d312c079c51f2bf011902df86e1ca4cac84eb7c74ff104fa48a505caa88ef2fe

Resubmissions

10-08-2022 19:23

220810-x36waagae3 10

Analysis

max time kernel
1199s
max time network
1203s
platform
windows10-1703_x64
resource
win10-20220722-en
resource tags

arch:x64arch:x86image:win10-20220722-enlocale:en-usos:windows10-1703-x64system
submitted
10-08-2022 19:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

challenge-files.zip
Size

4.8MB
MD5

4edf33b3a4dd1c1c005aefeaa29c7f1d
SHA1

e4d4bb8c8dcf357b068019660fdc72e65f577857
SHA256

d312c079c51f2bf011902df86e1ca4cac84eb7c74ff104fa48a505caa88ef2fe
SHA512

b647d071e71ece4a4d5d4601f28cbcab9f12a85014f1d06cc80ed65f35c7d3f81fc0b27cfd0855b456194f50e7f5dd2ce9588077735c2ec7f43f4a1e38ee2803

Score

10^/10

spyware stealer

Malware Config

Signatures

Process spawned unexpected child process 1 IoCs

This typically indicates the parent process was compromised via an exploit or macro.

Processes:

explorer.exe

description	pid	pid_target	process	target process
Parent C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE is not expected to spawn this process	1884	436	explorer.exe	WINWORD.EXE

Executes dropped EXE 5 IoCs

Processes:

ChromeRecovery.exesoftware_reporter_tool.exesoftware_reporter_tool.exesoftware_reporter_tool.exesoftware_reporter_tool.exe

pid	process
3652	ChromeRecovery.exe
3200	software_reporter_tool.exe
3500	software_reporter_tool.exe
2308	software_reporter_tool.exe
2200	software_reporter_tool.exe

Loads dropped DLL 7 IoCs

Processes:

software_reporter_tool.exe

pid	process
2308	software_reporter_tool.exe
2308	software_reporter_tool.exe
2308	software_reporter_tool.exe
2308	software_reporter_tool.exe
2308	software_reporter_tool.exe
2308	software_reporter_tool.exe
2308	software_reporter_tool.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Drops file in Program Files directory 7 IoCs

Processes:

elevation_service.exe

description	ioc	process
File created	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3136_1802674974\_metadata\verified_contents.json	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3136_1802674974\_metadata\verified_contents.json	elevation_service.exe
File created	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3136_1802674974\ChromeRecoveryCRX.crx	elevation_service.exe
File created	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3136_1802674974\ChromeRecovery.exe	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3136_1802674974\ChromeRecovery.exe	elevation_service.exe
File created	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3136_1802674974\manifest.json	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3136_1802674974\manifest.json	elevation_service.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-1608273745-3137450291-1597631108-1000_Classes\Local Settings chrome.exe
Suspicious behavior: AddClipboardFormatListener 2 IoCs

Processes:

WINWORD.EXE

pid process

436 WINWORD.EXE
436 WINWORD.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1608273745-3137450291-1597631108-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 28 IoCs

Processes:

chrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exesoftware_reporter_tool.exe

pid	process
4308	chrome.exe
4308	chrome.exe
5112	chrome.exe
5112	chrome.exe
4612	chrome.exe
4612	chrome.exe
4400	chrome.exe
4400	chrome.exe
2752	chrome.exe
2752	chrome.exe
312	chrome.exe
312	chrome.exe
3292	chrome.exe
3292	chrome.exe
2280	chrome.exe
2280	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
4360	chrome.exe
4360	chrome.exe
4868	chrome.exe
4868	chrome.exe
5028	chrome.exe
5028	chrome.exe
3200	software_reporter_tool.exe
3200	software_reporter_tool.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

Processes:

chrome.exe

pid	process
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe

Suspicious use of AdjustPrivilegeToken 15 IoCs

Processes:

7zG.exe7zG.exesoftware_reporter_tool.exesoftware_reporter_tool.exesoftware_reporter_tool.exesoftware_reporter_tool.exe

description	pid	process
Token: SeRestorePrivilege	5104	7zG.exe
Token: 35	5104	7zG.exe
Token: SeSecurityPrivilege	5104	7zG.exe
Token: SeSecurityPrivilege	5104	7zG.exe
Token: SeRestorePrivilege	420	7zG.exe
Token: 35	420	7zG.exe
Token: SeSecurityPrivilege	420	7zG.exe
Token: 33	3500	software_reporter_tool.exe
Token: SeIncBasePriorityPrivilege	3500	software_reporter_tool.exe
Token: 33	3200	software_reporter_tool.exe
Token: SeIncBasePriorityPrivilege	3200	software_reporter_tool.exe
Token: 33	2308	software_reporter_tool.exe
Token: SeIncBasePriorityPrivilege	2308	software_reporter_tool.exe
Token: 33	2200	software_reporter_tool.exe
Token: SeIncBasePriorityPrivilege	2200	software_reporter_tool.exe

Suspicious use of FindShellTrayWindow 38 IoCs

Processes:

chrome.exe7zG.exe7zG.exe

pid	process
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5104	7zG.exe
420	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe

Suspicious use of SetWindowsHookEx 14 IoCs

Processes:

WINWORD.EXE

pid	process
436	WINWORD.EXE
436	WINWORD.EXE
436	WINWORD.EXE
436	WINWORD.EXE
436	WINWORD.EXE
436	WINWORD.EXE
436	WINWORD.EXE
436	WINWORD.EXE
436	WINWORD.EXE
436	WINWORD.EXE
436	WINWORD.EXE
436	WINWORD.EXE
436	WINWORD.EXE
436	WINWORD.EXE

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 5112 wrote to memory of 3584	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 3584	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 1944	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 1944	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 1944	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 1944	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 1944	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 1944	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 1944	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 1944	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 1944	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 1944	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 1944	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 1944	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 1944	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 1944	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 1944	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 1944	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 1944	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 1944	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 1944	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 1944	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 1944	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 1944	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 1944	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 1944	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 1944	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 1944	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 1944	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 1944	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 1944	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 1944	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 1944	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 1944	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 1944	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 1944	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 1944	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 1944	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 1944	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 1944	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 1944	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 1944	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4308	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4308	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4996	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4996	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4996	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4996	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4996	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4996	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4996	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4996	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4996	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4996	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4996	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4996	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4996	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4996	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4996	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4996	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4996	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4996	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4996	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4996	5112	chrome.exe	chrome.exe

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\challenge-files.zip
1⤵
PID:2780

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xd0,0xd4,0xd8,0xac,0xdc,0x7ffc54834f50,0x7ffc54834f60,0x7ffc54834f70
2⤵
PID:3584

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1492,3742728327321714140,13082030945964036357,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1540 /prefetch:2
2⤵
PID:1944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1492,3742728327321714140,13082030945964036357,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1744 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1492,3742728327321714140,13082030945964036357,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2196 /prefetch:8
2⤵
PID:4996

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1492,3742728327321714140,13082030945964036357,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2708 /prefetch:1
2⤵
PID:3756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1492,3742728327321714140,13082030945964036357,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2700 /prefetch:1
2⤵
PID:1284

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1492,3742728327321714140,13082030945964036357,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1
2⤵
PID:4004

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1492,3742728327321714140,13082030945964036357,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4280 /prefetch:8
2⤵
PID:5076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1492,3742728327321714140,13082030945964036357,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4380 /prefetch:8
2⤵
PID:3592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1492,3742728327321714140,13082030945964036357,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4488 /prefetch:8
2⤵
PID:4032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1492,3742728327321714140,13082030945964036357,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5116 /prefetch:8
2⤵
PID:4692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1492,3742728327321714140,13082030945964036357,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4556 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1492,3742728327321714140,13082030945964036357,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5272 /prefetch:8
2⤵
PID:4756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1492,3742728327321714140,13082030945964036357,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5332 /prefetch:8
2⤵
PID:3096

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1492,3742728327321714140,13082030945964036357,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1492,3742728327321714140,13082030945964036357,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5024 /prefetch:8
2⤵
PID:864

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1492,3742728327321714140,13082030945964036357,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5316 /prefetch:8
2⤵
PID:660

C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\setup.exe" --reenable-autoupdates --system-level
2⤵
PID:868

C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff6ee32a890,0x7ff6ee32a8a0,0x7ff6ee32a8b0
3⤵
PID:3960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1492,3742728327321714140,13082030945964036357,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
2⤵
PID:1920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1492,3742728327321714140,13082030945964036357,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
2⤵
PID:1612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1492,3742728327321714140,13082030945964036357,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3824 /prefetch:1
2⤵
PID:4548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1492,3742728327321714140,13082030945964036357,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2840 /prefetch:1
2⤵
PID:2408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1492,3742728327321714140,13082030945964036357,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=2948 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2752

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1492,3742728327321714140,13082030945964036357,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2788 /prefetch:8
2⤵
PID:3012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1492,3742728327321714140,13082030945964036357,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3092 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:312

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1492,3742728327321714140,13082030945964036357,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1492,3742728327321714140,13082030945964036357,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2412 /prefetch:8
2⤵
PID:3860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1492,3742728327321714140,13082030945964036357,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2512 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2280

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1492,3742728327321714140,13082030945964036357,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2436 /prefetch:8
2⤵
PID:4888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1492,3742728327321714140,13082030945964036357,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3316 /prefetch:8
2⤵
PID:1404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1492,3742728327321714140,13082030945964036357,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
2⤵
PID:4892

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1492,3742728327321714140,13082030945964036357,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5356 /prefetch:8
2⤵
PID:4556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1492,3742728327321714140,13082030945964036357,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
2⤵
PID:4724

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1492,3742728327321714140,13082030945964036357,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
2⤵
PID:4432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1492,3742728327321714140,13082030945964036357,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3532 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1492,3742728327321714140,13082030945964036357,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5000 /prefetch:8
2⤵
PID:536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1492,3742728327321714140,13082030945964036357,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
2⤵
PID:4660

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1492,3742728327321714140,13082030945964036357,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4748 /prefetch:8
2⤵
PID:3556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1492,3742728327321714140,13082030945964036357,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4644 /prefetch:8
2⤵
PID:4324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1492,3742728327321714140,13082030945964036357,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4656 /prefetch:8
2⤵
PID:4004

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1492,3742728327321714140,13082030945964036357,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4892 /prefetch:8
2⤵
PID:4196

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1492,3742728327321714140,13082030945964036357,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3560 /prefetch:8
2⤵
PID:2752

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1492,3742728327321714140,13082030945964036357,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2428 /prefetch:8
2⤵
PID:4552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1492,3742728327321714140,13082030945964036357,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1352 /prefetch:8
2⤵
PID:196

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1492,3742728327321714140,13082030945964036357,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2156 /prefetch:1
2⤵
PID:68

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1492,3742728327321714140,13082030945964036357,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3812 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4360

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1492,3742728327321714140,13082030945964036357,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3092 /prefetch:8
2⤵
PID:4848

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1492,3742728327321714140,13082030945964036357,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4868

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1492,3742728327321714140,13082030945964036357,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5620 /prefetch:8
2⤵
PID:2044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1492,3742728327321714140,13082030945964036357,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3316 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1492,3742728327321714140,13082030945964036357,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5536 /prefetch:8
2⤵
PID:3348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1492,3742728327321714140,13082030945964036357,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 /prefetch:8
2⤵
PID:1392

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1492,3742728327321714140,13082030945964036357,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3348 /prefetch:8
2⤵
PID:1732

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1492,3742728327321714140,13082030945964036357,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4784 /prefetch:8
2⤵
PID:1148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1492,3742728327321714140,13082030945964036357,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4588 /prefetch:8
2⤵
PID:3304

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1492,3742728327321714140,13082030945964036357,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5368 /prefetch:8
2⤵
PID:4552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1492,3742728327321714140,13082030945964036357,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=980 /prefetch:8
2⤵
PID:4576

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1492,3742728327321714140,13082030945964036357,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2612 /prefetch:1
2⤵
PID:1032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1492,3742728327321714140,13082030945964036357,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4964 /prefetch:8
2⤵
PID:2880

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\103.287.200\software_reporter_tool.exe
"C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\103.287.200\software_reporter_tool.exe" --engine=2 --scan-locations=1,2,3,4,5,6,7,8,10 --disabled-locations=9,11 --session-id=LRBOi+PBCbazfa10K86+5JkQ19ebY+JkpMHLR5JP --registry-suffix=ESET --enable-crash-reporting --srt-field-trial-group-name=Off
2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3200

\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\103.287.200\software_reporter_tool.exe
"c:\users\admin\appdata\local\google\chrome\user data\swreporter\103.287.200\software_reporter_tool.exe" --crash-handler "--database=c:\users\admin\appdata\local\Google\Software Reporter Tool" --url=https://clients2.google.com/cr/report --annotation=plat=Win32 --annotation=prod=ChromeFoil --annotation=ver=103.287.200 --initial-client-data=0x250,0x254,0x258,0x22c,0x25c,0x7ff6b596ecc8,0x7ff6b596ecd8,0x7ff6b596ece8
3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3500

\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\103.287.200\software_reporter_tool.exe
"c:\users\admin\appdata\local\google\chrome\user data\swreporter\103.287.200\software_reporter_tool.exe" --enable-crash-reporting --use-crash-handler-with-id="\\.\pipe\crashpad_3200_JSDUFRZVSWYIGXPI" --sandboxed-process-id=2 --init-done-notifier=728 --sandbox-mojo-pipe-token=18003976167373482682 --mojo-platform-channel-handle=696 --engine=2
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:2308

\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\103.287.200\software_reporter_tool.exe
"c:\users\admin\appdata\local\google\chrome\user data\swreporter\103.287.200\software_reporter_tool.exe" --enable-crash-reporting --use-crash-handler-with-id="\\.\pipe\crashpad_3200_JSDUFRZVSWYIGXPI" --sandboxed-process-id=3 --init-done-notifier=936 --sandbox-mojo-pipe-token=7914531446581365574 --mojo-platform-channel-handle=932
3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2200

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap12072:92:7zEvent7187
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5104

C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe"
1⤵
- Drops file in Program Files directory
PID:3136

C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3136_1802674974\ChromeRecovery.exe
"C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3136_1802674974\ChromeRecovery.exe" --appguid={8A69D345-D564-463c-AFF1-A69D9E530F96} --browser-version=89.0.4389.114 --sessionid={6e0d4279-03ff-48cd-b286-ce39849622be} --system
2⤵
- Executes dropped EXE
PID:3652

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" h -scrcSHA256 -i#7zMap13363:162:7zEvent8972
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:420

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\challenge-files\challenge-files\docs 06.02.2021.doc" /o ""
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:436

C:\Windows\explorer.exe
explorer collectionBoxConst.hta
2⤵
- Process spawned unexpected child process
PID:1884

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:1528

C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Downloads\challenge-files\challenge-files\collectionBoxConst.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
2⤵
PID:4384

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

T1102

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3136_1802674974\ChromeRecovery.exe

Filesize
253KB

MD5
49ac3c96d270702a27b4895e4ce1f42a

SHA1
55b90405f1e1b72143c64113e8bc65608dd3fd76

SHA256
82aa3fd6a25cda9e16689cfadea175091be010cecae537e517f392e0bef5ba0f

SHA512
b62f6501cb4c992d42d9097e356805c88ac4ac5a46ead4a8eee9f8cbae197b2305da8aab5b4a61891fe73951588025f2d642c32524b360687993f98c913138a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\RecoveryImproved\1.3.36.141\Recovery.crx3

Filesize
141KB

MD5
ea1c1ffd3ea54d1fb117bfdbb3569c60

SHA1
10958b0f690ae8f5240e1528b1ccffff28a33272

SHA256
7c3a6a7d16ac44c3200f572a764bce7d8fa84b9572dd028b15c59bdccbc0a77d

SHA512
6c30728cac9eac53f0b27b7dbe2222da83225c3b63617d6b271a6cfedf18e8f0a8dffa1053e1cbc4c5e16625f4bbc0d03aa306a946c9d72faa4ceb779f8ffcaf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\103.287.200\software_reporter_tool.exe

Filesize
14.0MB

MD5
674fcd56fd8e862670c8c009a1638993

SHA1
5f95b0d277b78fa81864841c1408a24b42a2eddd

SHA256
87e6f28f1289b045852f186e6f728930af202c50a288b6eba75443ce56980b34

SHA512
5c7761c9185bd0d9ea4ddd6b69b078764ce7cd5d03c1a530afe047496c45c4004259f068bfcbf764ec75f2a393467acf2c08c7542d01c0393f56b3e0126cf52e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\103.287.200\software_reporter_tool.exe

Filesize
14.0MB

MD5
674fcd56fd8e862670c8c009a1638993

SHA1
5f95b0d277b78fa81864841c1408a24b42a2eddd

SHA256
87e6f28f1289b045852f186e6f728930af202c50a288b6eba75443ce56980b34

SHA512
5c7761c9185bd0d9ea4ddd6b69b078764ce7cd5d03c1a530afe047496c45c4004259f068bfcbf764ec75f2a393467acf2c08c7542d01c0393f56b3e0126cf52e

Download Submit
C:\Users\Admin\Downloads\challenge-files.zip

Filesize
4.8MB

MD5
4edf33b3a4dd1c1c005aefeaa29c7f1d

SHA1
e4d4bb8c8dcf357b068019660fdc72e65f577857

SHA256
d312c079c51f2bf011902df86e1ca4cac84eb7c74ff104fa48a505caa88ef2fe

SHA512
b647d071e71ece4a4d5d4601f28cbcab9f12a85014f1d06cc80ed65f35c7d3f81fc0b27cfd0855b456194f50e7f5dd2ce9588077735c2ec7f43f4a1e38ee2803

Download Submit
C:\Users\Admin\Downloads\challenge-files\challenge-files\collectionBoxConst.hta

Filesize
3KB

MD5
99a1a4391c6be3ac5f137c0a092d8edd

SHA1
34afc663a569d0ba183c73ab40ae8d682273d193

SHA256
b25865183c5cd2c5e550aca8476e592b62ed3e37e6b628f955bbed454fdbb100

SHA512
45e5b38d72add4d28234b539071a3cb4059c9c104b5389a43190fd3197843e103fdaf7552c1edcb9bbbabe15b122a8bef0389ce39d6130b438a835c4c2d4f345

Download Submit
\??\c:\users\admin\appdata\local\Google\Software Reporter Tool\settings.dat

Filesize
40B

MD5
c50a23f8b1ef5138e6ac186beadf46e9

SHA1
c3bac178c79b954b8d5d0981db8d4e9489f60042

SHA256
0d574b31dea917e163aff5cdb940980f5ad9925fb80e9c39c9381942b3056910

SHA512
805c218aae0255b2c013d37d8ea50fd9904be2adc74115816f7a073948b85056b58ab467f3d79d8e5b25aa4e40a91c48e33eedf9a1a364c09131df84981ddba6

Download Submit
\??\pipe\crashpad_5112_REFTZKKOYYWYVSFU

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\crashpad_868_UYJXNWUTRXCGYIIF

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/436-230-0x00007FFC20930000-0x00007FFC20940000-memory.dmp

Filesize
64KB

Download
memory/868-128-0x0000000000000000-mapping.dmp

Download
memory/1884-367-0x0000000000000000-mapping.dmp

Download
memory/2200-223-0x0000000000000000-mapping.dmp

Download
memory/2308-219-0x0000000000000000-mapping.dmp

Download
memory/3200-209-0x0000000000000000-mapping.dmp

Download
memory/3500-213-0x0000000000000000-mapping.dmp

Download
memory/3652-173-0x0000000077630000-0x00000000777BE000-memory.dmp

Filesize
1.6MB

Download
memory/3652-182-0x0000000077630000-0x00000000777BE000-memory.dmp

Filesize
1.6MB

Download
memory/3652-151-0x0000000077630000-0x00000000777BE000-memory.dmp

Filesize
1.6MB

Download
memory/3652-152-0x0000000077630000-0x00000000777BE000-memory.dmp

Filesize
1.6MB

Download
memory/3652-153-0x0000000077630000-0x00000000777BE000-memory.dmp

Filesize
1.6MB

Download
memory/3652-154-0x0000000077630000-0x00000000777BE000-memory.dmp

Filesize
1.6MB

Download
memory/3652-155-0x0000000077630000-0x00000000777BE000-memory.dmp

Filesize
1.6MB

Download
memory/3652-156-0x0000000077630000-0x00000000777BE000-memory.dmp

Filesize
1.6MB

Download
memory/3652-157-0x0000000077630000-0x00000000777BE000-memory.dmp

Filesize
1.6MB

Download
memory/3652-158-0x0000000077630000-0x00000000777BE000-memory.dmp

Filesize
1.6MB

Download
memory/3652-159-0x0000000077630000-0x00000000777BE000-memory.dmp

Filesize
1.6MB

Download
memory/3652-160-0x0000000077630000-0x00000000777BE000-memory.dmp

Filesize
1.6MB

Download
memory/3652-161-0x0000000077630000-0x00000000777BE000-memory.dmp

Filesize
1.6MB

Download
memory/3652-162-0x0000000077630000-0x00000000777BE000-memory.dmp

Filesize
1.6MB

Download
memory/3652-163-0x0000000077630000-0x00000000777BE000-memory.dmp

Filesize
1.6MB

Download
memory/3652-164-0x0000000077630000-0x00000000777BE000-memory.dmp

Filesize
1.6MB

Download
memory/3652-165-0x0000000077630000-0x00000000777BE000-memory.dmp

Filesize
1.6MB

Download
memory/3652-166-0x0000000077630000-0x00000000777BE000-memory.dmp

Filesize
1.6MB

Download
memory/3652-167-0x0000000077630000-0x00000000777BE000-memory.dmp

Filesize
1.6MB

Download
memory/3652-168-0x0000000077630000-0x00000000777BE000-memory.dmp

Filesize
1.6MB

Download
memory/3652-169-0x0000000077630000-0x00000000777BE000-memory.dmp

Filesize
1.6MB

Download
memory/3652-170-0x0000000077630000-0x00000000777BE000-memory.dmp

Filesize
1.6MB

Download
memory/3652-171-0x0000000077630000-0x00000000777BE000-memory.dmp

Filesize
1.6MB

Download
memory/3652-172-0x0000000077630000-0x00000000777BE000-memory.dmp

Filesize
1.6MB

Download
memory/3652-149-0x0000000077630000-0x00000000777BE000-memory.dmp

Filesize
1.6MB

Download
memory/3652-174-0x0000000077630000-0x00000000777BE000-memory.dmp

Filesize
1.6MB

Download
memory/3652-175-0x0000000077630000-0x00000000777BE000-memory.dmp

Filesize
1.6MB

Download
memory/3652-176-0x0000000077630000-0x00000000777BE000-memory.dmp

Filesize
1.6MB

Download
memory/3652-177-0x0000000077630000-0x00000000777BE000-memory.dmp

Filesize
1.6MB

Download
memory/3652-179-0x0000000077630000-0x00000000777BE000-memory.dmp

Filesize
1.6MB

Download
memory/3652-178-0x0000000077630000-0x00000000777BE000-memory.dmp

Filesize
1.6MB

Download
memory/3652-180-0x0000000077630000-0x00000000777BE000-memory.dmp

Filesize
1.6MB

Download
memory/3652-181-0x0000000077630000-0x00000000777BE000-memory.dmp

Filesize
1.6MB

Download
memory/3652-150-0x0000000077630000-0x00000000777BE000-memory.dmp

Filesize
1.6MB

Download
memory/3652-183-0x0000000077630000-0x00000000777BE000-memory.dmp

Filesize
1.6MB

Download
memory/3652-184-0x0000000077630000-0x00000000777BE000-memory.dmp

Filesize
1.6MB

Download
memory/3652-185-0x0000000077630000-0x00000000777BE000-memory.dmp

Filesize
1.6MB

Download
memory/3652-186-0x0000000077630000-0x00000000777BE000-memory.dmp

Filesize
1.6MB

Download
memory/3652-187-0x0000000077630000-0x00000000777BE000-memory.dmp

Filesize
1.6MB

Download
memory/3652-188-0x0000000077630000-0x00000000777BE000-memory.dmp

Filesize
1.6MB

Download
memory/3652-189-0x0000000077630000-0x00000000777BE000-memory.dmp

Filesize
1.6MB

Download
memory/3652-190-0x0000000077630000-0x00000000777BE000-memory.dmp

Filesize
1.6MB

Download
memory/3652-192-0x0000000077630000-0x00000000777BE000-memory.dmp

Filesize
1.6MB

Download
memory/3652-191-0x0000000077630000-0x00000000777BE000-memory.dmp

Filesize
1.6MB

Download
memory/3652-193-0x0000000077630000-0x00000000777BE000-memory.dmp

Filesize
1.6MB

Download
memory/3652-194-0x0000000077630000-0x00000000777BE000-memory.dmp

Filesize
1.6MB

Download
memory/3652-195-0x0000000077630000-0x00000000777BE000-memory.dmp

Filesize
1.6MB

Download
memory/3652-196-0x0000000077630000-0x00000000777BE000-memory.dmp

Filesize
1.6MB

Download
memory/3652-197-0x0000000077630000-0x00000000777BE000-memory.dmp

Filesize
1.6MB

Download
memory/3652-198-0x0000000077630000-0x00000000777BE000-memory.dmp

Filesize
1.6MB

Download
memory/3652-199-0x0000000077630000-0x00000000777BE000-memory.dmp

Filesize
1.6MB

Download
memory/3652-200-0x0000000077630000-0x00000000777BE000-memory.dmp

Filesize
1.6MB

Download
memory/3652-201-0x0000000077630000-0x00000000777BE000-memory.dmp

Filesize
1.6MB

Download
memory/3652-202-0x0000000077630000-0x00000000777BE000-memory.dmp

Filesize
1.6MB

Download
memory/3652-203-0x0000000077630000-0x00000000777BE000-memory.dmp

Filesize
1.6MB

Download
memory/3652-148-0x0000000077630000-0x00000000777BE000-memory.dmp

Filesize
1.6MB

Download
memory/3652-147-0x0000000077630000-0x00000000777BE000-memory.dmp

Filesize
1.6MB

Download
memory/3652-146-0x0000000077630000-0x00000000777BE000-memory.dmp

Filesize
1.6MB

Download
memory/3652-145-0x0000000077630000-0x00000000777BE000-memory.dmp

Filesize
1.6MB

Download
memory/3652-144-0x0000000077630000-0x00000000777BE000-memory.dmp

Filesize
1.6MB

Download
memory/3652-143-0x0000000077630000-0x00000000777BE000-memory.dmp

Filesize
1.6MB

Download
memory/3652-142-0x0000000077630000-0x00000000777BE000-memory.dmp

Filesize
1.6MB

Download
memory/3652-141-0x0000000077630000-0x00000000777BE000-memory.dmp

Filesize
1.6MB

Download
memory/3652-139-0x0000000000000000-mapping.dmp

Download
memory/3652-204-0x0000000077630000-0x00000000777BE000-memory.dmp

Filesize
1.6MB

Download
memory/3960-131-0x0000000000000000-mapping.dmp

Download
memory/4384-368-0x0000000000000000-mapping.dmp

Download