asyncrat | bf9aa6957a814d551d3ba7f96690ff76c79ff884718b3a0f16ab17b96c2637ff

Resubmissions

13-01-2025 00:17

250113-ak4a4sypbn 10

25-09-2024 13:28

24-09-2024 20:51

24-09-2024 19:21

24-09-2024 19:17

24-09-2024 18:11

24-09-2024 17:54

Analysis

max time kernel
734s
max time network
715s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
25-09-2024 13:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Anarchy Panel.exe
Size

54.6MB
MD5

94bac1a0cc0dbac256f0d3b4c90648c2
SHA1

4abcb8a31881e88322f6a37cbb24a14a80c6eef2
SHA256

50c2dba1d961e09cb8df397b71bd3b6a32d0ee6dbe886e7309305dc4ba968f94
SHA512

30ecee38d5d641abaf73e09a23c614cb3b8b84aa1f8ff1818e92c1f2b51bf6841d3e51564aecb5efd01a3d98db88f0938e7dd4ee9c74ca5477785c33c969ffd9
SSDEEP

786432:RvcKHU1yll1EcgYwm/7hPo9b9DMs2PTUpRYj:lPU4bZwm/NwEIYj

Score

10^/10

asyncrat stealerium default collection discovery motw persistence phishing privilege_escalation rat spyware stealer

Malware Config

Extracted

Family

asyncrat

Botnet

Default

127.0.0.1:3232

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat
Stealerium
An open source info stealer written in C# first seen in May 2022.
stealer stealerium
Grants admin privileges 1 TTPs
Uses net.exe to modify the user's privileges.

Account Manipulation
T1098

.NET Reactor proctector 1 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

resource	yara_rule
behavioral1/memory/5836-1-0x0000000000460000-0x0000000003AFE000-memory.dmp	net_reactor

Executes dropped EXE 1 IoCs

pid	Process
6264	Infected.exe

Loads dropped DLL 3 IoCs

pid	Process
5836	Anarchy Panel.exe
6596	Anarchy Panel.exe
3460	Anarchy Panel.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs

collection

Email Collection

T1114

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	Infected.exe
Key opened	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	Infected.exe
Key opened	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	Infected.exe

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
299	ip-api.com
393	icanhazip.com

Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs

phishing motw

flow	ioc
282	https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html

Network Service Discovery 1 TTPs 1 IoCs

Attempt to gather information on host's network.

discovery

Network Service Discovery

T1046

pid	Process
2764	ARP.EXE

Enumerates processes with tasklist 1 TTPs 1 IoCs

discovery

Process Discovery

T1057

pid	Process
5244	tasklist.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Launches sc.exe 1 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
1980	sc.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Netsh Helper DLL 1 TTPs 6 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe

Permission Groups Discovery: Local Groups 1 TTPs
Attempt to find local system groups and permission settings.
discovery

Local Groups
T1069.001

System Network Configuration Discovery: Wi-Fi Discovery 1 TTPs 2 IoCs

Adversaries may search for information about Wi-Fi networks, such as network names and passwords, on compromised systems.

discovery

Wi-Fi Discovery

T1016.002

pid	Process
6920	cmd.exe
5380	netsh.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0	Infected.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	Infected.exe

Delays execution with timeout.exe 1 IoCs

evasion

pid	Process
6288	timeout.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Gathers network information 2 TTPs 3 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
4368	ipconfig.exe
6852	NETSTAT.EXE
2252	ipconfig.exe

Gathers system information 1 TTPs 1 IoCs

Runs systeminfo.exe.

System Information Discovery

T1082

pid	Process
6580	systeminfo.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000\Software\Microsoft\Internet Explorer\TypedURLs	Anarchy Panel.exe
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000\Software\Microsoft\Internet Explorer\TypedURLs	Anarchy Panel.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133717446309077600"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 = 14002e8005398e082303024b98265d99428e115f0000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 03000000000000000200000001000000ffffffff	Anarchy Panel.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	Anarchy Panel.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3\MRUListEx = 00000000ffffffff	Anarchy Panel.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	Anarchy Panel.exe
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Anarchy Panel.exe
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	Anarchy Panel.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Anarchy Panel.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "2"	Anarchy Panel.exe
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	Anarchy Panel.exe
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell	Anarchy Panel.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 00000000030000000200000001000000ffffffff	Anarchy Panel.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	Anarchy Panel.exe
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	Anarchy Panel.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	Anarchy Panel.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3\0\0\0\0\0\MRUListEx = ffffffff	Anarchy Panel.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\NodeSlot = "5"	Anarchy Panel.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	Anarchy Panel.exe
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 020000000000000001000000ffffffff	Anarchy Panel.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	Anarchy Panel.exe
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3\0\0\0	Anarchy Panel.exe
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	Anarchy Panel.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	Anarchy Panel.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\MRUListEx = ffffffff	Anarchy Panel.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	Anarchy Panel.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3\0\0 = 50003100000000000259967d100041646d696e003c0009000400efbe0259697a3959c36b2e0000005d5702000000010000000000000000000000000000004ba28600410064006d0069006e00000014000000	Anarchy Panel.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	Anarchy Panel.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	Anarchy Panel.exe
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	Anarchy Panel.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "4294967295"	Anarchy Panel.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0000000001000000ffffffff	Anarchy Panel.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	Anarchy Panel.exe
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3\0\0\0\0\0	Anarchy Panel.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3\0\0\0\0\0\NodeSlot = "6"	Anarchy Panel.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	Anarchy Panel.exe
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Documents"	Anarchy Panel.exe
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	Anarchy Panel.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Anarchy Panel.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe110000003fb97257efe4da01fddbdc2ff2e4da01fddbdc2ff2e4da0114000000	Anarchy Panel.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	Anarchy Panel.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Version = "1"	Anarchy Panel.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3\0\0\MRUListEx = 00000000ffffffff	Anarchy Panel.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	Anarchy Panel.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	Anarchy Panel.exe
Key created	\Registry\User\S-1-5-21-131918955-2378418313-883382443-1000_Classes\NotificationData	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	Anarchy Panel.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	Anarchy Panel.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	Anarchy Panel.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\download.jpg:Zone.Identifier	chrome.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4932	chrome.exe
4932	chrome.exe
5836	Anarchy Panel.exe
5836	Anarchy Panel.exe
5836	Anarchy Panel.exe
5836	Anarchy Panel.exe
5836	Anarchy Panel.exe
5836	Anarchy Panel.exe
5836	Anarchy Panel.exe
5836	Anarchy Panel.exe
5836	Anarchy Panel.exe
5836	Anarchy Panel.exe
5836	Anarchy Panel.exe
5836	Anarchy Panel.exe
5836	Anarchy Panel.exe
5836	Anarchy Panel.exe
5836	Anarchy Panel.exe
5836	Anarchy Panel.exe
5836	Anarchy Panel.exe
5836	Anarchy Panel.exe
5836	Anarchy Panel.exe
5836	Anarchy Panel.exe
5836	Anarchy Panel.exe
5836	Anarchy Panel.exe
5836	Anarchy Panel.exe
5836	Anarchy Panel.exe
5836	Anarchy Panel.exe
5836	Anarchy Panel.exe
5836	Anarchy Panel.exe
5836	Anarchy Panel.exe
5836	Anarchy Panel.exe
5836	Anarchy Panel.exe
4932	chrome.exe
4932	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
3460	Anarchy Panel.exe
3460	Anarchy Panel.exe
3460	Anarchy Panel.exe
3460	Anarchy Panel.exe
3460	Anarchy Panel.exe
3460	Anarchy Panel.exe
3460	Anarchy Panel.exe
3460	Anarchy Panel.exe
3460	Anarchy Panel.exe
3460	Anarchy Panel.exe
3460	Anarchy Panel.exe
3460	Anarchy Panel.exe
3460	Anarchy Panel.exe
3460	Anarchy Panel.exe
3460	Anarchy Panel.exe
3460	Anarchy Panel.exe
3460	Anarchy Panel.exe
3460	Anarchy Panel.exe
3460	Anarchy Panel.exe
3460	Anarchy Panel.exe
3460	Anarchy Panel.exe
3460	Anarchy Panel.exe
3460	Anarchy Panel.exe
3460	Anarchy Panel.exe
3460	Anarchy Panel.exe
3460	Anarchy Panel.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
5836	Anarchy Panel.exe
3460	Anarchy Panel.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	5836	Anarchy Panel.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe

Suspicious use of FindShellTrayWindow 47 IoCs

pid	Process
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
5836	Anarchy Panel.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
5836	Anarchy Panel.exe
3460	Anarchy Panel.exe
3460	Anarchy Panel.exe
6596	Anarchy Panel.exe
3460	Anarchy Panel.exe

Suspicious use of SendNotifyMessage 22 IoCs

pid	Process
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
5836	Anarchy Panel.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
5836	Anarchy Panel.exe
3460	Anarchy Panel.exe
3460	Anarchy Panel.exe
6596	Anarchy Panel.exe
3460	Anarchy Panel.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
3204	chrome.exe
5300	chrome.exe
5836	Anarchy Panel.exe
3460	Anarchy Panel.exe
3460	Anarchy Panel.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4932 wrote to memory of 3996	4932	chrome.exe	81
PID 4932 wrote to memory of 3996	4932	chrome.exe	81
PID 4932 wrote to memory of 1352	4932	chrome.exe	82
PID 4932 wrote to memory of 1352	4932	chrome.exe	82
PID 4932 wrote to memory of 1352	4932	chrome.exe	82
PID 4932 wrote to memory of 1352	4932	chrome.exe	82
PID 4932 wrote to memory of 1352	4932	chrome.exe	82
PID 4932 wrote to memory of 1352	4932	chrome.exe	82
PID 4932 wrote to memory of 1352	4932	chrome.exe	82
PID 4932 wrote to memory of 1352	4932	chrome.exe	82
PID 4932 wrote to memory of 1352	4932	chrome.exe	82
PID 4932 wrote to memory of 1352	4932	chrome.exe	82
PID 4932 wrote to memory of 1352	4932	chrome.exe	82
PID 4932 wrote to memory of 1352	4932	chrome.exe	82
PID 4932 wrote to memory of 1352	4932	chrome.exe	82
PID 4932 wrote to memory of 1352	4932	chrome.exe	82
PID 4932 wrote to memory of 1352	4932	chrome.exe	82
PID 4932 wrote to memory of 1352	4932	chrome.exe	82
PID 4932 wrote to memory of 1352	4932	chrome.exe	82
PID 4932 wrote to memory of 1352	4932	chrome.exe	82
PID 4932 wrote to memory of 1352	4932	chrome.exe	82
PID 4932 wrote to memory of 1352	4932	chrome.exe	82
PID 4932 wrote to memory of 1352	4932	chrome.exe	82
PID 4932 wrote to memory of 1352	4932	chrome.exe	82
PID 4932 wrote to memory of 1352	4932	chrome.exe	82
PID 4932 wrote to memory of 1352	4932	chrome.exe	82
PID 4932 wrote to memory of 1352	4932	chrome.exe	82
PID 4932 wrote to memory of 1352	4932	chrome.exe	82
PID 4932 wrote to memory of 1352	4932	chrome.exe	82
PID 4932 wrote to memory of 1352	4932	chrome.exe	82
PID 4932 wrote to memory of 1352	4932	chrome.exe	82
PID 4932 wrote to memory of 1352	4932	chrome.exe	82
PID 4932 wrote to memory of 5648	4932	chrome.exe	83
PID 4932 wrote to memory of 5648	4932	chrome.exe	83
PID 4932 wrote to memory of 1588	4932	chrome.exe	84
PID 4932 wrote to memory of 1588	4932	chrome.exe	84
PID 4932 wrote to memory of 1588	4932	chrome.exe	84
PID 4932 wrote to memory of 1588	4932	chrome.exe	84
PID 4932 wrote to memory of 1588	4932	chrome.exe	84
PID 4932 wrote to memory of 1588	4932	chrome.exe	84
PID 4932 wrote to memory of 1588	4932	chrome.exe	84
PID 4932 wrote to memory of 1588	4932	chrome.exe	84
PID 4932 wrote to memory of 1588	4932	chrome.exe	84
PID 4932 wrote to memory of 1588	4932	chrome.exe	84
PID 4932 wrote to memory of 1588	4932	chrome.exe	84
PID 4932 wrote to memory of 1588	4932	chrome.exe	84
PID 4932 wrote to memory of 1588	4932	chrome.exe	84
PID 4932 wrote to memory of 1588	4932	chrome.exe	84
PID 4932 wrote to memory of 1588	4932	chrome.exe	84
PID 4932 wrote to memory of 1588	4932	chrome.exe	84
PID 4932 wrote to memory of 1588	4932	chrome.exe	84
PID 4932 wrote to memory of 1588	4932	chrome.exe	84
PID 4932 wrote to memory of 1588	4932	chrome.exe	84
PID 4932 wrote to memory of 1588	4932	chrome.exe	84
PID 4932 wrote to memory of 1588	4932	chrome.exe	84
PID 4932 wrote to memory of 1588	4932	chrome.exe	84
PID 4932 wrote to memory of 1588	4932	chrome.exe	84
PID 4932 wrote to memory of 1588	4932	chrome.exe	84
PID 4932 wrote to memory of 1588	4932	chrome.exe	84
PID 4932 wrote to memory of 1588	4932	chrome.exe	84
PID 4932 wrote to memory of 1588	4932	chrome.exe	84
PID 4932 wrote to memory of 1588	4932	chrome.exe	84
PID 4932 wrote to memory of 1588	4932	chrome.exe	84
PID 4932 wrote to memory of 1588	4932	chrome.exe	84

outlook_office_path 1 IoCs

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	Infected.exe

outlook_win_path 1 IoCs

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	Infected.exe

C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe
"C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe"
1⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:5836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd599ccc40,0x7ffd599ccc4c,0x7ffd599ccc58
  2⤵
  PID:3996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1868,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1864 /prefetch:2
  2⤵
  PID:1352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1444,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  PID:5648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2220,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2240 /prefetch:8
  2⤵
  PID:1588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3160,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:2952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4476,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4484 /prefetch:1
  2⤵
  PID:5188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4444,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4636 /prefetch:8
  2⤵
  PID:3388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4668,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4768 /prefetch:8
  2⤵
  PID:4232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4888,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4916 /prefetch:8
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4764,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5064 /prefetch:8
  2⤵
  PID:5904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5168,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5140 /prefetch:8
  2⤵
  PID:5280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4660,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4656 /prefetch:8
  2⤵
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4624,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3524,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5044,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:3556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3332,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4756,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3768 /prefetch:1
  2⤵
  PID:1180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5264,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5252,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:5860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5540,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:2304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5724,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:2516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5860,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:3740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5992,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6028 /prefetch:1
  2⤵
  PID:5436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5424,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=6304,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6284 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6452,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6440 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:3204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=6492,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6524 /prefetch:1
  2⤵
  PID:396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=6640,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6644 /prefetch:1
  2⤵
  PID:3728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=6852,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6820 /prefetch:1
  2⤵
  PID:3344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=6944,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6880 /prefetch:1
  2⤵
  PID:1652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=6884,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7116 /prefetch:1
  2⤵
  PID:6068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=7268,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7260 /prefetch:1
  2⤵
  PID:400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=7280,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7380 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=7424,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7652 /prefetch:1
  2⤵
  PID:5492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=7552,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7548 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=7228,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7948 /prefetch:1
  2⤵
  PID:1320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=7564,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=8080 /prefetch:1
  2⤵
  PID:5200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=7400,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=8348 /prefetch:1
  2⤵
  PID:1144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=7572,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=8492 /prefetch:1
  2⤵
  PID:5780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=7580,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=8628 /prefetch:1
  2⤵
  PID:5328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=7676,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7680 /prefetch:1
  2⤵
  PID:752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=7084,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=8836 /prefetch:1
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=8124,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=8112 /prefetch:1
  2⤵
  PID:6136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=8136,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6768 /prefetch:1
  2⤵
  PID:6108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=8156,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6872 /prefetch:1
  2⤵
  PID:724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=8164,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6832 /prefetch:1
  2⤵
  PID:6132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=9288,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=9200 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=9304,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=8128 /prefetch:1
  2⤵
  PID:5712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=9344,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6012 /prefetch:1
  2⤵
  PID:3268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=9360,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=9352 /prefetch:1
  2⤵
  PID:3156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --field-trial-handle=9368,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7332 /prefetch:1
  2⤵
  PID:3772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --field-trial-handle=9276,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=9632 /prefetch:1
  2⤵
  PID:1912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --field-trial-handle=9268,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=8372 /prefetch:1
  2⤵
  PID:6120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --field-trial-handle=9440,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=9684 /prefetch:1
  2⤵
  PID:5992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=9456,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=9228 /prefetch:8
  2⤵
  PID:4284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=9464,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5504 /prefetch:8
  2⤵
  PID:3332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --field-trial-handle=9480,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=9484 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --field-trial-handle=9492,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:2704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --field-trial-handle=9424,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=9460 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --field-trial-handle=9508,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=10084 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --field-trial-handle=9516,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=10196 /prefetch:1
  2⤵
  PID:5808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --field-trial-handle=9524,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=10416 /prefetch:1
  2⤵
  PID:5692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --field-trial-handle=9760,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6456 /prefetch:1
  2⤵
  PID:6308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --field-trial-handle=9748,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=10292 /prefetch:1
  2⤵
  PID:6316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --field-trial-handle=9764,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6792 /prefetch:1
  2⤵
  PID:6324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --field-trial-handle=9780,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=9332 /prefetch:1
  2⤵
  PID:6340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --field-trial-handle=9788,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=10416 /prefetch:1
  2⤵
  PID:6392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --field-trial-handle=9796,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=9176 /prefetch:1
  2⤵
  PID:6448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --field-trial-handle=9804,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=9756 /prefetch:1
  2⤵
  PID:6504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --field-trial-handle=9812,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:6560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --field-trial-handle=9820,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=8068 /prefetch:1
  2⤵
  PID:6568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --field-trial-handle=9828,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7288 /prefetch:1
  2⤵
  PID:6576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --field-trial-handle=9920,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:6584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --field-trial-handle=9928,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=8832 /prefetch:1
  2⤵
  PID:6592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --field-trial-handle=9916,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=10420 /prefetch:1
  2⤵
  PID:6728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --field-trial-handle=10572,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=10744 /prefetch:1
  2⤵
  PID:7084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --field-trial-handle=9860,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=9876 /prefetch:1
  2⤵
  PID:3748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --field-trial-handle=9912,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=10764 /prefetch:1
  2⤵
  PID:6928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --field-trial-handle=7276,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=10008 /prefetch:1
  2⤵
  PID:6904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5800,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4996 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --field-trial-handle=4972,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7692 /prefetch:1
  2⤵
  PID:6412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=10700,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=9876 /prefetch:8
  2⤵
  PID:4760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --field-trial-handle=10228,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:4808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7308,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7196 /prefetch:8
  2⤵
  PID:6580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=9808,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=10600 /prefetch:8
  2⤵
  PID:3460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7988,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=9416 /prefetch:8
  2⤵
  PID:3952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --field-trial-handle=7364,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7628 /prefetch:1
  2⤵
  PID:6836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=8916,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=10728 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:5300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5768,i,16213107742622289441,18225548449065673865,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=10600 /prefetch:8
  2⤵
  - NTFS ADS
  PID:6856

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5992

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2028

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:6272

C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe
"C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe"
1⤵
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:6596

C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe
"C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe"
1⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3460

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:2764

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1272

C:\Users\Admin\Downloads\Infected.exe
"C:\Users\Admin\Downloads\Infected.exe"
1⤵
- Executes dropped EXE
- Accesses Microsoft Outlook profiles
- Checks processor information in registry
- outlook_office_path
- outlook_win_path
PID:6264
- C:\Windows\SYSTEM32\cmd.exe
  "cmd.exe"
  2⤵
  PID:3064
- - C:\Windows\system32\systeminfo.exe
    systeminfo
    3⤵
    - Gathers system information
    PID:6580
- - C:\Windows\system32\HOSTNAME.EXE
    hostname
    3⤵
    PID:2960
- - C:\Windows\system32\net.exe
    net user
    3⤵
    PID:408
  - - C:\Windows\system32\net1.exe
      C:\Windows\system32\net1 user
      4⤵
      PID:6584
- - C:\Windows\system32\net.exe
    net localgroup
    3⤵
    PID:1444
  - - C:\Windows\system32\net1.exe
      C:\Windows\system32\net1 localgroup
      4⤵
      PID:3348
- - C:\Windows\system32\net.exe
    net localgroup administrators
    3⤵
    PID:3120
  - - C:\Windows\system32\net1.exe
      C:\Windows\system32\net1 localgroup administrators
      4⤵
      PID:5152
- - C:\Windows\system32\net.exe
    net user guest
    3⤵
    PID:5952
  - - C:\Windows\system32\net1.exe
      C:\Windows\system32\net1 user guest
      4⤵
      PID:3676
- - C:\Windows\system32\net.exe
    net user administrator
    3⤵
    PID:6176
  - - C:\Windows\system32\net1.exe
      C:\Windows\system32\net1 user administrator
      4⤵
      PID:5224
- - C:\Windows\system32\tasklist.exe
    tasklist /svc
    3⤵
    - Enumerates processes with tasklist
    PID:5244
- - C:\Windows\system32\ipconfig.exe
    ipconfig /all
    3⤵
    - Gathers network information
    PID:4368
- - C:\Windows\system32\ROUTE.EXE
    route print
    3⤵
    PID:4880
- - C:\Windows\system32\ARP.EXE
    arp -a
    3⤵
    - Network Service Discovery
    PID:2764
- - C:\Windows\system32\NETSTAT.EXE
    netstat -an
    3⤵
    - Gathers network information
    PID:6852
- - C:\Windows\system32\ipconfig.exe
    ipconfig /displaydns
    3⤵
    - Gathers network information
    PID:2252
- - C:\Windows\system32\sc.exe
    sc query type= service state= all
    3⤵
    - Launches sc.exe
    PID:1980
- C:\Windows\SYSTEM32\cmd.exe
  "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
  2⤵
  - System Network Configuration Discovery: Wi-Fi Discovery
  PID:6920
- - C:\Windows\system32\chcp.com
    chcp 65001
    3⤵
    PID:3348
- - C:\Windows\system32\netsh.exe
    netsh wlan show profile
    3⤵
    - Event Triggered Execution: Netsh Helper DLL
    - System Network Configuration Discovery: Wi-Fi Discovery
    PID:5380
- - C:\Windows\system32\findstr.exe
    findstr All
    3⤵
    PID:5508
- C:\Windows\SYSTEM32\cmd.exe
  "cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
  2⤵
  PID:6176
- - C:\Windows\system32\chcp.com
    chcp 65001
    3⤵
    PID:4696
- - C:\Windows\system32\netsh.exe
    netsh wlan show networks mode=bssid
    3⤵
    - Event Triggered Execution: Netsh Helper DLL
    PID:6432
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmpA93C.tmp.bat""
  2⤵
  PID:5112
- - C:\Windows\system32\timeout.exe
    timeout 3
    3⤵
    - Delays execution with timeout.exe
    PID:6288

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:2680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Account Manipulation

T1098

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Account Manipulation

T1098

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Network Service Discovery

T1046

Permission Groups Discovery

T1069

Local Groups

T1069.001

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Network Configuration Discovery

T1016

Wi-Fi Discovery

T1016.002

Lateral Movement

Collection

Data from Local System

T1005

Email Collection

T1114

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\1df0d9fed7bc9ccef1f894a4ec64e796\Admin@ZFKGDPGJ_en-US\Browsers\Google\History.txt

Filesize
708B

MD5
c1dc4cbc2d7cfd0084d37bbd0bd83070

SHA1
d0064b60926c6519438d2b4acf6f82cf02508d84

SHA256
321c6390e29c8532db02b34e14f69f80334386434130aa3e879863f09b98cc9d

SHA512
bb9d3c34185ccc35e8e6321209a189da91391f267a1b97fa63026583d5872c92e001a4d4671ba3c068cab06abe4f5faba0f7c14ee6c1ff6508e2fcb082824aa1

Download Submit
C:\Users\Admin\AppData\Local\1df0d9fed7bc9ccef1f894a4ec64e796\Admin@ZFKGDPGJ_en-US\Browsers\Mozilla\Firefox\Bookmarks.txt

Filesize
105B

MD5
2e9d094dda5cdc3ce6519f75943a4ff4

SHA1
5d989b4ac8b699781681fe75ed9ef98191a5096c

SHA256
c84c98bbf5e0ef9c8d0708b5d60c5bb656b7d6be5135d7f7a8d25557e08cf142

SHA512
d1f7eed00959e902bdb2125b91721460d3ff99f3bdfc1f2a343d4f58e8d4e5e5a06c0c6cdc0379211c94510f7c00d7a8b34fa7d0ca0c3d54cbbe878f1e9812b7

Download Submit
C:\Users\Admin\AppData\Local\1df0d9fed7bc9ccef1f894a4ec64e796\Admin@ZFKGDPGJ_en-US\System\Process.txt

Filesize
1KB

MD5
74cfffceaba205088fb488ebfa80873a

SHA1
0881ea50c0e6c46af3272e55d35ffeda1b12cd64

SHA256
9d4342348a23b981aabe4ab6e9ca04200c99d9ad3b49b46623b6427d8b387bf4

SHA512
2b1066d0d57e748dbdbe6e9e2dfac5b0b3eaaac42de42f216fa0087c94e011bf22b93e55b3d6408824d102861fdd381015d8af09eb4d09ea3f50a1371f946fe5

Download Submit
C:\Users\Admin\AppData\Local\1df0d9fed7bc9ccef1f894a4ec64e796\Admin@ZFKGDPGJ_en-US\System\Process.txt

Filesize
7KB

MD5
f22469a6946b7e822c9d935f3e6e6247

SHA1
a868b0eb7c862fd207ed620d2408d378a2ee9c8c

SHA256
3d328ae415ac4b9ef6f5abaae5e74257ce56bb40bf9f45bd81a30512c648b798

SHA512
06519d46ad752094a50cec53a54eadd988d005fe69543e251cb52263430183bacbea8cb72732f10ac1b865e5279160cbaac1f899d45a34990fdc8aed98d3d2ab

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\5e32568c-4b02-427a-8957-fe51243e654e.tmp

Filesize
9KB

MD5
6a3a3a9e92c64c5ca81a62c9f053bec1

SHA1
46503810ec0d9581dccb3c6217706e1dada28c64

SHA256
d7e8c70b9b0f8d702c8a1331db6b074d78cbd3dd06fe081758c5f7833c0c8bc5

SHA512
af8dc303507899041ef24f0cf02fa4234479ec438a7ed9f83fc1709bd278cc2d1227bb6d94f056784121f5a67919612d92e235d59814854336d426d81c3e87da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
ded2ac681eeb889f05e537cd68f613ca

SHA1
322537e374e9da4dba443ee8545d4ff79655e4ba

SHA256
a3989a44d56de5ef249d6ce90f9a7c0fa6f20148a7a80fc5f889ce58071e67cb

SHA512
4895266783a8216fb6371e817ec0738b89177a271b10febbb6aca037d7e179aa028360804bd1220470057f92a39aae6d11b19784f5c94c0bbcd6978ecf5a8e13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f3a46713f39b18c0a8a10a444ab93a92

SHA1
4cada2e324e25fd8b4edde23459548578a7c811a

SHA256
fa7d9fb8781514b367cd970a311635995a4e69b771a73e78610b360eb7d5332c

SHA512
b242f38a37528e45731bcfb02feec38758122166fa54b40f784a61d7471ed045d9a9b328292af4ed4a85fe205550fd92b578a797927ee77b18da6c7087a0b38a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
643f24fcc1a03804e23e1f1dfec76bf7

SHA1
698a57958722baf680f9b991e10258cd55c9e316

SHA256
d1717bceb7b1356f0c0187eba24b2db0125208713a002a0114ddba3b261c8d02

SHA512
852965eca7613cacffaccc741c39ccdf9eb4f02b23e7ab4cbe2d74bbeac4347a22de5c15aad40f231533412aec4f090058ac69a999dfea2c6c4c750c9d402c76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\9c25e0ee-5876-4c5c-aa33-f242c2be25ce.tmp

Filesize
3KB

MD5
8bb42729bb7b981131c19e90b34a213b

SHA1
58375a701b352966b5b8dcb85ee1b9d48c6f27e2

SHA256
d4c2b9a5562f4f7d71d6eacfdbdf110a6450610f11764ab7524bff206f2f1252

SHA512
665784e912998b222c0b74f005cf348784468d7b22c477aaaef5518e4dd2acce3a5579d19e6382782f5f456600f1af8f6cbcc78f1730882120e8198da32665d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
35KB

MD5
404ec0eaa01f5d4dc803d38e4a4a05a3

SHA1
d360ddb66a9858ec9a30c8a3be8b2605ed6940bf

SHA256
fd04c11c20e53a7b4c5888279845d93fbd27111fc72c070afd193dd1a67710a6

SHA512
e5b121ab74e4c9b076a5d2634fe7b8daca3b693297784058a883a2bfe8739a8a8fc07ed476091400eaa51bf92ba097863e755a9e8f909100cd98b1e330d4fa46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
30KB

MD5
0fba54c577b9c6774329e82accfc462e

SHA1
95c2b7ba84d95728c227258ac93cbcd592b2ca72

SHA256
4dc54002594eb7b7ace7ef4f07156dc247f45d7cf3ec7cd701f602cc540aeb07

SHA512
4828efe0766d3277bffb72aef43e1c965254a7b8a77b1b5d97fd7785b53ed4fe2fbd7e5d46b043a07431e40a67eea85022d639bffa338415fc0f7dff5635c144

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
35KB

MD5
585926305c2eb6b44e3ea0772c132c0f

SHA1
84333030f1a68450ffc96163383bdfb45904b203

SHA256
85c2a6eec2d838dc5ae73a3d1ad86bbfe2c67007f1baf88fc1f70ebe9344bfec

SHA512
2818d276c7ba14dea0be860e707d7c1b565d39d7fd84187e5ca11f55731dc8e92edaea8a3bb428abb4f7ddc0ddd50fd96551fc3bf60e9a32451ee05a27a0503c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
36KB

MD5
d7c5d5552fc07c3dc6d2ed5ef15aa7bd

SHA1
17d7a69fcef7db29403fc1862e10740fb2b47ac8

SHA256
4a06d3bad3d7b246a5bb776021dac9131640800b33da98e9ff7ece1272ce256a

SHA512
25a065b538b1e752ecd6e5fe1d0ae69344a6a2d4b224ceb2d32ad85b40cf05f52c625b83ed6106ea34825deb8841fc3c689c452484a5fcb986cd00582815573c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
5d2d98e52b73a527749155a79527abe6

SHA1
968d2fb25f1a68fc87b18c27c7b49128c0eeef52

SHA256
e0d20a1eb1cc4d4407b655102a53a7f6a09fb4fae2ccc710056cc038008423d2

SHA512
f40f9d840f632fab1af8a50a022bb5c00a2d68693aea02725be14d1d556ab4c4cb3ce4adf4ad1939aea0e1af6827b862362868295331f48f513924b60663e0e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
ee2d84854b3cc8e8a530f7c362f2b293

SHA1
26d867acf91df8bb799a2030c2d2782cca204cee

SHA256
745bb0c26af01e97709ae8f8f5312861c4b70f4f44cf709ad8865539cb24475a

SHA512
dbf6690dcbd7b648c75f2575ca097e0b9b64965a2cd8d89d74ff307e28a138a16a7bd66af88e083a46fa70a2407b499490696b2ceed7b40569994a6620265c82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
3efd1fefabb3b8055015a88a5792da26

SHA1
5ed9cf14e7d2e3ddf731a6811deea7b303535e5d

SHA256
17dd011b0c90e632260687b909750c595186209ad38fbb65a32b85a49addde87

SHA512
85021a8b7f41905d3a2f1629e847edbb5d4be068a8f3265b28bd40a5883596656c329e0a288ca5a6696a1da78648507773802a486ee06cbc0eba0063ff2ad868

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
f89814ea9c71d39f1ea01d787320d450

SHA1
48ca3f7846b71d51ee680dd978ee900c8dce0f10

SHA256
08a2187e1b010fd922a8f8f5eb742926c5c6b9eded024d93beae6f01ff942ada

SHA512
f8ecdc0d77da311984d778051c258c74dc3b338834cdd1d83baf6d0eb9f1c6402a9a0636681df0d81655f91bc7516d6f98b29951db620f62ec568016c29939ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
41885925c2ab770d5e4dfc2abdbe3365

SHA1
98e9df2423324784c27d08c7ff773f57d0fcc18d

SHA256
8c019f4e7253c8befbbc2b2d85a93b266ee84a119d2d61c6c14aac2d7958767b

SHA512
1f71a5dbc61e7cdf4d6c8ea37059c5f1d55ec781f96854ad376ab1edc09b88bf15b2da97e3eb99c953102e11b415f5d1d8fd9d345f67270c5243ff1f9d02ec58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cfe0faa57274b6e41cabba63742c3386

SHA1
c178400ada1741d9aa929a51cf82783ee27559bb

SHA256
46cabceae92529208f9e2c12a269d5685c696122c1f1acf14b23e20c2260f578

SHA512
20d7c102a2abec3272c874cee93f66fdbc6d1883141b291cc11e460641a429d7dc30e7c9d0545c6f0620c8614a7c05b6fd90f8023a8b477edc0b81b5a5979967

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7554a8a918ae33204d8f57be34d69073

SHA1
aabb740b8e41b042b84d59366837f629739aebe5

SHA256
8a133297af4e45d75ecd97e2134614061d74fbce0b3816fd35ea3d8fda3d3fbc

SHA512
4324619fd107b488628533aa1845f7edb87ea152200386c08a74bf7bd2324d6015ac902f3763f2389b349d74959f1eda1ab4fc926ea91f9eb01e013f667e53c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
009dc73452ee3999145b7a741effed73

SHA1
a7ad67a91c9a4249bb9b378b047af34aaba3e5b0

SHA256
49b2a282590e27316773c6ae74ae4c8242a4dc1d78859eaabe77402ea329364a

SHA512
57ea9f430b59438c7059b3358f142039a054936e86a589d4e0fb56065d47355430ed392cb5563487857fc53370706b1e59033fed0958675958839919f2a1712d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c44c7a70c3ac9f525668b1f34e9cdf72

SHA1
651fe36cc7718b73ada3958a82c6b2a3cb5e3faf

SHA256
1f50efe9513321eaa69d2fb416719b9e02e1a430b833e8a8984ca6595a85f91b

SHA512
d54ca51efe5287b32c6326b8e8b3d6efb0c1520538d293f1db68a3d517bf5262620740690c29d66e25e689b96beb49b5f2d52218df5309033577f90998ad1f34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
52a562e606bb45697473437bc1ec2267

SHA1
39383becc4a457b0ae09dc09999d80edefb823c8

SHA256
6c1cf22e600f0112be3f3b43589ade6e6aac669772a64df473ac490fef77c3b7

SHA512
4ee24c2f7b9a43f301890de435c03a488307d5e5c4e3b8589c12c61b89444e15083a4f937dcec74f9cb29746178f6f7a180d486def65259d59815d5a3c1f7b95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8e042f0799a1731c61365331c72d8dd6

SHA1
15131d7209e091afe6b6f61663c28e5ebf3ddf62

SHA256
5b4a75dcbb3236cbd1b86aa0e111a88a65be800267dadcabeafe7ede43b3a98f

SHA512
bee18fe562bc453b7c074fc5504ed0e42d80aa98d686ef8eddd03579bfe98fd4ad1a8a132ee2700fcfd2fafcc64edd0e3c337932d3fce760b54f434a7040c357

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e8d5b5494fc62a86824753037a86ce7a

SHA1
eeeb354b815ee0b98e1be551032f7d83c89777f9

SHA256
9ba803e705cdab03ec07583fb08d8ee58656d75cad6450a7d27b8d403e87cbba

SHA512
c241488ede6d6391e41389b0d9cb63b52a8615b5770671405e76d4bcc86abdc03a3f7a7e60f04a061cc490420f521c59efdfc060198e95dbdeb4ca11f786473e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
82a675a1dc9fbe3b150079e8ac37e950

SHA1
2d66fdbcfd746b1e8b1ffbf245954bdec3be26e6

SHA256
dd72ff96574e0c6923cbe5ceec81fcde9eabc55fb9d6e978b27b2c011c86d238

SHA512
a2bb83efd8219226d4aadc754757b50cd071a8e6b1d821e769d9c3e320b3c49ac901b3772663f4c8933c3c48144b1ea8736c551844402e1186a3ec6bbbd1a5b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
66a3816715f859522e84e1e2a0ce0b21

SHA1
0ba569c146a04a52e9277fbf94caf1686f071c46

SHA256
af78410c8f4d8f96a6e7dad0934748ee920283c4d6370c28d0e8999ed1962d70

SHA512
c2150c639950cc59c263a3f3bdc7be26eba1cb68e7410c2b076f89fb890bf50d0de65ee24a716121d3af39c0db8a1eaafcd520de37464e653a298bfd8aec05e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
14c3d964465181ca3e5b6042d469d633

SHA1
741d85d6ff9385c9df85b0065bc033a4bc31a818

SHA256
001e5f674973dadeed963832be74c1575887fa2dbdc09a001a26904828bcbdb4

SHA512
69de871d2c35f5807b3b6042a3b9da8f47c2930bd4cb98c18026da5803acaad6ba8789af7a280e5b54ac006497658b040f143699213374ae7099d060f596b3e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
88a0ba06a48d9e909ffe779f6b3dddab

SHA1
bf6b508180b777687d9af6eee62f8b1fdbb76122

SHA256
633815c9926ff304741cd8fcc3ac1e653690eeea0d6c58d79aef6ccddecd4dd4

SHA512
9570d8086c7cef80fb4cbf113dbf048169b6935096924d3211938a6b70aea654a07f3a43a01f2fee39522a6e8766b1f7db5b9921c07b34198e51b10649e0ff4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4919c9d8c8bb536f14fe89941b01a719

SHA1
a9ce0ee35465cf38b3f54da68dbd9a74aedcd5e7

SHA256
749429b74a79a2a15ea41f690398ea73569329cd6ebcf14704948757c9faa9c1

SHA512
f1320e163346ee65aaf8cde2d5346d86f5d92616750f327bfc36a337d2287665b79f525a2784e9ef30711d503fc11f587046ec1768107b560e55804d6db05dbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
50c0a9e32855e5d6f475b2d440a0fa33

SHA1
5dc03545eb270cb82dd556502d73e0e2515ad55d

SHA256
56a93bdc9785cd6a291530c6494f19db93d9a043217705312c163965705c8284

SHA512
f06d6606729671345b6d18f063e7fceaa27af2a835048d08d34a25d1c6938603e496a22b2511d5a4a9722fe56c8f478f07ec615f58fa632b3327cc623ef7f2f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f3fdab771dfac64eaec4738fee340015

SHA1
4edf1baf35753025486f818aef70f4982d814327

SHA256
0f3c79e4b49283410e1e0cae586c52d0ed70d77270693ae94c90e504b81c3956

SHA512
b15efaacd5a2a31bcea0149f80d7a83658fce9e0fc43587c9f3e4e3e43c99ba856f3953d3137952c64a038735ebd0e4db84e736c3ad3b0046b2cbe2d3b77d0aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
39224418df3bd6196bee71b2a71f9aba

SHA1
976d5c3a0e4b4aa915bc47f8a76667d34879cad7

SHA256
e4972aae78e8845e291789f222c0a0ee669316f2fc4adf75ac8f40543d10f5e6

SHA512
a1f3451c7db66461d00a7d1b9798c22e3d2fd74a9e5c035e45bdd3aab5c4d3aa53d8bf9c496b5fe55578a80702e723c7174b2d09eba21e52252d43060b7ee4c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
37547531ace324bd45761161e0b85d29

SHA1
4bc7d5e696531f692e16a8c57286d8fe918053a3

SHA256
fd9fc936ec6012fc6bda4d9e414737fba23ba7ef4d8a1b1e4d35d05870fe9902

SHA512
8d03ecbe923d04da66e6f854e8a2dbb928045a3d01876e8b421ff81a5dd53d0e90182d401a581fc84454ff8970e8ebd5d59b70b35832a892834ae9cc357b4ae5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ee632d2a4f86cf425bc65347304053dc

SHA1
46857b961df515a40e23be920999a4b58be9cdfd

SHA256
64daf9fc1e293e418639f9e2284617e0016f6a32ac469847d9c84f38aedb91c2

SHA512
f61df0085954ebe78d4292da1ad21946d6734407d4770e80951153ced17c9f816091416623b8a55856ff72dabe9b0ae6de61e65890e22e080bfd813b1a884002

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0cbad5385a5a28ae7f5218132afe7889

SHA1
402993a667fa865ee19e20dced89b1f8703cd204

SHA256
f7b32ebf43ec84721e5440377564f07f689343bd5d5bba8dc67d53479055c416

SHA512
2e68655daabac115aeedec0dc1d0727ff5da8375acb7a7227f115cc7a72a6215f7622bbe6a177ff21510eae0fbc42b3a91d399a228ee1a301776d8b3b8c2bef0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
df6ab0e0d38401007d47a704f7bb1d13

SHA1
3216680d276200dd5bdf679e77d62bb00fc47dbf

SHA256
b3c7518252a1d7955eecaf28d032628552948bb3eb31c57cfbf98446a5d12dbf

SHA512
b41d94432daacdd77a9f3d00c30019af4ddbce2bf88b33f3fd3cd28e920d56410eb84ba6d7fa79b4678adb5aaeb2eb54f0a5719042cac81054d428052668c9a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9daecac91b94bb361e4fb55f1c863884

SHA1
620f05d25ff047fdee9ed6e14a3ef3058f63cba9

SHA256
6812556c28d5de41106010e69a2dff47d66f2f3369155e8aff17098ac20b2a05

SHA512
3c40de9d0afaf5742148a010f5099710b63941e5e32fedf6f14f24cfaedf3c1f6f2fee25d68fcb855ee3eaf7bbbce98e3c3e82862f695085563ad5f1bce1757a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2a579436b8d5c18877a4662060ec52fd

SHA1
d70ec39005b564cb84338d98005394c07ab2c824

SHA256
ee5412f05de6c6f4407ae728cd9bda3ebbd24ce3c235e9c29c65ba1953fbf2e5

SHA512
22bdc887f944fe82ef2824b148ea5057b695c8c705d965302296eef57cad719545210bb4eeeaa4776292af2d4416f52807973e3557b9d9ce58b617ebcaeba9a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0af76a6b4bf5dd38475d8d57e15ebda7

SHA1
39d623577377ecce40f9eb013ce0e2d7ee2fbcdb

SHA256
d5804c3cc8c151d07f5ae2191eb2b0fd98dd1aa22838c02bd4a4c53c891713e7

SHA512
cf7e39150297a7a2b7d1a19a4d911e2758f9e41c5e6eaa6faf6193e305aedd5befdc328d79c3486db54e3fb3afa7de1fa571ece299859a3da378064859bbbb6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9f336ecc8c6646543b6d1c0ac0aacca2

SHA1
9e6d82ffe1bf9e345887525d296312f35f258934

SHA256
96cf20fbef70524ed30975a43c17d361a590332eafd1dad4b1d6407655033d87

SHA512
56a32c05723df34f0b37cbda74b814657bf129377a4f9f44633d4521049f466a2ca09c9bc7b398b91033c19e19d695a9c3999fda4d283e8c90ff3c25a938f494

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
377a358d32d618f1054d2c5418eac91e

SHA1
803f485abb6e8515246348387b8a1b9d367ba506

SHA256
039cab0295602aa1cc192e31c4dbd091577d29c3101921f8bb67612272775d10

SHA512
65338b4ed8ac9855df1f3dbfc70b5d1dc6603b3e94322499f76c66c67438353834588611212c29e8f7c59281f495f6dbb2b6eaa6ee5748f485d4a98f04efcf66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
624331ea09f099d93bec51695890e246

SHA1
dee7824d349e79e77232103bb5ce459a8f5d7ec3

SHA256
ee20c110c5b342368505fc3156976e3ef3b0422f4b6aa373e63a8fa479f5bbfe

SHA512
a81b9b462b9424afeca699f08a85a0279420d16e1a448c99a7a84e2718fbd56889e245ff514cc259b25b661bdd6d1410842b385ee31e6e86f575d0f485e8705c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
17c27bb82528bc022a3ece277582887e

SHA1
2697d23d65ad29856b93ce114b08c8f3c8a9c830

SHA256
6ca1adfb8862fa3f82aa20e50707e523014b3bbecd050a0ae26e200a7848c721

SHA512
e220e2dcdef71cec5f8efa9a2f9f736553f51cad01bce05d1387d93b7aab20a2860054791132eab38515b78d235783a45221e8b040e099afd9b4a675c11c48c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c9cb5a9bae1d285a373904e12520c852

SHA1
243afd9087b636e40d816181d63a9ea73a4d9b25

SHA256
5f66472a4485e71558fcdc272ab81ebf03985ae3cac539b16020c187f8ce3159

SHA512
da520c5a361acdadfa21a7211be09a9ed5a60fa98e6505ee1bc7bc18d1056be8af915bfbc23b9ce6af31c8cb899d191927c58f1a257e2cc265da2a25e7673be3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
37a105512c63ac36c6f3db51554835ef

SHA1
8e106b96c4b53371ab01b116134d4b609027b931

SHA256
f33166619fed387ed46d7ad8c4b13248b5c8753bb4dec21e699d3bece262e328

SHA512
aab0403d02e9a640a0a815f32cf77f3245fa46eb9fd92516539e4afc7451b51a4816e44bd4b02b43887787059c6075ada6105219db9d83e34dfddcb3317e2bbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
98357882af65772657636f7b67ad2346

SHA1
ef28b23a6e84bd2ba552de6eaad66d0e03f90564

SHA256
81859302d915dcdf96a65b3b489c2f399450f23c100722cbca54efa5bfc743b3

SHA512
29eb2fc1ebe05ae3d7f14b996817f97c53654f0308ddf64b073312be8421c51cd06236a208dbd90e326fe078461c7f976755c129d0c7dc6ff64c21e90649ffa1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
aa2688ef5228ad389e4ba94cd12af15c

SHA1
3b2aadb91785093b535eb2a2049e083021d11239

SHA256
e19f142648b3f4fcff8b28f9dbdcf7b564c47880a3de4965d46a154a4f6faede

SHA512
d81fc6287eb0a9f85f98f347edf3074147b48e64ac28851766b688a0a697cc85bf0fc15ce14a45a51009849ae8719e95f41b210f86de0d7565186caab64b8305

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9abb377f557abbaebdd421be33d2122e

SHA1
970356a77d1a1cb1edfcdce83f4e3bee4f2213a0

SHA256
4b1b931010f26929f35a1bd063ac11546420f8c6072b34e1e82882646e5c6ab2

SHA512
5caba14fab8486e494670ad25a9f9ed2960c315d74e56b1c98a547aea0a3baa86e76fffa9bd904687022d62f221195f0196e9f5c8852958d3edd0fe35073f0f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3b3dd23976bd9d7875851fd092ad1ef0

SHA1
3c3e36a753ca914ae7210e819c67c2a1e7ea0515

SHA256
a116cd44832ef6e8cadc1c9645dd46f9183035913b58c9ef5aecc0cbfa4421d4

SHA512
c355d9c4fda6e0778abe525c50ef1117954f7a0198cff565862b16d235a5b5b396d5f73e145b0ac78b4315ace1c50612845f4e7fa385d600ff395c0a4fa2c2a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
708605a724d0e48fa4d9a30d3f11c7f8

SHA1
361727444654691af09d7ae5494c2ef9973a2510

SHA256
442802dbf682c778192c309c255a3333f7f465fd5bd57c8065268115b5412ea5

SHA512
c7f0ecc00474702ee6c9e1c43e2df5e14ded479aaeef167e206e4dd7dea38b7b8e840a5877e863946f87d875a43c69674c5325a07dd953b5d0f5598afbe1a21b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
623f43eb2a0bccf769326aa50175550d

SHA1
45019fed1f20f8c98936bd547a42af37a228828e

SHA256
42dd6ecd10dfe9233b5b613045a82c846c45f720b53d66d64c83dbdc0dda4051

SHA512
4736ef89049b728912cdb54845d5998c93a5a31e28bb07b5ac600fbb4ded950ed856a05f4b62073eacb2fbd6d963e210548e482a574369205e3ca32cdfafed03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b5f29d5750758fcd09275a084028e8f8

SHA1
8158ec90936fda3b98ca446fc7b65462626bad88

SHA256
c4d7709aa39dd1be6ab8a75cbcc9ff35cffa94a8ab73991980e1b5e352d0b75b

SHA512
821aa3f2de15e81168b9709960fc115561a5a0049cf067c4719d5b3f6dad341f153fd1e3b7e2e9cb171c1c8f75d12fe0f2d8ad12c38be76e2517c109e8f171db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b89aa7c77239af30e4a88f1178d2920f

SHA1
7c7974201370df2324ef393f1f5f955752300dbc

SHA256
025437f1cd0444fae820d5530acf05880373cd0c9ee41826cda43d7e75d06d0a

SHA512
b420c0f58b359daa9be7a253c6e1567d9e30ae52c308bcdb1ca7f83fe2c2bb967f41d0ec6a77be7761ffedff804c49350860da79a2d2a97ef5862c2dd463c460

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3432155a1fcd55bd6329d6f51d9b19d5

SHA1
cbc00919a623c2baac74bba7c149c0548fb584fb

SHA256
a00778ba7820f14f439555160dcd56a14e1da85fe2c983906128f15ae6a95619

SHA512
e6bd8532982c0786240c1cfaf112bff64b601cdbb02bb5239eeadf6f076ca9cdc8aefcaead5bb49ad73b22ca416729ec36701f34f756603577284bd3c7fdd616

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bdd40ebe86ba9c6a63b3f027089792f6

SHA1
0130c9550ed7a60ac99165575c0082cf3b682bc3

SHA256
9f4e1b7ac1132aa9e1a73f23b88f9fc3f421aa334f0a036aba1ab89c51840cb6

SHA512
99087572d0ddd565bee74241b8299402e13e23d5218770f863929c823bcd7c2c19a131489956e546057320fd413907581b5221f298b48aab4597f1bfb491737e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1a99e9ce34f08f55f97570d63c076116

SHA1
973323e214852353058f4028d4464554a64eaf70

SHA256
d8997df805bb0367395dc94dd0f560d7d7ebfe958f7a52aa05d41cf5d6635175

SHA512
ae5a0211ac24e417a18d5cb50c0013386fbb818065541c6e0ab901fb36b0c5089911aacd1e00bad8479cc6c939aecffa6a185cb064077f5e7dc95f25ef2f8132

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ca64e4454c79f404868dfe8d64beddc2

SHA1
551015901dc4a69473bfbde0786be38c82c894bc

SHA256
2b66a2aaf203f52f487123bc0396b7a0bdbd3613d38cea98d554a74e9606b2b5

SHA512
756d03cb496e2228eccc9e97fc4e6424c1780cc17af0842f6c4be125c48d141dd6f767ae59d116b532674b649172bd0943357e0f62333cac149d0b5e903bd2dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8b9c62899fd8fe358d9e941d3ba1d0ea

SHA1
8c8141cfa36325cdb873c1b49c147638b2f193ea

SHA256
b424599ebc09a4c9ddc2766a96990cfbbf9b0039e7483ec94e5d0e53f937e814

SHA512
f05a36f3043eebc0ba65bbe3100fe1b5462b4dd48b27828b639d6ac2b52076b7dc8b8a6ef9695627cfa5800529633aa3214601eb06a17f9e5f7a4a4f8716322c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
ef7fd50bd8ed2df16faf2d4f121ca8ec

SHA1
1e25c51113cc46df4167760187891aa6f27c8197

SHA256
792dcf6b5c8ab95b7ac06185ee724651833bef2f8a0befa78a46d5c9edfc7afe

SHA512
71df569452c3a45de05436c3584226d71337c7d6f6d7d167099bf9601cc3621f76d35726d34b21fdd5bb25f1a8f430a6e098d7b043f21ed4eca4ff9771798195

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b76ada86-470b-4b6e-8cf3-5b2ad6cbfa4b.tmp

Filesize
10KB

MD5
2976779a65ab53e316371fa34b026837

SHA1
90dc08492371ed1daa4a7753583c4e637598a292

SHA256
8f06f445ab710305e5c8fb803953d84410ebae5928d064703dc115ed9f1aecd2

SHA512
22737907da7fb61c318076b651a04f1c3183c43a5fe31655f274b898fb4b0c15a573a30a199b928d3dcef51560048d0de0397df467ef0e8426e4fa1e61f6bf7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
100KB

MD5
c31cc565b093bc334f0d5cb3a6aea10a

SHA1
c8a28cc7b93924e4b4a41ac82d6ccba30d1d31ce

SHA256
970872ac3a9805d8ded83013cd251b60ad232fa8c869011995e26817bdd57139

SHA512
6545a7a14d6e956c8c77f1b1672d4df2e10cc3011794da272e8292cc78c1c409ed08d31f475384df2a8800c1526b236fdb7e8d35434ba7a24b2fee3567e831a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
214KB

MD5
71ad191918cc74d1d1ec5fa58ba76458

SHA1
45c940132362672e5ac4ac85e99f2101dde5a67b

SHA256
77a0b1390c3f5b660390ef877a17e69d463a27a08270e93231fd1b894e0ee77d

SHA512
39a75ce96c15b8e7beba3d5f73154a70077315e72b24402186a834f6597bf0cbb85dcd10f772844550472a3cf4f799c44a1118fa3567aabd51b4a379adf6c2a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
214KB

MD5
a816933a549f43e40d1e538e2ddc43e5

SHA1
5e3a4891726bfee423aaedf076de7aefcb1363d0

SHA256
e567ad5a534cbbea67f959daee85972c810cd3aa6f41815940cce51e17395326

SHA512
ef86fc761e8755409f565680669419f18ee6171645fcda5ed72d64052ccda1c761ac69b7d07b23e14d9e6373ddf2df76b9394e7d436c28bd9670820bf52df8c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
214KB

MD5
1163bef453faec016604a1ef07902eb7

SHA1
f320bf197d8c1ac8b33c8165fc1f13a8762c7899

SHA256
1fdb0c9d76814516d10a12af30a6db2cfd6e613285690a90b4711e8d10806f12

SHA512
94dbc1a49ef5db0db2aebbcef95aa8518c5c7b1914f437f6de61dc1d8382e8810e90e549191ee8001d933345118083269ae2a6a6c0cc13bfdf159f6c0f9b7a29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
214KB

MD5
3ee6ed0a67bb67bfb837e259bc820164

SHA1
f862358c1f8eb9011d083b16058c4259a3abb60e

SHA256
121aeb711614775293419f2ec2282b7a9314ba10225f1e4050c8724892d492bf

SHA512
d9a3c7fbc4d8530a43ad460a01f9c7794dee49dda0480afca55776e44ac08fbaf9eced0db9a3de0e138db4f515a98c8f1f06522e7669c7d75ac7146033f92340

Download Submit
C:\Users\Admin\AppData\Local\Temp\Costura\C5730A4C0FDD612A5678E51A536CE09E\64\sqlite.interop.dll

Filesize
1.7MB

MD5
56a504a34d2cfbfc7eaa2b68e34af8ad

SHA1
426b48b0f3b691e3bb29f465aed9b936f29fc8cc

SHA256
9309fb2a3f326d0f2cc3f2ab837cfd02e4f8cb6b923b3b2be265591fd38f4961

SHA512
170c3645083d869e2368ee16325d7edaeba2d8f1d3d4a6a1054cfdd8616e03073772eeae30c8f79a93173825f83891e7b0e4fd89ef416808359f715a641747d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\ce3ed400-d1e84918ad678b08d2a369a3-Latest.log

Filesize
4KB

MD5
81ac2f2633f7d8a4dc9cc23b211c5abb

SHA1
4f647532900bbfc27cc26e3a55e024f7ffd0b3f8

SHA256
958f1a87a2eebae5ebdf0f6f1d4af834061860e2a9abcdc427da8dcee26e9692

SHA512
96d7dbf59df2f5e59b908312b549cc0ed95afc8ec6ccb46bf3965036f298727f5ff219414d72e51b9f7212bf5d43d2041892cf60a2d821f202dca7316c436b40

Download Submit
C:\Users\Admin\AppData\Local\VyLcvAjyZL9oUxnI4mJV\Anarchy_Panel.exe_Url_bhennukkrj4ap4ybumzdxwrmvm3shh42\4.7.0.0\esse4302.newcfg

Filesize
1KB

MD5
4b01719ab493b81d429c574dbaca15ef

SHA1
719ef1e4e6616a3d8afce09de7f89ddcf186a3a3

SHA256
33ce546b728989bc9ff5dd4c487a87723e5eb7b3953b7cb56e747747411b6c54

SHA512
4d5293d8b58c793bbbe6dedc061cb4fd3e7302771ee91789240ecf80f2f79d08dffc36d148f755107a3d12de6037ab18c57cb42494de80a40d90b64bb04ef234

Download Submit
C:\Users\Admin\AppData\Local\VyLcvAjyZL9oUxnI4mJV\Anarchy_Panel.exe_Url_bhennukkrj4ap4ybumzdxwrmvm3shh42\4.7.0.0\hyjvvlv0.newcfg

Filesize
1KB

MD5
495d368baef768dd527dd8b772702c87

SHA1
20ceb83c7076024e0491f169173607aa4a2e3931

SHA256
38f1820a88401c8e117bfeca56a11aa06dc806a175203e86f323dc6fb81fb3cf

SHA512
75770717f4bc7c9bdd13d747fdcd6306c38423b1b5d908b5d7cdf4da1b7bbe722f65bb52e63c61ca6da89981d8f5a99035c1d610a0fdacb706a046520c291d18

Download Submit
memory/3460-835-0x00000000265A0000-0x00000000266BE000-memory.dmp

Filesize
1.1MB

Download
memory/3460-1602-0x00000000043C0000-0x00000000043CA000-memory.dmp

Filesize
40KB

Download
memory/5836-2-0x00007FFD5E050000-0x00007FFD5EB12000-memory.dmp

Filesize
10.8MB

Download
memory/5836-20-0x00007FFD5E050000-0x00007FFD5EB12000-memory.dmp

Filesize
10.8MB

Download
memory/5836-330-0x00000000219A0000-0x0000000021BF2000-memory.dmp

Filesize
2.3MB

Download
memory/5836-1-0x0000000000460000-0x0000000003AFE000-memory.dmp

Filesize
54.6MB

Download
memory/5836-340-0x00000000239C0000-0x0000000023B0E000-memory.dmp

Filesize
1.3MB

Download
memory/5836-341-0x0000000023C60000-0x0000000023C74000-memory.dmp

Filesize
80KB

Download
memory/5836-12-0x00007FFD5E050000-0x00007FFD5EB12000-memory.dmp

Filesize
10.8MB

Download
memory/5836-360-0x00007FFD5E050000-0x00007FFD5EB12000-memory.dmp

Filesize
10.8MB

Download
memory/5836-13-0x00007FFD5E050000-0x00007FFD5EB12000-memory.dmp

Filesize
10.8MB

Download
memory/5836-8-0x000000001E610000-0x000000001E622000-memory.dmp

Filesize
72KB

Download
memory/5836-361-0x0000000021BF0000-0x0000000021C02000-memory.dmp

Filesize
72KB

Download
memory/5836-362-0x0000000023E10000-0x0000000024088000-memory.dmp

Filesize
2.5MB

Download
memory/5836-0-0x00007FFD5E053000-0x00007FFD5E055000-memory.dmp

Filesize
8KB

Download
memory/5836-3-0x00007FFD5E050000-0x00007FFD5EB12000-memory.dmp

Filesize
10.8MB

Download
memory/5836-14-0x00007FFD5E050000-0x00007FFD5EB12000-memory.dmp

Filesize
10.8MB

Download
memory/5836-368-0x000000001F8B0000-0x000000001F8BA000-memory.dmp

Filesize
40KB

Download
memory/5836-11-0x00007FFD5E050000-0x00007FFD5EB12000-memory.dmp

Filesize
10.8MB

Download
memory/5836-373-0x00007FFD5E050000-0x00007FFD5EB12000-memory.dmp

Filesize
10.8MB

Download
memory/5836-10-0x0000000020070000-0x0000000020430000-memory.dmp

Filesize
3.8MB

Download
memory/5836-16-0x00007FFD5E053000-0x00007FFD5E055000-memory.dmp

Filesize
8KB

Download
memory/5836-17-0x00007FFD5E050000-0x00007FFD5EB12000-memory.dmp

Filesize
10.8MB

Download
memory/5836-800-0x00007FFD5E050000-0x00007FFD5EB12000-memory.dmp

Filesize
10.8MB

Download
memory/5836-18-0x00007FFD5E050000-0x00007FFD5EB12000-memory.dmp

Filesize
10.8MB

Download
memory/5836-9-0x000000001FA80000-0x0000000020068000-memory.dmp

Filesize
5.9MB

Download
memory/5836-19-0x00007FFD5E050000-0x00007FFD5EB12000-memory.dmp

Filesize
10.8MB

Download
memory/5836-15-0x00007FFD5E050000-0x00007FFD5EB12000-memory.dmp

Filesize
10.8MB

Download
memory/6264-2037-0x000000001D040000-0x000000001D0F2000-memory.dmp

Filesize
712KB

Download
memory/6264-1699-0x000000001CE00000-0x000000001CE32000-memory.dmp

Filesize
200KB

Download
memory/6264-912-0x000000001D3C0000-0x000000001D436000-memory.dmp

Filesize
472KB

Download
memory/6264-1206-0x000000001CD40000-0x000000001CDBA000-memory.dmp

Filesize
488KB

Download
memory/6264-951-0x0000000001660000-0x000000000166A000-memory.dmp

Filesize
40KB

Download
memory/6264-945-0x000000001D540000-0x000000001D6C8000-memory.dmp

Filesize
1.5MB

Download
memory/6264-924-0x0000000003050000-0x0000000003080000-memory.dmp

Filesize
192KB

Download
memory/6264-914-0x0000000001750000-0x000000000176E000-memory.dmp

Filesize
120KB

Download
memory/6264-913-0x0000000001710000-0x000000000172C000-memory.dmp

Filesize
112KB

Download
memory/6264-893-0x0000000000CF0000-0x0000000000D06000-memory.dmp

Filesize
88KB

Download