sectoprat | hxxp://45[.]61[.]157[.]205/f1/red

Analysis

max time kernel
150s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20250217-en
resource tags

arch:x64arch:x86image:win11-20250217-enlocale:en-usos:windows11-21h2-x64system
submitted
21-02-2025 19:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://45.61.157.205/f1/red

Score

10^/10

sectoprat discovery rat trojan

Malware Config

Signatures

SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
trojan rat sectoprat

SectopRAT payload 1 IoCs

resource	yara_rule
behavioral1/memory/5252-437-0x0000000001300000-0x00000000013C4000-memory.dmp	family_sectoprat

Sectoprat family
sectoprat

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
106	pastebin.com
107	pastebin.com

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 2360 set thread context of 4576	2360	airfabric.exe	132
PID 4576 set thread context of 5252	4576	cmd.exe	136

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSBuild.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133846407314573600"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings	chrome.exe

NTFS ADS 8 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\DockerUpdate_ibj_5\OISGRAPH.DLL\:Zone.Identifier:$DATA	airfabric.exe
File created	C:\Users\Admin\AppData\Roaming\DockerUpdate_ibj_5\retro.sql\:Zone.Identifier:$DATA	airfabric.exe
File created	C:\Users\Admin\AppData\Roaming\DockerUpdate_ibj_5\cabretta.ogg\:Zone.Identifier:$DATA	airfabric.exe
File opened for modification	C:\Users\Admin\Downloads\hw_update.zip:Zone.Identifier	chrome.exe
File created	C:\Users\Admin\AppData\Roaming\DockerUpdate_ibj_5\CDLMSO.DLL\:Zone.Identifier:$DATA	airfabric.exe
File created	C:\Users\Admin\AppData\Roaming\DockerUpdate_ibj_5\MSOCF.DLL\:Zone.Identifier:$DATA	airfabric.exe
File created	C:\Users\Admin\AppData\Roaming\DockerUpdate_ibj_5\msvcr90.dll\:Zone.Identifier:$DATA	airfabric.exe
File created	C:\Users\Admin\AppData\Roaming\DockerUpdate_ibj_5\OISAPP.DLL\:Zone.Identifier:$DATA	airfabric.exe

Suspicious behavior: EnumeratesProcesses 27 IoCs

pid	Process
3468	msedge.exe
3468	msedge.exe
4064	msedge.exe
4064	msedge.exe
2116	msedge.exe
2116	msedge.exe
1296	identity_helper.exe
1296	identity_helper.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
2360	airfabric.exe
2360	airfabric.exe
2360	airfabric.exe
4576	cmd.exe
4576	cmd.exe
4576	cmd.exe
4576	cmd.exe
5392	msedge.exe
5392	msedge.exe
5392	msedge.exe
5392	msedge.exe
5748	chrome.exe
5748	chrome.exe
5748	chrome.exe
5748	chrome.exe

Suspicious behavior: MapViewOfSection 3 IoCs

pid	Process
2360	airfabric.exe
4576	cmd.exe
4576	cmd.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4064 wrote to memory of 3784	4064	msedge.exe	81
PID 4064 wrote to memory of 3784	4064	msedge.exe	81
PID 4064 wrote to memory of 2096	4064	msedge.exe	82
PID 4064 wrote to memory of 2096	4064	msedge.exe	82
PID 4064 wrote to memory of 2096	4064	msedge.exe	82
PID 4064 wrote to memory of 2096	4064	msedge.exe	82
PID 4064 wrote to memory of 2096	4064	msedge.exe	82
PID 4064 wrote to memory of 2096	4064	msedge.exe	82
PID 4064 wrote to memory of 2096	4064	msedge.exe	82
PID 4064 wrote to memory of 2096	4064	msedge.exe	82
PID 4064 wrote to memory of 2096	4064	msedge.exe	82
PID 4064 wrote to memory of 2096	4064	msedge.exe	82
PID 4064 wrote to memory of 2096	4064	msedge.exe	82
PID 4064 wrote to memory of 2096	4064	msedge.exe	82
PID 4064 wrote to memory of 2096	4064	msedge.exe	82
PID 4064 wrote to memory of 2096	4064	msedge.exe	82
PID 4064 wrote to memory of 2096	4064	msedge.exe	82
PID 4064 wrote to memory of 2096	4064	msedge.exe	82
PID 4064 wrote to memory of 2096	4064	msedge.exe	82
PID 4064 wrote to memory of 2096	4064	msedge.exe	82
PID 4064 wrote to memory of 2096	4064	msedge.exe	82
PID 4064 wrote to memory of 2096	4064	msedge.exe	82
PID 4064 wrote to memory of 2096	4064	msedge.exe	82
PID 4064 wrote to memory of 2096	4064	msedge.exe	82
PID 4064 wrote to memory of 2096	4064	msedge.exe	82
PID 4064 wrote to memory of 2096	4064	msedge.exe	82
PID 4064 wrote to memory of 2096	4064	msedge.exe	82
PID 4064 wrote to memory of 2096	4064	msedge.exe	82
PID 4064 wrote to memory of 2096	4064	msedge.exe	82
PID 4064 wrote to memory of 2096	4064	msedge.exe	82
PID 4064 wrote to memory of 2096	4064	msedge.exe	82
PID 4064 wrote to memory of 2096	4064	msedge.exe	82
PID 4064 wrote to memory of 2096	4064	msedge.exe	82
PID 4064 wrote to memory of 2096	4064	msedge.exe	82
PID 4064 wrote to memory of 2096	4064	msedge.exe	82
PID 4064 wrote to memory of 2096	4064	msedge.exe	82
PID 4064 wrote to memory of 2096	4064	msedge.exe	82
PID 4064 wrote to memory of 2096	4064	msedge.exe	82
PID 4064 wrote to memory of 2096	4064	msedge.exe	82
PID 4064 wrote to memory of 2096	4064	msedge.exe	82
PID 4064 wrote to memory of 2096	4064	msedge.exe	82
PID 4064 wrote to memory of 2096	4064	msedge.exe	82
PID 4064 wrote to memory of 3468	4064	msedge.exe	83
PID 4064 wrote to memory of 3468	4064	msedge.exe	83
PID 4064 wrote to memory of 4624	4064	msedge.exe	84
PID 4064 wrote to memory of 4624	4064	msedge.exe	84
PID 4064 wrote to memory of 4624	4064	msedge.exe	84
PID 4064 wrote to memory of 4624	4064	msedge.exe	84
PID 4064 wrote to memory of 4624	4064	msedge.exe	84
PID 4064 wrote to memory of 4624	4064	msedge.exe	84
PID 4064 wrote to memory of 4624	4064	msedge.exe	84
PID 4064 wrote to memory of 4624	4064	msedge.exe	84
PID 4064 wrote to memory of 4624	4064	msedge.exe	84
PID 4064 wrote to memory of 4624	4064	msedge.exe	84
PID 4064 wrote to memory of 4624	4064	msedge.exe	84
PID 4064 wrote to memory of 4624	4064	msedge.exe	84
PID 4064 wrote to memory of 4624	4064	msedge.exe	84
PID 4064 wrote to memory of 4624	4064	msedge.exe	84
PID 4064 wrote to memory of 4624	4064	msedge.exe	84
PID 4064 wrote to memory of 4624	4064	msedge.exe	84
PID 4064 wrote to memory of 4624	4064	msedge.exe	84
PID 4064 wrote to memory of 4624	4064	msedge.exe	84
PID 4064 wrote to memory of 4624	4064	msedge.exe	84
PID 4064 wrote to memory of 4624	4064	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://45.61.157.205/f1/red
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa03fc3cb8,0x7ffa03fc3cc8,0x7ffa03fc3cd8
  2⤵
  PID:3784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1952,17199083189083537951,5692595666136424494,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1960 /prefetch:2
  2⤵
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1952,17199083189083537951,5692595666136424494,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1952,17199083189083537951,5692595666136424494,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,17199083189083537951,5692595666136424494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,17199083189083537951,5692595666136424494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,17199083189083537951,5692595666136424494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,17199083189083537951,5692595666136424494,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,17199083189083537951,5692595666136424494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3868 /prefetch:1
  2⤵
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,17199083189083537951,5692595666136424494,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1952,17199083189083537951,5692595666136424494,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1952,17199083189083537951,5692595666136424494,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6028 /prefetch:8
  2⤵
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1952,17199083189083537951,5692595666136424494,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6028 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1952,17199083189083537951,5692595666136424494,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6064 /prefetch:8
  2⤵
  PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1952,17199083189083537951,5692595666136424494,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1720 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5392

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1568

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1796

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9f112cc40,0x7ff9f112cc4c,0x7ff9f112cc58
  2⤵
  PID:3592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1972,i,2026480850955107317,5139433617246549428,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1964 /prefetch:2
  2⤵
  PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1392,i,2026480850955107317,5139433617246549428,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1900 /prefetch:3
  2⤵
  PID:1248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,2026480850955107317,5139433617246549428,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2256 /prefetch:8
  2⤵
  PID:2396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3068,i,2026480850955107317,5139433617246549428,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3092 /prefetch:1
  2⤵
  PID:664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3112,i,2026480850955107317,5139433617246549428,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:3804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3564,i,2026480850955107317,5139433617246549428,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4432 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4560,i,2026480850955107317,5139433617246549428,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4564 /prefetch:8
  2⤵
  PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4688,i,2026480850955107317,5139433617246549428,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4696 /prefetch:8
  2⤵
  PID:1492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4840,i,2026480850955107317,5139433617246549428,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4852 /prefetch:8
  2⤵
  PID:3292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4836,i,2026480850955107317,5139433617246549428,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5000 /prefetch:8
  2⤵
  PID:532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5016,i,2026480850955107317,5139433617246549428,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:5276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3432,i,2026480850955107317,5139433617246549428,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4604 /prefetch:8
  2⤵
  PID:5364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=212,i,2026480850955107317,5139433617246549428,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4960 /prefetch:8
  2⤵
  PID:5720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3548,i,2026480850955107317,5139433617246549428,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3696 /prefetch:8
  2⤵
  PID:5728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3308,i,2026480850955107317,5139433617246549428,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4592 /prefetch:1
  2⤵
  PID:2744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3256,i,2026480850955107317,5139433617246549428,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4312 /prefetch:8
  2⤵
  PID:5124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4804,i,2026480850955107317,5139433617246549428,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4556 /prefetch:1
  2⤵
  PID:5144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5276,i,2026480850955107317,5139433617246549428,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5284 /prefetch:8
  2⤵
  PID:5264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5504,i,2026480850955107317,5139433617246549428,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5568,i,2026480850955107317,5139433617246549428,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5584 /prefetch:8
  2⤵
  PID:3556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5468,i,2026480850955107317,5139433617246549428,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5716 /prefetch:8
  2⤵
  PID:5516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5588,i,2026480850955107317,5139433617246549428,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:5636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3472,i,2026480850955107317,5139433617246549428,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4960 /prefetch:8
  2⤵
  PID:1792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3488,i,2026480850955107317,5139433617246549428,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5480 /prefetch:8
  2⤵
  - NTFS ADS
  PID:4020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6060,i,2026480850955107317,5139433617246549428,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6064 /prefetch:8
  2⤵
  PID:5492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6048,i,2026480850955107317,5139433617246549428,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6092 /prefetch:8
  2⤵
  PID:5508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6084,i,2026480850955107317,5139433617246549428,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4820 /prefetch:8
  2⤵
  PID:5516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6088,i,2026480850955107317,5139433617246549428,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6232 /prefetch:8
  2⤵
  PID:5572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=5984,i,2026480850955107317,5139433617246549428,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6264 /prefetch:1
  2⤵
  PID:5692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=6216,i,2026480850955107317,5139433617246549428,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:5872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6424,i,2026480850955107317,5139433617246549428,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6136 /prefetch:8
  2⤵
  PID:5572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=6444,i,2026480850955107317,5139433617246549428,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3696 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6016,i,2026480850955107317,5139433617246549428,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6512 /prefetch:8
  2⤵
  PID:4696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6688,i,2026480850955107317,5139433617246549428,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6684 /prefetch:8
  2⤵
  PID:4612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6692,i,2026480850955107317,5139433617246549428,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6636 /prefetch:8
  2⤵
  PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6524,i,2026480850955107317,5139433617246549428,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6664 /prefetch:8
  2⤵
  PID:4092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=6536,i,2026480850955107317,5139433617246549428,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6664 /prefetch:1
  2⤵
  PID:5400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6868,i,2026480850955107317,5139433617246549428,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6924 /prefetch:8
  2⤵
  PID:4144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6992,i,2026480850955107317,5139433617246549428,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=7000 /prefetch:8
  2⤵
  PID:4572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7012,i,2026480850955107317,5139433617246549428,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6020 /prefetch:8
  2⤵
  PID:2400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7076,i,2026480850955107317,5139433617246549428,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6952 /prefetch:8
  2⤵
  PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=7024,i,2026480850955107317,5139433617246549428,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=7148 /prefetch:1
  2⤵
  PID:2824

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2036

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5448

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004D4
1⤵
PID:1604

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3940

C:\Users\Admin\Downloads\hw_update\MaxiAir\airfabric.exe
"C:\Users\Admin\Downloads\hw_update\MaxiAir\airfabric.exe"
1⤵
- Suspicious use of SetThreadContext
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:2360
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\SysWOW64\cmd.exe
  2⤵
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: MapViewOfSection
  PID:4576
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5252

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
62KB

MD5
3b37cfe151890ecf2145072e17fe2105

SHA1
454efea7acb1fd3d2d1e2c21c4c57a754adcd95f

SHA256
ab87c5b7a83fe0815b93936f51513b5df88ada2b0dacc65285ef9c5a40e595d8

SHA512
add3c0c7373cbb1e24ca3b15ab92a22d99f877b645a610084f80729a57a05cfe8b4542645b26d7eefcc1a2abe7bda0e39fb7bfd5ece09f94db7ce996ef1bff33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

Filesize
215KB

MD5
0e9976cf5978c4cad671b37d68b935ef

SHA1
9f38e9786fbab41e6f34c2dcc041462eb11eccbc

SHA256
5e8e21f87c0a104d48abc589812e6f4e48655cabe4356cda9e3c1ceee0acaa4e

SHA512
2faa6fff6b47e20fd307a206827dc7ff4892fce8b55b59b53d3e45b7dcf5fd34cebc4776b63da5aa4d0e0408344bd4602d26d09e7a456dd286e93b768cbfaa51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
a3dab72b351ca2773b8f99acbca738ab

SHA1
cdc2ddb85fbbce5f8555c5077f943693cb69d5c4

SHA256
9111053e762f08bdd2ea09db33cdcfbe75744e3e4487f1e1d61c0242c13bbe5d

SHA512
2734c6d8dc27d7498a8da1cfb7cc272cfcffe5ecc997a03c37acfb0fbc0eb508db461420ca3e38414897feaebd5a2a6476b377e318032419fdeedfac981da371

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.virustotal.com_0.indexeddb.leveldb\000003.log

Filesize
42KB

MD5
33b8fd2d831901747e58bf4ed998af46

SHA1
0e25e365623a9c911f36885349cccc3615ccafa0

SHA256
0a9b56c8b32862e04bed62bf5a2a5a01430de6b340c8c1735b0b1eb61509649d

SHA512
db17d0bfee7bfb772c13833a2633bd732d6e3a1520b08e5119b3b1dca4b37a5efadb69cfd2835b979ec3e4d68d600b37da20e6adfefd73bb256fd319e5bff6f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.virustotal.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.virustotal.com_0.indexeddb.leveldb\LOG

Filesize
355B

MD5
712891eebd95129922518beeb6332373

SHA1
f18491940c4dc791734644e3bb85d373e1679f11

SHA256
bbad76781d3b21c867facb646f7262ef378be73c64461cf05b9dbc4c8d2280b2

SHA512
ea74bc26f3b420d8878ce5e636950638cfba38ef432e2f4394fff93540e758de69707f373d13aeb1521b00fcb7f6f62402666a578dfa680451d28c37ba70619f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.virustotal.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
4e958574a87035798838b9d229d51913

SHA1
e60b7f73986c45b7e671cea0bb17262f235d25d8

SHA256
dae1b715779bbcd9696e3e2db7c57e81be5f866cd0b5f35e61fa8e1e9c86f9c6

SHA512
1fac7a26e0f9d75daa260b593e426a8a262ab49e1c07a337de1783aac810d9a1c9f671c355a478f303e7d1daba9bbc1820964b2886149a039660de50bc36674a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
4ee59d2d3ad7f3329e189092ffa9afc9

SHA1
78eedd7fe52837fb44d5a1ae859f3856eb322883

SHA256
eba45fcda80edc815942f98e0ef3652439031242ee7d36bf5cf87d90b80964d1

SHA512
a14e264e7e8ffff30ac716191e94f02a666de5e556e9030ff480afe854c10478d98c66975aa1e51d6ff49212e1533813c8d5b0a1e3619aee8c04ef48c96ac026

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
9617831ff1c1eee8a131a6e8fd97126a

SHA1
1f15703df024b66082644b6a7ba2233eca206c85

SHA256
a5d9ab211168e0bc04de48b77609be4d8f019bf9971d343c8da9f2cba8ea6703

SHA512
c703e7802af3338e4f6af7020dad89662857878f838f638ccb6674e9f34b13cf0ece90db4508a98e3671aea14db589c9cb9292a965ffea3085718c65b22c2b87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
64119a1e77d6a862ae11754f39e52348

SHA1
b52d80f1cf5170e1fc3e6ddfc77fd7f52b495fe6

SHA256
bd3516d31398de7d47126bb643b955464f5528ee7a379c344d55ff0fc0a68a36

SHA512
49feed97d9717bb8960b3a4d9ddd4186c22aa9135a2dd2adcc27af61c6f9dfbce77cc945adc071e968ee17f049a8cbc2d89da5a275a4eeff11530a407dc8a899

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
605224431e4629404da211ce643629ba

SHA1
ae1631dc97fdd251132c1004d916ab719f63f26c

SHA256
270d4d427263516e61207995d29c610aaabedade397ef59bb32d46c872bbbe0c

SHA512
028b74ddbe1760ad2098f8bbb9280262ec2d89b2a5cdacb9c6ccf30aafe8f38f211402ff2df4d2169c0bcb8b502ab09a42802aff108f80da309576ce0616ada5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
be6b88e50d26461ed36de89f83fe0701

SHA1
4040ad8c7745ec4dd5124417abf5f027c588e7bf

SHA256
e8c099c55b6f4bf1c38cd1410865b99d0defae7259cbdb0687d4fc88e6a1242c

SHA512
4e294c9cfdeef2f80d67b63e71d93ca2523a0b8c469ba3a13c01cc6cf23b05f38b631dbac1e35ae885bdae8cd0ebf0f1d548a2702b3f225fd2f325f23659f1d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
abe30a495629492b4b6a6d71f6b785d4

SHA1
2f68a4414944bb9aed12cc80eebf75379b2617d5

SHA256
599e7ff9c6bc438540f7221b3635f8ee16ff64734052d4037e2fb7e053e34166

SHA512
eacbbc11d82153602ec16afac772c55ad8bfdf82a802a7cc0a40a32dbcbc8f7640fa8381077c52bceaefce733087fb47670d726c5102c1fdf60070cc3b51cbd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
9618ccbbb1f012759133360998e1d871

SHA1
2c665103849e27d59074b597146fd4ecdff0e1e7

SHA256
2f3480d949405b27c111f5a6dc1e450942d7a37867bd5e5c82bb4f6394999638

SHA512
e3ed649185a18968603bd02f90165e7167dd23f638a9c35617a99a62a6b8679666a8f27c6f0abefcf1ea9e22e6a20c2dde1148db86ef523962e1cc3662201b11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
75102790923e46adcc875f155954e071

SHA1
7e4b98a18f7933a274857f2be9a5065a8da4df03

SHA256
e581822098c094dd8757685e04882979f56991d7b7fce490207330a9ddadf6c9

SHA512
5161bd6113a6ea689223d0192f8cd23dd8668af975687743a35e2438427249646548945a0e5e24331a5a7ecf6240820a82900d1096da7d15dc4f7becf4f3f703

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
80ad115ac48b258cdc792c74fac6c760

SHA1
0a3d767787f6533b14510353b02ca04d48ac5f3c

SHA256
e731e3d75e1beb5eac1046487b22056b6ba2ad9685652c2fba7f6a3dd6ef8450

SHA512
e4bc7ec0501b42ade638787e3189bdd6a931b69849cd94cc3b407aa17a7b2cb640389fb3998fb6d5b420230bb666860ca40a8d29638adb4517fc29fa89787e72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9b84adfffcc5daffb1a7ad4afb96a8f3

SHA1
58ed02a4c57c8d2723e8cddfc36be5fe678e08c8

SHA256
060ba82f0a9bea91a2d8374ac19baa27f204789785b2ff7763c71f4f589514cb

SHA512
075da4b8dab2bb80ad8ef382dc7fe7a1e212b37f6917719e1c7e9730676389b4a579849433cb212e04eeb7bd0c5283c87041b586b25a06a0ab2b2533d0944da6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3e153bce34021052b957b09f267ad0ae

SHA1
20156c974eec732ec46257ee51aa28fb06c0878a

SHA256
538ee38a7cb12351ecaf8c5f7e06156da91a3e94a98431d937e0fe2c2842b4b0

SHA512
7ee751e2f2937d7e86f91ed37f17d82d5d0fcb23dce07f95966364eaad3f6f77cbff7f5a06f84755f784b8531e9a2735e60ebc4840345e639e5546b8d1aca9f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
2db93bc63d6095a427096252380d800c

SHA1
cbd5c3c7425194887c30a911eb8c7c0b5e8a829e

SHA256
9b4c1f2a5a258bf9c6e1ad3fed00d71072e81d9148190ce88319ebc8b1db3f4e

SHA512
a633a5a0dc9986d2362d81d45883fa62f943a44436945a739dabbc7e03a44b97c62e568a09eedbce87694d14520f3b6b58665c565d45253fa8a2ca1a3208b120

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
c3172b22c0f5c2d79d24dc5c768fd690

SHA1
e63b7ad2863426c3a30310e635c2c04b429c7091

SHA256
21f7816d95c92bb658a340ddf192031c913c318499ec00146afb2ac2dbc00e4f

SHA512
346e209daf5b0f8f1c8fc2562584419c981c6fa1ef1b796c04ba97964758a82d3ac0de80e292f819a3b0070d8e649a1551d91ca5d5bc06ae7fae531f8a0b93b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
dc4bb37f1e6ec00d467876e6001f0f07

SHA1
f3fd92e6dd0bf0d0dc97cd5c2dbf92835930ba5b

SHA256
27f039ca7936b381a8be003dba24f1d9ec818e4890f51e651ec860ad53eda4f0

SHA512
e6eb7c1addb280ea3c7d3c3f01b998c24679691b62d9cdf0dfaea43634624e8078b51548df2c7cf792e59414635fc81bb51530b3e8fe6d3088b43cbb1357c42c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
565ae116b50b934654c9ebfb64a99d40

SHA1
b4164bca8733de833d3807e88385ea9fda4c204f

SHA256
34cc33f1d6e24c9336d4f9516d0db48c95900fa6817c890e06708fa5e0272bb3

SHA512
36960a9fe48cb144f784ca2995b7db01e7ad5433d9250fd9f643fa95ad8ec8b97e4e3c788783ed3e30af388157adce7c0e424a5ebf871dfcd5ece1b14b0b28d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Search Logos\dark_logo

Filesize
28KB

MD5
e34fb056244c802d8c42c2a9f9937dfd

SHA1
ae5f55c741f7370e2d48b8cc5d384c76d11c1bf3

SHA256
bb2b3a2dcd65d0226bd1eb5c54e4a137178eb41b6e93717096d6988c9d6aa0b5

SHA512
78306c302e2aac4fc3cca9173f0d00f2068f90cf1cd702c687bc590e2b0541db550d24fb9a4bfb129ab56941cb9365ad544a5fc91f76f921b98ea69bfde9d2ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Search Logos\logo

Filesize
29KB

MD5
0ebdb59e99cf45997d0ac10cfefbdbc7

SHA1
5438742dc759ff5535236e7f82c181a7807889bd

SHA256
ed9831855d24ac6015ea82f0c389e17c22f7f49b3ee32b3b569627ada0e4dc01

SHA512
71834561774c5823f1d9184dba789d9a349b89b8b724302e21225dc6f0a7186d088c08ead6dff864394b0122f520be5db81c378dd3d789cc5f914ba1a191b45b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
244KB

MD5
838930abbceee54b7fcf4cebea7d8cba

SHA1
b79085a63c8c656231b47f49f81b0f50bc2744d0

SHA256
139c86af0b6d3840b2c387728b7f41050da8cb8e2e763f402778ad8a6f15ecb6

SHA512
0a18e116ddd9d6a34692f3a05d25aa873e31e96ce282d906be9da20f2cc526d50aa8504b0e9774f228c418c1b8918b52ddbadd790ea09a48938cfdfdc7c0558a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
244KB

MD5
fa619caf51fb68f78fb6cfac75424980

SHA1
7743e91525da31f47769e7491c106d5dc5553b69

SHA256
765f45abff9ef1bc564e20ae66f2b1537b24ea8e55b0fa79a85d8b6cb54feb6e

SHA512
c573fec8ab462d1da3e9c7a5ee6b463688c442b1d2e859f76985ef44ad5fd74c0e2de2d6f9d939dbf130a1c16ce770cf9f13e38cf086bfe1e3a68f9a066e539a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
124KB

MD5
c072306d162c1b6a3401098329143816

SHA1
afc3a23dc64441b1d5b47523382cac21cb46a968

SHA256
eb8ede224dbf31269bade01492de5cb0d403149030ffdf5139493a5b5d7d4e86

SHA512
5728314571b03461a7a6f5589854a64c7b914de0140ff74eddf494515a279f6952de966a5cf463054efe795021ccbf0bce939628a3acf9dbbe0df3a7929abb84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
279KB

MD5
f1d2359b8fa3c5f7d381d5d58fb0c729

SHA1
aec4acfd0d5d9dceddd5c867e758ba6bc09f02ee

SHA256
3ef0119f734b0673bb6b96fc466b0a21ed41df6e5696e011151545f6a973f11a

SHA512
bfeae917bd25b082055aa60bdead2a7fc9049391ca959055f1d89e4e3b141e5e9dc13ae5986dff6809f0cba09b64c4905ed4e447b66b9c90315ed107a7508b57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
244KB

MD5
67441b978324d049aa4c45697afd7bf1

SHA1
0d0184c66ffa74bef705eb215d71a1cb17d8433d

SHA256
1d45c057d7904b789ee05c9a36056298c8ed50cf7132ba65c8c9aa0424a0b215

SHA512
62369e65e379a3cc47b2fb2c66c1202c16bdd0755042151edc83f42d675be9be6b7e037c4e4427f268d488a28f2ba45b7331e8835d4f48afb39f9c60d8979945

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
244KB

MD5
d9c562554f0d2dab3e6e6de2fe283e3a

SHA1
72faa52692569be0fc7c09b044ed30b34e938e5a

SHA256
68a269c2cf15a554bb66aaa0774745d3d83674152c163d3d583e31935ec2c845

SHA512
34f3dd2cc20a87b9cb79c9d84e9904bc890a30191923af5c7a43071305958f671cb816169055f36c0db05555fd0798ed6580dda6468876dc6e1dce35a8279921

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
244KB

MD5
5cb897452c2239cf7f6aef98057c773a

SHA1
def196a789c2f1991425384111f00a65402fd9b8

SHA256
d150213249f577c8336830d721d4f3978ba2f887decffde370920f9601ce7896

SHA512
6187340f4d400eb8428e2408353b8e654b82fe3c77b787b58ab8b49db488f1f21e5d048d7ac56ebfdba2ff269ddefa757b1c6c419b7d9fb1f7110cab837b7fa0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0517a9ec1a0298a87dac0ad50c998d79

SHA1
c01cab2a1ffb6180134315d827709b46d07018ea

SHA256
084f62f24d15ce30e231b1690497a004070932b3618e06d6b26079a489f689a5

SHA512
d9be6c0e55a74137b1e6dc882b0e665cb6c18fe80ff585cccff0bd4fc32923b155b62000492613c861b3f0cbfa8996dac7ca12d66fcf06d1b1d0e57294dee84d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
236fd72d944b494ed36178d8c80baa40

SHA1
affaef8eea7ac675dfccc68528f9cc828906d209

SHA256
c84f8f8ff1471655a154db4ba294d245cdcee376bd482f7b433b42f28d4f0184

SHA512
6db4bcd8f81de26f8d5a350019f45be7fe00c3531efbc2cf8e96c696b4e75acc81514fbe10c02410895fa318ec1d2c0bfec429da97451d32d9b0a8c340b2894b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
180B

MD5
00a455d9d155394bfb4b52258c97c5e5

SHA1
2761d0c955353e1982a588a3df78f2744cfaa9df

SHA256
45a13c77403533b12fbeeeb580e1c32400ca17a32e15caa8c8e6a180ece27fed

SHA512
9553f8553332afbb1b4d5229bbf58aed7a51571ab45cbf01852b36c437811befcbc86f80ec422f222963fa7dabb04b0c9ae72e9d4ff2eeb1e58cde894fbe234f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
58ed64f32a1efdf6204931e95d2d26af

SHA1
b8722f8f8d83c5679c304008a3ca06445e1d7bfa

SHA256
2157ea86b611972122b287c4abf313e82125491a8b3b5cfae7bc0c6deef96536

SHA512
40f2f0e2f7a07ed05c937d32e2c7fcf84c173c7c2d3b5ee4276202aaf80f64ba4e189dc332e75c99265ef448b2353028fa77198b30775771c159034da9713118

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
eacb776d7dea97484abb4ac0d50085e2

SHA1
1a6baa2e717036f6ef694124f9adf05d210cc6b7

SHA256
668f67595a5b3a8ea88eb54d7dcb217da8ced703d2469f32f1bf75786b1d6142

SHA512
9702041beff5f84dc7e012e795d8d09c65cb53f5a81feb2675d81282d025d128793725c999e85dde05804ffe84083b1ec8211401f1fa88585fc528391b55691e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
52e17d1b32efbd5b0623b44b502dc0f6

SHA1
ec2f1da9452feff88be16a5dddb72701c3841a7c

SHA256
589d74a3febdb6835a7299891470b17068aa1bbc73c1d0ecef8b1dd6653b831c

SHA512
03800adb0aaee132019857af00af424812b42f2a4bdaa4f2ea6bf54e514e8091115acc03fbfde73dd84fdd2226c3a39a7a9bd18b73bcf6a1c20bb6954c55a756

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c4d81ca6509babeb564bd452e483db80

SHA1
f3ee1cbaf779d3d9279f2f14c2274a9b2d0567ad

SHA256
8a78f764b449aadb1e03f2671fe5bca2b6d6c1caa655a8c5eab593b0df3f079e

SHA512
d33d35920ae74133d0c2c0dbe37ea23bb9a58dc6f9e2a069174ddc517901ac6f97213de06e7ddb73b8cc28e717cfdd734078046e976c4c3be9e5c1818eeda427

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9af05dffc86fbdc2dc42a0ac2005a27f

SHA1
96950a4f7e063956cd792b076036bfa328699a31

SHA256
75d12f88d6120d429930d5a3efb016a536748809c6f0bded9e2a5b869156cf8a

SHA512
b6b308ec1c6611e4ccda4ca4e47dbf9d10d6da1691072ffffc60e0e66e0bcaecb4c6da089652580bcf14668e625498982407335f3b47104c53e077e2c8a7e4a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\1e9b43da

Filesize
1.4MB

MD5
779a8f65fbc5d28927dff971596a151a

SHA1
69be36249102a3dbbee6a1bbb8b1e6a010f83085

SHA256
cdf6bb67d2205ade29bc744401a13969a36459da3165b5a7e19d6be49c12ef9f

SHA512
ada12461a5f824f4e118eb57e7ca667ea8bc7cd19a5d359f4edd9e953d50e14e99adace65145a76fc6e0f383ebf8789fc3d8720057b39fe552465d9b8d234f66

Download Submit
C:\Users\Admin\AppData\Roaming\DockerUpdate_ibj_5\OISGRAPH.DLL:Zone.Identifier

Filesize
78B

MD5
5096f68ecce99d9ffbd110c8268364a9

SHA1
d9820f4f86f114e540700d6ee183b9bf159f2601

SHA256
90a4b73d076df3351e2f737da0cd2539c30e20748cd6a01c382a66bff7661fae

SHA512
287abfe86c7092eefa0f35fe710582dbc3d142982c50cf6a1ac4735019d8508c816aac0b62669cd50b03fdcbc1e813be3819fad91a836582e3fbe2e766b223e4

Download Submit
C:\Users\Admin\Downloads\hw_update.zip.crdownload

Filesize
2.6MB

MD5
523a78cf238f7cdb5514d4b31f0fa5e1

SHA1
8f24996cf4210cdb630d3bbc4ddc707eeb0ccbbb

SHA256
f045d69838eb19c4611b7e9c89d63a1869b971fb1f2ce72a535408dd90ef81fa

SHA512
09306602e86635e33d988468ee4e2f6ea016a0e929f5cd2a1dcca7a15f0ef1f314165e571410b321bdbc43594c88a6d62d4e59a8c0a0835f2a6ee9826f32b30d

Download Submit
C:\Users\Admin\Downloads\hw_update.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/2360-303-0x00007FF9ECE20000-0x00007FF9ECF9A000-memory.dmp

Filesize
1.5MB

Download
memory/2360-341-0x00007FF9ECE20000-0x00007FF9ECF9A000-memory.dmp

Filesize
1.5MB

Download
memory/4576-355-0x00000000753D0000-0x000000007554D000-memory.dmp

Filesize
1.5MB

Download
memory/4576-344-0x00007FFA12F20000-0x00007FFA13129000-memory.dmp

Filesize
2.0MB

Download
memory/5252-445-0x0000000005990000-0x00000000059E0000-memory.dmp

Filesize
320KB

Download
memory/5252-443-0x0000000005D30000-0x0000000005EF2000-memory.dmp

Filesize
1.8MB

Download
memory/5252-444-0x0000000005A10000-0x0000000005A86000-memory.dmp

Filesize
472KB

Download
memory/5252-442-0x0000000005850000-0x000000000585A000-memory.dmp

Filesize
40KB

Download
memory/5252-441-0x0000000005F40000-0x00000000064E6000-memory.dmp

Filesize
5.6MB

Download
memory/5252-438-0x00000000058F0000-0x0000000005982000-memory.dmp

Filesize
584KB

Download
memory/5252-437-0x0000000001300000-0x00000000013C4000-memory.dmp

Filesize
784KB

Download
memory/5252-380-0x00000000736D0000-0x00000000749E7000-memory.dmp

Filesize
19.1MB

Download