hxxp://monarchinstrument[.]com/Software/Track-It_Software[.]zip

Analysis

max time kernel
550s
max time network
485s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
27/09/2024, 14:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://monarchinstrument.com/Software/Track-It_Software.zip

Score

7^/10

discovery upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation	setup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation	Track-It Setup Wizard Setup.exe

Executes dropped EXE 2 IoCs

pid	Process
3112	setup.exe
3432	Track-It Setup Wizard Setup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\ftd2xx.dll	setup.exe
File opened for modification	C:\Windows\SysWOW64\ftd2xx.dll	setup.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000700000002350c-606.dat	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\MI\Track-It Setup Wizard\FTD2XX_NET.dll	Track-It Setup Wizard Setup.exe
File created	C:\Program Files (x86)\MI\DataLogger\Ship Configuration\Pressure Display ship 2000PSI A.XML	setup.exe
File created	C:\Program Files (x86)\MI\DataLogger\Ship Configuration\Pressure Display Ship 380 Torr.XML	setup.exe
File opened for modification	C:\Program Files (x86)\MI\DataLogger\Ship Configuration\Pressure Transmitter Display ship 3PSI Gauge.XML	setup.exe
File opened for modification	C:\Program Files (x86)\MI\DataLogger\Ship Configuration\Temp only ship blind config.XML	setup.exe
File created	C:\Program Files (x86)\MI\DataLogger\SiUSBXp.dll	setup.exe
File opened for modification	C:\Program Files (x86)\MI\DataLogger\UniversalBeacon.Library.Core.dll	setup.exe
File opened for modification	C:\Program Files (x86)\MI\DataLogger\UniversalBeaconProvider.dll	setup.exe
File opened for modification	C:\Program Files (x86)\MI\Track-It Setup Wizard\Language.csv	Track-It Setup Wizard Setup.exe
File created	C:\Program Files (x86)\MI\Track-It Setup Wizard\Track-It Setup Wizard.exe	Track-It Setup Wizard Setup.exe
File created	C:\Program Files (x86)\MI\DataLogger\DefautlCfg.XML	setup.exe
File opened for modification	C:\Program Files (x86)\MI\DataLogger\Ship Configuration\Pressure Display ship 35PSIA.XML	setup.exe
File created	C:\Program Files (x86)\MI\DataLogger\Ship Configuration\Pressure Display ship 760 Torr Gauge.XML	setup.exe
File created	C:\Program Files (x86)\MI\DataLogger\Ship Configuration\Pressure Transmitter Display ship 100MPa Gauge.XML	setup.exe
File created	C:\Program Files (x86)\MI\DataLogger\Ship Configuration\Pressure Transmitter Display ship 2000PSI Gauge.XML	setup.exe
File opened for modification	C:\Program Files (x86)\MI\DataLogger\Ship Configuration\Pressure Transmitter Display ship 760 Torr Absolute.XML	setup.exe
File created	C:\Program Files (x86)\MI\DataLogger\UniversalBeacon.Library.Core.pdb	setup.exe
File created	C:\Program Files (x86)\MI\DataLogger\Iocomp.Instrumentation.WF2005.Plot.dll	setup.exe
File opened for modification	C:\Program Files (x86)\MI\DataLogger\LoggerUnitRange.ini	setup.exe
File opened for modification	C:\Program Files (x86)\MI\DataLogger\Ship Configuration\Pressure Display ship 150PSIG.XML	setup.exe
File opened for modification	C:\Program Files (x86)\MI\DataLogger\Ship Configuration\Pressure Display ship 550PSIG.XML	setup.exe
File created	C:\Program Files (x86)\MI\DataLogger\Ship Configuration\Temp only ship config.XML	setup.exe
File created	C:\Program Files (x86)\MI\DataLogger\UniversalBeacon.Library.Core.dll	setup.exe
File created	C:\Program Files (x86)\MI\Track-It Setup Wizard\Track-It Setup Wizard.exe.config	Track-It Setup Wizard Setup.exe
File created	C:\Program Files (x86)\MI\DataLogger\DataLogger.exe.config	setup.exe
File opened for modification	C:\Program Files (x86)\MI\DataLogger\Ship Configuration\Pressure Display ship 2000PSI G.XML	setup.exe
File created	C:\Program Files (x86)\MI\DataLogger\Ship Configuration\Pressure Display ship 5800PSI G.XML	setup.exe
File created	C:\Program Files (x86)\MI\Track-It Setup Wizard\AdvancedWizard.dll	Track-It Setup Wizard Setup.exe
File created	C:\Program Files (x86)\MI\Track-It Setup Wizard\WebUpdateSvc4.LIC	Track-It Setup Wizard Setup.exe
File opened for modification	C:\Program Files (x86)\MI\DataLogger\DataLogger.exe	setup.exe
File opened for modification	C:\Program Files (x86)\MI\DataLogger\Ship Configuration\Pressure Display ship 35PSIG.XML	setup.exe
File opened for modification	C:\Program Files (x86)\MI\DataLogger\Ship Configuration\Pressure Display ship 550PSIA.XML	setup.exe
File created	C:\Program Files (x86)\MI\DataLogger\Ship Configuration\Pressure Transmitter Display ship 380 Torr.XML	setup.exe
File created	C:\Program Files (x86)\MI\DataLogger\Freeware License Agreement.rtf	setup.exe
File opened for modification	C:\Program Files (x86)\MI\DataLogger\Ship Configuration\Pressure Display ship 5800PSI A.XML	setup.exe
File opened for modification	C:\Program Files (x86)\MI\DataLogger\wuwinstaller.exe	setup.exe
File created	C:\Program Files (x86)\MI\Track-It Setup Wizard\FTD2XX_NET.dll	Track-It Setup Wizard Setup.exe
File opened for modification	C:\Program Files (x86)\MI\DataLogger\Ship Configuration\Pressure Transmitter Display ship 350PSI Gauge.XML	setup.exe
File opened for modification	C:\Program Files (x86)\MI\DataLogger\WebUpdateSvc4.LIC	setup.exe
File created	C:\Program Files (x86)\MI\Track-It Setup Wizard\wuwinstaller.exe	Track-It Setup Wizard Setup.exe
File created	C:\Program Files (x86)\MI\DataLogger\Ship Configuration\Dual Shipfig.XML	setup.exe
File opened for modification	C:\Program Files (x86)\MI\DataLogger\Ship Configuration\Pressure Transmitter Display ship 5800PSI Gauge.XML	setup.exe
File created	C:\Program Files (x86)\MI\DataLogger\Uninstall.exe	setup.exe
File created	C:\Program Files (x86)\MI\DataLogger\MIBLEClass.dll	setup.exe
File created	C:\Program Files (x86)\MI\DataLogger\Ship Configuration\Pressure Display ship 350PSIG.XML	setup.exe
File opened for modification	C:\Program Files (x86)\MI\DataLogger\Ship Configuration\Pressure Display ship 760 Torr Compound.XML	setup.exe
File opened for modification	C:\Program Files (x86)\MI\DataLogger\Ship Configuration\RHTemp Blind ship config.XML	setup.exe
File created	C:\Program Files (x86)\MI\DataLogger\Ship Configuration\Temp only ship blind config.XML	setup.exe
File created	C:\Program Files (x86)\MI\Track-It Setup Wizard\Uninstall.ini	Track-It Setup Wizard Setup.exe
File created	C:\Program Files (x86)\MI\Track-It Setup Wizard\Uninstall.exe	Track-It Setup Wizard Setup.exe
File opened for modification	C:\Program Files (x86)\MI\DataLogger\Ship Configuration\Dual Shipfig.XML	setup.exe
File created	C:\Program Files (x86)\MI\DataLogger\Ship Configuration\Pressure Display ship 35PSIG.XML	setup.exe
File created	C:\Program Files (x86)\MI\DataLogger\Ship Configuration\Pressure Transmitter Display ship 35PSI Absolute.XML	setup.exe
File opened for modification	C:\Program Files (x86)\MI\DataLogger\Ship Configuration\Pressure Transmitter Display ship 760 Torr Compound.XML	setup.exe
File created	C:\Program Files (x86)\MI\Track-It Setup Wizard\Freeware License Agreement.rtf	Track-It Setup Wizard Setup.exe
File opened for modification	C:\Program Files (x86)\MI\DataLogger\Ship Configuration\Pressure Display ship 100 MPa G.XML	setup.exe
File created	C:\Program Files (x86)\MI\DataLogger\Ship Configuration\Pressure Display ship 150PSIA.XML	setup.exe
File created	C:\Program Files (x86)\MI\DataLogger\Ship Configuration\Pressure Transmitter Display ship 150PSI Absolute.XML	setup.exe
File created	C:\Program Files (x86)\MI\DataLogger\Software User manual.pdf	setup.exe
File created	C:\Program Files (x86)\MI\DataLogger\UniversalBeaconProvider.dll	setup.exe
File opened for modification	C:\Program Files (x86)\MI\DataLogger\UniversalBeaconProvider.pdb	setup.exe
File opened for modification	C:\Program Files (x86)\MI\Track-It Setup Wizard\Track-It Setup Wizard.exe.config	Track-It Setup Wizard Setup.exe
File created	C:\Program Files (x86)\MI\DataLogger\Ship Configuration\Pressure Display Ship 760 Torr Absolute.XML	setup.exe
File opened for modification	C:\Program Files (x86)\MI\DataLogger\Ship Configuration\Pressure Transmitter Display ship 350PSI Absolute.XML	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Track-It Setup Wizard Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cacls.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
behavioral1/files/0x00070000000234e1-550.dat	nsis_installer_1
behavioral1/files/0x00070000000234e1-550.dat	nsis_installer_2

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133719204647592561"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000624c7b65d7e4da0162be5c88dee4da0183372f92e810db0114000000	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Documents"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\NodeSlot = "2"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 000000000200000001000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257"	chrome.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
1964	WINWORD.EXE
1964	WINWORD.EXE

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2892	chrome.exe
2892	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1572	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe

Suspicious use of SetWindowsHookEx 16 IoCs

pid	Process
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
3112	setup.exe
3432	Track-It Setup Wizard Setup.exe
1964	WINWORD.EXE
1964	WINWORD.EXE
1964	WINWORD.EXE
1964	WINWORD.EXE
1964	WINWORD.EXE
1964	WINWORD.EXE
1964	WINWORD.EXE
1964	WINWORD.EXE
1964	WINWORD.EXE
1964	WINWORD.EXE
1964	WINWORD.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2892 wrote to memory of 1628	2892	chrome.exe	82
PID 2892 wrote to memory of 1628	2892	chrome.exe	82
PID 2892 wrote to memory of 4780	2892	chrome.exe	83
PID 2892 wrote to memory of 4780	2892	chrome.exe	83
PID 2892 wrote to memory of 4780	2892	chrome.exe	83
PID 2892 wrote to memory of 4780	2892	chrome.exe	83
PID 2892 wrote to memory of 4780	2892	chrome.exe	83
PID 2892 wrote to memory of 4780	2892	chrome.exe	83
PID 2892 wrote to memory of 4780	2892	chrome.exe	83
PID 2892 wrote to memory of 4780	2892	chrome.exe	83
PID 2892 wrote to memory of 4780	2892	chrome.exe	83
PID 2892 wrote to memory of 4780	2892	chrome.exe	83
PID 2892 wrote to memory of 4780	2892	chrome.exe	83
PID 2892 wrote to memory of 4780	2892	chrome.exe	83
PID 2892 wrote to memory of 4780	2892	chrome.exe	83
PID 2892 wrote to memory of 4780	2892	chrome.exe	83
PID 2892 wrote to memory of 4780	2892	chrome.exe	83
PID 2892 wrote to memory of 4780	2892	chrome.exe	83
PID 2892 wrote to memory of 4780	2892	chrome.exe	83
PID 2892 wrote to memory of 4780	2892	chrome.exe	83
PID 2892 wrote to memory of 4780	2892	chrome.exe	83
PID 2892 wrote to memory of 4780	2892	chrome.exe	83
PID 2892 wrote to memory of 4780	2892	chrome.exe	83
PID 2892 wrote to memory of 4780	2892	chrome.exe	83
PID 2892 wrote to memory of 4780	2892	chrome.exe	83
PID 2892 wrote to memory of 4780	2892	chrome.exe	83
PID 2892 wrote to memory of 4780	2892	chrome.exe	83
PID 2892 wrote to memory of 4780	2892	chrome.exe	83
PID 2892 wrote to memory of 4780	2892	chrome.exe	83
PID 2892 wrote to memory of 4780	2892	chrome.exe	83
PID 2892 wrote to memory of 4780	2892	chrome.exe	83
PID 2892 wrote to memory of 4780	2892	chrome.exe	83
PID 2892 wrote to memory of 3180	2892	chrome.exe	84
PID 2892 wrote to memory of 3180	2892	chrome.exe	84
PID 2892 wrote to memory of 1928	2892	chrome.exe	85
PID 2892 wrote to memory of 1928	2892	chrome.exe	85
PID 2892 wrote to memory of 1928	2892	chrome.exe	85
PID 2892 wrote to memory of 1928	2892	chrome.exe	85
PID 2892 wrote to memory of 1928	2892	chrome.exe	85
PID 2892 wrote to memory of 1928	2892	chrome.exe	85
PID 2892 wrote to memory of 1928	2892	chrome.exe	85
PID 2892 wrote to memory of 1928	2892	chrome.exe	85
PID 2892 wrote to memory of 1928	2892	chrome.exe	85
PID 2892 wrote to memory of 1928	2892	chrome.exe	85
PID 2892 wrote to memory of 1928	2892	chrome.exe	85
PID 2892 wrote to memory of 1928	2892	chrome.exe	85
PID 2892 wrote to memory of 1928	2892	chrome.exe	85
PID 2892 wrote to memory of 1928	2892	chrome.exe	85
PID 2892 wrote to memory of 1928	2892	chrome.exe	85
PID 2892 wrote to memory of 1928	2892	chrome.exe	85
PID 2892 wrote to memory of 1928	2892	chrome.exe	85
PID 2892 wrote to memory of 1928	2892	chrome.exe	85
PID 2892 wrote to memory of 1928	2892	chrome.exe	85
PID 2892 wrote to memory of 1928	2892	chrome.exe	85
PID 2892 wrote to memory of 1928	2892	chrome.exe	85
PID 2892 wrote to memory of 1928	2892	chrome.exe	85
PID 2892 wrote to memory of 1928	2892	chrome.exe	85
PID 2892 wrote to memory of 1928	2892	chrome.exe	85
PID 2892 wrote to memory of 1928	2892	chrome.exe	85
PID 2892 wrote to memory of 1928	2892	chrome.exe	85
PID 2892 wrote to memory of 1928	2892	chrome.exe	85
PID 2892 wrote to memory of 1928	2892	chrome.exe	85
PID 2892 wrote to memory of 1928	2892	chrome.exe	85
PID 2892 wrote to memory of 1928	2892	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://monarchinstrument.com/Software/Track-It_Software.zip
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9778fcc40,0x7ff9778fcc4c,0x7ff9778fcc58
  2⤵
  PID:1628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1892,i,872698336398914636,830089186577532173,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1572 /prefetch:2
  2⤵
  PID:4780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2120,i,872698336398914636,830089186577532173,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  PID:3180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2228,i,872698336398914636,830089186577532173,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2200 /prefetch:8
  2⤵
  PID:1928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3036,i,872698336398914636,830089186577532173,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3068 /prefetch:1
  2⤵
  PID:4144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3048,i,872698336398914636,830089186577532173,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3096 /prefetch:1
  2⤵
  PID:1204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5000,i,872698336398914636,830089186577532173,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5008 /prefetch:8
  2⤵
  PID:552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4500,i,872698336398914636,830089186577532173,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:3352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4792,i,872698336398914636,830089186577532173,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5420,i,872698336398914636,830089186577532173,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5400 /prefetch:8
  2⤵
  PID:536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5288,i,872698336398914636,830089186577532173,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5564 /prefetch:8
  2⤵
  PID:3224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5436,i,872698336398914636,830089186577532173,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5400 /prefetch:8
  2⤵
  PID:4336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4628,i,872698336398914636,830089186577532173,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:3592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5872,i,872698336398914636,830089186577532173,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5916,i,872698336398914636,830089186577532173,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5772 /prefetch:8
  2⤵
  PID:1428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5188,i,872698336398914636,830089186577532173,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6016 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:1572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=6016,i,872698336398914636,830089186577532173,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5924 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4672

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4828

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4752

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:820

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap19316:96:7zEvent11288
1⤵
PID:1332

C:\Users\Admin\Downloads\Track-It_Software\setup.exe
"C:\Users\Admin\Downloads\Track-It_Software\setup.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3112
- C:\Windows\SysWOW64\cacls.exe
  "C:\Windows\system32\cacls.exe" "C:\Program Files (x86)\MI\DataLogger" /e /t /c /g Users:f
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3056
- C:\Program Files (x86)\MI\DataLogger\Track-It Setup Wizard Setup.exe
  "C:\Program Files (x86)\MI\DataLogger\Track-It Setup Wizard Setup.exe" /S
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:3432
- - C:\Windows\SysWOW64\cacls.exe
    "C:\Windows\system32\cacls.exe" "C:\Program Files (x86)\MI\Track-It Setup Wizard" /e /t /c /g Users:f
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4172

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\Track-It_Software\Release Notes.doc" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\MI\DataLogger\CR95HF.dll

Filesize
236KB

MD5
1833ced9d7840a101f91a48c2541428b

SHA1
ca5321104e170a9f8562bbe85a33171f4f08b5ef

SHA256
5415511813674812c672866cee1f1d14cc60eb3e68c9ae19a9a5f5d1a5b1fd66

SHA512
59fe817a3e0fb0c2db83337ccf998b003b6dbfd02a8ac1590255e20b2a5db9810f1796a36d17e0b38449246e73042de99d3de86f805faae036fe13edc1479f7e

Download Submit
C:\Program Files (x86)\MI\DataLogger\DataLogger.exe

Filesize
1.4MB

MD5
5782247a9fb7122c7413ed508b4494cf

SHA1
f4f61af7184587496f9e3d046a1e92ef0d8c7eb3

SHA256
7ade957289b651727af4b5856f166a34b6d45febb19769a2efd44022f6951f9e

SHA512
776c56536301b67b6aeb2b2ca461e919cf266a5bb4e680ea548c1047d781b0777d658014a1fda1902e8c608edb386f90d19db1fd9d18bb48b861fb0b63c98ac3

Download Submit
C:\Program Files (x86)\MI\DataLogger\DataLogger.exe.config

Filesize
144B

MD5
e0d80706c31ea90fd5d09fcb3b2d49f9

SHA1
729ccdce546366ca702862cd957e91025537f3cd

SHA256
50c9c9f3cc99f39697cf537ff09c98f42f023c474cc12fe1deba11894cf52c07

SHA512
bf5a8e88f2554572157d044e0d9811bf8a6699e9cfce60d53d0df1b1fe5db8b9cddd56ed64b8dc38e0ab535122a57fee99359ec1407d4878133f66eea7201c4e

Download Submit
C:\Program Files (x86)\MI\DataLogger\DataLogger.pdb

Filesize
1.3MB

MD5
9e12defafdc6395b24c9b8039f8b45fa

SHA1
9a75e3e73a91f5de7d11ad2197d061daf976123d

SHA256
a97962800dbbe446a889943f30df2e538b5b433fd2e6572d5b0ce8df7cf57fdf

SHA512
17c6f8ef82c77a5df883c383a7e29e3d10c2d38a4fdeaa9745815e3bb53ce3ea40d22f613f0e6f49995194db556af7bf5c84151b8ce10500ac42bed2e20c34f4

Download Submit
C:\Program Files (x86)\MI\DataLogger\DefautlCfg.XML

Filesize
2KB

MD5
ed8bf1ba09a1b7377cc4e209b0200519

SHA1
0e8727b4510cf30dee4cb38bafa005aee6f0cc40

SHA256
5de5af370d862321d3ce81b4fe4123bbc9b4d1183ad9dbb28d81ef824577dbdd

SHA512
009aa47cc69e28626ea341530c7feefddcef4ccf82bed9a35745d48467117d68aba5be5e27920af091dde4bf4d6352617c583602753ec5341aaff63836c18097

Download Submit
C:\Program Files (x86)\MI\DataLogger\FTD2XX_NET.dll

Filesize
69KB

MD5
242abdb6dd9d0253055ef10b40d02c16

SHA1
f4c9c310c80f52d5f855116de83e80fdb835c1ec

SHA256
6f2f2f9ed33628bc844fd95dff622105f7bb42cf6db69bb9e9ece1503d56e592

SHA512
06f83a3c4c404ec9fe75138a4d04ec1836c760252838917b31133aa8affd73e4a7f4ed28b03f3f376fc61bcd9dfc7ddff5cd11cd3f02663ad337f0e98eee99fc

Download Submit
C:\Program Files (x86)\MI\DataLogger\Iocomp.Instrumentation.WF2005.Common.dll

Filesize
1.3MB

MD5
ab258b40d6df42d209c73e986a5c64df

SHA1
a579f2cea2863af8a0953a8717627a45321c7ab1

SHA256
7e879cc619245340229d385c82d4bbc5992d5f0d73410388a90cad4c017072e2

SHA512
71126ee1d67f923a3cc5c41580f16a00f87c7e2006de0813e75d044a9a42ff7aee7deca5c432526c18b84186bc5683dd8a8b1de5f4bcbb9e2b2cab6785c2e360

Download Submit
C:\Program Files (x86)\MI\DataLogger\Iocomp.Instrumentation.WF2005.Plot.dll

Filesize
1.5MB

MD5
dce994bb7d4dacb6dead16d68165032d

SHA1
a2ab0d2bcf97ea34b9a89e49a7b036f7b58b5578

SHA256
ce1cc38a78eea74af1490d300522a05257e9013d6ec10564c8ccfdf25cabe8af

SHA512
ca8087adb0629143bcb2c580b691397bcdff50e9b7a657c5b845fa22bbf7ea66ebea78835d285493e51f27c82983725776b6f6184db79efcd63573d5e00f7160

Download Submit
C:\Program Files (x86)\MI\DataLogger\Iocomp.Instrumentation.WF2005.Std.dll

Filesize
780KB

MD5
785427f21d22496ab16b1ec7e327dd6b

SHA1
96d043ec6b8a2b89844e43152f040a032944109c

SHA256
e17ce069e1a39d886b8068b602ba680fd0e99c435d96fd669b4c76f869f985e7

SHA512
b20e0d5e6252bb93bafa9d1406d5b9d3e1c0fb01e4ebd715cf1b1adfcdfde5d7a07c0b9fa19d0667fc6693f2f5060fc9cd2edf9f8ba0565650ecb42f17df9d3d

Download Submit
C:\Program Files (x86)\MI\DataLogger\LCDM2B__.TTF

Filesize
26KB

MD5
faed5facdca55fbe0330426dd38c4079

SHA1
befe2e88d640e593c0381494c70f6fbf6714449f

SHA256
808659934d0c1f2d0026035ac8a45b8c2fc7f6df1bda0a9058c40aadfbc37ebe

SHA512
b2f275ebcad6a5aa203774ee9ea95e89d2d600057bb40c791c390cd1687c60adae30547f59ea189fec8e70a4991af125856a1b7e05e0d75ffef2ac3f5f7b3b11

Download Submit
C:\Program Files (x86)\MI\DataLogger\Language.csv

Filesize
119KB

MD5
f8e1edb25f59b1c28f7cc6386d86fb76

SHA1
4afcf5320fa82ea8a836a269e8cf0dc2fab2b4f6

SHA256
1b0bcbcf1530411800c47dc315795e7428036c419e0066e371cb3ee9c884ba1e

SHA512
645a9a636abfe262aa6d321641edc67ae304767b337490cbf8b5baca28afec26b7e80c335214af076f18ad2aaa4a916291450a9da14ef9b0d4f9e5d6bf2d0e6d

Download Submit
C:\Program Files (x86)\MI\DataLogger\LoggerUnitRange.ini

Filesize
539B

MD5
210e6a6b98e7a0cf540ca74a3828c354

SHA1
725d5ceb316ac3580fbabb6d127632ede8012922

SHA256
c9e035f1aa1e78cee9d21d53aa9c44e746c942ae00cb36f47fba3b35dc5c8d7c

SHA512
934e52c26cfea51a351f67be2ba42a85774cf22122a3a01e3365e402c4c5d3a0e8fc531ed9f0b29611f5f1204ddfbdff454a5fb6afd568137eb42e9a199cb2fb

Download Submit
C:\Program Files (x86)\MI\DataLogger\MIBLEClass.dll

Filesize
71KB

MD5
5a4e3ce2ad5001e17bce737f9f120ca3

SHA1
8a4d19753e46d8a4d5b5058e8e7ca67385bacb3b

SHA256
1f729f57b4b3fbb3a24482e1eb80bd8409c555eff224b89b59b6f35157674f81

SHA512
cc6abe7f5b3c3925aa6304d59c4bc713c1bb3c48968a7d0be785a1432b4d7ee6787692aad177eb81e55a32733dd4db02c097a5f8aa254570945d6922da324f28

Download Submit
C:\Program Files (x86)\MI\DataLogger\MIBLEClass.pdb

Filesize
25KB

MD5
efea48539ebc1921378c5ca3ebfb3fb0

SHA1
bd4f2eab6fb9b3c6d4f167d0ce98fe6728aa4341

SHA256
1c57f0b6d19d874944c862c383bc1be3e21be3043cd8953b83d1bfe1f0005625

SHA512
6517411622e717c4415f3df1d2889e4a059abf73274e4e0ec40cf60b813e37eebfe0fe08e92bffd6ab9d4e0a1f75650ac4d3d2c0433b914e930f7adfce8064f7

Download Submit
C:\Program Files (x86)\MI\DataLogger\NavCDL.ico

Filesize
2KB

MD5
f70856955b58bd88d5969fcb0f1adfed

SHA1
b1e1d03746f0e96b38f85b1bd3f6966a4536774d

SHA256
f9f01ea8474def01335f78ec47671e143531048a2b757c4d90e0dfdfd59d4eb7

SHA512
1175857759c14e4cd1d70ecdc2cd393266546309ff0ddc9f84166f13ea81ef97276e47d26de59da3075442b3a98c80e67be42de2b42e2aed612855d5ecada8ce

Download Submit
C:\Program Files (x86)\MI\DataLogger\Ship Configuration\Barometric ship config.XML

Filesize
2KB

MD5
6a87c9f1b7876693a1970acfdcaaf1cd

SHA1
452a8e59b4d6ecf1eccef086918f91bdf16fe905

SHA256
580cc38ebd9c3650b08c0b715eb13fd2253e4d32085a245f9639dc84f31f7e55

SHA512
a67c4499715f7c8fd52a2c98b43a91e513168075c3a719dc33835a48b1f07cc266acb4b014e9ab988d95ad2a5355d16a58f74e5c10adc32f37c4184a1d3f9dac

Download Submit
C:\Program Files (x86)\MI\DataLogger\Ship Configuration\Dual Shipfig.XML

Filesize
2KB

MD5
137953a3e0f1c8dfc2804240bc9a24ae

SHA1
9e2504afe296d25827253f13382161ff2c8edcd9

SHA256
9c7f32d3cd01e6879da099cf663cbdbe4db5608b02cfa43611cc0976a5f7d138

SHA512
ecc81123f253bf14e1c03049047f7999c9929a3b5e7b7830f537bdcabd81d9adedd5e69250a8b70d628f6b3cfe2d767134b087266040510b5be4f72470750406

Download Submit
C:\Program Files (x86)\MI\DataLogger\Ship Configuration\Event Logger Ship Config.XML

Filesize
2KB

MD5
d3db81a0b6bc432f8e3670095d06d42f

SHA1
b2f0b3b76c8829505f9cdf30deb1fcef86981f50

SHA256
1b8772c21557c2897007a6e0deb41bd2b74c61a389051a8dfff6e652d3ac00fb

SHA512
3a67bb2a5c1cf6dce2f30190d6df9a1feb043b77cfb597c07c598320ac6fb2ed24280f291b10698c991097f82346ffcb36477ce6906a37b8fe92ff6e1a7609a4

Download Submit
C:\Program Files (x86)\MI\DataLogger\Ship Configuration\Pressure Display Ship 380 Torr.XML

Filesize
2KB

MD5
0fd378703e0aa9c9b9f0953350dd60dd

SHA1
79d4e5ad96e9990fb711e87cbaf3f82ce96b24ad

SHA256
ef243880a4542c985e593c783c1eb411fb9d4d01689036d60bf82ec21c6ce908

SHA512
9ed391de97579377d7daacdc21114a509ad6d4e063fe285da0a1c1446aa2ef5fd19df7ecbeebf6396a1cd8c925aaccfed1cbefbb15922375394f02ecb2e72bc7

Download Submit
C:\Program Files (x86)\MI\DataLogger\Ship Configuration\Pressure Display ship 100 MPa G.XML

Filesize
2KB

MD5
589a916580f5c0b902ce3b854cbf97eb

SHA1
2e3b85d6efffa020dd8513bc662f7eb7d70da37d

SHA256
864f94f74ed947eaa812e3045d7a47c035cf50bcf5650356dadb85edc236e65b

SHA512
2c81c2304e9d0743430d23b4579889816e18a81181182d2ecda9c9e2c3ce6ba26bbe5a3172667456182e919a9e88c8026b93eaebc82f600c685fddd0f137928d

Download Submit
C:\Program Files (x86)\MI\DataLogger\Ship Configuration\Pressure Display ship 150PSIA.XML

Filesize
2KB

MD5
c244c6c6877266a6f1ae39d09840044a

SHA1
1ecac7cba0116e49e77760d202d55aa060d53369

SHA256
87363a627fb08ef8dada98582d204db9bd6e08d52c02f5384a1231069909c55e

SHA512
2ec026f7dc14ff922d7f8d5db6fe14845dffd4f532d0367641b1269e5101b98550af9dbcca5b638ee254b560f56a98fb8b49c039ef7dfa6b61cf805e3e7bff5b

Download Submit
C:\Program Files (x86)\MI\DataLogger\Ship Configuration\Pressure Display ship 150PSIG.XML

Filesize
2KB

MD5
0030084c220653022e600bc13f924e31

SHA1
d703c4f6c89c2ee4c91a7df00388a476e360ec65

SHA256
9f577e81cdeee28b36e67e1c98f585ab7abc6a9675efd3c4eab88b8f664ffa86

SHA512
3105425d431868beaa3b1653680e3d1759a89884a53aefec2e7730e4e7b5ad0ed55fec30d2da22f26dbdea2ac102e5e03688f730d63976a5134dd760a44a9fae

Download Submit
C:\Program Files (x86)\MI\DataLogger\Ship Configuration\Pressure Display ship 2000PSI A.XML

Filesize
2KB

MD5
509d87929c8941e83f71c006b96342de

SHA1
71111fd7658a49d79477782e7c45f06b8d60a6fb

SHA256
15b1266e486b53662ffeb5efd0cab4775a7a21f10b637f6abffa4034bfe6b542

SHA512
f765e71d2ac4dc07b5389bd4220e07cba30ae0bf5c2cf091826f73d8c230250b088bb7a25be8225e1d0bd81cee42307012ced8e6d3179a82ccb5912decf43df9

Download Submit
C:\Program Files (x86)\MI\DataLogger\Ship Configuration\Pressure Display ship 2000PSI G.XML

Filesize
2KB

MD5
74258f3171eaa8181c55c927f1ce8ddb

SHA1
f0ded4a691481b61bce3de3e9aa3f701d314d72a

SHA256
3ab9dbc2aa51b18499798c83d149f7c88b5dbd8d84d29a3356495e111745e911

SHA512
2754e1f1ab3ff6352a96cdde73ad34c92a02e5266386e91ecba145c244f881316d7d12a4083fd733505c7950dea3700b3432da165b19c4396e8a5ad90e2e5139

Download Submit
C:\Program Files (x86)\MI\DataLogger\Ship Configuration\Pressure Display ship 350PSIA.XML

Filesize
2KB

MD5
95396d605217c2d0dc495c4d980009e3

SHA1
b24693f4b068b737bf4278fa24b1c0dbb138521b

SHA256
85e1f7f64580513a2935b34e9e381cf60ec7a69d151e0d25759526dfab93341c

SHA512
74dbf9fa6a7851234fb59245db79a05d731534c73930eca08ac6eb135f2aee605fa8b62de18191a5a450d98273d6334f08ddbbf2c7a4e4b6d98f0ad136bba5c6

Download Submit
C:\Program Files (x86)\MI\DataLogger\Ship Configuration\Pressure Display ship 350PSIG.XML

Filesize
2KB

MD5
9df69af9e402717ce1b32be1c553548a

SHA1
57814b09ff0ee0c59e17431dd19894a1cbe6ad8d

SHA256
25827c133d66f08022609d7866edbf53263dea507b76d0d6cfc1087bb520c173

SHA512
79167d6f50f23fb2b439ceb6c3c469c73c0791ffbb6a15b4f16827cb37a357bf44de57341ad9d0338982b76df752dcb9a7840921318b41db0a482a0abb53f929

Download Submit
C:\Program Files (x86)\MI\DataLogger\Ship Configuration\Pressure Display ship 35PSIA.XML

Filesize
2KB

MD5
d9123cce09861ec9e85598c7ba85ee7d

SHA1
134ab088f5e3a2f267adfb3b7bf02cfa4407931d

SHA256
d1df3e682746f3555aceb82031340363226dbec51a9a841c28bc351422db4415

SHA512
6aa7b4fa779324e8fd46386b8f7dbc47a080849daf2237aaf6ae52c861a80ba5c1457bd77db4bff55161e94179be39c990c9fb8b1599a3af3ab1a967c1e9af33

Download Submit
C:\Program Files (x86)\MI\DataLogger\Ship Configuration\Pressure Display ship 35PSIG.XML

Filesize
2KB

MD5
4c58fef2aa074a5ef37d2be4474e646f

SHA1
9bf1ecf796ebf9fbd8dbed10bed89001a0e5d01f

SHA256
8ba60f8f53f96f2e06e9324375142afd4b1cad458270a120a8aec52c632988a0

SHA512
b7fb9ef2dae8da73b3a3d6dd904c7ce1345a9a0fbc8bde18fba6869058c309182c26469eccc72faf86c3b77a3c7611bc907795f428020b8c81b408cf285a7fce

Download Submit
C:\Program Files (x86)\MI\DataLogger\Ship Configuration\Pressure Display ship 3PSIG.XML

Filesize
2KB

MD5
fcd82d5dbd3287dbbd321bbd4faa2bc6

SHA1
a1891e4aa7e911cd390a62dc6ae65e034f38b481

SHA256
0e6876dc1fdca2580a1f4f74d3626d54bb70ee4ed06103fdcd38fe9a1afd409b

SHA512
5156903531d8ba7c8979b7f3970cc9ce410b3efb8a360bb53f7334180aa9feeabb0248a43877e5d47f6b1e1a205f6cdac54c821d8e248ed2276eca33bc03e65d

Download Submit
C:\Program Files (x86)\MI\DataLogger\Ship Configuration\Pressure Display ship 550PSIA.XML

Filesize
2KB

MD5
b8876acafd5aef02f3e499d8a1cdc94d

SHA1
75f3dc6fe101fef2c1d16c602569031b9b4bb709

SHA256
142b4e8dbd0bd1a9ec3ff1c963a96bd33167be94fc7067dff525e62f7ef48cd9

SHA512
a45a27ec1a4985be6f3176fbecbeddfdd0853920c022f05f747cce83274a13b818ba7601ad630d460caa62d1b31e2b926e942bcea2eeafa14954b1a5afee04c5

Download Submit
C:\Program Files (x86)\MI\DataLogger\Ship Configuration\Pressure Display ship 550PSIG.XML

Filesize
2KB

MD5
2500be67415ab67c7a07501bb3d1deca

SHA1
025fc63b23de7526a9764fc7f0339b4a989e9502

SHA256
15a5cdf9f9bef854d663cc60c85bcf8afd3c5f02f1da9fef0d4df41dab29d567

SHA512
07a816c5a4f6fe05c669b98a5cbe1625dcd15caa6a48e3862dc32fdf21bc34478590a59e669bfcc98882a591d950d7f47c4a87bc0a5a182c506c6f1d0c388e6d

Download Submit
C:\Program Files (x86)\MI\DataLogger\SiUSBXp.dll

Filesize
88KB

MD5
75355d591ffed68a6feabcc3592380a4

SHA1
3a607e027e7d576d1896bd2791da39948168228b

SHA256
2610f30598b34925b3f65275a42d69edfe61715beb3c6a722485bb8d9eefbd2b

SHA512
b70297d8eaa2812e83f2cda00f448816b15e4d60e999c3267d932fa42dd0b97a7b027649bb85cadf2f2e5c1f6c9745a08f9b7aeb2408319486239b96856440d0

Download Submit
C:\Program Files (x86)\MI\DataLogger\Software User manual.pdf

Filesize
3.5MB

MD5
cac3addc1e7a9a7b745329127073f42e

SHA1
09ca796d6a878b142193d0ad99061b0448aa13a5

SHA256
af625e5d6ff00e44892b33d50c84280d2569de929ccf94234e2d2731e390a5f0

SHA512
5ed00908aa97b64adac1a2b0c227181457ae77b374845bddb368842cc3d565fd62559e4abafaae2ee2601395072bef2f0a53a69a07c0e3cf7c2c3e608d1b2128

Download Submit
C:\Program Files (x86)\MI\DataLogger\SourceGrid2.DLL

Filesize
196KB

MD5
6da0b451a6c0dd4f0f2180864038b1ea

SHA1
0ef1ff4bff164c90800ba42f5e14173730913b3d

SHA256
4ab1ae4f48390aa8f0308ec66e30965e59cb541086d354b9ec1d66163fa44897

SHA512
c83550b45d34932b714e1f40fc5f59e7539a7c6130a3419bccfb8c2d3f17926abb62805cb7b79f2d433f93fad230a41e3f8f252221ca483801bbf7414d3bb457

Download Submit
C:\Program Files (x86)\MI\DataLogger\SourceLibrary.DLL

Filesize
132KB

MD5
c95d002cf209bfffe6835ef4541b5f7e

SHA1
924cca3def28529b8622e3e8e54f1f54eab61eed

SHA256
702c46e5cfe9b2be79bb578e99570242459ea33cfeafdee5568edbfd53ed619b

SHA512
083a2d99e1ab6bc673c86bbc18bbbcf0becb89bd5317551f26fbda54ea478f15616915bc2147d13910386317317ffad3db2d66745296acc56788998f924ebae1

Download Submit
C:\Program Files (x86)\MI\DataLogger\Track-It Setup Wizard Setup.exe

Filesize
5.2MB

MD5
3e5b4a1e7eb886b83edd01620114e37f

SHA1
e6ed45ba96d77e07742e46715eaa4a8ad07154fa

SHA256
1563b52ad857447f74ca55e874f80df0c389be6a40bdf7299d7c3f971fbf5023

SHA512
9cae2b2747220604c63eef6eb0c3898edca1b05c9530434daff4a61e0a7d5cda4aae8dd77e7f75df8cd98acd622126dc2789ae8f70d1280dc984268856696083

Download Submit
C:\Program Files (x86)\MI\DataLogger\Uninstall.ini

Filesize
4KB

MD5
965889bd4949098cc1250a01cb9dd6df

SHA1
fbbf5469a5fc2e8bc6f420f7d4f6af60cf5bf1b1

SHA256
e1b2079d0aeabb67ba23e001d65807a79468565950f577c49f243052fdfd1451

SHA512
5838b7bd0ac37be6a54b0d9c76adda11fd962741f255807fb8f4875ab1bf276fe9dd4e1b47b0ea7a6060f0ca560d715e25c9fc4e9a00acdebb023d1adfbd39b8

Download Submit
C:\Program Files (x86)\MI\DataLogger\UniversalBeacon.Library.Core.dll

Filesize
33KB

MD5
205352c820bbd9f0b893b60be054a66c

SHA1
9c508df90e62e00453e17ca505239d8973cb608e

SHA256
751e10c2ff31ce4bb36992ecf2cfacb10d14877672b33085a5376afee8e4f1d7

SHA512
237f779b66e9284c5d07313f744ca4d77e1a547f233ef190140a95cbf7d5ba4370fb26b7e171a6068936c9cb99827b67f8dfe5c7048e398fdc5d6dd681d35ba1

Download Submit
C:\Program Files (x86)\MI\DataLogger\UniversalBeacon.Library.Core.pdb

Filesize
19KB

MD5
e8993003e7aad8a176d6cd530addd9d4

SHA1
bcbe7b9d2d45d786ccf3226c17c4373135d45a92

SHA256
d8e64f174018fb0b908fce8624236876b34099a545510f84a50164321e54f331

SHA512
d1177f0823bc9e988b2d577ae6ff8ecdeae822e9e26085688cbb3d87eb8fe61a977d10431db1599f7848e1987b59aa5c1dfb315d1df0e7cc0e8a5fe99ac05e92

Download Submit
C:\Program Files (x86)\MI\DataLogger\UniversalBeaconProvider.dll

Filesize
9KB

MD5
cd3949a069aa83d1425066ec111e3496

SHA1
759560add70a426ce3b6f1f7b8e4865831525d73

SHA256
4446c81a51232c58cf4151a644621187b3062195033728d84beb6039851fd4bd

SHA512
bbd3ea53df577db700eacc08f8901e4b65d636df53645a8e925219e9a87803760f6f7583dcbefb0345d0ca6e01392957d59273b9c5e96c00e7c88a5656f08663

Download Submit
C:\Program Files (x86)\MI\DataLogger\UniversalBeaconProvider.pdb

Filesize
8KB

MD5
e61b2ecd79f9cba189361f765863032c

SHA1
de9c3402bb95868727e4b47a0064e5ad2931cc5f

SHA256
e4c764a395cecb7b4d86228fe827ddd79cb4bb26481a706767f83c78384af2a2

SHA512
1c07c356e6283094088c0e37af9c736e1a4ecd7e13aeb62f0a58f149b43032a5ab7bc3fbae4f84206259b2abad2e27e055faa2e673ffbd7f6e0b03d2fe9a80bc

Download Submit
C:\Program Files (x86)\MI\DataLogger\WebUpdateSvc4.LIC

Filesize
494B

MD5
d170e27f5524a745ab0b002a615af204

SHA1
760c55a03b1615e5dc97322b13f8744ae60b354b

SHA256
5a3997437bf36ed67f2f758432d38adc20035ec39a09f29d445e91469a032acf

SHA512
dbb020a94f1ffe806fd3e703c938280e36f5254b0b3525bb726eba683363ea7d297b757df85711eea403ea6b0427ee9c34d7c64c0ac28caba7ab4e3130f2bd49

Download Submit
C:\Program Files (x86)\MI\DataLogger\deflang.tab

Filesize
4KB

MD5
69127259753ecc791cb53a5675ecd1c9

SHA1
2ae2e6c25331fcea1abb730f64d14d0f4e99be18

SHA256
3126d19146b3ce53042cbce45befa69098219a9a8030d4e2e93fad1e00cd8575

SHA512
c217f2fa5462bb40ac33c3d251df5acc7ee9a4057269ed700f7a75468c9dd93e1e62cde4d0ec61f209efb716e4681d7de4248a6400453cb3253e5b0e73d52777

Download Submit
C:\Program Files (x86)\MI\DataLogger\ftd2xx.dll

Filesize
276KB

MD5
911a57eed4bb23882d2c676e7ef13d04

SHA1
3bd012a80c064b1c2015c861d7a5de18fcb71312

SHA256
ccd078db89fdf03a2b5647c799976cd0b05023f1ffbab48444a2b3fcf22ebb0b

SHA512
6b21ddd7fff269202a7678af5c67acae87919b8a04d583854b6bb43257f00c570eea9314f6021207962889b73afd932c16d12bb73b8f8792ba1855fe5fe507ee

Download Submit
C:\Program Files (x86)\MI\DataLogger\wuwinstaller.exe

Filesize
750KB

MD5
f0617a355e7449a423f6b35357bf7229

SHA1
5dad81950eca946afdd690e199052ffbb460ea80

SHA256
a1758a4674cd9fbd960bef8e9bcb743723599173044297e40c7590f6f1ff5ca1

SHA512
ab813d0315fd54d61fcd9b974ceff897ca3a1111c7d34b803a8f12729996a96d8adbc6ffaa3994557a0b4dc4860a78499320638d70475e16df0f5891641a6a2a

Download Submit
C:\Program Files (x86)\MI\Track-It Setup Wizard\Track-It Setup Wizard.exe

Filesize
1.4MB

MD5
d9054708aaa9b0582299644e081c8366

SHA1
e11f5da31b24391ab84c265ca6e888ca183ea14b

SHA256
a45df5a5ca5388a557951ec094ebd4d817c71d9a07c6033abde4b68b1939fc80

SHA512
eae5d6e83cdf51612a08e430d448e7442e750e3700911dd0e97dccaab8b4f0967004a59e5debf7c863858574837c598e12440bfd3666ec3b8d189cdcb11698cc

Download Submit
C:\Program Files (x86)\MI\Track-It Setup Wizard\Uninstall.exe

Filesize
679KB

MD5
3befa355bd43c4637156b70f55373abd

SHA1
4b5c3cc252b7242a2c5651ca24bf872cae167aec

SHA256
1f4953b4f34604a5c5e525c8f5496ae97e6fd38c89a34a57b2f42c71e2d686d4

SHA512
8e30a16bb19fec8662ac2fa8e93c9ddc7e8a3a3f4bb978549b27612b285415144229084f728c2b8d029157898a324ca6f168dce5e069103c57b5b3eed3d328ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\62df1ae7-13cb-432c-98c0-d2a468361301.tmp

Filesize
10KB

MD5
35610186d77e043af400031ea99ef0f7

SHA1
45e47c7b0f88dc6f42ca337eb0b43063e29f3bdd

SHA256
3bc72a2b4e560a33930d2a8944634be475c0597e0ef41e528c0554c121c92e0c

SHA512
a3caf55051ae61ade2c84c18f69429039ee45c4e246e5d7dd5866169b9acf6b102ace53dff46456881ea9ac9e62c2d197d0c142bc57ec00ebb7fbcdaab2f4df1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\669e4121-fc59-42bd-bcbc-860e4989b351.tmp

Filesize
10KB

MD5
65db4bdf1b4d1d6a97f5fa7c7406c106

SHA1
77935e13679fc79cd69cfb9dd216b3061dbccd69

SHA256
1dc8ef64b8b6b44f85cc4ef3eef72a77f940c641f59539ec3f1699ee323a8ed4

SHA512
ebf572f8f1c770cc2d6242f3452360ec624e9d48c998bb531f701cb8431cfd0f189d01771ea0d73a7a97b72487b51ff06c90a6a404841f5ca696efb9259870aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
bf5aad643e8aec77c64b89dad5b68399

SHA1
bae077c79f0055d4841efa99ef80ff816d025d5a

SHA256
c391a1018ae9893727846d5e21009b2144562ea113dc4f1870a966ef1778422f

SHA512
cec572e5d69fc97af4cfaccca89166cb4aa864264c6609af85290283eeb0adab421cc3d3779756f8d834e416e215c4aef597682799d543183872af7790c554a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
213KB

MD5
f942900ff0a10f251d338c612c456948

SHA1
4a283d3c8f3dc491e43c430d97c3489ee7a3d320

SHA256
38b76a54655aff71271a9ad376ac17f20187abd581bf5aced69ccde0fe6e2fd6

SHA512
9b393ce73598ed1997d28ceeddb23491a4d986c337984878ebb0ae06019e30ea77448d375d3d6563c774856d6bc98ee3ca0e0ba88ea5769a451a5e814f6ddb41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f7fe01a8d9c807493842cfd9dd1c1543

SHA1
8616275a8c5c6b7e8fd223b2a467ea94066e0da5

SHA256
39cd26815a1f6311394528c83a5c1024a21c0e2ed289625983444330827782e0

SHA512
60bbb41273eab672f9bd834cdd988f826e36daa160925a41a16d385f70c369e634c8618ceeb6d4b686b63af186cdc17af0d169eb06f9fba9d969a4c85f76fe65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
3bcffff65410c975045077cad6aa0684

SHA1
90d529b4bad5b342fb1758332d60de3f3b191bd9

SHA256
8a6213fad09f477f956d2d82d18417b3c91e825b336cf118b546c3d1745a01ff

SHA512
4dc130e4de59c9e3617e4bc6eeb0d62a8fec0ecc02cb6746a75085ecda0c8540e6a67d13cd433bfd827c46b65ce27902a7101b0bc2736fe508ae9b3b8ea5f8a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
7609ddf25b69cf1404dbe01da1ee6db1

SHA1
b9e7f18e78ea7dab57b4525b9d780b903e424797

SHA256
050ee0cf6c3a968e195eab1cd5af56ab38342aefaac158a35299b619f234a76e

SHA512
876804fe6a718741abe393648099e41b6d9a33d67c944bc8998b8e79a11135e177e84c34c657a6415d3b01cdc50cf124a0b12b32e2c460b8fdee43fbe55e7a9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
387f826fe59bc33bac7ae91e72e74bfa

SHA1
e1c8346a57e3a8e4cc32b3c80cbc84a81372041a

SHA256
5afd2f076f41ff983ac06cd6fd5ee3334ec7c0ccc5420cdd6659126e2a488acd

SHA512
0c1a80bc119a521cf85ea49b0b52ac0cbf64955828380fe2b244e2ceb295233a6d1da3c5ce5e675d230a2af61053096cfb411af4570d7cee38079132a86621ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
92095cae3b881967be95787ae39e8148

SHA1
14225866902aff74b64cc517ed72635b17354e2e

SHA256
b6d1432d9d76ffbb7203da0a07c201cdbe76321996fdaafed9ac52ac0a979446

SHA512
bcd6456015a136a3412c02b9f596fb94200dcc5b78cb389ca824c65e4cf6bce707c4a023187270d06207f72e0d5b58866019103956a3f3a1669b754efe0c0b1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
1689afffcd88bfc8deb5fd307fcd4f84

SHA1
ea10e6b85daa34b3906b6a14c2a8ab0b9736ba01

SHA256
43b556ea7e37cbf63849870510f0fba78da036bb05ef6426a5ce0b001717c6d5

SHA512
b46048607b6d82b4d3b8ef714b44adb4a44b7b52b56c5086bdd53b3253a6bdaaaa0ce53aa65a6e6fef79499424988c7a0ef4892d8d53228361dc090f9c0673b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
5398f6ffd10d7b9a5cb34ec6d8d3d51d

SHA1
344553585dd80b8579136185e7a4e522d3d3a90a

SHA256
4b77a655bf6b8e206fd202c4d75c8f915958b4e8dad21217e8ffa592bcb5e5bd

SHA512
a87a7264085a6ed8cbd8d02f5cd236d83ef1c5713ebe5b1e8b6fa270684f723a0a29e6d33d7613050d9eb69199fa715dc02c0791e3254aa607fa0e1072c03a3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b61d03c7e51de33665f05dc99eafc83b

SHA1
18871ceb842300d522e6d3818e72bd5d17e7ccd5

SHA256
df65641239d418551ddc40228f1572153745820540f26e8af0aa4d055cbfbe6a

SHA512
a4d32ed7dcf0c38846f7bf0d92395831fb103995bdf8e040dbbfba4ee55956f990ba35d4cd1b44fba727de7ea887b616f129865bb6d8a8c89d174d87a0a1f16a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
26a16df653fc361a561f0b0e800ab147

SHA1
c8653b0de1084ee985b01f32b58b20e24c4dadc8

SHA256
d05945a385a60d9172a902c1c351ddc17c52ea0f471cd56445eb4e525e67fb6a

SHA512
66f249e4930d56a597e47d0f0216c4bdfacf90939bb293e87e8ab83c798107f78274b56dd78c9362bd850759125f8d03eaa459cb5f79d7aab9ec5034532cd278

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
88fb668b10907ed85ef71e73a885c534

SHA1
7e2dfea535ec08b55862425fc24fceaa1d15edb9

SHA256
3a1dbac61f48b1de7bdeb4a40e310dbc9e8a060d1136518e2afb07cebc238220

SHA512
61bfcd045e7ac394db408cff6513d99d301bfae7dd457f508f0e4d33f990e342256d4309fcc98fb1d6d396970e2a8aa35633abfd12dcb764894891c60cd11ed8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6f0f7a5b481c6e24768f519861e95f51

SHA1
0bcb748de3764e930c1a3dced7ef804a67f56c9f

SHA256
f2fb70ee5bd8c1c00fc228b54e9133cbb3bc6256d6361f5b64d4c3e966e8070f

SHA512
85d90903342284398a35a32af11532b27675d40d1414c09eeda90ccc9cfef9688fefa37795553905aa3268f3d3119244ae62ae81f21d32914f82aae803301371

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
69566bce7d91a085891981bd5e28abf6

SHA1
9aecfd278acd01cc174c6e05deb14e48e75b2d89

SHA256
73ef765316eb6e414c5ef88ca5f546069ec22cd38b5fae3356c14289a665bbd1

SHA512
4c62ca5d735885371b32e11e0f715475455763d3a76e3391a0c8e7bd7d4d97f8edef77c246f1100a3520c74ded53a0c3a856078a2f4ddea41259281bdb7f6261

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ac06f8f522589639178407ec8b1e7587

SHA1
d78ae4e0745e6e809bc0616ab9d3b4f8cdbe4467

SHA256
b5ad54cb8e1f2db8a94a0bf2269b385dc1710555a290257d83ded61c60f2b6b0

SHA512
dee2c8618e356bc8759aebcb987e7d716ff33ffda78e6ea39b2cce7dcf6cfba357f59f927eb056e8e3966e2777b3506a3c2db70310accea6339844b905f38440

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
685f7bfad970b552e040906a2b3ac8c5

SHA1
89ce958088f247453a496def13e97dd96361cb6d

SHA256
0722baed26332de6b02dfe6409913d5a7c7bd665faa495bf32e1e172e761c17b

SHA512
b4cf676e8b414d28a5c2025c2ba29edcc0617f194b892b5608912d301ef05d8ac72ab4551ff5894f6f9c0118fa1a59468b18bfdaae0e78f0e07b6cd2fcf75f88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c9a88ccb8acba83c21b9a568e6cf8adf

SHA1
badf2ac4166ec8250efb1fe9dfa5b6e21559dc26

SHA256
6a544b1f8eb42523947b1e6041060d4f0dd8185be0081a694e721b662dd2d2df

SHA512
9830bf181b49ab55aa15f166991f621ac62c3d4a68be7e92b9e2fa69ec20b7367d09d33d393e619957c0d3d81c8c4af21603e102ed9722b5b39bba8ff73bad34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7213803fb96bb86ee025c30ac19b10c4

SHA1
a312a5b8278f514562d9a044411bd75cd15469d5

SHA256
079cded6af77e235a5858fc2b097c674f2ecd4f9675b2aa98cbd6b4b2fdcd2f6

SHA512
57edd0d75f606a8fa0b086d19a5d7f93d814211d9fdaaaea87facf81cfd0b13a9ab1a253d17c683f68ef91c7b76cadd5da9f05d5ee788c3dd38f4ce0257a9ced

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d920bd16decfa090a4c441a3208869e6

SHA1
ba8cec882a43fac1c6878039bdb5c906147630bc

SHA256
0c22e42311e4c311ca38446345fb324ea8de6929aaf458da9f49bcf50b9a48ad

SHA512
51e92d2f33e5050a88e8f9b6b7d8a1eb7c72ffdb41a308fb0561fdd2c8308c9ce572528f7e5d129729eca064279be12fe4a4f508f6eb2e9c7e35eb32e23254ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
184bc34d65be25eef63de98fa8d0b510

SHA1
34c4fdbdeeb19809fd25f42c004668ae62617c5c

SHA256
db5724eb016d17bcf1c7bfd7fb5dbba50caf65fd780818f8c562291db2dfe758

SHA512
6aa196e2549517122614b0537d9a243d37b6e53b8fb3dd7dd6c4f632e3f55ae20fe6c42364afda1b50f70e21a7d0b750060eda153c28326361c8b20a45f627fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
467fbf0c9a4321e5224333a74f1f9351

SHA1
f943eeb8b05c51dd97f616ff543647b7575175d8

SHA256
2d8d4cac6cd0eb9708ab01b329ed742041aec7ede56c921734c1a6c162d78c01

SHA512
4a6f3215acec566404668ba96844cd6f7c019c248463e0de20d2cdc1adfb262fb06fff1857152be115307e98ce4c6cceaf7b17d3a574dc6c23666bbf944a7781

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
22017dc309b95c88e43e4aee8b6952fa

SHA1
81c3a285279c3a756c1f2c2deddfe4936ac42fac

SHA256
f048a5cfb254c6c3c4c5f843154f28a6e4e9138768b71fbcf2cd861a821c4cf5

SHA512
c1a408f6aa0bc23d7abb5c472e47ebf26dcfc994a3961e4961a6169abdc3c041f598609ebab42d3a73516872f432e631ef83e36e21ed42f57f08791c9bfe24a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a6e9da7e712370f71e0e60ce8bbe26bb

SHA1
201d8843a1b05216892308c0e22f5f159ecbec32

SHA256
625eb517f35378a5c4fc0d208791d2fc34fbdf5c8dfa5c53266958aa68f3e25a

SHA512
ed63c885c5d22f2522a22b521d98a1e90d80574e1003e3d4ea8c9347aae9275c621a03b7882529e210f8d500aeedb0415a744b59591b179f812780bab6b4a3db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6b196a6ad0f76d0e140c17b820a1b021

SHA1
2f9f17fea89e672262086019d5a1f11ab09e4e9e

SHA256
16e9f6d100f1bb62ce433f5905c08e2fe81025f043f530fefb32170659ceae9e

SHA512
83824763bc50a573c99c317539c76f2025caba1b745824a67bd369128fdcd5840f4943e3ce2a6f75a709e7720eab9f6bae64e90b52858f972f55334959151d1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
893727d843a880df9406a5aeeafaf83d

SHA1
515a226f49d5f8376d9dfb020a87c2436cb49904

SHA256
f5643e045aa6ed6770293f445c1a940a5244e4f1ef4dc41f09742660657412ab

SHA512
650e6cf17c7a35bfd62f50b83b6d1652fa0bff5642c079d0a85152dc01974143d27897b7a041e1c8e07120454268e1d77dbea86fc8c5ed7f858f81a0a0d31a3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
87840e79b52a6a00ff486836e709b6a2

SHA1
d99e48038afd2200b8ed04058a7809a3a5ed5f22

SHA256
1a2d5c82dc4c2d9bc88d5990a2190240e5e14f2133b999cb6f10f14bc0560b12

SHA512
e14d077ac69897323f2b97c83945ca383880ac85509eff7501e09480df832de86704583e13ffce77f02963fe94d3361d944e54233aa0f0369f7fd03a5824fc57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9c0b072711e4fee95a4f98862f2a5a74

SHA1
2048c11c0368064e7d0e74adc68d835667fdbe09

SHA256
87c3044a768b3865a1ec0f9af4a7ac947fb58e8efe387a1aaf38481a562edd67

SHA512
774ac06d77f29637be7f9188a3810c34a8c4cf29c3a5c16d952f83501921eb7e9b4a0782ff595b1cadbc73f9d703ecb0cb2af328b21ba6e9fe83109008b86ab8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2848e55339a420d3a167355721c85593

SHA1
a5c82e6f0997ac93616747c4bdd77de74c1f434b

SHA256
0cbf0e72186d070d3f065ca9bd15c003e9dcace0f8c0a1c8882678650610394c

SHA512
4036dba0281332cd3ae7aaa80a0cac432e1e92f89d7eb46276371e818ac235a9b2ab431775a4ac987a9fda1ed4260b876557c55cea16a0e159f9d50d8ee7d82b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
91b5c614649d43b401ef98681086f2f7

SHA1
6490242a1cab82781c2e9c8f400e1bcdbdeb4ea8

SHA256
8ca43b4c2ceaaace1763eddc7809316f96fbc7391fe07dd0251e726d0cd11a30

SHA512
077a6d9d4264bbaabec4ac81970bf8cf1377839fa99456ef0a2bff396715cdf50c323f68dfd7c9bc7d00e9a27a0fecc6d45e671bc4700fecc8ef06660177d520

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2598bf0e6f9cd6ac81f3e73fe3e43939

SHA1
64c3ac3c24a9f5b4bca2f2caa10b7284365fa8bf

SHA256
b9918b303723d11e6442af39335e06d4051ae259444451233cd080a08628c87a

SHA512
7a40880ee0c7e6ed1403e9100ea80ba4e82adf8d9f9b993446903abfc4e5a3e8b770d96895d62900c4bbad357643b6579aee6bc97bbb8adb1efe26e2c67a9ae4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
695f0e7784d6a1f6bc0bfe0d1a4aa61e

SHA1
1a8cb70de2fd1808276a9eefb9dc495aa61ea9e2

SHA256
eba22ce0749d7635b4c91d725c6000cc5373e1db7195929ad698cc400bd2dabf

SHA512
9ad31d1b05dcd2dad9fcba4132d1f7341fa48c25c5bca9a4fbbef6a3bed4bc878533e5b277ddccca31f699cd5f0cea3edad6b5566eaa5f322f94468b70a50a38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4fddb8f9cf81376183583e8a6165e6fb

SHA1
aadd26b853b973f30e847e0d52e92a0b897aaa88

SHA256
82709c69d0f6ed16662d7ffe7cbd4e4bcb71521b2da4608aedd0a6ed4e6251d5

SHA512
ac13835009d807a019ea7c9530ed8fbc26c1a29c0b250a6f9034c1ccb556829a8afc948c418e618eeec477216f405ec4622ae3665cb8d6e9ee539e0abc070a1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7e459a3b12dba0fc0efba10510faa201

SHA1
58ff74ea4d0c16b08f04e6f7d886167017c10563

SHA256
c9810295771931424ef69d738e2b5f16cf268052d00a499492ea24e21c064977

SHA512
8e54a99eee8cb9755c6cddf5e73873b482ec4d7381c665ffe7c40e291b2c42d88f6115af74dabfe6b06a8d474b32359a2d2dbfff0b70c8777a553c8c476bf31f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ea962128391744d11ca4b0473501a41a

SHA1
24e859b4fd153131716a42bd3d9f4cdf30718952

SHA256
3fac5235a4bf149753f467052b26383907f40593ed3b3ee6ccf8b477d35d2450

SHA512
4dfa7a696bfe93d051f9d175845a69c51dca24711cb77add00b62e8b96aa71d71c6cc4b5a9f9821f773c6360845643a1ad195e868686c76b2ae0a69927c5201f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b8789f6d31042b78d53b16d369146942

SHA1
a373b6bd0a7c3e9c24b6f65d5b66169eca3bd519

SHA256
683b3814b0fa416ecf76999a2f51d2bbb55bc98436b95fff8e5e0676d1e6540a

SHA512
dcb5fa00124a69bd682e2bdc105220d96c5a6645facf47baac19fecd4e9e0e68cd8c645a211764825f62ecb6735f6c61610c90072b8ea216fbf9517f58af2c9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
243dafa60fccda538f55b462f3b6f5aa

SHA1
c98abea57fbb4b95fb21d58dd95c9725e6da0287

SHA256
c13986f32b6eefc52557e2d70a5d6b8ab3bc2a7816a513234203c2c9b784ea82

SHA512
92c031bd1bdd0b44b9021b06a47c76e83efd66169105fc3fe882778d697e8950a9d61db5d3fa951ac08a83127efe96d5260827d51090469b2e8a5eb528bf7aa8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1fa0b8d512db58456646dc32393e1f7d

SHA1
000c68260da8ab63ed71d909d3db46f290a2911b

SHA256
9adc5d97866bcb8ec813e2d78e82e95b09ab090f4a75c6b2dc303107b4ecac9c

SHA512
8095804a348d5f33013070b91aea45d5e834795b7defe2919e7178dcf15ecdfb009058d23b6d7bf2e0cecc00a7041048ba8154a5e6f2955a3afd21fdd1b3931b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
de01d5605626afd342182c8ca28c835b

SHA1
17e0e462d67ea385697659805c6aba4253d037ea

SHA256
eba42c75d4e1b293ea29b54c6f0b5b53147d857fe778fee1d6ec4b19241aaf0c

SHA512
b89a4feff99c59a984b11a644f5535dce54c10cdbaf1fd6321c914e6e0e947157f5bd54fa4f31299e7250412a40b469bf54b79b2b01f145436fd60e9cef9880d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
70c50a989e8791a4206b9a21fa1e5e4a

SHA1
981c58d6afcc5387b5235c212d948d45ff0d1dc3

SHA256
b8bd1518af1957692d19521c28509cd50e88eed37b2bf07abd30841e8044434b

SHA512
109d635dc7938867ad5fa2722857b3aa48449ae20ad1fd4978ece4984f98dbc98d8d0400ce837f4988848af57266d3c84a387352311bf03a0c64f5d4fba2e918

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ef23095652bd2c28591e3316d8c20e0e

SHA1
e23342352050453943ac198f8b716af4e528b00b

SHA256
c3ed4a7852fa556a0f25dd5b68c1bae9e249170c59b66a422291a25445830764

SHA512
ebebb61e26a905f38413841486c61240b9339590815c2a2ddacf3e541f3a3477c2dcf275c59f4dd1d14bf411f203b16408145eaa9b6310e9c08ba4dd158c09eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d030ab98ce02d422ae3baa76dc450bc6

SHA1
502e31a5ca16a05029d30f3fee12259c5dce15dd

SHA256
4fd664e55d93b537af39dcc6563cde4cb81e41bbe3db19204ac2b8b9f24f165b

SHA512
9a1a70d77f669b8bd28c5da099e78e944f87aa2d95d0dc69345f23d8ccd753663d321b3a57a7a962a6192a27085164e3af3b225ee8a1581d53d68d3c3751d94b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d4977a831869732dd2ea1b25d74ec17c

SHA1
13046e115e34e3d9881b45d6ff0b88b919c60ca8

SHA256
81d517f75a577e731ec7fb580811b14d6de1b6adc167dba81308a945ead9bac6

SHA512
6ee7330fe8473b83e5d8dcc545aed950eec6e61f34da67e26f29e8115aa5010d1eaae70b9321cb771a84097cfbfa200e7e3d39f624189887d4a2571b76eb898d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fe1c1943a03e0f0fc029eae27c83e56e

SHA1
ae6d879981f42e8e236eb75f2f0c22439d1299ba

SHA256
b890286aeafd287b40ad28d837518adceea82b4f21538ccbf11f5bfeb39eca71

SHA512
591cffaf2695c9e8f4fb484990d470429e8f8782300766aef53215b39bf87acb785ebab656b7fc47fa3e9bc078759adeafd6168962ca2245c379df9b9bbb8322

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9844420a061fe04cb84a5ee19cc321fb

SHA1
a0ffa145e1fc6239a147c226d5a5ad41062072d6

SHA256
f0930cfee2315e26eb353edcb3598157ee36a9e7658246ecf1423aa01cc7800a

SHA512
d5493307c1f5b08f44dc112c9389f37f020921552564a1adf6324f4636e13d2a7bc763ba035e1063bd446f76b7ba7b3121b95b3ab372e6817774de1b6ebeb120

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
9f8776496972c0be9975eff2a68985b2

SHA1
0655180f1b3b533cea2299a7be190c4aa6b6838b

SHA256
f3faae8c859cb03d3b8998f63f02d890de10ff97e9cbf6f82af9443bb13fa20b

SHA512
42304b1510210be5f46b4ba785a8e614dbbab529a047ffd91f1e6dafab4df9c0f4ac24421f4d77d9b0ecdc6481f00f6988548eb707503b707e824db0c3d61876

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
76c8ef7d057d6ca071bf61a4b0874c64

SHA1
6ca9e2bfff9392e62c06944f20b8f9041ebd96c8

SHA256
68070445c0c35d33539d729f579fa566b0680b894d4fe3a70b28c2a04cdf00ed

SHA512
ba0f5f23d1e56b8406d3494e8851651597acbfb6d37d81b285fc4ae7a82e6842de74078f160fbd361beac984a3aa82f96df9faea2399197cdc1ac55768c391e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
361e55687a30cf177a996f2ecb6ed23f

SHA1
6a5fa723b12c13bedeef095498705216a1b7e07f

SHA256
0dfb2d21d8a4343353aa53fb26ad26d884a11caa467cf2e4326228c79d0fa940

SHA512
4cdc260a594416de7299a5f016700d9219896a9c3d86af15f76bbf7cb18f78d3551bfddb76a4d8f53fe158f0a55256f9bf013c13726e98fa6bcfec94dda8bb55

Download Submit
C:\Users\Admin\AppData\Local\Temp\AITMP720\L(Default).rtf

Filesize
46KB

MD5
d6a09dfa65b6d0517ee79aaa4fa7ad2a

SHA1
34104869ca5894aa9bc91e16f91424094756d450

SHA256
ce036a5756273cd567e1f6b68e0630367d785ebe011d9ebde26b2ed72539c893

SHA512
31ee7a343e8048b581f1336aec0ad3456abf5eaa85814d0f9b0a579ab035aedcc0410a969a27b7ebf9e0177856f91ebe876092fb98dbf0f2907c355c30fca1bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\TCDAB57.tmp\sist02.xsl

Filesize
245KB

MD5
f883b260a8d67082ea895c14bf56dd56

SHA1
7954565c1f243d46ad3b1e2f1baf3281451fc14b

SHA256
ef4835db41a485b56c2ef0ff7094bc2350460573a686182bc45fd6613480e353

SHA512
d95924a499f32d9b4d9a7d298502181f9e9048c21dbe0496fa3c3279b263d6f7d594b859111a99b1a53bd248ee69b867d7b1768c42e1e40934e0b990f0ce051e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
343B

MD5
3f555406b4c2c7f7c7692fa8c27c0776

SHA1
c6ff7bf121f76c56f4fe452687e636d3a6b75405

SHA256
b68e6d200b3d9727ab2ac002f4d636fc8762504df4e574986c3633b11c005fab

SHA512
1f7f1b63d69ed35d9c632d6339a029ed9e3e9945e09a7100feafc2b44652e1a7942e506505f17fe0906d875975913f18491f3b421be366b2a1cc21695a98f155

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

Filesize
16B

MD5
d29962abc88624befc0135579ae485ec

SHA1
e40a6458296ec6a2427bcb280572d023a9862b31

SHA256
a91a702aab9b8dd722843d3d208a21bcfa6556dfc64e2ded63975de4511eb866

SHA512
4311e87d8d5559248d4174908817a4ddc917bf7378114435cf12da8ccb7a1542c851812afbaf7dc106771bdb2e2d05f52e7d0c50d110fc7fffe4395592492c2f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\9J45DRG47MNYMNFYTNIL.temp

Filesize
3KB

MD5
796d46bb42927cdf720808d51310d631

SHA1
1d6691cf75681f2a8aa8eb23277981493a1eadf4

SHA256
a25dfd736af6a1502156055374396829547ba0b52227d38dfc800b479c5d057f

SHA512
f292ac5caf0988f7d937990555de946cfd91f16c16f1d59e6cd6af753cc53eec1372143151f9a721fc22bbc0672495e645215b3e9337934741c17b071241f7e5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
2KB

MD5
f88ebee361fc0115784842217fbf99e9

SHA1
11f540c1346e08536508b40aac8bc5291805a473

SHA256
5764bbc2fc191629961a2a477d9a777573ec19541e1a4bb533caf0bd26725677

SHA512
4b2acb6c173b91f0cb0118fdcac8a8f612b3b3ced80253a21177451033e7afb2ee65880f625f2afc99bdc8477afe1c67e401437421b2e9ba42a2348642e5fdaf

Download Submit
C:\Users\Admin\Downloads\Track-It_Software.zip.crdownload

Filesize
11.1MB

MD5
b4c03fcd81c8b77bd844a6f1d600baf1

SHA1
68b8a23a01bd8246a8689faea92b9c63b06a100b

SHA256
9d355d45ed33671b50e75f838625efeea9eb7639200d4c8ba936db825822cc7d

SHA512
8014bbb9cc13d22d2708528294d12254a0a3b6bb6ebf5107e6932bfc1c0c81aaa8dd3a8ec25d47bc5b74bdd93a13aba319f1cc676ab03d50f5cbf8c65f4e7fff

Download Submit
C:\Users\Admin\Downloads\Track-It_Software\setup.exe

Filesize
12.8MB

MD5
280d1f3a9e0e3f6d80e51c730d5589fa

SHA1
37ab720d30ee2482447ef2b7056665ae63a8a2e0

SHA256
21debfe71fd0a9e959e7c651a73495bab0b2986244cf99180d4b881ca808dc5d

SHA512
4c4bbfe380c358c070931232b4ee151f93733b7a35ca78ba3c09567dac8901994544549e5195486c28c582b499b0a5e7618985470121cb74d31281a7557ab870

Download Submit
memory/1964-652-0x00007FF946610000-0x00007FF946620000-memory.dmp

Filesize
64KB

Download
memory/1964-653-0x00007FF946610000-0x00007FF946620000-memory.dmp

Filesize
64KB

Download
memory/1964-648-0x00007FF946610000-0x00007FF946620000-memory.dmp

Filesize
64KB

Download
memory/1964-646-0x00007FF946610000-0x00007FF946620000-memory.dmp

Filesize
64KB

Download
memory/1964-647-0x00007FF946610000-0x00007FF946620000-memory.dmp

Filesize
64KB

Download
memory/1964-654-0x00007FF945050000-0x00007FF945060000-memory.dmp

Filesize
64KB

Download
memory/1964-655-0x00007FF945050000-0x00007FF945060000-memory.dmp

Filesize
64KB

Download
memory/3112-311-0x0000000000400000-0x00000000006CB000-memory.dmp

Filesize
2.8MB

Download
memory/3112-639-0x0000000000400000-0x00000000006CB000-memory.dmp

Filesize
2.8MB

Download
memory/3112-629-0x0000000000400000-0x00000000006CB000-memory.dmp

Filesize
2.8MB

Download
memory/3112-330-0x0000000000400000-0x00000000006CB000-memory.dmp

Filesize
2.8MB

Download
memory/3432-611-0x0000000000400000-0x00000000006CC000-memory.dmp

Filesize
2.8MB

Download