Analysis
-
max time kernel
294s -
max time network
302s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
25-09-2022 08:50
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://link-target.net/498735/centralhackdwfree
Resource
win10v2004-20220812-en
General
-
Target
https://link-target.net/498735/centralhackdwfree
Malware Config
Extracted
C:\Users\Admin\PCAppStore\nwjs\credits.html
ooura@kurims.kyoto-u.ac.jp
<jserv@0xlab.org>
<tholo@sigmasoft.com>
<dm@uun.org>
<djm@openbsd.org>
<markus@openbsd.org>
<Todd.Miller@courtesan.com>
<wes@softweyr.com>
<mike@FreeBSD.org>
<kostik@iclub.nsu.ru>
<das@FreeBSD.ORG>
<otto@drijf.net>
<millert@openbsd.org>
<das@FreeBSD.org>
<ed@FreeBSD.org>
<theraven@FreeBSD.org>
<mpi@openbsd.org>
<ajacoutot@openbsd.org>
<deraadt@openbsd.org>
<beck@obtuse.com>
<provos@physnet.uni-hamburg.de>
victoria.zhislina@intel.com
openssl-core@openssl.org
eay@cryptsoft.com
tjh@cryptsoft.com
eay@cryptsoft.com)"
tjh@cryptsoft.com)"
john.boyer@abilitiessoft.com
<daniel@haxx.se>
lionel.ulmer@free.fr
bbrox@bbrox.org
<rob@ti.com>
<mans@mansr.com>
nbabic@mips.com
socovaj@mips.com
zoranl@mips.com
bojan@mips.com
<christophe.gisquet@gmail.com>
<skal@planet-d.net>
<astrange@ithinksw.com>
<pross@xvid.org>
<peter@elecard.net.ru>
<walken@zoy.org>
michaelni@gmx.at
bvasic@mips.com
darko@mips.com
djordje@mips.com
goran@mips.com
mvulin@mips.com
freetype@nongnu.org
freetype-devel@nongnu.org
breese@users.sourceforge.net
Gary.Pennington@uk.sun.com
<breese@users.sourceforge.net>
jloup@gzip.org
madler@alumni.caltech.edu
<breadbox@muppetlabs.com>
pommier@modartt.com
<clee@freedesktop.org>
<marineau@genie.uottawa.ca>
<Holger.Veit@gmd.de>
<bence.nagy@gmail.com>
bataak@gmail.com
rezende@ic.unicamp.br
jj@di.uminho.pt
c-tsai4@uiuc.edu
<info@bnoordhuis.nl>
<provos@citi.umich.edu>
<dugsong@monkey.org>
<mike@datanerds.net>
<maxim.yegorushkin@gmail.com>
<saari@netscape.com>
<cls@lubutu.com>
<dev@frign.de>
<iano@quirkster.com>
<jamey@minilop.net>
<josh@freedesktop.org>
<doomster@knuut.de>
<libzip@nih.at>
"newlib@sourceware.org"
nicolas.roussel@inria.fr
hello@blakeembrey.com
<mjg@redhat.com>
https://www.apache.org/licenses/
https://www.apache.org/licenses/LICENSE-2.0
http://www.apache.org/licenses/
http://www.apache.org/licenses/LICENSE-2.0
http://code.google.com/p/y2038
http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/getentropy.2
http://mozilla.org/MPL/2.0/
http://www.torchmobile.com/
https://cla.developers.google.com/clas
http://www.openssl.org/)"
https://github.com/mit-plv/fiat-crypto/blob/master/AUTHORS
http://www.opensource.apple.com/apsl/
https://github.com/typetools/jdk
https://github.com/typetools/stubparser
https://github.com/typetools/annotation-tools
https://github.com/plume-lib/
http://www.mozilla.org/MPL/
http://www.apple.com/legal/guidelinesfor3rdparties.html
https://github.com/easylist
https://easylist.to/)"
https://creativecommons.org/compatiblelicenses
https://creativecommons.org/
http://developer.intel.com/vtune/cbts/strmsimd/922down.htm
http://skal.planet-d.net/coding/dct.html
http://developer.intel.com/vtune/cbts/strmsimd/appnotes.htm
http://www.elecard.com/peter/idct.html
http://www.linuxvideo.org/mpeg2dec/
http://source.android.com/
http://source.android.com/compatibility
http://www.opensource.org/licenses/bsd-license.php
https://www.freetype.org
http://www.mozilla.org/MPL/2.0/
http://www.mozilla.org/MPL/2.0/FAQ.html
http://freetype.sourceforge.net/license.html
http://www.freetype.org
http://source.icu-project.org/repos/icu/icu/trunk/license.html
http://icu-project.org/userguide/icufaq.html
http://www.unicode.org/copyright.html
http://www.unicode.org/Public/
http://www.unicode.org/reports/
http://www.unicode.org/cldr/data/
http://jquery.com/
https://github.com/jquery/jquery/blob/master/MIT-LICENSE.txt
https://github.com/jquery/sizzle/blob/master/LICENSE
http://ctrio.sourceforge.net/
http://www.cisl.ucar.edu/css/software/fftpack5/ftpk.html
http://www.opensource.org/licenses/mit-license.php
http://www.tex-tipografia.com/spanish_hyphen.html
https://opensource.org/licenses/BSD-3-Clause
https://www.unicode.org/copyright.html
http://opensource.org/licenses/bsd-license.php
https://sourceforge.net/project/?group_id=1519
http://chasen.aist-nara.ac.jp/chasen/distribution.html
http://casper.beckman.uiuc.edu/~c-tsai4
https://github.com/veer66/lao-dictionary
https://github.com/veer66/lao-dictionary/blob/master/Lao-Dictionary.txt
https://github.com/veer66/lao-dictionary/blob/master/Lao-Dictionary-LICENSE.txt
https://github.com/joyent/node
http_parser.c
http://code.google.com/p/lao-dictionary/
http://lao-dictionary.googlecode.com/git/Lao-Dictionary.txt
http://lao-dictionary.googlecode.com/git/Lao-Dictionary-LICENSE.txt
http://nodejs.org/
https://registry.npmjs.org
https://www.npmjs.com
https://joyent.com
https://nodejs.org
https://jelloween.deviantart.com
https://github.com/chjj/
https://jquery.org/
http://oss.sgi.com/projects/FreeB/
https://www.khronos.org/registry/
https://llvm.org/docs/DeveloperPolicy.html#legacy
http://llvm.org
http://www.unicode.org/Public/zipped/9.0.0/UCD.zip
http://modp.com/release/base64
http://sourceware.org/newlib/docs.html
http://sourceware.org/ml/newlib/
https://datatracker.ietf.org/ipr/1524/
https://datatracker.ietf.org/ipr/1914/
https://datatracker.ietf.org/ipr/1526/
https://creativecommons.org/licenses/by/3.0/
https://sites.google.com/site/gaviotachessengine/Home/endgame-tablebases-1
http://www.ploscompbiol.org/static/license
http://www.gutenberg.org/ebooks/53
http://www.suitable.com
http://www.nongnu.org/freebangfont/downloads.html#mukti
https://dejavu-fonts.github.io/Download.html">homepage</a></span>
http://scripts.sil.org/OFL
https://code.google.com/p/sctp-refimpl/source/browse/trunk/COPYRIGHT
http://cgit.freedesktop.org/xorg/xserver/tree/COPYING
http://src.chromium.org/viewvc/chrome/trunk/deps/third_party/xz/COPYING
Signatures
-
ACProtect 1.3x - 1.4x DLL software 5 IoCs
Detects file using ACProtect software.
Processes:
resource yara_rule C:\Users\Admin\AppData\Local\Temp\nseC09D.tmp\KillProc.dll acprotect C:\Users\Admin\AppData\Local\Temp\nseC09D.tmp\KillProc.dll acprotect behavioral1/memory/3724-158-0x00000000032F0000-0x0000000003304000-memory.dmp acprotect C:\Users\Admin\AppData\Local\Temp\nseC09D.tmp\KillProc.dll acprotect C:\Users\Admin\AppData\Local\Temp\nseC09D.tmp\KillProc.dll acprotect -
Downloads MZ/PE file
-
Executes dropped EXE 18 IoCs
Processes:
Setup.exensh5783.tmpPcAppStore.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exepid process 3560 Setup.exe 3724 nsh5783.tmp 3908 PcAppStore.exe 2340 NW_store.exe 2900 NW_store.exe 548 NW_store.exe 2356 NW_store.exe 4912 NW_store.exe 3560 NW_store.exe 3972 NW_store.exe 64 NW_store.exe 4612 NW_store.exe 1000 NW_store.exe 3228 NW_store.exe 180 NW_store.exe 4792 NW_store.exe 4612 NW_store.exe 5048 NW_store.exe -
Processes:
resource yara_rule C:\Users\Admin\AppData\Local\Temp\nseC09D.tmp\KillProc.dll upx C:\Users\Admin\AppData\Local\Temp\nseC09D.tmp\KillProc.dll upx behavioral1/memory/3724-158-0x00000000032F0000-0x0000000003304000-memory.dmp upx C:\Users\Admin\AppData\Local\Temp\nseC09D.tmp\KillProc.dll upx C:\Users\Admin\AppData\Local\Temp\nseC09D.tmp\KillProc.dll upx -
Checks computer location settings 2 TTPs 5 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
PcAppStore.exeNW_store.exeNW_store.exeNW_store.exeSetup.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation PcAppStore.exe Key value queried \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation NW_store.exe Key value queried \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation NW_store.exe Key value queried \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation NW_store.exe Key value queried \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation Setup.exe -
Loads dropped DLL 64 IoCs
Processes:
Setup.exensh5783.tmpNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exepid process 3560 Setup.exe 3560 Setup.exe 3560 Setup.exe 3560 Setup.exe 3560 Setup.exe 3560 Setup.exe 3724 nsh5783.tmp 3724 nsh5783.tmp 3724 nsh5783.tmp 3724 nsh5783.tmp 3724 nsh5783.tmp 3724 nsh5783.tmp 3724 nsh5783.tmp 3724 nsh5783.tmp 3724 nsh5783.tmp 3724 nsh5783.tmp 3724 nsh5783.tmp 3724 nsh5783.tmp 3724 nsh5783.tmp 3724 nsh5783.tmp 3724 nsh5783.tmp 2340 NW_store.exe 2340 NW_store.exe 2340 NW_store.exe 2900 NW_store.exe 548 NW_store.exe 2356 NW_store.exe 2356 NW_store.exe 2356 NW_store.exe 3560 NW_store.exe 4912 NW_store.exe 4912 NW_store.exe 4912 NW_store.exe 3560 NW_store.exe 3560 NW_store.exe 3972 NW_store.exe 3972 NW_store.exe 3972 NW_store.exe 3972 NW_store.exe 2356 NW_store.exe 2356 NW_store.exe 2356 NW_store.exe 64 NW_store.exe 64 NW_store.exe 64 NW_store.exe 64 NW_store.exe 4612 NW_store.exe 4612 NW_store.exe 4612 NW_store.exe 1000 NW_store.exe 1000 NW_store.exe 1000 NW_store.exe 3228 NW_store.exe 3228 NW_store.exe 3228 NW_store.exe 180 NW_store.exe 180 NW_store.exe 180 NW_store.exe 4792 NW_store.exe 4792 NW_store.exe 4792 NW_store.exe 4612 NW_store.exe 4612 NW_store.exe 4612 NW_store.exe -
Adds Run key to start application 2 TTPs 3 IoCs
Processes:
nsh5783.tmpdescription ioc process Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Windows\CurrentVersion\Run nsh5783.tmp Set value (str) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PCApp = "\"C:\\Users\\Admin\\PCAppStore\\PcAppStore.exe\" /init default" nsh5783.tmp Set value (str) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PCAppStoreAutoUpdater = "\"C:\\Users\\Admin\\PCAppStore\\AutoUpdater.exe\"" nsh5783.tmp -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
NSIS installer 8 IoCs
Processes:
resource yara_rule C:\Users\Admin\Downloads\Setup.exe nsis_installer_1 C:\Users\Admin\Downloads\Setup.exe nsis_installer_2 C:\Users\Admin\Downloads\Setup.exe nsis_installer_1 C:\Users\Admin\Downloads\Setup.exe nsis_installer_2 C:\Users\Admin\AppData\Local\Temp\nsh5783.tmp nsis_installer_1 C:\Users\Admin\AppData\Local\Temp\nsh5783.tmp nsis_installer_2 C:\Users\Admin\AppData\Local\Temp\nsh5783.tmp nsis_installer_1 C:\Users\Admin\AppData\Local\Temp\nsh5783.tmp nsis_installer_2 -
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Enumerates system info in registry 2 TTPs 6 IoCs
Processes:
NW_store.exechrome.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer NW_store.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName NW_store.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS NW_store.exe -
Modifies registry class 2 IoCs
Processes:
chrome.exeNW_store.exedescription ioc process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2891029575-1462575-1165213807-1000\{17AA910E-C9B9-476F-9B08-957335109D73} chrome.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2891029575-1462575-1165213807-1000\{0C03AF4D-1A6A-4FC2-A9A4-9BCCDAC5EE9B} NW_store.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
chrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exeSetup.exechrome.exechrome.exensh5783.tmpPcAppStore.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exepid process 2896 chrome.exe 2896 chrome.exe 4072 chrome.exe 4072 chrome.exe 1008 chrome.exe 1008 chrome.exe 3924 chrome.exe 3924 chrome.exe 456 chrome.exe 456 chrome.exe 1544 chrome.exe 1544 chrome.exe 3104 chrome.exe 3104 chrome.exe 3560 Setup.exe 3560 Setup.exe 3560 Setup.exe 3560 Setup.exe 3560 Setup.exe 3560 Setup.exe 3560 Setup.exe 3560 Setup.exe 4300 chrome.exe 4300 chrome.exe 1828 chrome.exe 1828 chrome.exe 1828 chrome.exe 1828 chrome.exe 3724 nsh5783.tmp 3724 nsh5783.tmp 3724 nsh5783.tmp 3724 nsh5783.tmp 3724 nsh5783.tmp 3724 nsh5783.tmp 3724 nsh5783.tmp 3724 nsh5783.tmp 3724 nsh5783.tmp 3724 nsh5783.tmp 3908 PcAppStore.exe 3908 PcAppStore.exe 2356 NW_store.exe 2356 NW_store.exe 4912 NW_store.exe 4912 NW_store.exe 3560 NW_store.exe 3560 NW_store.exe 2340 NW_store.exe 2340 NW_store.exe 3972 NW_store.exe 3972 NW_store.exe 64 NW_store.exe 64 NW_store.exe 4612 NW_store.exe 4612 NW_store.exe 1000 NW_store.exe 1000 NW_store.exe 3228 NW_store.exe 3228 NW_store.exe 180 NW_store.exe 180 NW_store.exe 4792 NW_store.exe 4792 NW_store.exe 4612 NW_store.exe 4612 NW_store.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs
Processes:
chrome.exepid process 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
AUDIODG.EXEdescription pid process Token: 33 440 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 440 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 49 IoCs
Processes:
chrome.exePcAppStore.exeNW_store.exepid process 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 3908 PcAppStore.exe 3908 PcAppStore.exe 3908 PcAppStore.exe 2340 NW_store.exe 2340 NW_store.exe 2340 NW_store.exe 2340 NW_store.exe 2340 NW_store.exe 2340 NW_store.exe 2340 NW_store.exe 2340 NW_store.exe 2340 NW_store.exe 2340 NW_store.exe 2340 NW_store.exe 2340 NW_store.exe -
Suspicious use of SendNotifyMessage 27 IoCs
Processes:
chrome.exePcAppStore.exepid process 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 3908 PcAppStore.exe 3908 PcAppStore.exe 3908 PcAppStore.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 4072 wrote to memory of 2004 4072 chrome.exe chrome.exe PID 4072 wrote to memory of 2004 4072 chrome.exe chrome.exe PID 4072 wrote to memory of 2940 4072 chrome.exe chrome.exe PID 4072 wrote to memory of 2940 4072 chrome.exe chrome.exe PID 4072 wrote to memory of 2940 4072 chrome.exe chrome.exe PID 4072 wrote to memory of 2940 4072 chrome.exe chrome.exe PID 4072 wrote to memory of 2940 4072 chrome.exe chrome.exe PID 4072 wrote to memory of 2940 4072 chrome.exe chrome.exe PID 4072 wrote to memory of 2940 4072 chrome.exe chrome.exe PID 4072 wrote to memory of 2940 4072 chrome.exe chrome.exe PID 4072 wrote to memory of 2940 4072 chrome.exe chrome.exe PID 4072 wrote to memory of 2940 4072 chrome.exe chrome.exe PID 4072 wrote to memory of 2940 4072 chrome.exe chrome.exe PID 4072 wrote to memory of 2940 4072 chrome.exe chrome.exe PID 4072 wrote to memory of 2940 4072 chrome.exe chrome.exe PID 4072 wrote to memory of 2940 4072 chrome.exe chrome.exe PID 4072 wrote to memory of 2940 4072 chrome.exe chrome.exe PID 4072 wrote to memory of 2940 4072 chrome.exe chrome.exe PID 4072 wrote to memory of 2940 4072 chrome.exe chrome.exe PID 4072 wrote to memory of 2940 4072 chrome.exe chrome.exe PID 4072 wrote to memory of 2940 4072 chrome.exe chrome.exe PID 4072 wrote to memory of 2940 4072 chrome.exe chrome.exe PID 4072 wrote to memory of 2940 4072 chrome.exe chrome.exe PID 4072 wrote to memory of 2940 4072 chrome.exe chrome.exe PID 4072 wrote to memory of 2940 4072 chrome.exe chrome.exe PID 4072 wrote to memory of 2940 4072 chrome.exe chrome.exe PID 4072 wrote to memory of 2940 4072 chrome.exe chrome.exe PID 4072 wrote to memory of 2940 4072 chrome.exe chrome.exe PID 4072 wrote to memory of 2940 4072 chrome.exe chrome.exe PID 4072 wrote to memory of 2940 4072 chrome.exe chrome.exe PID 4072 wrote to memory of 2940 4072 chrome.exe chrome.exe PID 4072 wrote to memory of 2940 4072 chrome.exe chrome.exe PID 4072 wrote to memory of 2940 4072 chrome.exe chrome.exe PID 4072 wrote to memory of 2940 4072 chrome.exe chrome.exe PID 4072 wrote to memory of 2940 4072 chrome.exe chrome.exe PID 4072 wrote to memory of 2940 4072 chrome.exe chrome.exe PID 4072 wrote to memory of 2940 4072 chrome.exe chrome.exe PID 4072 wrote to memory of 2940 4072 chrome.exe chrome.exe PID 4072 wrote to memory of 2940 4072 chrome.exe chrome.exe PID 4072 wrote to memory of 2940 4072 chrome.exe chrome.exe PID 4072 wrote to memory of 2940 4072 chrome.exe chrome.exe PID 4072 wrote to memory of 2940 4072 chrome.exe chrome.exe PID 4072 wrote to memory of 2896 4072 chrome.exe chrome.exe PID 4072 wrote to memory of 2896 4072 chrome.exe chrome.exe PID 4072 wrote to memory of 3132 4072 chrome.exe chrome.exe PID 4072 wrote to memory of 3132 4072 chrome.exe chrome.exe PID 4072 wrote to memory of 3132 4072 chrome.exe chrome.exe PID 4072 wrote to memory of 3132 4072 chrome.exe chrome.exe PID 4072 wrote to memory of 3132 4072 chrome.exe chrome.exe PID 4072 wrote to memory of 3132 4072 chrome.exe chrome.exe PID 4072 wrote to memory of 3132 4072 chrome.exe chrome.exe PID 4072 wrote to memory of 3132 4072 chrome.exe chrome.exe PID 4072 wrote to memory of 3132 4072 chrome.exe chrome.exe PID 4072 wrote to memory of 3132 4072 chrome.exe chrome.exe PID 4072 wrote to memory of 3132 4072 chrome.exe chrome.exe PID 4072 wrote to memory of 3132 4072 chrome.exe chrome.exe PID 4072 wrote to memory of 3132 4072 chrome.exe chrome.exe PID 4072 wrote to memory of 3132 4072 chrome.exe chrome.exe PID 4072 wrote to memory of 3132 4072 chrome.exe chrome.exe PID 4072 wrote to memory of 3132 4072 chrome.exe chrome.exe PID 4072 wrote to memory of 3132 4072 chrome.exe chrome.exe PID 4072 wrote to memory of 3132 4072 chrome.exe chrome.exe PID 4072 wrote to memory of 3132 4072 chrome.exe chrome.exe PID 4072 wrote to memory of 3132 4072 chrome.exe chrome.exe
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" https://link-target.net/498735/centralhackdwfree1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbd7124f50,0x7ffbd7124f60,0x7ffbd7124f702⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1636,14143706099743688116,18375310256793484671,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1656 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1636,14143706099743688116,18375310256793484671,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2012 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1636,14143706099743688116,18375310256793484671,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2348 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1636,14143706099743688116,18375310256793484671,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2936 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1636,14143706099743688116,18375310256793484671,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2956 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1636,14143706099743688116,18375310256793484671,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4300 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1636,14143706099743688116,18375310256793484671,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4280 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1636,14143706099743688116,18375310256793484671,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1636,14143706099743688116,18375310256793484671,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1636,14143706099743688116,18375310256793484671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1636,14143706099743688116,18375310256793484671,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5932 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1636,14143706099743688116,18375310256793484671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6032 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1636,14143706099743688116,18375310256793484671,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5508 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1636,14143706099743688116,18375310256793484671,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5500 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1636,14143706099743688116,18375310256793484671,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5316 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1636,14143706099743688116,18375310256793484671,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1636,14143706099743688116,18375310256793484671,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2116 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1636,14143706099743688116,18375310256793484671,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2360 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1636,14143706099743688116,18375310256793484671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6028 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1636,14143706099743688116,18375310256793484671,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2596 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1636,14143706099743688116,18375310256793484671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1636,14143706099743688116,18375310256793484671,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=812 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1636,14143706099743688116,18375310256793484671,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6208 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1636,14143706099743688116,18375310256793484671,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6188 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1636,14143706099743688116,18375310256793484671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1636,14143706099743688116,18375310256793484671,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6244 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1636,14143706099743688116,18375310256793484671,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5336 /prefetch:82⤵
-
C:\Users\Admin\Downloads\Setup.exe"C:\Users\Admin\Downloads\Setup.exe"2⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" https://pcapp.store/installing.php?guid=9BE0BF4D-F8DB-4AF4-BE85-DC38433C9501X&winver=19041&nocache=20220925105230.3863⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0x100,0x104,0xf8,0xfc,0x128,0x7ffbd7124f50,0x7ffbd7124f60,0x7ffbd7124f704⤵
-
C:\Users\Admin\AppData\Local\Temp\nsh5783.tmp"C:\Users\Admin\AppData\Local\Temp\nsh5783.tmp" /internal /force3⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\PCAppStore\PcAppStore.exe"C:\Users\Admin\PCAppStore\PcAppStore.exe" /init default4⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" .\ui\.5⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
-
C:\Users\Admin\PCAppStore\nwjs\NW_store.exeC:\Users\Admin\PCAppStore\nwjs\NW_store.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" /prefetch:7 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" --monitor-self-argument=/prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\pc_app_store\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" --annotation=plat=Win32 --annotation=prod=pc_app_store --annotation=ver=0.1.0 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x74c9ebe8,0x74c9ebf8,0x74c9ec046⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\PCAppStore\nwjs\NW_store.exeC:\Users\Admin\PCAppStore\nwjs\NW_store.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" /prefetch:7 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\pc_app_store\User Data\Crashpad" --annotation=plat=Win32 --annotation=prod=pc_app_store --annotation=ver=0.1.0 --initial-client-data=0x1ac,0x1b0,0x1b4,0x188,0x1c0,0x3a5608,0x3a5618,0x3a56247⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=gpu-process --field-trial-handle=1376,10813327951700973138,2886254856743644760,131072 --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 /prefetch:26⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1376,10813327951700973138,2886254856743644760,131072 --lang=en-US --service-sandbox-type=network --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=1916 /prefetch:86⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1376,10813327951700973138,2886254856743644760,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=2248 /prefetch:86⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=renderer --no-sandbox --file-url-path-alias="/gen=C:\Users\Admin\PCAppStore\nwjs\gen" --no-zygote --field-trial-handle=1376,10813327951700973138,2886254856743644760,131072 --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --nwjs --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=2572 /prefetch:16⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=renderer --no-sandbox --file-url-path-alias="/gen=C:\Users\Admin\PCAppStore\nwjs\gen" --no-zygote --field-trial-handle=1376,10813327951700973138,2886254856743644760,131072 --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --nwjs --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --mojo-platform-channel-handle=2760 /prefetch:16⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1376,10813327951700973138,2886254856743644760,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=3664 /prefetch:86⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1376,10813327951700973138,2886254856743644760,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=3736 /prefetch:86⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1376,10813327951700973138,2886254856743644760,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=3744 /prefetch:86⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1376,10813327951700973138,2886254856743644760,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=3940 /prefetch:86⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1376,10813327951700973138,2886254856743644760,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=3416 /prefetch:86⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1376,10813327951700973138,2886254856743644760,131072 --lang=en-US --service-sandbox-type=service --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=1660 /prefetch:86⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=gpu-process --field-trial-handle=1376,10813327951700973138,2886254856743644760,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:26⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\SCHTASKS.exeSCHTASKS /CREATE /SC HOURLY /MO 18 /TN "PCAppStoreAutoUpdater" /TR "C:\Users\Admin\PCAppStore\AutoUpdater.exe"4⤵
- Creates scheduled task(s)
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1636,14143706099743688116,18375310256793484671,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2352 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1636,14143706099743688116,18375310256793484671,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1636,14143706099743688116,18375310256793484671,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4588 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1636,14143706099743688116,18375310256793484671,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1636,14143706099743688116,18375310256793484671,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1636,14143706099743688116,18375310256793484671,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3472 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1636,14143706099743688116,18375310256793484671,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3044 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1636,14143706099743688116,18375310256793484671,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4344 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1636,14143706099743688116,18375310256793484671,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5240 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1636,14143706099743688116,18375310256793484671,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1216 /prefetch:82⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4b0 0x4ec1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850DFilesize
2KB
MD532958182234a80a5b2589418864f6117
SHA1598276140fd27d8931dbe02625e3378ad9085b8d
SHA256a6f4c0928ecef1052acb557bf148d4d06206afaa0d334d30ef676d8b4b89fdb2
SHA51204157e1f291fb8e11e8134fa321d6473ff7ed55c7848170ac9c6db4dd9e42d8303c40746ce56f4112f26c5ea730703ad00fa52fdf57377c81221473210e49dfa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\33487371110C062F82E02782078442F9Filesize
471B
MD5d5818123e44b24d4b641cf69b08f6ef1
SHA1037861dc92162490e16aa596d7a8370a481bd092
SHA256e4022b81f6794df9671be448759b8f12e4eb89585b6dd297e8d1db831fa600e3
SHA5122860f1ee3595270d30837383caf31301ec02c0174159114abfb674caece1a68a32ff16cf640354a80eaa5bb46514b9877b9f0dec59fee432d7a6fbc378a488be
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711EFilesize
1KB
MD50d870ca424457579d4bd345ac1ec6c3c
SHA1fc3d8924e13b4fc5eca7cabd4967eea3d4db1690
SHA256cf9df8d62ec78ca20a50633047af6c913dc2d10f15823795e8d86042c7b05ed0
SHA512a1e731ae03b1a2259f8e1afc86058aabb3b8ce3b0141f08ea18b6c7003c55aeb135d40bba38ebf1f76174eb1ad758fbec10841dee1ed704fb0285e36b2f7d66b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850DFilesize
488B
MD5f763d95e665101e0837dc7d8a8810b5d
SHA16fce7b2d8870c597b517e9dfd10bc00d6b642c21
SHA256adaba905bacdce17e019ebcf40b84c272f760d0f6488bcb51f11947d755b9bb3
SHA512168cc797b4d287136c67133b498d5ca08ce3011012464b9f0374f6cffb62a29a8bf391e140deb6234359478945a43e7f959e930fbb5e74e74e71b4eb9577c139
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\33487371110C062F82E02782078442F9Filesize
484B
MD50bb87181a487975a1e3763397bccb2ce
SHA17a1978dfb741b188803a9f4f3a2ce609de30d287
SHA25677a06373bab5f5d13ac458f48852d341932f2efc8825fc78673d094939e49045
SHA5125e8f6e2c4faf2b8ab08da52de165e696abd96380a46eec31a9709e7951c6abd624cc3d62c1a478fa802da84ecb166b041dbd9ed26a389d3f1013352491efbda6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711EFilesize
482B
MD5a2e59e5f716be303b4c0038587ad2366
SHA137fe2a343049d47c7c25dedac81f6f4d697be8ad
SHA2565cb5c209ad5d8541bfb2589d40ce725d53603e675cea51a21ee4adfc58dcc90b
SHA512f92b85e3a5ddc91e66fdd7f237e1c25e4362d30ee668e99f37d75e565228637b3f4ec40a1064c0556f4c73f9c82aa5dd2dee7795111aa45d3f74493ea38d6ac6
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.datFilesize
40B
MD560cd6e50a74c45f9514c2ec70fe16a0d
SHA14d09cb4351688681c28912f89869703fc3a98c0a
SHA25632fc80412bdafb44620e9694a7a9e1328c6067977021068d93061ee7753522d1
SHA512cbab6f727cfedfeddd32fb9763479530530b79df262d09f319fecac9f89d9e08a5f38331f85f26930a35bf6e5bac01821b8edea4bd2b3abec5db55ff4468857e
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\CachesMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
C:\Users\Admin\AppData\Local\Temp\nseC09D.tmp\INetC.dllFilesize
21KB
MD592ec4dd8c0ddd8c4305ae1684ab65fb0
SHA1d850013d582a62e502942f0dd282cc0c29c4310e
SHA2565520208a33e6409c129b4ea1270771f741d95afe5b048c2a1e6a2cc2ad829934
SHA512581351aef694f2489e1a0977ebca55c4d7268ca167127cefb217ed0d2098136c7eb433058469449f75be82b8e5d484c9e7b6cf0b32535063709272d7810ec651
-
C:\Users\Admin\AppData\Local\Temp\nseC09D.tmp\INetC.dllFilesize
21KB
MD592ec4dd8c0ddd8c4305ae1684ab65fb0
SHA1d850013d582a62e502942f0dd282cc0c29c4310e
SHA2565520208a33e6409c129b4ea1270771f741d95afe5b048c2a1e6a2cc2ad829934
SHA512581351aef694f2489e1a0977ebca55c4d7268ca167127cefb217ed0d2098136c7eb433058469449f75be82b8e5d484c9e7b6cf0b32535063709272d7810ec651
-
C:\Users\Admin\AppData\Local\Temp\nseC09D.tmp\INetC.dllFilesize
21KB
MD592ec4dd8c0ddd8c4305ae1684ab65fb0
SHA1d850013d582a62e502942f0dd282cc0c29c4310e
SHA2565520208a33e6409c129b4ea1270771f741d95afe5b048c2a1e6a2cc2ad829934
SHA512581351aef694f2489e1a0977ebca55c4d7268ca167127cefb217ed0d2098136c7eb433058469449f75be82b8e5d484c9e7b6cf0b32535063709272d7810ec651
-
C:\Users\Admin\AppData\Local\Temp\nseC09D.tmp\INetC.dllFilesize
21KB
MD592ec4dd8c0ddd8c4305ae1684ab65fb0
SHA1d850013d582a62e502942f0dd282cc0c29c4310e
SHA2565520208a33e6409c129b4ea1270771f741d95afe5b048c2a1e6a2cc2ad829934
SHA512581351aef694f2489e1a0977ebca55c4d7268ca167127cefb217ed0d2098136c7eb433058469449f75be82b8e5d484c9e7b6cf0b32535063709272d7810ec651
-
C:\Users\Admin\AppData\Local\Temp\nseC09D.tmp\INetC.dllFilesize
21KB
MD592ec4dd8c0ddd8c4305ae1684ab65fb0
SHA1d850013d582a62e502942f0dd282cc0c29c4310e
SHA2565520208a33e6409c129b4ea1270771f741d95afe5b048c2a1e6a2cc2ad829934
SHA512581351aef694f2489e1a0977ebca55c4d7268ca167127cefb217ed0d2098136c7eb433058469449f75be82b8e5d484c9e7b6cf0b32535063709272d7810ec651
-
C:\Users\Admin\AppData\Local\Temp\nseC09D.tmp\INetC.dllFilesize
21KB
MD592ec4dd8c0ddd8c4305ae1684ab65fb0
SHA1d850013d582a62e502942f0dd282cc0c29c4310e
SHA2565520208a33e6409c129b4ea1270771f741d95afe5b048c2a1e6a2cc2ad829934
SHA512581351aef694f2489e1a0977ebca55c4d7268ca167127cefb217ed0d2098136c7eb433058469449f75be82b8e5d484c9e7b6cf0b32535063709272d7810ec651
-
C:\Users\Admin\AppData\Local\Temp\nseC09D.tmp\KillProc.dllFilesize
24KB
MD56c2b245e89428fb917a5805815a4054e
SHA15bcd987700dd761f02d2d1d024b8f20077985051
SHA2560558bbdfe61eefb680e8560a7d4b174447a9516098f9cd8b4c84bf1552cee5c5
SHA512ecb3fb77532d6ffa1ca08df05a6a86b18138356e63cb40edf68f97fc7fdf2e781a4ebeb1efdb9f13f947304312dd19ef5c4a78ddc60843f5f726cde69b2c57d4
-
C:\Users\Admin\AppData\Local\Temp\nseC09D.tmp\KillProc.dllFilesize
24KB
MD56c2b245e89428fb917a5805815a4054e
SHA15bcd987700dd761f02d2d1d024b8f20077985051
SHA2560558bbdfe61eefb680e8560a7d4b174447a9516098f9cd8b4c84bf1552cee5c5
SHA512ecb3fb77532d6ffa1ca08df05a6a86b18138356e63cb40edf68f97fc7fdf2e781a4ebeb1efdb9f13f947304312dd19ef5c4a78ddc60843f5f726cde69b2c57d4
-
C:\Users\Admin\AppData\Local\Temp\nseC09D.tmp\KillProc.dllFilesize
24KB
MD56c2b245e89428fb917a5805815a4054e
SHA15bcd987700dd761f02d2d1d024b8f20077985051
SHA2560558bbdfe61eefb680e8560a7d4b174447a9516098f9cd8b4c84bf1552cee5c5
SHA512ecb3fb77532d6ffa1ca08df05a6a86b18138356e63cb40edf68f97fc7fdf2e781a4ebeb1efdb9f13f947304312dd19ef5c4a78ddc60843f5f726cde69b2c57d4
-
C:\Users\Admin\AppData\Local\Temp\nseC09D.tmp\KillProc.dllFilesize
24KB
MD56c2b245e89428fb917a5805815a4054e
SHA15bcd987700dd761f02d2d1d024b8f20077985051
SHA2560558bbdfe61eefb680e8560a7d4b174447a9516098f9cd8b4c84bf1552cee5c5
SHA512ecb3fb77532d6ffa1ca08df05a6a86b18138356e63cb40edf68f97fc7fdf2e781a4ebeb1efdb9f13f947304312dd19ef5c4a78ddc60843f5f726cde69b2c57d4
-
C:\Users\Admin\AppData\Local\Temp\nseC09D.tmp\System.dllFilesize
11KB
MD5fccff8cb7a1067e23fd2e2b63971a8e1
SHA130e2a9e137c1223a78a0f7b0bf96a1c361976d91
SHA2566fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e
SHA512f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c
-
C:\Users\Admin\AppData\Local\Temp\nsh5783.tmpFilesize
92.4MB
MD5777aa32b211380dd6ed1841f9a8d4e29
SHA13f953640460494b8fb64897ce61ee5e2b318de6c
SHA256b2416875d5f34fc9ed8d20bb5eaf554a6f2e86885e30e8b904ddd66d4745d491
SHA512542afc75889df8b843a4963cfdf4e5c44b9e8de2e99d0774c7ba33c65466ce6a7dd7f1a4dbf5f52c3b3a0fc544e9d195608a7a78b82084b09672ad341520b306
-
C:\Users\Admin\AppData\Local\Temp\nsh5783.tmpFilesize
92.4MB
MD5777aa32b211380dd6ed1841f9a8d4e29
SHA13f953640460494b8fb64897ce61ee5e2b318de6c
SHA256b2416875d5f34fc9ed8d20bb5eaf554a6f2e86885e30e8b904ddd66d4745d491
SHA512542afc75889df8b843a4963cfdf4e5c44b9e8de2e99d0774c7ba33c65466ce6a7dd7f1a4dbf5f52c3b3a0fc544e9d195608a7a78b82084b09672ad341520b306
-
C:\Users\Admin\AppData\Local\Temp\nsoE9F3.tmp\INetC.dllFilesize
21KB
MD592ec4dd8c0ddd8c4305ae1684ab65fb0
SHA1d850013d582a62e502942f0dd282cc0c29c4310e
SHA2565520208a33e6409c129b4ea1270771f741d95afe5b048c2a1e6a2cc2ad829934
SHA512581351aef694f2489e1a0977ebca55c4d7268ca167127cefb217ed0d2098136c7eb433058469449f75be82b8e5d484c9e7b6cf0b32535063709272d7810ec651
-
C:\Users\Admin\AppData\Local\Temp\nsoE9F3.tmp\INetC.dllFilesize
21KB
MD592ec4dd8c0ddd8c4305ae1684ab65fb0
SHA1d850013d582a62e502942f0dd282cc0c29c4310e
SHA2565520208a33e6409c129b4ea1270771f741d95afe5b048c2a1e6a2cc2ad829934
SHA512581351aef694f2489e1a0977ebca55c4d7268ca167127cefb217ed0d2098136c7eb433058469449f75be82b8e5d484c9e7b6cf0b32535063709272d7810ec651
-
C:\Users\Admin\AppData\Local\Temp\nsoE9F3.tmp\INetC.dllFilesize
21KB
MD592ec4dd8c0ddd8c4305ae1684ab65fb0
SHA1d850013d582a62e502942f0dd282cc0c29c4310e
SHA2565520208a33e6409c129b4ea1270771f741d95afe5b048c2a1e6a2cc2ad829934
SHA512581351aef694f2489e1a0977ebca55c4d7268ca167127cefb217ed0d2098136c7eb433058469449f75be82b8e5d484c9e7b6cf0b32535063709272d7810ec651
-
C:\Users\Admin\AppData\Local\Temp\nsoE9F3.tmp\INetC.dllFilesize
21KB
MD592ec4dd8c0ddd8c4305ae1684ab65fb0
SHA1d850013d582a62e502942f0dd282cc0c29c4310e
SHA2565520208a33e6409c129b4ea1270771f741d95afe5b048c2a1e6a2cc2ad829934
SHA512581351aef694f2489e1a0977ebca55c4d7268ca167127cefb217ed0d2098136c7eb433058469449f75be82b8e5d484c9e7b6cf0b32535063709272d7810ec651
-
C:\Users\Admin\AppData\Local\Temp\nsoE9F3.tmp\System.dllFilesize
11KB
MD5fccff8cb7a1067e23fd2e2b63971a8e1
SHA130e2a9e137c1223a78a0f7b0bf96a1c361976d91
SHA2566fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e
SHA512f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c
-
C:\Users\Admin\AppData\Local\Temp\nsoE9F3.tmp\nsDialogs.dllFilesize
9KB
MD51c8b2b40c642e8b5a5b3ff102796fb37
SHA13245f55afac50f775eb53fd6d14abb7fe523393d
SHA2568780095aa2f49725388cddf00d79a74e85c9c4863b366f55c39c606a5fb8440c
SHA5124ff2dc83f640933162ec8818bb1bf3b3be1183264750946a3d949d2e7068ee606277b6c840193ef2b4663952387f07f6ab12c84c4a11cae9a8de7bd4e7971c57
-
C:\Users\Admin\AppData\Local\Temp\temp_eventMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
C:\Users\Admin\Downloads\Setup.exeFilesize
122KB
MD5830725fdb9974c80c884bd208c9a9e61
SHA1155fa61187f36230905d177632f721fffe01e4b8
SHA25631cccd7f8e7db26c12f522c0f1519ffa459fdd0120e4911c03fb2fcf2432ca00
SHA51217ef9cb7d5ec82b3d079531b1879e5425e44d3ea6cb1d0727ba91da0321ebe8e2be3333422e3ac4dc50b258f979b19654ac5b53d32f4b3b746a3883718e2df70
-
C:\Users\Admin\Downloads\Setup.exeFilesize
122KB
MD5830725fdb9974c80c884bd208c9a9e61
SHA1155fa61187f36230905d177632f721fffe01e4b8
SHA25631cccd7f8e7db26c12f522c0f1519ffa459fdd0120e4911c03fb2fcf2432ca00
SHA51217ef9cb7d5ec82b3d079531b1879e5425e44d3ea6cb1d0727ba91da0321ebe8e2be3333422e3ac4dc50b258f979b19654ac5b53d32f4b3b746a3883718e2df70
-
\??\pipe\crashpad_4072_MVWILDIQUCHUXKKZMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/64-184-0x0000000000000000-mapping.dmp
-
memory/180-188-0x0000000000000000-mapping.dmp
-
memory/548-179-0x0000000000000000-mapping.dmp
-
memory/1000-186-0x0000000000000000-mapping.dmp
-
memory/2340-177-0x0000000000000000-mapping.dmp
-
memory/2356-180-0x0000000000000000-mapping.dmp
-
memory/2392-174-0x0000000000000000-mapping.dmp
-
memory/2900-178-0x0000000000000000-mapping.dmp
-
memory/3228-187-0x0000000000000000-mapping.dmp
-
memory/3560-182-0x0000000000000000-mapping.dmp
-
memory/3560-134-0x0000000000000000-mapping.dmp
-
memory/3724-176-0x00000000032F0000-0x0000000003304000-memory.dmpFilesize
80KB
-
memory/3724-143-0x0000000000000000-mapping.dmp
-
memory/3724-168-0x00000000032F0000-0x0000000003304000-memory.dmpFilesize
80KB
-
memory/3724-165-0x00000000032F0000-0x0000000003304000-memory.dmpFilesize
80KB
-
memory/3724-163-0x00000000032F0000-0x0000000003304000-memory.dmpFilesize
80KB
-
memory/3724-162-0x00000000032F0000-0x0000000003304000-memory.dmpFilesize
80KB
-
memory/3724-167-0x00000000032F0000-0x0000000003304000-memory.dmpFilesize
80KB
-
memory/3724-166-0x00000000032F0000-0x0000000003304000-memory.dmpFilesize
80KB
-
memory/3724-159-0x00000000032F0000-0x0000000003304000-memory.dmpFilesize
80KB
-
memory/3724-175-0x00000000032F0000-0x0000000003304000-memory.dmpFilesize
80KB
-
memory/3724-158-0x00000000032F0000-0x0000000003304000-memory.dmpFilesize
80KB
-
memory/3908-173-0x0000000000000000-mapping.dmp
-
memory/3972-183-0x0000000000000000-mapping.dmp
-
memory/4612-185-0x0000000000000000-mapping.dmp
-
memory/4612-190-0x0000000000000000-mapping.dmp
-
memory/4792-189-0x0000000000000000-mapping.dmp
-
memory/4912-181-0x0000000000000000-mapping.dmp
-
memory/5048-191-0x0000000000000000-mapping.dmp