bbfcb37c71de22452e4d647e850df62a87c8b08e576f782612d5475e512f3e6b

Analysis

max time kernel
1720s
max time network
1623s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
26/03/2025, 05:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

data.rar
Size

16.9MB
MD5

bf11e28006e650cacb7eadef8c4b99cc
SHA1

c21a5d20fc8c1b686a3f0da15bf4e94fc2526405
SHA256

bbfcb37c71de22452e4d647e850df62a87c8b08e576f782612d5475e512f3e6b
SHA512

f0c87755409849cf5ee8fcdff0e559d4bff6059619a2a5719a5049b9fcbe0aec4bee9c6146be6da1411e33fea972619d6d18e0ad433603fd3dc0e9314f87351b
SSDEEP

393216:cxZDZYHhD9oCDlU3b8LbTb2JTYunKpe7OYQuj/WQzVYYi9kcaZR1x:caBBoeTLv6NYunKpe7OYQ6/pWY7ceR1x

Score

9^/10

agilenet defense_evasion discovery themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

defense_evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Vortex Crypter.exe

Manipulates Digital Signatures 1 TTPs 3 IoCs

Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.60.3.1!7\Name = "szOID_ROOT_PROGRAM_AUTO_UPDATE_CA_REVOCATION"	certutil.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.60.3.2!7\Name = "szOID_ROOT_PROGRAM_AUTO_UPDATE_END_REVOCATION"	certutil.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.60.3.3!7\Name = "szOID_ROOT_PROGRAM_NO_OCSP_FAILOVER_TO_CRL"	certutil.exe

.NET Reactor proctector 4 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

resource	yara_rule
behavioral1/memory/3520-49-0x0000000000740000-0x00000000019EA000-memory.dmp	net_reactor
behavioral1/files/0x00040000000234b4-701.dat	net_reactor
behavioral1/memory/3520-730-0x0000000000740000-0x00000000019EA000-memory.dmp	net_reactor
behavioral1/memory/5060-2359-0x0000000000350000-0x00000000011CE000-memory.dmp	net_reactor

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Vortex Crypter.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Vortex Crypter.exe

Checks computer location settings 2 TTPs 5 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	Loader.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	Loader.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	Loader.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	Phantom Modified.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	Phantom Modified.exe

Executes dropped EXE 18 IoCs

pid	Process
3520	dotNET_Reactor.exe
1444	Phantom Modified.exe
5268	HUNTER-VIP.exe
428	donut.exe
4716	Phantom Modified.exe
4776	donut.exe
3520	Vortex Crypter.exe
5060	reactor.lib
1952	XBinder v2.exe
4992	Loader.exe
3636	HUNTER-VIP.exe
748	authlinker.exe
5408	Loader.exe
1448	HUNTER-VIP.exe
5796	authlinker.exe
5360	Loader.exe
828	HUNTER-VIP.exe
4736	authlinker.exe

Loads dropped DLL 5 IoCs

pid	Process
1444	Phantom Modified.exe
1444	Phantom Modified.exe
4716	Phantom Modified.exe
4716	Phantom Modified.exe
3520	Vortex Crypter.exe

Obfuscated with Agile.Net obfuscator 1 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

resource	yara_rule
behavioral1/memory/3520-2316-0x00000205ACD10000-0x00000205AD2F8000-memory.dmp	agile_net

Themida packer 11 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/files/0x000c0000000243c5-2321.dat	themida
behavioral1/memory/3520-2323-0x00007FF9A9EB0000-0x00007FF9AA662000-memory.dmp	themida
behavioral1/memory/3520-2325-0x00007FF9A9EB0000-0x00007FF9AA662000-memory.dmp	themida
behavioral1/memory/3520-2330-0x00007FF9A9EB0000-0x00007FF9AA662000-memory.dmp	themida
behavioral1/memory/3520-2331-0x00007FF9A9EB0000-0x00007FF9AA662000-memory.dmp	themida
behavioral1/memory/3520-2333-0x00007FF9A9EB0000-0x00007FF9AA662000-memory.dmp	themida
behavioral1/memory/3520-2334-0x00007FF9A9EB0000-0x00007FF9AA662000-memory.dmp	themida
behavioral1/memory/3520-2339-0x00007FF9A9EB0000-0x00007FF9AA662000-memory.dmp	themida
behavioral1/memory/3520-2382-0x00007FF9A9EB0000-0x00007FF9AA662000-memory.dmp	themida
behavioral1/memory/3520-2384-0x00007FF9A9EB0000-0x00007FF9AA662000-memory.dmp	themida
behavioral1/memory/3520-2386-0x00007FF9A9EB0000-0x00007FF9AA662000-memory.dmp	themida

Uses the VBS compiler for execution 1 TTPs

Command and Scripting Interpreter
T1059

Checks whether UAC is enabled 1 TTPs 1 IoCs

defense_evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Vortex Crypter.exe

Drops file in System32 directory 6 IoCs

description	ioc	Process
File created	C:\Windows\System32\authlinker.exe	Loader.exe
File opened for modification	C:\Windows\System32\authlinker.exe	Loader.exe
File created	C:\Windows\System32\authlinker.exe	Loader.exe
File opened for modification	C:\Windows\System32\authlinker.exe	Loader.exe
File created	C:\Windows\System32\authlinker.exe	Loader.exe
File opened for modification	C:\Windows\System32\authlinker.exe	Loader.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 26 IoCs

pid	Process
3520	dotNET_Reactor.exe
3520	dotNET_Reactor.exe
3520	dotNET_Reactor.exe
3520	dotNET_Reactor.exe
3520	dotNET_Reactor.exe
3520	dotNET_Reactor.exe
3520	dotNET_Reactor.exe
3520	dotNET_Reactor.exe
3520	dotNET_Reactor.exe
3520	dotNET_Reactor.exe
3520	dotNET_Reactor.exe
3520	dotNET_Reactor.exe
3520	dotNET_Reactor.exe
3520	dotNET_Reactor.exe
3520	dotNET_Reactor.exe
3520	dotNET_Reactor.exe
3520	dotNET_Reactor.exe
3520	dotNET_Reactor.exe
3520	dotNET_Reactor.exe
3520	dotNET_Reactor.exe
3520	dotNET_Reactor.exe
3520	dotNET_Reactor.exe
3520	dotNET_Reactor.exe
3520	dotNET_Reactor.exe
3520	dotNET_Reactor.exe
3520	dotNET_Reactor.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1184	4716	WerFault.exe	260
432	4716	WerFault.exe	260

System Location Discovery: System Language Discovery 1 TTPs 35 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dotNET_Reactor.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	certutil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HUNTER-VIP.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	find.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Phantom Modified.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cvtres.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	find.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	certutil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	authlinker.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	certutil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	find.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HUNTER-VIP.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reactor.lib
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	csc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HUNTER-VIP.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	find.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	find.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	authlinker.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	find.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	certutil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	authlinker.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	find.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Phantom Modified.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HUNTER-VIP.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	find.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

Checks processor information in registry 2 TTPs 14 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe

Enumerates system info in registry 2 TTPs 30 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	Phantom Modified.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	Phantom Modified.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	Vortex Crypter.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	Phantom Modified.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Phantom Modified.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	Vortex Crypter.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Phantom Modified.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	Phantom Modified.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Vortex Crypter.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 8 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133874403486841945"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	Vortex Crypter.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	Vortex Crypter.exe
Key created	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	dotNET_Reactor.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	dotNET_Reactor.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	Phantom Modified.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	XBinder v2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	XBinder v2.exe
Key created	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	dotNET_Reactor.exe
Key created	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	Vortex Crypter.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic"	Vortex Crypter.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	Vortex Crypter.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	XBinder v2.exe
Key created	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	dotNET_Reactor.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	Vortex Crypter.exe
Key created	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg	Vortex Crypter.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\2 = 5e003100000000004856c07510005842494e44457e310000460009000400efbe7a5ab82d7a5ac92d2e000000e1350200000007000000000000000000000000000000d370c8005800420069006e00640065007200200056003200000018000000	XBinder v2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	XBinder v2.exe
Key created	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings	dotNET_Reactor.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	dotNET_Reactor.exe
Key created	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7	Vortex Crypter.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	Vortex Crypter.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	Vortex Crypter.exe
Key created	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell	Vortex Crypter.exe
Key created	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	dotNET_Reactor.exe
Key created	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Phantom Modified.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	Phantom Modified.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Phantom Modified.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202020202	XBinder v2.exe
Key created	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	XBinder v2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	XBinder v2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	dotNET_Reactor.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\1\MRUListEx = ffffffff	Vortex Crypter.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\NodeSlot = "8"	Vortex Crypter.exe
Key created	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	Vortex Crypter.exe
Key created	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	XBinder v2.exe
Key created	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	XBinder v2.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff	dotNET_Reactor.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\SniffedFolderType = "Downloads"	Vortex Crypter.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Vortex Crypter.exe
Key created	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	XBinder v2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	XBinder v2.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	Phantom Modified.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	Phantom Modified.exe
Key created	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	Phantom Modified.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	Vortex Crypter.exe
Key created	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	XBinder v2.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	XBinder v2.exe
Key created	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg	Vortex Crypter.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic"	dotNET_Reactor.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	dotNET_Reactor.exe
Key created	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = 0100000000000000ffffffff	Vortex Crypter.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	Vortex Crypter.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 010000000200000000000000ffffffff	Vortex Crypter.exe
Key created	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	XBinder v2.exe
Key created	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	dotNET_Reactor.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	Phantom Modified.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Vortex Crypter.exe
Key created	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	Vortex Crypter.exe
Key created	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg	XBinder v2.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff	Phantom Modified.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	Vortex Crypter.exe

Suspicious behavior: EnumeratesProcesses 23 IoCs

pid	Process
4024	chrome.exe
4024	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
3828	chrome.exe
3828	chrome.exe
5760	chrome.exe
5760	chrome.exe
5760	chrome.exe
5760	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
5832	chrome.exe
5832	chrome.exe
6016	chrome.exe
6016	chrome.exe
6016	chrome.exe
6016	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 8 IoCs

pid	Process
5176	7zFM.exe
5716	7zFM.exe
5028	7zFM.exe
1444	Phantom Modified.exe
1684	7zFM.exe
3520	Vortex Crypter.exe
932	7zFM.exe
1952	XBinder v2.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
5760	chrome.exe
5760	chrome.exe
5760	chrome.exe
5760	chrome.exe
5760	chrome.exe
5760	chrome.exe
5760	chrome.exe
5760	chrome.exe
5760	chrome.exe
5760	chrome.exe
5760	chrome.exe
5760	chrome.exe
5760	chrome.exe
5760	chrome.exe
5760	chrome.exe
5760	chrome.exe
5760	chrome.exe
5760	chrome.exe
5760	chrome.exe
5760	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	5176	7zFM.exe
Token: 35	5176	7zFM.exe
Token: SeSecurityPrivilege	5176	7zFM.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5176	7zFM.exe
5176	7zFM.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
5716	7zFM.exe
4024	chrome.exe
5716	7zFM.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe

Suspicious use of SetWindowsHookEx 15 IoCs

pid	Process
3520	dotNET_Reactor.exe
3520	dotNET_Reactor.exe
3520	dotNET_Reactor.exe
3520	dotNET_Reactor.exe
3520	dotNET_Reactor.exe
1444	Phantom Modified.exe
1444	Phantom Modified.exe
3600	OpenWith.exe
3520	Vortex Crypter.exe
3520	Vortex Crypter.exe
3520	Vortex Crypter.exe
3520	Vortex Crypter.exe
3520	Vortex Crypter.exe
1952	XBinder v2.exe
1952	XBinder v2.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4024 wrote to memory of 3560	4024	chrome.exe	109
PID 4024 wrote to memory of 3560	4024	chrome.exe	109
PID 4024 wrote to memory of 1144	4024	chrome.exe	110
PID 4024 wrote to memory of 1144	4024	chrome.exe	110
PID 4024 wrote to memory of 1144	4024	chrome.exe	110
PID 4024 wrote to memory of 1144	4024	chrome.exe	110
PID 4024 wrote to memory of 1144	4024	chrome.exe	110
PID 4024 wrote to memory of 1144	4024	chrome.exe	110
PID 4024 wrote to memory of 1144	4024	chrome.exe	110
PID 4024 wrote to memory of 1144	4024	chrome.exe	110
PID 4024 wrote to memory of 1144	4024	chrome.exe	110
PID 4024 wrote to memory of 1144	4024	chrome.exe	110
PID 4024 wrote to memory of 1144	4024	chrome.exe	110
PID 4024 wrote to memory of 1144	4024	chrome.exe	110
PID 4024 wrote to memory of 1144	4024	chrome.exe	110
PID 4024 wrote to memory of 1144	4024	chrome.exe	110
PID 4024 wrote to memory of 1144	4024	chrome.exe	110
PID 4024 wrote to memory of 1144	4024	chrome.exe	110
PID 4024 wrote to memory of 1144	4024	chrome.exe	110
PID 4024 wrote to memory of 1144	4024	chrome.exe	110
PID 4024 wrote to memory of 1144	4024	chrome.exe	110
PID 4024 wrote to memory of 1144	4024	chrome.exe	110
PID 4024 wrote to memory of 1144	4024	chrome.exe	110
PID 4024 wrote to memory of 1144	4024	chrome.exe	110
PID 4024 wrote to memory of 1144	4024	chrome.exe	110
PID 4024 wrote to memory of 1144	4024	chrome.exe	110
PID 4024 wrote to memory of 1144	4024	chrome.exe	110
PID 4024 wrote to memory of 1144	4024	chrome.exe	110
PID 4024 wrote to memory of 1144	4024	chrome.exe	110
PID 4024 wrote to memory of 1144	4024	chrome.exe	110
PID 4024 wrote to memory of 1144	4024	chrome.exe	110
PID 4024 wrote to memory of 1144	4024	chrome.exe	110
PID 4024 wrote to memory of 952	4024	chrome.exe	111
PID 4024 wrote to memory of 952	4024	chrome.exe	111
PID 4024 wrote to memory of 5112	4024	chrome.exe	112
PID 4024 wrote to memory of 5112	4024	chrome.exe	112
PID 4024 wrote to memory of 5112	4024	chrome.exe	112
PID 4024 wrote to memory of 5112	4024	chrome.exe	112
PID 4024 wrote to memory of 5112	4024	chrome.exe	112
PID 4024 wrote to memory of 5112	4024	chrome.exe	112
PID 4024 wrote to memory of 5112	4024	chrome.exe	112
PID 4024 wrote to memory of 5112	4024	chrome.exe	112
PID 4024 wrote to memory of 5112	4024	chrome.exe	112
PID 4024 wrote to memory of 5112	4024	chrome.exe	112
PID 4024 wrote to memory of 5112	4024	chrome.exe	112
PID 4024 wrote to memory of 5112	4024	chrome.exe	112
PID 4024 wrote to memory of 5112	4024	chrome.exe	112
PID 4024 wrote to memory of 5112	4024	chrome.exe	112
PID 4024 wrote to memory of 5112	4024	chrome.exe	112
PID 4024 wrote to memory of 5112	4024	chrome.exe	112
PID 4024 wrote to memory of 5112	4024	chrome.exe	112
PID 4024 wrote to memory of 5112	4024	chrome.exe	112
PID 4024 wrote to memory of 5112	4024	chrome.exe	112
PID 4024 wrote to memory of 5112	4024	chrome.exe	112
PID 4024 wrote to memory of 5112	4024	chrome.exe	112
PID 4024 wrote to memory of 5112	4024	chrome.exe	112
PID 4024 wrote to memory of 5112	4024	chrome.exe	112
PID 4024 wrote to memory of 5112	4024	chrome.exe	112
PID 4024 wrote to memory of 5112	4024	chrome.exe	112
PID 4024 wrote to memory of 5112	4024	chrome.exe	112
PID 4024 wrote to memory of 5112	4024	chrome.exe	112
PID 4024 wrote to memory of 5112	4024	chrome.exe	112
PID 4024 wrote to memory of 5112	4024	chrome.exe	112
PID 4024 wrote to memory of 5112	4024	chrome.exe	112

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\data.rar"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5176

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5340

C:\Users\Admin\Desktop\data\dotNET_Reactor.exe
"C:\Users\Admin\Desktop\data\dotNET_Reactor.exe"
1⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3520

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff9be2edcf8,0x7ff9be2edd04,0x7ff9be2edd10
  2⤵
  PID:3560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1992,i,7908339559710909017,17937176501701624480,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=1988 /prefetch:2
  2⤵
  PID:1144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1632,i,7908339559710909017,17937176501701624480,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  PID:952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2388,i,7908339559710909017,17937176501701624480,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2548 /prefetch:8
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3180,i,7908339559710909017,17937176501701624480,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3208,i,7908339559710909017,17937176501701624480,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:4072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4428,i,7908339559710909017,17937176501701624480,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4468 /prefetch:2
  2⤵
  PID:2312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4736,i,7908339559710909017,17937176501701624480,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:1044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5380,i,7908339559710909017,17937176501701624480,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5388 /prefetch:8
  2⤵
  PID:3040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5512,i,7908339559710909017,17937176501701624480,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5492 /prefetch:8
  2⤵
  PID:5508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5388,i,7908339559710909017,17937176501701624480,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5652 /prefetch:8
  2⤵
  PID:3176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5736,i,7908339559710909017,17937176501701624480,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5588 /prefetch:8
  2⤵
  PID:2268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5616,i,7908339559710909017,17937176501701624480,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5612 /prefetch:8
  2⤵
  PID:5852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5608,i,7908339559710909017,17937176501701624480,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5776 /prefetch:8
  2⤵
  PID:1056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3936,i,7908339559710909017,17937176501701624480,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:3232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5580,i,7908339559710909017,17937176501701624480,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3236,i,7908339559710909017,17937176501701624480,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3600 /prefetch:1
  2⤵
  PID:1064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4624,i,7908339559710909017,17937176501701624480,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3556 /prefetch:1
  2⤵
  PID:3176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3520,i,7908339559710909017,17937176501701624480,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6028,i,7908339559710909017,17937176501701624480,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:5408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6280,i,7908339559710909017,17937176501701624480,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6288 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=240,i,7908339559710909017,17937176501701624480,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6276 /prefetch:8
  2⤵
  PID:4504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5956,i,7908339559710909017,17937176501701624480,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6500 /prefetch:8
  2⤵
  PID:3636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6260,i,7908339559710909017,17937176501701624480,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6460 /prefetch:8
  2⤵
  PID:4000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5768,i,7908339559710909017,17937176501701624480,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6384 /prefetch:1
  2⤵
  PID:1448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5640,i,7908339559710909017,17937176501701624480,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6268 /prefetch:1
  2⤵
  PID:400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6024,i,7908339559710909017,17937176501701624480,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:5736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6268,i,7908339559710909017,17937176501701624480,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5492 /prefetch:8
  2⤵
  PID:4588

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:6004

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2140

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\authlinker.rar"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:5716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9be2edcf8,0x7ff9be2edd04,0x7ff9be2edd10
  2⤵
  PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1956,i,15638033279079523276,7265181159273638543,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=1952 /prefetch:2
  2⤵
  PID:2028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2188,i,15638033279079523276,7265181159273638543,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  PID:6096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2376,i,15638033279079523276,7265181159273638543,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=2352 /prefetch:8
  2⤵
  PID:3032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3160,i,15638033279079523276,7265181159273638543,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3184,i,15638033279079523276,7265181159273638543,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:2136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4352,i,15638033279079523276,7265181159273638543,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=4380 /prefetch:2
  2⤵
  PID:4240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4780,i,15638033279079523276,7265181159273638543,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=4764 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5368,i,15638033279079523276,7265181159273638543,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=5384 /prefetch:8
  2⤵
  PID:4548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5492,i,15638033279079523276,7265181159273638543,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=5500 /prefetch:8
  2⤵
  PID:3540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5776,i,15638033279079523276,7265181159273638543,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:3172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3960,i,15638033279079523276,7265181159273638543,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:5140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3572,i,15638033279079523276,7265181159273638543,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=3528 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3912,i,15638033279079523276,7265181159273638543,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=3636 /prefetch:1
  2⤵
  PID:5716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5964,i,15638033279079523276,7265181159273638543,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6192,i,15638033279079523276,7265181159273638543,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=6228 /prefetch:8
  2⤵
  PID:1744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6140,i,15638033279079523276,7265181159273638543,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=6216 /prefetch:8
  2⤵
  PID:4488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6208,i,15638033279079523276,7265181159273638543,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=6048 /prefetch:8
  2⤵
  PID:2492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3632,i,15638033279079523276,7265181159273638543,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=5892 /prefetch:1
  2⤵
  PID:1508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5736,i,15638033279079523276,7265181159273638543,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:1728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=4548,i,15638033279079523276,7265181159273638543,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:5980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=3636,i,15638033279079523276,7265181159273638543,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=6184 /prefetch:1
  2⤵
  PID:620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=4368,i,15638033279079523276,7265181159273638543,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=4492 /prefetch:1
  2⤵
  PID:5624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=4500,i,15638033279079523276,7265181159273638543,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=4544 /prefetch:1
  2⤵
  PID:5420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5916,i,15638033279079523276,7265181159273638543,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=6184 /prefetch:1
  2⤵
  PID:1068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=6284,i,15638033279079523276,7265181159273638543,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=6336 /prefetch:1
  2⤵
  PID:3224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5740,i,15638033279079523276,7265181159273638543,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=6172 /prefetch:8
  2⤵
  PID:4900

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:3068

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4420

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Phantom_Modified.rar"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:5028

C:\Users\Admin\Desktop\Phantom Modified.exe
"C:\Users\Admin\Desktop\Phantom Modified.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1444
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /C donut.exe -a 1 -o "payload_native.bin" -i "payload_native.exe" -b 1 -k 2 -x 3 & exit
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5776
- - C:\Users\Admin\Desktop\donut.exe
    donut.exe -a 1 -o "payload_native.bin" -i "payload_native.exe" -b 1 -k 2 -x 3
    3⤵
    - Executes dropped EXE
    PID:428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:3828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9be2edcf8,0x7ff9be2edd04,0x7ff9be2edd10
  2⤵
  PID:1628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1932,i,6701415840853081282,8192949175608370119,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=1888 /prefetch:2
  2⤵
  PID:4004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2212,i,6701415840853081282,8192949175608370119,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  PID:1728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2360,i,6701415840853081282,8192949175608370119,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=2596 /prefetch:8
  2⤵
  PID:4476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2928,i,6701415840853081282,8192949175608370119,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=3008 /prefetch:1
  2⤵
  PID:5660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2936,i,6701415840853081282,8192949175608370119,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=3048 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4548,i,6701415840853081282,8192949175608370119,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=4512 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5192,i,6701415840853081282,8192949175608370119,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=5212 /prefetch:8
  2⤵
  PID:2372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5280,i,6701415840853081282,8192949175608370119,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=5296 /prefetch:8
  2⤵
  PID:1648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5232,i,6701415840853081282,8192949175608370119,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5244,i,6701415840853081282,8192949175608370119,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=4560 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3052,i,6701415840853081282,8192949175608370119,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=2940 /prefetch:1
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3596,i,6701415840853081282,8192949175608370119,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:2836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4644,i,6701415840853081282,8192949175608370119,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=3004 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3624,i,6701415840853081282,8192949175608370119,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=4552 /prefetch:1
  2⤵
  PID:2204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5384,i,6701415840853081282,8192949175608370119,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=4672 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5760,i,6701415840853081282,8192949175608370119,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=4508 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=6212,i,6701415840853081282,8192949175608370119,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=3704 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=6240,i,6701415840853081282,8192949175608370119,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=6036 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3540,i,6701415840853081282,8192949175608370119,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=6224 /prefetch:8
  2⤵
  PID:1968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5908,i,6701415840853081282,8192949175608370119,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=5988 /prefetch:8
  2⤵
  PID:3724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5768,i,6701415840853081282,8192949175608370119,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=4504 /prefetch:8
  2⤵
  PID:5108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6380,i,6701415840853081282,8192949175608370119,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=6388 /prefetch:8
  2⤵
  PID:3056
- C:\Users\Admin\Downloads\HUNTER-VIP.exe
  "C:\Users\Admin\Downloads\HUNTER-VIP.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5268
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\Downloads\HUNTER-VIP.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3464
  - - C:\Windows\SysWOW64\certutil.exe
      certutil -hashfile "C:\Users\Admin\Downloads\HUNTER-VIP.exe" MD5
      4⤵
      Manipulates Digital Signatures
      System Location Discovery: System Language Discovery
      PID:3292
  - - C:\Windows\SysWOW64\find.exe
      find /i /v "md5"
      4⤵
      System Location Discovery: System Language Discovery
      PID:5048
  - - C:\Windows\SysWOW64\find.exe
      find /i /v "certutil"
      4⤵
      System Location Discovery: System Language Discovery
      PID:5284
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4752

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:5788

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:5760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9be2edcf8,0x7ff9be2edd04,0x7ff9be2edd10
  2⤵
  PID:6004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1952,i,16749680335603814710,1978056859728945893,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=1944 /prefetch:2
  2⤵
  PID:5548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2196,i,16749680335603814710,1978056859728945893,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  PID:5188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2348,i,16749680335603814710,1978056859728945893,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=2524 /prefetch:8
  2⤵
  PID:5920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3160,i,16749680335603814710,1978056859728945893,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3168,i,16749680335603814710,1978056859728945893,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4528,i,16749680335603814710,1978056859728945893,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=4468 /prefetch:1
  2⤵
  PID:5976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5140,i,16749680335603814710,1978056859728945893,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=5152 /prefetch:8
  2⤵
  PID:5652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5240,i,16749680335603814710,1978056859728945893,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=5256 /prefetch:8
  2⤵
  PID:4336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5552,i,16749680335603814710,1978056859728945893,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:1104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5632,i,16749680335603814710,1978056859728945893,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4504,i,16749680335603814710,1978056859728945893,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5792,i,16749680335603814710,1978056859728945893,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:1148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5828,i,16749680335603814710,1978056859728945893,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5940,i,16749680335603814710,1978056859728945893,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5476,i,16749680335603814710,1978056859728945893,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=208,i,16749680335603814710,1978056859728945893,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=5320 /prefetch:8
  2⤵
  PID:2084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3356,i,16749680335603814710,1978056859728945893,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=5972 /prefetch:8
  2⤵
  PID:4308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4552,i,16749680335603814710,1978056859728945893,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=5580 /prefetch:8
  2⤵
  PID:5292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5668,i,16749680335603814710,1978056859728945893,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:6120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5952,i,16749680335603814710,1978056859728945893,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=3332,i,16749680335603814710,1978056859728945893,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:2768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5320,i,16749680335603814710,1978056859728945893,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:5236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5644,i,16749680335603814710,1978056859728945893,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=6036 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5688,i,16749680335603814710,1978056859728945893,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=6088,i,16749680335603814710,1978056859728945893,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:1524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6080,i,16749680335603814710,1978056859728945893,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=6012 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=6172,i,16749680335603814710,1978056859728945893,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:5508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=5880,i,16749680335603814710,1978056859728945893,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=6120 /prefetch:1
  2⤵
  PID:768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=3212,i,16749680335603814710,1978056859728945893,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=5896,i,16749680335603814710,1978056859728945893,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:5844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=3280,i,16749680335603814710,1978056859728945893,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=840 /prefetch:1
  2⤵
  PID:2488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=5384,i,16749680335603814710,1978056859728945893,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=6048 /prefetch:1
  2⤵
  PID:4160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=5740,i,16749680335603814710,1978056859728945893,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=5860,i,16749680335603814710,1978056859728945893,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:3696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=5424,i,16749680335603814710,1978056859728945893,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:2632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=3364,i,16749680335603814710,1978056859728945893,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:5332

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:2020

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5772

C:\Users\Admin\Desktop\Phantom Modified.exe
"C:\Users\Admin\Desktop\Phantom Modified.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
PID:4716
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /C donut.exe -a 1 -o "payload_native.bin" -i "payload_native.exe" -b 1 -k 2 -x 3 & exit
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4936
- - C:\Users\Admin\Desktop\donut.exe
    donut.exe -a 1 -o "payload_native.bin" -i "payload_native.exe" -b 1 -k 2 -x 3
    3⤵
    - Executes dropped EXE
    PID:4776
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4716 -s 1716
  2⤵
  - Program crash
  PID:1184
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4716 -s 976
  2⤵
  - Program crash
  PID:432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
PID:2492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9be2edcf8,0x7ff9be2edd04,0x7ff9be2edd10
  2⤵
  PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1956,i,11451486916360419244,5641391857421048905,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=1952 /prefetch:2
  2⤵
  PID:2512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2060,i,11451486916360419244,5641391857421048905,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2376,i,11451486916360419244,5641391857421048905,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=2252 /prefetch:8
  2⤵
  PID:3960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2964,i,11451486916360419244,5641391857421048905,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=2852 /prefetch:1
  2⤵
  PID:848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2972,i,11451486916360419244,5641391857421048905,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=2992 /prefetch:1
  2⤵
  PID:1728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=2208,i,11451486916360419244,5641391857421048905,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=4500 /prefetch:1
  2⤵
  PID:732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5148,i,11451486916360419244,5641391857421048905,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=5164 /prefetch:8
  2⤵
  PID:4476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5312,i,11451486916360419244,5641391857421048905,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=5324 /prefetch:8
  2⤵
  PID:1372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=208,i,11451486916360419244,5641391857421048905,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=5180 /prefetch:8
  2⤵
  PID:3696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4420,i,11451486916360419244,5641391857421048905,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=5356 /prefetch:8
  2⤵
  PID:2172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5344,i,11451486916360419244,5641391857421048905,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=5460 /prefetch:8
  2⤵
  PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5356,i,11451486916360419244,5641391857421048905,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:1252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5452,i,11451486916360419244,5641391857421048905,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:2524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3660,i,11451486916360419244,5641391857421048905,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=2696 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3472,i,11451486916360419244,5641391857421048905,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=3488 /prefetch:1
  2⤵
  PID:536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3420,i,11451486916360419244,5641391857421048905,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:5896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5652,i,11451486916360419244,5641391857421048905,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:5988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4548,i,11451486916360419244,5641391857421048905,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=6052 /prefetch:8
  2⤵
  PID:4136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4740,i,11451486916360419244,5641391857421048905,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=4596 /prefetch:8
  2⤵
  PID:5596

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:1672

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4308

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Vortex Crypter.rar"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:1684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4716 -ip 4716
1⤵
PID:2588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 4716 -ip 4716
1⤵
PID:6056

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3600

C:\Users\Admin\Desktop\Vortex Crypter\Vortex Crypter.exe
"C:\Users\Admin\Desktop\Vortex Crypter\Vortex Crypter.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3520
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\bx4vvtau\bx4vvtau.cmdline"
  2⤵
  PID:2308
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES740F.tmp" "c:\Users\Admin\Desktop\CSCEE9825FD82B7432E8CA3F830D6DA6CB8.TMP"
    3⤵
    PID:4584
- C:\Users\Admin\Desktop\Vortex Crypter\VortexModule\reactor.lib
  "C:\Users\Admin\Desktop\Vortex Crypter\VortexModule\reactor.lib" -licensed -hide_calls 1 -hide_calls_internals 1 -control_flow 1 -flow_level 4 -necrobit 1 -necrobit_comp 1 -all_params 1 -obfuscate_public_types 1 -naming unprintable -stringencryption 1 -file "C:\Users\Admin\Desktop\tmp_wEesXcoZqBELvdl.exe" -targetfile C:\Users\Admin\Desktop\wEesXcoZqBELvdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5060
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\fb4win4i\fb4win4i.cmdline"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5804
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES8063.tmp" "c:\Users\Admin\AppData\Local\Temp\fb4win4i\CSCF9A3B4EFAFE04F1E87A2E02247D5FD1A.TMP"
      4⤵
      System Location Discovery: System Language Discovery
      PID:1124
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\dixoiaxz\dixoiaxz.cmdline"
  2⤵
  PID:5860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:5832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9be2edcf8,0x7ff9be2edd04,0x7ff9be2edd10
  2⤵
  PID:5884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1952,i,15121990508752581589,4478818696644802442,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=1948 /prefetch:2
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2004,i,15121990508752581589,4478818696644802442,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=1684 /prefetch:3
  2⤵
  PID:5772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2192,i,15121990508752581589,4478818696644802442,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=2368 /prefetch:8
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2936,i,15121990508752581589,4478818696644802442,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=2680 /prefetch:1
  2⤵
  PID:3644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2944,i,15121990508752581589,4478818696644802442,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=2956 /prefetch:1
  2⤵
  PID:3844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4460,i,15121990508752581589,4478818696644802442,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=4516 /prefetch:1
  2⤵
  PID:3852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5188,i,15121990508752581589,4478818696644802442,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=5140 /prefetch:8
  2⤵
  PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5392,i,15121990508752581589,4478818696644802442,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=5400 /prefetch:8
  2⤵
  PID:3660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5640,i,15121990508752581589,4478818696644802442,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=5424 /prefetch:8
  2⤵
  PID:976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5340,i,15121990508752581589,4478818696644802442,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=5496 /prefetch:8
  2⤵
  PID:3684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5656,i,15121990508752581589,4478818696644802442,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=5288 /prefetch:8
  2⤵
  PID:5560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5396,i,15121990508752581589,4478818696644802442,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:2680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5736,i,15121990508752581589,4478818696644802442,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3208,i,15121990508752581589,4478818696644802442,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=2956 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4548,i,15121990508752581589,4478818696644802442,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=4556 /prefetch:1
  2⤵
  PID:396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=2960,i,15121990508752581589,4478818696644802442,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=2964 /prefetch:1
  2⤵
  PID:1052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5292,i,15121990508752581589,4478818696644802442,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3064,i,15121990508752581589,4478818696644802442,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=3116 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5984,i,15121990508752581589,4478818696644802442,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6316,i,15121990508752581589,4478818696644802442,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=6272 /prefetch:1
  2⤵
  PID:5652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4656,i,15121990508752581589,4478818696644802442,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=3644 /prefetch:8
  2⤵
  PID:6080

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:6012

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3400

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\XBinder_V2.7z"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:932

C:\Users\Admin\Desktop\XBinder V2\XBinder v2.exe
"C:\Users\Admin\Desktop\XBinder V2\XBinder v2.exe"
1⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1952
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\2kmzwdcv\2kmzwdcv.cmdline"
  2⤵
  PID:4116
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESAB77.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcC030337CB4144AD9FE2F9BA7463ECEC.TMP"
    3⤵
    PID:3176

C:\Users\Admin\Desktop\Loader.exe
"C:\Users\Admin\Desktop\Loader.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Drops file in System32 directory
PID:4992
- C:\Users\Admin\Desktop\HUNTER-VIP.exe
  "C:\Users\Admin\Desktop\HUNTER-VIP.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3636
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\Desktop\HUNTER-VIP.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2804
  - - C:\Windows\SysWOW64\certutil.exe
      certutil -hashfile "C:\Users\Admin\Desktop\HUNTER-VIP.exe" MD5
      4⤵
      System Location Discovery: System Language Discovery
      PID:5484
  - - C:\Windows\SysWOW64\find.exe
      find /i /v "md5"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2340
  - - C:\Windows\SysWOW64\find.exe
      find /i /v "certutil"
      4⤵
      System Location Discovery: System Language Discovery
      PID:744
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    - System Location Discovery: System Language Discovery
    PID:456
- C:\Windows\System32\authlinker.exe
  "C:\Windows\System32\authlinker.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:748

C:\Users\Admin\Desktop\Loader.exe
"C:\Users\Admin\Desktop\Loader.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Drops file in System32 directory
PID:5408
- C:\Users\Admin\Desktop\HUNTER-VIP.exe
  "C:\Users\Admin\Desktop\HUNTER-VIP.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1448
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\Desktop\HUNTER-VIP.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5292
  - - C:\Windows\SysWOW64\certutil.exe
      certutil -hashfile "C:\Users\Admin\Desktop\HUNTER-VIP.exe" MD5
      4⤵
      System Location Discovery: System Language Discovery
      PID:1808
  - - C:\Windows\SysWOW64\find.exe
      find /i /v "md5"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4868
  - - C:\Windows\SysWOW64\find.exe
      find /i /v "certutil"
      4⤵
      System Location Discovery: System Language Discovery
      PID:5016
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3564
- C:\Windows\System32\authlinker.exe
  "C:\Windows\System32\authlinker.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5796

C:\Users\Admin\Desktop\Loader.exe
"C:\Users\Admin\Desktop\Loader.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Drops file in System32 directory
PID:5360
- C:\Users\Admin\Desktop\HUNTER-VIP.exe
  "C:\Users\Admin\Desktop\HUNTER-VIP.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:828
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\Desktop\HUNTER-VIP.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:224
  - - C:\Windows\SysWOW64\certutil.exe
      certutil -hashfile "C:\Users\Admin\Desktop\HUNTER-VIP.exe" MD5
      4⤵
      System Location Discovery: System Language Discovery
      PID:1144
  - - C:\Windows\SysWOW64\find.exe
      find /i /v "md5"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4420
  - - C:\Windows\SysWOW64\find.exe
      find /i /v "certutil"
      4⤵
      System Location Discovery: System Language Discovery
      PID:372
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2900
- C:\Windows\System32\authlinker.exe
  "C:\Windows\System32\authlinker.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
PID:6016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9be2edcf8,0x7ff9be2edd04,0x7ff9be2edd10
  2⤵
  PID:6056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2068,i,11678338627521354718,6152470127059565610,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=2024 /prefetch:2
  2⤵
  PID:3076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1888,i,11678338627521354718,6152470127059565610,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  PID:4664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2340,i,11678338627521354718,6152470127059565610,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=2500 /prefetch:8
  2⤵
  PID:1156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,11678338627521354718,6152470127059565610,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:5336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3172,i,11678338627521354718,6152470127059565610,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4488,i,11678338627521354718,6152470127059565610,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=4512 /prefetch:1
  2⤵
  PID:2916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5192,i,11678338627521354718,6152470127059565610,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=5184 /prefetch:8
  2⤵
  PID:4476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5404,i,11678338627521354718,6152470127059565610,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=5412 /prefetch:8
  2⤵
  PID:1384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5476,i,11678338627521354718,6152470127059565610,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:1904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3616,i,11678338627521354718,6152470127059565610,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=3896 /prefetch:1
  2⤵
  PID:3228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3252,i,11678338627521354718,6152470127059565610,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5648,i,11678338627521354718,6152470127059565610,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=5536 /prefetch:8
  2⤵
  PID:3284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5828,i,11678338627521354718,6152470127059565610,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:5976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6000,i,11678338627521354718,6152470127059565610,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=5940 /prefetch:8
  2⤵
  PID:3924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3264,i,11678338627521354718,6152470127059565610,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=3500 /prefetch:8
  2⤵
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6076,i,11678338627521354718,6152470127059565610,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=6180 /prefetch:8
  2⤵
  PID:6064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6128,i,11678338627521354718,6152470127059565610,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=6176 /prefetch:8
  2⤵
  PID:1524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6168,i,11678338627521354718,6152470127059565610,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=6120 /prefetch:8
  2⤵
  PID:4784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6200,i,11678338627521354718,6152470127059565610,262144 --variations-seed-version=20250325-050110.329000 --mojo-platform-channel-handle=6316 /prefetch:8
  2⤵
  PID:5796

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:1008

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\43ebc6ae-25e4-46a7-a4bf-c9ed675c971d.tmp

Filesize
94KB

MD5
5e4623d94fd398aead6663e8c644a6dc

SHA1
63a11849992ac6508bc27eea313b148432108291

SHA256
0f52b8e583aeeab372521a54b02b747bb20defa65e0b2d7199954b7cf92ff2b8

SHA512
d1ab5811f3222681d163d79465cb8f5bedf74eaa16e13af43ba0ed6543aabce2742842d8f2a2d9822afa0d7a0b3cd51c047d06748ddfc64437d4f029ffe9dd73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma

Filesize
1024KB

MD5
d194b6ae5076472353e70c1277fb525a

SHA1
7c27302e27470b3328b573371c93949e47806e10

SHA256
fbbb3afd66ad37613804fc7b6163a86a3cabc2f3def7d317958171e34e080d84

SHA512
7d8a3320f838084d1a32fabbfc80ed7a6775bcd7cd6a941277de005ece9e294223f995ffa80dd17dcc3705c78be96b09e1d203905e2bab09977261635c52f2cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma

Filesize
1024KB

MD5
b0366599d64b0fc1adb2a712dcd02ee1

SHA1
b7a1c09ccd2846664cab5f76bd80b8e9f107acb0

SHA256
ae1bddb9e2cc97b0c9cd78ef3cd17553be6e5204677bd67e0b8f7fa27007f189

SHA512
d7de6d48285018f8b709c81ca01688126db7893ce9f48829524ee3122aa6f2200c7f78186b5a558d0b1ecf8157ee78a20064b63b45ab89f7aa0835b8409435d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
e583b3bcd0a283734268ceaab094ecf6

SHA1
31cd245bfde1e6f488730f052d6d37bbcfe470ea

SHA256
a143092cbf17b2e36e7b5e9ec5058a2154cca9ac0c2b5841855c07439ae6c509

SHA512
3168641a34bfeed7098fe87c75ab92337c94baf76d8725e295a411853381514748e71a0c4c527893a653e1a30d0cf1b540ede8ba480ca655af78cbec0b259e21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\214bb040-aabd-46be-afa1-9e53fc7df358.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\29fad0d3-84dc-424d-90bf-93a1d2ae30ee.tmp

Filesize
15KB

MD5
2b1cd1cbca3ec8b2cfdea758cbd2a54d

SHA1
2a47b2b9cc4a71e1fbc1a31bd02e0c20c9cf6f9e

SHA256
a8bb72ac46d68af3786c72c574e60ffc06268067b087501fe0676fd7d0e28d56

SHA512
ef8736c412512e1560c9ec4a7147abcdf41ee312f1943780d3bebcd46144fad324b79e8825de10ae27b0a6a93555d52acbd3a4e772101d1db7e8912eecaa00fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
7928a7ca8837ae6f8a3e30ebc7ed1d91

SHA1
10b9e1caeb936344101e242fdc82a0030063d33f

SHA256
8576cd550a1f5ae339e7934b70b04a8d3087ea994771258f3d2c81af532101fd

SHA512
144575635245ebf474b2623a97af00119cb5fc44480c313a59a4428e7e924c802ed85622ab7ba98f486d78ea72604a168e0460aeb61da377f90fc52fc7fad44f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
37b8a4da117e388a47425ba5948247df

SHA1
c2abc708d1f9308af31659cd3d0918cea7da3235

SHA256
b5e9411f37afbee469b5936a22a05b6ce4595567713d5b4c33f89fe99f45d090

SHA512
7c326796071d7a6c95197d09118696e0d69e898e52223444127af9075c9cb45cd3ed730862fb2fe6d93bb4f283e3f3cc6b0fe0cebe2c2f394ea76aa4415bd76f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
54e3a16cfa6fe0cdfd6c5f9fedd132cf

SHA1
3fdc01bf373288c1269b4c5fc912e62994557398

SHA256
3996ec7855b8a6fee773834874068291eb206ec5034b4eff9756a52691171970

SHA512
943c9e5e9bad4970c299095492f1837704b44952af5bf98c79c54ad39480a722f96d3ce64c5a0dbe900f655db2b23024e1dea6bdc4efcf0c8775fef2c3b5512d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
120a87cd525c5acfdcbadd2144c6d0c2

SHA1
e0457a6250b70524827b70cf977aaabcdfe055c4

SHA256
b21b1afe844054a22a005e68eb7fca9eb816da6d48aa2468477966456912d820

SHA512
0741126087ed5af69bfc61141d0ea274d05575c318e2f22367810d55d01a3374689a906bc1294eb85ff228818a7707c5b02cb4e7a7076799d7e8061fd4155c7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
8ec3d114661a4bfec644ddb0920aa5fd

SHA1
e403a0befc9a0f5200afeee5715c3f113e6724d1

SHA256
873e95d211ddbd553211e0f8ec45fb90bec5b3f4cf54ffaba9fa6be5e8bcf605

SHA512
896182aca870289b0502a11ecabe9064f1d8c029254e08776d6252d83ba927631991a9a74181878d935989c94be7c9881ec82d878497cac5b86030ed17ace6ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
35KB

MD5
74832d664e0215b630aae4af00adb93a

SHA1
2838b06a1556d0b533fb0b97776c8b41b1febe66

SHA256
54671ecf4a2cef83b8ae96b29bed63ab6aa24a1fba523cb0d583a5a089075e99

SHA512
6b8e2080886d655a28b0bf7ce2ca5b0f766115f5ccc96be543da376a7176460169dec8db30b91f73c6c47f530f931161793e9569552e54fede362c61460509ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
63KB

MD5
1901d2bcbbabee4bbb9804c30642ae2b

SHA1
f31774bc12614be681c0b0c7de3ac128f0e932db

SHA256
15eba349e5829f11363614b8f3dd9c3d04994586601d3c4c4d8069e0f5655310

SHA512
bdb94d7d8cf47b239c61559545b1dd26e05da909fec05d215471388545879cd8ec9e1fea51c04ed43927e2b07b5b80a74f09eb9038c8d9045e4161ea69df215f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
38KB

MD5
f53236bc138719b68ccd1c7efb02a276

SHA1
26b7d3eea5d3b12d0b0e173ebf2af50a7d7e56d6

SHA256
787c14f8cc865430c03c96a345044b7c5b8dc8a032511a500d4a42228533acd8

SHA512
5485bc7ccce8ec75f60bca3be846086a4bd4466009c8e22da9cdd16bb1154529af2fb2667cd3a97485cc4f6635fb79ac0fdda4f3e1f39f25f6196f708a92d740

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
51KB

MD5
7734b11c7005f420c13602e89cfa1f94

SHA1
f0a975b215409e8baf32b1e44f8a05b23c75b99d

SHA256
34a61b8255c4f2885d5db4b662aa7d6da473ff81e4083788784f9041e029e94d

SHA512
82f6a45bd59925f69ca3649fdedac59161ffcafd3653bc6fb738797f6ad22b6de44d8c60733d8fc8ff0d24432125cf9c6a2c8675babbe2e24bd9ea5385a9541b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
66KB

MD5
51aeaa53889fc41db41fc91b91d31a7e

SHA1
e7531851db107ac6ca9c71d5d94103d144a1b942

SHA256
df7f89dc95ddf9035d43ce239257970a1de6e46d6e8d6f5f5db68979f9dbf2f3

SHA512
254cb1fdb63f1419c9afd35a45bf9ef8b9010d201e9e852753bb8347dc068e71becc4014930fa5a9a8cefd0ffeb5f4dcd914d5dca0c9f8b470cc74ddf9a58392

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000058

Filesize
215KB

MD5
e8518e1e0da2abd8a5d7f28760858c87

SHA1
d29d89b8a11ed64e67cbf726e2207f58bc87eead

SHA256
8b2c561b597399246b97f4f8d602f0354a979cbe4eea435d9dc65539f49cea64

SHA512
1c15b65bd6b998254cc6f3cbef179c266663f7b1c842229f79ff31ba30043837c398d85296fb20d3a576d9331fee9483ca0cbd06270da2d6db009bc454aee0c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b0481911026577c7_0

Filesize
281KB

MD5
3e365c6607060af2801c9e6680cc0e3e

SHA1
130430d102e897f937bbe8aa1965bb0609084e93

SHA256
db50948972da7516db5548e85cf2fd79e5894cafb5d31bf3932fe6ee2d5a0bf0

SHA512
0875ecc4ee2f2215d9279074b911e409a7845bb2635305af18961b986d7efb8d86196216b2a497a6615eb436a51ff8bb8681dafdbf405e5207cd6a72180a953d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d87681cda2787910_0

Filesize
241B

MD5
27a1feba87d5a02f92f78dbd31b2a5ad

SHA1
9448654c5b82002cdcb0cdc3cf654d82ce783687

SHA256
51d9c9cca9394560197d4917253b398e937a4b81e808909a070adf51f12c8e45

SHA512
b9dc8e8094ad8780c298be1b9255421e7cf1aa0efbdfddd3e149b4fe67d80281ad573bf87c552e38ce0407aa9aaa7c487f4e9a119fa8409f8df490ab8be2e418

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
089f713c6ee50c13fa29624dc9a95e8e

SHA1
a2b42ce0ac70724adb191bed4a92d858a3d46bb3

SHA256
a4d270b03bf31920914351925debcb79594685d6654c3f3abd2d971430790ee7

SHA512
ec33c8122eadb78a0af3d4560babfc121db88d7cf637d6c6d2a32488c3c97dcc61f4e83d504e89f67d6744318e2a9289f2a302314e5cf5becf5789067665f38b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
4aa53bd6024709c88d4f7bf819cf3761

SHA1
eab60e9fc74f9bcf2d0afd7f37b4b02d8c215349

SHA256
4658182b64204be80b0d16edd3d02b576154558274988fe2f1ba20de909b7fe5

SHA512
407e62d2a1daa25c5d09690e4e2c06655747f4e690ec390365a926f7c8edfbf3e1b981c9bdd738730f1df1376408f568b5a5b75f5da353e663a8102e82d6a824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
83de5b899c3b7e38b625aba3d2c4906e

SHA1
052222f3fd84d0e4728c9eab364bdd194312023c

SHA256
763cd1b712617cf32a218f77284fd7c3caa3805c2da0a875194e29e14dfee658

SHA512
7422ecf11b69f443bf9e64096ae661edca2725d1241522a7563519ed4a9a840a6e042124d2a87179cb853979005cc3be68e21af9bd46020c45a3742aaa80b15d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
40befff039c80073edb7c1d06f26b066

SHA1
2ca304b5f6474c6e430bb4086579371bf12696f4

SHA256
e9f3c0c3c9e0109902399d98d910e506e37a4bb0fe0f53cb7246453a3058591e

SHA512
a668ca12c6ed4de134dfbfd40a45c508eaa3b4cdf10946021b68b5f92cc4ac486540a74738c2d3743e9bf24d76bca57c89400663f9f949d5fc2f5b17b30b926e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
d67547e78e0809fded6ed7d24d588730

SHA1
ac7e8be06daa862698a69dc477b4d1c36b4fdf2b

SHA256
9bd2cb8aafeeaaa031a147b9bbedc70db84c439b30ab1f6e47e3e1be13ea8959

SHA512
182f5cebc27ad7eb426b0533e008d999cb5c85293316e72aa1168c1d9eef4dc8310690ca3255d43d6bcf868d6cdb540b4029228d3c5328102457952e02e7ce89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b7a15109506818afa85e81badcfd1f0a

SHA1
d33ab83173fa11f0644b802d271a242157b1b29c

SHA256
9616d45e7305073239ae5acbd378e669868b2ed181ad88511f94ae3ac06ef677

SHA512
f7c5648a02db4ef8f0182007984d220ed881e537985488db446b79ab97579360f8ab046b981cf10ee9a3bc4c44a239bfa181ca39c67114085b95dce1417ae9c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
0c0a43559a8ef6e83c6ff0040cf372b3

SHA1
3741ca2eb50202ed454cca2057ac005d73cb16fe

SHA256
05dd8522ab57e88f12b3a7e0b872f53185c0c9e74d0b8b5f211a02922b19d833

SHA512
23fe477d9f2b8eb9289f7f8d2389196653abd5b73077352cce75690b5ebbc9041af3b59054bef2f89765b11e294318d8656a9ebfab22ac76d5cb0769fcb05666

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
3d5906cb19f1ca0b6522e4448baa186b

SHA1
88ed4972419ae0a74f23379808189d8a53722191

SHA256
507efa0ee8fc5c347db3c41a5e3aae9b0bbff9d1dfae0c809bc9114e8da94899

SHA512
b46350b8681d1b6c241123ff66d8039bf0c9f29b29726d3b62e789f9f7e89f77319bf493c1cc937e41a930ea564bfe026aa38e864928665bec20723e902455d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DIPS

Filesize
36KB

MD5
5d242dc9226de7b6b9d21398da818f2d

SHA1
d78ed4f473f4dbf30fe9697e0a1a9b8e623cc3cf

SHA256
df571a6c273d8d301c880334654e77ffb21e88b1b57e14a636c9bd65ed87e08a

SHA512
869b721a403517a215704dbbceb38f1adb3b61ff856834214646cac1ef2ef63f6c07424d667e35af957314e14a98906be31ab97514f3fb6a19dd8a1e2729e425

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnGraphiteCache\data_1

Filesize
264KB

MD5
4fa084cfe472770c538025898693416e

SHA1
2ef275704a3203949c7ad307020d700defecb2ca

SHA256
161676ed330e1e7171b543717861017b27203f894e063167e3f798ef66a1ebec

SHA512
bb81a50fdbb038c8969b3348549deacb41f93731b029ba993bc33e1c59b869eaa2a2e8f3aacad867ac4871e91276699a3630344a5567fdc401c63a06051c73e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

Filesize
20KB

MD5
545fedbbd5b8e0afbfe576f085df8ee5

SHA1
d8c64ab24c6a9aa3531e9f097ddbd11c46973bb2

SHA256
77a77b88a8db0a58da54c8fc66706abb2fc511a6882dacc0dfb1756c87ed643d

SHA512
acd0f14f3da13bd8f4d86b0f8fa637acd996804aa3484d22403c34d05e34306f56292ed64a2e6006a09189146c2ebce779a2d48fb82b641725a1f4720bb5b6ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
160KB

MD5
e29f385cf8e2084afa1f9bf65508b58b

SHA1
5251d62d58f88eef014c4baea98d47355a325e76

SHA256
846b5f094061622bfe8848e9d647cb781bc987cd7284025e11642dad86a3fbf5

SHA512
5fccffd0197930f652387e32e5f78f4e775f617928d883a6cfb3cd47c5abba68fb1cd584f83dbd3ed40d0452ddf0a8c10dd258405b413188026e62165d086885

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsMostVisited\f6c26fe9-6c50-41d6-b1d5-20569d6fc2df.tmp

Filesize
27KB

MD5
82e30449c6dea6ebddfbab0234265ec2

SHA1
47b63781c88cfc18bd16a4989729b9240f5dce6f

SHA256
d2b5919e9486114cb762ef166f7036447192ed4b7965ac0d28d40d409c17870f

SHA512
f739cd8a1469c63c15a43d764c09dc18c124ff47f20792d1af1f48469970d2df798aad2d65948884897952f2f4a318128a6f2b44b3fe7f6aba9c815d28a8b408

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
74c88d55d0e9e81b02003925e25aebc7

SHA1
f850244ea80c28500f6a53dea24f70108dbc295e

SHA256
eedce4ca043898ffaaacde3beeddc55a16628630b9bd8d3629b7ae7f3f15a188

SHA512
8e05fd832a1c10899ea3d46690847c224d579c41bc7f95890dc6fa4cc5f61e71a44a357aebc7dea72338485eeea5815bd2443998e9068d1730a0a2d0880e48fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
9d2099439924f718b4813dc29c651e03

SHA1
0b6e0f743aa71386a9a4f272c058dcb9c5dc3b6d

SHA256
e68bde2919d0d5af616106f4538de30d5f3b865837da98efda82cc168da4ca0f

SHA512
118f1326f9840f2a091fe261a26ed4d0d6a51e52a152240676a71157b16fc5975a37a31d87f3242beff3c38297ca761cc680607080cf02c742d46833002209a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
867248ddde41c1ce9695fdc83fde9a17

SHA1
51d6250056fa0530e8d6bb21c348528db7a40e06

SHA256
9b2ccd4d4f18a4577dd8421ec976d28067de8d44a24d8e7f953718f71743f825

SHA512
6886c21f31eddea16727f2a745593de195092fc20f5023ee84eb8ebfc85e653d1ed5b04ef10304254bc21eb07602ddc3c0f5bdfa579bbd47502839b933523920

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
12KB

MD5
e8b733144470c9f183156c579bd98d80

SHA1
a44d4f256c94b190e9112193d64df82d7fa9c751

SHA256
753749b4cf66e305bef6c1f899c2a5db14e7990e119a9f1cb7f53d655361fd7d

SHA512
32d5899dedfdbd0c6bc7c832ce3b0fa29def0ef0ea9a80b17f0b11695b883697cb299aff5ed17af2d34e69ef8f00edf2efdbd5b8a63fd5f59075a398a81e3f61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
12KB

MD5
07edd2da4ba4f772908180b348a73057

SHA1
94339f8d00143616967cc54f8fe245b2665a4ce3

SHA256
6bb717a452ff7442c27d7d8b14f66c7c52d6c4899e744eec80498d65793f415e

SHA512
3ff92320dcfbe332bceb183b5adf8cf5405a7555a532c5d6481f55f80ddbc8f0f81fd1399e6f1dbce1d6bdd1bbb0acbc4aea0488ac362ca779d3e19f6f0ab65f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6fa18764fbfaf2f7715a640b3a41d172

SHA1
276525a3dbdbeb2a5a558488b6f71756990397ba

SHA256
b057ef23b7818e4d825f17c78389908855f29e1989788c39831339257a9811e9

SHA512
4810f983a9781ebd9d728b8f8164221fc997ce747618ef1548a5b3b53a33c507fbcf9f78d328a1f0bb34e2b71db53c5f5bedc6272763669c86ce694c6b401062

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
078a573b82d2e875b9d2a58f6dcd34f3

SHA1
fed6d770f484a8ed51d7daf98b74caa0fd435db2

SHA256
02929fe268c22c8ff0931594b31f35c39e69ba1880431fa4f53160f59870d211

SHA512
e1302f0b29414cddadeace6250e56ff0278f3f8a13643b2c0ad341350661e46d1d1b173a6445f549fa3ce01804aab4ab273e80acd0000b7d6b98dd73df0e0e69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
c20642095b4807a849e5d1c4267e46da

SHA1
4ba497b075d9daac94f8cd79a01737bf24652825

SHA256
2cfb6802d6c09cef9faff8572e8e83282bf5bc0943d0e76aa7884d37d6cbcee2

SHA512
ef61dd40c99406e2885822f2d818e06611800d9c9d24110100598f7984bc84b2d6f429e4b060d08c54a88b6f4069b91536e10db8043e2d4f3637b3e0705591d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
6f7d7584f5e88faac090d9b6b3b8d618

SHA1
6216a7c48445e85806ae4444d9bfcded8dd0f6cc

SHA256
cc460a74886bdef9760643ab5f218835c1bfb7d4f3900ee9606073b92b8c11dc

SHA512
269636b8d913244a8df58fabf0eb4ea5b21b722187c924a6bd7ee1e4b01bdc5b92d35401b1d6749b765167d50b698c5cc765dba944548290da002ba9b7bd7d0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bde258175e411afb5d69832d82b8e0b5

SHA1
fcbd13156a02d44998e6d3f771da5f652550ed53

SHA256
70a22ef74d9a64e6b46269910de55ec3d8fa153dc1af787cea9f4e94a9c48d01

SHA512
851c1e1182d160846d7ed05ade577892b38878883572d327b6a0399e2f6ff21850b767961b3a72c53fdc1c2c6f80b4f86728a845b98615d380ae141ba2459107

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
0d3ad233731dd6590f76b7ba97781e0e

SHA1
6eecf196d3703ebfe96ba53a9b555b730743c0bd

SHA256
2a81d2a2889002ddad5617d541e3db163dc182c7d96d55cbd6b9b05f02c58b46

SHA512
c1f51f12c0dbf67c0e73b0d72acaf9f89e5ef776868e8eceaa19921fcf8797e6ff5f487cb170be42d20b3bd21f774efcb4b7cd7d59c1c3fa7a95a2239969a0c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
c6d188e443d6b18137352f9ad66a3da0

SHA1
6890859afa7e5c739dd3918d67baeced18e3f713

SHA256
f064171e6d1406dcf0b39983b48fc184face744b447b6567ddc76576d0808b5b

SHA512
7478c4a8d2696e06c108fbef69ed6fcaab7cae6ecef7152a2f955da311d240e427ac46f5e2e969e64f0beff98b306a1fa56158aee4b26b10941604172697a5aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\cf4fd4fc-0d7d-458f-b7a9-b21563c58de3.tmp

Filesize
12KB

MD5
ec164852f806c0d58ee2c9b0ad3228b0

SHA1
e145715efd607defa20930d817d2fc4a1ab396a2

SHA256
ac4d86967e44d8916107bc4d037beb7e2b9a6225c8468a1e5020b92ef18e9e31

SHA512
5e0ef82ae4f591e729d1da84a10eb72939ce4335bd5c5a0e235ab665b9bb3e1838ce19bd68722008e773935336bdacf6943cd54cd83c46c252aee70ee000b016

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
eb33c84b0683b8f5c33ad038fca68153

SHA1
edd77e791da8297be9dcf02518d5da18ded384e1

SHA256
0ca267765959113a8bf4a2d8a2454f40621f37df0aee01eacde0ec270dcbbfab

SHA512
d985d560d326926ab82a708eca23674953a9556ddc2fe4a2f91f3746d45e3d1dca9d6a6e8c55c60df399fa3d593486e19c07f4a415b4917e3343f2807f2d9006

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
958f155b89ea9d1b1231d8b67fbc4536

SHA1
f28241f34d38a508bd64aab32820bf73f418bd30

SHA256
b768e9d22179f5d89e24d5656600f70b785764f5fc8359732dd353796c0beee8

SHA512
146ced3b44ce2033e9dd35982b673a95baea426de8267708af6ec55acba611a91577f13425cc85937f4d3bef816ce7168b9c392cc38c8fffb624ba49739634dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
1577958b17c88c531e38d50a551dafcf

SHA1
59ae2a0660a3e43ec23731215b2fc2f4ed899852

SHA256
dd303f102524b5f850cce260af588deca16c36e831bc5b069487349e4f03c570

SHA512
b1c85dd314ff4d023ad2e0fd18127b261d62157b7d8a240a05464c7f0d50c782f45bf3d8c89b8060158b9bc1b07448414d534a415cb14c5694d5c11234d82e63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
0c18e9067faf889a7f355b364e3de334

SHA1
cc49283713bb7599c6cdbecc8db5cdcf0686ad1e

SHA256
03cc785b709c5733b113dc3bc7a688c373a074289eb0e7aca92441935095bbfa

SHA512
dae8f35b66995dc391da71ffeb229047f551ade7c62f09de10ba89fb723a44390e3e459393ff62aed4d67d9ccacb009e7823cc233c18eb269f1c5f3f0cfc3efa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
7e655118df6dccb48068b873f027d5e0

SHA1
185d95f7b8cc76e78cf8ede202ab44c3921cbd24

SHA256
7cb34e19c55be8b88621992f642d5d2ef74b02c76b60af61dc0d040129ce5f80

SHA512
5a00ac4dd4665b3b3745fcd7a46069696ff5163060511a39ec3e5a764e35aaf1b43eccc60b402b6cf06b67a44d8197c98da1104d51fb350ae026a56a4f84f535

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
15KB

MD5
e02a44d4dcce6ee5c7b440139e9e1a2f

SHA1
5061fe17fad051cc7cde2954d08c0b57fc49fdd8

SHA256
8151ae3dc5217d5d68ad12d8047a7a59c5cac288650ade86e864858bd325abd6

SHA512
a1bdb4cb8b5d49c771805d28fb9fad60a938e89194a72104f8e884df0c6baef6f2641084cd1109f70d525fdbd25025bddaa30652bbbac73e0be2fdca2717acba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
3108af99aeb917bcb875f214c780eadc

SHA1
7d634134fdbbbc5487d007ea5c6ec1c15c0d23d6

SHA256
8e236d2e79375ae7d783a3aa24b2e7f07ebf2d915006c7f8b86f52c3cbe4a005

SHA512
3c772a582b65004e0841b0dc0fb7b735d1d031fd6c31c9d461b7dfb7467c46afc7de0fea3ab648f880a431762b1db00902f0796fc1a807d3eda06d5d88399a9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
67b3e5bedf69cde5e2cc318bdc9e162e

SHA1
f98c8b01f9a1872c490c586646acf39c850aff7a

SHA256
8c7df1aa444a0bb6801d080f0049015ddc2281dba6fd005856dbc02edd7fb6f2

SHA512
c3235b3c30cba12a11052f4e6fbf90be0640525f24144f5f25d518868283144f0176398bde1ee306ec054a61cba62d437427bbf8e1a4d448334666c766ac7142

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
03c157054b3be16f98da2baa9d049e70

SHA1
67a3c019db7d48269e89e9cfc0d25581acac71fc

SHA256
c76aa088daa7deeca765945240c88e08f451b0794ba43cf090bb577687ba1bac

SHA512
48fd6e0d86819ed646f0905832ab38ee675f719da428b7ef0497cb985be2736424a0bee601f6ae28a4ad4c665366c30494d9f8fa6980a9bf2840f98e64005c5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
4186b614edb0cfc7ba3ecf9ef6e8cbf3

SHA1
78e65e627c98f665adb98b5309e790d4a18f4375

SHA256
cb34e2453fd92253bb04bb794013553148325b0f8c06ad977cc72469501ba3f6

SHA512
9a91ff7301a72c5ecb5a499e0de5a1f8ac8e12631548b9f3f58eaf79c46f122038a157828acc7d1ae88907da03b3594483b7a3ffbfd3862f3e6ed71528e6d591

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
e813fea280e79c1d256ef60893f1d5fc

SHA1
7032b57f36bc649c58ecd9ed81ebb498b1d8926f

SHA256
200ee7fef3670059b1a01ae89b9d7857a0a0276a72a75237809f70cfd92feed6

SHA512
9fa3b24e8e3723815830d6e83e603b2f8c3f10a09a384922635f82bb1788bcb772f41d3c0e1385de58ccf9b9dfaa9991cc9e27d1e60ef5c2317a0427c030c03f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
b6e1c89f2973cad1bde1a4a06e9ff6d1

SHA1
560eb125dab24ff87a9713a5ed9ed860ea5f341e

SHA256
caf48cac55a73e590cf3ad14c35946b296c71f3b3d269c8df444f1ccbbb30fe2

SHA512
fff9f4a5783505d22471e3f9dd8db184569f62c18bf90619123ddd782aa2ad13426315031b0279de693de37b2c7fc11692392af7ee5de93a812dab36c5da6009

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
c637f7e00e9def63bcb5f7e55cd20c01

SHA1
5d84dae544d1d1bc3200035039444f3005b545bd

SHA256
6b00a6a9f4b79891dfea54a4b9d865f7d50fa8431d9c1b42274d55679bb2ecaf

SHA512
e3b1015a22a284b4b2ee8b8c5efb5f6fe8ca9b24a93b70a930fc952728ddcabfebc00af042194f570ee8ac8105669f43844c3250f03846df2f1f449d60b4c613

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
446999818d13b0a79e2767e80b238f81

SHA1
edadcc12eedd9175d47a4dfabf52d1d9e50c8aa8

SHA256
ca372862ac6d7049d30502d6b696f6769231eed2a371e9e8b657895d4558c0c4

SHA512
3d58b266d6028403949bbb994e517744093a51f6224689377e5f19e7ecce4d65d2543dd1c296142da80ac16bfbf281dc94463486b74e9356c86a630d6f566735

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
419a01e0e8fcb6993b06970b93af62d2

SHA1
17099a82aa4754da8d1253364db9b1d9a4d1e796

SHA256
25abec4ab4278a7fc63f011ceaf5d25c5fb2bc84da7d7750aea4db79abea4473

SHA512
614a3087c29350dc5eeb38e18c2a9d50039678acf272c558a8987667071acce1076149877a889afbe0f361385d4b58b0a4f9f1194aedc0cf0735738c1c1c8fe4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d2007d6f8899beb6b12f70c9c71ccec6

SHA1
dc8b6f8f2fdb14e92a3345be3607c309c0df652b

SHA256
e5ee26865cb349c5332a7b67261cf2480ccf0def03b5a9d256b9ee6349507cdb

SHA512
b7a2a84b3a24fd505f4e8b62a0e400875c3b2704c155e56e00836b1f4f255bec7944a512b439010ed1effabcaa14c87ab68fbce7d5ce2f6d49b154746adca706

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
269f854425a75ba741092aea0914dec7

SHA1
e34171730b623e18aa476a99178a096ca4078cf7

SHA256
2e6f13d68254c0357061517ff225a1d8712438814f06692f2e3a5e0088b07bd6

SHA512
5e76285ef979404d6501e050a84e24fa5dc640803eb18f63e753f11cd8703bc76055738236c105276c10758f0243dabe64797791f1e12992c96124234ff6144a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
69691e4192fceff0ade4835e862689f2

SHA1
9899f3305224cef1dbec98e1d31e6daf35dafe84

SHA256
636a224085e3da2ce6866a9602615e12149be70162fa9450199a7bfb5ffd08c0

SHA512
45c4e31e3ddacbf79cd8f82bec9392e49299143a78a68cec014667052a4bb7ebbe9b560450ff729a0735edfcb52a435b3bd4b817b90f4f7e839075e8d2906e70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
15KB

MD5
ce904081f61b49eee7e9fa3c0d0114aa

SHA1
5f23296e38792b4628c7f0a07b42e5d1326d8090

SHA256
c8ad59f81890dca9e996d1cb4bfe5b600cccd603efd82eb6f71b64f931fe87c2

SHA512
912e7dbb458ce84a17e7d6d4033a14d175f004375b6cd2783cc0020cdb0f8da3582ec4bd865f28223b79cfd627d288cd45ea52451f0923deda6d0cdfff9e7486

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
3945e3458b0a0c07d79ce913294d44f7

SHA1
9768775854a10a0f59b9a9d85e555ce5367f113b

SHA256
aec6936248bfa3add0296bf6e2f78265c744a04592af91000133bc0f67135f9a

SHA512
beec80cab4a3014a00a28af87b1875f26bac76c724542b6ccd6dd359fb9fb01b83783ebf629543c6594bdd9445f5ea7db2346b88307550dc4a918f375378399f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
01fb9c4c19a0778c9c602795a2b2ee65

SHA1
5de4fb710d298c145fe474c3dfd18c3a1ffbbaf4

SHA256
3b1b39d474ae4e08c0a5799488395385bae4a0766572eda2fdbd4f427913b20e

SHA512
3de3275772c7eb50c0795fbf392093c34700dc48617eb9b9c26d642aca2ea58b2d042d3a87c181cfd7cfcf5ac757938bd6bf73e819eb75dd259fe61f320147ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
a091081450a7a2c9dc36407e3abe2bc5

SHA1
f4b5afd96859ff9e693551a66df6312edeb63b90

SHA256
a2a1c09b5da2f8ba61f576047a155930a3fc3c86c3bcce6ec9caeb2242f7c905

SHA512
c9d252d596792945450bf100a30b603cfba1eb0a17bdcb802d2bea5ad7ede13444a9c4d9bc30fee30480f9d9b1cad087e87375425c0698d3f10577326ddc149e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
559a9448e68ee14df3df959c5ba59bff

SHA1
c3c1c18a873186963ee59b2faa3e2e2a495af17f

SHA256
581daf6f2346b403f6b6fd02376c2239ab3d18f16747ddbc7d03ab672bdc6e5d

SHA512
d27e6ed3f5f6602681998be180b5c6dda000936c54ea25fb45207e7bfb6cfffb503dffe9312adfc7a4ae05d6f442a0935473192a7d7aa37250c832946c13069a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
86f58059620b773a811fc9cf40fe22a0

SHA1
8f0f875607dd67242a335c651c5eae9a8485c881

SHA256
997feaed859b314ccd86dbf6c455ec120372ccd4cd2f8ec79f7fd51c5054984a

SHA512
b830b0eda3b5b6e594e2bad8a8576d72ce75ef684b312237fb9e812fec6867b4f97b41ef09e05a2729d4a36dbfd0ae25655c39077747953e5b0d74571bce2c51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
e680f1632e75d71d1dd410371ea8feef

SHA1
02ce7443a1631ff7779cd5acd8bf1134249d00c7

SHA256
54b93347d292607be93564f63de88a470985704a11abe1b13e1f67809a8bc8eb

SHA512
5620a97a3c73899366378d5ac82864ab115eed9bbf57f81005fcd9d360fe7e9138e7442b20adef06719ba949f79167e8c8125656cfc3e114fa16008248da9883

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
1c9811fd44b632d460a99170074c1435

SHA1
d9562b45a703a0290dccf65c5f325a49d4ca8806

SHA256
61f2cb71bd82f26098f713a5d677643c17c95a2b6ebe6cc7c649df29513f2eba

SHA512
bfee53000ea523732e14e1431c3d803993d2c8999621bec9e2c7d8c03b3f3020e47a3cca25a7309196444c840d313bc9ae786c45222207318487e1238ef5bb58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
386a9fb6421f47d5dbb59ad56d216d81

SHA1
a83002533a5793bf851cd059ef3505d0d264d2d0

SHA256
606a49cb3f0fb830b287138fc8e604ed10db3b2d95f168cb814f0544b8985d8f

SHA512
8ba5ba2f8cda3a4688a24cda0e864ca5f098c7d8d8b92fd22490ce656c79ee49fadb210f740b76173d947f7caf72e429db76eb3b7a2302ca4a9b77ba91ccda1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
ddeb4fac5fefc42ab8892a6d698dadaa

SHA1
caf237f435ff4c5cd1df1d8e56448148ca0eba6d

SHA256
8d960d912fb296eb2ea73a3fa694a97f4e0fe403559bd9c08207f34d872f6c78

SHA512
910c597aff0f92875951a98f8f24b5b1e5674355c32e624d60a6a44bab6f303d881fa8bf96ebc354b1d85c95f3b3eb0689dc1dba9ca5699478c75bc73f79e8a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
15KB

MD5
e8e5b14cd187dc641986efe19e11995e

SHA1
5cd756fbc7d5c21ce5e4d02ee7ad5010f7dfc908

SHA256
b59d1dd3cf9f6f408c918a42d4fb21ec84ea0a3bf31db77d09fa6729b9650fd4

SHA512
26028bb4083f7d306cead0a691b2f4f33033dd30d0f3398bad7ebab601413c628aa7f8f8e4ae877adc780a98e0f4b5573528fe2d70090f01c54764b7ed1cd832

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
1ffb4049d3731a138898523dbac3012e

SHA1
33d8be01abaf7356b83a1785431f3f7f6995101a

SHA256
124475c3182d9ad4bf0d401d5b99c8b2f04bf48342c8cbad71727eb93761819e

SHA512
7e2cc1b0a1efabdfd0d8225bfed17db3fc8019d3cb2d61ff0fde106779d1592a18a77f1b455254583bec575481663b3c9de44bbf883f9d7cd6841b1c402c74fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
15KB

MD5
a7e45e07c7f260dd0432ba37b1104c39

SHA1
e78eba36217a7124c456d289ea604be6fecb8838

SHA256
3a6a301476bd42f48c5d4f6fc878e2cc3711d3aa7ad6c4f2aa9efd2b9499fbe4

SHA512
2c9907d9e8169cb6c28fc232a1e6bfe3865f15f2276586ac5f11c48d6e2077761352405f74810ec97033dc2a92a37cd7b26e75b881a2018b45e5dc62dbb90749

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
18KB

MD5
37c0937d77d0704af51efd27fbf8af43

SHA1
c08da6bfae60aa535c1f8b491698b554549dbd2c

SHA256
a69e2873168fda530ebae02177e7c404801153038cfed9c53986d5aa00c76a58

SHA512
b1fff34a251b1ac87766ff1f58d4601f5c18b53f61aaa082b06bbef002ee5f2a8c0fac91eb538ef64c2ec10b8b99fbc65df32fbd953b441851837702da14a7d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
44602d2569f4eb12a0304182cfeed1aa

SHA1
b08afaeed81e088a82c6f4290d476bfe18ed9589

SHA256
de0c61316f072ebbbc4ac7cac573ab6f825b7fdf954843731e1a9c1ccdfa628c

SHA512
f4320e8d72f63eda40413a6547bc2ba40261842e2c8ab24e31db3ea39dcbe4d974edcf766267a2d32d864a15978c525cdba84a4200b53c957210b0bda11af1a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
27ca805e81b522bdf5a53e57488b7371

SHA1
7529c33c966c2281d1a503e7db4ba842f6eb8fb8

SHA256
88664794a2befaee3b6525be9f427d5aa1af04132196c0591df74e93feccfd2f

SHA512
1fc2aeb3b336a117aeff70ac19accfe3e3647ea9bed1682f360e668486405b9871d7d6047520b6dd14f768ad29fa06bd0ac60bc9ba9337770c265d908e505086

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
005bf5e8a23863d8a2b19d4cf9b5f086

SHA1
4d64e3b9f48789c5556090c8ee2010a651a57cda

SHA256
491c9eebb6019a84364f5f0103ce9b0dfeb5fe40ef8f1d896ea5595a3fee3d6b

SHA512
b5979c4047db7e4cd0a1a87d77188f650af122118eb8a2cb4fd523c13e4b3c08bbcfec396ecbae98c49c812c63badca8e7b839f4c97f27276c72f391336c7ded

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
f22173adb6f8915ae66ed3904b59c10b

SHA1
0d635db2f0986e6311e497aa4cf1ac6690533864

SHA256
0ff100069082af9f86ad33a9498e7c2c6d56c2540cd1fa8df2bf8d9d5c13b544

SHA512
b84ac0b260c8700062e3ab9b0e31b8242bc656d5cfb097eafd65d4616496dd3273a4377b0fc0600fa824f6c63bee43a74b3c339f26b6557f8d000abd4006b706

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59cc3f.TMP

Filesize
48B

MD5
759016456a4acdf616e05e4cd2ad2a57

SHA1
5d6448e38cf290fede67bad3f19f1ff6e291044b

SHA256
385aad8b8701cdde49ef003bc58ca8de183474d56ec7ef13506d40d56ed224af

SHA512
b963e736130ba0cf169149a0318ee4c1b27ad41535632ab1915505ebbf3350018246c61fbfdba5746646b23c8e3c575452064646070885093771a3543292d2b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

Filesize
15KB

MD5
a62cca1e6b13bf023ea9c54ebfef9988

SHA1
382a7eba1b4db92ff00f9ef8ebc6225fc41eb2af

SHA256
cbcd4763050170717218da046e973454dc22b9ea264748d775957b3cddada573

SHA512
7a5584247440110e1a9184b6af85c940ef1eca5b54ef66d8bf0ad852a73a2418a7e0038692643763a9cb0847c390c054fc13034365bf8400366016b663c2a9fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
c753c95402130a8e991ec1076cc4c676

SHA1
4b2a0274363523955fe5c69bd2c6db4fccb733d3

SHA256
60b6866b7bf1583c7e179fea2e1b1bef0b0b08991779b2a32c16619e2926260d

SHA512
d808542e7646054bc9e1d58c3e1986c83ec6ba5b9bffa4a91c3dbfd4b7dadcb2177c5d3405faafb1b5d6e563d8e6f32084e1e93f44fcb989aeacd115d4a14810

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
348B

MD5
ef69cbedd2e47bd7fdcc2abbb6922d50

SHA1
97f080892dc61e36c735cd2d9d8ebe9ba04cee52

SHA256
ff613dec4b6236eb4133a5e41bb84f41b4c0983f5bc64d58ab692cb29a2ec85d

SHA512
ea52113b937f6fc4e044bf75673cdf76ca34ca2bda30ca6c058467b382c2c166b3fa7043600e11c941bf0738633956df6eeccd93fb908aea009e6318e2420bd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
324B

MD5
f36cc6a3b3be60b92ffffabd9bebb76b

SHA1
b5a0a2f0fa8d573471c21a14f8311b86a495aa08

SHA256
dbe9cc8a39eb989617a9269d742883f761f9d596287b9b23f98d40971b1c0195

SHA512
a1be1011c7ca49e4adea9d54256573f0f11e1dd0dcde5dfa0a7eee3c381dde952ee983173d22018f0100828cd9bd7de48a985a72995994b6d675e2e74dedf7e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

Filesize
51KB

MD5
2bc04bfaee23eea8b01cddcbe6578ac3

SHA1
9c032f1e854c41fc8998e7973240c969e5781ad1

SHA256
8028727bd4197807e57273ed0992d0a59d89ccc60c702e7832ef2daf5394275c

SHA512
b9c8c01f7c7371e1e54aec713607f99314573e7cf06f97b065f8f29f0128e1ec9c1c637db470b000f26e166be6270257465749d06a39c7865b1888d14692eb1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Browser

Filesize
106B

MD5
de9ef0c5bcc012a3a1131988dee272d8

SHA1
fa9ccbdc969ac9e1474fce773234b28d50951cd8

SHA256
3615498fbef408a96bf30e01c318dac2d5451b054998119080e7faac5995f590

SHA512
cea946ebeadfe6be65e33edff6c68953a84ec2e2410884e12f406cac1e6c8a0793180433a7ef7ce097b24ea78a1fdbb4e3b3d9cdf1a827ab6ff5605da3691724

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
13B

MD5
a4710a30ca124ef24daf2c2462a1da92

SHA1
96958e2fe60d71e08ea922dfd5e69a50e38cc5db

SHA256
7114eaf0a021d2eb098b1e9f56f3500dc4f74ac68a87f5256922e4a4b9fa66b7

SHA512
43878e3bc6479df9e4ebd11092be61a73ab5a1441cd0bc8755edd401d37032c44a7279bab477c01d563ab4fa5d8078c0ba163a9207383538e894e0a7ff5a3e15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
e32959512dd6c1b832ef7ad3d40d558d

SHA1
bd69773c2c021b0eab532c58ab6f8e3bcdcf96e3

SHA256
4ec391b37c4724ff0502d92810d2c61d74cce3afd915b3c87a3c8329b8c19cec

SHA512
3d954532c8895510420fbc9b20c6b4729d3abc6803f8777b30d54c47824a7441efe895d4b6a3a1c510b18b25f6e6576a9b2fb341f21b63e5381f4ff9c83eae2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
93KB

MD5
6e9c67842ca200e0ff03f8b7e01c49f6

SHA1
49a7ff73e98b8dde125fe986c249c08849d783cd

SHA256
2cb5be545ff7b22a56387a02144896d539ff3b9050a861e7f45a85a82ee95c0e

SHA512
9e6b7fa6b509b7ca12fe56509ed1e00a5c87ae9f23d00204d5ce32b78b2bbad05e87182ace517ba53d6e9d59c5b9ea4e3f12a252bc0fa45578dc2ee6a8b728f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
93KB

MD5
ee4d12688d9e9a263c04e3d273c2c5fb

SHA1
6a8a42c7ce4a9b50462922184c11114384d5a682

SHA256
515b2284d652b7c3ee44901bd1ccfc5084d79d9b34fe8ab2c235ee44f4fb9447

SHA512
d8fc5f3ab90e49d193141b2f9fa69442242cb87f055778cfed26a88ddf371a03f3fd945a9c45dfd8166938765c1c23fac6738b10f0b8a646fb93c7b7f969be1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
9431f29f5bdc777ee30da59b4da6271f

SHA1
698682557f0f042ba9261ea7aaefa21097365614

SHA256
bb6ae839f503a099e6479101d419bbd604ab5c5bf0c4e9cb328b8f3622c84ea7

SHA512
ebb835ed4d31dbd9b07bede55e2656ddb7a5cfd4ecfc15db35bd4d726096a12ebf6c2df7ad3428c574ca513e6e566409544eb2613f1b97fc8c1d754c70a31014

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
1719fce6385e48da932f8ff7a7a80962

SHA1
ec5deaf39c21f5e9e854f4f9a4b9f63d1e794edd

SHA256
fd01d30213df5ad9c023d1a80c04455b57c91aa133d096a503aa108b17ae4b94

SHA512
32b64e557f2b0118ee451c1ceed287bfff5e2fefd8b581e91bad76372e3b10733051df8c0430f11d2a7dcdc3a85e4b8aeefa453cbf655038a2366fbcbcf01cb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
82KB

MD5
a9b6f4802472002cba2717cf93287e18

SHA1
7e6547ff3c27c6dbdf602dd913289068aa709eb2

SHA256
13a94be1bffd0a66ff4fbb354511dd7055b6099fc23f2d3341bab7f782981e3d

SHA512
3ba16be50131c7af55a0cbebd7e4713eea96e5201b062fa20973c0b05018e112d6f54a1448f32b7f8f1097210c627a4ada2c6dd4d0396e763301805c9d3f40f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
98d1c7249d89a872d75a346f9400dbe6

SHA1
6d2c403cd61eadee7c26a820bf5f279d1a64853c

SHA256
30de7dbb18b9fb0d649398eef9a7978d43279c9ff2b0bf19326ae3c3f0aa2e85

SHA512
b01138a8c92084c39e09aa6e00cd1449a0ce72b5a66784f337b4fc05de9311556ccbd4620513b22fce051825667c9eee220edc1bceedf7dc90dab1e27ffa3e02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
bf513c16cf40a89f62f5380affcb97e1

SHA1
19ffa2417b7d4c00264e5d7875fc184cfdce8d11

SHA256
75476d2023b86b6b69c1bd7f457d33605012cf0963e4de8256d1c2483b903d54

SHA512
843b9e770021055a30e9bee12068b21e7f44e000d0ec3d5227c48452755784ab1ad82768fae238d25baf61b6cef928ed84afd20e623db528a137eaa0262cf89c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
0adbf1c153e323b7c3d28ce8c4ff8520

SHA1
79fd4548f1233c3f06e10027310205c3a827ecca

SHA256
3b36fb4a4dc5e33164631f34e44e51210f6fa199c8e16ce157b24ac2d848cfbb

SHA512
d1f1565e8cdb2664effd25fe46ef88b3cf2b02bed4740cde998ad5e15b1e1af8889f32f96f7caf63320540da271b9eace526115986095cba7cea5d4757fd6958

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
82KB

MD5
ccbfba298143fa0da56c706cf56b6f91

SHA1
d806a41060de204a0c2ada210799dfca351d1cd9

SHA256
50c254df857c77113e039eb5eeea2f81e06795c97fe6f488b60f2eef796f8dc0

SHA512
4ab44bc1700858bc178bf0b4bfe923d46eaaeef1ae7041069865b323ddb09a40b72424f0938ef60717b845f3d90a71010fb267e0a5a6cf73ba8442224ebdebf8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
139KB

MD5
20278293ea11521c99b025bedc33f324

SHA1
735305b3b102c95242461e24c28721a4b336c4d2

SHA256
74ad640fc79ea1002088dc1ee4b4e0eacbdea8af8f46a0350207fd24003c21a4

SHA512
e666be81fd9bee117b8504919678c248e6ccb2214203df5ae979fdc242b741c147d76d8c5026a9567fa50f7e6104c52ef521612fceef6c3a9ed97b95f62df9bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
3279ebfd16166cddf3e543304b6c9edf

SHA1
be15428824bfb57a73ba90f0c7e20c65e072646d

SHA256
78cf45b881eb2c1015bc8b082692ae5ea61b8126f83b0d053bd6a1505be147b9

SHA512
98b88be010dd1bdf7b894c4be85d6502ccfbc46ae9a6721fb11763fdda99c883394063c0b9d22fc914b7db5fa175a25511752b8aeb76e06d1533c550eb63ed04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
93KB

MD5
8c91d68a48145c47d32779cdd86a88a7

SHA1
ab2334338537fd072d33153092cb261f325b84f2

SHA256
959afef7b6c6312f672c4f0c59340621342f4de24c3a6545d0cbc563f2698c7f

SHA512
d169222880efa320e7e017c2ddd09814362a22a99a8ec34d7235b71b48282c65bfda74b46ff29ef6324780a5914f362dfc375c53be3bfef64256bde247559320

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
4abd039ff10e41577d6f6ec70bdcddda

SHA1
844e5751136c3a74bd1899149b087d3b43646a57

SHA256
d29d8ba1b1ead19d3452fee708a8c3dd567dd498c92f1abb3b607c313465dd26

SHA512
d685c5ae7b2c29c9707dce138014f84accf42b2895f95c27dd5c66d4ac002af4afc944f75a238dc2248c2e7de2fce89cb9e51ee0b991b5396a403f4fe3d1e1fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
3b072c72472beeea75f4b1df48b1987e

SHA1
2d5acde8cab25c03464af92795595a85a0a7f493

SHA256
dcfc61a2911f10a2ff36c44afd01c9cdec8d33c68b013a79fad70c86c5851886

SHA512
928ef2faa1e43f2e672c4a9f725fe41414b72d447bc76e24f7e6867294eaec01432bd067e80fe1e2f2ca80eddb0cab71975fe3dce063e452a1273186a4b6ea60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_0

Filesize
44KB

MD5
7347ccdac48d1566ab1db5ea88b09b05

SHA1
df820bfb7a7d0fd1f6523a8ab24e30ec975d5b5f

SHA256
b6dae2b5cf5d9e84845ae3e15585a219af635d2d8a11f8c937e10aa7aad4147e

SHA512
70a43436998d16e38e9533096d1bcf0687d284498d06410895e9cf1d0ffc35bd9bb3d608de6d365d5de36984b6b01e14b63811346b2366b5e305b97e394c177e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
ed4d1406ff593e6e8a3dda486d01958f

SHA1
35faced718db3dffb2d85ca524a9cb58b4b5e2d4

SHA256
2d4923d416c2d4e826d3d5bd927c9a6aab5e42d4ac327d1b2b51e7c720c397b8

SHA512
dc967de200e464d5dbd7238f954f9b8256e83c6230496add7de3173bfe018bcf30525c74ab41cb42d63a40c5de150e23607bfc68d5c806f4be8e5f45f6c66e1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
9a5a5f977875296ae354b5af32069eee

SHA1
f7f910ae678f89aa2f3f5126449d882421097571

SHA256
b5f03cb31a4428548d86581096dc241fa2869b11fea83c407f955427007c47a0

SHA512
ef704917f46227ca9d34b0e7fba0d0b90ba1e4e8ebf2c6df9c858b8449250ebed5d42ffd192b7d99401e15cec2fa8d9a886cc381d032b5edd17b7a40df006660

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_2

Filesize
1.0MB

MD5
6c5201f337641cee957641132609e2e5

SHA1
2e75f95d6fad7402b6009a034217286518a83ca2

SHA256
77caf148e46bf8848d70ffdfa8a274195fd00e0262ed2dda4efa6932b5d987c3

SHA512
2329a53e0a23bbe62d772365068d1fe266e7e10fc0955036989a803f222bceb595f2383b01719fc2b47e26056a376beda0f7519ba8095b27021b7eb1622e4979

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform\ukm_db-wal

Filesize
164KB

MD5
303b90967a970cc413465d5e43472f6e

SHA1
117deaeb888665a2c227c1f12d0ec660e7a9eea5

SHA256
c068403acad0836b1d4d3858a8bd4161beac86e6c1371ebec82cd38dcd38f4e7

SHA512
8a1de627db037e85b4b45b91f2fbd39780639751c34bbfad829208444f7131aa1e2d5dc648fd8eaf95db961fbdc0103df9dcf0813057f1ea501f2fb569dbee5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec62652a-4173-490a-bf30-4c378c0dcdd3\AgileDotNetRT64.dll

Filesize
2.9MB

MD5
9bb6ed08af544d3738e60200d2804180

SHA1
5a40b484ca56b1ce59add4ec283e21d60070be02

SHA256
86d49f3894cc3de038abcde03803de8b6f239c237f34930ce5c41ab725c26cb7

SHA512
63e6b90457c3e3e6e419e30fe57e35c66e08059611fbe4ffb60d28acd6ee8d9f0ccfa31d7b27e9af44ab13512490f3b7b7f5130df947c5de50a937dcee0a91a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4024_1226493767\76cc2761-8fb6-473b-8d8e-f273a2eb1b3b.tmp

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
14KB

MD5
c932ef108063357b2a118b7316b2f835

SHA1
b57a488dcb5d0eeee67bc33ac0e7a1176358353e

SHA256
df53ca8c80fade77054a1db74392c57c4efdc6f98666cbe659be4c080eb3186f

SHA512
859184414a0264fbf77a98aaf9ff70066eacf46212b31d6a748ffd2a1937be7051a5ada90253c8babe53349281ddea87a5adf3892e3890ab9f46b70894d26520

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
16KB

MD5
308e59eca099e1bbbf9bacdce027ecab

SHA1
bd9cc4965f9d5cc874cd39af316ac5b1179f00d2

SHA256
6c1aa29cfcbb05909f4a9c2c5d7e39e9da4a0d02728df5020d74363117013e6e

SHA512
5b8972559699e0bb04d9c522c7b737b42d1faee2645406cc576daaeefe77cdd253142315120ccc1d35c0930d91b0a49d320ed9006e16b4d621194c5a5ff5b432

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
16KB

MD5
1dd210ee7b5e0a8b2f0b47e51e65997f

SHA1
9bf49cda99bfad915e5e082d1a962ddd168c09b6

SHA256
e010b5de6f69c12e3edb0fc31793a98917b1fd2c4d3d4b3946413d6a391f0946

SHA512
4b3630fe869f352c1857824ac6aedb7c7dc8a7423246a1980c1a266842d2bd506980e29916e99d8a28740a1a22cf43ec7a3fb063aef1e150a8c9108392a72302

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
20KB

MD5
9715eb3c42b0548ab9a8decc2795c74a

SHA1
120a279ea1868ca174658897ea45c2bf41528124

SHA256
47998c1591bbcbb7fcae338ce764d8bcf18b1a277e13cd6d6bbe44bf477b2fc8

SHA512
e9442975a8371bf420d9af5e513e653ff3bab9e953da863b88ac25c8cb23fc3e824a4867fd3c0bd451765cdb6b9c100557f63d1f3c0fce40a06d239341dae99e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
8KB

MD5
248ab356b6d446d1415e81ea8d165f84

SHA1
97eb260eee6637c9b9df533952acda079a87a036

SHA256
026dd0b7dcbb01a64702c029bb2ccf24da193ace3c7b584a9a166cab0a67d220

SHA512
1a6150b5cf0035d244e049de7ace54db73984a7651db21744f7ed604241379ebb9efe67ab3f2a0b84bc1f91b2b3939e7ecdcf42c96aacb365c233db4a753e566

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
9KB

MD5
661f2516e7cac1ec8c519ad1541934b1

SHA1
065c8de10cd3fdb1a7b15b1fbdbb64fdfd46fcad

SHA256
4d3030508006449a81afc8bf21a2740cc830c8ec8eae41d8a5837aabb2c779f4

SHA512
3e22bb4b5416432df662519a16330979bbd45f5cce3ce2052167e6350cfce51c146a73d6d763c03a592b2dd6b2431d969588ebde47c5a72be35fd939eae537e6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
14KB

MD5
d9613c681b12f5bdfc03e7a631cd70a4

SHA1
f64b025af21d15d8e3acc9cc8837e426742e2706

SHA256
36936be5687a60acf0e6a685e62ab1b30f62c0cd6cb2c197ee79c9a6112375f6

SHA512
e9994b8e0176268367adee133dac3c29a209df4cc21aad6346e22c1b8fab51394bc0e7104811299f8408b78c1e46ed466ece5140ebce28c489a8b5bef37ffc23

Download Submit
C:\Users\Admin\Desktop\authlinker.exe

Filesize
1.3MB

MD5
a2d56c15909db707a631048cce304153

SHA1
52f3ede634a4a52a10e8aacf8898da5b08bb51f1

SHA256
02f551704957768895bad546626f9e31dd9287bd8c33d7becb6bed7405380e46

SHA512
a0737ba2e65dd3c84a9a52373e2a3501f6569890c43bc3a8e29dc0d2722e5de78d41f25453c0f9d9d01e97a0498344e80a08848c8cbbc433d711dc14864c5d6d

Download Submit
C:\Users\Admin\Desktop\data\DCRAC.exe

Filesize
26KB

MD5
8a1a98367fd8cb7aa977403f88152e60

SHA1
cb56f3348ef9b2bb6f38f3ef2b5522e64222b707

SHA256
730fdccacba82f334638c13a284ae2e8462e10382bf55d2a0d35f25b805bdc02

SHA512
a18dd788496c9d34c538cf547cf1bd3aeffd6c452d615a186c05222043b7bde5a03360cc33c9005951ff4bd076b4fecabeaf418b59d3623d604ff7b308d09e83

Download Submit
C:\Users\Admin\Desktop\data\DCRBC.exe

Filesize
26KB

MD5
14a56e4b7bd40512b49d6f72086e8fc1

SHA1
d8c05adc75d739a56c63d6596d460304eb219cc6

SHA256
86c45fb7473e5c1df78b8cbb2003033c37b4cb01a677c1ef30ca1573e84ec692

SHA512
3d5c2010963694262dcb08337f80190630d890565a25610c33983268afad11b0882fb5c7a03b5e629560d3fd1b9b3856d4896f5a272c53928c1fd10924e3b3f8

Download Submit
C:\Users\Admin\Desktop\data\DCRBT.exe

Filesize
23KB

MD5
32e2bc4f79c776b542f6775895beaf21

SHA1
38e1d82f7cd869d1a016a94dc747110e44e80ae2

SHA256
98ec5492a2f0aeba5b39a9f41498d98c73643bf6d8d177e5831fb0ad6e6f8521

SHA512
4ed797827b33fc922b1385c7b4e1cfdc12f7e00c8969b7ed6eeb6aa82f2656fa7f73c90c67ee1a1fdff2ac654504e214d4255eb37251736d30fa694e0b3094e9

Download Submit
C:\Users\Admin\Desktop\data\DCRCC.exe

Filesize
24KB

MD5
7369469d49c34493f1b8a06fc89d9c7f

SHA1
956b5e6933b6c8141fe6aa16d97b15fc0e985e95

SHA256
8f5b38fdde20187e5ab965e60c024b98def9d565ea23f596da4fe13d12e5f5b8

SHA512
1777cc2a5e11115d71b92c5790be558838aed0173a3d7ff288db44674a0b3151026515d74518a960c2467d9be549cd47567123b59330d7684a9b2919b707a1a3

Download Submit
C:\Users\Admin\Desktop\data\DCRLC.exe

Filesize
23KB

MD5
a1bccb81f525f46b8e0994157f0dbb58

SHA1
70ad20203e56b1fed9827d87c8cc8ba09008a49f

SHA256
574f0612cef481f5bde5667586f1bf1c4df4b7672cd6093b6a8f3b2cadc10725

SHA512
9fe2dc5e4f621142d43b0ec8ced708b6fcd41c70b5432315ac98de632ab4a9e95bafb93dd30415b877ed6b2351697389cedd9285bdda7e53545e933b6c8de3be

Download Submit
C:\Users\Admin\Desktop\data\dotNET_Reactor.Console.exe

Filesize
34KB

MD5
69d18a3245f3c2fd02c82304c494e977

SHA1
049cda6bc59daeadfe82fce2197e0e15c2847a7b

SHA256
b55b0a652538836ed681c2afd985310fd39ad2f31ac159847fc46a6065f3232e

SHA512
5791cffbc2389eaaf18e4f31c320325d4bdfadf7ab00c847bfedccbea8fec26a3f4452877d00c95e0573e90306d7a2c988c00fcb7d495ac22955c7f64fb047c3

Download Submit
C:\Users\Admin\Desktop\data\dotNET_Reactor.exe

Filesize
13.3MB

MD5
bd73df4cf427511993075f7a16e037a5

SHA1
63f116641b0655f53e93d62ae559d510ed5af134

SHA256
fa0a32d408a8df70ec44f3d2374b058f57b86ff49b8068b8c68f8505d3463970

SHA512
49ad63e65e1f6a454778c904727c948969145eb09457105093af463d933413a7d30437051c7ddb8ded0b46d38b2018a1a78c83af582ab6775bef870057a9dfc3

Download Submit
C:\Users\Admin\Desktop\data\mpress.exe

Filesize
101KB

MD5
8b632bfc3fe653a510cba277c2d699d1

SHA1
d6a57aa17e5eb51297def9bac04e574c1e36d9c7

SHA256
2852680c94a9d68cdab285012d9328a1ceca290db60c9e35155c2bb3e46a41b4

SHA512
b9ea70ed984d3b4a42eceb9f34f222b722c4c1985b79b368d769fe0fd1f19f037ffebe2cf938aa98ed450337836a7469d911848448d99223995f7fb3a9304587

Download Submit
C:\Users\Admin\Desktop\tmp_wEesXcoZqBELvdl.exe

Filesize
1.3MB

MD5
86f3e6988fd3e193e8efcc9b5557a6c5

SHA1
16093794553371cc46246cbde7dc78b3fc0d43c9

SHA256
0c5382084a2b602f84e6ff683f7281b113d55dc926b884cb67b952e48d799dd3

SHA512
a6ac4dbee3293ebb62fda4975c5a23b32db7e318ffd627af6a555abc96a868a6176d46874dff3c3d066f3135041eee283bbacfc9b93b02f02863ae4099a7089b

Download Submit
C:\Users\Admin\Desktop\wEesXcoZqBELvdl.exe

Filesize
2.1MB

MD5
913dcff1ce10a7d718cb167cf7faf8d2

SHA1
a0ecb970e6a23b70ff9edd5dcc359899b92f606b

SHA256
9d64a4c9635f146b52937fab567a9969ed934ea728514d052a1665daa7fcc0f5

SHA512
5df9f6946a5d9d7c94138d39e2b996679f4510a7541e375b6a5595e13010b53485aa0b2895af108d1844f033378ab0d07a62ddc4f5058ce13addb178ed991352

Download Submit
C:\Users\Admin\Downloads\HUNTER-VIP.exe

Filesize
631KB

MD5
1cc13d9747b9074f64634d0edbab33ee

SHA1
f1b3920391a435581b2098c8e9aa5d87585d2520

SHA256
26c4499aa6af90835579de71e1460ccfe153cc77213096da5a3bac33ae0bd519

SHA512
3a8481f033f70d5c3dc53b4039ed6be77705f4a737a154d73b3627fe1344cc92b3dc643e0c367dcf4482cc377736b5622cad79d4ee4c31e446ffd9ef3a8c526c

Download Submit
C:\Users\Admin\Downloads\Loader.exe

Filesize
1.0MB

MD5
fde6b13b42161d5f21c9e8cb437952a8

SHA1
e8bb209cd0cb6e7a6a388fc07311db2d8f8e2e3f

SHA256
e690d7f794d8abc57fccf0ab6502d55e370724678808ae2b5ccc15461ca0213d

SHA512
59bf9735281a6ae2a0de2894f0eaeda8ba71a6d1e76493b6b847e293eb7710eb4b0ed4facb671f1a2d08abb4e1dd9ecb6d942903b97a75526fe03e4a829b5bb0

Download Submit
C:\Users\Admin\Downloads\Vortex Crypter.rar.crdownload

Filesize
16.8MB

MD5
b702935a7604f45a604dfe3390c80590

SHA1
ada45c5b72c7f6ab71d11708f1a5f0f7dad59edf

SHA256
4dceb4be48c978782078d7d71942f5f8197cd1e20d2434350b8e518f2e74ed03

SHA512
de1918d50918f436df7857cb656d9aaa736a5151a95617953c3ab862ad7f9562be5a10e0eeb134f8c9d86d118d6fe88be92db7e828967a5803fcbf9c8ce61446

Download Submit
C:\Users\Admin\Downloads\authlinker.rar

Filesize
596KB

MD5
5118db908ed9a97ef5ce305b7b07f112

SHA1
6a1a1b97362726c6e72ec51259ce8c4aef3bf5dc

SHA256
8da67090384bc20feb769d0fcd0c23e23c5f72d203c8296c758e5677a0cda4ab

SHA512
bf5feb6769ccfd72a36814eab6f51cf15f86b90b42618d2b33463a89d9b30a65e09f5cb3c134e95c43cc039d81974677ab28a7258463066783ae99c708de37b6

Download Submit
memory/1444-1097-0x0000000000620000-0x0000000000840000-memory.dmp

Filesize
2.1MB

Download
memory/1444-1098-0x0000000005260000-0x000000000526A000-memory.dmp

Filesize
40KB

Download
memory/1444-1987-0x00000000083F0000-0x0000000008744000-memory.dmp

Filesize
3.3MB

Download
memory/1444-1986-0x0000000006850000-0x0000000006872000-memory.dmp

Filesize
136KB

Download
memory/1444-1100-0x0000000008300000-0x00000000083B0000-memory.dmp

Filesize
704KB

Download
memory/1444-1099-0x0000000005B10000-0x0000000005D24000-memory.dmp

Filesize
2.1MB

Download
memory/1952-2648-0x000001EACE700000-0x000001EACE79C000-memory.dmp

Filesize
624KB

Download
memory/1952-2647-0x000001EAB2EF0000-0x000001EAB327E000-memory.dmp

Filesize
3.6MB

Download
memory/3520-2333-0x00007FF9A9EB0000-0x00007FF9AA662000-memory.dmp

Filesize
7.7MB

Download
memory/3520-2384-0x00007FF9A9EB0000-0x00007FF9AA662000-memory.dmp

Filesize
7.7MB

Download
memory/3520-48-0x0000000000740000-0x00000000019EA000-memory.dmp

Filesize
18.7MB

Download
memory/3520-2331-0x00007FF9A9EB0000-0x00007FF9AA662000-memory.dmp

Filesize
7.7MB

Download
memory/3520-2330-0x00007FF9A9EB0000-0x00007FF9AA662000-memory.dmp

Filesize
7.7MB

Download
memory/3520-2328-0x00000205C92B0000-0x00000205C93D6000-memory.dmp

Filesize
1.1MB

Download
memory/3520-2327-0x00000205C83F0000-0x00000205C8602000-memory.dmp

Filesize
2.1MB

Download
memory/3520-2326-0x00007FF9AF950000-0x00007FF9AFA9E000-memory.dmp

Filesize
1.3MB

Download
memory/3520-2325-0x00007FF9A9EB0000-0x00007FF9AA662000-memory.dmp

Filesize
7.7MB

Download
memory/3520-2323-0x00007FF9A9EB0000-0x00007FF9AA662000-memory.dmp

Filesize
7.7MB

Download
memory/3520-2334-0x00007FF9A9EB0000-0x00007FF9AA662000-memory.dmp

Filesize
7.7MB

Download
memory/3520-49-0x0000000000740000-0x00000000019EA000-memory.dmp

Filesize
18.7MB

Download
memory/3520-2386-0x00007FF9A9EB0000-0x00007FF9AA662000-memory.dmp

Filesize
7.7MB

Download
memory/3520-50-0x0000000007190000-0x0000000007734000-memory.dmp

Filesize
5.6MB

Download
memory/3520-2316-0x00000205ACD10000-0x00000205AD2F8000-memory.dmp

Filesize
5.9MB

Download
memory/3520-730-0x0000000000740000-0x00000000019EA000-memory.dmp

Filesize
18.7MB

Download
memory/3520-2382-0x00007FF9A9EB0000-0x00007FF9AA662000-memory.dmp

Filesize
7.7MB

Download
memory/3520-2339-0x00007FF9A9EB0000-0x00007FF9AA662000-memory.dmp

Filesize
7.7MB

Download
memory/3520-51-0x0000000006D70000-0x0000000006DD6000-memory.dmp

Filesize
408KB

Download
memory/3520-67-0x0000000000740000-0x00000000019EA000-memory.dmp

Filesize
18.7MB

Download
memory/3520-61-0x000000000D1A0000-0x000000000D1E0000-memory.dmp

Filesize
256KB

Download
memory/3520-59-0x000000000BCE0000-0x000000000BD18000-memory.dmp

Filesize
224KB

Download
memory/3520-60-0x000000000BCA0000-0x000000000BCAE000-memory.dmp

Filesize
56KB

Download
memory/3520-58-0x000000000B850000-0x000000000B858000-memory.dmp

Filesize
32KB

Download
memory/3520-52-0x0000000007A50000-0x0000000007AE2000-memory.dmp

Filesize
584KB

Download
memory/4716-1992-0x0000000008870000-0x0000000008BC4000-memory.dmp

Filesize
3.3MB

Download
memory/4992-2662-0x0000000000DF0000-0x0000000000EF8000-memory.dmp

Filesize
1.0MB

Download
memory/5060-2367-0x00000000089E0000-0x00000000089E8000-memory.dmp

Filesize
32KB

Download
memory/5060-2359-0x0000000000350000-0x00000000011CE000-memory.dmp

Filesize
14.5MB

Download