orcus | 726fe765745a0052e532e040a71b6b252aceab5c3b6cb13ba774eb85494390fa

Analysis

max time kernel
149s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
30-01-2025 06:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Drunkdeer(1).exe
Size

3.2MB
MD5

2e3a2248109098fa65295e84918518e0
SHA1

80c462ccf9ab80f3cafc1a1f43669c72c383db4a
SHA256

726fe765745a0052e532e040a71b6b252aceab5c3b6cb13ba774eb85494390fa
SHA512

f3b3ebccc507ecaf464f6c023e3f5a7b4174894a35a8bda186129b0f89c0dcc9389991b20cbf092692928614bc63024775b0ac5b8c2f83aa0a5bf28fe44bda8e
SSDEEP

49152:7GX87p1EZKMnkmWg8LX5prviYDyKS5AypQxbRQAo9JnCmpKu/nRFfjI7L0qb:7LHTPJg8z1mKnypSbRxo9JCm

Score

10^/10

orcus новый тег discovery rat spyware stealer

Malware Config

Extracted

Family

orcus

Botnet

Новый тег

31.44.184.52:27516

Mutex

sudo_bdnmfcpgeezwswzcg169jg3njnsdn3j8

Attributes

autostart_method
Disable
enable_keylogger
false
install_path
%appdata%\eternalasync\cpuuploads.exe
reconnect_delay
10000
registry_keyname
Sudik
taskscheduler_taskname
sudik
watchdog_path
AppData\aga.exe

Signatures

Orcus
Orcus is a Remote Access Trojan that is being sold on underground forums.
rat spyware stealer orcus
Orcus family
orcus

Orcus main payload 1 IoCs

resource	yara_rule
behavioral1/files/0x001a00000002ab86-13.dat	family_orcus

Orcurs Rat Executable 2 IoCs

resource	yara_rule
behavioral1/memory/5856-1-0x0000000000A70000-0x0000000000DA8000-memory.dmp	orcus
behavioral1/files/0x001a00000002ab86-13.dat	orcus

Executes dropped EXE 4 IoCs

pid	Process
3116	cpuuploads.exe
5052	cpuuploads.exe
5012	cpuuploads.exe
4640	cpuuploads.exe

Loads dropped DLL 6 IoCs

pid	Process
1808	installutil.exe
1808	installutil.exe
1808	installutil.exe
1808	installutil.exe
1808	installutil.exe
1808	installutil.exe

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
69	api.ipify.org
99	api.ipify.org

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3116 set thread context of 1808	3116	cpuuploads.exe	81

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	installutil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cpuuploads.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cpuuploads.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Drunkdeer(1).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cpuuploads.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cpuuploads.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	installutil.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	installutil.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	installutil.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133826913659048424"	chrome.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
5856	Drunkdeer(1).exe
3116	cpuuploads.exe
3116	cpuuploads.exe
3116	cpuuploads.exe
3116	cpuuploads.exe
1808	installutil.exe
1808	installutil.exe
2784	chrome.exe
2784	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe
3372	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	5856	Drunkdeer(1).exe
Token: SeDebugPrivilege	3116	cpuuploads.exe
Token: SeDebugPrivilege	1808	installutil.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe

Suspicious use of FindShellTrayWindow 59 IoCs

pid	Process
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5856 wrote to memory of 3116	5856	Drunkdeer(1).exe	78
PID 5856 wrote to memory of 3116	5856	Drunkdeer(1).exe	78
PID 5856 wrote to memory of 3116	5856	Drunkdeer(1).exe	78
PID 3116 wrote to memory of 5864	3116	cpuuploads.exe	80
PID 3116 wrote to memory of 5864	3116	cpuuploads.exe	80
PID 3116 wrote to memory of 5864	3116	cpuuploads.exe	80
PID 3116 wrote to memory of 1808	3116	cpuuploads.exe	81
PID 3116 wrote to memory of 1808	3116	cpuuploads.exe	81
PID 3116 wrote to memory of 1808	3116	cpuuploads.exe	81
PID 3116 wrote to memory of 1808	3116	cpuuploads.exe	81
PID 3116 wrote to memory of 1808	3116	cpuuploads.exe	81
PID 3116 wrote to memory of 1808	3116	cpuuploads.exe	81
PID 3116 wrote to memory of 1808	3116	cpuuploads.exe	81
PID 3116 wrote to memory of 1808	3116	cpuuploads.exe	81
PID 2784 wrote to memory of 6036	2784	chrome.exe	86
PID 2784 wrote to memory of 6036	2784	chrome.exe	86
PID 2784 wrote to memory of 4424	2784	chrome.exe	87
PID 2784 wrote to memory of 4424	2784	chrome.exe	87
PID 2784 wrote to memory of 4424	2784	chrome.exe	87
PID 2784 wrote to memory of 4424	2784	chrome.exe	87
PID 2784 wrote to memory of 4424	2784	chrome.exe	87
PID 2784 wrote to memory of 4424	2784	chrome.exe	87
PID 2784 wrote to memory of 4424	2784	chrome.exe	87
PID 2784 wrote to memory of 4424	2784	chrome.exe	87
PID 2784 wrote to memory of 4424	2784	chrome.exe	87
PID 2784 wrote to memory of 4424	2784	chrome.exe	87
PID 2784 wrote to memory of 4424	2784	chrome.exe	87
PID 2784 wrote to memory of 4424	2784	chrome.exe	87
PID 2784 wrote to memory of 4424	2784	chrome.exe	87
PID 2784 wrote to memory of 4424	2784	chrome.exe	87
PID 2784 wrote to memory of 4424	2784	chrome.exe	87
PID 2784 wrote to memory of 4424	2784	chrome.exe	87
PID 2784 wrote to memory of 4424	2784	chrome.exe	87
PID 2784 wrote to memory of 4424	2784	chrome.exe	87
PID 2784 wrote to memory of 4424	2784	chrome.exe	87
PID 2784 wrote to memory of 4424	2784	chrome.exe	87
PID 2784 wrote to memory of 4424	2784	chrome.exe	87
PID 2784 wrote to memory of 4424	2784	chrome.exe	87
PID 2784 wrote to memory of 4424	2784	chrome.exe	87
PID 2784 wrote to memory of 4424	2784	chrome.exe	87
PID 2784 wrote to memory of 4424	2784	chrome.exe	87
PID 2784 wrote to memory of 4424	2784	chrome.exe	87
PID 2784 wrote to memory of 4424	2784	chrome.exe	87
PID 2784 wrote to memory of 4424	2784	chrome.exe	87
PID 2784 wrote to memory of 4424	2784	chrome.exe	87
PID 2784 wrote to memory of 4424	2784	chrome.exe	87
PID 2784 wrote to memory of 3056	2784	chrome.exe	88
PID 2784 wrote to memory of 3056	2784	chrome.exe	88
PID 2784 wrote to memory of 5100	2784	chrome.exe	89
PID 2784 wrote to memory of 5100	2784	chrome.exe	89
PID 2784 wrote to memory of 5100	2784	chrome.exe	89
PID 2784 wrote to memory of 5100	2784	chrome.exe	89
PID 2784 wrote to memory of 5100	2784	chrome.exe	89
PID 2784 wrote to memory of 5100	2784	chrome.exe	89
PID 2784 wrote to memory of 5100	2784	chrome.exe	89
PID 2784 wrote to memory of 5100	2784	chrome.exe	89
PID 2784 wrote to memory of 5100	2784	chrome.exe	89
PID 2784 wrote to memory of 5100	2784	chrome.exe	89
PID 2784 wrote to memory of 5100	2784	chrome.exe	89
PID 2784 wrote to memory of 5100	2784	chrome.exe	89
PID 2784 wrote to memory of 5100	2784	chrome.exe	89
PID 2784 wrote to memory of 5100	2784	chrome.exe	89
PID 2784 wrote to memory of 5100	2784	chrome.exe	89
PID 2784 wrote to memory of 5100	2784	chrome.exe	89

C:\Users\Admin\AppData\Local\Temp\Drunkdeer(1).exe
"C:\Users\Admin\AppData\Local\Temp\Drunkdeer(1).exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5856
- C:\Users\Admin\AppData\Roaming\eternalasync\cpuuploads.exe
  "C:\Users\Admin\AppData\Roaming\eternalasync\cpuuploads.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:3116
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\installutil.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\installutil.exe"
    3⤵
    PID:5864
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\installutil.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\installutil.exe"
    3⤵
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Checks processor information in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1808

C:\Users\Admin\AppData\Roaming\eternalasync\cpuuploads.exe
C:\Users\Admin\AppData\Roaming\eternalasync\cpuuploads.exe
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xe4,0x108,0x7fffc600cc40,0x7fffc600cc4c,0x7fffc600cc58
  2⤵
  PID:6036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1820,i,12643854528646099920,4655473159572639399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1816 /prefetch:2
  2⤵
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2104,i,12643854528646099920,4655473159572639399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2112 /prefetch:3
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2136,i,12643854528646099920,4655473159572639399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2376 /prefetch:8
  2⤵
  PID:5100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,12643854528646099920,4655473159572639399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3112,i,12643854528646099920,4655473159572639399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1620 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4412,i,12643854528646099920,4655473159572639399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4496 /prefetch:1
  2⤵
  PID:3904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4736,i,12643854528646099920,4655473159572639399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4748 /prefetch:8
  2⤵
  PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4808,i,12643854528646099920,4655473159572639399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4776 /prefetch:8
  2⤵
  PID:4132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4664,i,12643854528646099920,4655473159572639399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:4236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4388,i,12643854528646099920,4655473159572639399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3756 /prefetch:1
  2⤵
  PID:3156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3196,i,12643854528646099920,4655473159572639399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3492 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3476,i,12643854528646099920,4655473159572639399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5092 /prefetch:8
  2⤵
  PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5460,i,12643854528646099920,4655473159572639399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5612,i,12643854528646099920,4655473159572639399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5640 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3372

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5172

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4580

C:\Users\Admin\AppData\Roaming\eternalasync\cpuuploads.exe
C:\Users\Admin\AppData\Roaming\eternalasync\cpuuploads.exe
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5012

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E4 0x00000000000004B8
1⤵
PID:4476

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:980

C:\Users\Admin\AppData\Roaming\eternalasync\cpuuploads.exe
C:\Users\Admin\AppData\Roaming\eternalasync\cpuuploads.exe
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4640

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
a7686e104c54e236f63df380fd3fac77

SHA1
ae26feb645dc2bf22d833292a221bd0573af5f48

SHA256
da0eb19797b0c80b95ba85c6689bf25c39afdb143c250481ad0217af3f5e0143

SHA512
5e885b6b80955b2c87f462d5368879cfeda17b8efc1574354b42f963061564c920d4def0d8f6780ca81e60541ae55875f1451e13617ff922e7571ea37be879e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
214KB

MD5
ba958dfa97ba4abe328dce19c50cd19c

SHA1
122405a9536dd824adcc446c3f0f3a971c94f1b1

SHA256
3124365e9e20791892ee21f47763d3df116763da0270796ca42fd63ecc23c607

SHA512
aad22e93babe3255a7e78d9a9e24c1cda167d449e5383bb740125445e7c7ddd8df53a0e53705f4262a49a307dc54ceb40c66bab61bec206fbe59918110af70bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006e

Filesize
21KB

MD5
d1cb4a33278891010a9b5ca11bb4d52f

SHA1
c2074a00a054f602eb1d300c40f2c44e77f87eae

SHA256
8b55330deb61941b4a7bca977b596613649ba46da272732df3750596d7631cf1

SHA512
8ea9915de96b8a45a56abe50e84947fa0d58f472fe35ff5e1e941ec1e46c296e0716067861ed422d05cd0a300347b6ca15454bd9694c440bf4672329b529add4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
fe0983798deecd27eb2d6d81083da205

SHA1
9f4816f459feeb8a181cc51c7779b109ce27b2d2

SHA256
921aa367e9ceee308b310181dbc4a5dfc2c3c49c4ec7937c3712d182c9b5385c

SHA512
aed25548580d4f8d45a89f07abac0279ab0ce6ce3a89dc42dcca1175d1934575200f917957307719bbc03d03cc75b38a6ea1fe2a57e63030e4d7457ea469fd97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
f36d069ddca1330952b4a715b6b5aa10

SHA1
9d9b2acb2d1adc9736b005f634486d34d94a365f

SHA256
6c05457586fe533f861cdcf0e6f52674ec8bd3168213b84524858399fd37625f

SHA512
20fe0efafaba3caf9595275890189b33f70730f4d215820f5fca34c08625631f5315578e568e67a89b046614f284c600f9b82c43c4e4c2e40bc304f64cfb24d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
e912dde9013e4bb003648eb13dd7f3b2

SHA1
1e9602cfbd12a680e53106679650bb63719b044c

SHA256
f40b9d3eed3b375c2294b387030a96d037617bcf97ffc64fd8da6bd6b224897f

SHA512
aece04da17edef923ca8db13ca54ff28c4871653ee771e3b98e1065d0098ed7871324fe8a9b34215000d0446176cc5c49cc84ff5df783cd35bdec23fa63461ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
2ce2bb40cba42c3ca0bd0fdfc752f6ee

SHA1
dc9a60785d58d1cd7664b92b7b628d7033d44b43

SHA256
894d628bc0ccf534fddfc3db17ac9c0127becca41e5de2314d6342d8c30acb88

SHA512
ff2c9b647993d0deb7ab1ef510d6c868ae8f7ea9fff39e2ff2999bb514bdb852e2d1998b4d9750dc8f95f017457243cbdf10fabad9484fa94d075ef6fe985ba4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
83b6359540994f7881bfe28d8917075f

SHA1
cea36d78005b9a5f7331fb8a839dead7e98c10f0

SHA256
e66bb65bbda36077d4204cae0bfe2e8cd464aae2bee756324e07ffd5155441d2

SHA512
df3085e4c8ab845756b6e41df61284f608cb3240b2605a2058e941842aff3c1b53eb68c7894d2f97f58c4d959b1a6624443b6f813f7ea3fa1365afe69975f6a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
91ed594c432291a02d2b8c0fb364e507

SHA1
58940fd1772ae07534672134a47a445866edc28b

SHA256
1888ecf82a58ab6e9ed3256595b0c620d012c3ebba024d324009c37f549a153e

SHA512
dd583e9aeb09150cb6a215873bbf574c05abbc7d195bd28e1c27720a60b60bf1a97493a027e2c39ad6838a650bf94f1b52d1db922c17e2a5cfc8fbdd2e3d1b90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
857B

MD5
595d5a0196ae1943d3c4554ca569fd10

SHA1
f1a1d54ff7347e32565abe902428e99e41f4f794

SHA256
19d974c1e19b25167b2de9049b3ef4f879e94c3cf1634b226141e27dd908b0e8

SHA512
4c19266e5106b8603c7b832862ec1abc2589c68ee5e53d798c7d86fc293697ae026de4bd29e0f998b57cd7f8742a111bb867111597ed7a816c2a1fb39b0ce9e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
020d5e744f87922e688fce680708de79

SHA1
6821de18dba86da081655ef7304ea2a168b44f26

SHA256
964fa0deb8e480290d1268e43cf37c900cf8a96618fc4fce61f2935a619b209c

SHA512
332ad0f6208bf776c1d06e88bc93fda7af60c798689f589833f40d5a774fb563283836707ea1265aa5e58b2bad68dbdc4e2dc14cfec8260c9d475bab2a5311f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
f115b69343923c854ef68f90d5502b2b

SHA1
9086cbd231ccb95936270331866166ba797e0344

SHA256
295f647e20be285b310c7e0ef132c028ea57268f85177dd4045333470f9f6ca8

SHA512
ce87cadb45e165c28a6874d84920f05a97d954a48381b7241f4701278d08a462ca1ea2df63f7d5e8ddcf36defe5019c7091709c3ac0aa2c7deac4900d37c35d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
651f90db73fd74fca430d02b246b555e

SHA1
254458691c4eeb4a118d3d8d6472765cd25e6f02

SHA256
22f32dfb3633ba9595a77bafc5dd4b27655370fd34e2b138a6e3e619fa3debb0

SHA512
2affea06909a8d3e2b4ecfbe6a115536d23eaf6d5522805158c4e8bb706b81d59f4dca38ea8350a148e53faf0320b98ed88895df3c1b4f9b9429cfd3208a5427

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f2eabbdbea228c8e99d5893a24474361

SHA1
a063f64e9b8b7a3b15482eec4b86cd1dca670b9d

SHA256
470c4045f5d1c7cc5193d6f3623e5e4e13d9f16d197d5ee9747b276c51b99166

SHA512
12961c8cccb76578d09adf219688fbf3cb39d4d55c36ba52a03458e00a8c3a3c625e3bd59471388d6ca8c0e0f82427107df0127455e0f1185c0085b61f71eebd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
17c11e26871afcd62b36e0d365371365

SHA1
df937aa6b20fcba1c6ddcb5717b9248ceeb5c50b

SHA256
84ad07bac45924febcef95cac27dc2c28e6a266718026d332ed28e20b1487cdf

SHA512
9ddf95ffbb70dc874fb13668a4fcac7bd9aa35dba205fea95a8d5d5523057fe1a774a48c2ae1f4df7a618e67ec2e48c7d455b8553b56c6957683eb6c652f3726

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5e8d4a0367106d24a4cf601fda25acba

SHA1
800529a8848bd2f2334c1ae42fd334485cf08680

SHA256
0f23c220affb15ed79a4063808aa7086b041eda354b383dd47599e3df2456265

SHA512
8608942fde2b19e51e1ffe0313c22275be678543219d7926d99a1a2e684e729425addcf8019279a6c681bdb2d3a187475a674f34ad2f2df29368b46c526fbc9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
bfede9af9d54d3750b107ef74674717a

SHA1
f906282b1f713adb5495b03bdb0825d456964582

SHA256
f70943a59bc0a4a76c61f6f2fde447a4b709c74117b4f655cb509de36eda8aef

SHA512
3fd051881034fa04c20ffcc6f1a50403b8e30b11c0e7cb816fb13907f13d5f45c53f3d6058d6e461741c1c893fe2185b6c9758db951fe7e544efa369997120db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
20f38e9e40ac47b7f47214b3e4380d0f

SHA1
daa129eee32c5b4b02d8e8ac31c5a72069b7f338

SHA256
21dec31cec4f61bbbd8c1f820fc031e2051d86d54d16fdd7633427267256e7ba

SHA512
6619f3ae229e8ded354b78461d8b5e8afeff2d9d67aec388502068cdf1d9dc3fa35e7565dd6d2d34be3f04f0db6f9d404a6143bd17aa2778b2c6c6a8df7ce5e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3c733b5d7f466be52ba522e6273fbf51

SHA1
570ec4bfb0611aabfc431efb19655f8e00ba3213

SHA256
0f1e67340e33cccb6cb0a6be2394b6f2b72f3053545a2db1f3f7e9378c58e5d6

SHA512
72c986a63983dd703f08bf11d7434d61982311708ac03c9bd0ab54547cf1d492a978c5a9fcd12ac886f78a2c4769fb1240c9d0ee499dbe21e5538bc1d66ae8f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
986b393dd283c7f394678e47b625a3b0

SHA1
82a48a3c4e4c759c48e4e5dfc4947f61601f3290

SHA256
151cb81bab6bf7415773f8870d5aca8a615040d6dca09bfb91bcad720ca70225

SHA512
13a26a4b195cb38c6c9a09a347efb42c84b1ef596485d58a3a1911d6c4e96de82abfabbbe0db457825816fa3e5aff3113d22887f5769cc9e9e9b2d15d083ffa6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
dec35f6a87f35805c1c4d7d6977ca8a4

SHA1
0994c95bcb9faa366bc7be830afe329504490d45

SHA256
264d339b1faf79fd5953fa11d597bb9be62db40f7f28a996554250dd5f2d3b66

SHA512
cbaaa6923a2e9a019adb205ecb545a370c9850a520698eec0be4bb294d6a289eb868609e1ccdc91f209d8a6ec5082c33fbf0a1d4f0a0e70e335a95129b286058

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
c5173f012d707d555097b3a10abca5b3

SHA1
91a4da28aff1adb666c3f039681718edca823903

SHA256
7ec829cfe0f3d603b419b065a3e99ea26c64198edb168d4416344eb68258976a

SHA512
46c8a001f12355ed30458fb4c4c658e089c14466c56c587f9aa5e06c0834fd0841c101ad3573038fb0d88108d77f7c3ac28673e8588ccc4621dd0786b6233c13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
0966bb023b7e9c6eb4acc55943ee0f9c

SHA1
3a72b40ac3cec804cd2cc62ccac2560321edaca4

SHA256
c8a5c1f5b59abb916f91b140e5b662176fb6c410afdcb6b713957731967a0aec

SHA512
32e8cb9489988f82a7cbf63cb983a97220888d5a3ba1883f5a537dddc69699158f8cb120ebc3b24aed7c32157b658b4515e2f2e9e055f60be0f9791ae370f8ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\f865f257-86d8-40e1-be16-2bf6f7f51dbe.tmp

Filesize
9KB

MD5
f7d1cd7edb41a08e32dae709773f9115

SHA1
7122585cb773f511e6a4863f2d36d7ebcab3cacf

SHA256
62ed80a6194d8a01c41958d0cf39be60d38a5d12f4cd88c9e03bc73a2ca05152

SHA512
63d24118309001983c2d0b693ce6d4d8b8c12c76ad11a47ac2a144dafa8f09065dba6572800747cadfc65c1d4810fb4b2b1d592e3b1ca02e9bab394a2c5ed1d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
235KB

MD5
f174075e215175e9f0667e5ed91a8b8e

SHA1
10be3dbee97cf7391ef68bfdd3bc665655e5b7dc

SHA256
900d66b4222139bb91bd9c7931e64d035472246ba63a970e210b49dc9fd1e8dc

SHA512
8faec5c67c51aac8d6d33f77e7e07fe43e1280f16c4b7b7236eac107335d1e0e2907abd1b65ff8dffdfa4cc3708ed933af258db1787ae69784f434b40eb7dc28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
235KB

MD5
7e88bd4f89bfa217883e6523bbabf5d1

SHA1
6a488c25f6b81482e6e88d56a442699d726aa79e

SHA256
b3bcd5d8246e27e7e3e04a126f0407b16dd41169052a93a512cbde582fc701a5

SHA512
aae311cff9c895d51ac4fd726a2b73bba2227957539f406b27441492e21dc43d2323e0758085ad409340832b17ae2fcac90d886b41918dcfbea2480cf9e4d022

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
235KB

MD5
82b7cf32547bc4db4a917c1f27acb3f6

SHA1
35db0a6d9050d50989308a9d96d785c43e92d834

SHA256
4f774a76bbf6f2ccfc2c211e241b05aa37b06ed1c15ac11487a31674f46a1bd8

SHA512
5f26b34c27abdf5efed51165d8c1506e45c6453af375df00e8f67cadb8625f4aa3c4c84fc43d589a975fc3aac7b7d3e5043f679b9b46b0b11464474bf4725280

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\cpuuploads.exe.log

Filesize
1KB

MD5
9ab70628e2d07fb6d0af7ffe9c2534eb

SHA1
73e1d327502efc4ae6f21277eba6b4fddca8da3f

SHA256
a20c6b19845afcbb3346022339b60594c062bf437ff2303a25d8329d8baf73e6

SHA512
142912047400eeb4bd866f1b459bf0b4f44658fcf4e77ffa88d94e54240f87282a8af25381e3e834f094b6a8f5d607f5cf90930e2462ddaee8a7e8dcfecbbb9d

Download Submit
C:\Users\Admin\AppData\Roaming\eternalasync\cpuuploads.exe

Filesize
3.2MB

MD5
2e3a2248109098fa65295e84918518e0

SHA1
80c462ccf9ab80f3cafc1a1f43669c72c383db4a

SHA256
726fe765745a0052e532e040a71b6b252aceab5c3b6cb13ba774eb85494390fa

SHA512
f3b3ebccc507ecaf464f6c023e3f5a7b4174894a35a8bda186129b0f89c0dcc9389991b20cbf092692928614bc63024775b0ac5b8c2f83aa0a5bf28fe44bda8e

Download Submit
C:\Users\Admin\AppData\Roaming\eternalasync\cpuuploads.exe.config

Filesize
357B

MD5
a2b76cea3a59fa9af5ea21ff68139c98

SHA1
35d76475e6a54c168f536e30206578babff58274

SHA256
f99ef5bf79a7c43701877f0bb0b890591885bb0a3d605762647cc8ffbf10c839

SHA512
b52608b45153c489419228864ecbcb92be24c644d470818dfe15f8c7e661a7bcd034ea13ef401f2b84ad5c29a41c9b4c7d161cc33ae3ef71659bc2bca1a8c4ad

Download Submit
C:\Users\Admin\AppData\Roaming\eternalasync\lib_sudo_bdnmfcpgeezwswzcg169jg3njnsdn3j8\CSCore.dll

Filesize
519KB

MD5
94a312a6fcec0e78808bcea3d8ff67f5

SHA1
fe760487d13f9a6f5f359036561105d4aca88a1f

SHA256
e835139171eb0d63b6b4e02b0997cac040c02d295648a275d4c8d28b234c8e94

SHA512
ecdedeee1ee4e35e4fbd2dea3a4dd8b0805166a9610a63affbfb673f2644588eacecba6b3a5a0052c202ab14c321800997512abc318d36a50b00cc86dc83ec1c

Download Submit
C:\Users\Admin\AppData\Roaming\eternalasync\lib_sudo_bdnmfcpgeezwswzcg169jg3njnsdn3j8\SharpDX.Direct3D11.dll

Filesize
271KB

MD5
98eb5ba5871acdeaebf3a3b0f64be449

SHA1
c965284f60ef789b00b10b3df60ee682b4497de3

SHA256
d7617d926648849cbfef450b8f48e458ee52e2793fb2251a30094b778aa8848c

SHA512
a60025e304713d333e4b82b2d0be28087950688b049c98d2db5910c00b8d45b92e16d25ac8a58ff1318de019de3a9a00c7cbf8a6ad4b5bb1cb175dafa1b9bea2

Download Submit
C:\Users\Admin\AppData\Roaming\eternalasync\lib_sudo_bdnmfcpgeezwswzcg169jg3njnsdn3j8\SharpDX.dll

Filesize
247KB

MD5
ffb4b61cc11bec6d48226027c2c26704

SHA1
fa8b9e344accbdc4dffa9b5d821d23f0716da29e

SHA256
061542ff3fb36039b7bbffdf3e07b66176b264c1dfd834a14b09c08620717303

SHA512
48aa6130bf1f5bd6de19256bbdf754c0158b43dd122cec47bb801a7a7b56f2da268bfdec24d135621764a23278ead3dcc35911a057e2dfa55a348bae8ef7b8a9

Download Submit
memory/1808-44-0x0000000007450000-0x000000000749C000-memory.dmp

Filesize
304KB

Download
memory/1808-714-0x00000000090E0000-0x000000000960C000-memory.dmp

Filesize
5.2MB

Download
memory/1808-34-0x00000000059C0000-0x00000000059D8000-memory.dmp

Filesize
96KB

Download
memory/1808-48-0x00000000084D0000-0x0000000008520000-memory.dmp

Filesize
320KB

Download
memory/1808-46-0x0000000008010000-0x00000000081D2000-memory.dmp

Filesize
1.8MB

Download
memory/1808-753-0x0000000005E20000-0x0000000005E6A000-memory.dmp

Filesize
296KB

Download
memory/1808-737-0x0000000005D80000-0x0000000005DC4000-memory.dmp

Filesize
272KB

Download
memory/1808-45-0x00000000075B0000-0x00000000076BA000-memory.dmp

Filesize
1.0MB

Download
memory/1808-39-0x0000000007100000-0x0000000007166000-memory.dmp

Filesize
408KB

Download
memory/1808-47-0x0000000007570000-0x000000000757E000-memory.dmp

Filesize
56KB

Download
memory/1808-693-0x0000000008920000-0x00000000089A6000-memory.dmp

Filesize
536KB

Download
memory/1808-35-0x0000000005E90000-0x0000000005EA0000-memory.dmp

Filesize
64KB

Download
memory/1808-41-0x00000000079F0000-0x0000000008008000-memory.dmp

Filesize
6.1MB

Download
memory/1808-43-0x0000000007410000-0x000000000744C000-memory.dmp

Filesize
240KB

Download
memory/1808-42-0x00000000071F0000-0x0000000007202000-memory.dmp

Filesize
72KB

Download
memory/1808-36-0x0000000006B20000-0x0000000006B2A000-memory.dmp

Filesize
40KB

Download
memory/3116-28-0x0000000006960000-0x00000000069FC000-memory.dmp

Filesize
624KB

Download
memory/3116-32-0x00000000752B0000-0x0000000075A61000-memory.dmp

Filesize
7.7MB

Download
memory/3116-23-0x00000000752B0000-0x0000000075A61000-memory.dmp

Filesize
7.7MB

Download
memory/3116-25-0x00000000752B0000-0x0000000075A61000-memory.dmp

Filesize
7.7MB

Download
memory/3116-26-0x0000000005FF0000-0x000000000603E000-memory.dmp

Filesize
312KB

Download
memory/5052-40-0x00000000752B0000-0x0000000075A61000-memory.dmp

Filesize
7.7MB

Download
memory/5052-31-0x00000000752B0000-0x0000000075A61000-memory.dmp

Filesize
7.7MB

Download
memory/5856-4-0x0000000005950000-0x00000000059AC000-memory.dmp

Filesize
368KB

Download
memory/5856-0-0x00000000752BE000-0x00000000752BF000-memory.dmp

Filesize
4KB

Download
memory/5856-3-0x00000000752B0000-0x0000000075A61000-memory.dmp

Filesize
7.7MB

Download
memory/5856-5-0x0000000006150000-0x00000000066F6000-memory.dmp

Filesize
5.6MB

Download
memory/5856-6-0x0000000005C40000-0x0000000005CD2000-memory.dmp

Filesize
584KB

Download
memory/5856-2-0x0000000003250000-0x000000000325E000-memory.dmp

Filesize
56KB

Download
memory/5856-7-0x0000000005AA0000-0x0000000005AB2000-memory.dmp

Filesize
72KB

Download
memory/5856-24-0x00000000752B0000-0x0000000075A61000-memory.dmp

Filesize
7.7MB

Download
memory/5856-1-0x0000000000A70000-0x0000000000DA8000-memory.dmp

Filesize
3.2MB

Download