Analysis
-
max time kernel
303s -
max time network
304s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
25-09-2022 08:50
General
-
Target
https://link-target.net/498735/centralhackdwfree
Score
10/10
Malware Config
Extracted
Path
C:\Users\Admin\PCAppStore\nwjs\credits.html
Ransom Note
<!-- Generated by licenses.py; do not edit. --><!doctype html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width">
<meta name="color-scheme" content="light dark">
<title>Credits</title>
<link rel="stylesheet" href="chrome://resources/css/text_defaults.css">
<style>
html {
--google-blue-50: rgb(232, 240, 254);
--google-blue-300: rgb(138, 180, 248);
--google-blue-600: rgb(26, 115, 232);
--google-blue-900: rgb(23, 78, 166);
--google-grey-200: rgb(232, 234, 237);
--google-grey-800: rgb(60, 64, 67);
--google-grey-900: rgb(32, 33, 36);
--interactive-color: var(--google-blue-600);
--primary-color: var(--google-grey-900);
--product-background: var(--google-blue-50);
--product-text-color: var(--google-blue-900);
background: white;
}
@media (prefers-color-scheme: dark) {
html {
--interactive-color: var(--google-blue-300);
--primary-color: var(--google-grey-200);
--product-background: var(--google-grey-800);
--product-text-color: var(--google-grey-200);
background: var(--google-grey-900);
}
}
body {
color: var(--primary-color);
font-size: 84%;
max-width: 1020px;
}
a {
color: var(--interactive-color);
}
.page-title {
font-size: 164%;
font-weight: bold;
}
.product {
background-color: var(--product-background);
color: var(--product-text-color);
border-radius: 5px;
margin-top: 16px;
overflow: auto;
padding: 2px;
}
.product .title {
float: left;
font-size: 110%;
font-weight: bold;
margin: 3px;
}
.product .homepage {
color: var(--interactive-color);
float: right;
margin: 3px;
text-align: right;
}
.product .homepage::before {
content: " - ";
}
.product .show {
color: var(--interactive-color);
float: right;
margin: 3px;
text-align: right;
text-decoration: underline;
}
.licence {
border-radius: 3px;
clear: both;
padding: 16px;
}
.licence h3 {
margin-top: 0;
}
.licence pre {
white-space: pre-wrap;
}
.dialog #print-link,
.dialog .homepage {
display: none;
}
input + label + div {
display: none;
}
input + label::after {
content: "show license";
cursor: pointer;
}
input:checked + label + div {
display: block;
}
input:checked + label::after {
content: "hide license";
cursor: pointer;
}
</style>
</head>
<body>
<span class="page-title" style="float:left;">Credits</span>
<a id="print-link" href="#" style="float:right;" hidden>Print</a>
<div style="clear:both; overflow:auto;"><!-- Chromium <3s the following projects -->
<div class="product">
<span class="title">2-dim General Purpose FFT (Fast Fourier/Cosine/Sine Transform) Package</span>
<span class="homepage"><a href="http://www.kurims.kyoto-u.ac.jp/~ooura/fft.html">homepage</a></span>
<input type="checkbox" hidden id="0">
<label class="show" for="0" tabindex="0"></label>
<div class="licence">
<pre>Copyright(C) 1997,2001 Takuya OOURA (email: ooura@kurims.kyoto-u.ac.jp).
You may use, copy, modify this code for any purpose and
without fee. You may distribute this ORIGINAL package.
</pre>
</div>
</div>
<div class="product">
<span class="title">Abseil</span>
<span class="homepage"><a href="https://github.com/abseil/abseil-cpp">homepage</a></span>
<input type="checkbox" hidden id="1">
<label class="show" for="1" tabindex="0"></label>
<div class="licence">
<pre>
Apache License
Version 2.0, January 2004
https://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
</pre>
</div>
</div>
<div class="product">
<span class="title">Accessibility Audit library, from Accessibility Developer Tools</span>
<span class="homepage"><a href="https://raw.githubusercontent.com/GoogleChrome/accessibility-developer-tools/master/dist/js/axs_testing.js">homepage</a></span>
<input type="checkbox" hidden id="2">
<label class="show" for="2" tabindex="0"></label>
<div class="licence">
<pre>
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or mo
Emails
ooura@kurims.kyoto-u.ac.jp
<jserv@0xlab.org>
<tholo@sigmasoft.com>
<dm@uun.org>
<djm@openbsd.org>
<markus@openbsd.org>
<Todd.Miller@courtesan.com>
<wes@softweyr.com>
<mike@FreeBSD.org>
<kostik@iclub.nsu.ru>
<das@FreeBSD.ORG>
<otto@drijf.net>
<millert@openbsd.org>
<das@FreeBSD.org>
<ed@FreeBSD.org>
<theraven@FreeBSD.org>
<mpi@openbsd.org>
<ajacoutot@openbsd.org>
<deraadt@openbsd.org>
<beck@obtuse.com>
URLs
https://www.apache.org/licenses/
https://www.apache.org/licenses/LICENSE-2.0
http://www.apache.org/licenses/
http://www.apache.org/licenses/LICENSE-2.0
http://code.google.com/p/y2038
http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/getentropy.2
http://mozilla.org/MPL/2.0/
http://www.torchmobile.com/
https://cla.developers.google.com/clas
http://www.openssl.org/)"
https://github.com/mit-plv/fiat-crypto/blob/master/AUTHORS
http://www.opensource.apple.com/apsl/
https://github.com/typetools/jdk
https://github.com/typetools/stubparser
https://github.com/typetools/annotation-tools
https://github.com/plume-lib/
http://www.mozilla.org/MPL/
http://www.apple.com/legal/guidelinesfor3rdparties.html
https://github.com/easylist
https://easylist.to/)"
Signatures
-
ACProtect 1.3x - 1.4x DLL software 4 IoCs
Detects file using ACProtect software.
-
Downloads MZ/PE file
-
Executes dropped EXE 17 IoCs
-
UPX packed file 5 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings 2 TTPs 5 IoCs
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL 63 IoCs
-
Adds Run key to start application 2 TTPs 3 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
NSIS installer 8 IoCs
-
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Enumerates system info in registry 2 TTPs 6 IoCs
-
Modifies registry class 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious use of FindShellTrayWindow 50 IoCs
-
Suspicious use of SendNotifyMessage 28 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" https://link-target.net/498735/centralhackdwfree1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc62cb4f50,0x7ffc62cb4f60,0x7ffc62cb4f702⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1580,9998290960118569526,15675401030221223347,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1664 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1580,9998290960118569526,15675401030221223347,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2024 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1580,9998290960118569526,15675401030221223347,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2308 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1580,9998290960118569526,15675401030221223347,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3064 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1580,9998290960118569526,15675401030221223347,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2964 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1580,9998290960118569526,15675401030221223347,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4640 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1580,9998290960118569526,15675401030221223347,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4496 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1580,9998290960118569526,15675401030221223347,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1580,9998290960118569526,15675401030221223347,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1580,9998290960118569526,15675401030221223347,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5584 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1580,9998290960118569526,15675401030221223347,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5780 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1580,9998290960118569526,15675401030221223347,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5772 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1580,9998290960118569526,15675401030221223347,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5852 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1580,9998290960118569526,15675401030221223347,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5980 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1580,9998290960118569526,15675401030221223347,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1580,9998290960118569526,15675401030221223347,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5844 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1580,9998290960118569526,15675401030221223347,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2176 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1580,9998290960118569526,15675401030221223347,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5972 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1580,9998290960118569526,15675401030221223347,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1580,9998290960118569526,15675401030221223347,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1580,9998290960118569526,15675401030221223347,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2852 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1580,9998290960118569526,15675401030221223347,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=892 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1580,9998290960118569526,15675401030221223347,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=912 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1580,9998290960118569526,15675401030221223347,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6312 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1580,9998290960118569526,15675401030221223347,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4980 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1580,9998290960118569526,15675401030221223347,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2660 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1580,9998290960118569526,15675401030221223347,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6196 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1580,9998290960118569526,15675401030221223347,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6184 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1580,9998290960118569526,15675401030221223347,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6412 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1580,9998290960118569526,15675401030221223347,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2752 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\Downloads\Setup.exe"C:\Users\Admin\Downloads\Setup.exe"2⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" https://pcapp.store/installing.php?guid=4B401A7F-B7C1-4C1C-A9CF-2B1AA260545DX&winver=19041&nocache=20220925105250.4243⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xf8,0x120,0x124,0x11c,0x128,0x7ffc62cb4f50,0x7ffc62cb4f60,0x7ffc62cb4f704⤵
-
C:\Users\Admin\AppData\Local\Temp\nsc9642.tmp"C:\Users\Admin\AppData\Local\Temp\nsc9642.tmp" /internal /force3⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\PCAppStore\PcAppStore.exe"C:\Users\Admin\PCAppStore\PcAppStore.exe" /init default4⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" .\ui\.5⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
-
C:\Users\Admin\PCAppStore\nwjs\NW_store.exeC:\Users\Admin\PCAppStore\nwjs\NW_store.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" /prefetch:7 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" --monitor-self-argument=/prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\pc_app_store\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" --annotation=plat=Win32 --annotation=prod=pc_app_store --annotation=ver=0.1.0 --initial-client-data=0x124,0x110,0x10c,0x258,0x118,0x74c7ebe8,0x74c7ebf8,0x74c7ec046⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\PCAppStore\nwjs\NW_store.exeC:\Users\Admin\PCAppStore\nwjs\NW_store.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" /prefetch:7 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\pc_app_store\User Data\Crashpad" --annotation=plat=Win32 --annotation=prod=pc_app_store --annotation=ver=0.1.0 --initial-client-data=0x1bc,0x1c0,0x1c4,0x198,0x1c8,0xe05608,0xe05618,0xe056247⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=gpu-process --field-trial-handle=1660,12267196030806463338,10881932865010556609,131072 --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1676 /prefetch:26⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1660,12267196030806463338,10881932865010556609,131072 --lang=en-US --service-sandbox-type=network --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=2012 /prefetch:86⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1660,12267196030806463338,10881932865010556609,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=2156 /prefetch:86⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=renderer --no-sandbox --file-url-path-alias="/gen=C:\Users\Admin\PCAppStore\nwjs\gen" --no-zygote --field-trial-handle=1660,12267196030806463338,10881932865010556609,131072 --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --nwjs --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=2424 /prefetch:16⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=renderer --no-sandbox --file-url-path-alias="/gen=C:\Users\Admin\PCAppStore\nwjs\gen" --no-zygote --field-trial-handle=1660,12267196030806463338,10881932865010556609,131072 --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --nwjs --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --mojo-platform-channel-handle=2864 /prefetch:16⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1660,12267196030806463338,10881932865010556609,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=3768 /prefetch:86⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1660,12267196030806463338,10881932865010556609,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=3848 /prefetch:86⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1660,12267196030806463338,10881932865010556609,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=3816 /prefetch:86⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1660,12267196030806463338,10881932865010556609,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=3788 /prefetch:86⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1660,12267196030806463338,10881932865010556609,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=1760 /prefetch:86⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1660,12267196030806463338,10881932865010556609,131072 --lang=en-US --service-sandbox-type=service --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=904 /prefetch:86⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\SCHTASKS.exeSCHTASKS /CREATE /SC HOURLY /MO 18 /TN "PCAppStoreAutoUpdater" /TR "C:\Users\Admin\PCAppStore\AutoUpdater.exe"4⤵
- Creates scheduled task(s)
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1580,9998290960118569526,15675401030221223347,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6404 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1580,9998290960118569526,15675401030221223347,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1508 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1580,9998290960118569526,15675401030221223347,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2132 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1580,9998290960118569526,15675401030221223347,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4536 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1580,9998290960118569526,15675401030221223347,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6676 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1580,9998290960118569526,15675401030221223347,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6652 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1580,9998290960118569526,15675401030221223347,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6592 /prefetch:82⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x150 0x2c81⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850DFilesize
2KB
MD532958182234a80a5b2589418864f6117
SHA1598276140fd27d8931dbe02625e3378ad9085b8d
SHA256a6f4c0928ecef1052acb557bf148d4d06206afaa0d334d30ef676d8b4b89fdb2
SHA51204157e1f291fb8e11e8134fa321d6473ff7ed55c7848170ac9c6db4dd9e42d8303c40746ce56f4112f26c5ea730703ad00fa52fdf57377c81221473210e49dfa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\33487371110C062F82E02782078442F9Filesize
471B
MD5d5818123e44b24d4b641cf69b08f6ef1
SHA1037861dc92162490e16aa596d7a8370a481bd092
SHA256e4022b81f6794df9671be448759b8f12e4eb89585b6dd297e8d1db831fa600e3
SHA5122860f1ee3595270d30837383caf31301ec02c0174159114abfb674caece1a68a32ff16cf640354a80eaa5bb46514b9877b9f0dec59fee432d7a6fbc378a488be
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711EFilesize
1KB
MD50d870ca424457579d4bd345ac1ec6c3c
SHA1fc3d8924e13b4fc5eca7cabd4967eea3d4db1690
SHA256cf9df8d62ec78ca20a50633047af6c913dc2d10f15823795e8d86042c7b05ed0
SHA512a1e731ae03b1a2259f8e1afc86058aabb3b8ce3b0141f08ea18b6c7003c55aeb135d40bba38ebf1f76174eb1ad758fbec10841dee1ed704fb0285e36b2f7d66b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850DFilesize
488B
MD5ee7b46d346d8e302689650b805499646
SHA1c7ae9e2f9af6b9c0d6ae5cbf1d07710a286feba7
SHA256e74efb590e056ade2aaa66dc3546ef4c0d49f0dbed7d05db78ea433821ac8cb7
SHA512016852f1568d7fa62a1c73b366763f0a57374e85bef33c82f05a97a080b152292a25dd427083c347c9554c2f2e6fc54f5bd5655cc43596d3fb72cc59315a7b11
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\33487371110C062F82E02782078442F9Filesize
484B
MD5f53a7679058e18a5f2364e98d4eddfa2
SHA1142410dd1944aea998f8db912ec2d8e1b8ebfcaf
SHA256270fac56079b7c2756e47e3d3323cbe087d112c5b0d6efec48ffb71ed4f2d84e
SHA512a509abd4cddb8a0d438dd9a7365ce05c6a13669b83c7041202ebfe821973053e8ef8432b0112841c72b31767f3f462dd9922fa0937da5c60e634ada0c1400d72
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711EFilesize
482B
MD5466a4f075e363e8f386255880b96ffc1
SHA175c7a38f3ecce5f887e677cbef0397e422c1ddfe
SHA256895242cd038df29a2c5634e48a92439f596407bb8950c341f07a8e16ff85cc54
SHA512e02e64867ed21eaf0d216e54836068ab78aaaefe2e0ad39e7df929c4ab055ec605d7c0d2b2f51f09689d44d104a12a828d3e8b84c2d0d77e81019c363f13ccfd
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.datFilesize
40B
MD5a3a937930c5b01ecd542f094135aa0a4
SHA179234b7656f2a562129f98b27bc0762dc867d7fa
SHA256985145fe40ae859f59ca7f31f100fe1a194f21810f50f5fd26c4c73c25b03ff9
SHA5127fa94881f580973ffe4c6b67b811d47e7c104681b1fb8b36c6754ca0d29e731e89c252a9ea62e1888edf2eb3ffc8aa9f6462ed78f61c9683ddbe0d3f50f7ca41
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\CachesMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
C:\Users\Admin\AppData\Local\Temp\nsc9642.tmpFilesize
92.4MB
MD5777aa32b211380dd6ed1841f9a8d4e29
SHA13f953640460494b8fb64897ce61ee5e2b318de6c
SHA256b2416875d5f34fc9ed8d20bb5eaf554a6f2e86885e30e8b904ddd66d4745d491
SHA512542afc75889df8b843a4963cfdf4e5c44b9e8de2e99d0774c7ba33c65466ce6a7dd7f1a4dbf5f52c3b3a0fc544e9d195608a7a78b82084b09672ad341520b306
-
C:\Users\Admin\AppData\Local\Temp\nsc9642.tmpFilesize
92.4MB
MD5777aa32b211380dd6ed1841f9a8d4e29
SHA13f953640460494b8fb64897ce61ee5e2b318de6c
SHA256b2416875d5f34fc9ed8d20bb5eaf554a6f2e86885e30e8b904ddd66d4745d491
SHA512542afc75889df8b843a4963cfdf4e5c44b9e8de2e99d0774c7ba33c65466ce6a7dd7f1a4dbf5f52c3b3a0fc544e9d195608a7a78b82084b09672ad341520b306
-
C:\Users\Admin\AppData\Local\Temp\nsjE720.tmp\INetC.dllFilesize
21KB
MD592ec4dd8c0ddd8c4305ae1684ab65fb0
SHA1d850013d582a62e502942f0dd282cc0c29c4310e
SHA2565520208a33e6409c129b4ea1270771f741d95afe5b048c2a1e6a2cc2ad829934
SHA512581351aef694f2489e1a0977ebca55c4d7268ca167127cefb217ed0d2098136c7eb433058469449f75be82b8e5d484c9e7b6cf0b32535063709272d7810ec651
-
C:\Users\Admin\AppData\Local\Temp\nsjE720.tmp\INetC.dllFilesize
21KB
MD592ec4dd8c0ddd8c4305ae1684ab65fb0
SHA1d850013d582a62e502942f0dd282cc0c29c4310e
SHA2565520208a33e6409c129b4ea1270771f741d95afe5b048c2a1e6a2cc2ad829934
SHA512581351aef694f2489e1a0977ebca55c4d7268ca167127cefb217ed0d2098136c7eb433058469449f75be82b8e5d484c9e7b6cf0b32535063709272d7810ec651
-
C:\Users\Admin\AppData\Local\Temp\nsjE720.tmp\INetC.dllFilesize
21KB
MD592ec4dd8c0ddd8c4305ae1684ab65fb0
SHA1d850013d582a62e502942f0dd282cc0c29c4310e
SHA2565520208a33e6409c129b4ea1270771f741d95afe5b048c2a1e6a2cc2ad829934
SHA512581351aef694f2489e1a0977ebca55c4d7268ca167127cefb217ed0d2098136c7eb433058469449f75be82b8e5d484c9e7b6cf0b32535063709272d7810ec651
-
C:\Users\Admin\AppData\Local\Temp\nsjE720.tmp\INetC.dllFilesize
21KB
MD592ec4dd8c0ddd8c4305ae1684ab65fb0
SHA1d850013d582a62e502942f0dd282cc0c29c4310e
SHA2565520208a33e6409c129b4ea1270771f741d95afe5b048c2a1e6a2cc2ad829934
SHA512581351aef694f2489e1a0977ebca55c4d7268ca167127cefb217ed0d2098136c7eb433058469449f75be82b8e5d484c9e7b6cf0b32535063709272d7810ec651
-
C:\Users\Admin\AppData\Local\Temp\nsjE720.tmp\KillProc.dllFilesize
24KB
MD56c2b245e89428fb917a5805815a4054e
SHA15bcd987700dd761f02d2d1d024b8f20077985051
SHA2560558bbdfe61eefb680e8560a7d4b174447a9516098f9cd8b4c84bf1552cee5c5
SHA512ecb3fb77532d6ffa1ca08df05a6a86b18138356e63cb40edf68f97fc7fdf2e781a4ebeb1efdb9f13f947304312dd19ef5c4a78ddc60843f5f726cde69b2c57d4
-
C:\Users\Admin\AppData\Local\Temp\nsjE720.tmp\KillProc.dllFilesize
24KB
MD56c2b245e89428fb917a5805815a4054e
SHA15bcd987700dd761f02d2d1d024b8f20077985051
SHA2560558bbdfe61eefb680e8560a7d4b174447a9516098f9cd8b4c84bf1552cee5c5
SHA512ecb3fb77532d6ffa1ca08df05a6a86b18138356e63cb40edf68f97fc7fdf2e781a4ebeb1efdb9f13f947304312dd19ef5c4a78ddc60843f5f726cde69b2c57d4
-
C:\Users\Admin\AppData\Local\Temp\nsjE720.tmp\KillProc.dllFilesize
24KB
MD56c2b245e89428fb917a5805815a4054e
SHA15bcd987700dd761f02d2d1d024b8f20077985051
SHA2560558bbdfe61eefb680e8560a7d4b174447a9516098f9cd8b4c84bf1552cee5c5
SHA512ecb3fb77532d6ffa1ca08df05a6a86b18138356e63cb40edf68f97fc7fdf2e781a4ebeb1efdb9f13f947304312dd19ef5c4a78ddc60843f5f726cde69b2c57d4
-
C:\Users\Admin\AppData\Local\Temp\nsjE720.tmp\KillProc.dllFilesize
24KB
MD56c2b245e89428fb917a5805815a4054e
SHA15bcd987700dd761f02d2d1d024b8f20077985051
SHA2560558bbdfe61eefb680e8560a7d4b174447a9516098f9cd8b4c84bf1552cee5c5
SHA512ecb3fb77532d6ffa1ca08df05a6a86b18138356e63cb40edf68f97fc7fdf2e781a4ebeb1efdb9f13f947304312dd19ef5c4a78ddc60843f5f726cde69b2c57d4
-
C:\Users\Admin\AppData\Local\Temp\nsjE720.tmp\System.dllFilesize
11KB
MD5fccff8cb7a1067e23fd2e2b63971a8e1
SHA130e2a9e137c1223a78a0f7b0bf96a1c361976d91
SHA2566fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e
SHA512f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c
-
C:\Users\Admin\AppData\Local\Temp\nsvD4A6.tmp\INetC.dllFilesize
21KB
MD592ec4dd8c0ddd8c4305ae1684ab65fb0
SHA1d850013d582a62e502942f0dd282cc0c29c4310e
SHA2565520208a33e6409c129b4ea1270771f741d95afe5b048c2a1e6a2cc2ad829934
SHA512581351aef694f2489e1a0977ebca55c4d7268ca167127cefb217ed0d2098136c7eb433058469449f75be82b8e5d484c9e7b6cf0b32535063709272d7810ec651
-
C:\Users\Admin\AppData\Local\Temp\nsvD4A6.tmp\INetC.dllFilesize
21KB
MD592ec4dd8c0ddd8c4305ae1684ab65fb0
SHA1d850013d582a62e502942f0dd282cc0c29c4310e
SHA2565520208a33e6409c129b4ea1270771f741d95afe5b048c2a1e6a2cc2ad829934
SHA512581351aef694f2489e1a0977ebca55c4d7268ca167127cefb217ed0d2098136c7eb433058469449f75be82b8e5d484c9e7b6cf0b32535063709272d7810ec651
-
C:\Users\Admin\AppData\Local\Temp\nsvD4A6.tmp\INetC.dllFilesize
21KB
MD592ec4dd8c0ddd8c4305ae1684ab65fb0
SHA1d850013d582a62e502942f0dd282cc0c29c4310e
SHA2565520208a33e6409c129b4ea1270771f741d95afe5b048c2a1e6a2cc2ad829934
SHA512581351aef694f2489e1a0977ebca55c4d7268ca167127cefb217ed0d2098136c7eb433058469449f75be82b8e5d484c9e7b6cf0b32535063709272d7810ec651
-
C:\Users\Admin\AppData\Local\Temp\nsvD4A6.tmp\INetC.dllFilesize
21KB
MD592ec4dd8c0ddd8c4305ae1684ab65fb0
SHA1d850013d582a62e502942f0dd282cc0c29c4310e
SHA2565520208a33e6409c129b4ea1270771f741d95afe5b048c2a1e6a2cc2ad829934
SHA512581351aef694f2489e1a0977ebca55c4d7268ca167127cefb217ed0d2098136c7eb433058469449f75be82b8e5d484c9e7b6cf0b32535063709272d7810ec651
-
C:\Users\Admin\AppData\Local\Temp\nsvD4A6.tmp\System.dllFilesize
11KB
MD5fccff8cb7a1067e23fd2e2b63971a8e1
SHA130e2a9e137c1223a78a0f7b0bf96a1c361976d91
SHA2566fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e
SHA512f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c
-
C:\Users\Admin\AppData\Local\Temp\nsvD4A6.tmp\nsDialogs.dllFilesize
9KB
MD51c8b2b40c642e8b5a5b3ff102796fb37
SHA13245f55afac50f775eb53fd6d14abb7fe523393d
SHA2568780095aa2f49725388cddf00d79a74e85c9c4863b366f55c39c606a5fb8440c
SHA5124ff2dc83f640933162ec8818bb1bf3b3be1183264750946a3d949d2e7068ee606277b6c840193ef2b4663952387f07f6ab12c84c4a11cae9a8de7bd4e7971c57
-
C:\Users\Admin\AppData\Local\Temp\temp_eventMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
C:\Users\Admin\Downloads\Setup.exeFilesize
122KB
MD5830725fdb9974c80c884bd208c9a9e61
SHA1155fa61187f36230905d177632f721fffe01e4b8
SHA25631cccd7f8e7db26c12f522c0f1519ffa459fdd0120e4911c03fb2fcf2432ca00
SHA51217ef9cb7d5ec82b3d079531b1879e5425e44d3ea6cb1d0727ba91da0321ebe8e2be3333422e3ac4dc50b258f979b19654ac5b53d32f4b3b746a3883718e2df70
-
C:\Users\Admin\Downloads\Setup.exeFilesize
122KB
MD5830725fdb9974c80c884bd208c9a9e61
SHA1155fa61187f36230905d177632f721fffe01e4b8
SHA25631cccd7f8e7db26c12f522c0f1519ffa459fdd0120e4911c03fb2fcf2432ca00
SHA51217ef9cb7d5ec82b3d079531b1879e5425e44d3ea6cb1d0727ba91da0321ebe8e2be3333422e3ac4dc50b258f979b19654ac5b53d32f4b3b746a3883718e2df70
-
\??\pipe\crashpad_4772_EEFYKXXGHKXENIIGMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/32-179-0x0000000000000000-mapping.dmp
-
memory/740-181-0x0000000000000000-mapping.dmp
-
memory/916-184-0x0000000000000000-mapping.dmp
-
memory/1396-171-0x0000000000000000-mapping.dmp
-
memory/1408-178-0x0000000000000000-mapping.dmp
-
memory/1508-182-0x0000000000000000-mapping.dmp
-
memory/1844-173-0x00000000032E0000-0x00000000032F4000-memory.dmpFilesize
80KB
-
memory/1844-165-0x00000000032E0000-0x00000000032F4000-memory.dmpFilesize
80KB
-
memory/1844-167-0x00000000032E0000-0x00000000032F4000-memory.dmpFilesize
80KB
-
memory/1844-158-0x00000000032E0000-0x00000000032F4000-memory.dmpFilesize
80KB
-
memory/1844-166-0x00000000032E0000-0x00000000032F4000-memory.dmpFilesize
80KB
-
memory/1844-143-0x0000000000000000-mapping.dmp
-
memory/1844-159-0x00000000032E0000-0x00000000032F4000-memory.dmpFilesize
80KB
-
memory/1844-174-0x00000000032E0000-0x00000000032F4000-memory.dmpFilesize
80KB
-
memory/1844-162-0x00000000032E0000-0x00000000032F4000-memory.dmpFilesize
80KB
-
memory/1844-163-0x00000000032E0000-0x00000000032F4000-memory.dmpFilesize
80KB
-
memory/1844-168-0x00000000032E0000-0x00000000032F4000-memory.dmpFilesize
80KB
-
memory/2364-172-0x0000000000000000-mapping.dmp
-
memory/3084-183-0x0000000000000000-mapping.dmp
-
memory/3300-176-0x0000000000000000-mapping.dmp
-
memory/3620-175-0x0000000000000000-mapping.dmp
-
memory/3760-134-0x0000000000000000-mapping.dmp
-
memory/4552-180-0x0000000000000000-mapping.dmp
-
memory/5036-177-0x0000000000000000-mapping.dmp
-
memory/5708-185-0x0000000000000000-mapping.dmp
-
memory/5720-186-0x0000000000000000-mapping.dmp
-
memory/5832-187-0x0000000000000000-mapping.dmp
-
memory/5928-188-0x0000000000000000-mapping.dmp