asyncrat | eb37b4ffa493ed2235c6324772ffe5aeaf139017c62b9db98fda14e42df3336c

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
22-12-2024 10:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

X48-EXT-Loader.exe
Size

3.1MB
MD5

e581e122721fd49ac3bd16fd6873cf73
SHA1

cc39e5a0d9c597c13d064b483d85b17b2ea4b194
SHA256

eb37b4ffa493ed2235c6324772ffe5aeaf139017c62b9db98fda14e42df3336c
SHA512

b4344623ef3b65bedf5612841a8379b69f8fb0362bbc98499c4c43019992e04b35c179791f71f524c3d639cf10d146d0370d4139cb534cc06d8c0c7af572211a
SSDEEP

49152:zFWCBLUlZtEYk8QEFfM/AYWpJqzLzg5WDw94TqaSCK2PAnbuOEa2pz7kIls:1h8EYk89fM4YWp8WaNRAbufpzQI

Score

10^/10

asyncrat redline sectoprat fivem rlma678dl4op discovery infostealer rat trojan

Malware Config

Extracted

Family

asyncrat

Version

5.0.5

Botnet

FiveM

23.27.201.57:4449

Mutex

f37qp84ilrw

Attributes

delay
590
install
true
install_file
/WindowsRuntime/WindowsClientRuntime.exe
install_folder
%AppData%

aes.plain

Extracted

Family

redline

Botnet

rlma678DL4Op

23.27.201.57:1337

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat
Asyncrat family
asyncrat
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 2 IoCs

resource	yara_rule
behavioral2/files/0x0007000000023cd2-17.dat	family_redline
behavioral2/memory/5064-35-0x00000000007A0000-0x00000000007BE000-memory.dmp	family_redline

Redline family
redline
SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
trojan rat sectoprat

SectopRAT payload 2 IoCs

resource	yara_rule
behavioral2/files/0x0007000000023cd2-17.dat	family_sectoprat
behavioral2/memory/5064-35-0x00000000007A0000-0x00000000007BE000-memory.dmp	family_sectoprat

Sectoprat family
sectoprat

Async RAT payload 1 IoCs

rat

resource	yara_rule
behavioral2/files/0x000a000000023c6d-6.dat	family_asyncrat

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	X48-EXT-Loader.exe

Executes dropped EXE 3 IoCs

pid	Process
3232	mem_dll-injector-1.1.exe
5064	REX.exe
3256	Veax EXT NEWW.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	REX.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133793360272298148"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2948	chrome.exe
2948	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	5064	REX.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 952 wrote to memory of 3232	952	X48-EXT-Loader.exe	82
PID 952 wrote to memory of 3232	952	X48-EXT-Loader.exe	82
PID 952 wrote to memory of 5064	952	X48-EXT-Loader.exe	83
PID 952 wrote to memory of 5064	952	X48-EXT-Loader.exe	83
PID 952 wrote to memory of 5064	952	X48-EXT-Loader.exe	83
PID 952 wrote to memory of 3256	952	X48-EXT-Loader.exe	85
PID 952 wrote to memory of 3256	952	X48-EXT-Loader.exe	85
PID 2948 wrote to memory of 1936	2948	chrome.exe	96
PID 2948 wrote to memory of 1936	2948	chrome.exe	96
PID 2948 wrote to memory of 3156	2948	chrome.exe	97
PID 2948 wrote to memory of 3156	2948	chrome.exe	97
PID 2948 wrote to memory of 3156	2948	chrome.exe	97
PID 2948 wrote to memory of 3156	2948	chrome.exe	97
PID 2948 wrote to memory of 3156	2948	chrome.exe	97
PID 2948 wrote to memory of 3156	2948	chrome.exe	97
PID 2948 wrote to memory of 3156	2948	chrome.exe	97
PID 2948 wrote to memory of 3156	2948	chrome.exe	97
PID 2948 wrote to memory of 3156	2948	chrome.exe	97
PID 2948 wrote to memory of 3156	2948	chrome.exe	97
PID 2948 wrote to memory of 3156	2948	chrome.exe	97
PID 2948 wrote to memory of 3156	2948	chrome.exe	97
PID 2948 wrote to memory of 3156	2948	chrome.exe	97
PID 2948 wrote to memory of 3156	2948	chrome.exe	97
PID 2948 wrote to memory of 3156	2948	chrome.exe	97
PID 2948 wrote to memory of 3156	2948	chrome.exe	97
PID 2948 wrote to memory of 3156	2948	chrome.exe	97
PID 2948 wrote to memory of 3156	2948	chrome.exe	97
PID 2948 wrote to memory of 3156	2948	chrome.exe	97
PID 2948 wrote to memory of 3156	2948	chrome.exe	97
PID 2948 wrote to memory of 3156	2948	chrome.exe	97
PID 2948 wrote to memory of 3156	2948	chrome.exe	97
PID 2948 wrote to memory of 3156	2948	chrome.exe	97
PID 2948 wrote to memory of 3156	2948	chrome.exe	97
PID 2948 wrote to memory of 3156	2948	chrome.exe	97
PID 2948 wrote to memory of 3156	2948	chrome.exe	97
PID 2948 wrote to memory of 3156	2948	chrome.exe	97
PID 2948 wrote to memory of 3156	2948	chrome.exe	97
PID 2948 wrote to memory of 3156	2948	chrome.exe	97
PID 2948 wrote to memory of 3156	2948	chrome.exe	97
PID 2948 wrote to memory of 2492	2948	chrome.exe	98
PID 2948 wrote to memory of 2492	2948	chrome.exe	98
PID 2948 wrote to memory of 2468	2948	chrome.exe	99
PID 2948 wrote to memory of 2468	2948	chrome.exe	99
PID 2948 wrote to memory of 2468	2948	chrome.exe	99
PID 2948 wrote to memory of 2468	2948	chrome.exe	99
PID 2948 wrote to memory of 2468	2948	chrome.exe	99
PID 2948 wrote to memory of 2468	2948	chrome.exe	99
PID 2948 wrote to memory of 2468	2948	chrome.exe	99
PID 2948 wrote to memory of 2468	2948	chrome.exe	99
PID 2948 wrote to memory of 2468	2948	chrome.exe	99
PID 2948 wrote to memory of 2468	2948	chrome.exe	99
PID 2948 wrote to memory of 2468	2948	chrome.exe	99
PID 2948 wrote to memory of 2468	2948	chrome.exe	99
PID 2948 wrote to memory of 2468	2948	chrome.exe	99
PID 2948 wrote to memory of 2468	2948	chrome.exe	99
PID 2948 wrote to memory of 2468	2948	chrome.exe	99
PID 2948 wrote to memory of 2468	2948	chrome.exe	99
PID 2948 wrote to memory of 2468	2948	chrome.exe	99
PID 2948 wrote to memory of 2468	2948	chrome.exe	99
PID 2948 wrote to memory of 2468	2948	chrome.exe	99
PID 2948 wrote to memory of 2468	2948	chrome.exe	99
PID 2948 wrote to memory of 2468	2948	chrome.exe	99
PID 2948 wrote to memory of 2468	2948	chrome.exe	99
PID 2948 wrote to memory of 2468	2948	chrome.exe	99

C:\Users\Admin\AppData\Local\Temp\X48-EXT-Loader.exe
"C:\Users\Admin\AppData\Local\Temp\X48-EXT-Loader.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:952
- C:\Users\Admin\AppData\Local\Temp\mem_dll-injector-1.1.exe
  "C:\Users\Admin\AppData\Local\Temp\mem_dll-injector-1.1.exe"
  2⤵
  - Executes dropped EXE
  PID:3232
- C:\Users\Admin\AppData\Local\Temp\REX.exe
  "C:\Users\Admin\AppData\Local\Temp\REX.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:5064
- C:\Users\Admin\AppData\Local\Temp\Veax EXT NEWW.exe
  "C:\Users\Admin\AppData\Local\Temp\Veax EXT NEWW.exe"
  2⤵
  - Executes dropped EXE
  PID:3256

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff862eecc40,0x7ff862eecc4c,0x7ff862eecc58
  2⤵
  PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1836,i,6320547477592563221,15019750460637106787,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1752 /prefetch:2
  2⤵
  PID:3156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1852,i,6320547477592563221,15019750460637106787,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2028 /prefetch:3
  2⤵
  PID:2492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2248,i,6320547477592563221,15019750460637106787,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2300 /prefetch:8
  2⤵
  PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,6320547477592563221,15019750460637106787,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3188,i,6320547477592563221,15019750460637106787,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4532,i,6320547477592563221,15019750460637106787,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4504 /prefetch:1
  2⤵
  PID:1244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4940,i,6320547477592563221,15019750460637106787,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4944 /prefetch:8
  2⤵
  PID:3148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4656,i,6320547477592563221,15019750460637106787,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4660 /prefetch:8
  2⤵
  PID:708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5216,i,6320547477592563221,15019750460637106787,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5228 /prefetch:8
  2⤵
  PID:4120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5368,i,6320547477592563221,15019750460637106787,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5212 /prefetch:8
  2⤵
  PID:3752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5480,i,6320547477592563221,15019750460637106787,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5232 /prefetch:8
  2⤵
  PID:2368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5244,i,6320547477592563221,15019750460637106787,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5360 /prefetch:8
  2⤵
  PID:2780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5484,i,6320547477592563221,15019750460637106787,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5732 /prefetch:2
  2⤵
  PID:1032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4972,i,6320547477592563221,15019750460637106787,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3208,i,6320547477592563221,15019750460637106787,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3328,i,6320547477592563221,15019750460637106787,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:1388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3272,i,6320547477592563221,15019750460637106787,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5828,i,6320547477592563221,15019750460637106787,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:3148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5760,i,6320547477592563221,15019750460637106787,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5220,i,6320547477592563221,15019750460637106787,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6032,i,6320547477592563221,15019750460637106787,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5016,i,6320547477592563221,15019750460637106787,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6236 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5972,i,6320547477592563221,15019750460637106787,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5992 /prefetch:1
  2⤵
  PID:1844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=4912,i,6320547477592563221,15019750460637106787,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4636 /prefetch:1
  2⤵
  PID:1916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5796,i,6320547477592563221,15019750460637106787,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6220 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5644,i,6320547477592563221,15019750460637106787,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5404 /prefetch:8
  2⤵
  PID:4332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5780,i,6320547477592563221,15019750460637106787,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5960 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=4280,i,6320547477592563221,15019750460637106787,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:2552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=4616,i,6320547477592563221,15019750460637106787,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6444 /prefetch:1
  2⤵
  PID:1728

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1828

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1516

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
37adf67503ab3db739985a2e5a0e4467

SHA1
3366d9484edd88475ca734dbd18ece0f197d2a04

SHA256
e5b8be00b3a4797a42370ff72ca7a0f70e5c7faff20506be4b43db88270955a1

SHA512
3ac9952b1ba2e6378a094ca049085b33ae1ac287c5db7b82750eb784ad27c6241c7d5178859a693b4651d70d51ddd41f6fb7ee5e65b17ae4d2942ff345d66d1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
119KB

MD5
5767cb8c333bb997452e40d8eaa00766

SHA1
9bbc46938b294ba2f498e236602c9b598e65cf28

SHA256
7686033302977cc687d80f70f43c2512ed5d793be981d6ae70c5f55d9f3cbb30

SHA512
a27fdf55ca9efa772a46762ca5d7ff4aca06baa1d306f60c9c96a37b17d7aa663b3f10101ead66b435022b99d25267208b2f8e2101b67836a1457b3532edb147

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
52KB

MD5
883c5f6e3d6e930a8db0fede968f6fdd

SHA1
e1cc5e396ca7aeed6d338f2a5c403c1e1267d25e

SHA256
b94a3b5dd0b7b1d3ebd6f2a0b59a4f7d0835c7acc59f7eb94c18617cde6c98b8

SHA512
7f4021cd19d7e6d7897be10a3f363104ab8f104ba16fab2d0532ea4a1b9e7e8beecbffb53acf7d58809de1324afbad4189a87111058b2bef01e9fc2d8df834b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c

Filesize
67KB

MD5
bcfda9afc202574572f0247968812014

SHA1
80f8af2d5d2f978a3969a56256aace20e893fb3f

SHA256
7c970cd163690addf4a69faf5aea65e7f083ca549f75a66d04a73cb793a00f91

SHA512
508ca6011abb2ec4345c3b80bd89979151fee0a0de851f69b7aa06e69c89f6d8c3b6144f2f4715112c896c5b8a3e3e9cd49b05c9b507602d7f0d6b10061b17bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000033

Filesize
20KB

MD5
59ee96aea4061c8a38d2506c4805354c

SHA1
273902cf69f0ac50ad5c654fa14ca8ddc295b99f

SHA256
7c8672db679b72c70317a6edbf0c2311ed3653e1d911376cf232e334ec7eaf4f

SHA512
6ddc4427481f02ee4f3246384671ff8d41d856d8b0e281c651431a2377b16991c5bc3a3fafb5c1f80ccb05f9219cf201f9ec547286940584c0a671dcfbfefa3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
9e4a0501d1804f3f892af4c23c4fec8b

SHA1
8f68b3132150559a1ea843dd527c0cd8b5a1cd4c

SHA256
873aba5e12dd5f2e312c58d308fb8fe69e818e62e58f4f011292f99264f08126

SHA512
e5b2696b22480be44905b7fffec66b03317a8312b84581add8d392dc66256b6dae4da5fe9636da72d0d6d70be662aa784eadaf6f670907be01b949c099074eed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
a3cc8d1e8e57979f8ad5290389025b29

SHA1
d9cb6dc27f081b03c0ea16f88314c3a9cc10ba46

SHA256
9d25830dc2daa059a621e11171032ef5269f4a75df6ecc68c8b7fa7bbb3f5820

SHA512
0b3301625c6464ac18702478b82b9474fc526a65305188aea7a3b49e9342f3f29fe7ab0507a60ff371d1c7651cda29752269188f6251c5a34aea98f434d1fbb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
35c6e1cc9bc296727be699918bd8c915

SHA1
d687e4c0e097631474ffa8b45d85b92e32c705cb

SHA256
7a3cd04610007b5d0b7537c48fc1dc8de0b5320fe7e74f8ad7fd0d33ab0f6d33

SHA512
685bcbc4a176b7e459f9080183b76b2afa55b99f5519e84c174186b2cbcac87777fb613bccb010fa4fe666f55456e1eb0f586c4946ce3a34add5d2faf463ba14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
01398c7422910b98072a301533bb31e6

SHA1
e6b0a040c2d2d426ffffb0c3c96c189a76719f3a

SHA256
84eb4c5b0c882884fe957d013e4a31aa0d78a39d4e31a3a1a76d9dda98156f1e

SHA512
9703d06a5f888905d3bf73e7f7a2f114b4f72fcba9a288c285bd756a9ea467c1ad356a3a3c1011e24b36b9765b13af1167bfafe628b775a0c6dd49a372c4a382

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
42555127270fc8c6dd8b73f3620d9098

SHA1
05242a500ba05f914a478c05ab45fb973236afb5

SHA256
e132c17e8d93f36bc3daa1544be8a3fc722b9cf915511bf1ab9cb2aaabf293c1

SHA512
8d99a930b02baf552cfb024aab0543d65e5fc67e9733148579f96f6a6e0e04ab2b83c21440f95dc693bc8bcccce1804ed20340ff8ade1214f7a3cfcc67f3c47d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e16121b10e639145cf4d93ae5e622975

SHA1
28363c1f63dc26e5537bacdce61ccb97639ea47e

SHA256
558fd4ae0152082d1e61c1f5ca7d1ebacf88c13d4f31ef7a0e5b23bfb650ac18

SHA512
40b3e507a10de4e1a2849459a7bb4622c5a4080904a4e98dce3982052ee5fdcef9a81022d984ba813e3a7af8270cbec8654c3b552d38df0c36137be672a6ab73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a620e8c089beb703b808f832873a666e

SHA1
9a81b08d2c187a015cb27a25ddb857b41474572d

SHA256
7267fb323c97e1e1547224bdc69e613a9330e0851221736b0c9bffaa7b595553

SHA512
a8ec78a2702a4fb11887dc0683afad2bfe1d7c643cd47ed12ee85b6be56d0d6e4137a5fdfbfe7c37b6bc1fb88def31ada36d87b35365f6aa2d0b388b3b416a37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ddfa506a4add59ca74253c19eb2115be

SHA1
6a070f8a16821c3d8fe452f401bd3ccdbf4c8ca1

SHA256
71c8aaf1414fdba60c77d41bb5b316dfa4fce60dabf497e1eb6d60ace144895a

SHA512
4fbd20243cc28ce22baa54cf1ebe258e5c1627984d637aec263222c6a8d556d3a6f8e16e7a69d97663cc99e6620085063b7b4f4283e87cd5760fb9b558a7b505

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2aa002dea2c05bc138f0be5bb727c824

SHA1
ccd3ad282975caf63fba26f24f9be46e5efc4ac9

SHA256
ff8ce41e0813545e921bf03375098caeb4315f6c660ba433a7b6cd6f829ffded

SHA512
c557170357c284599a51fa9a57a31e3524f2408ecba74de6a2be9a4f37006f05b619fa9b5eddadaa9dcdffa46bc0b1f644bfe8b92434a1e257b4ff24024bceaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9c2cc03a5a2b8c27ba10ccdb70f3222f

SHA1
38178c4e269e8901a7020a91472d47ffe43f09da

SHA256
b3a13dcb7c40d01178780b30c53b9b688437fb837debe9318e7b2b23056f4a5d

SHA512
c7c5b151939d662d74e8989fe35e9e3a2d7e1f4077726afdeb0833ec62fef6ac23987414c0577abf5f8618c238468f7baf4c57706ebe835117c6156ecef647ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cd9fc80e40dd14b572496bc224ff3331

SHA1
1c7fdd5eced35b2c5cba39387ff25e2822ce5672

SHA256
5be8eae03f25eca4576a3a9de8635a4d3ff1b53cb908d0bb23ca0d90a6cd0ea1

SHA512
8a07540ce7c48367a51dd36d0e2729ba29595602cdc60ec5bef4e8461bb0805ecc73214d269fbcfe7155fe4f09dc6cb60a5f6c9417b8feb3fdb2a4a8c83a9554

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
aac0a5929c3df2791cc19d0edd917977

SHA1
3783952316fd5648dd019333ecebd0aa2d4113f8

SHA256
a4e498b39ec54c53801b18310ddc6b7aedc005c2e62fe9d902c3b178a47824e0

SHA512
1fce5824af6d97149816ba443c913f773ccf2f3bcd783be2dedc3120017884207ded58e90a4281520086a164a7a1b671aeaa247aefea74d9ab2871c28f32a751

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6a3cd4d35f465672a87b01d6a0e9eb86

SHA1
07108b86354f03546912bd5e3260731940875a26

SHA256
025373e0db889c6e15e33158b4d8392592b4f1525887d541f5ec086a627d5fbf

SHA512
18b04164352f66aed68a18629b35f2dcd782bd676a5c9b1ba4d396e32c51cdceb19ec92ae6d8bf543c6760ac5510183f974eae90e15273d1b9b9dd406bd7d9cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
89cbfcade6ede1db473e4e9d5cf7823a

SHA1
cd3ff378d6035dbf920434de62d735207c4918a1

SHA256
0885d777ee266e060f247a2d5fb90afeb6a8caf364f21159b0a7040319aa5270

SHA512
c0723348f4f14d7ce34195afcc82a3945fd1d255602fb4dffff8d82388b4d8f616a315d6d7e4210f293c5041fb7768ccf118285572f85b566720a1dcbb9afae7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
b5eda95b25dcad12111b4208f3b592af

SHA1
8eb3521a5c484051c789b238da2048942b22899b

SHA256
fc49b39ab3a53e6b34c3a2930ba50225c448a144db518f854ab7af7f3fbe02e1

SHA512
3bbe9c30fd7dd487ba813af1dbd11a5fb056067cdcaeb85880d274dd3d2a5a38a4dc5e86e9d4fe963835c4f783c1137216f94182f02d2297fbf8c06700c802f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
600010aaa17ebaca36e091b65d2ef3f8

SHA1
78f7238698d6eee60271b6857de0deecdc1222f3

SHA256
d731a6f1e05b9923a3c9f158815b5ae97709197f3e23e43b2055e935f9f55c32

SHA512
922ff1afe6fbf621472228ecb74bad6684896f511bba43990059dcdcb07cc2ea2e787de9b138073c0c818ad96f35f5dd1b6607b3635d41eeeffd5bd86e2053ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
8f6bab14f3859ee8321073ad69cc0144

SHA1
081b134fa85e06dc8f80c6495a41ad496984e3cb

SHA256
e41198be48f0186532499f79186d68b0eb0a8592fc1aa3e3b60e606a2fddd05b

SHA512
7db1545d6696a6c17c1595b9f411ae2dfcbc811b984c65ae5efd5150bf90d15ccd6825ee5d9ea97d4c058747e6d99c0da592e5d0ef61e135e060c85401d973b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
8a5faf0d1789f64ce2f05dcc3eb9b574

SHA1
5980c56b166aed449f44046ecaacc7fa4c538132

SHA256
c4f9c5f9104627944f0ba9368ae672384fc6abd5ccaca58965b46262e6ff7c76

SHA512
75ab5ea3ec28e1939ffb5f00532d8c04c2b8d2055b3b048cc58a2a652acb4b8bdbf99c0f2a17ebac9170c79d9c5b782619f9ecd3180afdc4658b0fd24e9016f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
cde3e9a646a98aed55f4804107dd7a23

SHA1
a8365584ea093b218ffe8b0cb2157b282f081df1

SHA256
1d650d1587f2cf13fe5c94d4c08dbeda6162075c05d0f8b1151063780300faca

SHA512
69794385896f85a6ee5071e1fc7279732678687005ddab903e9c686dd1f1abcc89b872ed8289305686df7a0b922308c0fe36e8a213f4c2cbad87b816da25e6d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\REX.exe

Filesize
95KB

MD5
9c01c96346de435b1b47e960609e24a8

SHA1
783e2f8a524522f561ff2315bcc4f2186edc4577

SHA256
4519a12f7d2b275a87f9b1a18b391a7254e6d80253822005596baf9195d80b80

SHA512
c4b5a1b14a4fe29ceec7d3d3fbbf4708fdcc861965e4b8fc5aaf91f4397719556f83feb7a98ab0fe3b558a127cd7d471c99fc8d04b74d5fb6d486c403b59f1db

Download Submit
C:\Users\Admin\AppData\Local\Temp\Veax EXT NEWW.exe

Filesize
2.8MB

MD5
aea5fe2ebdd720f367e832a055ce9bf9

SHA1
6982809bd1bb8cce4342e3465a425c3700a7e02c

SHA256
51583e3e2028db3b7f8d094a1f6ef65e2afb8e30ca6d943e6a8b3e591ec9cb55

SHA512
1ad2f05dc9743e6deb024d3d8e0373ba3c10006465e7ea2fca04c8c3a5be1fec6edd7cefb3d8b67efe668943675d168d8746990014111b8fd7ed8ca20dc99109

Download Submit
C:\Users\Admin\AppData\Local\Temp\mem_dll-injector-1.1.exe

Filesize
63KB

MD5
9b116659a607c6c6a565d64694157a2b

SHA1
c6359e456149a9befdae805da1a54c566bc696d2

SHA256
b3b23423a172558e6314b9bcdaf4e4e1397c92617709b1bfa9d56875ea09d2de

SHA512
b9384f41dd77504bfec8edd5b1042a204e6e9020b8098bd011ce2bf2a9ace4f20f7880405c74a30868a60cd8da996717a3793045eb74f45d98ddaab5bb3b9e3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2948_1861504527\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2948_1861504527\f37c359e-14cd-4a05-8f5f-2eb53e4cdcfe.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\Downloads\d3dcompiler_43.zip.crdownload

Filesize
906KB

MD5
4c4dec239fb04a238a2a3903fa17cf69

SHA1
4b1eac63557a0613c1558c5c6e1b7f2bbefdb31d

SHA256
67c5138302545c196461fe36506c8ef0de3ee89a771faf00fb52a416c2396e9e

SHA512
2b1e51faf0caa106c45548e0168f85297be23f058e10b2037d2a0858a10e4450e4360a9ab828abf9c29cacda3359d4486de95efdc87ee47e0f505f966dba28d3

Download Submit
memory/952-0-0x00007FF865413000-0x00007FF865415000-memory.dmp

Filesize
8KB

Download
memory/952-1-0x0000000000060000-0x0000000000386000-memory.dmp

Filesize
3.1MB

Download
memory/3232-41-0x00007FF865410000-0x00007FF865ED1000-memory.dmp

Filesize
10.8MB

Download
memory/3232-29-0x00007FF865410000-0x00007FF865ED1000-memory.dmp

Filesize
10.8MB

Download
memory/3232-21-0x0000000000D20000-0x0000000000D36000-memory.dmp

Filesize
88KB

Download
memory/5064-35-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/5064-36-0x0000000005820000-0x0000000005E38000-memory.dmp

Filesize
6.1MB

Download
memory/5064-37-0x0000000005160000-0x0000000005172000-memory.dmp

Filesize
72KB

Download
memory/5064-38-0x0000000005200000-0x000000000523C000-memory.dmp

Filesize
240KB

Download
memory/5064-39-0x0000000005180000-0x00000000051CC000-memory.dmp

Filesize
304KB

Download
memory/5064-40-0x0000000005470000-0x000000000557A000-memory.dmp

Filesize
1.0MB

Download