2

Unsigned PE

System Location Discovery: System Language Discovery

Browser Information Discovery

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-23 00:50

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-23 00:50

Reported

2024-09-23 00:52

Platform

win7-20240729-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Mercurial.exe"

Signatures

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A

Browser Information Discovery

discovery

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Mercurial.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Mercurial.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Mercurial.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2580 wrote to memory of 2620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2580 wrote to memory of 2620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2580 wrote to memory of 2620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2580 wrote to memory of 1384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2580 wrote to memory of 1384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2580 wrote to memory of 1384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2580 wrote to memory of 1384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2580 wrote to memory of 1384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2580 wrote to memory of 1384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2580 wrote to memory of 1384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2580 wrote to memory of 1384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2580 wrote to memory of 1384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2580 wrote to memory of 1384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2580 wrote to memory of 1384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2580 wrote to memory of 1384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2580 wrote to memory of 1384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2580 wrote to memory of 1384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2580 wrote to memory of 1384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2580 wrote to memory of 1384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2580 wrote to memory of 1384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2580 wrote to memory of 1384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2580 wrote to memory of 1384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2580 wrote to memory of 1384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2580 wrote to memory of 1384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2580 wrote to memory of 1384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2580 wrote to memory of 1384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2580 wrote to memory of 1384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2580 wrote to memory of 1384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2580 wrote to memory of 1384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2580 wrote to memory of 1384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2580 wrote to memory of 1384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2580 wrote to memory of 1384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2580 wrote to memory of 1384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2580 wrote to memory of 1384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2580 wrote to memory of 1384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2580 wrote to memory of 1384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2580 wrote to memory of 1384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2580 wrote to memory of 1384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2580 wrote to memory of 1384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2580 wrote to memory of 1384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2580 wrote to memory of 1384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2580 wrote to memory of 1384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2580 wrote to memory of 1684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2580 wrote to memory of 1684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2580 wrote to memory of 1684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2580 wrote to memory of 1644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2580 wrote to memory of 1644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2580 wrote to memory of 1644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2580 wrote to memory of 1644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2580 wrote to memory of 1644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2580 wrote to memory of 1644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2580 wrote to memory of 1644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2580 wrote to memory of 1644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2580 wrote to memory of 1644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2580 wrote to memory of 1644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2580 wrote to memory of 1644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2580 wrote to memory of 1644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2580 wrote to memory of 1644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2580 wrote to memory of 1644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2580 wrote to memory of 1644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2580 wrote to memory of 1644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2580 wrote to memory of 1644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2580 wrote to memory of 1644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2580 wrote to memory of 1644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Mercurial.exe

"C:\Users\Admin\AppData\Local\Temp\Mercurial.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef8099758,0x7fef8099768,0x7fef8099778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1112 --field-trial-handle=1308,i,3833839692083913814,7956508871231808378,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1532 --field-trial-handle=1308,i,3833839692083913814,7956508871231808378,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1620 --field-trial-handle=1308,i,3833839692083913814,7956508871231808378,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2300 --field-trial-handle=1308,i,3833839692083913814,7956508871231808378,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2308 --field-trial-handle=1308,i,3833839692083913814,7956508871231808378,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2840 --field-trial-handle=1308,i,3833839692083913814,7956508871231808378,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1336 --field-trial-handle=1308,i,3833839692083913814,7956508871231808378,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef8099758,0x7fef8099768,0x7fef8099778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1136 --field-trial-handle=1368,i,2213677794433903426,7008135585264286484,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1532 --field-trial-handle=1368,i,2213677794433903426,7008135585264286484,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1624 --field-trial-handle=1368,i,2213677794433903426,7008135585264286484,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2056 --field-trial-handle=1368,i,2213677794433903426,7008135585264286484,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2328 --field-trial-handle=1368,i,2213677794433903426,7008135585264286484,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1384 --field-trial-handle=1368,i,2213677794433903426,7008135585264286484,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1244 --field-trial-handle=1368,i,2213677794433903426,7008135585264286484,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3656 --field-trial-handle=1368,i,2213677794433903426,7008135585264286484,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3972 --field-trial-handle=1368,i,2213677794433903426,7008135585264286484,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1872 --field-trial-handle=1368,i,2213677794433903426,7008135585264286484,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2984 --field-trial-handle=1368,i,2213677794433903426,7008135585264286484,131072 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
GB 216.58.204.68:443 www.google.com tcp
GB 216.58.204.68:443 www.google.com udp
N/A 224.0.0.251:5353 udp
GB 216.58.204.68:443 www.google.com udp
GB 216.58.204.68:443 www.google.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.201.106:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
GB 142.250.180.10:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.238:443 play.google.com tcp
US 8.8.8.8:53 consent.google.com udp
GB 142.250.180.14:443 consent.google.com tcp
US 8.8.8.8:53 discord.com udp
N/A 162.159.137.232:443 tcp
N/A 162.159.137.232:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 104.18.160.117:443 tcp
N/A 104.22.21.64:443 tcp
N/A 216.58.204.74:443 tcp
N/A 172.217.16.234:443 tcp

Files

memory/2848-0-0x0000000074D5E000-0x0000000074D5F000-memory.dmp

memory/2848-1-0x0000000000290000-0x00000000005CA000-memory.dmp

memory/2848-2-0x00000000008E0000-0x00000000008FC000-memory.dmp

memory/2848-3-0x0000000000950000-0x0000000000970000-memory.dmp

memory/2848-4-0x0000000002170000-0x0000000002190000-memory.dmp

memory/2848-5-0x0000000074D50000-0x000000007543E000-memory.dmp

memory/2848-6-0x0000000004300000-0x0000000004310000-memory.dmp

memory/2848-7-0x0000000004320000-0x0000000004334000-memory.dmp

memory/2848-8-0x0000000004980000-0x00000000049EE000-memory.dmp

memory/2848-9-0x0000000004330000-0x000000000434E000-memory.dmp

memory/2848-10-0x0000000004A10000-0x0000000004A46000-memory.dmp

memory/2848-12-0x0000000004A70000-0x0000000004A7E000-memory.dmp

memory/2848-11-0x0000000004A60000-0x0000000004A6E000-memory.dmp

memory/2848-13-0x0000000005050000-0x000000000519A000-memory.dmp

memory/2848-14-0x00000000051A0000-0x00000000052B6000-memory.dmp

memory/2848-15-0x0000000004A90000-0x0000000004AC0000-memory.dmp

memory/2848-16-0x0000000074D50000-0x000000007543E000-memory.dmp

memory/2848-17-0x00000000057C0000-0x00000000057C8000-memory.dmp

memory/2848-18-0x0000000074D50000-0x000000007543E000-memory.dmp

memory/2848-19-0x0000000074D50000-0x000000007543E000-memory.dmp

memory/2848-20-0x0000000074D5E000-0x0000000074D5F000-memory.dmp

memory/2848-21-0x0000000074D50000-0x000000007543E000-memory.dmp

memory/2848-22-0x0000000074D50000-0x000000007543E000-memory.dmp

memory/2848-23-0x0000000074D50000-0x000000007543E000-memory.dmp

memory/2848-24-0x0000000074D50000-0x000000007543E000-memory.dmp

\??\pipe\crashpad_2580_JUEBWDHTPIVWLKTO

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\8579d67c-a5db-4a58-900d-fd3bb9ca24b2.tmp

MD5 cc2c56505c25c3334d889baa2ae3f1d6
SHA1 7e21e901fd215b7c0b80e1701032ed933c1fd524
SHA256 eed3b2d143e6ac40c8a3db7583090c39103724edd764d3883ab3661b12c67442
SHA512 2490f88812cff332fee55ffada499576d1b40d07788d85ea7bf3c50eb187fc3a5c9a4f036c94805bc34016223d2abfdd480163b2cac1be673cf2ee74280726ab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 4af14b992d16a9097ddb4009c70b96b9
SHA1 2606b4a060c324c2048ea8d54374d4f2402886eb
SHA256 6ed45c34d54bb5f6e8b2a14aeb78406c243ca3d5eecd7a00089957e8c98dc7ce
SHA512 3d7642f60e8a54040b80872747cd6f37017c77ad3ec3f4370fe5641f8a0b76ffbf59f6592f9851d35ee192789b525e2e20d9cabb4c52f00cc08ea3bd94fa8987

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 bc6142469cd7dadf107be9ad87ea4753
SHA1 72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c
SHA256 b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557
SHA512 47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 26e2fc320e828f582a5e5f7e121cff12
SHA1 676f1013a0a8a9a518fbe2872ab5c2cdbdecee43
SHA256 f068eca9c2cf6baa4aadace046be8aebccd2840e75dd02ed591bcc35655de3e6
SHA512 f40694967946225964672edc397f1c7948997166439101e70a6a4006c6a911bcf4edbbc19e7194a19c057073cc7ea96ab7efd84e5f8b287eda1d5d0a1a19e0f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

MD5 9eae63c7a967fc314dd311d9f46a45b7
SHA1 caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf
SHA256 4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d
SHA512 bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000008.ldb

MD5 e6305367badace56469a80ee5699626a
SHA1 43c630767f2e7b53541f007d12fc152bb0dd6b42
SHA256 c6bb8753b375eb83740a84710049bc0bdf3c9a16aa79089976b97c8e844378fc
SHA512 368a6ffbbe92d1ae144e140f3e9202116905656d295e95fec8032861b4dd7618df29c9c520981078a9cee35e73f22a204f39e531abcb6bec5cbabb46c420d0a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\MANIFEST-000007

MD5 22b937965712bdbc90f3c4e5cd2a8950
SHA1 25a5df32156e12134996410c5f7d9e59b1d6c155
SHA256 cad3bbec41899ea5205612fc1494fa7ba88847fb75437a2def22211a4003e2eb
SHA512 931427ad4609ab4ca12b2ee852d4965680f58602b00c182a2d340acf3163d888be6cfad87ca089f2b47929ddfa66be03ab13a6d24922397334d6997d4c8ede3b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000007

MD5 03d881fc5a4ab4013bd1b30988abb179
SHA1 9ad861569715575d7b676e5683b14dd3cffec304
SHA256 5da7b30f55f920166ad821f532fb95bd11546bf63a228fc41357aa122fcaf5e8
SHA512 29ab8ac2c642a83086266f88ffde8d71c96cd0d98812fac526e0a0adc58d8bc7f99760ad19a71cc38c3ef5edb9ab9d642ef6b665bf4ce336260b0171411e26f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

MD5 710b79761e43b83ed2dd5cecdcfe639f
SHA1 94db27f4eba2a61ab9d806fa243cdc3ce95276ae
SHA256 0a7511a902643afc5b30479f6b68c2d8d0dfacde08edc2cccfda4fbe9aa88cab
SHA512 7fad4e48605445147fa9ea7ba50918e4869dfacc5df1227569e6c2ba88e63636fa04be8da36889522019f83e71d3a8399b36eb6aaebb10bff2799d6f0b61d1da

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

MD5 8ecfd9d109f20a2ded5cccdefb6bb2a9
SHA1 1e1f6097cc0462ad014772b5204d2c9cba4b7593
SHA256 b6df016019c16e97647acd951ee1bf2006907af9b8cc91a83d0f9eb87193eccf
SHA512 29fa68b2dca50a23e8e4756fcc726bfa706bacd64e3e4ccba97bb79411411c4ac15f08268923d11e94bb3fca9b24bd31f20e78d3be26d19599ca3ba2ee72d08c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000008.ldb

MD5 fc8d5f0989715dee8e92ea9bdf34e0fb
SHA1 c6014a3dd57e3bdfa88691b24939c2ce266ee2b9
SHA256 670a79d76d84e6818d5fd3894988fc7b00de89c5476d5a1c9176205ff9267d25
SHA512 e8e57568c57f02a572c67096410093e8590a671c6743111b08d9949f6c94b5b2d69cb8f9bf5f4810005dfe1e22ba2a2c2f95e0c88d295e6358607a627d09924d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000007

MD5 b6d5d86412551e2d21c97af6f00d20c3
SHA1 543302ae0c758954e222399987bb5e364be89029
SHA256 e0b2fdc217d9c571a35f41c21ed2596309f3f00a7297a8d1ded05f54f0e68191
SHA512 5b56ae73a61add9e26f77d95c9b823f82a7fcdc75eed64b388fb4967f5c6c42cb0796b0b99dc25c89f38952786176c10d173dec7862a8a5ce5f820280f72d665

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

MD5 c57fcc4742066ff4245177947ce0e2c8
SHA1 42ff09c52a4cadc2205a0d2249510215ec8a5167
SHA256 88a44ebea478488ab142f84ec5c442c42fff1e7f9b05ec3755105698efd22de9
SHA512 27a79cdc07681b5db4e1dbfbe520c3b5d43a6157b59d6075299b61c3897de45debe4d8d886fe385b2a9b314bcf8f21111c93d1779755778dc6688110cd60d3dd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000008.ldb

MD5 b4b7ff7a0f55a4a81d64fa7cda49a69f
SHA1 6e84c603c5ff114720158ea706c73d3b07860a51
SHA256 fb8ea9bb70ab539e529f5f049d59071baebc715d3799c0a9de5f9a9a4b964141
SHA512 f25866823e7852b3ece046328e9ab7d2233557102ae4293871a8a1968e2494be0d629e9bc69f8c35e4171308f7c83120f30aff4035f611cb0cbeb477d218e43e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000010.dbtmp

MD5 60e3f691077715586b918375dd23c6b0
SHA1 476d3eab15649c40c6aebfb6ac2366db50283d1b
SHA256 e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee
SHA512 d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

MD5 b11a1ae972a2b9f5f66b5023c26aabe5
SHA1 6816e66a8f513763112400b10b83186c50a8883f
SHA256 e388c241c71527bd80dc3b3cf8a7d0ee43434402ce677ed9e1ef97cbf2d387cc
SHA512 4a5014ff734565f62ab7b4511eb6689cd1e2013c34bfc5f8206273704e1a455cbac28b678d91080754d2ae96b07eabc3ed838526cd947ec2dde4878c31506fb5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000009.dbtmp

MD5 979c29c2917bed63ccf520ece1d18cda
SHA1 65cd81cdce0be04c74222b54d0881d3fdfe4736c
SHA256 b3524365a633ee6d1fa9953638d2867946c515218c497a5ec2dbef7dc44a7c53
SHA512 e38f694fd6ab9f678ae156528230d7a8bfb7b59a13b227f59f9c38ab5617db11ebb6be1276323a905d09c4066a3fe820cf58077ab48bf201f3c467a98516ee7a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

MD5 7b83c7731bc630f3b58c71402f444410
SHA1 ee66ee76ab63780b06ba2be57c01e533513a87a2
SHA256 c384092b7dba0e05f264a0d7c25ca263918cbdb2cfd592a47e320a10e628ce14
SHA512 93224acd4ab7ab3f3190485439314bcf3d0d67e4ae5d5ed47cf952b463302ab876181007c36de090369d0595ff12257cbf37e88fc4da7b8ff2f7c75c1a124241

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000009.log

MD5 e9c694b34731bf91073cf432768a9c44
SHA1 861f5a99ad9ef017106ca6826efe42413cda1a0e
SHA256 01c766e2c0228436212045fa98d970a0ad1f1f73abaa6a26e97c6639a4950d85
SHA512 2a359571c4326559459c881cba4ff4fa9f312f6a7c2955b120b907430b700ea6fd42a48fbb3cc9f0ca2950d114df036d1bb3b0618d137a36ebaaa17092fe5f01

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000007

MD5 1be22f40a06c4e7348f4e7eaf40634a9
SHA1 8205ec74cd32ef63b1cc274181a74b95eedf86df
SHA256 45a28788cde0d2a0232d19c391eae45777fe640790ac0674d6daa5672c444691
SHA512 b8f6f42d375e3ad8015d744fa2814994fa6e588b41cce0131fca48194dd40146b08169a8ce0da350525ff32a59a16edb503c72e0f07254955c82a0d38074856e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000009.log

MD5 a2f36fd75efcba856d1371d330ed4751
SHA1 fb7c3dff0fa2b47c6f0026287d12d16d05d14d8b
SHA256 561fe33b81dac187686e9e50103590f3a857f4e1b9c8ada714d43964b938ea7f
SHA512 79ca96560a074fa678cfdc06007d0e1e01718831d18c4a800c5361b8ba8091b46acada47418a8d7be3b626d2d9af5cf346abcdd88166a9d1634f81157ab1ad6a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\MANIFEST-000007

MD5 61c22786fd625f0e68e668ce2f2f4069
SHA1 5e63f1ded1fbfcdb004da5f4bd9b9d3f41eeb0ce
SHA256 2c0248caa9603b6782ba43028b036445216782ceb6c3bc93f1105030f828e396
SHA512 7fd9cc680048d8e4730cd360836979d4f0f54666f9cea87018e0b6602ae707503a62b84bde1a701410694e434c26dc2faa85e7a2d54d989b6464f0161248febc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

MD5 1c5ba7bd061f10eded0a9de48b294368
SHA1 079f1fd7273754eed41276897f3bacfbeee26ab3
SHA256 8107d6e7ae4098c56da65321a871a51a4860c7d76a8c59ef01c531c3b8f11dfa
SHA512 33d547666869ad976d0490c68fe723cabd6440ffc23d4ab56a16a46689d5c24e66e815ba44493cd307542b7b9b14d5b857e95a5930dd75e907fd6828e32f4aa2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000009.log

MD5 fe62c64b5b3d092170445d5f5230524e
SHA1 0e27b930da78fce26933c18129430816827b66d3
SHA256 1e1a9ca70503efd8c607f9bc7131f08aba0476d75f2586dadb4da5485a5315d4
SHA512 924daccfbfb0c0464b4c5fd769e01a8f2e96fe28b635aa27ab4cd91766b05b03bbf941af14c017436107673f01bad815ce1fac2a649e745c76b3c736994b4fd2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\MANIFEST-000007

MD5 9ce0de297ae8307289b9a8b85d71344d
SHA1 111ca14ee7455b171f403e7bbb95159179e8bf24
SHA256 6cf9e355c58cef858e7dc1f0ca7e9a7df63d9b9f55aa0bb0b8e9b47d2976c96c
SHA512 d2c96cdc086da1fad94e1e67664306115035f4b76d9c9c80b80cd94e8337ccb637aa4fbe1dc6018b47d46d7011a73245898af821c2fe1b82cdddb8d59196ae0a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

MD5 a138d5c984e9704bd1e37e754055101a
SHA1 899294667e55ddb6a72837aa3b7bf3963c5eecba
SHA256 33722ec8cd38469b8a9933147d2117dc9452b7584373555d564faa358628f312
SHA512 9fd6999fd767c9ca4c4926052f004ca2e1119469496322f7a9dc282007361c76498f95c8a1d122f895fee885a79f32fb9bd4825e80fcf88a540bc0943ee9606e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000006

MD5 78c55e45e9d1dc2e44283cf45c66728a
SHA1 88e234d9f7a513c4806845ce5c07e0016cf13352
SHA256 7b69a2bee12703825dc20e7d07292125180b86685d2d1b9fd097df76fc6791ec
SHA512 f2ad4594024871286b98a94223b8e7155c7934ef4ebb55f25a4a485a059f75b572d21bc96e9b48ed394be8a41fe0208f7bfb6e28a79d75640c5b684f0c848fe3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13371526301198000

MD5 472f4b3f373d610b82fad1ec219044c8
SHA1 1438d5c072b1c9fce4f3b91f1a92678d82083c0b
SHA256 4ae7849f193f5d77d9675411f639e9254aea93e5de159870e6d9f54768808811
SHA512 85097714747db930c48e3ed7ae5003f1e8f18dffde27485d1c1d25b938fceff4aec521593a4905bc183c0071eb0ebd8dd88645fd1b539f36a9ba75d731f52c0d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt

MD5 390824d82c9f4b66dd714c7e7215b341
SHA1 4a1018bdbd667c91524f94e938d88c5c4440bf3e
SHA256 76211b5c51f68e33ed0a576566d0e3a66bdbaba8fc87f8dabb2f0af036833b67
SHA512 156a7d0e9a31fdc96ed93fee01b8bc638f004ce962269c8d426cbd28721259f7a7d44eb8d2221814192ebffc013cdb81c2ea4381156b7686bb0f9eb201715cc0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG

MD5 a57522055d0153130d58e3c76281d561
SHA1 980f869eaf5116ba21dd7fd99fae09c2d7ae8768
SHA256 51d79bcd68a13b30ea2959ba6450c417402c2d5cf3c27e207da0f4269b3e0506
SHA512 fc7dfc4996d416faf8c3189d17fb4368678e274c4348567b06050636d50b62cc2306746e11d68296f1c6849e750fdb982138521899ec75d19a82dc2d6129cf7b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000008.dbtmp

MD5 589c49f8a8e18ec6998a7a30b4958ebc
SHA1 cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e
SHA256 26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8
SHA512 e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 649acb40b885e5ceacf7b8380ce05d23
SHA1 c3c5ddb797dd07cd7194b5f47e0c4fea0ec56aad
SHA256 7e9c27a9ff54a598a0cdd22fa53cfb02a44bd9cb73e390b58ac555aa4c699518
SHA512 3c5c6b0663d9d62f80f0b7354021fdeb7870e5a38210160787c9989634eb53f4f3a44d0eb40d8d7241f367eb8854f7deee71d730eb1ea1217444626964f5308c

Analysis: behavioral2

Detonation Overview

Submitted

2024-09-23 00:50

Reported

2024-09-23 00:52

Platform

win10v2004-20240802-en

Max time kernel

93s

Max time network

94s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Mercurial.exe"

Signatures

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Mercurial.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Mercurial.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Mercurial.exe

"C:\Users\Admin\AppData\Local\Temp\Mercurial.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp

Files

memory/5044-0-0x000000007490E000-0x000000007490F000-memory.dmp

memory/5044-1-0x00000000007F0000-0x0000000000B2A000-memory.dmp

memory/5044-2-0x0000000005C10000-0x00000000061B4000-memory.dmp

memory/5044-3-0x0000000005540000-0x00000000055D2000-memory.dmp

memory/5044-4-0x0000000074900000-0x00000000750B0000-memory.dmp

memory/5044-5-0x0000000005530000-0x000000000553A000-memory.dmp

memory/5044-6-0x00000000055E0000-0x00000000055FC000-memory.dmp

memory/5044-7-0x0000000005620000-0x0000000005640000-memory.dmp

memory/5044-9-0x00000000057F0000-0x0000000005800000-memory.dmp

memory/5044-8-0x00000000057C0000-0x00000000057E0000-memory.dmp

memory/5044-10-0x0000000005800000-0x0000000005814000-memory.dmp

memory/5044-12-0x0000000005890000-0x00000000058AE000-memory.dmp

memory/5044-11-0x0000000005810000-0x000000000587E000-memory.dmp

memory/5044-13-0x00000000058D0000-0x0000000005906000-memory.dmp

memory/5044-15-0x0000000005930000-0x000000000593E000-memory.dmp

memory/5044-14-0x0000000005910000-0x000000000591E000-memory.dmp

memory/5044-16-0x00000000061C0000-0x000000000630A000-memory.dmp

memory/5044-17-0x0000000006310000-0x0000000006426000-memory.dmp

memory/5044-18-0x0000000005BB0000-0x0000000005BE0000-memory.dmp

memory/5044-19-0x0000000008F50000-0x0000000008F58000-memory.dmp

memory/5044-20-0x0000000074900000-0x00000000750B0000-memory.dmp

memory/5044-21-0x0000000074900000-0x00000000750B0000-memory.dmp

memory/5044-22-0x0000000074900000-0x00000000750B0000-memory.dmp

memory/5044-23-0x000000007490E000-0x000000007490F000-memory.dmp

memory/5044-24-0x0000000074900000-0x00000000750B0000-memory.dmp

memory/5044-25-0x0000000074900000-0x00000000750B0000-memory.dmp

memory/5044-26-0x0000000074900000-0x00000000750B0000-memory.dmp

memory/5044-27-0x0000000074900000-0x00000000750B0000-memory.dmp

memory/5044-28-0x0000000074900000-0x00000000750B0000-memory.dmp