e8d7d01eb9c2f898000d84d17fd6f096dbe4a41ca76eb41c2103b94644dd5fc4

Analysis

max time kernel
150s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
06-10-2024 21:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dt87xz/dControl.exe
Size

447KB
MD5

58008524a6473bdf86c1040a9a9e39c3
SHA1

cb704d2e8df80fd3500a5b817966dc262d80ddb8
SHA256

1ef6c1a4dfdc39b63bfe650ca81ab89510de6c0d3d7c608ac5be80033e559326
SHA512

8cf492584303523bf6cdfeb6b1b779ee44471c91e759ce32fd4849547b6245d4ed86af5b38d1c6979729a77f312ba91c48207a332ae1589a6e25de67ffb96c31
SSDEEP

6144:Vzv+kSn74iCmfianQGDM3OXTWRDy9GYQDUmJFXIXHrsUBnBTF8JJCYrYNsQJzfgu:Vzcn7EanlQiWtYhmJFSwUBLcQZfgiD

Score

5^/10

discovery upx

Malware Config

Signatures

AutoIT Executable 18 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral2/memory/2992-22-0x0000000000400000-0x00000000004CD000-memory.dmp	autoit_exe
behavioral2/memory/1940-44-0x0000000000400000-0x00000000004CD000-memory.dmp	autoit_exe
behavioral2/memory/1228-65-0x0000000000400000-0x00000000004CD000-memory.dmp	autoit_exe
behavioral2/memory/1228-66-0x0000000000400000-0x00000000004CD000-memory.dmp	autoit_exe
behavioral2/memory/388-87-0x0000000000400000-0x00000000004CD000-memory.dmp	autoit_exe
behavioral2/memory/1228-88-0x0000000000400000-0x00000000004CD000-memory.dmp	autoit_exe
behavioral2/memory/1228-126-0x0000000000400000-0x00000000004CD000-memory.dmp	autoit_exe
behavioral2/memory/1228-155-0x0000000000400000-0x00000000004CD000-memory.dmp	autoit_exe
behavioral2/memory/1228-161-0x0000000000400000-0x00000000004CD000-memory.dmp	autoit_exe
behavioral2/memory/1228-173-0x0000000000400000-0x00000000004CD000-memory.dmp	autoit_exe
behavioral2/memory/1228-192-0x0000000000400000-0x00000000004CD000-memory.dmp	autoit_exe
behavioral2/memory/1228-193-0x0000000000400000-0x00000000004CD000-memory.dmp	autoit_exe
behavioral2/memory/1228-213-0x0000000000400000-0x00000000004CD000-memory.dmp	autoit_exe
behavioral2/memory/1228-237-0x0000000000400000-0x00000000004CD000-memory.dmp	autoit_exe
behavioral2/memory/1228-256-0x0000000000400000-0x00000000004CD000-memory.dmp	autoit_exe
behavioral2/memory/1228-266-0x0000000000400000-0x00000000004CD000-memory.dmp	autoit_exe
behavioral2/memory/1228-380-0x0000000000400000-0x00000000004CD000-memory.dmp	autoit_exe
behavioral2/memory/1228-554-0x0000000000400000-0x00000000004CD000-memory.dmp	autoit_exe

UPX packed file 20 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2992-0-0x0000000000400000-0x00000000004CD000-memory.dmp	upx
behavioral2/memory/1940-21-0x0000000000400000-0x00000000004CD000-memory.dmp	upx
behavioral2/memory/2992-22-0x0000000000400000-0x00000000004CD000-memory.dmp	upx
behavioral2/memory/1940-44-0x0000000000400000-0x00000000004CD000-memory.dmp	upx
behavioral2/memory/1228-65-0x0000000000400000-0x00000000004CD000-memory.dmp	upx
behavioral2/memory/1228-66-0x0000000000400000-0x00000000004CD000-memory.dmp	upx
behavioral2/memory/388-87-0x0000000000400000-0x00000000004CD000-memory.dmp	upx
behavioral2/memory/1228-88-0x0000000000400000-0x00000000004CD000-memory.dmp	upx
behavioral2/memory/1228-126-0x0000000000400000-0x00000000004CD000-memory.dmp	upx
behavioral2/memory/1228-155-0x0000000000400000-0x00000000004CD000-memory.dmp	upx
behavioral2/memory/1228-161-0x0000000000400000-0x00000000004CD000-memory.dmp	upx
behavioral2/memory/1228-173-0x0000000000400000-0x00000000004CD000-memory.dmp	upx
behavioral2/memory/1228-192-0x0000000000400000-0x00000000004CD000-memory.dmp	upx
behavioral2/memory/1228-193-0x0000000000400000-0x00000000004CD000-memory.dmp	upx
behavioral2/memory/1228-213-0x0000000000400000-0x00000000004CD000-memory.dmp	upx
behavioral2/memory/1228-237-0x0000000000400000-0x00000000004CD000-memory.dmp	upx
behavioral2/memory/1228-256-0x0000000000400000-0x00000000004CD000-memory.dmp	upx
behavioral2/memory/1228-266-0x0000000000400000-0x00000000004CD000-memory.dmp	upx
behavioral2/memory/1228-380-0x0000000000400000-0x00000000004CD000-memory.dmp	upx
behavioral2/memory/1228-554-0x0000000000400000-0x00000000004CD000-memory.dmp	upx

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dControl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dControl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dControl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dControl.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133727229901497832"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings	explorer.exe

Suspicious behavior: EnumeratesProcesses 36 IoCs

pid	Process
2992	dControl.exe
2992	dControl.exe
2992	dControl.exe
2992	dControl.exe
2992	dControl.exe
2992	dControl.exe
1940	dControl.exe
1940	dControl.exe
1940	dControl.exe
1940	dControl.exe
1940	dControl.exe
1940	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
388	dControl.exe
388	dControl.exe
388	dControl.exe
388	dControl.exe
388	dControl.exe
388	dControl.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1228	dControl.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2992	dControl.exe
Token: SeAssignPrimaryTokenPrivilege	2992	dControl.exe
Token: SeIncreaseQuotaPrivilege	2992	dControl.exe
Token: 0	2992	dControl.exe
Token: SeDebugPrivilege	1940	dControl.exe
Token: SeAssignPrimaryTokenPrivilege	1940	dControl.exe
Token: SeIncreaseQuotaPrivilege	1940	dControl.exe
Token: SeDebugPrivilege	1228	dControl.exe
Token: SeAssignPrimaryTokenPrivilege	1228	dControl.exe
Token: SeIncreaseQuotaPrivilege	1228	dControl.exe
Token: 0	1228	dControl.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe
1228	dControl.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1436	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1228 wrote to memory of 388	1228	dControl.exe	84
PID 1228 wrote to memory of 388	1228	dControl.exe	84
PID 1228 wrote to memory of 388	1228	dControl.exe	84
PID 2544 wrote to memory of 1804	2544	chrome.exe	90
PID 2544 wrote to memory of 1804	2544	chrome.exe	90
PID 2544 wrote to memory of 1616	2544	chrome.exe	91
PID 2544 wrote to memory of 1616	2544	chrome.exe	91
PID 2544 wrote to memory of 1616	2544	chrome.exe	91
PID 2544 wrote to memory of 1616	2544	chrome.exe	91
PID 2544 wrote to memory of 1616	2544	chrome.exe	91
PID 2544 wrote to memory of 1616	2544	chrome.exe	91
PID 2544 wrote to memory of 1616	2544	chrome.exe	91
PID 2544 wrote to memory of 1616	2544	chrome.exe	91
PID 2544 wrote to memory of 1616	2544	chrome.exe	91
PID 2544 wrote to memory of 1616	2544	chrome.exe	91
PID 2544 wrote to memory of 1616	2544	chrome.exe	91
PID 2544 wrote to memory of 1616	2544	chrome.exe	91
PID 2544 wrote to memory of 1616	2544	chrome.exe	91
PID 2544 wrote to memory of 1616	2544	chrome.exe	91
PID 2544 wrote to memory of 1616	2544	chrome.exe	91
PID 2544 wrote to memory of 1616	2544	chrome.exe	91
PID 2544 wrote to memory of 1616	2544	chrome.exe	91
PID 2544 wrote to memory of 1616	2544	chrome.exe	91
PID 2544 wrote to memory of 1616	2544	chrome.exe	91
PID 2544 wrote to memory of 1616	2544	chrome.exe	91
PID 2544 wrote to memory of 1616	2544	chrome.exe	91
PID 2544 wrote to memory of 1616	2544	chrome.exe	91
PID 2544 wrote to memory of 1616	2544	chrome.exe	91
PID 2544 wrote to memory of 1616	2544	chrome.exe	91
PID 2544 wrote to memory of 1616	2544	chrome.exe	91
PID 2544 wrote to memory of 1616	2544	chrome.exe	91
PID 2544 wrote to memory of 1616	2544	chrome.exe	91
PID 2544 wrote to memory of 1616	2544	chrome.exe	91
PID 2544 wrote to memory of 1616	2544	chrome.exe	91
PID 2544 wrote to memory of 1616	2544	chrome.exe	91
PID 2544 wrote to memory of 2648	2544	chrome.exe	92
PID 2544 wrote to memory of 2648	2544	chrome.exe	92
PID 2544 wrote to memory of 2804	2544	chrome.exe	93
PID 2544 wrote to memory of 2804	2544	chrome.exe	93
PID 2544 wrote to memory of 2804	2544	chrome.exe	93
PID 2544 wrote to memory of 2804	2544	chrome.exe	93
PID 2544 wrote to memory of 2804	2544	chrome.exe	93
PID 2544 wrote to memory of 2804	2544	chrome.exe	93
PID 2544 wrote to memory of 2804	2544	chrome.exe	93
PID 2544 wrote to memory of 2804	2544	chrome.exe	93
PID 2544 wrote to memory of 2804	2544	chrome.exe	93
PID 2544 wrote to memory of 2804	2544	chrome.exe	93
PID 2544 wrote to memory of 2804	2544	chrome.exe	93
PID 2544 wrote to memory of 2804	2544	chrome.exe	93
PID 2544 wrote to memory of 2804	2544	chrome.exe	93
PID 2544 wrote to memory of 2804	2544	chrome.exe	93
PID 2544 wrote to memory of 2804	2544	chrome.exe	93
PID 2544 wrote to memory of 2804	2544	chrome.exe	93
PID 2544 wrote to memory of 2804	2544	chrome.exe	93
PID 2544 wrote to memory of 2804	2544	chrome.exe	93
PID 2544 wrote to memory of 2804	2544	chrome.exe	93
PID 2544 wrote to memory of 2804	2544	chrome.exe	93
PID 2544 wrote to memory of 2804	2544	chrome.exe	93
PID 2544 wrote to memory of 2804	2544	chrome.exe	93
PID 2544 wrote to memory of 2804	2544	chrome.exe	93
PID 2544 wrote to memory of 2804	2544	chrome.exe	93
PID 2544 wrote to memory of 2804	2544	chrome.exe	93
PID 2544 wrote to memory of 2804	2544	chrome.exe	93
PID 2544 wrote to memory of 2804	2544	chrome.exe	93

C:\Users\Admin\AppData\Local\Temp\dt87xz\dControl.exe
"C:\Users\Admin\AppData\Local\Temp\dt87xz\dControl.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2992
- C:\Users\Admin\AppData\Local\Temp\dt87xz\dControl.exe
  C:\Users\Admin\AppData\Local\Temp\dt87xz\dControl.exe
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1940
- - C:\Users\Admin\AppData\Local\Temp\dt87xz\dControl.exe
    "C:\Users\Admin\AppData\Local\Temp\dt87xz\dControl.exe" /TI
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:1228
  - - C:\Windows\Explorer.exe
      "C:\Windows\Explorer.exe" windowsdefender:
      4⤵
      PID:3760
  - - C:\Users\Admin\AppData\Local\Temp\dt87xz\dControl.exe
      "C:\Users\Admin\AppData\Local\Temp\dt87xz\dControl.exe" /EXP |3264|
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:388

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Modifies registry class
PID:3572

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:1436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb0c66cc40,0x7ffb0c66cc4c,0x7ffb0c66cc58
  2⤵
  PID:1804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1884,i,2413127010283202108,14451174797161827600,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1732 /prefetch:2
  2⤵
  PID:1616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2124,i,2413127010283202108,14451174797161827600,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  PID:2648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2200,i,2413127010283202108,14451174797161827600,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2212 /prefetch:8
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,2413127010283202108,14451174797161827600,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:3308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,2413127010283202108,14451174797161827600,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:3128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4452,i,2413127010283202108,14451174797161827600,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4472 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4680,i,2413127010283202108,14451174797161827600,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4668 /prefetch:8
  2⤵
  PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4688,i,2413127010283202108,14451174797161827600,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4600 /prefetch:8
  2⤵
  PID:1040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4772,i,2413127010283202108,14451174797161827600,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4708 /prefetch:8
  2⤵
  PID:2924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5008,i,2413127010283202108,14451174797161827600,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5020 /prefetch:8
  2⤵
  PID:1256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4872,i,2413127010283202108,14451174797161827600,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5096 /prefetch:8
  2⤵
  PID:3504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4948,i,2413127010283202108,14451174797161827600,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4756 /prefetch:8
  2⤵
  PID:2368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4756,i,2413127010283202108,14451174797161827600,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=212 /prefetch:1
  2⤵
  PID:1040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5020,i,2413127010283202108,14451174797161827600,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3284 /prefetch:8
  2⤵
  PID:2072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3760,i,2413127010283202108,14451174797161827600,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3320 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2464

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2800

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4400

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1516

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x000000000000047C 0x0000000000000494
1⤵
PID:2152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
faa5e02097c2e6dedfa4e8b0dee41499

SHA1
b10ef561988fbd862d4994660914666a9005cc24

SHA256
79514677dbb3521b1e15ca1e8972ae43ca3ab2083a049b115263744bce55a19c

SHA512
70d89b21b2afcc69ffe471f1b5825d62418680053eb47778b912bc69bc5603e82e95bc623623d6223f1cb1a370c06d8620a5fd9a0682eb8874afc2d5c96493a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
372KB

MD5
a3e2a18e0da9e18fb00e378f9e9860c8

SHA1
1c3cf8a4fe35d61a46c5a962d2f71ed81ab4f5c1

SHA256
315b44888fe2f29feda3fc939394d624aa5717fc2454041c2ba840dd7ffc2ce3

SHA512
f27569b5e8a52b8ad64064af02fd0cd2dcd96cd5b6dcbeb157a01c7eacd281f3e6ae86585aa625b7601527db3ed03d0ecbcc1f3ae5e58baaaf8dcd956a7a0963

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
399KB

MD5
29b46ef2228d7d0ff5538a6042f88903

SHA1
85fcbb20e56c8c2ebcaf9d5ee3a442e449194601

SHA256
ed4d09c067524631ba4f93c8318fada5e09c4c099d49a88781733821edfe8e48

SHA512
2b20d919b16ba74a8415a64be12fbfeb79a8da66967b853c26ef9e6ca0fa103544273366d86e0587e9687796cd49352139bb29ea673f1d8afe973876d232b387

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
497KB

MD5
6a13884b18cabbf78b0dc2fdb195e9f5

SHA1
abca68e077dc582a30f50a9edd7a42d01bce2bb6

SHA256
d4751f46fd7156b0eed6b9e753db3df136f621e7ab2fd8dceade57242c814d33

SHA512
15b2509942a88b87f8728b76a6724424e013029849399ddc04dd19278c0064b0d961e7a33d106b2ac0423b893a37d393663d0e756b6ef11dfe26ae12a9d51f40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
509KB

MD5
d02112af1188dbfa2d0f5386c94a5668

SHA1
4b456cad5fe9a7e6893ce49bcecc6cb2622b72b4

SHA256
d8014b108685fca3cf5e75c17dbd0aad08b2132b95b391c21aa027fbb1ad9bcf

SHA512
3dbe8f496bf946fe6be6c4f4dea684b5803c775edba4d79de7a51f48bcb2c09244a66b11f9679e3706bb84b694041f8cbb33a67c0a602ffbd3f66496bad55aed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
473KB

MD5
b7b0a5c8a253b87559ed9295e45960b8

SHA1
7c4e02218ed280438be6f339765a8d74d37669c4

SHA256
6450a54915a1302d551267a155725ccca1f1e5f1072cf3313071cdcc366b5d55

SHA512
84a401572b2c9fa78b99e8aebfb55331b99ff38919a0a88342f799f57c073722b249e8015d5c7c4fe7634a1d9e19fce85fdad4cea94c49c2c35f9c2b3597724e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
468KB

MD5
a88d67dc035d92726a4fcb89851eb201

SHA1
37c54b8bf7c3f33fdd4b212750975d239da2961f

SHA256
9a11cc1d4e89a314d3ec0e885056aa572b0d5d5b787d0c8b8e0a9fe1a90cee94

SHA512
8db67c2e3b586c0f320da4e505d9954ec67e88f9b7782f72e10c16d35cf6a6bde4750ef4cd800fc5fac186da604f5ea339a2566040e023c6ee6e199e9fcf18ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
508KB

MD5
918a7a667f3de7742ce174218fbe0d4f

SHA1
76781addf6d022f037e9d9abd9267b6e221f9a48

SHA256
bd184c4fd9ca1145bcd2e2aa978b37c949c410e3cb05052a4d9dd6bf727b7677

SHA512
4d0236fe05252dbf36cdf8d9ff0268d6a602d3e44bc1f91b1e5e4e204afdc7a7890050a65e2609d51387463b725362a7965e7ca84875be2dec3727cb3dfbeb11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
469KB

MD5
184008aa58532dc330bbb67885cba62d

SHA1
7abb1b81031fb7b6727778860ab073905bcabdee

SHA256
07d7f1cae5f34137fc1b4cca77ca88bebb96f2ee241b4d8de4a1cb1c347628bd

SHA512
c58523981f0b67ec0e3838b2b68de7fcd02c42a2e50f6c90c3fd48a3aad955fad78dfa0d844564ce8c3164c43220008c03fb32ba9e09a60306ab351dec1f67ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
746KB

MD5
3ad771ba1c4544631319187b3828da3c

SHA1
78edd63df5d5b0a432c626ab606954e1f3a463ef

SHA256
b05b19ad78f8a4c19377c6f43706981373e74d83a059878e0a8028b134228c20

SHA512
08bd6f0371a922900d7e7d00507261df9d3a33bea2ed15671d9bc2ead44da7f1874cc546b0acc2c94147df49744cd9e06147222540e95d3c4521e4f4ae689624

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
302KB

MD5
d0179bd249c07b0cf46de38d32deddb2

SHA1
dc5f7e83360b6386be92c0bc5eda129fac899f8f

SHA256
ef8755958dc3ed928da3382a69c36cf6ec2bfb1a98f1d9e71165ab81fe735e6a

SHA512
c411e395acdd612519623638377840a7908c6cd5895c8c77446266f6e7114f2275d3da1f16197cd16dd98fd8ac58b06361ab3d50cd17e433cc38dc56864defbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
436KB

MD5
eda7aebe2cdfdd224a9c79830c336a45

SHA1
f3861460738417ae602894950161ae00632df715

SHA256
3ac34b9aa5397c60f7b1991eca9d55fdd63baaaed3f69ab188978d9e3a0bfd86

SHA512
98e33398f2dc2f84d48b7695f149131367b08c0522c380a9e81ddab42b933fe0ae8c68d06a5556ea0f81ffd7965e3bdb77ba63d22756708f7e8eff47ebe7202f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
501KB

MD5
68ba43787ae6869ac48ae98b4923314c

SHA1
6d377b398c9bfc7f5fbc370358a65a097cfc4b94

SHA256
353411aef6c5b7a3b07a6abf0df2e53adb977e293839b8d15694157ffb379fb6

SHA512
170f3aef226a316b48c32f4499b475e8e8984c730dd12c55e8f8f32d36361db7cf139f8eceb8e19341bbe247077486b6eae84f1d7a5c5948fc9820f4dfba57e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
244KB

MD5
06bfd1a621b77870852dd1bf17144972

SHA1
f2c53855c39660991fc66c56364c37450b074af9

SHA256
a13153ddbda2bfe9534b1a635bf6f48f55c7e468af3f13322823af4657592d56

SHA512
f966b0a14ca4ccf9d507c452c19c803fb806d9174db4e5d433b89757556d78d3ea46e6f9f13540e1631b534ac56c159d575db84e6a917363391e371c87388c61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
489KB

MD5
309026ef45853b640b2e00efce43189f

SHA1
63b6de3da4a633989e0ccf6624d7aee02e17a5cf

SHA256
1fc1bf29ab8b2f42d0d8a7c81f6ec10cc2ceaf149b1629ff529cc45c6780f579

SHA512
6d8b13c45ae928449400f414fcdabc3892274b1ccbe02d5f8214395e55ed52ca03e9b0e5f7797a0582f22b8017c34f2dc1e37a07911f691767e17bc336ae29e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
448KB

MD5
1b032dbbd3fde2f6a6fb67b5b2d113ab

SHA1
3746a5aad7ee560826569ab2a8eb09160850a882

SHA256
4b24ed590ae07ff2db348e8301c38a6b83e9858da0f50069e8818d9f3f787013

SHA512
22dde032b49ba48d5220742cdf5fa9f7bf1d5675660497ad144d565ebffe210388471697ea79b64b4d904f44c67fa534fc176c0a6ad2bb5a3083b538238005db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
713KB

MD5
6ad66fc87894641c06a0b87d510980e6

SHA1
563b0e4ba8efae0ca4724e95d9ffca8e5b62bcf7

SHA256
e3151faec6eacf9e9cbd75e6b3ef188fe800b177d741c8a7190980c5329c5130

SHA512
95e5b13d13295b2cac8d004db08907eca58c918feb5ed508702389b060eb44a6501126bceb3875b224ba3655b8e5752f789c2bcba249e1ab4e1f86608bc60c13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
497KB

MD5
20100390b60c730edb421c714f820f11

SHA1
49759cf6560ba7a6b22d9f4c339de0cb2c43e6aa

SHA256
d8965f3ac63e690fa5c077aac68a56f13ee0afe5ecdd4e5b67c80a7673c3b914

SHA512
056115f847a45c4b1bfb52c1ed946c37c8fc7cc43b7b1a538d2dcd588c45552b71da8459ca6b3b8b23d0d25196985b56f3ccd4c91e0ba0ed097e8fd070cfc57d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
502KB

MD5
178defc946c00b48b2bba118ad5dd644

SHA1
57b70ed206877b2613f93c3e2ef5770dd4a415c1

SHA256
c3581809461610bacb04b099882771c4c5e73cc807a5d681ff9dc4bde8a4095c

SHA512
d2e82d6e3f0165e40f3fa5fa02e0cbcc07123ea23a57a6b646ff374d6564bc08741b23935d18f7e39a479afe30e4bfc9f857bf0381bf3cd191086040372426e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
476KB

MD5
16ed5fd6bd752be3e998b05634f43f65

SHA1
8bdec694541a3173ecf0e04b83acd7032c4a0548

SHA256
d7aff862c4a47cf466bcbc26f3522cf12987af1f7d8f0b9a4b13a4ea844ec929

SHA512
b1dfe5dce6392aa79f6806881a368166894d6cb9c74b3270997d16e227c95810c9165a3aa4cff80a40ac87ac34ca3734accb019fc9b91edd75a62c75acf19766

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
298KB

MD5
02474ab4c677eebdf2aad44988114825

SHA1
beae0d6a51f821ea18d47b51c037e6d1b0a47e7f

SHA256
1ff8f30113622dcfe889d63c21257161ec84f23da85d8db0cb6405af543a6237

SHA512
e299a50cdce3e9c8777ef4ffcfdb7fb899521941ca2d8380d49e4e57041e6ae87ff05246d3a2f3b8398355c8a1d6277ea18835d55ee7e23ab63caf42fe637952

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
392KB

MD5
f9dddb283d79895f23eeddc2bcd119ab

SHA1
3939550dc42cbb0c59a89021b8a51922fa99e6d7

SHA256
8d2e047646dcc144d1ee5891d87fdbac9744bc940f0cc4e6dbf7ac2060ebfc50

SHA512
1db7f100f760943d80905064f9f41a9d80a1efece7ee7809bb9eebe623d03b02d3cf59dba2bd9a3b5fe61d3c1041fe56900c849b6ff2fba3c3d84fd5477f4e12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
452KB

MD5
81e17fd1825ca42e110f251d4487d670

SHA1
5abe5eb2d1bb7b3b6e6e78523046d212f1cee4d6

SHA256
e87b6936b3e0df4cc2e63d7904e9d9491c5f434ed4ad2ded3479aead0ce667c9

SHA512
ea9393877a147617cf801cf382b02686c3990bb59ec014d897d34fdabe6f04522e32b936d103435727c69b7f221a98bdd1e34afc06ff119fa0b0a50d2ff225cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
40KB

MD5
71d77607b323bc20be32a02fce4cadfd

SHA1
2a18236090f47a4e1f0ebd2b9f1e4b0bc0053573

SHA256
58c04ac027b15931acfb17be4a134e35c8bdd3b99109e617895713a42f32d84a

SHA512
01e141b3c6ca46a83626f19e35a8e8ed613e2dc90fb42977752632c9818ea93f9b8f06e1a47417fe5cb8ed8a3bba3fbf62bf28da3f15c6200a6b8ccec72c4005

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
432KB

MD5
057852173e958810f1de0e8adbc9d462

SHA1
bd05e51244966615a9dc2b0119f7e8cfa64f22b5

SHA256
9c90f27443fbdb85519985333a8b00c3cff0e10a2753955f41890342d64362f7

SHA512
230ec42dfcea740b4fb37e3c7559da2289b7bf2025c465bf055db75659c7f9f05ede374792b046ffb3365f8fa5dc34e23f1312984c195c32a6d42147959efc86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\p\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
373B

MD5
8235c8ff0aa65cd4ccd378ec84486fbf

SHA1
454b1ac3a8b9c8cf336826ca22dced683043e0ea

SHA256
49e3f3b9622b691d7a76500bf1dcd3005fa1e229c94d2009ce170833efa80cfc

SHA512
272be75ba8878e2456075463405b0c973f01fb76b288ad343546e8681ca8d38a6f341f84c376daf759ccac89db0a37a8b3ce3d58c630cfe86906aca7de598d25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old~RFe59d603.TMP

Filesize
333B

MD5
c7516246b46defc1aa81a02958ab3d08

SHA1
77ab48a32c72a83881f7e438990658b7f421d698

SHA256
88d6b0a28eb26263bbf2f9bfbec9965f59d800b0fe87ccd046ffdc2dad3f78c9

SHA512
5f031a5e58e824f3f713602d5b75e9aafdb352f73927fb712b358708a6e11c76de4f4d3f551f0b926c11f6f31223a356ace06c16005ed0cff56afdefb2232da3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
c9c7b4913975a01a12ba1ea644c17da1

SHA1
74164ccdb6fcaab2dd3e45b761d358edad10d85b

SHA256
3789993196cb4dbd18d32d1733f2534665d3e7e3405765c58dd762c31e600800

SHA512
dcfb3ba22233df06f7ad63e468bee7baa17971fa00362e38af42c03d7beb4124761a1093748fc370005474cb678f2e590f176dc09192bfb8e805713bab3d4789

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
521B

MD5
da8922faf82e17ff2146aa5cc6cf8ec6

SHA1
a719a573223ef2756e823f7104cc9aff44894668

SHA256
13e13a32563eb591517fd4d04bc303cb997dae9ca8414a93ad3b597ba54d1546

SHA512
fd2cb1e2b51164fd0d8b1edee93be3ccbb73d0b182eef08e77a69339a34138c8002defa8c8227f8281bedbf1dee192a146552f69b92a7804c2f00d431cbcfb8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
b15181ebe4dab53388285dfccb364096

SHA1
1483439bd94670ba635106a08912ad4b4f50cfae

SHA256
3bc14cc4ecfde17641d0e6bf2e444138f8a89116e99321a9cd3673cf8fd492bc

SHA512
cafd1a0446528cf2358c504e28dd89aefdb22ca5b77871de3ac2b4189a2e5d72cebbd2acff940ee56820b066fb39fe67b3d12a32d8e95f0175a98b69e3f3f194

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c238ab3247005a8fdd798e4d3d5536dd

SHA1
7f75a5a777be089224736327f4702528a575bfc9

SHA256
52e4c287d7726bbf0cc0ce9dd37da378e49c39af5ee800038240f2eebb703ca8

SHA512
482df1f5ca8da3a3bd6657e82d91d7fc78cb054623c3e834dacf86936e6d34216fb59b7e7f4a5dd8d103938b8939070aea8473184aa1f96c8631c1fe112432f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5b9c455a2e81a500aa7c5ecacbb68993

SHA1
60f0fafeaeeebf79959a17d3bbf8466f712aa051

SHA256
74c4daf61265cd410048f09750a3ab61ffb23f60cf87d174f966f75953dcc2e5

SHA512
098e965db7ede5253792521ee1188e35b39675d79480ff3387587a58633d48b2750cb2521a564f23e5483f0f88b41fcb6ba6b5e71257ee161a0de2caba1fada8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4760c0bb07d2edd3f8df8d6771e4f567

SHA1
a38ef73b19ae08176a618a30f245483835ce078c

SHA256
dee8b3c3683beccd40d7a2b04c34578ab95684b95cc6e56ad3ba87b8c95ea0b8

SHA512
8ead2e1549d6dfc25e0253be774762fb506a7b522a90946ad095a7470826cccaefb90090c5085cd9ee004e484afa533309c39e60a29cc53b799da8c1cddab364

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c20f1c52e2bb3cea848186cce2a5c83c

SHA1
1491a0355b1886406f83bb086237b9d2ede3428e

SHA256
8cbd3e671eaf13da6865a6f7f43ada9b632442835ce7af79198fc29b69d9ff72

SHA512
0733e2ba1b24f4da529207e762890d9602ffbd6eedd15d81ebe4fd34ddc58b4bf232f48f7bc119c19f1dcac84c1006053f0f5b11154fc2fe9bc2828e21184366

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c2fdc4fbdce2580b7994cca6b681ecc1

SHA1
f4edc24055dec8dba537651101a166d9c16cfbfc

SHA256
35161764e36b9f6eb7b907101323168da9f711993e707336aeece1284762e3a2

SHA512
10f9b4adb6e295dfa37f11fd8c9e469b456a1ee7078cdacaa2ab525b3efae136eafb45197381c1fc5e193947b497e01bb43cef0448b8f677170e4c42683903b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
317446ab88d0793af6e3072b33807369

SHA1
52e74396cea89b4d3e8a1a152be0b063d7d95925

SHA256
cc7b94009eb9e2b9942c2e7ed44352388d1d434919b44b3f7385674354679eea

SHA512
f4a8ee52002de72fb3850891a532dd9d454de41fbbf91e6c56fa3a6ce73c8bf5cfe2b42370267f28806c3731b159f4d951ea879b7d5399e0b38f2d76ce1a7507

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
86cf3ebbbf8112c93e5dcaa0c5c75e05

SHA1
e3e38e3a51fb5a926027fb825f0a7b3c7adc3aa9

SHA256
b5fb319e3d0b5194e0d4d9b1a1682d536432efb66064aae3fbdcea8bfe72280f

SHA512
869883c3749747c676c0d40c8e8dd373fe600dd6acba97a2f0004414b1adf57ebdb360d039e78216183989731d721d9fab573c3527d70476b930a3b6b41638ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
13b587926d2f7bf637b702b46b203a6f

SHA1
c9dc7e87b89ca2641ba78b3772b30030276dca73

SHA256
c7545e93236496a91bd4abbabcd9a46edf001c94a978fda18ef44bf805ee08a4

SHA512
9391b167d77f107d6f79e18d61c26e93f5f2b1859fac0f28b7dd6ac89ae5fb42fc8ea0750d1d96a183f8b55ed565f0599bc69cb14f406d8677c020a249ec494f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4e6cbb7f20d27a162d82c8f22d1490e4

SHA1
8fc2987501220a8053c47104c8ef9f56aaf07d28

SHA256
8ef76ed22c21256fca3cff0e6186a47b39db3b032007578287fed4f71a7cc8b7

SHA512
abf383373692f5cc43c056367a397bccf73a175422a4704ab30cee983e91062767f775ca553c7e754586523216afa74af32a7fbf07fdb3ded6f88fef8b8fdd4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
047c0f53aabd1642f5fddd7110adaab9

SHA1
2c1196d7c963b76aa4b33f7c9833706c3ad73356

SHA256
acc1b3c73f9ad224a3ac5711f9e645e72a83d7a47847f44be131e79792d79a19

SHA512
b1b5ddd53db7cfbf0b43127b55289f275e0856fc415a94044e18a2f9c7c223bc4ee2dd36dcd559895236130387ca4c411234324d2533b12fcb977a67f7b01231

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
909f91f4d3be3d4e634e162c4e9b2755

SHA1
08eceae526eb4822b79f38ff3a709095349db690

SHA256
518cc6169253ae7332c92689790667994bd5864ebe37744745ed624c3feccd77

SHA512
892c90bec4f2498296ec02ab1322c0d3fa7189e342fb6e02fc37834ac72d374da5bb732d4272f4aa8e532e3b66789f7692e64b87ae57cd21a99749bbbdfc8e05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
4d5e9d81f8fd28566ef85fb0deb306f1

SHA1
129638c2b1ef70090b6527afef440a5aedd7881b

SHA256
acdce8b566991a38e8d4049ab5c5deb92f246f9d0e1dd44b0ea1d37c3121353d

SHA512
2f73e87d9c2de4cdd8e4bb80553ee324f58e531b440e714b661dbff0974a855a639b991c0d70d6322373fc04cc04f54127e907fbe189d37f27b3779ee77b815e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
214KB

MD5
b6ac70ada379a07110aff38f86ebe5be

SHA1
a26de77d0cd32495cd063908327b82df609a84db

SHA256
3cf263dca092fc863bfec7fe3b7313f7bf4b78654d679a7823cd989907b0f0ed

SHA512
9f4ac86f91ad8aba044994dacd3812ff8e48041ae36657f6702fdd63e9e214dc6c15879ff60a02172d1b4846e6dc0ce0398418e38e587db3d139668225d962d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
214KB

MD5
3b19fdf3ed91b634e20e409aaf7fd124

SHA1
d30902a83db2c7c4fa4e87069c219c27c02588ea

SHA256
4a0d8d144346a2202130781a9442ac04120bbf146718db0ebee07d8dbd20fcc0

SHA512
bd1253e5a80b9e44af40afa12aeeb210bb8daa0538ee9d6ea9b3d64b2cdc5e2ad7514b61e21669322bd01a5b49c95542e09096a2fbce55cd7932955b7f203a03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
249KB

MD5
e5639571c914369bd5b104252239543d

SHA1
a9e3153cfae830765056ae5901c89527504f57ca

SHA256
693e6643a91a77fb0efc56d0d7e889e420ab52660d50cc90019f162ce0266522

SHA512
20128490fb9145ddc184e808c0637ef4e87ffe4864f807f60965f014a97bac4370e56778a7af9af1c6cebb3fe7af57abe1d4e6c15e9ec1209b1cba26eb002051

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
214KB

MD5
f93726d08897569e9d5067f54e3c1d0b

SHA1
b6d4a8e929e9f552464b67b3db1bdf82a31301db

SHA256
7823583a387147d36343fe1d26f85b6444b2c56cd498139a6d38c98b9c89d563

SHA512
3052383cd65aa906546df990144dea454862c12a3db10e5fccfe13d63afb4b08e1cc0cd5fd2340b0dfce90412037052cff57bc2710ca8b0486909aeba48cec57

Download Submit
C:\Windows\Temp\1s2a2i8o.tmp

Filesize
37KB

MD5
f156a4a8ffd8c440348d52ef8498231c

SHA1
4d2f5e731a0cc9155220b560eb6560f24b623032

SHA256
7c3ca3161b9061c9b1ff70f401d9f02b2d01267bc76cbfcbc397a5aec60d4842

SHA512
48f3c273f072a8c3c73a1b835ed320a6b8962c2f8b5037a3b6c1bea5431b17d9c03e8d771cc205bbc067975c78307f2306c55dbc4c72e0a7c15c6b17b3afa170

Download Submit
C:\Windows\Temp\1s2a2i8o.tmp

Filesize
37KB

MD5
3bc9acd9c4b8384fb7ce6c08db87df6d

SHA1
936c93e3a01d5ae30d05711a97bbf3dfa5e0921f

SHA256
a3d7de3d70c7673e8af7275eede44c1596156b6503a9614c47bad2c8e5fa3f79

SHA512
f8508376d9fb001bce10a8cc56da5c67b31ff220afd01fb57e736e961f3a563731e84d6a6c046123e1a5c16d31f39d9b07528b64a8f432eac7baa433e1d23375

Download Submit
C:\Windows\Temp\1s9a4i0o.tmp

Filesize
37KB

MD5
e00dcc76e4dcd90994587375125de04b

SHA1
6677d2d6bd096ec1c0a12349540b636088da0e34

SHA256
c8709f5a8b971d136e2273d66e65449791ca8eba1f47dd767733ea52ee635447

SHA512
8df7bc46ef0b2e2d4da6d8f31b102ff4813c6544cb751eb700b79fa0fae780814551b58ec8d19ff29cbf8547709add7eef637a52a217714d1a18b450f6755ec8

Download Submit
C:\Windows\Temp\1s9a4i0o.tmp

Filesize
37KB

MD5
1f8c95b97229e09286b8a531f690c661

SHA1
b15b21c4912267b41861fb351f192849cca68a12

SHA256
557a903f0f2177e3e62b1a534dee554cf2eff3dd3991bc2310f064bf9c7d2152

SHA512
0f0e5b85b6ef73ecebcd70ca90ce54c019eec1ea99966c469f357dd3393d0067f591b3690fe0b7922d7ba4aa25ebefd76a092d28c3377e6035720f8630a1a186

Download Submit
C:\Windows\Temp\autBCA9.tmp

Filesize
14KB

MD5
9d5a0ef18cc4bb492930582064c5330f

SHA1
2ec4168fd3c5ea9f2b0ab6acd676a5b4a95848c8

SHA256
8f5bbcc572bc62feb13a669f856d21886a61888fd6288afd066272a27ea79bb3

SHA512
1dc3387790b051c3291692607312819f0967848961bc075799b5a2353efadd65f54db54ddf47c296bb6a9f48e94ec83086a4f8bf7200c64329a73fc7ec4340a4

Download Submit
C:\Windows\Temp\autBCAA.tmp

Filesize
12KB

MD5
efe44d9f6e4426a05e39f99ad407d3e7

SHA1
637c531222ee6a56780a7fdcd2b5078467b6e036

SHA256
5ea3b26c6b1b71edaef17ce365d50be963ae9f4cb79b39ec723fe6e9e4054366

SHA512
8014b60cef62ff5c94bf6338ee3385962cfc62aaa6c101a607c592ba00aea2d860f52e5f52be2a2a3b35310f135548e8d0b00211bfcf32d6b71198f5d3046b63

Download Submit
C:\Windows\Temp\autBCBA.tmp

Filesize
7KB

MD5
ecffd3e81c5f2e3c62bcdc122442b5f2

SHA1
d41567acbbb0107361c6ee1715fe41b416663f40

SHA256
9874ab363b07dcc7e9cd6022a380a64102c1814343642295239a9f120cb941c5

SHA512
7f84899b77e3e2c0a35fb4973f4cd57f170f7a22f862b08f01938cf7537c8af7c442ef2ae6e561739023f6c9928f93a59b50d463af6373ed344f68260bc47c76

Download Submit
memory/388-87-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/1228-193-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/1228-192-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/1228-126-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/1228-155-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/1228-88-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/1228-161-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/1228-66-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/1228-65-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/1228-173-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/1228-554-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/1228-380-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/1228-213-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/1228-237-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/1228-266-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/1228-256-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/1940-44-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/1940-21-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/2992-0-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/2992-22-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download