darkgate | 878dac750a0717184095b18885aab76da813c897482ea10154393988d122855b

Analysis

max time kernel
389s
max time network
391s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18-11-2024 03:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dr_drop_L_Cryp_Mem.exe
Size

6.7MB
MD5

d9ec1112453f05e7aedc4219abb7d032
SHA1

f5444e58f9c9d6381443c1157f9fe0c1bfb36cbe
SHA256

878dac750a0717184095b18885aab76da813c897482ea10154393988d122855b
SHA512

98921f0a2ca4fb381552c2ac25ca291219419875782464b5a93a8c943b484a11a0d6f5007460a5f0977e0449688c135e66e75baf970fda1b0d6dac0167a3e86d
SSDEEP

196608:OkJzG+AC+tJsqYcqE4kSyJAiz3wDRt1BHEg:ieRzRXdE

Score

10^/10

darkgate derry discovery execution persistence stealer

Malware Config

Extracted

Family

darkgate

Botnet

Derry

164.132.5.124

Attributes

anti_analysis
false
anti_debug
false
anti_vm
false
c2_port
1111
check_disk
false
check_ram
false
check_xeon
false
crypter_au3
false
crypter_dll
false
crypter_raw_stub
false
internal_mutex
wfQGmVbK
minimum_disk
100
minimum_ram
4096
ping_interval
6
rootkit
false
startup_persistence
true
username
Derry

Signatures

DarkGate
DarkGate is an infostealer written in C++.
stealer darkgate
Darkgate family
darkgate

Detect DarkGate stealer 7 IoCs

Processes:

resource	yara_rule
behavioral1/memory/3408-17-0x0000000006530000-0x0000000006885000-memory.dmp	family_darkgate_v6
behavioral1/memory/3408-26-0x0000000006530000-0x0000000006885000-memory.dmp	family_darkgate_v6
behavioral1/memory/3408-35-0x0000000006530000-0x0000000006885000-memory.dmp	family_darkgate_v6
behavioral1/memory/3408-33-0x0000000006530000-0x0000000006885000-memory.dmp	family_darkgate_v6
behavioral1/memory/3408-34-0x0000000006530000-0x0000000006885000-memory.dmp	family_darkgate_v6
behavioral1/memory/3408-32-0x0000000006530000-0x0000000006885000-memory.dmp	family_darkgate_v6
behavioral1/memory/3408-30-0x0000000006530000-0x0000000006885000-memory.dmp	family_darkgate_v6

Downloads MZ/PE file
Executes dropped EXE 2 IoCs

Processes:

Autoit3.exemyAutToExe.exe

pid process

3408 Autoit3.exe
5396 myAutToExe.exe

pid	process
3408	Autoit3.exe
5396	myAutToExe.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

Autoit3.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hbebgfd = "\"C:\\ProgramData\\febedfc\\Autoit3.exe\" C:\\ProgramData\\febedfc\\eefcbef.a3x"	Autoit3.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

117 raw.githubusercontent.com
118 raw.githubusercontent.com
Command and Scripting Interpreter: AutoIT 1 TTPs 1 IoCs
Using AutoIT for possible automate script.
execution

AutoHotKey & AutoIT
T1059.010

Processes:

Autoit3.exe

pid process

3408 Autoit3.exe
Suspicious use of SetThreadContext 1 IoCs

Processes:

Autoit3.exe

description pid process target process

PID 3408 set thread context of 696 3408 Autoit3.exe msbuild.exe

flow	ioc
117	raw.githubusercontent.com
118	raw.githubusercontent.com

pid	process
3408	Autoit3.exe

description	pid	process	target process
PID 3408 set thread context of 696	3408	Autoit3.exe	msbuild.exe

Drops file in Program Files directory 2 IoCs

Processes:

setup.exesetup.exe

description	ioc	process
File opened for modification	C:\Program Files\Crashpad\metadata	setup.exe
File opened for modification	C:\Program Files\Crashpad\settings.dat	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

dr_drop_L_Cryp_Mem.exeAutoit3.execmd.exeWMIC.exemsbuild.exemyAutToExe.exemyAutToExe.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dr_drop_L_Cryp_Mem.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Autoit3.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WMIC.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msbuild.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	myAutToExe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	myAutToExe.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Autoit3.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Autoit3.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Autoit3.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exechrome.exechrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 4 IoCs

Processes:

chrome.exechrome.exechrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133763759670072638"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

Processes:

chrome.exechrome.exechrome.exechrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\NodeSlot = "8"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Generic"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\1\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\1\0\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Generic"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 010000000000000002000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe1000000050ef5e839818db01159a17e09f18db011d8ac4d46e39db0114000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616193"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\1	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 000000000100000002000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe

Opens file in notepad (likely ransom note) 2 IoCs
ransomware

Processes:

NOTEPAD.EXENOTEPAD.EXE

pid process

5788 NOTEPAD.EXE
5752 NOTEPAD.EXE

pid	process
5788	NOTEPAD.EXE
5752	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

dr_drop_L_Cryp_Mem.exeAutoit3.exemsbuild.exe

pid	process
2888	dr_drop_L_Cryp_Mem.exe
2888	dr_drop_L_Cryp_Mem.exe
2888	dr_drop_L_Cryp_Mem.exe
2888	dr_drop_L_Cryp_Mem.exe
2888	dr_drop_L_Cryp_Mem.exe
2888	dr_drop_L_Cryp_Mem.exe
2888	dr_drop_L_Cryp_Mem.exe
2888	dr_drop_L_Cryp_Mem.exe
2888	dr_drop_L_Cryp_Mem.exe
2888	dr_drop_L_Cryp_Mem.exe
2888	dr_drop_L_Cryp_Mem.exe
2888	dr_drop_L_Cryp_Mem.exe
2888	dr_drop_L_Cryp_Mem.exe
2888	dr_drop_L_Cryp_Mem.exe
2888	dr_drop_L_Cryp_Mem.exe
2888	dr_drop_L_Cryp_Mem.exe
2888	dr_drop_L_Cryp_Mem.exe
2888	dr_drop_L_Cryp_Mem.exe
2888	dr_drop_L_Cryp_Mem.exe
2888	dr_drop_L_Cryp_Mem.exe
2888	dr_drop_L_Cryp_Mem.exe
2888	dr_drop_L_Cryp_Mem.exe
2888	dr_drop_L_Cryp_Mem.exe
2888	dr_drop_L_Cryp_Mem.exe
2888	dr_drop_L_Cryp_Mem.exe
2888	dr_drop_L_Cryp_Mem.exe
2888	dr_drop_L_Cryp_Mem.exe
2888	dr_drop_L_Cryp_Mem.exe
2888	dr_drop_L_Cryp_Mem.exe
2888	dr_drop_L_Cryp_Mem.exe
2888	dr_drop_L_Cryp_Mem.exe
2888	dr_drop_L_Cryp_Mem.exe
2888	dr_drop_L_Cryp_Mem.exe
2888	dr_drop_L_Cryp_Mem.exe
2888	dr_drop_L_Cryp_Mem.exe
2888	dr_drop_L_Cryp_Mem.exe
2888	dr_drop_L_Cryp_Mem.exe
2888	dr_drop_L_Cryp_Mem.exe
2888	dr_drop_L_Cryp_Mem.exe
2888	dr_drop_L_Cryp_Mem.exe
3408	Autoit3.exe
3408	Autoit3.exe
696	msbuild.exe
696	msbuild.exe
696	msbuild.exe
696	msbuild.exe
696	msbuild.exe
696	msbuild.exe
696	msbuild.exe
696	msbuild.exe
696	msbuild.exe
696	msbuild.exe
696	msbuild.exe
696	msbuild.exe
696	msbuild.exe
696	msbuild.exe
696	msbuild.exe
696	msbuild.exe
696	msbuild.exe
696	msbuild.exe
696	msbuild.exe
696	msbuild.exe
696	msbuild.exe
696	msbuild.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

Autoit3.exe

pid process

3408 Autoit3.exe

pid	process
3408	Autoit3.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 28 IoCs

Processes:

chrome.exechrome.exechrome.exe

pid	process
3428	chrome.exe
3428	chrome.exe
3428	chrome.exe
3428	chrome.exe
3428	chrome.exe
3428	chrome.exe
3428	chrome.exe
3428	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
1724	chrome.exe
1724	chrome.exe
1724	chrome.exe
1724	chrome.exe
1724	chrome.exe
1724	chrome.exe
1724	chrome.exe
1724	chrome.exe
1724	chrome.exe
1724	chrome.exe
1724	chrome.exe
1724	chrome.exe
1724	chrome.exe
1724	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

WMIC.exechrome.exe

description	pid	process
Token: SeIncreaseQuotaPrivilege	3308	WMIC.exe
Token: SeSecurityPrivilege	3308	WMIC.exe
Token: SeTakeOwnershipPrivilege	3308	WMIC.exe
Token: SeLoadDriverPrivilege	3308	WMIC.exe
Token: SeSystemProfilePrivilege	3308	WMIC.exe
Token: SeSystemtimePrivilege	3308	WMIC.exe
Token: SeProfSingleProcessPrivilege	3308	WMIC.exe
Token: SeIncBasePriorityPrivilege	3308	WMIC.exe
Token: SeCreatePagefilePrivilege	3308	WMIC.exe
Token: SeBackupPrivilege	3308	WMIC.exe
Token: SeRestorePrivilege	3308	WMIC.exe
Token: SeShutdownPrivilege	3308	WMIC.exe
Token: SeDebugPrivilege	3308	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3308	WMIC.exe
Token: SeRemoteShutdownPrivilege	3308	WMIC.exe
Token: SeUndockPrivilege	3308	WMIC.exe
Token: SeManageVolumePrivilege	3308	WMIC.exe
Token: 33	3308	WMIC.exe
Token: 34	3308	WMIC.exe
Token: 35	3308	WMIC.exe
Token: 36	3308	WMIC.exe
Token: SeIncreaseQuotaPrivilege	3308	WMIC.exe
Token: SeSecurityPrivilege	3308	WMIC.exe
Token: SeTakeOwnershipPrivilege	3308	WMIC.exe
Token: SeLoadDriverPrivilege	3308	WMIC.exe
Token: SeSystemProfilePrivilege	3308	WMIC.exe
Token: SeSystemtimePrivilege	3308	WMIC.exe
Token: SeProfSingleProcessPrivilege	3308	WMIC.exe
Token: SeIncBasePriorityPrivilege	3308	WMIC.exe
Token: SeCreatePagefilePrivilege	3308	WMIC.exe
Token: SeBackupPrivilege	3308	WMIC.exe
Token: SeRestorePrivilege	3308	WMIC.exe
Token: SeShutdownPrivilege	3308	WMIC.exe
Token: SeDebugPrivilege	3308	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3308	WMIC.exe
Token: SeRemoteShutdownPrivilege	3308	WMIC.exe
Token: SeUndockPrivilege	3308	WMIC.exe
Token: SeManageVolumePrivilege	3308	WMIC.exe
Token: 33	3308	WMIC.exe
Token: 34	3308	WMIC.exe
Token: 35	3308	WMIC.exe
Token: 36	3308	WMIC.exe
Token: SeShutdownPrivilege	3428	chrome.exe
Token: SeCreatePagefilePrivilege	3428	chrome.exe
Token: SeShutdownPrivilege	3428	chrome.exe
Token: SeCreatePagefilePrivilege	3428	chrome.exe
Token: SeShutdownPrivilege	3428	chrome.exe
Token: SeCreatePagefilePrivilege	3428	chrome.exe
Token: SeShutdownPrivilege	3428	chrome.exe
Token: SeCreatePagefilePrivilege	3428	chrome.exe
Token: SeShutdownPrivilege	3428	chrome.exe
Token: SeCreatePagefilePrivilege	3428	chrome.exe
Token: SeShutdownPrivilege	3428	chrome.exe
Token: SeCreatePagefilePrivilege	3428	chrome.exe
Token: SeShutdownPrivilege	3428	chrome.exe
Token: SeCreatePagefilePrivilege	3428	chrome.exe
Token: SeShutdownPrivilege	3428	chrome.exe
Token: SeCreatePagefilePrivilege	3428	chrome.exe
Token: SeShutdownPrivilege	3428	chrome.exe
Token: SeCreatePagefilePrivilege	3428	chrome.exe
Token: SeShutdownPrivilege	3428	chrome.exe
Token: SeCreatePagefilePrivilege	3428	chrome.exe
Token: SeShutdownPrivilege	3428	chrome.exe
Token: SeCreatePagefilePrivilege	3428	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exechrome.exe

pid	process
3428	chrome.exe
3428	chrome.exe
3428	chrome.exe
3428	chrome.exe
3428	chrome.exe
3428	chrome.exe
3428	chrome.exe
3428	chrome.exe
3428	chrome.exe
3428	chrome.exe
3428	chrome.exe
3428	chrome.exe
3428	chrome.exe
3428	chrome.exe
3428	chrome.exe
3428	chrome.exe
3428	chrome.exe
3428	chrome.exe
3428	chrome.exe
3428	chrome.exe
3428	chrome.exe
3428	chrome.exe
3428	chrome.exe
3428	chrome.exe
3428	chrome.exe
3428	chrome.exe
3428	chrome.exe
3428	chrome.exe
3428	chrome.exe
3428	chrome.exe
3428	chrome.exe
3428	chrome.exe
3428	chrome.exe
3428	chrome.exe
3428	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

chrome.exechrome.exechrome.exe

pid	process
3428	chrome.exe
3428	chrome.exe
3428	chrome.exe
3428	chrome.exe
3428	chrome.exe
3428	chrome.exe
3428	chrome.exe
3428	chrome.exe
3428	chrome.exe
3428	chrome.exe
3428	chrome.exe
3428	chrome.exe
3428	chrome.exe
3428	chrome.exe
3428	chrome.exe
3428	chrome.exe
3428	chrome.exe
3428	chrome.exe
3428	chrome.exe
3428	chrome.exe
3428	chrome.exe
3428	chrome.exe
3428	chrome.exe
3428	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
1724	chrome.exe
1724	chrome.exe
1724	chrome.exe
1724	chrome.exe
1724	chrome.exe
1724	chrome.exe
1724	chrome.exe
1724	chrome.exe
1724	chrome.exe
1724	chrome.exe
1724	chrome.exe
1724	chrome.exe
1724	chrome.exe
1724	chrome.exe
1724	chrome.exe
1724	chrome.exe

Suspicious use of SetWindowsHookEx 13 IoCs

Processes:

myAutToExe.exeOpenWith.exemyAutToExe.exechrome.exechrome.exe

pid	process
5396	myAutToExe.exe
5628	OpenWith.exe
5628	OpenWith.exe
5628	OpenWith.exe
5628	OpenWith.exe
5628	OpenWith.exe
5628	OpenWith.exe
5628	OpenWith.exe
5628	OpenWith.exe
5628	OpenWith.exe
1972	myAutToExe.exe
3200	chrome.exe
2236	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

dr_drop_L_Cryp_Mem.exeAutoit3.execmd.exechrome.exe

description	pid	process	target process
PID 2888 wrote to memory of 3408	2888	dr_drop_L_Cryp_Mem.exe	Autoit3.exe
PID 2888 wrote to memory of 3408	2888	dr_drop_L_Cryp_Mem.exe	Autoit3.exe
PID 2888 wrote to memory of 3408	2888	dr_drop_L_Cryp_Mem.exe	Autoit3.exe
PID 3408 wrote to memory of 2568	3408	Autoit3.exe	cmd.exe
PID 3408 wrote to memory of 2568	3408	Autoit3.exe	cmd.exe
PID 3408 wrote to memory of 2568	3408	Autoit3.exe	cmd.exe
PID 2568 wrote to memory of 3308	2568	cmd.exe	WMIC.exe
PID 2568 wrote to memory of 3308	2568	cmd.exe	WMIC.exe
PID 2568 wrote to memory of 3308	2568	cmd.exe	WMIC.exe
PID 3408 wrote to memory of 696	3408	Autoit3.exe	msbuild.exe
PID 3408 wrote to memory of 696	3408	Autoit3.exe	msbuild.exe
PID 3408 wrote to memory of 696	3408	Autoit3.exe	msbuild.exe
PID 3408 wrote to memory of 696	3408	Autoit3.exe	msbuild.exe
PID 3408 wrote to memory of 696	3408	Autoit3.exe	msbuild.exe
PID 3428 wrote to memory of 4412	3428	chrome.exe	chrome.exe
PID 3428 wrote to memory of 4412	3428	chrome.exe	chrome.exe
PID 3428 wrote to memory of 1044	3428	chrome.exe	chrome.exe
PID 3428 wrote to memory of 1044	3428	chrome.exe	chrome.exe
PID 3428 wrote to memory of 1044	3428	chrome.exe	chrome.exe
PID 3428 wrote to memory of 1044	3428	chrome.exe	chrome.exe
PID 3428 wrote to memory of 1044	3428	chrome.exe	chrome.exe
PID 3428 wrote to memory of 1044	3428	chrome.exe	chrome.exe
PID 3428 wrote to memory of 1044	3428	chrome.exe	chrome.exe
PID 3428 wrote to memory of 1044	3428	chrome.exe	chrome.exe
PID 3428 wrote to memory of 1044	3428	chrome.exe	chrome.exe
PID 3428 wrote to memory of 1044	3428	chrome.exe	chrome.exe
PID 3428 wrote to memory of 1044	3428	chrome.exe	chrome.exe
PID 3428 wrote to memory of 1044	3428	chrome.exe	chrome.exe
PID 3428 wrote to memory of 1044	3428	chrome.exe	chrome.exe
PID 3428 wrote to memory of 1044	3428	chrome.exe	chrome.exe
PID 3428 wrote to memory of 1044	3428	chrome.exe	chrome.exe
PID 3428 wrote to memory of 1044	3428	chrome.exe	chrome.exe
PID 3428 wrote to memory of 1044	3428	chrome.exe	chrome.exe
PID 3428 wrote to memory of 1044	3428	chrome.exe	chrome.exe
PID 3428 wrote to memory of 1044	3428	chrome.exe	chrome.exe
PID 3428 wrote to memory of 1044	3428	chrome.exe	chrome.exe
PID 3428 wrote to memory of 1044	3428	chrome.exe	chrome.exe
PID 3428 wrote to memory of 1044	3428	chrome.exe	chrome.exe
PID 3428 wrote to memory of 1044	3428	chrome.exe	chrome.exe
PID 3428 wrote to memory of 1044	3428	chrome.exe	chrome.exe
PID 3428 wrote to memory of 1044	3428	chrome.exe	chrome.exe
PID 3428 wrote to memory of 1044	3428	chrome.exe	chrome.exe
PID 3428 wrote to memory of 1044	3428	chrome.exe	chrome.exe
PID 3428 wrote to memory of 1044	3428	chrome.exe	chrome.exe
PID 3428 wrote to memory of 1044	3428	chrome.exe	chrome.exe
PID 3428 wrote to memory of 1044	3428	chrome.exe	chrome.exe
PID 3428 wrote to memory of 4336	3428	chrome.exe	chrome.exe
PID 3428 wrote to memory of 4336	3428	chrome.exe	chrome.exe
PID 3428 wrote to memory of 1764	3428	chrome.exe	chrome.exe
PID 3428 wrote to memory of 1764	3428	chrome.exe	chrome.exe
PID 3428 wrote to memory of 1764	3428	chrome.exe	chrome.exe
PID 3428 wrote to memory of 1764	3428	chrome.exe	chrome.exe
PID 3428 wrote to memory of 1764	3428	chrome.exe	chrome.exe
PID 3428 wrote to memory of 1764	3428	chrome.exe	chrome.exe
PID 3428 wrote to memory of 1764	3428	chrome.exe	chrome.exe
PID 3428 wrote to memory of 1764	3428	chrome.exe	chrome.exe
PID 3428 wrote to memory of 1764	3428	chrome.exe	chrome.exe
PID 3428 wrote to memory of 1764	3428	chrome.exe	chrome.exe
PID 3428 wrote to memory of 1764	3428	chrome.exe	chrome.exe
PID 3428 wrote to memory of 1764	3428	chrome.exe	chrome.exe
PID 3428 wrote to memory of 1764	3428	chrome.exe	chrome.exe
PID 3428 wrote to memory of 1764	3428	chrome.exe	chrome.exe
PID 3428 wrote to memory of 1764	3428	chrome.exe	chrome.exe
PID 3428 wrote to memory of 1764	3428	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\dr_drop_L_Cryp_Mem.exe
"C:\Users\Admin\AppData\Local\Temp\dr_drop_L_Cryp_Mem.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2888
- \??\c:\temp\test\Autoit3.exe
  "c:\temp\test\Autoit3.exe" c:\temp\test\script.a3x
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Command and Scripting Interpreter: AutoIT
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of WriteProcessMemory
  PID:3408
- - \??\c:\windows\SysWOW64\cmd.exe
    "c:\windows\system32\cmd.exe" /c wmic ComputerSystem get domain > C:\ProgramData\febedfc\ehebacd
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:2568
  - - C:\Windows\SysWOW64\Wbem\WMIC.exe
      wmic ComputerSystem get domain
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of AdjustPrivilegeToken
      PID:3308
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:696

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1520

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd0a6ccc40,0x7ffd0a6ccc4c,0x7ffd0a6ccc58
  2⤵
  PID:4412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1892,i,1908123608427939360,13344308713936027685,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1888 /prefetch:2
  2⤵
  PID:1044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2184,i,1908123608427939360,13344308713936027685,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2420 /prefetch:3
  2⤵
  PID:4336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2224,i,1908123608427939360,13344308713936027685,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2204 /prefetch:8
  2⤵
  PID:1764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3176,i,1908123608427939360,13344308713936027685,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3224,i,1908123608427939360,13344308713936027685,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:3800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4616,i,1908123608427939360,13344308713936027685,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4612 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4880,i,1908123608427939360,13344308713936027685,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4912 /prefetch:8
  2⤵
  PID:4308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4960,i,1908123608427939360,13344308713936027685,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4912 /prefetch:8
  2⤵
  PID:3136
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Program Files directory
  PID:3840
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x284,0x288,0x28c,0x244,0x290,0x7ff773c84698,0x7ff773c846a4,0x7ff773c846b0
    3⤵
    - Drops file in Program Files directory
    PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5096,i,1908123608427939360,13344308713936027685,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4788 /prefetch:8
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3760,i,1908123608427939360,13344308713936027685,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5092 /prefetch:8
  2⤵
  PID:4308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4572,i,1908123608427939360,13344308713936027685,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5176 /prefetch:8
  2⤵
  PID:4576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4908,i,1908123608427939360,13344308713936027685,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4956 /prefetch:8
  2⤵
  PID:4308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5380,i,1908123608427939360,13344308713936027685,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5564 /prefetch:2
  2⤵
  PID:5604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5304,i,1908123608427939360,13344308713936027685,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:6040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3220,i,1908123608427939360,13344308713936027685,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5360,i,1908123608427939360,13344308713936027685,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4664,i,1908123608427939360,13344308713936027685,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4604 /prefetch:8
  2⤵
  PID:3172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3396,i,1908123608427939360,13344308713936027685,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4568 /prefetch:1
  2⤵
  PID:1076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5276,i,1908123608427939360,13344308713936027685,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5292 /prefetch:8
  2⤵
  PID:5832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5200,i,1908123608427939360,13344308713936027685,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5228 /prefetch:8
  2⤵
  PID:5840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3252,i,1908123608427939360,13344308713936027685,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5884 /prefetch:8
  2⤵
  PID:5864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6024,i,1908123608427939360,13344308713936027685,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6028 /prefetch:8
  2⤵
  PID:5292

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3136

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2904

C:\Users\Admin\Downloads\myAutToExe.exe
"C:\Users\Admin\Downloads\myAutToExe.exe" C:\Users\Admin\Desktop\script.a3x
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5396

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:5628
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\script.a3x
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:5752

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\script_myExeToAut.log
1⤵
- Opens file in notepad (likely ransom note)
PID:5788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd0a6ccc40,0x7ffd0a6ccc4c,0x7ffd0a6ccc58
  2⤵
  PID:5956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1872,i,15604818525141553862,10643688410240765235,262144 --variations-seed-version=20241117-180246.704000 --mojo-platform-channel-handle=1868 /prefetch:2
  2⤵
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2160,i,15604818525141553862,10643688410240765235,262144 --variations-seed-version=20241117-180246.704000 --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  PID:1052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1740,i,15604818525141553862,10643688410240765235,262144 --variations-seed-version=20241117-180246.704000 --mojo-platform-channel-handle=2448 /prefetch:8
  2⤵
  PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3024,i,15604818525141553862,10643688410240765235,262144 --variations-seed-version=20241117-180246.704000 --mojo-platform-channel-handle=3112 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3048,i,15604818525141553862,10643688410240765235,262144 --variations-seed-version=20241117-180246.704000 --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4428,i,15604818525141553862,10643688410240765235,262144 --variations-seed-version=20241117-180246.704000 --mojo-platform-channel-handle=4544 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4804,i,15604818525141553862,10643688410240765235,262144 --variations-seed-version=20241117-180246.704000 --mojo-platform-channel-handle=4820 /prefetch:8
  2⤵
  PID:4280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4960,i,15604818525141553862,10643688410240765235,262144 --variations-seed-version=20241117-180246.704000 --mojo-platform-channel-handle=4980 /prefetch:8
  2⤵
  PID:400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=2224,i,15604818525141553862,10643688410240765235,262144 --variations-seed-version=20241117-180246.704000 --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:6008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5292,i,15604818525141553862,10643688410240765235,262144 --variations-seed-version=20241117-180246.704000 --mojo-platform-channel-handle=5052 /prefetch:1
  2⤵
  PID:3508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5240,i,15604818525141553862,10643688410240765235,262144 --variations-seed-version=20241117-180246.704000 --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:5728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5500,i,15604818525141553862,10643688410240765235,262144 --variations-seed-version=20241117-180246.704000 --mojo-platform-channel-handle=4996 /prefetch:8
  2⤵
  PID:2648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5212,i,15604818525141553862,10643688410240765235,262144 --variations-seed-version=20241117-180246.704000 --mojo-platform-channel-handle=5296 /prefetch:8
  2⤵
  PID:4436

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2864

C:\Users\Admin\Downloads\myAut2Exe-2.12-SRC-main\myAut2Exe-2.12-SRC-main\myAutToExe.exe
"C:\Users\Admin\Downloads\myAut2Exe-2.12-SRC-main\myAut2Exe-2.12-SRC-main\myAutToExe.exe" C:\Users\Admin\Desktop\script.a3x
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:1724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd0a6ccc40,0x7ffd0a6ccc4c,0x7ffd0a6ccc58
  2⤵
  PID:3944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2380,i,3685110824444029400,729925524740281861,262144 --variations-seed-version=20241117-180246.704000 --mojo-platform-channel-handle=2376 /prefetch:2
  2⤵
  PID:5936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1876,i,3685110824444029400,729925524740281861,262144 --variations-seed-version=20241117-180246.704000 --mojo-platform-channel-handle=2580 /prefetch:3
  2⤵
  PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1964,i,3685110824444029400,729925524740281861,262144 --variations-seed-version=20241117-180246.704000 --mojo-platform-channel-handle=2596 /prefetch:8
  2⤵
  PID:1304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3144,i,3685110824444029400,729925524740281861,262144 --variations-seed-version=20241117-180246.704000 --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:6120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3188,i,3685110824444029400,729925524740281861,262144 --variations-seed-version=20241117-180246.704000 --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:5708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3884,i,3685110824444029400,729925524740281861,262144 --variations-seed-version=20241117-180246.704000 --mojo-platform-channel-handle=4520 /prefetch:1
  2⤵
  PID:3880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4556,i,3685110824444029400,729925524740281861,262144 --variations-seed-version=20241117-180246.704000 --mojo-platform-channel-handle=4412 /prefetch:1
  2⤵
  PID:1044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4828,i,3685110824444029400,729925524740281861,262144 --variations-seed-version=20241117-180246.704000 --mojo-platform-channel-handle=4836 /prefetch:1
  2⤵
  PID:1984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4964,i,3685110824444029400,729925524740281861,262144 --variations-seed-version=20241117-180246.704000 --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:5712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5228,i,3685110824444029400,729925524740281861,262144 --variations-seed-version=20241117-180246.704000 --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:3816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5548,i,3685110824444029400,729925524740281861,262144 --variations-seed-version=20241117-180246.704000 --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:3380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5200,i,3685110824444029400,729925524740281861,262144 --variations-seed-version=20241117-180246.704000 --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:5160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5280,i,3685110824444029400,729925524740281861,262144 --variations-seed-version=20241117-180246.704000 --mojo-platform-channel-handle=4820 /prefetch:8
  2⤵
  PID:6088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6028,i,3685110824444029400,729925524740281861,262144 --variations-seed-version=20241117-180246.704000 --mojo-platform-channel-handle=6060 /prefetch:8
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=6472,i,3685110824444029400,729925524740281861,262144 --variations-seed-version=20241117-180246.704000 --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:5576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5876,i,3685110824444029400,729925524740281861,262144 --variations-seed-version=20241117-180246.704000 --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5344,i,3685110824444029400,729925524740281861,262144 --variations-seed-version=20241117-180246.704000 --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5348,i,3685110824444029400,729925524740281861,262144 --variations-seed-version=20241117-180246.704000 --mojo-platform-channel-handle=5268 /prefetch:8
  2⤵
  PID:4140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5420,i,3685110824444029400,729925524740281861,262144 --variations-seed-version=20241117-180246.704000 --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:5944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5368,i,3685110824444029400,729925524740281861,262144 --variations-seed-version=20241117-180246.704000 --mojo-platform-channel-handle=5284 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:3200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5220,i,3685110824444029400,729925524740281861,262144 --variations-seed-version=20241117-180246.704000 --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=6392,i,3685110824444029400,729925524740281861,262144 --variations-seed-version=20241117-180246.704000 --mojo-platform-channel-handle=4816 /prefetch:8
  2⤵
  PID:3192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4168,i,3685110824444029400,729925524740281861,262144 --variations-seed-version=20241117-180246.704000 --mojo-platform-channel-handle=6528 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:2236

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5348

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

AutoHotKey & AutoIT

T1059.010

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\febedfc\ehebacd

Filesize
54B

MD5
c8bbad190eaaa9755c8dfb1573984d81

SHA1
17ad91294403223fde66f687450545a2bad72af5

SHA256
7f136265128b7175fb67024a6ddd7524586b025725a878c07d76a9d8ad3dc2ac

SHA512
05f02cf90969b7b9a2de39eecdf810a1835325e7c83ffe81388c9866c6f79be6cdc8617f606a8fedc6affe6127bede4b143106a90289bbb9bf61d94c648059df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
800547b40b40a6d57a70b74809b450fa

SHA1
310a064c7ba82120f80af50892dcbe61b53f9d70

SHA256
a562ff4b14badc73b0804883bf4ccfd9972e485123de5e5949981794f66ed936

SHA512
39630e3b5069d0c66ea44069358cf01f180bf25103968f77d483a27deb7e91e796a1718ce9af2f438bebe8207537e735cd402d649e2adfa2ca7748faae2db949

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
0160d09c80129b654dd0fc9750f8f7f5

SHA1
ab64e81b82b07d3def65b01a5a57f7a08495147c

SHA256
19817962ba83d30d6f370a582cb264bbb39e25e43e07dec8b012008bfbfef7b5

SHA512
42b9b00dfe13919bd63c7d8e3df02e37681590a6d7b413aa4be5ff5ea7328060c4d04d08a8db04a5bfb660839dacbbac9dbf3db0105d49b84b188def32549380

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
8fecab6780a0e0c5d63f50dc166b2369

SHA1
d5aafd1d48cf53dbea27de1b8fc2fa305486a91e

SHA256
41ff4a5a68bdf4d780679dc16d42b807bcd08c63d6792b7603a006a0d4e68470

SHA512
13394dcea3b5feb578f0f472fbe97795f12834df68afb3034b61ef083679fbe1fba08355ef314d2caaaaecac34429b6081c6958b116f501f4c6b1573e5ff982b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
2c0a9b5ea66ab6811f274315fe0658b3

SHA1
fbc8216bafe07aefdba4802da481c0c35a3d0460

SHA256
09fffa075a670f915ea8293b234b0e72f41635397ebb853679a6d25a1cf4fe8d

SHA512
da33aa5195899d1618f74cc88de590a3f6d5cb243bb46d0a2a9f96c52b3aebb2ced9f37493392af2e0b3b396072e0a9c8aa08d7c31713a8e4c62f9ab783d5f95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
c72653d769001dd9b0c993a630e091f5

SHA1
61c686805a18b52adda105d594ffe3a3734cac65

SHA256
689d66e08ee66edd5ef81402835b84512ab413d0870c02d4b9538d71967c56de

SHA512
2bcd58d31d608adb997d9231690ef2123e2a7be37626811c528df44b183970504f4d965a6fe551371a92cdb4e3ac95267f76c2e517aeb688dc3ed3bb180e6d33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
17628c1d9902280350ba189e82696478

SHA1
a1cda591dacb51b875b1f84514da5ce9b32a381d

SHA256
d2f26657e96555cf19bdca94f60e6c92f1ec07ee45b6ae53dcb3aea5790e8ac3

SHA512
4818421aafaf5de3cfdd83997fbc4df6c241c213f9f3dba020e2be275d7d9a4eca983af345c18fc73f6f03981317ed88cc56d9fe05fdb8d81a5fe65675e84c09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
e579aca9a74ae76669750d8879e16bf3

SHA1
0b8f462b46ec2b2dbaa728bea79d611411bae752

SHA256
6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf

SHA512
df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
41KB

MD5
503766d5e5838b4fcadf8c3f72e43605

SHA1
6c8b2fa17150d77929b7dc183d8363f12ff81f59

SHA256
c53b8a39416067f4d70c21be02ca9c84724b1c525d34e7910482b64d8e301cf9

SHA512
5ead599ae1410a5c0e09ee73d0fdf8e8a75864ab6ce12f0777b2938fd54df62993767249f5121af97aa629d8f7c5eae182214b6f67117476e1e2b9a72f34e0b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
41KB

MD5
5036e1122480abc5d5731c96722f3527

SHA1
7e69d26d8b43933d8d3291909f5a78a080299161

SHA256
13f7c3561ece8f14eb346dc691183be5a77fb26f85b863c114e6d112d732d2ca

SHA512
9db09b4a71cda4c8aca2d8ac0637607f0cf02d4520c0ec3c701beca15caeaa9d3e702eab6af57d1430ae9329b58f167e51f5e317838555a43343dfdf7e5e0196

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
41KB

MD5
bea2f2c57fd0938f810a390881b94483

SHA1
868a05b04cd4d4d40ae9a40b04161fb666a72000

SHA256
fd731c27d80914e34ce001f8152f27179dcd2ece1296d0a0eb03648168a8616a

SHA512
4a26d98d634ca2606af36f9836ff2376f8ca810ee622112f3d70cc7af853cc99feffe7d63b09d5875f8f1abd7bda97bdd197bb63c682a890e3c218b4e3e56df2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
16KB

MD5
187105e7600b4ad779a07c21899929cc

SHA1
01df51002675785053d26c66c261b269beed7a46

SHA256
a3d254b58022cc26ae7cde5acb67ca1f8df6960496d2ce564e9624431fb48c1b

SHA512
3dd7992425f689a51f7f78b4082cde07f74d1b0a3b9557e947cd45cff5940722f54764777a6c5eb09c9ee78cc236a35b6ac8074a31bc06431188d19cb4bae90d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
40KB

MD5
3ad8223a25e7f6bd337ce40cb84ef456

SHA1
5c94f4e230f5cc72ae812f203398713d57933a06

SHA256
b8f5f6a0e5942c6b1e44048983e89912730266ef3d5d38029baa9d24f2c6b9b8

SHA512
6f39d6965258ee64891d3257c3478dca4002a3dca2c04f3e63949b00089c17bed708a6eedabd50f35017c80eca43d0c04da568b0578fc97dfe62e73439bac899

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
30KB

MD5
fa95bdcafdc252a2852efc9e1bcbb585

SHA1
2871edbed977a692d1a665ffbb3afe19bfeb7dea

SHA256
c5752b16524ed8ebcab517d7ad313a21190a513a7be78f4ece57882d7c92f852

SHA512
d07afca7b938eec055e3a3d73d277549b68641fa23a274dae024a5fe9b25b45b1eb84c58e878c3f45dd52249f990f29e74027c58fac4bfbf4c815fcc3c32bbfc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
40KB

MD5
bbc2e9192365d85203febcd55a0fc816

SHA1
83b86cab8ef91c20f85e3f1f6980137cdc1c3276

SHA256
2b33438a79c55524d842f52a1c46ce816a425791db0c08e2ce71b8eb0cecdbef

SHA512
0157075e562bfbe6bc972e1a324e654be12d3271b971bb22d123d55f1929b1e154ccaaf53e902cba791371025178120aabc05359a0a24b665c9a46e091da49a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
41KB

MD5
a291f402b80dd9e2d2e06d146052d99f

SHA1
63ed155630b0ddd26985cdb3b46168666b43c07e

SHA256
66b1870dbb7e5a0e20bc25b422c93257e9360e6bf11ad9d8eff4a1821a819db9

SHA512
aa5327d86e241c3d58e60fed83a47202f27e11f3304cd57fb6ddf73718326c53543ca654174c76fb9f172e2fb75e58ae11d7e048f9c04ae3c151a7c54c8faaa0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
36KB

MD5
8b6fbf947e4b71f3c29f41b340da1d32

SHA1
8ad9c4f9efc86cb6348fa4cfc940f3d4a4f3a9c8

SHA256
ac5833953739d83f0b6706fd51facb34dde9d9e1c26455cec54f4969a7608125

SHA512
6ceb0c1117883fcddc2a2c36d7ba4c1e99654b805972554a8f3fef7190be0ae85500011cc87d08ebee9b968e6507263875ca3df8a75a018d19afeafefc557c8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
43KB

MD5
08090d9590cbdeb395e15432d4284690

SHA1
8b37ab4c19bb9d88a8f6b513f0c0d60711eb6092

SHA256
cff002861a9584b7ff0fb2d57f103ea0b86a40a1811ee87ab70ea19c2b072119

SHA512
df82f99d83cd5d96170a9edcf54f7e0b7ce59cf21ff2f02e60a1998762fbd4c9c2020f2e82d7a073415c55b17c4390779943032efd31e0b9622175506b001093

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
93KB

MD5
ae97b702d775b539c7af905be6572f8c

SHA1
46c58eb59df1dea93d54cd242648586e16a78e2f

SHA256
22000301bf11c5c4ea273c5ce1f58a51b837da4aa1f5b72a2c281cb8f8b03cb5

SHA512
2f28b4974d7d31ced68aec006f18e725443977f6c8b3f5c4ed0c694786d0282953dd4909d2a905b0898e75b41fee0a571672d916169de2f4ebfb72d890120b8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
21KB

MD5
c6bc32746ba9e031f39b8c8598f1890b

SHA1
f55a2ab73190518e2df6ad79f42084e0e6ccd51a

SHA256
5b5139a617cd13c05b8a5c32644a426723bf031912c89a97ed52886a24586cf3

SHA512
9285d8f0e3980dcc377fa0c8c5cf9bc00f4178370e5d9dde83bcfad0adbe0557bc9179478052a955b9d41723362a6bfe0e9c2d4c582ec4fc0b557ce6f79e8a31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
91KB

MD5
5f797c26c651766c2ce8584358a4590d

SHA1
1e6b27559a667427e43aeeb8a5b38882145c0ab6

SHA256
764b14b9fc37874acb4d90ec10b4ac1fc0f0c3c6a7ec1e4fc86938339c983243

SHA512
09ac068bf9c4974a3caebbf18820c291e9f6a7e3d4e66786c79cdc38927bf7a31639e6672e2c4d630fd298ae8ed2dbf4dd968edd9705949d22d6100625aa8aff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
31KB

MD5
92d529fe42d633e0a1654c08db20c9b0

SHA1
f2b4b0e85e440d824225559355b4e161582ccc29

SHA256
cb136283a8d26bcde58ba01da139cd2569602406ba9e2f9f86f546579a3ef9a1

SHA512
ba7d4ad319346d0116d57cf34e5a55f1979bb8e71ea87f00a306dc675cc22856d1bf945d8f1b781a7ed730a50576b51d663f5caa531c02e5ea0743b070e8f6d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
51KB

MD5
75a437f9cc7cfd4b4a69ac7c6340e3de

SHA1
2ecee0f8ec05da4c1d08245f7c0561c7f19cd0df

SHA256
6651c8c6f5f290fd53dab8067e30ac1e6fb1de8420a5f4252b02039882b18c97

SHA512
c0f8d45806540e522f409ca94c71a038aeee7123e19777fa7d57d78f4e3ee9b042078bfd89a133767784f0552b7575c78efd6569472a8590b4eff58602fd9e7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
56KB

MD5
4346f676f136d972242ca2b333ed1b0a

SHA1
5a00c689c8c22ae981069d995555e77cf50902b7

SHA256
9d3331fbb63996e5ea3011c9cfa2fb4fd266e58f03c97bd16463186238b27d72

SHA512
73ad9e2a74de551342f3e8230d90fe085fff35dacb7de0080f9059c6c5f8cdb6ce0eed961ceacbfc5567dc8c16bab498d563308407c9d23cecd205678501e249

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
16KB

MD5
c03246acb6a2736f4404fadd86bd7100

SHA1
e9005aefef550076c87d1930feabd346df00f874

SHA256
af859db11244c077f3c07ea7e7f779c2f5f2e0676c56603434fe6a61aa751d59

SHA512
217d578da0c949a0a1773328c86d6babeaf5a0730d4762b8dcd1d162b01cda14ce261a1e33187d9bba0aff678e0795fd04206bb26d5102ae520002fee31e76e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
124KB

MD5
693fd6cf691840728e9b69e2484719e4

SHA1
f5d72efe1690bfd403d69fe8b0fbf2d5ae7ededc

SHA256
7379bf8b463f46ab8d925e78a0f08ce806caf487fa468f687dda1d2a071d65ed

SHA512
166e407a965c7856703c4fec2459d77079357daeb20a021b6c61938f246a6f8c0db5e55543566e53a90d112f7c0ba79e0b2f8ff315323d15202290a274d8df2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
3d3c3511615dd1407e618bc94045de12

SHA1
c854e25e6ee71ec8f0e90b3a2cf3f891dbd8a102

SHA256
6df248a3a6df9abc4808df06341674421f5608fde8095a3863c207ef073ce765

SHA512
70ccaf7371517a2c152ddb7671f8e315825dd8320b52d97aa27af8fe11ab8a56ffebd2bfe5c196db2e8cbbff7e6e55fba2d66191e61353bf3cd5fd2e514d7bf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
7401e2bfee6b638bed33c6c9905a7d4a

SHA1
3b91b331bd5216ca2ad33035601732f5a738f0de

SHA256
a794cc9e09650f4224b2b317b48917f014e8e57831b59a53b5fccd0ed504f590

SHA512
49dbf664c689968a10ccc9fed8c72762ea51b05b3b796bc95cd71d152d774459a0a360c64befd96a8bc2493e5804e540ae29352fcb51a52d05d44c12ed252d36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
d5ed48d6ce288f96a8543810813928bc

SHA1
164590bfc3ba3faa2c51cee69f4d6e68ac2f938b

SHA256
0809016e2af5c71b16889bfc1b4e9bd05890b37069563310f6af66f9b87a0b96

SHA512
cc0bb9e22ef5769e339232096edae02adba3dd7a5fe7dea6eab7c0ebf14f64d06e51ee93e49c324924813eaf96d32edfc74f7ef7fb3ee666819520a3998e54b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
28d30772ff35081cf2806a43ca3905f7

SHA1
f70604530933567060c4a5b72daeff5120f52359

SHA256
0e3e7c7ec1d418e2ad411c44d15de60d301c1da477389df14cf68446027069fd

SHA512
f72b7b249a3cec3018672990b68d179ecea1d18d8bd78201e3e98c5ef88695385a71eaf610e502f332ebded1fd3a65e5193b8c82ebeb998acec67870fc7b62c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

Filesize
28KB

MD5
c25ddcafb44a6e865607594b3a786712

SHA1
0e0d7359aa0f03b95c0556edf8601e17da06d3fb

SHA256
8749551bac10e0860bc78f453ad4280851aa981ad5388f4f590c27306c1a15eb

SHA512
0c60f09077bdf9f6331ec930bf58672ee6eeddf895f12c6a6e3b4392d52a6de4372311f67bb8085d49aea4dd0a5058fd4f6593a72734f0af7ccab5b75cfe0e7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
160KB

MD5
13f8b7b061c817f3d5035fa03ef65377

SHA1
6a619672a8f355216b793cbe18a23e42a9918da2

SHA256
9a311c19e1e2cfb8d5c137a205886f90f736ae9358b4143c29e7522083c99bbd

SHA512
3db590f076ab81826140b3347cd33de01234112cf2e88bc20f777634bc5a7448fab9ff3475f6e93c99a0d1b1b211262df4d31b6e1adc78709ff0adff06f53aa4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
0690da39dc50d26116aa8eb19c22114a

SHA1
1dbd6cb8e9d8440010a992aabd9809423a3f5834

SHA256
128523d49b6d64c7af40370884f40d91fcd816a62ec87d2db34cd6542dbec35d

SHA512
6e8af73ee501ee718411666b1e633b4ebc909b0217fa620bdefbdbfb19482323507113e4afd82c92c343c9e3ac648f399ae28c02e1899f62082c2fddcdd1dd79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
7b796517bab43432980a0653705741b2

SHA1
b53b900c52b8dd1b805797e9650d9924e4b22e4f

SHA256
3ded96d596c3dc13e5d7bb0ea33fec4944f10b285308f715002df0826c4ba2f4

SHA512
4f20ffff686db6a693848b9efe54bc444fac2e429e1338e9291528ce8d098d7e01c1e950da7eb3b27f1a45a4fc83aae82adc0fec2002b96346217ef8b6e913b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
4cc77a5f6eee0a2d3268faf24a4511ff

SHA1
10ae7e2e0aa7bd16b10b1c93c65b0f2abc874b40

SHA256
67adb913591507c4d546db6ba6d0ef3100c69ef785d94d525f00793991afa956

SHA512
07f9d54ecee5f802fa26708634b94f70fdadf7c59b71f26eb18eaf07790a2ebfc97cf8e4ff455e63b674bf8851bdde8e28628a7d5dfb9e18c1e3fae720cc0c4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
52d27df8a0d2cb43d992a7f7895a55f9

SHA1
d7048f0bf73e5b2bf8c1d30ab0c33421146bc879

SHA256
0fde9c602c08897f3a7d63cb67ac5c1db2aeb17eda4a2ace3c7870c5d3cefe16

SHA512
53f2f9f5f47bf1d044851c37f6f728e2824c29228bc3b91989a60f2bf550d98523b8fadbb36d564c585d834fe0bbcbaa0d8f538d0087068ef51116532c32ae68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
ddb37f041c8c397732f24e87a04fae13

SHA1
d77d42f4773d39801fccfd64ab66bde13010c5e6

SHA256
a6279bee672e01f802c76e2522b76f754db49085ddbd57dc38b0b47e5f376401

SHA512
f1ded2ea7447f99a8bf2b8a6266c901adbec2d83ddb758b6b6faca7e1a5144dac70c4cfc89632fb1b766730baafccb221a140ed861bb57a61d305d1b43eaddef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
86bff17612c494203c78c7b9f5542f44

SHA1
5c040c12884f21d0e5b65edc4e93feaa91fb3d70

SHA256
2b4adb1b25a216d40ab93fc20ba419ca3783bddb3fffc7fb12d76787f927ccab

SHA512
a2566244fc762ab5dc59646d851657a59a7714a03affa7a48dc30df6ebb8d9d59147971f4064cd9603eda01cfbe1fe78321906c861c61890d04a964cac9f7c93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
8950e776f39d1b08341264610723dae2

SHA1
fa9b8e7a4ec88e890019eaf42012ae3cedb616a9

SHA256
9a5a0c74a0b7679242b7e7d6b77b62b9cbc1c84e5cf030d4d65cfcd51c31ed03

SHA512
08aee39a59cd28b67c2e8c669372e823ab1cade86451e1de3087ec10a18e0e4e67f8fb191a16024bd48914bcd91e58ebc2420dc6d5d833a7af8ee4407e99d96a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
60df0c094e8b9f2736ad56203c05842c

SHA1
69037a81c4747223eb2ccd3ce8c2311d37644cb1

SHA256
b83b692e30dac810a288b8fdc9cedba9a4b9d8438a22063ab70f7de725754af3

SHA512
59770194f6d20a6c4655708b36211ef44eeed0e96e8c98bd9b2ea0768b00991074358d5746efc9fe56df34483fea909eb692cac7c75fbb49da882b9339eceddb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
c49b9b9aa5fe4014f09693447f3ea1da

SHA1
cc3419e6248513f5b80d269a089a508e551b1e59

SHA256
db7cf32c5f64a38b331996ec09e1dce71a98217ca730a3a86be3f98dd8f7b1d4

SHA512
93408d584723d5986eb055836e0034c610baee33c3b4f302acb498352c569fa199f34656295f05c7dcdbeb70bf9e2902707e25b9595cb67cfdfc66aa4989d609

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
7121d7b465b6414fa280b6b60ee77bbd

SHA1
be9dddd0f7a4e27ac0e5564cbb12d5b6a71b405d

SHA256
d2eb047bb235f10021fdaf8194c246356e26f7c5bfd3aa91a02b27e24dc364c2

SHA512
b3d63d14914b9fe847ed2ad99e10e28aa604857ced9e7d0a03b6c214e10308b408f4a076f1cf9e3789494756370bd49f13e6cb6cf0d11fc458ff86803f380a23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
860B

MD5
ee7407bb913116fdcea5db79823902f4

SHA1
d80b8a9d8e1084e3ba76f6f99e2b24830e5fb0f7

SHA256
7c813e4c3b4ca9a5da5c148f46fcfcb35f9b8e2c7e9e1506b0dae07e2392bcd3

SHA512
707f1de1ac5d292b26a649e5d72106ef1aa543fc81ed764f78e3f8aaf0672c26a9d1e0b985eee0b5bcc76d0b1195da829f2cec7119426c78ef844984d075f496

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
cf17500a4d90d09f605efb87f445ce70

SHA1
b1eb76f46596c3af508e64a08701c895f9c26a89

SHA256
84253028e442846a6477a47b02220c41b8b99f63c4d5023168318106fad826bc

SHA512
d2e609411dab89249de5441463c09bfbccd1c4ab73826da017f1db5c92461fd2fdf9f5b55362be625834fc06fcc29869e3ab8ef30280098ad84c7dfe28d0e7af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
6cf93eadedacdb60fa7f67fdbb3cbfec

SHA1
93b2434bd6500364c33c9dbee0e3ad89023a1200

SHA256
c7e1eadf47942839dab9cf549590407d6bb274321694a3af72c6d6eaafed9c13

SHA512
687e8f04f65b08da911d53e9f9d0c5abbba7e5405ff10d24320fa84a893548917667fa7ca24a6568c4aa6fac7a38acc2166341944427f83fea7e396b103a84aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
bde71996121849c21a2dfd18af2fe97e

SHA1
f0ccfe50b0738ca8a862a6370d89e667b21c0fbd

SHA256
b8147c979d3c3e3a0a25f6d6a7a24edaadcc506a89b1f311a5c03c831cb98fa5

SHA512
50b875f4e93e59b0e2a754ad1a8cf1d3c7d1a0d50d49d13b7af35999a4d8ae2c5854b7e0672d7cee7c33e7c139ac03203352be6eb64c8d394dfb2453096121b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
25f8df9eb63b91f62a32e3885279cfdc

SHA1
71268ca919a9dc3ccba91114171d29d1b0300461

SHA256
688ef83803e19183d47790dd60702c131439168e04b96f548e349a41ed5b8832

SHA512
c798ab6add9cc5a20a5de0d13c6b386a600008f69adb0eafef2dafda8de436afab153739fe80c7f286bbff94f713b13f60621687bebc975093bb5d8e0b690069

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7851712a5c4f9b4d9e147bd2e7321561

SHA1
860d85313071b10800242757a5cc7211aee1dd7b

SHA256
a5d598c5dc1c3783bfda28282a7335fb1741a57da22fc8f98f53bf30277f8981

SHA512
e0214c272ebca2ffc11667cfd431130c4cfae679288d5505be2dfbadf9ac93f2df64fe7f105dd70281d5f66eacd20fa8091e29a19ec8472674dab2a7c09ef826

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
7fe49fe073729ac3d618a6b13b1398d1

SHA1
3e20d2636247c9092f5f76f1a82b001203091e5f

SHA256
6958185dba6b10d1179a55c5261e4f4e86da3d87311a48c45d56ace438c166f6

SHA512
7827b7f0101f45579aff84e1cd741c85ca5b0981010ab2ea42545547faccd76cb4608f35a5fd1110822483ac7a2179acf897957a14a5cde00ea2383019d35ad3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
91a1e1351782d676b0378642f42ebe35

SHA1
ab71e37399f19233accb02f1ee06c611e0d91b8b

SHA256
87fb415f0d4185c314a832ebb2cd65af2089e911242fcd1b60aee9d0b4a20aa7

SHA512
bb57d34f394ebc7307c1ddcc50cb5b1e94745a4671936e6b8eca49fc014b9a477f676241d3772dce608240a2ab591d42af46b90e463035a9e232db3e85aee626

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
2c2e35c3cf46faaf86b99554527b45f8

SHA1
3c679a2145a7fd5e44fdb042e666559063cb0dcc

SHA256
22eec3aceb03e0aa9e7e5eae1f6ff180136dddd887d5ffe2300366dcdf3cf738

SHA512
0be59c918d4040046d55596e585e3ec91110382bdb9323e619efce5c5f24850fda4dde6a99c000ca27765af84a46ed858b0dc5d9debd5e2129de7bc1102ddc4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
922af85bff6f3e61d68d27f23c2fefb9

SHA1
e9de75d26040ccaaaf1b18f57f3e1ba4ae7ae42d

SHA256
43b2b7e523e81060e2f8e99a7419d7e436acf54d2933b09c55bf4c7a2e779458

SHA512
e2399f65926acbc612600ea65cddf8bd7af85e368c9a189fa4eb626579851dee27f128b86965dfbe4a42df5a980193728b02c6eb3e2c045f7734797f5e5ba31a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e4add11a343546ae820db4e2368021ab

SHA1
488594be0122d59ce971ac6e45509c5cd5dd0f1d

SHA256
3120888029e0400d5b9f00db0de5cc0b36238b6a70b9355fdd2439cbc8d0005f

SHA512
6b37170fbf57f7932bf2e785338112a936d78a2d3fc97da10f074576311aca64c377332d334db3737d1d88722567b15d41dc65e53f0f2c06c20aa83f0b62b849

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
5f91676468d07946c5dcb1f3d2edecd3

SHA1
8b15b6673b98be5ac2466449876f1f7b236f704b

SHA256
0825a69215d2a8cde14802058b9636136832e0c9ef5b566b001167597f334b24

SHA512
16ed6db518cca798e2b8347b45a322a634b8fa906e661bf5c6238ac20aa80eb1307912d7e118584b3e18945fd6c16861483520b7ab36f5f61db536a3fed97bf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
9577b1994b0a05d0e4054f75986110b0

SHA1
b924d64a5cb6170a9669c016a9a0ac84c4d3ec0b

SHA256
1b5b28508e2cf5156198305dcc1b5941da59bba2d75967b5ddd9cd3c9be5da1d

SHA512
0171691e161d17591eaaa24b7983ff37d21daf431819ad4b53caf436d1627fc345935da1f5233a84556b394e1863be6843b8a38d5efc3370b8c46a24c1859a1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
282443063575bf9165af6b86f828ed26

SHA1
5b950d6fbfc903ad563ef92f87203a3d234eec7b

SHA256
208f278b093d8de2310601d798b996e770b233c1d0e591261b4aa77c19969a15

SHA512
f98d68d8c5906b9af4b969a5b92b5f683f9d94999115443ae2c3b3e4ad3f2a473faaea55a88689597f606327ed9b8d59b71c09f9bcf6205876b57d2224004dd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
86716e162e39bd2f4777ff773bc0fed3

SHA1
de7fe6a6d1b796f7de208b854c48d2c990f6dedf

SHA256
6749a767dcbdf4d5739d58930e08bfbe3bd0b1df53d9e61adeffeaa823343b91

SHA512
5e6c421425227a23936c538fe060c7b344172e30bf175e0004d64da5d70616fe94f910655cbd96955662a30c64d2bda8fda3d55ee7ffc4d0d1df841834d2ff06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
858fbbee6646e0c88598fc625a36ee97

SHA1
b4cb78905521d6b050b4e1abb9625bf813f5cc4f

SHA256
ecac38100cb74a7989432d09e8ef8fd8ab7e8af6988b05626314a9efd8abbbfb

SHA512
13193af39c91184f91beced22feb28595190595c2426c23981d4039061245d010ecc2db3294b0231c9ae87356e3acaba34bce7b35f503305882ffd942610ad1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
48c6dc5fef4ae77458eacab755824ac5

SHA1
a99d5f275a6f48c35556166cc331bed99ceb06d4

SHA256
9a6f6d6acc4a1f64d727f900f59d977fa20fbd031664889f5ddfd3378dcb0670

SHA512
171e07e781fd9022693af4ecc1daeb4dae6819af66085ff2258edfb98f58df446ea57737eae2838b2da0ea503e4e7907deed69978156737980a3e8ba90af0073

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
32c20cb14248ed6bbcfa8ba1ef18af9e

SHA1
d468c298070c4bb7bffe576190d7d068a50f54fd

SHA256
dbe601905d2ec2541da923a6caf58ae119f0c013202e5d77ecbed104e75f31ba

SHA512
66d351e194829ae1492ff81f5e56e57b413f336709ed5beec160d6bfaca70538280f30ef919f4dd90e01b4d4ce4dfd11a0a3066b230e3f6ed044cf9613335c5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
69a9483f76265f404f28629bed569539

SHA1
94bb11babae77c90c366a2cb1695c6f1f705b058

SHA256
a409d400ca731c3829e38051c5c4162a0f0abb8b5870f64b55f0eb3d4fd3b7a7

SHA512
9f2006cf6588da6cb38330457a497d1b4d8e7489f6515a38b772a04ae63aa3c793bc6f64b11717e70030ca718b54ccd9d414bae4863bb9c0e7a6f5593c8a0718

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
17b7b8a7279c3a3f75abc27150d86e73

SHA1
1566441c3b85d834dd1a472ac9c2215c78a19afe

SHA256
cb801990e9df66439df44c78b463314b21153fe7d5e7a5b5ca69081550db1540

SHA512
846991bb1ca0c0b7c7beefa39157afb69c30d34ca07238d51c1dabb332ca7c3a2b32e3e2cfaba4811862dc8ac2cea9f21670f9369f43c68347e0bd5e482f842e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
c8558bf7dac8a1f86329bab575fb23d2

SHA1
6b39bfab4a0b82f86e6b052ddcc11f1d4dd412a1

SHA256
22cced8b35a844e0754355a182de606e002ee984a5ae67be035ac5e71e5898cf

SHA512
f6c9020d7338fbb9ad7b68e6191959945c91292667139461131d9630f3bbdd07ffde3dfc25439acf5db64b963a834afba5e27a6e6def7da6a408d41ecf34e518

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b9641fd9-8e02-46e9-969b-d923f017e741.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
ef48733031b712ca7027624fff3ab208

SHA1
da4f3812e6afc4b90d2185f4709dfbb6b47714fa

SHA256
c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

SHA512
ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
120KB

MD5
57ff9fa97713cbd8b79fa58dcf24b692

SHA1
e7c3663fd16be54c248465d1459dbf4e07b48e9e

SHA256
462a3ca57eb2fb7cca798fe37475b75b8768be51af7dcb5e91d5f45c403db763

SHA512
72b8eb545f5695068c4bdc6c6b61736df1a80fcb1b07ea28486fcc1b19589d3dbb81e6fe8a830563c9940fc7aec48bcb6669fc54ff6104766a2b0f31450c72c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
120KB

MD5
474b9789c0c7811d5ab9ec1c84b7a88b

SHA1
9e1387f1840969693c24267ead0dc53a51c17d04

SHA256
01357b5c0c8d502692d6499ead5a72e1ebb800bffb358214af4bcc3d449d5246

SHA512
c1d1d73d3da4076805196dc8cbfff6fabb7e8a037a838168bc17b3530225a9cebb17ed81b6274d2a64b3ab90018b95945daa7b65a60095cbbad568e837fc9d84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
120KB

MD5
e7f67637bfdc2671c6aabefee852e0be

SHA1
ab4ac79221daf4cf71db8bf5fd6bde74ef1ca3e1

SHA256
3d5d78bd99c6421e30879d3996112aeb7bfb571d5169ea2bc29b4583bf99c36b

SHA512
079c04956e118192443d0f34073050eea964042feb9cfa678e61d39605d471701089bb0af0c64607982dd5dc342f72380d06a4ae753b8eadd53478c22d3e7f82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
52274adf57b825dbd9f4bcffc8b42359

SHA1
783147b6479b3c6ea0b52ba00cffe8ac94c85daa

SHA256
fee5bb7f65481f38610cfa80799d64e29f370e57d8c49d0435c1f911e88c0bbf

SHA512
e5c4b2a723823e348ce8a11633deaea8852784eba26c7fda8d4741c0fd13224ca37238a338c75f25bcded93f70fb8f1ad2cb5499750ec912fb387aa35a6a194e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
120KB

MD5
af49e1dfcf73eda58aef1ddbf64db32f

SHA1
0919c5cd65aabebe9a6e65e04d3643bb036cc8e3

SHA256
49ec062dcc51aaf076fb483628356f4be5a849f4a3a0b28a4067b502a8df05e6

SHA512
e5cbd41c53912053ba92e2a5d54b43f7d1afefa0054d115ed58748e8be73e5a2b4a9c8b4bc7b742d1f8e2892074d6ade5a1e6693856f2b0f3a7227b2859d715b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
120KB

MD5
986923ce301b93590ee91f138ed5b464

SHA1
21446f70c6c0aa1c7e054edbc90a075c5aa6aa39

SHA256
5ce450ada22b8a7c4c30aa369a3113bf5986cf03ad00f6eaa4b3e0e9c8869295

SHA512
bfedd7646520e05e3cdf431fb928532472eee2018fb7d54a4cc308686120c9da0c0c482bfcd9c64e93c024aaf55efc671ab6195c07da471ae5f3c81d2515de6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
728bb0f10af3314afe2e1c9dc26848e3

SHA1
96c516aa838d2e9e4ffbfd07672ce3b60f5fa47e

SHA256
9ef7f856e294608f720157cd97b16fdad753ccb2eaf6fa36b9ebed78657f7edd

SHA512
20b92257bcd67d3d18e9754aaf2fcd8840561a5786bca0943176f95752d029106e44ee8ab6a5c03d2a5267c9dd80cd2e8250c6e5bbe7cf6c2974f84d166c7c01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
120KB

MD5
c4389042ed541c74498f7239c5140471

SHA1
60a0a770176483fdf1455e069d5c8e1eb0819345

SHA256
d53bbce86fc2c6f9a7e94617b5e7eb56dcb14b2ccce62c9098cced6dd982914e

SHA512
48396d879c131d76c4059406da419095b1ab0f04002c1cc8726f43858d602a955d0f874dd89a55e61e168e040e52d79137e7302022ccd4658ca4ac6abd4daaa0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
f185db7a849a956345e7a495c1e4175b

SHA1
dde225539cf0bc2fa8dde85530467761a3487688

SHA256
962af1ac4da5907114222d7d48bafb0ce8512f006f50d2f0b17961c4bd42623f

SHA512
d4a14760f82f2ba6c24c6b42ca063a22f433cd284375a64d3a79a36292b527dfe17162409befa86d043a2226afc5cfb364a3c54d2b76f072e161c7dad1cced21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
120KB

MD5
01002658b5ab7149824083819b8abac7

SHA1
d83cd9b9226dc917393ddadfb2f7268aa130cbb4

SHA256
35851988340a84ca78ad9984949b228b8919e02f9af01244e8bced994f84d4a3

SHA512
2e238f39e5b9e0ec336157d1ef611e2129d3dff661363363c12c304318f65042df414883f588b8a7e0d16c67692531dbdf5d537e1e633564cdef4419c14e8563

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
29a42fefa9432915518033cb80ea0ef4

SHA1
2174e1a93708ff3989931966d73b0602da034c12

SHA256
8a138c127eedbf7e8c8c93fe797c60eaf9834541b9bdab8a90c07ad251fb4069

SHA512
90ab98b44820408e4f0f7aff88c7dc69b3c553bbde36d1fa1ce5beec329fd33ba1afd122cb23dabde6381f49d69adc4adbd73eab406e26542b5348e45ae6b4b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform\ukm_db

Filesize
28KB

MD5
7e47762071cc098ab0eb9f55cd5b85c2

SHA1
fd4a49e6529f8ad938cbbb80c8fc84a3784ace26

SHA256
3c098d8c72270957eb0d447c9f962b2e9f1f60306c6e97b4ee814f0f83549f30

SHA512
274d28b88f91728d458ae6ec25c3dfc42b67393c8caaec41e7b8643a7b11709e143773541b8cafa6faa7977ad956f1aef9291d6c17192a0fdc8a7b135a29ff01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform\ukm_db-journal

Filesize
24KB

MD5
2fd8ea71d3f37758d39e515fc1f6097d

SHA1
6efbc69e078ce8a49791ca4b3005a929405c0ff0

SHA256
3c895bef5af46ce61bd2a73a234151fe2789b05005631a23a9bfaeadfb6c3bde

SHA512
984036b7e1b728c5f219bcd7cf91982deb6374bdbe8d3b38922ffb96819c3940d701cb18072b740e9b4af7a20e1e45c9ac01af74c17c4b0c4b5663b8d081b182

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db

Filesize
28KB

MD5
c54d1dea9e6ad2e8b94d1c3f5e95cbe5

SHA1
9f4d08058a5e111d6e94b75e1e502480d304efeb

SHA256
76674449a9f768914775f57a06239130b14aa853ec3a2a0348734193be2fecb0

SHA512
929289011efeb90ed77539cac4dbb24baff0135f9a965a10fd15889172ca359095dd870eb25037441fbc550d18d5ec9ba2e3c3551ba520ae3a91c9e00e8fabb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3428_1927960985\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3428_1927960985\d3048177-af26-4e8e-bc6e-b95f0d30656c.tmp

Filesize
132KB

MD5
da75bb05d10acc967eecaac040d3d733

SHA1
95c08e067df713af8992db113f7e9aec84f17181

SHA256
33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2

SHA512
56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef

Download Submit
C:\Users\Admin\Desktop\script.a3x.stub

Filesize
5.8MB

MD5
178fc329a86451b3b803d82a5f65e8a5

SHA1
015b2651215c9859ed088c9d42e6b6880eccb68b

SHA256
f31c6d39eb18c7e9bbce707db33db536015514a2ad4765e5e9ae6eb5967a6f88

SHA512
b1bd1e921cd89ee17f52f894fe345d593a9bbb9a08dc10e3fc7d3840a001c7fd477e41d57358e3e048be0db58cbfb509e64ab4b6fa3c4d488ab355f3a4844de4

Download Submit
C:\Users\Admin\Desktop\script_myExeToAut.log

Filesize
1KB

MD5
a265d7d93ce4a9991275a11c39814d22

SHA1
7e504ac411aa5fc644ec02b02f3afe6ce41a0619

SHA256
834f5117fea0da53cbc00ff24fbd04ac22b7c8df2757171ca8a3c86b2aa47adf

SHA512
0004bee2a68500b2f6c54837d57bfd7e92b7c5c98d8204661c5ac8fee1d5999a45bdd6e79a3da78971deae3e0619e70911d95d89a516a38fa43abea900051f7f

Download Submit
C:\Users\Admin\Downloads\myAut2Exe-2.12-SRC-main.zip.crdownload

Filesize
3.6MB

MD5
df7fdb0f033e562dc258fda37943e1ba

SHA1
49f59e3a545271e3a80715c9a28fb0fd262321bd

SHA256
f6df066393b39f83a207b72a7d065a6c11b741c5d4194d3e9dae9718f90df432

SHA512
b45b910b1b7717befbabcb53d9d88741176588c54513f9101a0e2de6fc1a848ba93e6f71fc8c2ed9b2ab083b783619013274a0ec6e08858f6f83b75b3662a9b5

Download Submit
C:\Users\Admin\Downloads\myAutToExe.exe

Filesize
380KB

MD5
a23a49ff6df52c13c354c8416417f10f

SHA1
ee66535c2349e900c20b42f7264c8ee43ceae7cd

SHA256
f7ccacdfd2b746355bd8354c68d6c0d8ff5ea6a00341bab82185ebe7828ffaa1

SHA512
dc298fa127afbef71b499d4636bdd5165c9c47788696045fab63f474d1a1f794ef1fffe55b6f9d01abd317f3a82fa1654b6860ee057b38a622630ecb456025d5

Download Submit
C:\temp\test\Autoit3.exe

Filesize
872KB

MD5
c56b5f0201a3b3de53e561fe76912bfd

SHA1
2a4062e10a5de813f5688221dbeb3f3ff33eb417

SHA256
237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d

SHA512
195b98245bb820085ae9203cdb6d470b749d1f228908093e8606453b027b7d7681ccd7952e30c2f5dd40f8f0b999ccfc60ebb03419b574c08de6816e75710d2c

Download Submit
\??\c:\temp\test\script.a3x

Filesize
5.8MB

MD5
6a109641ace163763d80047b77d8e924

SHA1
2c39edc5c956ba9b18af44f3a31cfe449146dcf3

SHA256
6896abef18f939fe1c02fca1163a0e8700ded30ed262a987cb05f98de7667dce

SHA512
88c2b9a40965ffd32820e342d1aa7f0b0d12bae52815c6cb3b4fd0af83aafd3321fa6d299a13722e1614743c0c27f76b667319a80afb15b47203957a43cbd53f

Download Submit
\??\pipe\crashpad_3428_NWRMEJHUMYLLLFLX

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/696-29-0x0000000000400000-0x0000000000982000-memory.dmp

Filesize
5.5MB

Download
memory/696-31-0x0000000000400000-0x0000000000982000-memory.dmp

Filesize
5.5MB

Download
memory/2888-5-0x0000000000400000-0x0000000000C4E000-memory.dmp

Filesize
8.3MB

Download
memory/2888-10-0x0000000002900000-0x0000000002980000-memory.dmp

Filesize
512KB

Download
memory/2888-0-0x0000000002900000-0x0000000002980000-memory.dmp

Filesize
512KB

Download
memory/2888-1-0x0000000077312000-0x0000000077313000-memory.dmp

Filesize
4KB

Download
memory/2888-2-0x0000000000DE0000-0x0000000000E30000-memory.dmp

Filesize
320KB

Download
memory/2888-12-0x0000000000400000-0x0000000000C4E000-memory.dmp

Filesize
8.3MB

Download
memory/2888-11-0x0000000000400000-0x0000000000C4E000-memory.dmp

Filesize
8.3MB

Download
memory/3408-30-0x0000000006530000-0x0000000006885000-memory.dmp

Filesize
3.3MB

Download
memory/3408-34-0x0000000006530000-0x0000000006885000-memory.dmp

Filesize
3.3MB

Download
memory/3408-32-0x0000000006530000-0x0000000006885000-memory.dmp

Filesize
3.3MB

Download
memory/3408-15-0x0000000000D80000-0x0000000001180000-memory.dmp

Filesize
4.0MB

Download
memory/3408-17-0x0000000006530000-0x0000000006885000-memory.dmp

Filesize
3.3MB

Download
memory/3408-20-0x0000000000D80000-0x0000000001180000-memory.dmp

Filesize
4.0MB

Download
memory/3408-26-0x0000000006530000-0x0000000006885000-memory.dmp

Filesize
3.3MB

Download
memory/3408-35-0x0000000006530000-0x0000000006885000-memory.dmp

Filesize
3.3MB

Download
memory/3408-33-0x0000000006530000-0x0000000006885000-memory.dmp

Filesize
3.3MB

Download