metasploit | hxxp://89[.]197[.]154[.]116/?C=M;O=D

Analysis

max time kernel
300s
max time network
300s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250128-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250128-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
28-01-2025 23:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://89.197.154.116/?C=M;O=D

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

89.197.154.116:7810

Extracted

Family

metasploit

Version

windows/reverse_http

http://89.197.154.116:7810/nBToDGkEDccfmB6ZeN43LQts7hqNmqK_VX6-BS_IVcYCHoHiRq6AeDd6kmpK5K0ObUA4rfqWhqBnvB2uqyvfpzC8kCkjBTik2XoX-VuJYRtjnHqR

Extracted

Family

metasploit

Version

windows/download_exec

http://192.168.180.12:7810/eTKX

Attributes

headers User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET4.0C; .NET4.0E)

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit
Metasploit family
metasploit

Downloads MZ/PE file 5 IoCs

flow	pid	Process
17	984	chrome.exe
17	984	chrome.exe
17	984	chrome.exe
17	984	chrome.exe
16	984	chrome.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-849517464-2021344836-54366720-1000\Control Panel\International\Geo\Nation	mshta.exe

Executes dropped EXE 8 IoCs

pid	Process
4688	CISCO.exe
1272	CISNSATEST.exe
1700	solandra.exe
4436	Session.exe
3960	Session-https.exe
5104	Beefy.exe
5024	solandra.exe
4852	CISNSATEST.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CISCO.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CISNSATEST.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mshta.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Session.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Beefy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CISNSATEST.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-849517464-2021344836-54366720-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2340	chrome.exe
2340	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2340 wrote to memory of 4684	2340	chrome.exe	82
PID 2340 wrote to memory of 4684	2340	chrome.exe	82
PID 2340 wrote to memory of 3232	2340	chrome.exe	83
PID 2340 wrote to memory of 3232	2340	chrome.exe	83
PID 2340 wrote to memory of 3232	2340	chrome.exe	83
PID 2340 wrote to memory of 3232	2340	chrome.exe	83
PID 2340 wrote to memory of 3232	2340	chrome.exe	83
PID 2340 wrote to memory of 3232	2340	chrome.exe	83
PID 2340 wrote to memory of 3232	2340	chrome.exe	83
PID 2340 wrote to memory of 3232	2340	chrome.exe	83
PID 2340 wrote to memory of 3232	2340	chrome.exe	83
PID 2340 wrote to memory of 3232	2340	chrome.exe	83
PID 2340 wrote to memory of 3232	2340	chrome.exe	83
PID 2340 wrote to memory of 3232	2340	chrome.exe	83
PID 2340 wrote to memory of 3232	2340	chrome.exe	83
PID 2340 wrote to memory of 3232	2340	chrome.exe	83
PID 2340 wrote to memory of 3232	2340	chrome.exe	83
PID 2340 wrote to memory of 3232	2340	chrome.exe	83
PID 2340 wrote to memory of 3232	2340	chrome.exe	83
PID 2340 wrote to memory of 3232	2340	chrome.exe	83
PID 2340 wrote to memory of 3232	2340	chrome.exe	83
PID 2340 wrote to memory of 3232	2340	chrome.exe	83
PID 2340 wrote to memory of 3232	2340	chrome.exe	83
PID 2340 wrote to memory of 3232	2340	chrome.exe	83
PID 2340 wrote to memory of 3232	2340	chrome.exe	83
PID 2340 wrote to memory of 3232	2340	chrome.exe	83
PID 2340 wrote to memory of 3232	2340	chrome.exe	83
PID 2340 wrote to memory of 3232	2340	chrome.exe	83
PID 2340 wrote to memory of 3232	2340	chrome.exe	83
PID 2340 wrote to memory of 3232	2340	chrome.exe	83
PID 2340 wrote to memory of 3232	2340	chrome.exe	83
PID 2340 wrote to memory of 3232	2340	chrome.exe	83
PID 2340 wrote to memory of 984	2340	chrome.exe	84
PID 2340 wrote to memory of 984	2340	chrome.exe	84
PID 2340 wrote to memory of 1632	2340	chrome.exe	85
PID 2340 wrote to memory of 1632	2340	chrome.exe	85
PID 2340 wrote to memory of 1632	2340	chrome.exe	85
PID 2340 wrote to memory of 1632	2340	chrome.exe	85
PID 2340 wrote to memory of 1632	2340	chrome.exe	85
PID 2340 wrote to memory of 1632	2340	chrome.exe	85
PID 2340 wrote to memory of 1632	2340	chrome.exe	85
PID 2340 wrote to memory of 1632	2340	chrome.exe	85
PID 2340 wrote to memory of 1632	2340	chrome.exe	85
PID 2340 wrote to memory of 1632	2340	chrome.exe	85
PID 2340 wrote to memory of 1632	2340	chrome.exe	85
PID 2340 wrote to memory of 1632	2340	chrome.exe	85
PID 2340 wrote to memory of 1632	2340	chrome.exe	85
PID 2340 wrote to memory of 1632	2340	chrome.exe	85
PID 2340 wrote to memory of 1632	2340	chrome.exe	85
PID 2340 wrote to memory of 1632	2340	chrome.exe	85
PID 2340 wrote to memory of 1632	2340	chrome.exe	85
PID 2340 wrote to memory of 1632	2340	chrome.exe	85
PID 2340 wrote to memory of 1632	2340	chrome.exe	85
PID 2340 wrote to memory of 1632	2340	chrome.exe	85
PID 2340 wrote to memory of 1632	2340	chrome.exe	85
PID 2340 wrote to memory of 1632	2340	chrome.exe	85
PID 2340 wrote to memory of 1632	2340	chrome.exe	85
PID 2340 wrote to memory of 1632	2340	chrome.exe	85
PID 2340 wrote to memory of 1632	2340	chrome.exe	85
PID 2340 wrote to memory of 1632	2340	chrome.exe	85
PID 2340 wrote to memory of 1632	2340	chrome.exe	85
PID 2340 wrote to memory of 1632	2340	chrome.exe	85
PID 2340 wrote to memory of 1632	2340	chrome.exe	85
PID 2340 wrote to memory of 1632	2340	chrome.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://89.197.154.116/?C=M;O=D
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff903eecc40,0x7ff903eecc4c,0x7ff903eecc58
  2⤵
  PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1996,i,917884672788288644,7743612036095799008,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=2000 /prefetch:2
  2⤵
  PID:3232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1856,i,917884672788288644,7743612036095799008,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=2024 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  PID:984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2268,i,917884672788288644,7743612036095799008,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=2292 /prefetch:8
  2⤵
  PID:1632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3068,i,917884672788288644,7743612036095799008,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=3088 /prefetch:1
  2⤵
  PID:3512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3080,i,917884672788288644,7743612036095799008,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=3116 /prefetch:1
  2⤵
  PID:392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4628,i,917884672788288644,7743612036095799008,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=4640 /prefetch:8
  2⤵
  PID:4068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4772,i,917884672788288644,7743612036095799008,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5304,i,917884672788288644,7743612036095799008,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=5312 /prefetch:8
  2⤵
  PID:1864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5152,i,917884672788288644,7743612036095799008,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=5364 /prefetch:8
  2⤵
  PID:3152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4800,i,917884672788288644,7743612036095799008,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=5628 /prefetch:8
  2⤵
  PID:3388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5320,i,917884672788288644,7743612036095799008,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=5752 /prefetch:8
  2⤵
  PID:1168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5348,i,917884672788288644,7743612036095799008,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=5788 /prefetch:8
  2⤵
  PID:1408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5332,i,917884672788288644,7743612036095799008,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=3192 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3168,i,917884672788288644,7743612036095799008,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=5048 /prefetch:8
  2⤵
  PID:3728
- C:\Users\Admin\Downloads\CISCO.exe
  "C:\Users\Admin\Downloads\CISCO.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4756,i,917884672788288644,7743612036095799008,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:3400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5296,i,917884672788288644,7743612036095799008,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=4616 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3112,i,917884672788288644,7743612036095799008,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=3136 /prefetch:8
  2⤵
  PID:1916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3108,i,917884672788288644,7743612036095799008,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=5524 /prefetch:8
  2⤵
  PID:972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5564,i,917884672788288644,7743612036095799008,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=5948 /prefetch:8
  2⤵
  PID:3852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5440,i,917884672788288644,7743612036095799008,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=5752 /prefetch:8
  2⤵
  PID:3468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5748,i,917884672788288644,7743612036095799008,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=5464 /prefetch:8
  2⤵
  PID:1604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5344,i,917884672788288644,7743612036095799008,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=5912 /prefetch:8
  2⤵
  PID:2664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5472,i,917884672788288644,7743612036095799008,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:3840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5528,i,917884672788288644,7743612036095799008,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=6020 /prefetch:1
  2⤵
  PID:3484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5624,i,917884672788288644,7743612036095799008,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=6036 /prefetch:1
  2⤵
  PID:2812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=5008,i,917884672788288644,7743612036095799008,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:4172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=5028,i,917884672788288644,7743612036095799008,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=6244 /prefetch:1
  2⤵
  PID:2436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=5364,i,917884672788288644,7743612036095799008,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=6256 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=5032,i,917884672788288644,7743612036095799008,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:2628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=5736,i,917884672788288644,7743612036095799008,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5428,i,917884672788288644,7743612036095799008,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=5848 /prefetch:8
  2⤵
  PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4948,i,917884672788288644,7743612036095799008,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=5060 /prefetch:8
  2⤵
  PID:1760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=5044,i,917884672788288644,7743612036095799008,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=2964 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6196,i,917884672788288644,7743612036095799008,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=6396 /prefetch:8
  2⤵
  PID:1644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5876,i,917884672788288644,7743612036095799008,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=3204 /prefetch:8
  2⤵
  PID:2084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5524,i,917884672788288644,7743612036095799008,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=6396 /prefetch:8
  2⤵
  PID:3724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4024,i,917884672788288644,7743612036095799008,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=6044 /prefetch:8
  2⤵
  PID:820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5300,i,917884672788288644,7743612036095799008,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=4968 /prefetch:8
  2⤵
  PID:4528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5864,i,917884672788288644,7743612036095799008,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=5468 /prefetch:8
  2⤵
  PID:3112
- C:\Users\Admin\Downloads\CISNSATEST.exe
  "C:\Users\Admin\Downloads\CISNSATEST.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1272
- C:\Users\Admin\Downloads\solandra.exe
  "C:\Users\Admin\Downloads\solandra.exe"
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3204,i,917884672788288644,7743612036095799008,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=4900 /prefetch:8
  2⤵
  PID:2500
- C:\Windows\SysWOW64\mshta.exe
  "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Downloads\Session-http2.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  PID:756
- - C:\Users\Admin\AppData\Local\Temp\rad09901.tmp\Session.exe
    "C:\Users\Admin\AppData\Local\Temp\rad09901.tmp\Session.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:4436
- C:\Users\Admin\Downloads\Session-https.exe
  "C:\Users\Admin\Downloads\Session-https.exe"
  2⤵
  - Executes dropped EXE
  PID:3960
- C:\Users\Admin\Downloads\Beefy.exe
  "C:\Users\Admin\Downloads\Beefy.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5104
- C:\Users\Admin\Downloads\solandra.exe
  "C:\Users\Admin\Downloads\solandra.exe"
  2⤵
  - Executes dropped EXE
  PID:5024
- C:\Users\Admin\Downloads\CISNSATEST.exe
  "C:\Users\Admin\Downloads\CISNSATEST.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4852

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1068

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2308

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\44035db3-0201-44ee-91f0-ea3ae168ad54.tmp

Filesize
8KB

MD5
97f290f347daba16000bca63ee1c399a

SHA1
351f46070a8f153afc860ad45e084e3abf283fa5

SHA256
f28c2dc67e355796862c66b24f34671078d6ef7a64c33b2681130ed0ab41e970

SHA512
83c90974d08135237513b479dcbf52bc17238b178bfe499d55b8f936abfd37addd006f56eb3e9142b30a488d9302ae66ce67a9123468a0dbba803f7f8a99c72b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
d581682f37493264c5c603087752c141

SHA1
474ca7a1eddff51b1d29b11f71be3a00e1db5c2c

SHA256
35bbc7f89abfd0e06fccaca4673f41dace1979064434d8c5beffb7e19b75c434

SHA512
77fd80e50107bd895fe4052b2185bdac327b6114b4e773a264d073a459e9d7ab5ba3765548fbc6cd4f808821a7a6ddd0b8fa63cdce07e433640461a5e87bf0f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
cd110d2c3f8c6ed65f9af51c7dea48c3

SHA1
60243f3575961af81db6929a8e1bfc1573208608

SHA256
b969e5ad7ae74329cb58c54e75a4d0b45fb06ce410e91de3fc48b91ce8f81781

SHA512
0d20f26a3d6bea46fb6a21d7c2685706cb126633d629eae31e5f72e74b111e281b381aaa70ce5608ae5209ddefd54de24f557bc7416eb10a0991113a437eb3d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
e1ae29e0dd980c0d33498f5828805a57

SHA1
2b49b51214796b53e95facc63e37e75f1ef0e1f4

SHA256
51af75cf7f86264b37c580e17d3cf9c4f80a2157cf87a534d8eb453660eb3e6d

SHA512
c184bdcf0f355a665bcb441b2b15514cc2c5e30525ba62e13010134940b117212501f5608f81772820b9e4cccd6cfcfde379746a8df42db821cc526b700397ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
ae72df295c58e2d9896f4c61bb81ab7d

SHA1
2d0cc45c17d9506f66a957b00f6c637127dd59a1

SHA256
0453d0bc43633a97a94d23d2b10f568ac11e25f22676ed883fc31bc981c65dea

SHA512
20bef17d5fbeeb9fbde776f70d713ac17ab3409fbd48b91c6d0d7d066c538241bf36c569671b27ba854cc2b39870045e5c111cb64350ecaa4a29973a87718a8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
f5bb6fff1fc21076b8265a985ee25ca7

SHA1
bca58a7d122f7647339a13518763290e48622386

SHA256
4ede10ec6af2cbed15fcdc35d55cab9acfbef53603e18ba7ac8558ca93586ddd

SHA512
ecb1057cbfbfa6d20dbf640dc309d4ea67a3bc408d7441a2dcf67b09a12d6e4e00803b4e90e84d8213188ca0657189a47d6ae0a06fe846deaa11ffde8bacbd0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
acd070fb2d797776e2b0e50112c96131

SHA1
1b188239b26eb65cd930f5ee6abd8d60ec480a82

SHA256
0ac46e80736bf92bce5385d5ec3e2a91c7bf43b848716af6ca15c9ace43da246

SHA512
e45e111be463d71ed8c97a51c0b010359f565e52733aeea753d314a558e7d7ac498e5fc82f2ff46472c501f66c4efae9abddc995bdfc3517745565620f2949f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
8ed1a9a43fe3637187054252650cbabb

SHA1
fe7e4559cda53f0a52532ca48ec7b8f7a92ae740

SHA256
01d88ff1bfa03253ad2acfbe1651a7797c7a57432a44cf6a04f0e375afb49139

SHA512
0f220d166d0dd4f3b1ceb0b2590c7736c5b154487d1ab63d1a1366bb66d6023bbde32e371f90ba4223361e4f952ea87bc265313f408ca5b1dcb2cef68511ffaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
f614562896131576de3784ec8255bb65

SHA1
8d56030be55ec80242f5072ec2bda7afcc3cb27a

SHA256
a4a887780c524a653fc7fb19d68269df673f7646a93bcb18c54ecb11688e7c14

SHA512
fea269f88fc840fb31f15aedef9de633afe742052f48b3fbcf32529e674b5d8d8cf6dc48e1472f18b8911754589905650fa9d9983decbed885ba52b0160e8103

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
c0db2ffcdd00b676967bc7a9451a8f99

SHA1
3b9e94daba52506d4c65dbdba3f26b950bd9682a

SHA256
109841055f5ca54e409c06079b466cf62d87da3ced42783a423c20a790129a69

SHA512
b60333df0c7d7cdde478332983d488bad746b2a94a3bda18abe12bb6d951ffd37b9f6d7b6f51644d5dc75e381ce5f56cc4b144122806df0300be4c3b6da1d998

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a923b9c6126ae8db4b320704316a8dc2

SHA1
29aa497830d688cdbafe45384004217a6c99449a

SHA256
bd5a91ebb857dcd82925a1615f4868dc2d165887102dce4fee27bc8fb136f4d5

SHA512
a6568d102287eb204e84686b15eb55976956ca1a85ffbea3ead6303e66b79ad8f60675074b2ffcfbb42693d668de1ac50c02103f424c9a3478ea676ec5630f91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
b63bf054dc75a1fdac25c9d9e0943576

SHA1
ac87eefdd60bd4261fdf1a52c9edb53aa2dc28b3

SHA256
2afbe3cd69109b5feab932b7b0ed69f4b06dc2fb8e660ba0e0fc231e77abfbb2

SHA512
fd28c2d482caa6c732a1d4611e52fd767b0f90917b1b0e1dbdc9d39f4a0453c72d2acf87ea7ed0461c8ea3e294cb4dbfac8563df016e90b84d7119d93e571e24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
1a525fdd261fd2b4f112f05ecf233f58

SHA1
7a76f8b72ce2e2d58a4fbc9d3bfa66b6f7b37257

SHA256
9e51e75f9564ed45b470329de672bf06f2e73cf6a3eb3b735533dc49716381e8

SHA512
707ed7c5b8394dcdd49e53fcb9da57fdfaef3055338cc7a5fe4b6cc32099d069f0eb1958b0c1b31fd0483ee422014c3648330edf43a86502eff0d96961a43dde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
41782de54f3ffb05bb8ecb7ab3e3d604

SHA1
7353fae6a8197804757efb400656186da357e4e3

SHA256
a0f9677aee463b5fcee350596ee5a6b37f7bcdf92c8f36cc1e9d3a7b2865ebad

SHA512
0d5a27b0984a42636a54761589a6bc97214728d14410d87a527ecabc51e29dfa31944ab689ea9e4a92e5dfd0cf8173393bc9b2ba412dc1f1b08ccfd41b2f3d0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
8def39f92505081eac41dc3acbfe6dd6

SHA1
128d14202823db33add6a8bde5324aa62d2d3e5e

SHA256
abedff25d7e8df9da6bd4860eba77bec7c00a4b31e455f3bbda79fa4837d2ea3

SHA512
4ddbe7f0624c8df66bb4e831849de714c1ffe0c4170868ed381131ba78d660fcb02f2f6de693cadf2794dd7a5a1f9e0d1c8f76c8f97827a5e26e783c3b14f4d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
121KB

MD5
19ab5be58a07bdb1ba17f36c08302108

SHA1
607f4a8aba89c1d8086bc7cea9c60a0f65793657

SHA256
a2ba7424d3552cc4374858946ba793d1e3121cdcb1de257aa01e59b7761959d7

SHA512
457f1c825986ce13c16f65d4858d640391d70a8624af98af248a920641e6f1b86aa95fb9e8ad825b4bb7cdf303a7ffe6b7a32cc81c47981742296461da06b8ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
121KB

MD5
7847bbaf484d471cb6aa7f2319d8cad0

SHA1
ddc095d1535e591ca15b7ef42db0951ca00584dd

SHA256
2706c4e27230ea48f084f60d0feedd10782432d07881304639c98f41b6af189b

SHA512
7bb15309a11a86d67e6be9b7c1c0b902b42a67db48e4c059bad0cc433d2ccb75d4af88a2ba9ec7006968689b9ddb3848ff4293c3017fca91641c577449783d48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
121KB

MD5
89071d99f53b0f42c1d59fcc620607de

SHA1
af7339a2202468d874aeb5d860b09be3ba6deac3

SHA256
bb8c4337e651fce8a8980db548ab2675d64739ee30bd2a3aa3d6468cf6f0e2fe

SHA512
ba9408b19c7f9031260409dd54f2b53cf98258e4bb5164629baa23d05adb57331946cc8f5cd9a821797790c840186b078459f12f4d4b5021aa9bd3bee636d858

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
121KB

MD5
1ee3ae21a5f36b6457dc257b9cc76fe7

SHA1
730d8cf423bb20fd773df985e0c67ac15e3bc74c

SHA256
674b27ac2c6f8eeb5af2d886924dcfeda627c52aee690a0c8c27e5901180d5de

SHA512
f0b24a260a1bcc7e95358eaa811c1e0e1ce3fff00242f00b7c46e7ff3733241ce2deca7b5c5e6fed920522f139cf3df9d21cad3c1f8f889efc8f6d50ee1663eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
121KB

MD5
edbe70a320d3881ca1346d9443e88091

SHA1
aec1cb6161c10733ef938291830f924b486cbfbb

SHA256
4b4e2be648f7729542bbdec3ee5ea85cfbf529d1575daefe59ea10f4c96dd055

SHA512
167ddd150941fa4211ec5ac3a59b753ccc86ac8a984d6c3b1bf67c5a4c8e0f342010025ab9b2d83c0bff47070d58f2de4c7150ec540839ce11d76f5331c69dcc

Download Submit
C:\Users\Admin\AppData\Local\Temp\rad09901.tmp\Session.exe

Filesize
14KB

MD5
6b124ab01cd884698d4282f7a7dcc3b4

SHA1
e4cbf2e941a1992a316db42dcb6321682d71f28e

SHA256
b8798ff8f175dda6547229249616f498b71342ca97915f157f6641f38075625d

SHA512
a6fb2a00d1a7b704714e584288c5ef6aed73c50a333720a53dc810728bffa8154ba4f06fdb03651e14ea5be26d1a7ce1008f8a562dd682ad87d4e8996776dff3

Download Submit
C:\Users\Admin\Downloads\Beefy.exe

Filesize
72KB

MD5
8d644c8cb9c08d33b5efc8e05a8f11dd

SHA1
a49b9fd9d7f04bdac19a86b622e4e569bb1650e1

SHA256
af345887a4ce62f171ce80e9b33e15162084005c0822043cfb98d184f59564c2

SHA512
6a76a8a0d51d39d4a9d0c3fc8d3e4d9fc02447d581aa4e3764d1954aa24af2cbf1aa226501a2ceb77fb2bf17f7e782a71762bf80f4fda706e58b8eb5a928da61

Download Submit
C:\Users\Admin\Downloads\Session-http2.hta

Filesize
29KB

MD5
33425007f0016d3a818d27539ba17a90

SHA1
2e864bd0246e10b0a99681303439a988999b2015

SHA256
f4a208b490ce6094b8fa61c226db5f8f1eb01e95dc478b175a57a121a5f812e6

SHA512
54af40fe899d0a69caf9be890047294745a0f14fab55cfac44f79d1e17e1b06e5d894211ca03391a12540deac42dda711198853964fd59cc1c6e8c3cbfe0de02

Download Submit
C:\Users\Admin\Downloads\Transfer-https.zip

Filesize
3KB

MD5
db8b68a8bc6ce9148832ed16734973a4

SHA1
057cf165f26deb25031c723e378c04ab26a1eed7

SHA256
504d61c9447282fbaf2800bdea63874a94550774950f46090e4ef6b91389c6fd

SHA512
88d7a4a5557f3d325842b09aafeaf26b0ea8dae48e05740abf11157635d282b469f285ba4c5aa0adfa4a2692516b465e324d17976d4491a8690480676546981f

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 256633.crdownload

Filesize
321KB

MD5
9bc0a18c39ff04ff08e6dd69863a9acc

SHA1
a46754e525034a6edf4aec5ed51a39696ef27bfa

SHA256
4088eeb24af339ce1f244143886297968ffebfd431f5b3f9f9ae758f20a73142

SHA512
3ae9846cb1fe47885faaab0f0a6d471fe48bbb99ef13d5a496e96516c05999a1d05b6111230e2f9ebcb4f93c69aef29fb579ea7360d13eb9dffaffc611facda7

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 43268.crdownload

Filesize
72KB

MD5
ab95efbeb890f50d89b56a14f2c0bbd1

SHA1
a90b055e0cfafb31b75bb2be8cac9a07f1c06088

SHA256
e473233c71a8855f9d52fe131830b56d0b5ea9b6eeb0e2d5528cbef29360668f

SHA512
b553e90455a4ad9f3e64d9b08ac4a71d99eb2386cd1ec2e2937fe52317c5e6de3794c471a52d1bd400e01277583807563b630cfbcb4ad2792111847eaa81f919

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 46822.crdownload

Filesize
72KB

MD5
7cd7c0433770a4ad9c8cbece47681054

SHA1
e2e5af247b552d48ea3555a483880ed2bde0d588

SHA256
58f0fa93f2d1448d7b6fa937bbbccfa3cc3ebfcf6fd0da7bb610063b7196f315

SHA512
1c69398971a3b9f9b0bfb95288a5d114cb177ed0da09f0cb39f3d878ec0d33911874b2d59b1d82ae7e76da220e6e93ee877ccbc0afa552433f6ca795e70b3b42

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 595333.crdownload

Filesize
321KB

MD5
f05982b55c7a85b9e71a941fe2295848

SHA1
b0df24778218a422f7a88083c9fb591f0499c36f

SHA256
5462b422de6d759e45cc0269d564acbf0805c4441aba38bd28133c98d1187888

SHA512
e9679915128f46745b05e21964491ee16bb6309d74e18cf6d4cb1259b40aa440f6f1ba1fe87353da9a5fd10cc5ec94e43d7e14e07a5e3cadf9c4b8a12ad30388

Download Submit
memory/1272-259-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/1700-319-0x0000000000400000-0x0000000000457000-memory.dmp

Filesize
348KB

Download
memory/1700-320-0x0000000000700000-0x0000000000758000-memory.dmp

Filesize
352KB

Download
memory/1700-272-0x0000000000700000-0x0000000000758000-memory.dmp

Filesize
352KB

Download
memory/1700-271-0x0000000000660000-0x00000000006AB000-memory.dmp

Filesize
300KB

Download
memory/3960-345-0x0000000000400000-0x0000000000457000-memory.dmp

Filesize
348KB

Download
memory/3960-313-0x0000000000760000-0x00000000007AB000-memory.dmp

Filesize
300KB

Download
memory/4436-330-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4436-352-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4436-312-0x00000000000C0000-0x00000000000C1000-memory.dmp

Filesize
4KB

Download
memory/4688-129-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/5024-354-0x0000000000400000-0x0000000000457000-memory.dmp

Filesize
348KB

Download