489a0bf7836aa97dae47450d649b8ab40172c96b8df5800d721459401a81ef94

Analysis

max time kernel
674s
max time network
676s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
17-10-2024 08:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bb/BD2.Net Injector.exe
Size

911KB
MD5

f896fd2230ec80959e01c4d3ede8cd70
SHA1

02a15f21a6f9664d1c7923228d24051bcf6afa0f
SHA256

1876a63391a12016b8b5ae4fb7cc67d0f1ab163f51c673a79ee98e01fe01055f
SHA512

9bbe552ecf9f33b41656068513516469c6c068b99fb76babdfc00f0252bdf13c7d3a9dfdffcb46c18f73fa3b771f3b887fa053008b74b2e38a6d08e6f8bfe7b6
SSDEEP

3072:voTMwtSRo6lhc7NEZgxgRmGGB1jGKGbhgoaKbeRDuoRlAwKBb9RkxYJ:QowtqoqMEOOmGGfjGRioCRDjRlA1Rkx

Score

8^/10

discovery evasion motw persistence phishing privilege_escalation

Malware Config

Signatures

Modifies Windows Firewall 2 TTPs 1 IoCs

evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
6516	netsh.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	ssz‮exe..Scr
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	LocalJtOyKdslqW.exe

Executes dropped EXE 4 IoCs

pid	Process
4748	ssz‮exe..Scr
4524	LocalJtOyKdslqW.exe
6584	LocalvQleMhESST..exe
6080	svchost.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0d908776515dcc85e2d9e12ad50db4e5 = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\svchost.exe\" .."	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0d908776515dcc85e2d9e12ad50db4e5 = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\svchost.exe\" .."	svchost.exe

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs

phishing motw

flow	ioc
741	https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Crashpad\metadata	setup.exe
File opened for modification	C:\Program Files\Crashpad\settings.dat	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5484	6584	WerFault.exe	217

System Location Discovery: System Language Discovery 1 TTPs 10 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cvtres.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cvtres.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BD2.Net Injector.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	csc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	csc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	LocalJtOyKdslqW.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	LocalvQleMhESST..exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133736271522998344"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0 = 56003100000000004759f14912004170704461746100400009000400efbe4759f1495159fb422e0000006ee10100000001000000000000000000000000000000d06b11004100700070004400610074006100000016000000	BD2.Net Injector.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	BD2.Net Injector.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 010000000000000002000000ffffffff	BD2.Net Injector.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 000000000100000002000000ffffffff	BD2.Net Injector.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	BD2.Net Injector.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	BD2.Net Injector.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	BD2.Net Injector.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	BD2.Net Injector.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	BD2.Net Injector.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	BD2.Net Injector.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "2"	BD2.Net Injector.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell	BD2.Net Injector.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	BD2.Net Injector.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	BD2.Net Injector.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	BD2.Net Injector.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac04000000c8000000354b179bff40d211a27e00c04fc308710300000080000000354b179bff40d211a27e00c04fc308710200000080000000	BD2.Net Injector.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	BD2.Net Injector.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	BD2.Net Injector.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	BD2.Net Injector.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	BD2.Net Injector.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "48"	BD2.Net Injector.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	BD2.Net Injector.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\0\0\0	BD2.Net Injector.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	BD2.Net Injector.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	BD2.Net Injector.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8	BD2.Net Injector.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	BD2.Net Injector.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	BD2.Net Injector.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg	BD2.Net Injector.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	BD2.Net Injector.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	BD2.Net Injector.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	BD2.Net Injector.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	BD2.Net Injector.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg	BD2.Net Injector.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	BD2.Net Injector.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	BD2.Net Injector.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	BD2.Net Injector.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	BD2.Net Injector.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	BD2.Net Injector.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	BD2.Net Injector.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	BD2.Net Injector.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	BD2.Net Injector.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings	BD2.Net Injector.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	BD2.Net Injector.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	BD2.Net Injector.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	BD2.Net Injector.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	BD2.Net Injector.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	BD2.Net Injector.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\0\0\0\0\MRUListEx = ffffffff	BD2.Net Injector.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	BD2.Net Injector.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	BD2.Net Injector.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	BD2.Net Injector.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	BD2.Net Injector.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\0\0\0\0	BD2.Net Injector.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\3 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe11000000b8c5b0769918db015781ca689f18db016de4cc689f18db0114000000	BD2.Net Injector.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202020202	BD2.Net Injector.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	BD2.Net Injector.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	BD2.Net Injector.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell	BD2.Net Injector.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0 = 78003100000000004759f1491100557365727300640009000400efbe874f77485159fb422e000000c70500000000010000000000000000003a00000000009c1a220055007300650072007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003300000014000000	BD2.Net Injector.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\0\MRUListEx = 00000000ffffffff	BD2.Net Injector.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	BD2.Net Injector.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	BD2.Net Injector.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\NodeSlot = "2"	BD2.Net Injector.exe

Suspicious behavior: EnumeratesProcesses 52 IoCs

pid	Process
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
3928	chrome.exe
3928	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
4412	taskmgr.exe
4412	taskmgr.exe
4412	taskmgr.exe
4412	taskmgr.exe
4412	taskmgr.exe
4412	taskmgr.exe
4412	taskmgr.exe
4412	taskmgr.exe
4412	taskmgr.exe
4412	taskmgr.exe
4412	taskmgr.exe
4412	taskmgr.exe
4412	taskmgr.exe
4412	taskmgr.exe
4412	taskmgr.exe
4412	taskmgr.exe
4412	taskmgr.exe
4412	taskmgr.exe
4412	taskmgr.exe
4412	taskmgr.exe
4412	taskmgr.exe
4412	taskmgr.exe
4412	taskmgr.exe
4412	taskmgr.exe
4412	taskmgr.exe
4412	taskmgr.exe
4412	taskmgr.exe
4412	taskmgr.exe
4412	taskmgr.exe
4412	taskmgr.exe
4412	taskmgr.exe
4412	taskmgr.exe
4412	taskmgr.exe
4412	taskmgr.exe
4412	taskmgr.exe
4412	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
764	BD2.Net Injector.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	648	taskmgr.exe
Token: SeSystemProfilePrivilege	648	taskmgr.exe
Token: SeCreateGlobalPrivilege	648	taskmgr.exe
Token: 33	648	taskmgr.exe
Token: SeIncBasePriorityPrivilege	648	taskmgr.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
764	BD2.Net Injector.exe
764	BD2.Net Injector.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
648	taskmgr.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
4412	taskmgr.exe
4412	taskmgr.exe
4412	taskmgr.exe
4412	taskmgr.exe

Suspicious use of SetWindowsHookEx 24 IoCs

pid	Process
764	BD2.Net Injector.exe
764	BD2.Net Injector.exe
764	BD2.Net Injector.exe
764	BD2.Net Injector.exe
764	BD2.Net Injector.exe
764	BD2.Net Injector.exe
764	BD2.Net Injector.exe
764	BD2.Net Injector.exe
764	BD2.Net Injector.exe
764	BD2.Net Injector.exe
764	BD2.Net Injector.exe
764	BD2.Net Injector.exe
764	BD2.Net Injector.exe
764	BD2.Net Injector.exe
764	BD2.Net Injector.exe
764	BD2.Net Injector.exe
764	BD2.Net Injector.exe
764	BD2.Net Injector.exe
764	BD2.Net Injector.exe
764	BD2.Net Injector.exe
764	BD2.Net Injector.exe
764	BD2.Net Injector.exe
764	BD2.Net Injector.exe
764	BD2.Net Injector.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3928 wrote to memory of 5096	3928	chrome.exe	116
PID 3928 wrote to memory of 5096	3928	chrome.exe	116
PID 3928 wrote to memory of 5084	3928	chrome.exe	117
PID 3928 wrote to memory of 5084	3928	chrome.exe	117
PID 3928 wrote to memory of 5084	3928	chrome.exe	117
PID 3928 wrote to memory of 5084	3928	chrome.exe	117
PID 3928 wrote to memory of 5084	3928	chrome.exe	117
PID 3928 wrote to memory of 5084	3928	chrome.exe	117
PID 3928 wrote to memory of 5084	3928	chrome.exe	117
PID 3928 wrote to memory of 5084	3928	chrome.exe	117
PID 3928 wrote to memory of 5084	3928	chrome.exe	117
PID 3928 wrote to memory of 5084	3928	chrome.exe	117
PID 3928 wrote to memory of 5084	3928	chrome.exe	117
PID 3928 wrote to memory of 5084	3928	chrome.exe	117
PID 3928 wrote to memory of 5084	3928	chrome.exe	117
PID 3928 wrote to memory of 5084	3928	chrome.exe	117
PID 3928 wrote to memory of 5084	3928	chrome.exe	117
PID 3928 wrote to memory of 5084	3928	chrome.exe	117
PID 3928 wrote to memory of 5084	3928	chrome.exe	117
PID 3928 wrote to memory of 5084	3928	chrome.exe	117
PID 3928 wrote to memory of 5084	3928	chrome.exe	117
PID 3928 wrote to memory of 5084	3928	chrome.exe	117
PID 3928 wrote to memory of 5084	3928	chrome.exe	117
PID 3928 wrote to memory of 5084	3928	chrome.exe	117
PID 3928 wrote to memory of 5084	3928	chrome.exe	117
PID 3928 wrote to memory of 5084	3928	chrome.exe	117
PID 3928 wrote to memory of 5084	3928	chrome.exe	117
PID 3928 wrote to memory of 5084	3928	chrome.exe	117
PID 3928 wrote to memory of 5084	3928	chrome.exe	117
PID 3928 wrote to memory of 5084	3928	chrome.exe	117
PID 3928 wrote to memory of 5084	3928	chrome.exe	117
PID 3928 wrote to memory of 5084	3928	chrome.exe	117
PID 3928 wrote to memory of 2588	3928	chrome.exe	118
PID 3928 wrote to memory of 2588	3928	chrome.exe	118
PID 3928 wrote to memory of 2032	3928	chrome.exe	119
PID 3928 wrote to memory of 2032	3928	chrome.exe	119
PID 3928 wrote to memory of 2032	3928	chrome.exe	119
PID 3928 wrote to memory of 2032	3928	chrome.exe	119
PID 3928 wrote to memory of 2032	3928	chrome.exe	119
PID 3928 wrote to memory of 2032	3928	chrome.exe	119
PID 3928 wrote to memory of 2032	3928	chrome.exe	119
PID 3928 wrote to memory of 2032	3928	chrome.exe	119
PID 3928 wrote to memory of 2032	3928	chrome.exe	119
PID 3928 wrote to memory of 2032	3928	chrome.exe	119
PID 3928 wrote to memory of 2032	3928	chrome.exe	119
PID 3928 wrote to memory of 2032	3928	chrome.exe	119
PID 3928 wrote to memory of 2032	3928	chrome.exe	119
PID 3928 wrote to memory of 2032	3928	chrome.exe	119
PID 3928 wrote to memory of 2032	3928	chrome.exe	119
PID 3928 wrote to memory of 2032	3928	chrome.exe	119
PID 3928 wrote to memory of 2032	3928	chrome.exe	119
PID 3928 wrote to memory of 2032	3928	chrome.exe	119
PID 3928 wrote to memory of 2032	3928	chrome.exe	119
PID 3928 wrote to memory of 2032	3928	chrome.exe	119
PID 3928 wrote to memory of 2032	3928	chrome.exe	119
PID 3928 wrote to memory of 2032	3928	chrome.exe	119
PID 3928 wrote to memory of 2032	3928	chrome.exe	119
PID 3928 wrote to memory of 2032	3928	chrome.exe	119
PID 3928 wrote to memory of 2032	3928	chrome.exe	119
PID 3928 wrote to memory of 2032	3928	chrome.exe	119
PID 3928 wrote to memory of 2032	3928	chrome.exe	119
PID 3928 wrote to memory of 2032	3928	chrome.exe	119
PID 3928 wrote to memory of 2032	3928	chrome.exe	119
PID 3928 wrote to memory of 2032	3928	chrome.exe	119

C:\Users\Admin\AppData\Local\Temp\bb\BD2.Net Injector.exe
"C:\Users\Admin\AppData\Local\Temp\bb\BD2.Net Injector.exe"
1⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:764
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\g8uc0aup.cmdline"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5460
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES84C4.tmp" "c:\Users\Admin\AppData\Local\Temp\bb\hh\CSC84C3.tmp"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:628
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\wyp5vprg.cmdline"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:7016
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESBB11.tmp" "c:\Users\Admin\Downloads\CSCBB10.tmp"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4908

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
1⤵
- System Location Discovery: System Language Discovery
PID:4508

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:648

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2172

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffee6f5cc40,0x7ffee6f5cc4c,0x7ffee6f5cc58
  2⤵
  PID:5096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2052,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2012 /prefetch:2
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1824,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  PID:2588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2300,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2712 /prefetch:8
  2⤵
  PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3188,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3252,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3716,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4600 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4716,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4744 /prefetch:8
  2⤵
  PID:4804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4860,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4872 /prefetch:8
  2⤵
  PID:4580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4968,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4804 /prefetch:8
  2⤵
  PID:3040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4912,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4988 /prefetch:8
  2⤵
  PID:2140
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Program Files directory
  PID:2148
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0x7ff78bdb4698,0x7ff78bdb46a4,0x7ff78bdb46b0
    3⤵
    - Drops file in Program Files directory
    PID:3512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5188,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:2860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4064,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3804 /prefetch:1
  2⤵
  PID:3224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4908,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5384 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=240,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5384,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3504,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3544 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3240,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5576,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:2484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5516,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:2248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6028,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6032 /prefetch:8
  2⤵
  PID:1324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6040,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:3948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6348,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6344 /prefetch:8
  2⤵
  PID:3640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6332,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6376 /prefetch:8
  2⤵
  PID:1660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6644,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6692 /prefetch:1
  2⤵
  PID:1904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=6804,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6816 /prefetch:1
  2⤵
  PID:1552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=7000,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6852 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=7020,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6976 /prefetch:1
  2⤵
  PID:4072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=7124,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7144 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=7156,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7280 /prefetch:1
  2⤵
  PID:4052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=6800,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3552 /prefetch:1
  2⤵
  PID:632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=7712,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:3452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=7392,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3564 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=7580,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7988 /prefetch:1
  2⤵
  PID:2884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=8320,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8344 /prefetch:1
  2⤵
  PID:224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=7828,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8312 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=8008,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8100 /prefetch:1
  2⤵
  PID:5484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=8212,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8244 /prefetch:1
  2⤵
  PID:5492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=8644,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7752 /prefetch:1
  2⤵
  PID:5500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=8624,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7820 /prefetch:1
  2⤵
  PID:5508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=6224,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6204 /prefetch:1
  2⤵
  PID:5516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=8116,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7296 /prefetch:1
  2⤵
  PID:5524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=8252,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8520 /prefetch:1
  2⤵
  PID:5532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=8268,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8584 /prefetch:1
  2⤵
  PID:5540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=8352,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6484 /prefetch:1
  2⤵
  PID:5556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=8104,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8980 /prefetch:1
  2⤵
  PID:5632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=3304,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8260 /prefetch:1
  2⤵
  PID:5640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=8668,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9024 /prefetch:1
  2⤵
  PID:5648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=8780,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8724 /prefetch:1
  2⤵
  PID:5656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=7604,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8672 /prefetch:1
  2⤵
  PID:6024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=6164,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7748 /prefetch:1
  2⤵
  PID:6084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --field-trial-handle=8120,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8540 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --field-trial-handle=9076,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9060 /prefetch:1
  2⤵
  PID:5188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --field-trial-handle=9044,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8892 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --field-trial-handle=8932,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9576 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --field-trial-handle=9608,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9612 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --field-trial-handle=9620,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9632 /prefetch:1
  2⤵
  PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --field-trial-handle=9640,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8024 /prefetch:1
  2⤵
  PID:2592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --field-trial-handle=9676,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7628 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --field-trial-handle=9684,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10092 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --field-trial-handle=8952,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10232 /prefetch:1
  2⤵
  PID:5552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --field-trial-handle=9564,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10432 /prefetch:1
  2⤵
  PID:5484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --field-trial-handle=9696,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6208 /prefetch:1
  2⤵
  PID:5504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --field-trial-handle=9648,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9724 /prefetch:1
  2⤵
  PID:5868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --field-trial-handle=9760,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9712 /prefetch:1
  2⤵
  PID:6020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --field-trial-handle=9700,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10780 /prefetch:1
  2⤵
  PID:6016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --field-trial-handle=9688,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10912 /prefetch:1
  2⤵
  PID:6080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --field-trial-handle=9740,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11044 /prefetch:1
  2⤵
  PID:3640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --field-trial-handle=9732,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11180 /prefetch:1
  2⤵
  PID:5252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --field-trial-handle=9764,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11324 /prefetch:1
  2⤵
  PID:1984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --field-trial-handle=9780,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11440 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --field-trial-handle=9792,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11672 /prefetch:1
  2⤵
  PID:6272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --field-trial-handle=9796,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11696 /prefetch:1
  2⤵
  PID:6280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --field-trial-handle=9812,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11956 /prefetch:1
  2⤵
  PID:6476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --field-trial-handle=9840,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11980 /prefetch:1
  2⤵
  PID:6484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --field-trial-handle=9844,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=12096 /prefetch:1
  2⤵
  PID:6492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --field-trial-handle=9864,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=12212 /prefetch:1
  2⤵
  PID:6500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --field-trial-handle=9884,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=12324 /prefetch:1
  2⤵
  PID:6508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --field-trial-handle=9928,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=12456 /prefetch:1
  2⤵
  PID:6516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --field-trial-handle=9940,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=12572 /prefetch:1
  2⤵
  PID:6524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --field-trial-handle=7488,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9768 /prefetch:1
  2⤵
  PID:6396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --field-trial-handle=4608,i,12887796128971428135,17329198506570918413,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4520 /prefetch:1
  2⤵
  PID:6452

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3716

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:632

C:\Users\Admin\Downloads\ssz‮exe..Scr
"C:\Users\Admin\Downloads\ssz‮exe..Scr" /S
1⤵
- Checks computer location settings
- Executes dropped EXE
PID:4748
- C:\Users\Admin\AppData\LocalJtOyKdslqW.exe
  "C:\Users\Admin\AppData\LocalJtOyKdslqW.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4524
- - C:\Users\Admin\AppData\Local\Temp\svchost.exe
    "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    PID:6080
  - - C:\Windows\SysWOW64\netsh.exe
      netsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\svchost.exe" "svchost.exe" ENABLE
      4⤵
      Modifies Windows Firewall
      Event Triggered Execution: Netsh Helper DLL
      System Location Discovery: System Language Discovery
      PID:6516
- C:\Users\Admin\AppData\LocalvQleMhESST..exe
  "C:\Users\Admin\AppData\LocalvQleMhESST..exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:6584
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 6584 -s 876
    3⤵
    - Program crash
    PID:5484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 6584 -ip 6584
1⤵
PID:5608

C:\Users\Admin\Downloads\ddd\ssz‮exe..Scr
"C:\Users\Admin\Downloads\ddd\ssz‮exe..Scr" /S
1⤵
PID:5184

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SendNotifyMessage
PID:4412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalJtOyKdslqW.exe

Filesize
37KB

MD5
e4b2e29b22be80fdde69dc5fa2aace1d

SHA1
2a075d4f3c7b01910968c2383673d949f5d49981

SHA256
463bceede57dbd0fc630a6c562a39929c1727398d146df10760f3b9aea9d3e8c

SHA512
e513e3cd00d71780d2ceb7447e2a7eb231bbef90b624c9ad9959589e0adbf99603c797a09379094c9f41240fe2310a8324224ba82290cc565b3eebbf401a11f7

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\20176b78-30d7-4559-84f7-3251ffa3945c.tmp

Filesize
10KB

MD5
2470cd12b46af14323e878834397f8fa

SHA1
fc5add3ffbbf45147e2fde0def0d2d014695c32d

SHA256
ebc5461a0bbcc82a1fff04ae3e625bed7211aca9ebd188db136d596ac921c66b

SHA512
5f0625209efbb6ae2fcfcb2b4368686697d97d5cfb8126870128ed1c2c9da2030af0618d1eeeab4a13b5c9adf870c61e964ad20e840829dea2d183f51d1679c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
326b6f5833ff24f0a95932b6f4f22705

SHA1
6123385936d2e23ce1e8990c71cf0f7e28393153

SHA256
7b4a7e74a6dffa39e32f238145c5cffa6c930c113c85465cb4f2b29f4cf3fcc3

SHA512
ff1567246b3c4dadc641bbc1f9d22da5a46400eca027ed717e6c6ff7baba554e97fe61ad46b930baa2d201eb7e5b30bccb0d42dfdb391fba56adb508e2744a22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
215KB

MD5
1585c4c0ffdb55b2a4fdc0b0f5c317be

SHA1
aac0e0f12332063c75c690458b2cfe5acb800d0a

SHA256
18a1cfc3b339903a71e6a68791cde83fca626a4c1a22be5cb7755c9f2343e2a5

SHA512
7021ed87f0c97edc3a8ff838202fa444841eafcbfa4e00e722b723393a1ac679279aa744e8edde237a05be6060527a0c7e64a36148bd2d1316d5589d78d08e23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
402KB

MD5
8aa9c9b5f2a356a1ba4d1d52cd567bea

SHA1
f329e950a0d72f4aa6165b1db412035edd491962

SHA256
2971bbe95f73b415ace20ca0a9496c36515707a70dc17ea8a26d6e3544045372

SHA512
7a712b458a4c67044be7b443f918904f8462e53b46abf14c1e729ba31f11df9053acd61a23dd400a13a9b2b1d71f21416aa9cfca72023d35451ed5e04b80ab54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
168KB

MD5
3f6c5d514290596ff4f2e65fd6799db7

SHA1
9f906b1a03663311398ac99a6406da9b030d49b7

SHA256
12af5ae614f78775181955bb0ec8ce5e7f7ff01561ddba709f3c551d6d4b1d8c

SHA512
a9993a9de8a08aa30efb662b7852cb040de2216e7271805cb0cb9e064354cd04f8d7928aefd3c95f10bc3cfb6e987a1e6f5e858c3904c20e5a920688a39f3873

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

Filesize
21KB

MD5
c69b39cca3a3c5a67c0b25111f965411

SHA1
1314022da524c52eb53fa547cdaf0db012a0e589

SHA256
d44d542daa3d49d6185f400cb3890eeacf2ececd3ca6ac68b940cca9215ccd2d

SHA512
94a33f12f04ff64e9a277546197a7e8867ea7f69d6f09fb917de60223e7a4464ec468a352c66977a25689dd91e4eb2ade06a4c597bbd846810fd6ae6c2d0f569

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
a03d58c1c03bdffd1107056e543f10cb

SHA1
082cc364d756dfb101c2697aa78075b66467ae49

SHA256
362f5ae92a4168ee1ab4831733e58fa9425816656a732804c8873a785d400a2e

SHA512
a711fd626fd60efa9a42060f56a0a619dcf73336d9c266a54ab95f59ed9a2c96d5761fbb4bd55ff73cbb532a3e3834dd2ee8f00082f1bc949af7ad9e304d2000

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
48b1e422b94f7272e6ea754774fefa6b

SHA1
04fc845f8af5671706582011573365a0805bf676

SHA256
8f01b4b8478243435d9c5ad36df2baf0842fd2ac36624dd01743c481c54da8b2

SHA512
412a8843cf9ded275ab6f8c45c023e1222882b7cbfaa4a1c3dba9f2ddd20bff156d0722b070ff09c3a5997993354c600c87c1e9aa31273e89ba87bc39faf776e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
cb98b73a252691752bbea267d24e8a30

SHA1
d573b690cd12b937ac829cdc091431a9129f33b6

SHA256
32f35a04d2c32f8f82bbd5713b30e2500ceae3845c32c58a97925bee92340004

SHA512
71dbd1a618ab98aa95240e3dcdb88d4c0db6a2f1a27bd305fa7232b731d47fe22e999cc25b45442f68b68bcf07fc1039ffa97c90b1040a934ac83a32c6f82743

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
7031ce98b282eea3f963bc7daac0da69

SHA1
dc483c8015e5edd15db452aaba15699ed4e31322

SHA256
c196f075b032f533e69774a7e98b4f778722585a3ab59254876dfe5534be645a

SHA512
b0261492ba8911e3ecb1b36c9b0846fbf144c1b7c55ad4ab0cdf44f2b680bab588e81288f7bdc69cd1d79743643f5ffbb3d2523fe43e2b38c11b5f35b966a569

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
69dd2de7330774b83482f7ae226f9535

SHA1
4c1dc4d4370cc5f784e5a6e5cd7ca60f33ffda2d

SHA256
2485431a33ae12c778cbb76a92b6159b027877ebf9c93538422dd751cf55379f

SHA512
6e6187974e03287d2ead5a027adf06c69c0168fafa4ca0016a1d29f409c3b408ec24c14126bcba48da58c0d11760cfc385fa0042df31acd0b2a6e690795cddff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
79a768774ccd3208e37aa00d9e72d7d7

SHA1
38a86593475c5e7f90fed00a0e0f4b7b5a77804e

SHA256
ac8447f30d8091d6622d15f899bbea9ec85882a6b2443f48a35402f46f8f262e

SHA512
217d978c55d3850ef681c56fcbe1ef36001650a453c2f7e69cd9475ac783114736749015791498f1ac4ae7321a1ff5b49819b0a5e349442a449fc61d6251b689

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
35KB

MD5
6a8853a19862d56e401e45347110a769

SHA1
f83e357468ae7de088263af5e02ff6b588512aec

SHA256
e39d68b4544aac30db44822616b766d208300e04e49e55ee025e3ac5851d2dd5

SHA512
5695e68f333990e6517f5175eb9ea3ce66137e075b4420d6614f1688d5e01bad8199dd1b474db95bba16e50f7d54398c56f050e49e349a0692c1e2b2a3c9a937

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
c397e176384d6614a71c28cac90c0ce7

SHA1
2cc7446bdc80a8892b7d38df8e2af3ee8f209a63

SHA256
6037416263cecbf3bd973106e1d46c04a54945007ac95b79bfb1be465da1c12e

SHA512
f377411815128c410348220c10bf71209a6d680e9e7d2b1e57ece8d5974daf63c9d8eb489d395f2402c55c36609ee3de315c46a7c675e915190858cd1950cbdf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
ccefeff00f3cccb5f4d1d9b4c7a14c66

SHA1
dfa21e0dd1c64425a5b7f7e6555bae5a387fcc69

SHA256
7018505047844a7ed5ba726ad690071d079bbd5f69663040b08ba169efe4d86b

SHA512
43befefdd0032b515dda598a7e60226f91e511e18cf3c22c0d38981e87e94f13ad78bd9cbed63e2f8988ec08b6213889a5e86f9fd2547a6779980d1f0c0cec8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
3204a6b5446144239c945fc60239f6f6

SHA1
202d3fb10a87e5a71c2ac798b0aa7c3748e9a4b9

SHA256
224b374d95621c73049a8f0c3a82eac92e09d8ec743b218819e6178edb41604d

SHA512
1bc0547fc58c1c5250f41317ec5a9c54f8e46bfd04aeacbf8530e14189973703308f5db673e4211196e657c5ac5a4b765bdb1303790937d5ffb189be849ec798

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
b94b4bdb7f6c0aae66af004faeee6fba

SHA1
0e27219b95d93d00a1e745feaa2e7b140537ff20

SHA256
34a5ca75c2dbc69a2acfe87084e40f3a9102f50de9caac475c5a71c71c638651

SHA512
ff3b4097084a7d4b91c0bd291605fa62215cdb8045146ebf31be0a44a7aa535a0204be2c7c196288e03be04c74a63e111cebddad9d70827588bdd34fde9ea762

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
20ca2ea366cabf99dc88b5b0bd3fc915

SHA1
50c2f41fd5b2ad6df21a1e706ff3b1b38a6543aa

SHA256
0fff06a1ad522c1a70f9bcaaa8140a86ef958c680a8c7a19af9d8e6946ee87e1

SHA512
9ca42d56ff0a620763b715c53ff2b28d7e76bfdb199b01d4e602581894def30c8be31e680a0e9739455d12af6d6218fc65b1cbdf2d933ca332478138071a2419

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
ff5e029d02ddc18cf03fa51c063639a3

SHA1
548c4090a6d4a5819be6088bc02fca5b6412a6c8

SHA256
bb934a95d4285869325eb96a5d68ab4d13e89aff89e429af0b73134d1e101bf1

SHA512
9b21d5cc1218644fbcdcd38dbcaf6ac5868c03fdd4f2baea60d99bfa31dc765b869c291b665a1c14ef05c95378574c006746fce92927e788b9bd9db85b0c7916

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
a1c12adccbc2d5b25f52c29234d835aa

SHA1
ae3f3b0e3629d095a017843a483ad18b73c40258

SHA256
7bbb7b06ecd3caf42087a9630e129c475c010f564bfdb3a861160a533d8c2351

SHA512
c52fba661aa91e0dd54286b1e045043e3f96e2966c807d478429c7225c76d0c046364c8a728b5f34873652ef6cd7fa9cd7f7403305b7f6d654f277949b9e5c9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6888ccc5abb546d04c2174438bc34b27

SHA1
997e0bdf418b57fa6b12e6133ce83c076876ae7f

SHA256
3a2431e375cb7c433b6643a3cea742148f8aadacc40beb0fafa97888d9032c2e

SHA512
5afaeb96192bfc3432c9a84ad59dbe60b5ea586c6e60315b870d1f22d10c3267bfefc75e2a06d1f199c0993e0546c50e8734038173906df6158108a3a61f9d53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ee3ddfd0bfbeaac542b811e212727c21

SHA1
30e51fa0a86d33a4faad1a7204f33b9f7617466b

SHA256
4223364f15323dc27ceb4289d8fc91f1b10ba7fb1ba98dfc4477e7004f986883

SHA512
66d6a119d7ef3614a67c2e814c6542214e00153d76b4a329d47cdce383ea77f5ee0e5270a58c2d49cb3cd449ed28f7eda27077c6616f7ae1eed1bee3eddb3b72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7878c690c4f5f5a567d54f534f35900a

SHA1
5f43fe7674f16482a393e88565c54aaba94ae68b

SHA256
3eb2cccc74d3fe85c8bf3624f23d2c1628d73a55e9b4f4ec562b0acd0bad4ac2

SHA512
4975c78fb2605841df6de75d3abf7c44b87fd9d4be992d6385a343b0cf2de8c87820ad9c7f2a2971acdb5aafc00b9f289bda9aa73eee1716631b95782a0098e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3d8027316d83184bc387558a995293ef

SHA1
e38e1a414e24131861f05f3d928d140c48182d07

SHA256
c5b4955818bd0d08f037d7f45f96028636033be607ee9083334a2dacc139ec78

SHA512
1ee62646b3a5d33784a386538d144b4ad3cec6d3c1dffbf3c3e177d9bef4a06541eb0cc8ff014dc4faddc6ce3916db4823f70d6ae7d2ce46e2546f866bfaec7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
209b8a5bdae5cfdd242620f26d1fdd89

SHA1
04bf96aa710cf493489cc028344ebd75d1e9863d

SHA256
cbc7938a8f186e6c0a2ee8dcd5d6517c0b8aa41d541e147deb0f30d10fcc9b4f

SHA512
aea812cd860e80c8cd60499b440215fce50e425cb02a3fdf4f6be55740277978bc514d811f16db71d5b3dc4c1ce426b6f43809260525e55ce8d924eadcddcb68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3ac4dd117239e41fa99e9c13c45b74fa

SHA1
972c68c604de4961acd3148d2e43a8e7697df81e

SHA256
dbab5bb43a5e0bba5db0e6d41350dd19180d045b0beaff9bf62d4b73291ba79d

SHA512
b530e1d01d401dfc0bf430bdc1dbb993979e2e8f67f69669640b3eac9e55747c8bd9054eb9299e457bb2a0ac10154f9ea878ae2f8bc0c54983f67c6c3739b5ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
145bec9863daf63f92c1ef0149984743

SHA1
5b8d30561c62669e33d4a9ee2bb4a7efa4b95377

SHA256
40056dda3f4ac951d742b7bc11b86e717b03c6f3e63c0dba5eda83c90f01dbc0

SHA512
dc7c4540ac456100f6a453dd77ead155b2beb661bc9e5cf4c3ed636e6396afdfbfa79e844a4245fc81ecadf8677618e52f626c5772d16a91503a62acb8017015

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
59a1836f1bca687723c87c925e92a01c

SHA1
4caff0d8c9ba67306648abf948a46e603c0cf880

SHA256
2e9ddc0983c3df74b5d234409918fe300f89f9f8cb8553765617b178c3c0d43d

SHA512
45263a74abfb3c399cfc8b0bcc31c13b0a7237967f4e6a05f8fc50370b88444e22848bbf6e826139dea518844ea3e6da909ce36665f6d8c1f4315484285dc814

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
07740fd3678e951e9ba710d172f3d3c6

SHA1
d180403d67082c4e7410786fc8ca0781e586b00a

SHA256
d0a15d4d0dabb792ef9a7a020bfb3efb7e96c5e3b4dc2639b50b62ea13bb0d6e

SHA512
21b3dfe40a09cdd07ad6133a95afc42fbc75e196e42e9d129f1e62f0fc97ab57aa2be1acd70d31eb86e2881f28cc390a9802cb65af3d45d69236cbaeb8ce0fc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
614a5adcec8d93c49b0a30c8bc06de0c

SHA1
b2010a9cbad3f346fe22efc47d1ec79726eb3771

SHA256
dbb4d0e02cfd93970ae7b74ae8eb4effca790e20b399a5edaf521222e30d932e

SHA512
8dfa23b099035c924bf80d704a095ec8628ca5dc058433d52612343ace7f005362e10a45f2054c29ca127a47edc19e463de02109645d181db682cb378406cc87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
44f9ede8eec73c16f8b0afbd6b4b38c3

SHA1
86a87ae5326ed3b6c6ac112ac7a9d37077003479

SHA256
e4b18abf860e981b7ff6d568bfb69263374f668e979ca71ed3c455bbfdbc96f4

SHA512
1d6aad2cbbf0a830d16533c6fb1a08b746ecb67a490f4ffc39970e98bcc1c5ae3d141b677e10c35684dc9dfe8c755bcec1f1edddc99e5fec75935d1019e973a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
77f2da670ee9916a551c10c7f3f653ff

SHA1
a2da589f4af6d95fad3d28f716fdfa5bd2522b97

SHA256
54bd1cbab8830827373268a3c54b3cd3b2a53abd52aa7d4780ec07ca311fca21

SHA512
b23c592ab4d512b62f1f9c9b3d0decfc4bbd77f7d21c9510feec9cedcb85f6c15c0667b1c93f8f26e6f630f76e83728f5abf39ad8da407b14346bcdc1810d10d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f2ca0668b07f6cde738210f561815283

SHA1
9b19152b3cb8c69fd72c0f73b9bda98578b34268

SHA256
1992fddaaee0bd9ec48119e5b39d962a2d4e48496df7cd29e363d0f6d824526b

SHA512
67f595a8492a207c211f84f36009fe59f7856da3acdf92ffc66944cee0364ec426c6c35d292b822f61a6c1e430ec76489faf251d03437ab46ca49d8a69fc6a66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c8ac98e9e27306ec7688d292f16a2eeb

SHA1
9544a2f7d157fbd4abf8a8ecd85f4f2d7caa4ac3

SHA256
9f67e716676368090b0377ae468160340021add99bc86ef44cba30309abf51f8

SHA512
4f04d37b0d9e9cbc903bd45302d9937579f87b4bfbcea68c8862e70e576fa20daad4b6c28ae232c5729b0971d14543c0e03f2422c4a166a46a4513960c942771

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
66c6ff4ba9317f02a8ade622b196516d

SHA1
62213c0d870484b349cf024faf25179ca175f984

SHA256
ccfe5f316927ea061cedeaa7991211f4fffddad865fe6e3cb1187923955632b0

SHA512
f5779a3c9a57f1701685f097ee6764227aee50030bba38ec1d7d4ad445d959cd98e302803a1ef7e4d60e170770401d81f4e44f5aaf9eed2593c2dce193dda2dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ebca91070aa3859b745c5c9ac123e56e

SHA1
7a0daa170a527ed40f235834972954dc5e80eb50

SHA256
8aa42b543609fe017aee26fc4a16a5b9c1045861f8002ae5da30796f5b8ee216

SHA512
d6625370ae1d568dfc455fac2aa5737e1855f6c62a3f8ba69b09d5be6cf6263780355804fa1ba4a60e0a9099f6a716aaa0732d0da048d4f6cf0e2d40a472c098

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c670f8bb397f3b9cd8387294f7a68a6f

SHA1
e8f4077b36e6df9b7a2b02d12c2adc7031bb768a

SHA256
fbb122502ca9f31739dc511b841afb7214c8851664532e69dc1455dd55b7967e

SHA512
ad988b482f426f4161609066ded9a2c26b01dbe1fe24368b2f75e807c98f8d7d2868d90b4d7108250f274f06659a0b341c13cd1755734a63c7d5007179f116fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b49b2e48dcea4ca0ba41cb1ba2aba293

SHA1
fa1f102e6f1b08651a46717c124ba51ac7017847

SHA256
a7848ad2654e2d1e92571feb17b28bb471d0fc4614c3647137389bbcf9a3bec0

SHA512
24e282258fffdaf6c752ccf036a376ccb26d08e376adc90f1e43f3f8a89446ea219b345990b6d009e228084ee2570f6dbc034e8cd871ea33f03707218ffb41d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
817d22f27fa49c5436c275fa302688f1

SHA1
79ba7fe127435275d53fa011e8fd5eaa02f8597e

SHA256
5d6df5fd02ac51c4858fe4623f2169062e3179d9e6a5c99d24f2f1a5c759be21

SHA512
83b8aca4a2fa93cca25e75758244bdc67735a725fbbf3ef9f6cb8cf92513c79e5c9d865f46fed78e067c7252a65fa6607e3be4b6200e793e73b8ba3bb14cbef2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8632ac2d1cead15b4b164685180a741f

SHA1
819d795ffe194586a460d3ecaf2f3c6e6272c865

SHA256
afbdf9c838de568bccf9277e98ef8efd266ffc95196ab576322e1b1d4a051d6d

SHA512
350d30b5a51ee933c94577970616483b9113fc4bd6f24ea949e924cadfd7906ae8de6808e034fbc645b7e8cf85e5260811e1e0dfd9966b14d25fcb58557b45aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
50abf37faa0136b1a66b5927785ea116

SHA1
9129d8febadc812766a7279111a05e3245776560

SHA256
67e3871d5ae54229bfa5bba5a9ae4c09c929d6c8fd68136fdc4fe92f8ac0f1de

SHA512
e6d8b2d2a604433ab52e2d080a805b099447e3ee4b39413984d531741f3c1fb0c29d40f611c373145a8b9983c122e835dafff6fb20601438dac48c51f6a9f7b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e2532995655f89d39384b1d7d3965769

SHA1
f243f82514e98aadfe99abb05906281ffb35109a

SHA256
8fe2fa1b4228a1e0060ab207e69c8d3867b4772bc6c3440a580ffc44efba5c96

SHA512
8107433599973b2adae107bec088c8ac0e799968a1045d66caf9bdaaebf7d0050bf04369489bb660f50fe65acddf4848ec316a971d38666ca7f2c9671cd1dbbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
df0e7aad081b10d099034a002af6128c

SHA1
10bd71c1f1a00adc793444eb746a1239f8fb7c16

SHA256
5a1fdd0becfebd7a4723b8026e85d57641cf07408befccdfa345629a71c2ab79

SHA512
ca603b43e2c1d078232a3edb5711430589d7c7a183bbadceed94f61f3e9d8b75a7c41303b137fd50fcd6b2bbc76ec08b71aede6b9094c0c1e7bd07b7bff50c73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b51f2f14cc36fccaafa90d9c29c34522

SHA1
63fe5387d9cfd7cc94784dec1d42496b4744e015

SHA256
28fa3e02570f244c28b0c1f7970f4952e4843c7b5ad23cb48a59de25756ca12e

SHA512
f2254a0a2c70f687ed60b27a02bd11720af9548d1700a6be59b47be17bcd901196ec9485d8ad2cdb70e91942a975b59ada69897da11764de915af911c610a42d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
acca75dfc387299002348d34174e7922

SHA1
9d00f01b4914eebd705b183f6b0c985c16c9bfe0

SHA256
797e6ae9e5607c40d844e51a288acdd123da367270305e556c011511358e2709

SHA512
6351faf707b3ac5e22b3c1ee249d150924d396d36e19c77c61a47481b2760f9203766a3f6aa17706321cc8a9013196ffbb71294696a49922d308f1e05c05e8f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
54732e1f347cfb8dfef7bc653654faee

SHA1
f0a7e1bbc5a615750a17055d49ce09d415709a39

SHA256
bf5c8fc4718eb5ee52c3a626684d40c70f70144fcba401abe6a3d8b401f0f8a5

SHA512
25d6e7fdfad0aeac44b638673d1989c6a7db871eeffcfcc298c8c15bcb4582cf4174c09d443dc1ac01f421e670f0d09a5d1ce972f937a91b4fcda52f02e7144e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
16a6e8402c2aea62183e2b0fd9b51e19

SHA1
fb25ca5a3c295cddaad6bc06ad651f1049fd5b1f

SHA256
cf5bdc8051eca8c1836e0a4c0cb62043ae1ed012116b9bd9149d90279ae51eeb

SHA512
83d6b12138be6d95717abf179d343e85f227d142d352c0ba8093485f29a6ec6c4f2a4771175219fc0ce39cd2822e672d52ac19ade35053c225a2a27c50014fc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8b18780f81e74b4916fc8d68fc516bcb

SHA1
ed165f359d3d6c8d26e5802d1a8e52431b9fdb8d

SHA256
f9f9fabb8c8b2f676ef5c5f522e0cdd539be4f46eae758b847bb0574898c8b09

SHA512
34ac6ad0b88b2a32379ea897c4bd529e16e8ab1c65eb406a7baebba67b607da6f9394698bd5d36f70467c4617bf97e0f0ff44b4fdae1cb97a3cf224beff22898

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9c7d9f088829a3923a5e56f86c28dadf

SHA1
1975c0f6857780c4b544b387e7eb6ed1d2f6ded6

SHA256
1636f39c1d0fd67feb0b3ac9d2f58d8160f8c1c40df38d37e636e6d17645651c

SHA512
270786b8c9443120e91a5301b7c290f9502269f18938804a9bd79139557c1f15d1f33ef5d22cf221da33cf835c178c7d1ac675e36055578b27148d598ea48153

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fa128012e1c6a1baefa07ca6848c967b

SHA1
88e5b9067743c4fd80638207bb7fba4758f7cb36

SHA256
bb417acb64c23c01784349b9abb985b535630897d1c4b545a5cbd00a0a5d4275

SHA512
41755accf787c774806ebccdcf17f02260b3f6f18bb0a0bdd6e4f449b81e4978705a3b500ce0d725d7218d20ab39196adab20728d944b29f8356311755ef6ee3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e11c743a73785aea28d60c853003aaf1

SHA1
1ff6615b8c1ed0d2025b3083b9c4f51a440ebde7

SHA256
c3801c3f720c6c90ec9ea8ab8312bd3b7964d50b1bb2fd810176ccbb47900aa7

SHA512
3bfdbe2c9f257ac881f09624dd3ae1a7b90b3c694afa582067d259e275ad3e28749897896cfab8f433e725d737c448634a46e0e46a397d8e4e4aa8fbe713af65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
dce00b91085ac867dbab97d5bd4a6f69

SHA1
1aa6f0d44d8d636ab4cb5b94f606aea9cd4442e1

SHA256
eb88b3a50de9a32cb061744588a3e2ade9c383be486ff6c80a3725ee29906d7e

SHA512
260201519d7261d0e198612d898ac9d99a9e9eb151732eb74539595e2994352c5a9150d87ac38c2008fc26019fdf4c4506dae2cf1840a5831ae3ec092733f851

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
368499f2a331a6b1c4a7ba35108e257a

SHA1
81cd7344798e7f4de608f1bf25a3b4bc3d8907a4

SHA256
c3677439297ca68a2c5348f00beb658de4ef1b467d2c8423c1e6e10ad0f2d02d

SHA512
f2510255dc4699860feeae033d0291b149c489c6e82ee1878e8e30c6a7830a00b106017899a706266b20e7aa68b2cdfab4d96d9bc803078483f3d9d873393c1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
76B

MD5
a7a2f6dbe4e14a9267f786d0d5e06097

SHA1
5513aebb0bda58551acacbfc338d903316851a7b

SHA256
dd9045ea2f3beaf0282320db70fdf395854071bf212ad747e8765837ec390cbc

SHA512
aa5d81e7ee3a646afec55aee5435dc84fe06d84d3e7e1c45c934f258292c0c4dc2f2853a13d2f2b37a98fe2f1dcc7639eacf51b09e7dcccb2e29c2cbd3ba1835

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe5ad4e5.TMP

Filesize
140B

MD5
a55408ce55255b301fe20c15dbe5c9e4

SHA1
76d54dd857bf5d75328d22586bb70439de5fcd1d

SHA256
14a6dc9d88a1e2d08452056b9ce4b9cc947ef60b987f38d413c6f33b57ed6562

SHA512
0c56ece7252ed87712e231d4c4534d4e3034d002693904a572ac6615a5e5d0b344aedea8866dc9055c807840187e3f596dc43217dd62bae16c9b7474979a17c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e99c4a54-9821-403b-b4ec-72d771458209.tmp

Filesize
10KB

MD5
136c7111309194cedf974bec60658a6c

SHA1
d950ac97ef8eded85ca39ad5b2d67141bcec44e0

SHA256
1e7f988c949f250cbdb305be39ed80ac942a368a0cf4f11abaf17fc1eb1dc453

SHA512
0f6213d17bed9ffaae88d44a367e4d10b488c25cec8a44e55ded2c0fecde87942531763ef9b4fd6fe54c72c7ae8b28736be8acec32958c550975939a9405d330

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
0325d414e76b47fbecdfb246c255679d

SHA1
5fda9f8f74066e2701d229b5e99356383cd789ef

SHA256
ea0dbb0afc34f81208c57aa2b7dd55f338712fe5e285499795c471188e64e5c5

SHA512
1c5d1183b9a2dfc3120b4ee0c0fe9f41023adde207b8d917ffb4047d293723471362d1828f140f82099e2befee93c0d07f9671cb19f3c305f92e7204eea4fa9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
508baa54e36c25ac9e06cb3c84e77858

SHA1
601e9e6f0d7f2cd30636538c76af2e284dd60b27

SHA256
b27ce2f411c75fa8f352e2c9e0afcc33430908b5e2e4e3794213c3b8118b6f5f

SHA512
189e9cb92f13c0729d38b0851d54df443b32ac23c183c78355aa0a24df7b76b16322fc54f66ea418975755d55693dfa4e707a4c83e85650c2ff329fbcfaa45ea

Download Submit
C:\Users\Admin\AppData\LocalvQleMhESST..exe

Filesize
17KB

MD5
141296b8484e510e357fc620613fd4ba

SHA1
ad5dcb55883e74b53da1c6d94ce18b1788ba67a6

SHA256
0a918070f9cf821847b17df6c9d8858e1dd2da30a7d7121e06efe27eff740ad4

SHA512
dde9ef0c074ea607c7acf6d248f4b6980cb9e057ade6885d2c5091ebc71f7842dc113f813a4d5d54a7a0d6acbb2437cbd9684d1472872313d2c62f8794e42b2e

Download Submit
C:\Users\Admin\Downloads\dwa.ico

Filesize
121KB

MD5
c0ef5f38087e06cea65ccea8f6ba8a97

SHA1
6b3f45118670d6f539935e26637f64f81eb9a644

SHA256
a18aaa809bbab25fad9d361676fa0c94643f48c5a45303bd3129d0ec199b8c58

SHA512
eeedbc77d022c0073fe9b7da398e0150f54cdf4758ac63faf3980a18c9569cc118494b172caf050041f6fba394dafa0efe423b5c11e9bd09bcfa42f85973bada

Download Submit
memory/648-18-0x0000013EB5360000-0x0000013EB5361000-memory.dmp

Filesize
4KB

Download
memory/648-11-0x0000013EB5360000-0x0000013EB5361000-memory.dmp

Filesize
4KB

Download
memory/648-21-0x0000013EB5360000-0x0000013EB5361000-memory.dmp

Filesize
4KB

Download
memory/648-20-0x0000013EB5360000-0x0000013EB5361000-memory.dmp

Filesize
4KB

Download
memory/648-9-0x0000013EB5360000-0x0000013EB5361000-memory.dmp

Filesize
4KB

Download
memory/648-10-0x0000013EB5360000-0x0000013EB5361000-memory.dmp

Filesize
4KB

Download
memory/648-16-0x0000013EB5360000-0x0000013EB5361000-memory.dmp

Filesize
4KB

Download
memory/648-19-0x0000013EB5360000-0x0000013EB5361000-memory.dmp

Filesize
4KB

Download
memory/648-15-0x0000013EB5360000-0x0000013EB5361000-memory.dmp

Filesize
4KB

Download
memory/648-17-0x0000013EB5360000-0x0000013EB5361000-memory.dmp

Filesize
4KB

Download
memory/764-5-0x0000000074812000-0x0000000074813000-memory.dmp

Filesize
4KB

Download
memory/764-2-0x0000000074810000-0x0000000074DC1000-memory.dmp

Filesize
5.7MB

Download
memory/764-6-0x0000000074810000-0x0000000074DC1000-memory.dmp

Filesize
5.7MB

Download
memory/764-3-0x0000000074810000-0x0000000074DC1000-memory.dmp

Filesize
5.7MB

Download
memory/764-7-0x0000000074810000-0x0000000074DC1000-memory.dmp

Filesize
5.7MB

Download
memory/764-4-0x0000000074810000-0x0000000074DC1000-memory.dmp

Filesize
5.7MB

Download
memory/764-8-0x0000000074810000-0x0000000074DC1000-memory.dmp

Filesize
5.7MB

Download
memory/764-0-0x0000000074812000-0x0000000074813000-memory.dmp

Filesize
4KB

Download
memory/764-1-0x0000000074810000-0x0000000074DC1000-memory.dmp

Filesize
5.7MB

Download
memory/4412-1056-0x0000021168AC0000-0x0000021168AC1000-memory.dmp

Filesize
4KB

Download
memory/4412-1057-0x0000021168AC0000-0x0000021168AC1000-memory.dmp

Filesize
4KB

Download
memory/4412-1065-0x0000021168AC0000-0x0000021168AC1000-memory.dmp

Filesize
4KB

Download
memory/4412-1064-0x0000021168AC0000-0x0000021168AC1000-memory.dmp

Filesize
4KB

Download
memory/4412-1063-0x0000021168AC0000-0x0000021168AC1000-memory.dmp

Filesize
4KB

Download
memory/4412-1062-0x0000021168AC0000-0x0000021168AC1000-memory.dmp

Filesize
4KB

Download
memory/4412-1061-0x0000021168AC0000-0x0000021168AC1000-memory.dmp

Filesize
4KB

Download
memory/4412-1060-0x0000021168AC0000-0x0000021168AC1000-memory.dmp

Filesize
4KB

Download
memory/4412-1058-0x0000021168AC0000-0x0000021168AC1000-memory.dmp

Filesize
4KB

Download
memory/6584-944-0x0000000000F40000-0x0000000000F4A000-memory.dmp

Filesize
40KB

Download