sectoprat | hxxps://regular-update-your-software[.]org/beautiful/berry

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20250129-en
resource tags

arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
submitted
29-01-2025 16:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://regular-update-your-software.org/beautiful/berry

Score

10^/10

sectoprat discovery rat trojan

Malware Config

Signatures

SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
trojan rat sectoprat

SectopRAT payload 1 IoCs

resource	yara_rule
behavioral1/memory/1844-313-0x0000000000500000-0x00000000005C4000-memory.dmp	family_sectoprat

Sectoprat family
sectoprat

Executes dropped EXE 1 IoCs

pid	Process
6112	Compil32.exe

Loads dropped DLL 1 IoCs

pid	Process
6112	Compil32.exe

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 6112 set thread context of 5264	6112	Compil32.exe	122
PID 5264 set thread context of 1844	5264	cmd.exe	128

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Compil32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSBuild.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Compil32.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 24 IoCs

pid	Process
2988	msedge.exe
2988	msedge.exe
1652	msedge.exe
1652	msedge.exe
3612	identity_helper.exe
3612	identity_helper.exe
4656	chrome.exe
4656	chrome.exe
6136	Compil32.exe
6112	Compil32.exe
6112	Compil32.exe
6112	Compil32.exe
5264	cmd.exe
5264	cmd.exe
5264	cmd.exe
5264	cmd.exe
5444	msedge.exe
5444	msedge.exe
5444	msedge.exe
5444	msedge.exe
5692	chrome.exe
5692	chrome.exe
5692	chrome.exe
5692	chrome.exe

Suspicious behavior: MapViewOfSection 3 IoCs

pid	Process
6112	Compil32.exe
5264	cmd.exe
5264	cmd.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe

Suspicious use of FindShellTrayWindow 59 IoCs

pid	Process
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1652 wrote to memory of 1060	1652	msedge.exe	83
PID 1652 wrote to memory of 1060	1652	msedge.exe	83
PID 1652 wrote to memory of 1940	1652	msedge.exe	84
PID 1652 wrote to memory of 1940	1652	msedge.exe	84
PID 1652 wrote to memory of 1940	1652	msedge.exe	84
PID 1652 wrote to memory of 1940	1652	msedge.exe	84
PID 1652 wrote to memory of 1940	1652	msedge.exe	84
PID 1652 wrote to memory of 1940	1652	msedge.exe	84
PID 1652 wrote to memory of 1940	1652	msedge.exe	84
PID 1652 wrote to memory of 1940	1652	msedge.exe	84
PID 1652 wrote to memory of 1940	1652	msedge.exe	84
PID 1652 wrote to memory of 1940	1652	msedge.exe	84
PID 1652 wrote to memory of 1940	1652	msedge.exe	84
PID 1652 wrote to memory of 1940	1652	msedge.exe	84
PID 1652 wrote to memory of 1940	1652	msedge.exe	84
PID 1652 wrote to memory of 1940	1652	msedge.exe	84
PID 1652 wrote to memory of 1940	1652	msedge.exe	84
PID 1652 wrote to memory of 1940	1652	msedge.exe	84
PID 1652 wrote to memory of 1940	1652	msedge.exe	84
PID 1652 wrote to memory of 1940	1652	msedge.exe	84
PID 1652 wrote to memory of 1940	1652	msedge.exe	84
PID 1652 wrote to memory of 1940	1652	msedge.exe	84
PID 1652 wrote to memory of 1940	1652	msedge.exe	84
PID 1652 wrote to memory of 1940	1652	msedge.exe	84
PID 1652 wrote to memory of 1940	1652	msedge.exe	84
PID 1652 wrote to memory of 1940	1652	msedge.exe	84
PID 1652 wrote to memory of 1940	1652	msedge.exe	84
PID 1652 wrote to memory of 1940	1652	msedge.exe	84
PID 1652 wrote to memory of 1940	1652	msedge.exe	84
PID 1652 wrote to memory of 1940	1652	msedge.exe	84
PID 1652 wrote to memory of 1940	1652	msedge.exe	84
PID 1652 wrote to memory of 1940	1652	msedge.exe	84
PID 1652 wrote to memory of 1940	1652	msedge.exe	84
PID 1652 wrote to memory of 1940	1652	msedge.exe	84
PID 1652 wrote to memory of 1940	1652	msedge.exe	84
PID 1652 wrote to memory of 1940	1652	msedge.exe	84
PID 1652 wrote to memory of 1940	1652	msedge.exe	84
PID 1652 wrote to memory of 1940	1652	msedge.exe	84
PID 1652 wrote to memory of 1940	1652	msedge.exe	84
PID 1652 wrote to memory of 1940	1652	msedge.exe	84
PID 1652 wrote to memory of 1940	1652	msedge.exe	84
PID 1652 wrote to memory of 1940	1652	msedge.exe	84
PID 1652 wrote to memory of 2988	1652	msedge.exe	85
PID 1652 wrote to memory of 2988	1652	msedge.exe	85
PID 1652 wrote to memory of 2444	1652	msedge.exe	86
PID 1652 wrote to memory of 2444	1652	msedge.exe	86
PID 1652 wrote to memory of 2444	1652	msedge.exe	86
PID 1652 wrote to memory of 2444	1652	msedge.exe	86
PID 1652 wrote to memory of 2444	1652	msedge.exe	86
PID 1652 wrote to memory of 2444	1652	msedge.exe	86
PID 1652 wrote to memory of 2444	1652	msedge.exe	86
PID 1652 wrote to memory of 2444	1652	msedge.exe	86
PID 1652 wrote to memory of 2444	1652	msedge.exe	86
PID 1652 wrote to memory of 2444	1652	msedge.exe	86
PID 1652 wrote to memory of 2444	1652	msedge.exe	86
PID 1652 wrote to memory of 2444	1652	msedge.exe	86
PID 1652 wrote to memory of 2444	1652	msedge.exe	86
PID 1652 wrote to memory of 2444	1652	msedge.exe	86
PID 1652 wrote to memory of 2444	1652	msedge.exe	86
PID 1652 wrote to memory of 2444	1652	msedge.exe	86
PID 1652 wrote to memory of 2444	1652	msedge.exe	86
PID 1652 wrote to memory of 2444	1652	msedge.exe	86
PID 1652 wrote to memory of 2444	1652	msedge.exe	86
PID 1652 wrote to memory of 2444	1652	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://regular-update-your-software.org/beautiful/berry
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb568d46f8,0x7ffb568d4708,0x7ffb568d4718
  2⤵
  PID:1060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,14300450413046653697,7759956730375981492,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,14300450413046653697,7759956730375981492,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,14300450413046653697,7759956730375981492,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:8
  2⤵
  PID:2444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14300450413046653697,7759956730375981492,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14300450413046653697,7759956730375981492,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,14300450413046653697,7759956730375981492,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:8
  2⤵
  PID:2332
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,14300450413046653697,7759956730375981492,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14300450413046653697,7759956730375981492,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
  2⤵
  PID:776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14300450413046653697,7759956730375981492,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14300450413046653697,7759956730375981492,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14300450413046653697,7759956730375981492,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2124,14300450413046653697,7759956730375981492,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4672 /prefetch:8
  2⤵
  PID:5700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,14300450413046653697,7759956730375981492,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4864 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5444

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3992

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3120

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb538ccc40,0x7ffb538ccc4c,0x7ffb538ccc58
  2⤵
  PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1900,i,4442376804181825075,17390788165197899197,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  PID:2192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2140,i,4442376804181825075,17390788165197899197,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  PID:3124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2276,i,4442376804181825075,17390788165197899197,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=2592 /prefetch:8
  2⤵
  PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3172,i,4442376804181825075,17390788165197899197,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:1764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3344,i,4442376804181825075,17390788165197899197,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3168,i,4442376804181825075,17390788165197899197,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=3732 /prefetch:1
  2⤵
  PID:5216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4856,i,4442376804181825075,17390788165197899197,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=4872 /prefetch:8
  2⤵
  PID:5412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4860,i,4442376804181825075,17390788165197899197,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=4944 /prefetch:8
  2⤵
  PID:5496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4068,i,4442376804181825075,17390788165197899197,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:5828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5052,i,4442376804181825075,17390788165197899197,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=5196 /prefetch:8
  2⤵
  PID:5916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5084,i,4442376804181825075,17390788165197899197,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=1124 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5692

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5136

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5544

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5612

C:\Users\Admin\Downloads\hw_update\Package\Compil32.exe
"C:\Users\Admin\Downloads\hw_update\Package\Compil32.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:6136
- C:\Users\Admin\AppData\Roaming\XV_Hostv2\Compil32.exe
  C:\Users\Admin\AppData\Roaming\XV_Hostv2\Compil32.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: MapViewOfSection
  PID:6112
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\SysWOW64\cmd.exe
    3⤵
    - Suspicious use of SetThreadContext
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: MapViewOfSection
    PID:5264
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
032275354545d5a3680d1f2f16c35937

SHA1
1439c280ffb0bc9a779c1b96cc580fab77daa416

SHA256
bd608d266df3fa1217fc29336f6f905e03f5304f8c88defec0a9510f9c03c3c1

SHA512
6d6beb0104cdc39c3e67d686ad5c0aad57253bb2c49a774ba9d5c63445c11d898fec34d386d6cddc179cd87ede295c7682f47464cf9de4c87ab47e1072c1216e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
519B

MD5
6a81466d3fabc77b6bb0179d95237402

SHA1
2664d4c6b5a1e0cbbb3c14aba56d118edab0cb48

SHA256
2f938c1eeefdd7a31a00be43797e8bb5069677bc9270f638cae52a8c7d6c330b

SHA512
345b6d5023d7a122796f2cfa8d3ad75db12789ec408911f9ace380e603e5f607e8c44ba304177b4d922485de6bce39e5b72119ac2b2f71544565ff9de2cc36cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
0e2fa8eb1e7f1ad8ff731480afbc65fb

SHA1
bafd8a4723a801519ed35cee1123fc33d5939fbf

SHA256
170e9ce1d0831b31e273f165507387b54a003eed6bdcc4cfb2de4a09d640a8c6

SHA512
14fa72a56c157c2ceb85fbecc90db181f59b925d779eb46b75eaa4ffe1dae1171aad474faa31933f31a810f411fdfa6e20888d2fbf557e4d6a62ff0fd769fca7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
f61c965b26e8e80c1b6b5651e85dd64a

SHA1
27825eee3c915664ce5195a27db75d787738aada

SHA256
40d63beda70b960b452337f953bf7fa9ce03b91681efc76a931704b2cb53d069

SHA512
4a926a0d6bb682995599b376188ce1bcede015b486df3cc7ce4a112f0517eb6400796b7a6362954a0c4b6dd4b664c9bf5097a819e0ce65c2af119d3cfd79f103

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
766a95474fec4a08169bc4547abd76e0

SHA1
fa6d585c5f2b0aa6d019644b6951b6f0b4a49a84

SHA256
7a1b8e99af73875adfd9da7c23c052cd8f6695840231f426404eb50dcfd706f7

SHA512
73018e961c40a890cb953c3e76c44d2b011bb65eddd67c4dd1ffc4bb4a005672c08d0d3268b89e7103fcbc8a175a61fac2fe0cccaf83210fe1bc8392e5fdc05f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
14991237318b4cc1742eedfa98b365d4

SHA1
776bfc3d7fb301d330cbad5df82a5c71e66cc276

SHA256
562c7ab50512c72afc7e93afb9e9c8dc9da29d22cb24ed8bd8b8148298d84b4b

SHA512
274dfd20f186f2afee7b6a39b9ff14430b0c65b431f79fd4005cbe082a70e6c0b6f907fbefb8f4c6adb8b797064b8d90a5ea138ea38c3cb98ea0f92e807888e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
5afbaa086d6f62bf2359280d44d66cfc

SHA1
d34280ed19bfcb11a9b64c25ba683d6ea22f07b1

SHA256
8e718ec9cf2182fd2a23d976c99e8c060d133e10e3e9f9add638cced952a7dc1

SHA512
35a3b1fb98b9163d49a6caeed9219b0bd71f8876d56f75ea5e13065cdf9a62b444ae1b6cb3cdc12a796d6c8f0954d9822e825889aec66e13001bfc65d12bfc02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
5f8375a3ec1fe9437bc0be89c8793d1f

SHA1
129761657c4a0999d702df1e0eb264178b1ab06d

SHA256
c6c7150c8f4b10e5be5b62d12ead1592740f232d48eefb6d7217ac0b31ae1593

SHA512
2c380f6da9c3aacf6492a851a957895b0aa4599f40423bc7a0deabd9efabbbaf14dcc4161c8c5fc674fe6f9c05ba98cb326c99ca62fd4fc4144205e2a464bfbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
98b2b9dabc282cd62fbae0ac015b87eb

SHA1
054595643fc7c29726f843f44de337c51cfe3358

SHA256
debe21e4f642c9897a6af89bdcca4059ff6398d1689a49a395b095f78c620800

SHA512
66cd5a859ab4f4897335d043d23f028b3d96c7fcbc932f9ab3e94234df7d9858fe6f2c0b1d5806103d68f5d2b9b4b66522dc55c26a4ee176c4560cdf9bfeed7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
2cadf7d0cfb43923f14c02866c76b8ea

SHA1
0da3d3f8e183eab9a217b18a5bfdf9169a7cd2db

SHA256
eb7644fa19a694d02cabeab44a9ba4fcee327796ba32014e0b9f56afc7ea821c

SHA512
ab765bdc40278f5f209ca5a719e6f09dcfe714e4786a18a0b8cdba435d45235ea7a44e249beb2a580b070bddb614272a3aa3dd07ad1b202d7bd10fe916b20fc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
5fc2c97b894fb57349964ff98a059ab3

SHA1
584d3e13086923af6c1756e0d55415309b31afdf

SHA256
a8f52f0bda20af4c1d10927d3a165c307a795530dfa69af0b15bbbd4584751da

SHA512
26d2d88522e1ca580a4c50dfa0d555efc14f9017e26f231fea0ce30a5faab428fbc1a570e2bb6f89bb9f505a4a5fd515edb62e08c947aab2ae252f032ef5a627

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
881aca8fcc378048f968e5622c4588ac

SHA1
575fa8ecc5fc8b6dbda5f7ee60df38855ad9acd1

SHA256
d1fc2cbb05451408ec3a5520b951852d6702f104a48cd560a858e08515837aa6

SHA512
78e3188b1fa8be1ad651f61e89c6d088c062f7446fbfb45eb6426b9b2a86833d9333d9fa9b2f54354b2b6753f598fae3f9351648a374f9b2d97e7602ec3f8b35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
241KB

MD5
bb27821dd80c1c6adcf53288f96baeae

SHA1
ba2bc1047d0d7793b845765f485113ec239ddb5a

SHA256
c1960b6fa2817e264d8a674206169c2b0605e59715bf56c0d4aba9b5b9e9d8ae

SHA512
5f880a381647096f2c1fbc5488cacf26b835a748bb9607057aa9d7a0b13fe1f7fd3f46994d70a8318889a27822109347823219059b25ffb9b40db68c9f7f6801

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\b1705cb2-a438-43c5-9fa4-f8d98e65fd4d.tmp

Filesize
241KB

MD5
119be9dda4e239eb1b03327d23eab305

SHA1
fe8e3101f572ff2dc33854bb3e68ce22ca88c477

SHA256
3606f68472bb54d3a7366f260eb5dc1071344ef0fd7c64e2f937482e0e3ef3a3

SHA512
6f8b83d30523272a72a55226b8e5f5baa7a82ac553d3b4717e7a205c4021fcb7e7b5acbb3a2a891becb59cd99e7682b390a76ec89e9eb329e78d87dab854c2e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9013b8bea41aa2c8fa7f4763168069e

SHA1
349be86bde65cc0c3a15b2b21b6eaf2db452e92d

SHA256
6245436fe808740cde15c227fcda465a37a52f17f3642a71f0abbc466ce5b466

SHA512
d23bc18adb6acf9eb36fea85becb7b1a004bed034ef443acc3d442d1364f2ffa17f57e8eb6eeb1702dc459c5c16763b4e72249e6a326c9c36800d3f395fdd326

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
908f9c2c703e0a6f81afb07a882b3e30

SHA1
53ed94a3145691e806e7dd8c160f5b459a2d16ef

SHA256
4436bec398522c5119d3a7b9c41356048c19d9c476246c76d7a4c1ee28160b52

SHA512
7af7116a91c8e3dfc23db8a78d7aff9a8df8e3b67df7f4ee66f9380dba4d1e66d980afaefc5dc2d9034ab5c0b7c6934400feb32645373f3ff4f8816414ae6ff4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
490B

MD5
a8dd987f2ed09ebd4d8bdc9f7a92f13a

SHA1
dab83197a08f6d05bdb0cac5cf7db4debd6ce5ea

SHA256
14cbc6645335ed2210c866c4c5a90205b9c4be0427c1f937d6a7f30958ebfbc4

SHA512
face692fc7c5477aa08ea96d4e6a9b431a152902b8673843b78606f801def819af5de524608801f44e1702c9131f37cb3bf9ecfa89bb8bbca4647c7afb7f4627

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d2957ecf9d18478cfd66fb7fb91b1baf

SHA1
90b9a23a2507656527e1d68aea8ea2881f2ca524

SHA256
156b2909f83f600ecdb5a58796e30fe9b5e97132c3712c23289aa893bee47904

SHA512
ba21847243e12bfa3e06c08d6c8049e20f0279e0cc22faa3e3321b7395ddaefe51644e268daa19c68494d911add65bb1f38e60f0992b80dc6364cd0e9429ef4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
97f139abc2c3486ed829828278a06cf0

SHA1
bceac3c09d3c3623b9e29207e3baa629f2575b2d

SHA256
bd6d535f4b12fceb0af9e6100a0c0d989d5a1cb563af515ec2968de41a84bc5d

SHA512
f147a41a6f56df336115dc7755a78474366bf8a6d36df7f0ee0d50b04688138a3bb2274a7e03c3874aa91739aff4b2ff7abbb115ad4673250fc62af5b3167e4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5b03917ea7c1c93d07208a097ce5434c

SHA1
869338c13099586c520d2291eaea7ababeacdc4f

SHA256
177d74db5b943aca429bbe729f5b143d4a52aecfcd777b9bf16e33c4fa6e4166

SHA512
9cd51482ab714e324103668ecec5c2dd72399f78a2dddc7d2acc337526fb33645a8deaf1c9d3f69592737dba68b4d5a18b6f48126d42ae2d6f028618b8016275

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7c8dd178a301d55875f4ec380008834c

SHA1
46507ee966bf2f4aaa9feb8398035ff1cee689b7

SHA256
c33c7a219d81af9a39f0396b2b1d67c38649df594e425cf913709cd970172c3a

SHA512
5c3a2eee6d8a270267afcfee8baadee4b1defaccbd4a6bb28a067a272d1d8cb2f547143a90d311e344c37c4ac0e302cfb8efd53049a152b280f421c5180e15dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bb2553fefb815df2340520a875b33514

SHA1
64980d388eabc513fb8b861432a03bccc644542a

SHA256
6596fbb799f606edfeb62be0717f3311900585ee7607302fa430520f4529d5b9

SHA512
d637d23fb0d22c965256e98d33033f1cc7f789f10fa211ab6d922120c7f884585edb9e447b2f0f1fd7001008b71f43d667ec5f388f092ecce755e9dcf0e73a6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bdd4180273c7431a6dd73e7c9a157646

SHA1
a19d6ef466e68479c7cc86e382ee059e84bbe676

SHA256
d2064ab3cc62590506720b95a58d297c21396b3e82208b8eb8402cbba0de302b

SHA512
da4daecf51ab970a69714077a9e3da34617e7055d1fc8a3562bb87194e65fd116f82952beb1314d37e315bbbb4b63f8c0691362a417e5bdbaf88b9065fbfef62

Download Submit
C:\Users\Admin\AppData\Local\Temp\8edfe957

Filesize
1.4MB

MD5
a2465745c5f764407c3b614290b8bac4

SHA1
25fc5768205a3a0540628adc4a277888d77a68b2

SHA256
9bf39ae204cb9d23af67f7d8f516f549b8a17e51ae627ec1829e0c31d0f5308c

SHA512
7ce09d2cdeb2cc471fe28f9243ec430e52517a989c1fae123ae02254630cfc2d76359832543128566d688563e8832ed6773c37c4f3040afee8ca11a8d203b1e7

Download Submit
C:\Users\Admin\AppData\Roaming\XV_Hostv2\Compil32.exe

Filesize
4.0MB

MD5
20d23b37c54fc1434ff3105a165cdac7

SHA1
9cb3811fb5f2ecacadc831d82e7e850abedc19ae

SHA256
8fa9074cd74cbcedc44b12999dbc5f4e51ea82caa24be18b073686229f1f9db8

SHA512
40eb9cc31a97996237e69d975efc1a3c22297403bef211427752926a331e9913801bacc7236e4a67ce988c110ccbda3dbd3e65bcc185d512cfc951b0e05fb409

Download Submit
C:\Users\Admin\AppData\Roaming\XV_Hostv2\ISCmplr.dll

Filesize
1.4MB

MD5
c60b1956a21b2b79c3a0ddc10ddd01c0

SHA1
d4362e652e06dcb0b6ac26e69ecc38b129c9b6f2

SHA256
18dd5c992a02f29dca485fce30284e975d8e8c242f577e7e7a3a2fe109489898

SHA512
94e2612ec6de026e143fd11c9fb1a1831bb421f279ec3677600d20b2974580da4301da941c50f252176a1e04fcdc4438aa175d5efe462a817eedcdeebe6c37a5

Download Submit
C:\Users\Admin\AppData\Roaming\XV_Hostv2\lah.eps

Filesize
48KB

MD5
6a06ae63ae3e122e5384b23764adcd2d

SHA1
48791f6bfaf10d084f98fa3842dda015a7156d6a

SHA256
4d70e937893310e8cf24ba2f3c3b6188d110cc9e4a431569cd0152d9848820e1

SHA512
e3c0522a56dd8f2cd5ae1139c538b70106a4f57aada821a89346473637289255f52f2e84657cf1cf0358e3d3641e65f8632e891597398ecfbd23f236cdee5823

Download Submit
C:\Users\Admin\AppData\Roaming\XV_Hostv2\premise.ai

Filesize
1.2MB

MD5
e82a2d64d374708c2e2395e22b2ca487

SHA1
837ef90369554d7451803ff6d140b5fc9e33fbcd

SHA256
64f2da2f17a261b512299a3464d445c3adc817c1f20b83ae380206b4af75a0e8

SHA512
f92f249b8f3e702cc7d124bb0ffa011bd1d66e7f8dcbff11f0bf2e7d11846c59373560243a1d7d0094c5dd99c6e2ed5e62398a61ec71984367df47bee0edfd79

Download Submit
C:\Users\Admin\Downloads\hw_update.zip.crdownload

Filesize
3.7MB

MD5
94349ec1d0a15dbdbc8f09d4381bdc64

SHA1
f4f4c100eb38ac8979b8f9a648c124ad9a07ba77

SHA256
4943be107f3cdbfbe78c55f56e02543d0825faba9d6a2d28ccb5c7cb3a5184a6

SHA512
36e2c2ee8adbbe9d15e76f1e4a51a2ce91d13d78271c9df09d11b4bd79c293cbf7d968f8244eb8804251acf143c433db1d108d90e399a73332f2f4d57efd446c

Download Submit
memory/1844-315-0x0000000005040000-0x00000000055E4000-memory.dmp

Filesize
5.6MB

Download
memory/1844-314-0x0000000004980000-0x0000000004A12000-memory.dmp

Filesize
584KB

Download
memory/1844-318-0x0000000004B10000-0x0000000004B86000-memory.dmp

Filesize
472KB

Download
memory/1844-313-0x0000000000500000-0x00000000005C4000-memory.dmp

Filesize
784KB

Download
memory/1844-319-0x0000000004B90000-0x0000000004BE0000-memory.dmp

Filesize
320KB

Download
memory/1844-310-0x0000000073B10000-0x0000000074D64000-memory.dmp

Filesize
18.3MB

Download
memory/1844-316-0x0000000004950000-0x000000000495A000-memory.dmp

Filesize
40KB

Download
memory/1844-317-0x0000000004C60000-0x0000000004E22000-memory.dmp

Filesize
1.8MB

Download
memory/5264-274-0x00007FFB740F0000-0x00007FFB742E5000-memory.dmp

Filesize
2.0MB

Download
memory/5264-299-0x0000000075650000-0x00000000757CB000-memory.dmp

Filesize
1.5MB

Download
memory/6112-271-0x0000000000080000-0x0000000000484000-memory.dmp

Filesize
4.0MB

Download
memory/6112-272-0x0000000075150000-0x00000000752CC000-memory.dmp

Filesize
1.5MB

Download
memory/6112-269-0x0000000075650000-0x00000000757CB000-memory.dmp

Filesize
1.5MB

Download
memory/6112-259-0x00007FFB740F0000-0x00007FFB742E5000-memory.dmp

Filesize
2.0MB

Download
memory/6112-258-0x0000000075650000-0x00000000757CB000-memory.dmp

Filesize
1.5MB

Download
memory/6136-251-0x0000000000390000-0x0000000000794000-memory.dmp

Filesize
4.0MB

Download
memory/6136-252-0x00000000757E0000-0x000000007595C000-memory.dmp

Filesize
1.5MB

Download
memory/6136-244-0x00007FFB740F0000-0x00007FFB742E5000-memory.dmp

Filesize
2.0MB

Download
memory/6136-243-0x00000000754D0000-0x000000007564B000-memory.dmp

Filesize
1.5MB

Download