metasploit | 0df1105cbd7bb01dca7e544fb22f45a7b9ad04af3ffaf747b5ecc2ffcd8c6dee

Analysis

max time kernel
152s
max time network
149s
platform
windows7_x64
resource
win7-en-20211208
submitted
28-01-2022 01:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0df1105cbd7bb01dca7e544fb22f45a7b9ad04af3ffaf747b5ecc2ffcd8c6dee.exe
Size

1.4MB
MD5

a02eed32b2a7d07c188e0e445604df8c
SHA1

73e197341b2745df805c2149a2123712c5bfcac9
SHA256

0df1105cbd7bb01dca7e544fb22f45a7b9ad04af3ffaf747b5ecc2ffcd8c6dee
SHA512

d3d11b409eb35544a27df31fb8411c61ffbc73a95052077e0acea5e33cb11db47ffceae0fe16e37fd0d34e3034e90363d3a8992b5225ec1e9ee452d202324b4c

Score

10^/10

metasploit backdoor discovery persistence spyware stealer trojan upx

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

http://dazqc4f140wtl.cloudfront.net:80/ZZYO

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\bWvHSQEk.dat	acprotect
\Users\Admin\AppData\Local\bWvHSQEk.dat	acprotect

Sets DLL path for service in the registry 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\bWvHSQEk.dat	upx
\Users\Admin\AppData\Local\bWvHSQEk.dat	upx

Loads dropped DLL 2 IoCs

Processes:

rundll32.exerundll32.exe

pid process

588 rundll32.exe
1520 rundll32.exe
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Creates scheduled task(s) 1 TTPs 2 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence

Scheduled Task
T1053

Processes:

schtasks.exeschtasks.exe

pid process

1228 schtasks.exe
1740 schtasks.exe

pid	process
588	rundll32.exe
1520	rundll32.exe

pid	process
1228	schtasks.exe
1740	schtasks.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

0df1105cbd7bb01dca7e544fb22f45a7b9ad04af3ffaf747b5ecc2ffcd8c6dee.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F426E296D418D80A79AB85FB048926C5BD6C5C5E	0df1105cbd7bb01dca7e544fb22f45a7b9ad04af3ffaf747b5ecc2ffcd8c6dee.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F426E296D418D80A79AB85FB048926C5BD6C5C5E\Blob = 030000000100000014000000f426e296d418d80a79ab85fb048926c5bd6c5c5e200000000100000002030000308202fe308201e6a00302010202102d873ba8e75f36904da7305e5cefc631300d06092a864886f70d010105050030173115301306035504030c0c564d776172652c20496e632e301e170d3138303431353034313334305a170d3139303431353034333334305a30173115301306035504030c0c564d776172652c20496e632e30820122300d06092a864886f70d01010105000382010f003082010a0282010100978843f1e0329451c8db30319b9094e07d5c4f6203b63301dac1cb57fd25fc5a19d22d83f13baf66a3abf5a882ea03928f3de54b19212e27f9e5bc0d371c2abc28d82c5e1da145e00ef7c8ed0842143704235b006056430a5e108ce45ef3c631f6f375028adf78915be5131995191fdd64ce9a89c8a00a360b54d6d62273c29767479618740060d000aa90c0e28e7b3ee98c27593106609adbd90c8a92e5a001152fd8a70a43bede3f7b640d9aab7832de58ad7861d1066b8067dec25215d9a7549e06d59f42e38a444006c58034d7f3145bb12961917a0b78e1599193d218712e5181329c5b7f955e2e4f05a64f8dc9ec3657d57836dc389a40e34b1b5ec1c90203010001a3463044300e0603551d0f0101ff04040302078030130603551d25040c300a06082b06010505070303301d0603551d0e0416041454258d20a5226a8ffce29e86182a68b0840238e5300d06092a864886f70d0101050500038201010060567173a3a43404775c5e9b184bf60956b7ff3dd557eb3aa1719252f9b9449f75996d83c6766a9d71bd424c92351025e5f0ab5ca5793f110d7e25fb11231c67ba8938c693da015ef381e2306839960e07e758616a5caae8dc4169c3cc2569a913397e45e9828fb77cc3f798d87756290ab962cf8cbfd1eb9b52ba024bdccde3d26cb8885b848627c04ff88b1c5222760e043c1a875b053742c24c73789d3faeb32bca87c5e1514064be4f278dba085c26729fa631335d594db268bcbcd77447548062549f2b127170f0743ff32dd7db131cdfcdc32f54464b6960799968f6d6264c29a69ee99139055d59ea7f879a8c235ce9b3d72bc8325f852808103d0267	0df1105cbd7bb01dca7e544fb22f45a7b9ad04af3ffaf747b5ecc2ffcd8c6dee.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

Processes:

0df1105cbd7bb01dca7e544fb22f45a7b9ad04af3ffaf747b5ecc2ffcd8c6dee.exe0df1105cbd7bb01dca7e544fb22f45a7b9ad04af3ffaf747b5ecc2ffcd8c6dee.exechrome.exechrome.exechrome.exechrome.exe

pid	process
1560	0df1105cbd7bb01dca7e544fb22f45a7b9ad04af3ffaf747b5ecc2ffcd8c6dee.exe
1648	0df1105cbd7bb01dca7e544fb22f45a7b9ad04af3ffaf747b5ecc2ffcd8c6dee.exe
800	chrome.exe
1684	chrome.exe
1684	chrome.exe
2508	chrome.exe
2696	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

0df1105cbd7bb01dca7e544fb22f45a7b9ad04af3ffaf747b5ecc2ffcd8c6dee.execmd.exeDllHost.exe0df1105cbd7bb01dca7e544fb22f45a7b9ad04af3ffaf747b5ecc2ffcd8c6dee.execmd.exetaskeng.exeWScript.exechrome.exe

description	pid	process	target process
PID 1560 wrote to memory of 1228	1560	0df1105cbd7bb01dca7e544fb22f45a7b9ad04af3ffaf747b5ecc2ffcd8c6dee.exe	schtasks.exe
PID 1560 wrote to memory of 1228	1560	0df1105cbd7bb01dca7e544fb22f45a7b9ad04af3ffaf747b5ecc2ffcd8c6dee.exe	schtasks.exe
PID 1560 wrote to memory of 1228	1560	0df1105cbd7bb01dca7e544fb22f45a7b9ad04af3ffaf747b5ecc2ffcd8c6dee.exe	schtasks.exe
PID 1560 wrote to memory of 1228	1560	0df1105cbd7bb01dca7e544fb22f45a7b9ad04af3ffaf747b5ecc2ffcd8c6dee.exe	schtasks.exe
PID 1560 wrote to memory of 1472	1560	0df1105cbd7bb01dca7e544fb22f45a7b9ad04af3ffaf747b5ecc2ffcd8c6dee.exe	cmd.exe
PID 1560 wrote to memory of 1472	1560	0df1105cbd7bb01dca7e544fb22f45a7b9ad04af3ffaf747b5ecc2ffcd8c6dee.exe	cmd.exe
PID 1560 wrote to memory of 1472	1560	0df1105cbd7bb01dca7e544fb22f45a7b9ad04af3ffaf747b5ecc2ffcd8c6dee.exe	cmd.exe
PID 1560 wrote to memory of 1472	1560	0df1105cbd7bb01dca7e544fb22f45a7b9ad04af3ffaf747b5ecc2ffcd8c6dee.exe	cmd.exe
PID 1472 wrote to memory of 588	1472	cmd.exe	rundll32.exe
PID 1472 wrote to memory of 588	1472	cmd.exe	rundll32.exe
PID 1472 wrote to memory of 588	1472	cmd.exe	rundll32.exe
PID 1472 wrote to memory of 588	1472	cmd.exe	rundll32.exe
PID 1472 wrote to memory of 588	1472	cmd.exe	rundll32.exe
PID 1472 wrote to memory of 588	1472	cmd.exe	rundll32.exe
PID 1472 wrote to memory of 588	1472	cmd.exe	rundll32.exe
PID 1036 wrote to memory of 1648	1036	DllHost.exe	0df1105cbd7bb01dca7e544fb22f45a7b9ad04af3ffaf747b5ecc2ffcd8c6dee.exe
PID 1036 wrote to memory of 1648	1036	DllHost.exe	0df1105cbd7bb01dca7e544fb22f45a7b9ad04af3ffaf747b5ecc2ffcd8c6dee.exe
PID 1036 wrote to memory of 1648	1036	DllHost.exe	0df1105cbd7bb01dca7e544fb22f45a7b9ad04af3ffaf747b5ecc2ffcd8c6dee.exe
PID 1036 wrote to memory of 1648	1036	DllHost.exe	0df1105cbd7bb01dca7e544fb22f45a7b9ad04af3ffaf747b5ecc2ffcd8c6dee.exe
PID 1036 wrote to memory of 1648	1036	DllHost.exe	0df1105cbd7bb01dca7e544fb22f45a7b9ad04af3ffaf747b5ecc2ffcd8c6dee.exe
PID 1036 wrote to memory of 1648	1036	DllHost.exe	0df1105cbd7bb01dca7e544fb22f45a7b9ad04af3ffaf747b5ecc2ffcd8c6dee.exe
PID 1036 wrote to memory of 1648	1036	DllHost.exe	0df1105cbd7bb01dca7e544fb22f45a7b9ad04af3ffaf747b5ecc2ffcd8c6dee.exe
PID 1648 wrote to memory of 1740	1648	0df1105cbd7bb01dca7e544fb22f45a7b9ad04af3ffaf747b5ecc2ffcd8c6dee.exe	schtasks.exe
PID 1648 wrote to memory of 1740	1648	0df1105cbd7bb01dca7e544fb22f45a7b9ad04af3ffaf747b5ecc2ffcd8c6dee.exe	schtasks.exe
PID 1648 wrote to memory of 1740	1648	0df1105cbd7bb01dca7e544fb22f45a7b9ad04af3ffaf747b5ecc2ffcd8c6dee.exe	schtasks.exe
PID 1648 wrote to memory of 1740	1648	0df1105cbd7bb01dca7e544fb22f45a7b9ad04af3ffaf747b5ecc2ffcd8c6dee.exe	schtasks.exe
PID 1648 wrote to memory of 1500	1648	0df1105cbd7bb01dca7e544fb22f45a7b9ad04af3ffaf747b5ecc2ffcd8c6dee.exe	cmd.exe
PID 1648 wrote to memory of 1500	1648	0df1105cbd7bb01dca7e544fb22f45a7b9ad04af3ffaf747b5ecc2ffcd8c6dee.exe	cmd.exe
PID 1648 wrote to memory of 1500	1648	0df1105cbd7bb01dca7e544fb22f45a7b9ad04af3ffaf747b5ecc2ffcd8c6dee.exe	cmd.exe
PID 1648 wrote to memory of 1500	1648	0df1105cbd7bb01dca7e544fb22f45a7b9ad04af3ffaf747b5ecc2ffcd8c6dee.exe	cmd.exe
PID 1500 wrote to memory of 1520	1500	cmd.exe	rundll32.exe
PID 1500 wrote to memory of 1520	1500	cmd.exe	rundll32.exe
PID 1500 wrote to memory of 1520	1500	cmd.exe	rundll32.exe
PID 1500 wrote to memory of 1520	1500	cmd.exe	rundll32.exe
PID 1500 wrote to memory of 1520	1500	cmd.exe	rundll32.exe
PID 1500 wrote to memory of 1520	1500	cmd.exe	rundll32.exe
PID 1500 wrote to memory of 1520	1500	cmd.exe	rundll32.exe
PID 1552 wrote to memory of 1940	1552	taskeng.exe	WScript.exe
PID 1552 wrote to memory of 1940	1552	taskeng.exe	WScript.exe
PID 1552 wrote to memory of 1940	1552	taskeng.exe	WScript.exe
PID 1940 wrote to memory of 1684	1940	WScript.exe	chrome.exe
PID 1940 wrote to memory of 1684	1940	WScript.exe	chrome.exe
PID 1940 wrote to memory of 1684	1940	WScript.exe	chrome.exe
PID 1684 wrote to memory of 1012	1684	chrome.exe	chrome.exe
PID 1684 wrote to memory of 1012	1684	chrome.exe	chrome.exe
PID 1684 wrote to memory of 1012	1684	chrome.exe	chrome.exe
PID 1684 wrote to memory of 1424	1684	chrome.exe	chrome.exe
PID 1684 wrote to memory of 1424	1684	chrome.exe	chrome.exe
PID 1684 wrote to memory of 1424	1684	chrome.exe	chrome.exe
PID 1684 wrote to memory of 1424	1684	chrome.exe	chrome.exe
PID 1684 wrote to memory of 1424	1684	chrome.exe	chrome.exe
PID 1684 wrote to memory of 1424	1684	chrome.exe	chrome.exe
PID 1684 wrote to memory of 1424	1684	chrome.exe	chrome.exe
PID 1684 wrote to memory of 1424	1684	chrome.exe	chrome.exe
PID 1684 wrote to memory of 1424	1684	chrome.exe	chrome.exe
PID 1684 wrote to memory of 1424	1684	chrome.exe	chrome.exe
PID 1684 wrote to memory of 1424	1684	chrome.exe	chrome.exe
PID 1684 wrote to memory of 1424	1684	chrome.exe	chrome.exe
PID 1684 wrote to memory of 1424	1684	chrome.exe	chrome.exe
PID 1684 wrote to memory of 1424	1684	chrome.exe	chrome.exe
PID 1684 wrote to memory of 1424	1684	chrome.exe	chrome.exe
PID 1684 wrote to memory of 1424	1684	chrome.exe	chrome.exe
PID 1684 wrote to memory of 1424	1684	chrome.exe	chrome.exe
PID 1684 wrote to memory of 1424	1684	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\0df1105cbd7bb01dca7e544fb22f45a7b9ad04af3ffaf747b5ecc2ffcd8c6dee.exe
"C:\Users\Admin\AppData\Local\Temp\0df1105cbd7bb01dca7e544fb22f45a7b9ad04af3ffaf747b5ecc2ffcd8c6dee.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1560

C:\Windows\SysWOW64\schtasks.exe
schtasks /create /sc minute /mo 1 /tn "chrome" /tr C:\Users\Admin\AppData\Local\chrome\sec.vbs
2⤵
- Creates scheduled task(s)
PID:1228

C:\Windows\SysWOW64\cmd.exe
cmd /c rundll32 "C:\Users\Admin\AppData\Local\bWvHSQEk.dat",DllUnInstall C:\Users\Admin\AppData\Local\Temp\0df1105cbd7bb01dca7e544fb22f45a7b9ad04af3ffaf747b5ecc2ffcd8c6dee.exe C:\Users\Admin\AppData\Local\bWvHSQEk.dat
2⤵
- Suspicious use of WriteProcessMemory
PID:1472

C:\Windows\SysWOW64\rundll32.exe
rundll32 "C:\Users\Admin\AppData\Local\bWvHSQEk.dat",DllUnInstall C:\Users\Admin\AppData\Local\Temp\0df1105cbd7bb01dca7e544fb22f45a7b9ad04af3ffaf747b5ecc2ffcd8c6dee.exe C:\Users\Admin\AppData\Local\bWvHSQEk.dat
3⤵
- Loads dropped DLL
PID:588

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{FCC74B77-EC3E-4DD8-A80B-008A702075A9}
1⤵
- Suspicious use of WriteProcessMemory
PID:1036

C:\Users\Admin\AppData\Local\Temp\0df1105cbd7bb01dca7e544fb22f45a7b9ad04af3ffaf747b5ecc2ffcd8c6dee.exe
"C:\Users\Admin\AppData\Local\Temp\0df1105cbd7bb01dca7e544fb22f45a7b9ad04af3ffaf747b5ecc2ffcd8c6dee.exe" C:\Users\Admin\AppData\Local\bWvHSQEk.dat
2⤵
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1648

C:\Windows\SysWOW64\schtasks.exe
schtasks /create /sc minute /mo 1 /tn "chrome" /tr C:\Users\Admin\AppData\Local\chrome\sec.vbs
3⤵
- Creates scheduled task(s)
PID:1740

C:\Windows\SysWOW64\cmd.exe
cmd /c rundll32 "C:\Users\Admin\AppData\Local\bWvHSQEk.dat",Launch
3⤵
- Suspicious use of WriteProcessMemory
PID:1500

C:\Windows\SysWOW64\rundll32.exe
rundll32 "C:\Users\Admin\AppData\Local\bWvHSQEk.dat",Launch
4⤵
- Loads dropped DLL
PID:1520

C:\Windows\system32\taskeng.exe
taskeng.exe {D6335FAE-FD91-45B1-B489-A71F1C65CE99} S-1-5-21-3846991908-3261386348-1409841751-1000:VQVVOAJK\Admin:Interactive:[1]
1⤵
- Suspicious use of WriteProcessMemory
PID:1552

C:\Windows\System32\WScript.exe
C:\Windows\System32\WScript.exe "C:\Users\Admin\AppData\Local\chrome\sec.vbs"
2⤵
- Suspicious use of WriteProcessMemory
PID:1940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --load-extension=C:\Users\Admin\AppData\Local\chrome --silent-launch --enable-automation
3⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1684

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5f54f50,0x7fef5f54f60,0x7fef5f54f70
4⤵
PID:1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1068,839343941212041747,3929382690506759148,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1064 /prefetch:2
4⤵
PID:1424

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1068,839343941212041747,3929382690506759148,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1528 /prefetch:8
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1068,839343941212041747,3929382690506759148,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1804 /prefetch:8
4⤵
PID:1436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-automation --field-trial-handle=1068,839343941212041747,3929382690506759148,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2104 /prefetch:1
4⤵
PID:972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-automation --field-trial-handle=1068,839343941212041747,3929382690506759148,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2112 /prefetch:1
4⤵
PID:1772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1068,839343941212041747,3929382690506759148,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8
4⤵
PID:2164

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1068,839343941212041747,3929382690506759148,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2776 /prefetch:2
4⤵
PID:2236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1068,839343941212041747,3929382690506759148,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1536 /prefetch:8
4⤵
PID:2412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1068,839343941212041747,3929382690506759148,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3160 /prefetch:8
4⤵
PID:2456

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1068,839343941212041747,3929382690506759148,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=988 /prefetch:8
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:2508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1068,839343941212041747,3929382690506759148,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3236 /prefetch:8
4⤵
PID:2516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1068,839343941212041747,3929382690506759148,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3160 /prefetch:8
4⤵
PID:2524

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1068,839343941212041747,3929382690506759148,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=672 /prefetch:8
4⤵
PID:2588

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1068,839343941212041747,3929382690506759148,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3212 /prefetch:8
4⤵
PID:2624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1068,839343941212041747,3929382690506759148,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3368 /prefetch:8
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:2696

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1068,839343941212041747,3929382690506759148,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3528 /prefetch:8
4⤵
PID:2752

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1068,839343941212041747,3929382690506759148,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3320 /prefetch:8
4⤵
PID:2788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-automation --field-trial-handle=1068,839343941212041747,3929382690506759148,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:1
4⤵
PID:2836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-automation --field-trial-handle=1068,839343941212041747,3929382690506759148,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3712 /prefetch:1
4⤵
PID:2988

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1068,839343941212041747,3929382690506759148,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3728 /prefetch:8
4⤵
PID:3056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1068,839343941212041747,3929382690506759148,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=516 /prefetch:8
4⤵
PID:1208

C:\Windows\System32\WScript.exe
C:\Windows\System32\WScript.exe "C:\Users\Admin\AppData\Local\chrome\sec.vbs"
2⤵
PID:2916

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

T1053

Persistence

Registry Run Keys / Startup Folder

T1060

Scheduled Task

T1053

Privilege Escalation

Scheduled Task

T1053

Defense Evasion

Modify Registry

T1112

Install Root Certificate

T1130

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\bWvHSQEk.dat
MD5
f4f2b0f0d2b7096ebaa33b826681576c

SHA1
5e72af03fdaa001d5fc2eba479f34ca892493a48

SHA256
60ab33064a9875ee01eb9d2db7dc0cd8f290b3b0cc255640ab6ca988e93503fa

SHA512
18ed24863b2e8ede8f03c22ab727a9b6340a30ee276918c7113d253eebb86cb9a1810729243af118349b679e6b64835d68c5c621b9ee4955b4733de873221f99

Download Submit
C:\Users\Admin\AppData\Local\chrome.crx
MD5
daac85b1962c6474c826b6856213d4a7

SHA1
a305732f4eabf639e46a8ed53e01e83b957c13e0

SHA256
67b3530efb9a46b4cbc8d4b137e26e5757e588d933b8350c76fafad970c50c08

SHA512
ab3af2b41a4d033ac9413b4d41ce66d9aaa57c67e6247373a01b37bb0a5d3deb63b4277f2877a4e8aff34fbf1d0f3533183984ba69daff537fd14a1c998e0398

Download Submit
C:\Users\Admin\AppData\Local\chrome\_locales\en_US\messages.json
MD5
b6c378b7d108dcb283512a04ac19aa5b

SHA1
9cd12129a3dae1c195531186bdeb17247dc8b130

SHA256
c3e45056bea616da5e73ef0dac4b55adee5af9190b767fcdd11d7b1f4cdb7dc0

SHA512
384684ed648de78237c111c445da014b088eab95950eb2bd8af342ec6e5031790dfcee8d80e4dddb86b8b7389d0b424de5af05156a76139f7bcf987f9a7c5891

Download Submit
C:\Users\Admin\AppData\Local\chrome\background.js
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Local\chrome\common.js
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Local\chrome\composer.html
MD5
54ed2eb36d8c7fc6b5cce54755ff3e85

SHA1
1d4b6fa69155e33c3671012b2cd3802ae8d88b1e

SHA256
1cc8540e0a76352f95bb4971be32426cddce2ceecd85de51213a355769240171

SHA512
8ec7d01720b74d40a4a9b13a0555c0d69ec042adc912fd23b8682849f18b03f5a2732a503ef2a17fa791ef89ace70d76ee854cb358edaa1b80e5a09e94444865

Download Submit
C:\Users\Admin\AppData\Local\chrome\composer.js
MD5
b9a4e2e950beb5aa411c7a5234b282e9

SHA1
ff663ab4928e913414b5c249d66f013522b4f8a0

SHA256
20abcc240ed6227bb216ce5150721957cdafa03dd3967678403f7055f4c30017

SHA512
d17ca0ad1a2e2c963faa97e9a07d25e84e13cd8ccca6a047d418ad40d0a9b1f432dbe1716e20d589432fc74f3c50f84b3f741d2782e0c8d0d855ce912b495d35

Download Submit
C:\Users\Admin\AppData\Local\chrome\devtools-panel.html
MD5
926c297f258a0e20a4199db03096af60

SHA1
fb36f91ffc9c77e46910ef653470df0a69165877

SHA256
6961f346004f95a0d233431d91a10adb1f1c265aff87e956017f7e84535312ed

SHA512
f78dfb9cb816e71543cc97300fba72d710ca9b2217c093f04ad545d75c5c29453abd3c08f3e7951b99e48e3af6a12b4e5315554cacac27820c5488d9ecc7bd0a

Download Submit
C:\Users\Admin\AppData\Local\chrome\devtools-panel.js
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Local\chrome\devtools.html
MD5
9f51616497e3035b53f2ef4ccb3b9446

SHA1
e4b25360fcf5d05e72ba7bf3c985cdac65835812

SHA256
5d6c1b1cddf253d18b5bca4413af493ab0d247073626370a9f7a20e5031afa9a

SHA512
373c7228d4966cf16dee86196d96acb29c9fa0484f2e864b5cf07f8ab41f82ba2745da15f0ed63264b53c4902ed165026743b4b72fef601ac74220396cadae1a

Download Submit
C:\Users\Admin\AppData\Local\chrome\devtools.js
MD5
0c4f5d27a08e660bac230d3d3375139d

SHA1
d5f85976b2804ccbcf0fefa898c730667740d0d0

SHA256
8f62b982ec25d1df28f9c63054c309bcbea0c20623e5095e820bc46368804f9e

SHA512
5f8051c235e9e7994fb2cf8006796f6ad7e0bbe7f9149b33eaeaf4f39e760edec094c41d759e4a5a4acdd1d6c37892926bf8acb0af2158b497fb2b8c09d7cb69

Download Submit
C:\Users\Admin\AppData\Local\chrome\elemHideEmulation.js
MD5
eb5abae51b5041c9ae56f5e9abb20b06

SHA1
fdca79328176983adfb9a9aa4b84a91e0c68276f

SHA256
89fc48fccad57aa5f1ad0187b6482d2d9ec1f5d1da19bf53f10861f94c592903

SHA512
278f6f6c30a8c2e8295af83abf91c2e265dbc2cbdc16890bd58f9c28310b11fcdbd416367c5b4960d35a3c563665a46d0eb6536934cda6c7567093a5288f575e

Download Submit
C:\Users\Admin\AppData\Local\chrome\ext\background.js
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Local\chrome\ext\common.js
MD5
eee08e31725b31efc9bb28ffa7a8b1b0

SHA1
01c4f0f6ac1a9f96e3608c2ffc605ecde722ddb0

SHA256
0c0763773e90f63db4142e581f009cc96bb2c30eae999df81ff596b77b60124a

SHA512
93434a2acfad9e9f11206fbc32b251d8400262361038a005f5a97e148b6c72111beaf2da6c1ebe26a4f8a411d9af2c1fe72d1ff9410baba99cc3ef7be51b65fd

Download Submit
C:\Users\Admin\AppData\Local\chrome\ext\content.js
MD5
5fe4c82e755d6a584822cf391cddc404

SHA1
b535510631a794ee7f39d0e53c1568405ddac6c2

SHA256
6fb0d8cf21aa2cdfee3a8e5e73d2289a7938a9a736ec633bd2772ac76d4eb97a

SHA512
a036f566284deeb35ba4cec602042be4134e447854c0c8fe6edc140b4d1d4b4b7bf9203275db91ad7d394211dd1a4712660217929ee9e1f916f2af09a5b32b69

Download Submit
C:\Users\Admin\AppData\Local\chrome\ext\devtools.js
MD5
2085baaec9388f26fd0fcf932c74eed1

SHA1
f40422e62cf6faa7634c033755a8346195fa47b6

SHA256
1c41266b2fb2421f62c1070d16bafcae08cae9e37a2f544b31f91cd345f67056

SHA512
1f572ea2ac6d663ec35f18edb0b90736ca3f8864eb7d7bfd4e123cf3b50b35fed0660f352a0ef386a182489e2b4017d54a028b5c47459ede132070333560d535

Download Submit
C:\Users\Admin\AppData\Local\chrome\ext\popup.js
MD5
7da88b12c5903b729e50ed3a2176823b

SHA1
3ca856407200511c942d6ac0d7da5ae2da2c724a

SHA256
9ea861c9daf3d43fe758eb4accb9e59d57da4aa4796885a2b93d1cf2ec46f94a

SHA512
326c6fb81fbc4d8bcc0cf6ebe9baaaea6f9afea0205e15fe107b73b9028c3a00544910f8bf52e2b72f0715b2a8e8f820cbc395238804d0a1ce1c8ae9430b393c

Download Submit
C:\Users\Admin\AppData\Local\chrome\i18n.js
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Local\chrome\icons\abp-16-notification-critical.png
MD5
2ef14e26eb79e4390c229d492bd9dd3a

SHA1
7e00c0e71db5f07f7508f8cf31aee24ea9bb6df3

SHA256
4397755da9032621cb054c4c43b05f7578aa96bf646220fd85f661c00ae49b36

SHA512
7374845d5943a23c79d7ab491d650021a53d1fc015611eeef1bffe3ecdd415e4870c38dd2f138ad4ce38a1772944f0077f05b89bf5bfbc4d4051553aa7e3a3fb

Download Submit
C:\Users\Admin\AppData\Local\chrome\icons\abp-16-notification-information.png
MD5
222180a30b80de7c0725e517abb19da4

SHA1
993033954bd9c78e09230aa0ca6da13e91274523

SHA256
9f2c792a8b0102405a01f95c50cd210d5a6c355916217eb12866167513bd0bf3

SHA512
07a85aed02997d2b9d33a98a92e3598ce976b5e7f943301c56e678eaffc1d1e1d4704a8e8f4df92ad3db71e894cb0a10e2b614fb59feaeda41e248adbaea2bd7

Download Submit
C:\Users\Admin\AppData\Local\chrome\icons\abp-16-whitelisted.png
MD5
e81f118d87460fa56972a6d770ba4e6a

SHA1
f35005d60cee475abe15f7adc7b7d19f006ec966

SHA256
372c76ca20008e53228ebaa5f8ce4af6dc06e2d1a2d727c6ccf7327ef6fee627

SHA512
aea7ee3330d7282a364fd435c8dfdc88779a37651b8d14498ab234751a467afb47e0d19a0bcb664c04e53a71564b2168a2e468d61f43a4ca472d43fa1b221af6

Download Submit
C:\Users\Admin\AppData\Local\chrome\icons\abp-16.png
MD5
b479cc7e0b86334f0067215ec425d490

SHA1
0dceac328cf11d3513a2b051d7e5ea1470ed68b5

SHA256
32c36edd00f07fc84a4f36b53866ff5b3c6bb4d8469878c4f5ab4db28b2dbe5e

SHA512
5f489f1058dc2ada5ea849aa44b9cc4d3b335ce844223761adfb24f8d2c7b44e5cf360112e380f1b84ec7e25ed16aeff3dbbea15fc242e83d7307e33ac21fa82

Download Submit
C:\Users\Admin\AppData\Local\chrome\icons\abp-19-notification-critical.png
MD5
58f51c6092e4aa44b189dd83a8132495

SHA1
3f2e338527cf7dc168f6edbda9fc68a7ad4bad65

SHA256
c10f3a1fd6e91c0c34e1a08638e80681b0a2499b9c35c365cc2d70b98f96eaa3

SHA512
ee821817e8421a1c850a01da2de5c8066d7c799fa2858383f2725ebdf8c5328fce0b9f574aa856e67bef64f1134c0f0702560f9d7763043e612144751f1b4134

Download Submit
C:\Users\Admin\AppData\Local\chrome\icons\abp-19-notification-information.png
MD5
c7fb0904fd5567614ed421767be044f3

SHA1
5785b331e23572a965024c8257ebcfaa9f35568e

SHA256
e234e8ad61241685497e22b4d4ee6679be62fca8de791412578af4575dbc512c

SHA512
42675b4290290a86e41724e4df55dc5cd5d3aa4dfefc559078fbe63cca596862c82c7e0013ac72eba79131d41b962d3976f1b957693697d52a04f8f5fb3e6573

Download Submit
C:\Users\Admin\AppData\Local\chrome\icons\abp-19-whitelisted.png
MD5
d6ec1c73f3fb21bddbef967b03827bb4

SHA1
07a121ca715af9e739cae743dce1fc98162a8855

SHA256
edfc8b5919b9eb58a938c80e8d5840f959ac7214888273c4e063e85db0e8d890

SHA512
e646d18c808046681655fd972219931f6bcdb4c2883f054c05b3e1b2313949377794f326d772e9b8c241129716e2a358af6bad6e92d9a2b37057fe5bb430f9cc

Download Submit
C:\Users\Admin\AppData\Local\chrome\icons\abp-19.png
MD5
da45f5bdee8e054739d059a9392077d7

SHA1
14b2af240d00b3adcb7abffa65263dd0b2d530d3

SHA256
81e22945093cf05a2c98589f8bcd8c3b6203230982cc3c1e2f8013012e9c956c

SHA512
51ab816ab4b66dcd16734f6dacfb65f0702b2eba83f8d7c0facdd9c5cb5866e71c9602e794cf3a157bfe8474a80e90846879dc033270c5d00a13572dff0500a0

Download Submit
C:\Users\Admin\AppData\Local\chrome\icons\abp-20-notification-critical.png
MD5
a8898020580976a493c0462d3cf61cb8

SHA1
ab365ffeb28c55ae894a2aa13c79890b6c3fe2b4

SHA256
03c3c0846a3ee582f4c60fc08081952557d87f98008639cdc5c8b187ad1db453

SHA512
e26448502bd1f3ac5f4f62e64cb9211d8378e13b81c0cc774b6247d8b94b4097504122a6e63dc6437f02ef8ac6eda6dda6bcc3f4a41da7cbea8a47043f0f79e6

Download Submit
C:\Users\Admin\AppData\Local\chrome\icons\abp-20-notification-information.png
MD5
8b892eeefa7c0ea543bae4999d9f5ca9

SHA1
716ebb559ccf766ed81900d5e046ccf2ad7c94e7

SHA256
8fc390d6cc6335d35559261f521a7e9e9d3e7aaf5fa0f9d26141201950a0fd9c

SHA512
e61135de7eacd277a89a80248c9284ac7d637f493bb8a12d05ad62c72b7c7eff7a21090f3fa919931ed040edb62b5150e7e5e42fa29d3942f1e6985247eb47d6

Download Submit
C:\Users\Admin\AppData\Local\chrome\icons\abp-20-whitelisted.png
MD5
f240ebfa6f79add3aba01964d37964f4

SHA1
25447639abb1dbf2351055234cbf35dceb2cdbd6

SHA256
cd72b50039d45ffb81dcd217142c9a9d43b7d2063bf6d3d2447e1bf04d725ea0

SHA512
1856e1cf2d7309c12474fcf7646539177e01521b266d4dd53e4498bdce0a60104704c17fc65f2476c0ed8bc266aae27d6f0ebb1d2694735ab3cfc8cecf3ff31c

Download Submit
C:\Users\Admin\AppData\Local\chrome\icons\abp-20.png
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Local\chrome\icons\abp-32-notification-critical.png
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Local\chrome\icons\abp-32-notification-information.png
MD5
fe3daa31b47827465f62e96ea79ffdea

SHA1
1aee6b10cfb402ff466835707343d3b133036512

SHA256
2a7e7d133092795979a94c3660697ba45d1693da01c77a543174c044cc6349d2

SHA512
06ef11955356d4e6c2ec143dadf50d734572cfe3b92ac8eb52edaeb41416879de18d0fd7a80796bda8392b67752fae626af7134d3ac8184a6ee73afd2417ac9b

Download Submit
C:\Users\Admin\AppData\Local\chrome\icons\abp-32-whitelisted.png
MD5
f145081ab8d7e866d9a2209b7e158d3a

SHA1
7ecc29c48a52337459f1d4c79f294610846d91c8

SHA256
b6b7d62f0f5531c7d6a64691a8a2f6b7bbde630853788b6a2942abf6dccaa3a4

SHA512
33bb3c258151a3246816a6683474d1c24410cb409fa37335def0641a13a0ce928b0b82b643206622d72f962687d80afb09df8e4d231b8e7b919101fe52101151

Download Submit
C:\Users\Admin\AppData\Local\chrome\icons\abp-32.png
MD5
1732da07e623699a4a42f97bd16a560f

SHA1
e07dd4e0740ff04ca08b5b2d2207e48961ba905c

SHA256
4ecd5d5d1b594d5973eb6e170938c898daed06cada497e94bdcb75b7265680b9

SHA512
b7a1752ae69049d36b1c6f61911f11213f68db4202f3db371a44cbc68be7b222dc7b86f9c7cb61648f1b2e269ac4abce41d8be4afd16b9cc027a5bcec6349eb6

Download Submit
C:\Users\Admin\AppData\Local\chrome\icons\abp-38-notification-critical.png
MD5
808b25011060aec07a2124e13d09cde2

SHA1
66a79bc0fc46ebdf47a36d8068ac086f0a2c4460

SHA256
a384904ca9019f81e950dcd8b4780dcf95f464ef12069add13dc0ff7c8eef5f2

SHA512
537ecf8e13d7302029e466158d807330b9b182ff55d3dec87b49d6532f9fe0d81c6f7efa3cdc7a1e6aad538800b4fdd543bac2104ff81c48bd9b85f6807dc066

Download Submit
C:\Users\Admin\AppData\Local\chrome\icons\abp-38-notification-information.png
MD5
9732476d8cd6974bcfd14c92ca75f4df

SHA1
3e15df56af8aa4b327f73407f784e64507159bde

SHA256
aaaa01809c8b012b4ac67dc41222762e57a87a3ef255b6d911dbfcb7186e063b

SHA512
f397eaec2b4c1aaf2a9253e70e8741199d6a3e1dcec79e774f5c984f2f57127dfa75e14bb38d7cd0c3bfba5a8f8b111e05d2e50a052751aebdde2b66082333ac

Download Submit
C:\Users\Admin\AppData\Local\chrome\icons\abp-38-whitelisted.png
MD5
493940c2c4fb74c12869cc3dbb7f5de6

SHA1
230f102098b5cbf60ef6ed5aaa39c3c120a4f163

SHA256
71c48564483df51abda8f5f1cb762b09f815b445c069afb7029d605195bd3bf7

SHA512
cec198d467ee95dde864b62417137e5d63692aa884fafa91944f824e8d7f036ca2b810f4d4f72e0cd6961fbeae215b2b4371bb6bf372659f038107e7a039c37d

Download Submit
C:\Users\Admin\AppData\Local\chrome\icons\abp-38.png
MD5
dc2741009bdeb9a85695f65dc5937ca1

SHA1
6db8d3419faf212b592ce9570e2941d9538d5385

SHA256
33f2e426b9e45b26747964a8768e159106a5158d31d0df1548ede5b7eafae5dd

SHA512
ccf8155d3f8f528dac132633cf5d04c966adf693eb70186e544bb7c8423cbedecf93ab05ce309a1c5c0d4af8a78ea92952bd93cc55d1af1683af5881cee8d589

Download Submit
C:\Users\Admin\AppData\Local\chrome\icons\abp-40-notification-critical.png
MD5
a8024f6afc23dee102ea2004dfbbdad7

SHA1
2836c864a6d8099188fb845efc967b21b212e6d2

SHA256
765d483eca43b893409541cba81eaee4d198589308ecd35b54520122fdda17f5

SHA512
9104092b873f6fe1f1e5bfef83e301036a8eab347d55933ad6d60b233bf95c09a0f0010cfdbeddbc1062f96ce7b5d632432e97f05056e849cb6132441a555822

Download Submit
C:\Users\Admin\AppData\Local\chrome\icons\abp-40-notification-information.png
MD5
0df187fbd6000e45ada82496fdfadd53

SHA1
80aa3fb2266a9625a8d3b7ad1427f704c9aa822d

SHA256
639526218b23717cfa33e544a4f1f367e7e173502497925f8fa538d54c5367e0

SHA512
9809788107afed42da2d1bcf648d6109d6f79ccac636a05d4496ddb4d579b70cf9ff32a22317c158b3ad3a9695b08d7e989855a776174a93c7161a6cf027f296

Download Submit
C:\Users\Admin\AppData\Local\chrome\icons\abp-40-whitelisted.png
MD5
1b6ad42df03cec35fc4f307618c19ccd

SHA1
1951b7753a457f86d5de543a2795c8c8f289c4dd

SHA256
cfb034e6b32139ae634e8104e95a6bebfa396aefa02b2ddfde12721cd11a545c

SHA512
80451bcd6cead5c0024f73d1e322d67f473c9ecf0835e2362f972f31e27a226f101717392f4e508767f15bb8b94258ffdef68a00a13712a07b691da9110385f7

Download Submit
C:\Users\Admin\AppData\Local\chrome\icons\abp-40.png
MD5
55c1275fe8e62aff060a35746382189d

SHA1
9a0169af3a2beec51f9e752429d2379f5255e72e

SHA256
c928c65935609d8224a2db048c3bc9e31f136b78d87fee001987c4eaaa35ef88

SHA512
3aefe145c6856ee276c683a35ee8dfb44522957a27ed574875a1ea2cce4cc5f628d6a7704889bc0d60b43041fa184427083fb2ecf2a4f5c0f4c5e03bc65cfe77

Download Submit
C:\Users\Admin\AppData\Local\chrome\icons\detailed\abp-128.png
MD5
c8c2ab80c50ce04ec0cd7cd53ad273a1

SHA1
c186972f72428d236b81f501f7daa645a3f65a61

SHA256
74d1cd4690af12d5d6662cd1310735c544cf10fcd8ec5d0ddb9ab07433ed98b3

SHA512
e283a6e5a79322cde8def43bd1d8adde1628e5e283782e258ad1cb5f0daca55a3fa1fdc135c83539f2d6a155b93cfc3220d63bc7acf043829ef5e3bd4d88161b

Download Submit
C:\Users\Admin\AppData\Local\chrome\icons\detailed\abp-32.png
MD5
c01cb650985fd2432b0e809947040acb

SHA1
d12b0f453cbec51a73a39e979019d27d26d80a7f

SHA256
526a37b7d0f4f46b3129a12ce6415e50c74d0c53b3e1d45fd66b9e581d128095

SHA512
e7c4bde5e397bc0a3912035a9b3ca12f9f604e86122e2c9ce132600c9981bfecdb48aa19f864be7f9716a3ebe6db6f31bbcde0b2e6fc55b3d803ddd4a0ba2801

Download Submit
C:\Users\Admin\AppData\Local\chrome\icons\detailed\abp-48.png
MD5
28c316d55446eb3e28336eb7c28aeee0

SHA1
3e42deb8000b69b56e59b1281363bcb74c501c40

SHA256
2705398b214021609b4ce9fc6753ff587397b5d3ab52b06537da8ee775dcfb0b

SHA512
fad2b5eb5f06a95465e432c3139b9178a0ed9b8d1e08b14102e5d7b2ead4954cdd99dea8af5b295bbaee3aea1eaa2dfa9386be5eb6a69a2b3d25aa41ff14f5f7

Download Submit
C:\Users\Admin\AppData\Local\chrome\icons\detailed\abp-64.png
MD5
9288088476e6afc7a14ee8370e8f877c

SHA1
9044af894dabc3d28bcd8158fbc460886d872fee

SHA256
08996e9bc5dd8790ccc1752f9df9e376045a3682a33d4d909c623edfd47e3a00

SHA512
afc3eafc8af84b477789f27ce3f2dba567e85bd825742b83056f5aef224134961bb4906e08b36f38046527302b74723501127f1e67e8fced0db371e7153fd2fd

Download Submit
C:\Users\Admin\AppData\Local\chrome\include.postload.js
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Local\chrome\include.preload.js
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Local\chrome\lib\adblockplus.js
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Local\chrome\lib\compat.js
MD5
41689fc048b0bca1e538cbc5ca0b3174

SHA1
1ef8969897d58ad1d616ce73e381d4d49ff15dca

SHA256
673bd526e9665d79e14dff313f086598d536fd2d6041e57a4b1a6299fcad9cf9

SHA512
ed2a361ad94dc35cd4f328bc60d9152d7eb7ddbb275006c43349e0df9886639b283437ab33b4ceb19832bf485d76e0e4831021932a61cb14f931cd11657dce5c

Download Submit
C:\Users\Admin\AppData\Local\chrome\lib\info.js
MD5
61d27561340b641f9ca921ae3b1bcff4

SHA1
baa5aa9c27a5185bc2ff3adb9d83ab44d582767d

SHA256
e69408a2b61d13f04cf889ea5ae7e90c1381fc399e044fbdcd99341cf149d91a

SHA512
45a8da1ded100aa15257dfc986a76e60c047a56e24d69c0244a0d7fffed1cc283e44d06e70be3312accb00837304db61a8778b2c8147608dc39eb55c128960e6

Download Submit
C:\Users\Admin\AppData\Local\chrome\managed-storage-schema.json
MD5
0e9a5ffdff8ed14493481febb105c416

SHA1
af4cdf5e5dabbf0ba762e31b7f3e16ac7ac3a2bc

SHA256
838fa2ef936a8c22504c1b7f03ab5ed85f52c544d9177456f1559cd05221c611

SHA512
94ee943175dce6e8b0943e85814532731bda2df5ba83623ac394bbc3fc41b69dfa7db9e7a3b05717237455fa8e1fd6f339736504b203aae5f11845c6dbdfee5a

Download Submit
C:\Users\Admin\AppData\Local\chrome\manifest.json
MD5
99005fe24d0d9e5f2bc168cfc05acdae

SHA1
295de312b5b2f8957c7ae855da891b59b0e7e6e3

SHA256
2e60928126ad29e36a50bfbe82e66befb18113de9153c59f81b3b8f0f9b61100

SHA512
aa3d047a7ad4d12a0197b6e37b0297925a8f2ad7a7920d722bd7b381445b9ed0ec7527c7068f7da03aceccbb3adf28ed52e0a777d07e58041553bc78c2a998e2

Download Submit
C:\Users\Admin\AppData\Local\chrome\messageResponder.js
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Local\chrome\notification.js
MD5
4f6f4c3666376e6485d80b1fd6220367

SHA1
09ff41c274e3675dabda0e92a3b4e612b1708565

SHA256
10c615b6cc9084be0d5dfe2d1546d0466adc75ab726b2c86336bdd2b30bdfef1

SHA512
441a54513625715821dfc393c51bdcb12744d99f8a9d537706ee57e4b92be39c207ef93d610bd62a42ebb97cdf9cf849a9973da0da637ec1f2e542860497eb98

Download Submit
C:\Users\Admin\AppData\Local\chrome\options.html
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Local\chrome\options.js
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Local\chrome\popup.html
MD5
a75ab625690054979a9ebc8c7e5684ac

SHA1
a80ba80df891a454527bed9310597955a0fe06d4

SHA256
f29b6da4464250c890b83d87eaa829977e7e0e250279bb1438563286bd8cd06f

SHA512
d32edbbbaf663b3cae38d49721173bb3f31a2a7135a0bba852622815940b6c4b5d9b71d75ffc3f8d4b16fd54afc48839fcc263807d0763c1e20fc073cc029011

Download Submit
C:\Users\Admin\AppData\Local\chrome\popup.js
MD5
4f15c69af32c8b2a5573250599ee85ca

SHA1
0db1693910924862e78c0865538796269d5ebc8f

SHA256
4f58c09303d2d18a3150608f813d7429455fc2ebf675262629496132231104a3

SHA512
71186bd0b2076f9bc6aeae77e274e6bf7f2a0ae5ff6e31aa620f8ea5d18d2ee117ac53aff9967fe1dce554459680e41d19cd53f94761cf2fc81e6c3f8c850062

Download Submit
C:\Users\Admin\AppData\Local\chrome\sec.vbs
MD5
ec34163ce05e48c795bcac9f9a448d42

SHA1
ee3e510dbe5924a2b4fe2ad0d5f36d5056d2e8e0

SHA256
f3e15cb54d0bc61b259d58ea75443b2ba5b9de4a71ac10aad11cbc5f0b08e30c

SHA512
ebd7191272d179ebe3aa06eceab1c8ee3fe03e142d575b3fc0f65cd46ee3dfbdbd8adb6ff0be705abce0a606ff4e9ea950cf88b8f649291ab13ac672e47c2351

Download Submit
C:\Users\Admin\AppData\Local\chrome\stats.js
MD5
428c1cfdfd8579ba4fdd418f5f06496c

SHA1
3a5d6125eb98b32224da7ec832cde86f785f43fd

SHA256
fe427f70454f23266e987afc59f042b356867b3ebcc26160666a5bcec50c3ddc

SHA512
3950859832a29d97b6bac84c6ba5050e6364f757c18351d3f05600caa7597906e05a3f885574d8f4c7e26a8fdb14caeee5d6e1b835d3fbd7b761eedaddb3fa70

Download Submit
C:\Users\Admin\AppData\Local\chrome\subscriptions.xml
MD5
325434b2c9c1c6dedc06a5a9cf1731e2

SHA1
93863d5f01f7d3054c7220a6964b7a16efd57432

SHA256
e87cf9e8b1dae51682d1a867c06408032b312124a73b9384954c13cace30c006

SHA512
18944e8bcd61dff448728c6d27122192807577f6bf3b80767383766422950dd7b857413bc0f1fdfd496153b5023f452a09cdc7483cf9a0787948ab75fe0ff82b

Download Submit
C:\Users\Admin\AppData\Local\chrome\utils.js
MD5
6b037f08ddcb10607833251a8ef4a875

SHA1
d81a43d082ff03b09d4afd6b00d18c3eb2f8e533

SHA256
09b131cae064358aeb02dcc7b5ff9e2920d4cd2a22658526dc15de249b1655ae

SHA512
3ec21db1bf9b1d5dd60653801112f1205b0a3a282a27bf623243772e8f18a644a5079bc36f11158f4c6ec7cdb372f10258d8a7fa87290eedc244f03fa5595e0d

Download Submit
\Users\Admin\AppData\Local\bWvHSQEk.dat
MD5
f4f2b0f0d2b7096ebaa33b826681576c

SHA1
5e72af03fdaa001d5fc2eba479f34ca892493a48

SHA256
60ab33064a9875ee01eb9d2db7dc0cd8f290b3b0cc255640ab6ca988e93503fa

SHA512
18ed24863b2e8ede8f03c22ab727a9b6340a30ee276918c7113d253eebb86cb9a1810729243af118349b679e6b64835d68c5c621b9ee4955b4733de873221f99

Download Submit
memory/1520-123-0x0000000000160000-0x0000000000161000-memory.dmp

Filesize
4KB

Download
memory/1552-124-0x000007FEFC061000-0x000007FEFC063000-memory.dmp

Filesize
8KB

Download
memory/1560-54-0x0000000076911000-0x0000000076913000-memory.dmp

Filesize
8KB

Download