Analysis

  • max time kernel
    116s
  • max time network
    118s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    22-12-2024 23:08

General

  • Target

    https://file.io/7sb770HRo5ny

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTMyMDA3NTM1OTgxOTE0MTEzMA.G9HLZM.Q5pIP18MzilR1nnP2uhmbUoib9pNZjgft8bgbE

  • server_id

    1320076844514410496

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

  • Discordrat family
  • A potential corporate email address has been identified in the URL: =@L
  • Executes dropped EXE 7 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 16 IoCs
  • Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

    When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 5 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 44 IoCs
  • Suspicious use of SendNotifyMessage 20 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://file.io/7sb770HRo5ny
    1⤵
    • Drops file in Windows directory
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1412
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff89561cc40,0x7ff89561cc4c,0x7ff89561cc58
      2⤵
        PID:3408
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1812,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1808 /prefetch:2
        2⤵
          PID:1492
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2060,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2092 /prefetch:3
          2⤵
            PID:4180
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2172,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2152 /prefetch:8
            2⤵
              PID:1644
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3048,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3132 /prefetch:1
              2⤵
                PID:4604
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3056,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3156 /prefetch:1
                2⤵
                  PID:3412
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4472,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4488 /prefetch:8
                  2⤵
                    PID:1996
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4812,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4816 /prefetch:1
                    2⤵
                      PID:1812
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4680,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4760 /prefetch:1
                      2⤵
                        PID:1516
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5016,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5000 /prefetch:1
                        2⤵
                          PID:2820
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5024,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5152 /prefetch:1
                          2⤵
                            PID:1252
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5312,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5344 /prefetch:1
                            2⤵
                              PID:4768
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5172,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5460 /prefetch:1
                              2⤵
                                PID:1580
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4980,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5616 /prefetch:1
                                2⤵
                                  PID:4964
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5668,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5752 /prefetch:1
                                  2⤵
                                    PID:3328
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5624,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5920 /prefetch:1
                                    2⤵
                                      PID:1996
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5892,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5876 /prefetch:1
                                      2⤵
                                        PID:760
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=6172,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6268 /prefetch:1
                                        2⤵
                                          PID:4156
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=6192,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6184 /prefetch:1
                                          2⤵
                                            PID:3732
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6200,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6512 /prefetch:1
                                            2⤵
                                              PID:4452
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6208,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6640 /prefetch:1
                                              2⤵
                                                PID:1160
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6216,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6768 /prefetch:1
                                                2⤵
                                                  PID:4248
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6168,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6632 /prefetch:1
                                                  2⤵
                                                    PID:2864
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=7008,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7092 /prefetch:1
                                                    2⤵
                                                      PID:2212
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6668,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7236 /prefetch:1
                                                      2⤵
                                                        PID:3592
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=7384,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7376 /prefetch:1
                                                        2⤵
                                                          PID:3584
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=7256,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7512 /prefetch:1
                                                          2⤵
                                                            PID:1692
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=7520,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7656 /prefetch:1
                                                            2⤵
                                                              PID:1236
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=7676,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7796 /prefetch:1
                                                              2⤵
                                                                PID:1596
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=7820,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7832 /prefetch:1
                                                                2⤵
                                                                  PID:3032
                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=8084,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8092 /prefetch:1
                                                                  2⤵
                                                                    PID:4952
                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=8228,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8252 /prefetch:1
                                                                    2⤵
                                                                      PID:3660
                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=8376,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8412 /prefetch:1
                                                                      2⤵
                                                                        PID:2760
                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=8548,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8560 /prefetch:1
                                                                        2⤵
                                                                          PID:1460
                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=6888,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8760 /prefetch:1
                                                                          2⤵
                                                                            PID:3688
                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=8696,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9136 /prefetch:8
                                                                            2⤵
                                                                              PID:4884
                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=7688,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9284 /prefetch:8
                                                                              2⤵
                                                                                PID:1396
                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=9108,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9436 /prefetch:8
                                                                                2⤵
                                                                                  PID:5128
                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=9112,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9576 /prefetch:8
                                                                                  2⤵
                                                                                    PID:5136
                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=9096,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9600 /prefetch:8
                                                                                    2⤵
                                                                                      PID:5144
                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=9936,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9916 /prefetch:1
                                                                                      2⤵
                                                                                        PID:5244
                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=9944,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10068 /prefetch:1
                                                                                        2⤵
                                                                                          PID:5252
                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=10212,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10204 /prefetch:1
                                                                                          2⤵
                                                                                            PID:5260
                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=10232,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10352 /prefetch:1
                                                                                            2⤵
                                                                                              PID:5268
                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=10360,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10492 /prefetch:1
                                                                                              2⤵
                                                                                                PID:5276
                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=10616,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10640 /prefetch:1
                                                                                                2⤵
                                                                                                  PID:5284
                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=10648,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10780 /prefetch:1
                                                                                                  2⤵
                                                                                                    PID:5292
                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=10908,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10932 /prefetch:1
                                                                                                    2⤵
                                                                                                      PID:5300
                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=6948,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8392 /prefetch:1
                                                                                                      2⤵
                                                                                                        PID:5352
                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=9876,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11224 /prefetch:1
                                                                                                        2⤵
                                                                                                          PID:6048
                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=10672,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11316 /prefetch:1
                                                                                                          2⤵
                                                                                                            PID:6068
                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --field-trial-handle=11340,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11460 /prefetch:1
                                                                                                            2⤵
                                                                                                              PID:5736
                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --field-trial-handle=5316,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11744 /prefetch:1
                                                                                                              2⤵
                                                                                                                PID:5432
                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --field-trial-handle=11644,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11868 /prefetch:1
                                                                                                                2⤵
                                                                                                                  PID:6040
                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=11632,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11660 /prefetch:8
                                                                                                                  2⤵
                                                                                                                  • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                                                                                  • NTFS ADS
                                                                                                                  PID:6172
                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --field-trial-handle=8944,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=12000 /prefetch:1
                                                                                                                  2⤵
                                                                                                                    PID:6428
                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --field-trial-handle=12208,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=12200 /prefetch:1
                                                                                                                    2⤵
                                                                                                                      PID:6512
                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --field-trial-handle=12348,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=12396 /prefetch:1
                                                                                                                      2⤵
                                                                                                                        PID:6592
                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --field-trial-handle=12376,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=12388 /prefetch:1
                                                                                                                        2⤵
                                                                                                                          PID:6600
                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --field-trial-handle=12660,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=12668 /prefetch:1
                                                                                                                          2⤵
                                                                                                                            PID:6668
                                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --field-trial-handle=12788,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=12800 /prefetch:1
                                                                                                                            2⤵
                                                                                                                              PID:6676
                                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --field-trial-handle=12924,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=12956 /prefetch:1
                                                                                                                              2⤵
                                                                                                                                PID:6684
                                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --field-trial-handle=12944,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=12820 /prefetch:1
                                                                                                                                2⤵
                                                                                                                                  PID:6692
                                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --field-trial-handle=13112,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=13208 /prefetch:1
                                                                                                                                  2⤵
                                                                                                                                    PID:6700
                                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --field-trial-handle=13272,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=13380 /prefetch:1
                                                                                                                                    2⤵
                                                                                                                                      PID:7088
                                                                                                                                    • C:\Users\Admin\Downloads\gabrai_fav_pictures.exe
                                                                                                                                      "C:\Users\Admin\Downloads\gabrai_fav_pictures.exe"
                                                                                                                                      2⤵
                                                                                                                                      • Executes dropped EXE
                                                                                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                                                                                      PID:7008
                                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --field-trial-handle=11904,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=13372 /prefetch:1
                                                                                                                                      2⤵
                                                                                                                                        PID:3012
                                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --field-trial-handle=13164,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=12516 /prefetch:1
                                                                                                                                        2⤵
                                                                                                                                          PID:1836
                                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --field-trial-handle=13188,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=13152 /prefetch:1
                                                                                                                                          2⤵
                                                                                                                                            PID:2840
                                                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --field-trial-handle=9284,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9860 /prefetch:1
                                                                                                                                            2⤵
                                                                                                                                              PID:1708
                                                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --field-trial-handle=13156,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9260 /prefetch:1
                                                                                                                                              2⤵
                                                                                                                                                PID:2820
                                                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --field-trial-handle=12804,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9208 /prefetch:1
                                                                                                                                                2⤵
                                                                                                                                                  PID:1160
                                                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --field-trial-handle=13184,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6636 /prefetch:1
                                                                                                                                                  2⤵
                                                                                                                                                    PID:6244
                                                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --field-trial-handle=13340,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4960 /prefetch:1
                                                                                                                                                    2⤵
                                                                                                                                                      PID:3056
                                                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --field-trial-handle=4840,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=13684 /prefetch:1
                                                                                                                                                      2⤵
                                                                                                                                                        PID:5712
                                                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --field-trial-handle=13572,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=13140 /prefetch:1
                                                                                                                                                        2⤵
                                                                                                                                                          PID:5128
                                                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --field-trial-handle=13580,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=12612 /prefetch:1
                                                                                                                                                          2⤵
                                                                                                                                                            PID:5144
                                                                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --field-trial-handle=9176,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=13592 /prefetch:1
                                                                                                                                                            2⤵
                                                                                                                                                              PID:6172
                                                                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --field-trial-handle=4940,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=12116 /prefetch:1
                                                                                                                                                              2⤵
                                                                                                                                                                PID:3128
                                                                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --field-trial-handle=6704,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9104 /prefetch:1
                                                                                                                                                                2⤵
                                                                                                                                                                  PID:3920
                                                                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --field-trial-handle=10736,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11364 /prefetch:1
                                                                                                                                                                  2⤵
                                                                                                                                                                    PID:5740
                                                                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --field-trial-handle=12008,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=12064 /prefetch:1
                                                                                                                                                                    2⤵
                                                                                                                                                                      PID:6744
                                                                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --field-trial-handle=4788,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4508 /prefetch:1
                                                                                                                                                                      2⤵
                                                                                                                                                                        PID:7032
                                                                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --field-trial-handle=13264,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5884 /prefetch:1
                                                                                                                                                                        2⤵
                                                                                                                                                                          PID:6432
                                                                                                                                                                        • C:\Users\Admin\Downloads\gabrai_fav_pictures.exe
                                                                                                                                                                          "C:\Users\Admin\Downloads\gabrai_fav_pictures.exe"
                                                                                                                                                                          2⤵
                                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                                          PID:5716
                                                                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --field-trial-handle=8728,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5872 /prefetch:1
                                                                                                                                                                          2⤵
                                                                                                                                                                            PID:6124
                                                                                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --field-trial-handle=12688,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4508 /prefetch:1
                                                                                                                                                                            2⤵
                                                                                                                                                                              PID:4916
                                                                                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --field-trial-handle=13256,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9636 /prefetch:1
                                                                                                                                                                              2⤵
                                                                                                                                                                                PID:7620
                                                                                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --field-trial-handle=13348,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=13076 /prefetch:1
                                                                                                                                                                                2⤵
                                                                                                                                                                                  PID:7676
                                                                                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --field-trial-handle=740,i,8167730665667746951,17333781966878898282,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9320 /prefetch:1
                                                                                                                                                                                  2⤵
                                                                                                                                                                                    PID:7532
                                                                                                                                                                                • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                                                                                                                                                                  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                                                                                                                                                                  1⤵
                                                                                                                                                                                    PID:4716
                                                                                                                                                                                  • C:\Windows\system32\svchost.exe
                                                                                                                                                                                    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                                                                                                                                                                    1⤵
                                                                                                                                                                                      PID:3444
                                                                                                                                                                                    • C:\Windows\system32\AUDIODG.EXE
                                                                                                                                                                                      C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004D0
                                                                                                                                                                                      1⤵
                                                                                                                                                                                        PID:424
                                                                                                                                                                                      • C:\Windows\system32\BackgroundTransferHost.exe
                                                                                                                                                                                        "BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
                                                                                                                                                                                        1⤵
                                                                                                                                                                                        • Modifies registry class
                                                                                                                                                                                        PID:7372
                                                                                                                                                                                      • C:\Windows\System32\rundll32.exe
                                                                                                                                                                                        C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                                                                                                                        1⤵
                                                                                                                                                                                          PID:7948
                                                                                                                                                                                        • C:\Users\Admin\Downloads\gabrai_fav_pictures.exe
                                                                                                                                                                                          "C:\Users\Admin\Downloads\gabrai_fav_pictures.exe"
                                                                                                                                                                                          1⤵
                                                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                                                          PID:8088
                                                                                                                                                                                        • C:\Users\Admin\Downloads\gabrai_fav_pictures.exe
                                                                                                                                                                                          "C:\Users\Admin\Downloads\gabrai_fav_pictures.exe"
                                                                                                                                                                                          1⤵
                                                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                                                          PID:2840
                                                                                                                                                                                        • C:\Users\Admin\Downloads\gabrai_fav_pictures.exe
                                                                                                                                                                                          "C:\Users\Admin\Downloads\gabrai_fav_pictures.exe"
                                                                                                                                                                                          1⤵
                                                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                                                          PID:5040
                                                                                                                                                                                        • C:\Users\Admin\Downloads\gabrai_fav_pictures.exe
                                                                                                                                                                                          "C:\Users\Admin\Downloads\gabrai_fav_pictures.exe"
                                                                                                                                                                                          1⤵
                                                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                                                          PID:7092
                                                                                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument C:\Users\Admin\Downloads\RestoreShow.shtml
                                                                                                                                                                                          1⤵
                                                                                                                                                                                            PID:4924
                                                                                                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0x84,0x108,0x7ff89561cc40,0x7ff89561cc4c,0x7ff89561cc58
                                                                                                                                                                                              2⤵
                                                                                                                                                                                                PID:7480
                                                                                                                                                                                            • C:\Windows\System32\WScript.exe
                                                                                                                                                                                              "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\DenyMove.vbe"
                                                                                                                                                                                              1⤵
                                                                                                                                                                                                PID:8024
                                                                                                                                                                                              • C:\Program Files\VideoLAN\VLC\vlc.exe
                                                                                                                                                                                                "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\ConvertRevoke.mp4v"
                                                                                                                                                                                                1⤵
                                                                                                                                                                                                • Suspicious behavior: AddClipboardFormatListener
                                                                                                                                                                                                • Suspicious behavior: GetForegroundWindowSpam
                                                                                                                                                                                                • Suspicious use of FindShellTrayWindow
                                                                                                                                                                                                • Suspicious use of SendNotifyMessage
                                                                                                                                                                                                • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                PID:7748
                                                                                                                                                                                              • C:\Users\Admin\Downloads\gabrai_fav_pictures.exe
                                                                                                                                                                                                "C:\Users\Admin\Downloads\gabrai_fav_pictures.exe"
                                                                                                                                                                                                1⤵
                                                                                                                                                                                                • Executes dropped EXE
                                                                                                                                                                                                PID:916

                                                                                                                                                                                              Network

                                                                                                                                                                                              MITRE ATT&CK Enterprise v15

                                                                                                                                                                                              Replay Monitor

                                                                                                                                                                                              Loading Replay Monitor...

                                                                                                                                                                                              Downloads

                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

                                                                                                                                                                                                Filesize

                                                                                                                                                                                                40B

                                                                                                                                                                                                MD5

                                                                                                                                                                                                11d253b3a6f1f94b363fcb04e607acd2

                                                                                                                                                                                                SHA1

                                                                                                                                                                                                9917081d96e0d89a6c6997cc2d4aad6366ecfcbc

                                                                                                                                                                                                SHA256

                                                                                                                                                                                                20152f2fc1ca7717b9b858435b3658ce0879f28944bf822210e5ac5e148cc7ff

                                                                                                                                                                                                SHA512

                                                                                                                                                                                                101086c8c2805dcb8bb4e2a3c979574fea1cf0268859804c350f05a85945216de51bce90981a11d08c9a7043efee5130ede5c5a376cd86707dcc90c0e4f45334

                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                                                                                                                                                                                                Filesize

                                                                                                                                                                                                649B

                                                                                                                                                                                                MD5

                                                                                                                                                                                                6c454c64dff97b7d7bab63d3bde73831

                                                                                                                                                                                                SHA1

                                                                                                                                                                                                0460839fab7cc145eefb795ff3f72c16f0ec5dea

                                                                                                                                                                                                SHA256

                                                                                                                                                                                                ed01caced00bfe157f6e8f4f8a33120b57f82017b5400a60fa535517e4d0acde

                                                                                                                                                                                                SHA512

                                                                                                                                                                                                0c578560e20df56c6e6da07e9480469e2c0ac7bdccd80a88266405a0ed6e01f01d0be307e982f07ae4ed431991f8bca036be8605af9cfa6458b87eeb1ea62f27

                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

                                                                                                                                                                                                Filesize

                                                                                                                                                                                                33KB

                                                                                                                                                                                                MD5

                                                                                                                                                                                                f4946c6c00c02c5bd56a15a249d59027

                                                                                                                                                                                                SHA1

                                                                                                                                                                                                32b90ac087c7b8f8e521ad109953863cf724f9d2

                                                                                                                                                                                                SHA256

                                                                                                                                                                                                06aecc4bfe2f6c7f969419dd1876191431951a00a0f2dfa48818cfb0204afb52

                                                                                                                                                                                                SHA512

                                                                                                                                                                                                4ee547b40f3b9c79a1aa1b856f8725a9f18b2877afcc1eb5a65434b16bcc1ca52ef7a166d1b50eb14cf38049cd8b9347c64892119ab1afcfca319756615400e0

                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

                                                                                                                                                                                                Filesize

                                                                                                                                                                                                153KB

                                                                                                                                                                                                MD5

                                                                                                                                                                                                1b2731006f2b2597b02859e501bc2d4c

                                                                                                                                                                                                SHA1

                                                                                                                                                                                                118d27a703cef3fb083593a56bbc93e62420f30a

                                                                                                                                                                                                SHA256

                                                                                                                                                                                                59dc184cbc1a318493460d1d78999cfdaaaac9a457b5a3a02c2567dfa17314bd

                                                                                                                                                                                                SHA512

                                                                                                                                                                                                f7452f91afe2fbfcb04f80dc7b051d874224de8790bbc53858678332a6b49f7295a15989a587811e1e8fb58a38625ec3e15657d88a367fd50d5b201d7abbe90c

                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002f

                                                                                                                                                                                                Filesize

                                                                                                                                                                                                20KB

                                                                                                                                                                                                MD5

                                                                                                                                                                                                a4f3afc86190a2d47f56664367af370e

                                                                                                                                                                                                SHA1

                                                                                                                                                                                                57613bcb2a288ef2508e847e7ba35d52f2e87de5

                                                                                                                                                                                                SHA256

                                                                                                                                                                                                52fd14eb766bc6676dd81e3bb50a4dad1891bb9a47e38c3ec620aa6c2b487c42

                                                                                                                                                                                                SHA512

                                                                                                                                                                                                bae75c59141ee60ef1fc2c745117fafea3d386b64f2f67c1022909f295228578bfc5e5e49de5a2f2efd57e75affc0a7d09fbee8fa50aadd82aff446773fc690e

                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                                                                                                Filesize

                                                                                                                                                                                                2KB

                                                                                                                                                                                                MD5

                                                                                                                                                                                                f8c20a17acb51af2ffb38ec503d02f06

                                                                                                                                                                                                SHA1

                                                                                                                                                                                                275ee880e0f0dcef3c8015f9bf4e6562abdd4133

                                                                                                                                                                                                SHA256

                                                                                                                                                                                                7097ed0f1fff51f014c99fbd3f0cea46ab65dc3af4b998c4e797ea56068c0721

                                                                                                                                                                                                SHA512

                                                                                                                                                                                                05fb2302733de0fcadefdb971caefd72b500afe50507fac33360f45c8545b04af2ba42961ac56f58e9c07498f40e29aa18854fc0a2f1d1c2b9cc3e55f394db5f

                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

                                                                                                                                                                                                Filesize

                                                                                                                                                                                                264KB

                                                                                                                                                                                                MD5

                                                                                                                                                                                                162020379683020831eab010fa0cfbb1

                                                                                                                                                                                                SHA1

                                                                                                                                                                                                185e549b042397606f017f1d980f647fb17e0d5a

                                                                                                                                                                                                SHA256

                                                                                                                                                                                                36921c89884661b6e31781ee394af24e606be2e25ccf253799f5bfd29e27d6ec

                                                                                                                                                                                                SHA512

                                                                                                                                                                                                2555d3dfa3e2755d5fae6763dca2935a93ec403219a8064a09678f7000f3c2c943022bd61e152f0bc1436b18361c3bd839b64e9fab32dee3363c7f5717f9bd0b

                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                                                                                                                Filesize

                                                                                                                                                                                                37KB

                                                                                                                                                                                                MD5

                                                                                                                                                                                                0fe8def0de882eb46f754a2e4083b638

                                                                                                                                                                                                SHA1

                                                                                                                                                                                                f4972bce528365d867d05981a6587e04c7e3e47d

                                                                                                                                                                                                SHA256

                                                                                                                                                                                                7841df49ce91b1e4cc68316b02cd163dcb18d66f5834168c2174f91f33e1bc19

                                                                                                                                                                                                SHA512

                                                                                                                                                                                                9dd953025bc0996fd203038c2556518ea7dedce033ce5b64491138f7cf01baa71dd89c01471bce7eec6daf5a955b10e673e52474b4533fdc9712982d54f7bbcf

                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                                                                                                                                                                                Filesize

                                                                                                                                                                                                2B

                                                                                                                                                                                                MD5

                                                                                                                                                                                                d751713988987e9331980363e24189ce

                                                                                                                                                                                                SHA1

                                                                                                                                                                                                97d170e1550eee4afc0af065b78cda302a97674c

                                                                                                                                                                                                SHA256

                                                                                                                                                                                                4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                                                                                                                                SHA512

                                                                                                                                                                                                b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                                Filesize

                                                                                                                                                                                                5KB

                                                                                                                                                                                                MD5

                                                                                                                                                                                                bf975d5bc723d07cf614bcc43c7a2cdf

                                                                                                                                                                                                SHA1

                                                                                                                                                                                                dec8942dfbab9618f2103f6e530ad40989d84685

                                                                                                                                                                                                SHA256

                                                                                                                                                                                                5ad6a4c53cbbe474f070397e2377a17ac1fac79e12b4ec708233e5566a01d8ad

                                                                                                                                                                                                SHA512

                                                                                                                                                                                                b96f97451ab769e434fcb3015bd5b0c49a83fc3dbba99ab29bea3c6498f08a7636539e352f38cbfe9975152f54287ee5a5dd50a3b59dd0e99222d82d1831b320

                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                                Filesize

                                                                                                                                                                                                3KB

                                                                                                                                                                                                MD5

                                                                                                                                                                                                d5b79642613d7ca9e334186c5d67f4d0

                                                                                                                                                                                                SHA1

                                                                                                                                                                                                78f44a9d6c288a76e7f04a930fb065a0a26bef9f

                                                                                                                                                                                                SHA256

                                                                                                                                                                                                c04a2b00005229e5aa72ee8c9067567b081abe82945c766a2e4019ed5b04878e

                                                                                                                                                                                                SHA512

                                                                                                                                                                                                6679986ea603e27aa5b88870ed960bb519c954ac8263d4c70ca6fb0a873f56876fbfdd30d2c86aad84528b8bf5e862bd20a117b2c283665fee59784b48807078

                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                                Filesize

                                                                                                                                                                                                5KB

                                                                                                                                                                                                MD5

                                                                                                                                                                                                847d8ca3a192b8894f15d715ac9579ea

                                                                                                                                                                                                SHA1

                                                                                                                                                                                                e08c1b71986b6839602493e3dd3a1438ed94743d

                                                                                                                                                                                                SHA256

                                                                                                                                                                                                d6ac2dd9108179d5ea6fa7e4b08088cdc1fd1a252cc1cfa981d038cb5ee1f423

                                                                                                                                                                                                SHA512

                                                                                                                                                                                                0a26e27f485971da8e45b93bcb5041253b295dd956448b2d90f6a785376bd6009724e6a80798163d6c474cb4f161279f228a3d887d02a23985a1d5c45fb6496e

                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\e0bc5add-b3ea-48aa-8467-53743f263f2d.tmp

                                                                                                                                                                                                Filesize

                                                                                                                                                                                                35KB

                                                                                                                                                                                                MD5

                                                                                                                                                                                                63cac5510298dccd1a0b23d250d80c20

                                                                                                                                                                                                SHA1

                                                                                                                                                                                                6efc407bce9b20737176178982b1a701085a0d4c

                                                                                                                                                                                                SHA256

                                                                                                                                                                                                5370081789d621a9925d448cf4989001774498ab3af30c9acbb8b0dac813bdb6

                                                                                                                                                                                                SHA512

                                                                                                                                                                                                7dc6c8fe94e45ecbd4c7dc7503ca3e3369a84b97cd98299e16fca78020ddf69e19a2d3dbbd577ad0912ef60d8f75d074d8d5f2f1c80d8390f451ac323cbc6661

                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                                                Filesize

                                                                                                                                                                                                9KB

                                                                                                                                                                                                MD5

                                                                                                                                                                                                aa6b62aff461c73a5d506b7e9ffaa599

                                                                                                                                                                                                SHA1

                                                                                                                                                                                                ba23032031098338cc935b8126120b517c65f25a

                                                                                                                                                                                                SHA256

                                                                                                                                                                                                20d70f24cd211e65ef94e7f7bf5a95a393c47238e5c5b53f7f39f9537c3fcd5f

                                                                                                                                                                                                SHA512

                                                                                                                                                                                                94d6e88e96583952421d91bbf8e10d90f22d546b9387aa89f9408659491529eba1f7f4027ab19d088e1622c5be9d2535d803e9a61f33b5ddc71fb094ab360caa

                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                                                Filesize

                                                                                                                                                                                                9KB

                                                                                                                                                                                                MD5

                                                                                                                                                                                                b423b25024f4bb097856d22ab7a7aacb

                                                                                                                                                                                                SHA1

                                                                                                                                                                                                286f82dec8703ac8cba1d852fb5acc23132f16a3

                                                                                                                                                                                                SHA256

                                                                                                                                                                                                26951349871a3cec31d0b6373b405bf1a3bab108ec04b6dfa38d953a4c485513

                                                                                                                                                                                                SHA512

                                                                                                                                                                                                aae11900fd892e676c1ef07ebeec5610528e83238f6b9bf8e387f7f9865e5ebb1aeaec4f1b599625188f8fce2a37c67aabc4065efa621b1a13b5ae3af6934dd9

                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                                                Filesize

                                                                                                                                                                                                9KB

                                                                                                                                                                                                MD5

                                                                                                                                                                                                0b933dc790dc52d185998f67f82601f9

                                                                                                                                                                                                SHA1

                                                                                                                                                                                                22b656825c0e91415b3e35d9f20731c4a431e888

                                                                                                                                                                                                SHA256

                                                                                                                                                                                                65e0faf155fffe780c9ff0bb6dfe72ead60cb8d227b91d4409e506df39eef5f5

                                                                                                                                                                                                SHA512

                                                                                                                                                                                                4f0c2d542442033b6467ae0ab3cb6dc353d88aab80d4660a47db3a5aad3bf1e518104be54a310e0ed1cd14519a1e85065b74f6916274b82f8afb419ca8d6bb35

                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                                                Filesize

                                                                                                                                                                                                9KB

                                                                                                                                                                                                MD5

                                                                                                                                                                                                7df319841a98af4bf4fe80a0411eec81

                                                                                                                                                                                                SHA1

                                                                                                                                                                                                f7a07c2b162e4c859d375ce530d70e4197dd9e9c

                                                                                                                                                                                                SHA256

                                                                                                                                                                                                fbf3f6e2f25ffe8fac5c7e20ac3c4a83557f094d84ed9943e8585a847c73b638

                                                                                                                                                                                                SHA512

                                                                                                                                                                                                6f72449b9dace0de9a0d6bae376ef7cf9296ad643bbe29b8175c963a41b25897f5969b06132446b9d262d25b48f40e677091cbe0b064d40b94d54b4ba955e35c

                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                                                Filesize

                                                                                                                                                                                                10KB

                                                                                                                                                                                                MD5

                                                                                                                                                                                                995daabe01249c16899cf46b81660b73

                                                                                                                                                                                                SHA1

                                                                                                                                                                                                9c873dd2c9c9c08cac76c03e9fab702fe6f3c803

                                                                                                                                                                                                SHA256

                                                                                                                                                                                                ccb95da9be250e291983963af1a0f67f4548ebcb0b01cbf15224c9ec98787c0a

                                                                                                                                                                                                SHA512

                                                                                                                                                                                                110405907e16415a904d62bcd0c8e36976fdd5a9dad508e52cefac62724e5c05471aa4f330e4e41c9fcfb5fd64078cf4b6dfde7dbbf8437d4a702252bf23efba

                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                                                Filesize

                                                                                                                                                                                                9KB

                                                                                                                                                                                                MD5

                                                                                                                                                                                                a2c0acdda072e8e98a77324016a786d3

                                                                                                                                                                                                SHA1

                                                                                                                                                                                                151168e85306fc36dce0382f961e303cef6e0ed2

                                                                                                                                                                                                SHA256

                                                                                                                                                                                                2871549210b1051d733d0b4c171656126ea2f56810ebe83504f5f4e1677e4342

                                                                                                                                                                                                SHA512

                                                                                                                                                                                                8f89f0c6d528b528447091c2e7a8702cbeb211d35e3db5e701bba0e768b580b4f3687afa80b7dd49384763a8d9a661368c6ef07020d4272f74dc3daa96e37233

                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                                                Filesize

                                                                                                                                                                                                9KB

                                                                                                                                                                                                MD5

                                                                                                                                                                                                f272ad3e955503c97b7c35aa1051af0b

                                                                                                                                                                                                SHA1

                                                                                                                                                                                                f5dfae86a24d9c6fd5fe7315aa3db755c55eaad7

                                                                                                                                                                                                SHA256

                                                                                                                                                                                                292b695dcf43b973e2d0a5e0e862f6ba6fdf233c9a9d2f6503e00ee71269ab71

                                                                                                                                                                                                SHA512

                                                                                                                                                                                                ef46a5a5c48a1402b2b7594a60b9995775d228c390d1764c388e81c0325f652ebef7e04a83bddf3fc279204286a86596132107e9ad439b1d417429e5c6f62ae8

                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                                                Filesize

                                                                                                                                                                                                9KB

                                                                                                                                                                                                MD5

                                                                                                                                                                                                8e83baf9502452f6f0da7a5d4c21b365

                                                                                                                                                                                                SHA1

                                                                                                                                                                                                142d67ecd3ba1e2aedab3dcc22e95840285df6fe

                                                                                                                                                                                                SHA256

                                                                                                                                                                                                7641f0d9a13db32e4a1f3f3175c65916663b46ff26ce10f9c64de014b53e5d02

                                                                                                                                                                                                SHA512

                                                                                                                                                                                                5aabe294eb95050668b9d4f9e5bd10095180fc9496b3877f792f9cd180d319ea08093fea34234f8806e44e0242be1f8a218057acde4afd5d6c648f0cd0bafffe

                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                                                                                Filesize

                                                                                                                                                                                                228KB

                                                                                                                                                                                                MD5

                                                                                                                                                                                                bdf9b3a0bf2443ec16705712b0731fcd

                                                                                                                                                                                                SHA1

                                                                                                                                                                                                a8c525085b6abc7c29d3ba0752c6bfb9835e740a

                                                                                                                                                                                                SHA256

                                                                                                                                                                                                35524248a7375ff54eb5ed08528159dd1c83e669364479ac28f3a2068d012261

                                                                                                                                                                                                SHA512

                                                                                                                                                                                                4a015a9d29b81ed8d0cbd6519e3e110c7f036fb68ba3be080b2d9f5ff46db4296fd0324897016117c897156580f6d404646c2e02782927763f5e493bc928c7d7

                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                                                                                Filesize

                                                                                                                                                                                                228KB

                                                                                                                                                                                                MD5

                                                                                                                                                                                                9af7ea0601c666433d12c92e9b0ffa65

                                                                                                                                                                                                SHA1

                                                                                                                                                                                                896e7f95cb387a003137789baa1e6aa11ae925e2

                                                                                                                                                                                                SHA256

                                                                                                                                                                                                4ea7b6de33c697568f5135719e81bfc880854f2c453f19bfad6f983a7e14a0fc

                                                                                                                                                                                                SHA512

                                                                                                                                                                                                4419ab3bc86b623be2638a034e1ccdc939a2cdf282f92bafd2bac91aa64185fa1bce93539467575ca92d14690c5d1d8ec744da20ceda27d5ef77020e40ebe515

                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                                                                                Filesize

                                                                                                                                                                                                228KB

                                                                                                                                                                                                MD5

                                                                                                                                                                                                2c99ae7680fd6f7631b3d657ae101780

                                                                                                                                                                                                SHA1

                                                                                                                                                                                                73e62b1dc74ceb13da995e4a4f3ac55b5057dd81

                                                                                                                                                                                                SHA256

                                                                                                                                                                                                8b2de6befb00d07fc398d11014c14e6290fc507a4f81613a328c891639345643

                                                                                                                                                                                                SHA512

                                                                                                                                                                                                77e4186ff08a7ac2fe4f156b4899fbc5205798d8bab0f273de920ab3ad3821393b21cf14abbe08e2d867d7251e71905bc61acb615d07d8bb00854b9a8e5245b6

                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\b6d898ba-c499-46fc-92cb-b213119ca943.down_data

                                                                                                                                                                                                Filesize

                                                                                                                                                                                                555KB

                                                                                                                                                                                                MD5

                                                                                                                                                                                                5683c0028832cae4ef93ca39c8ac5029

                                                                                                                                                                                                SHA1

                                                                                                                                                                                                248755e4e1db552e0b6f8651b04ca6d1b31a86fb

                                                                                                                                                                                                SHA256

                                                                                                                                                                                                855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

                                                                                                                                                                                                SHA512

                                                                                                                                                                                                aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

                                                                                                                                                                                              • C:\Users\Admin\Downloads\gabrai_fav_pictures.exe

                                                                                                                                                                                                Filesize

                                                                                                                                                                                                78KB

                                                                                                                                                                                                MD5

                                                                                                                                                                                                dd3d1cbbd4f28cf1a56b4473d1ffd2f7

                                                                                                                                                                                                SHA1

                                                                                                                                                                                                8553fb973fe405a51f9104d875b7e2fff8e12e8d

                                                                                                                                                                                                SHA256

                                                                                                                                                                                                04ba29bb780da72c7215a583ec9bafb9a4595ee2b7619433011c87f512f46dd5

                                                                                                                                                                                                SHA512

                                                                                                                                                                                                7279f8fb9a1ebc9fa25396c86e3f5ce37fd03e0ad03d744e5c249ff14181fc225b58d875c0a32d098ac67699604ae31c35ea7f91b3ed8a1fc18bb174b85f5d09

                                                                                                                                                                                              • C:\Users\Admin\Downloads\gabrai_fav_pictures.exe:Zone.Identifier

                                                                                                                                                                                                Filesize

                                                                                                                                                                                                98B

                                                                                                                                                                                                MD5

                                                                                                                                                                                                c337983ae0eab925997d1ef09bea4e77

                                                                                                                                                                                                SHA1

                                                                                                                                                                                                040f72a39d3598428cac77e965b6b855cba9e1ad

                                                                                                                                                                                                SHA256

                                                                                                                                                                                                501da9396ca13dc9d5e903879a72254361045ec7936f96e4fb8668638b218336

                                                                                                                                                                                                SHA512

                                                                                                                                                                                                3d5344e653a53d6261b2e11a25f69581d2ec367ec6ce0e4aaeb78fdd6bf973784f4741851c74da230ee138da4b5f93e3337d68223ab963b0356211d9bd4a33c2

                                                                                                                                                                                              • memory/7008-333-0x00007FF880B53000-0x00007FF880B55000-memory.dmp

                                                                                                                                                                                                Filesize

                                                                                                                                                                                                8KB

                                                                                                                                                                                              • memory/7008-337-0x000001DB6E310000-0x000001DB6E838000-memory.dmp

                                                                                                                                                                                                Filesize

                                                                                                                                                                                                5.2MB

                                                                                                                                                                                              • memory/7008-394-0x00007FF880B50000-0x00007FF881612000-memory.dmp

                                                                                                                                                                                                Filesize

                                                                                                                                                                                                10.8MB

                                                                                                                                                                                              • memory/7008-336-0x00007FF880B50000-0x00007FF881612000-memory.dmp

                                                                                                                                                                                                Filesize

                                                                                                                                                                                                10.8MB

                                                                                                                                                                                              • memory/7008-334-0x000001DB6B4E0000-0x000001DB6B4F8000-memory.dmp

                                                                                                                                                                                                Filesize

                                                                                                                                                                                                96KB

                                                                                                                                                                                              • memory/7008-729-0x000001DB6DF40000-0x000001DB6E0C7000-memory.dmp

                                                                                                                                                                                                Filesize

                                                                                                                                                                                                1.5MB

                                                                                                                                                                                              • memory/7008-393-0x000001DB6DE90000-0x000001DB6DF3A000-memory.dmp

                                                                                                                                                                                                Filesize

                                                                                                                                                                                                680KB

                                                                                                                                                                                              • memory/7008-335-0x000001DB6DB10000-0x000001DB6DCD2000-memory.dmp

                                                                                                                                                                                                Filesize

                                                                                                                                                                                                1.8MB

                                                                                                                                                                                              • memory/7008-382-0x00007FF880B50000-0x00007FF881612000-memory.dmp

                                                                                                                                                                                                Filesize

                                                                                                                                                                                                10.8MB

                                                                                                                                                                                              • memory/7008-412-0x00007FF880B50000-0x00007FF881612000-memory.dmp

                                                                                                                                                                                                Filesize

                                                                                                                                                                                                10.8MB

                                                                                                                                                                                              • memory/7008-372-0x00007FF880B53000-0x00007FF880B55000-memory.dmp

                                                                                                                                                                                                Filesize

                                                                                                                                                                                                8KB

                                                                                                                                                                                              • memory/7008-730-0x000001DB6E0D0000-0x000001DB6E2DE000-memory.dmp

                                                                                                                                                                                                Filesize

                                                                                                                                                                                                2.1MB

                                                                                                                                                                                              • memory/7748-764-0x00007FF7B3C00000-0x00007FF7B3CF8000-memory.dmp

                                                                                                                                                                                                Filesize

                                                                                                                                                                                                992KB

                                                                                                                                                                                              • memory/7748-765-0x00007FF898640000-0x00007FF898674000-memory.dmp

                                                                                                                                                                                                Filesize

                                                                                                                                                                                                208KB

                                                                                                                                                                                              • memory/7748-766-0x00007FF894E10000-0x00007FF8950C6000-memory.dmp

                                                                                                                                                                                                Filesize

                                                                                                                                                                                                2.7MB

                                                                                                                                                                                              • memory/7748-767-0x00007FF882B30000-0x00007FF883BE0000-memory.dmp

                                                                                                                                                                                                Filesize

                                                                                                                                                                                                16.7MB