Analysis

  • max time kernel
    299s
  • max time network
    304s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-07-2023 02:42

General

  • Target

    https://bontoncompany.com/

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 3 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://bontoncompany.com/
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4480
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd67a99758,0x7ffd67a99768,0x7ffd67a99778
      2⤵
        PID:1120
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1868,i,12295426025425926829,3789114362155759552,131072 /prefetch:2
        2⤵
          PID:3816
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1868,i,12295426025425926829,3789114362155759552,131072 /prefetch:8
          2⤵
            PID:2152
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 --field-trial-handle=1868,i,12295426025425926829,3789114362155759552,131072 /prefetch:8
            2⤵
              PID:628
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3176 --field-trial-handle=1868,i,12295426025425926829,3789114362155759552,131072 /prefetch:1
              2⤵
                PID:3368
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3172 --field-trial-handle=1868,i,12295426025425926829,3789114362155759552,131072 /prefetch:1
                2⤵
                  PID:1248
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4620 --field-trial-handle=1868,i,12295426025425926829,3789114362155759552,131072 /prefetch:8
                  2⤵
                    PID:4512
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 --field-trial-handle=1868,i,12295426025425926829,3789114362155759552,131072 /prefetch:8
                    2⤵
                      PID:1628
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3976 --field-trial-handle=1868,i,12295426025425926829,3789114362155759552,131072 /prefetch:1
                      2⤵
                        PID:4288
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2288 --field-trial-handle=1868,i,12295426025425926829,3789114362155759552,131072 /prefetch:2
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:1216
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=984 --field-trial-handle=1868,i,12295426025425926829,3789114362155759552,131072 /prefetch:1
                        2⤵
                          PID:4908
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2500 --field-trial-handle=1868,i,12295426025425926829,3789114362155759552,131072 /prefetch:1
                          2⤵
                            PID:4356
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5412 --field-trial-handle=1868,i,12295426025425926829,3789114362155759552,131072 /prefetch:1
                            2⤵
                              PID:3356
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5376 --field-trial-handle=1868,i,12295426025425926829,3789114362155759552,131072 /prefetch:1
                              2⤵
                                PID:3912
                            • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                              "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                              1⤵
                                PID:3780
                              • C:\Windows\System32\svchost.exe
                                C:\Windows\System32\svchost.exe -k netsvcs -p
                                1⤵
                                • Drops file in System32 directory
                                PID:3336
                              • C:\Windows\system32\rundll32.exe
                                "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
                                1⤵
                                  PID:3444
                                • C:\Windows\System32\svchost.exe
                                  C:\Windows\System32\svchost.exe -k UnistackSvcGroup
                                  1⤵
                                    PID:392

                                  Network

                                  MITRE ATT&CK Enterprise v6

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                    Filesize

                                    72B

                                    MD5

                                    142fa71b67db6660b396e9beae455ea5

                                    SHA1

                                    eb644d99f672acb545564ad9e53ee6e86ce96a15

                                    SHA256

                                    025731030677cf87e35ef9144d5311654f7eb045bf3f3522c20ab16a4b21f2fb

                                    SHA512

                                    6705ba824f89ab22132bd8fdf4de680f91456cdc7ce1a1177e4932ffb210dc6434b4222269d81908d2fb4b820f36a6d696d57e81e9fabf58a69575a54869b2e9

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                    Filesize

                                    2KB

                                    MD5

                                    e3e30cb925066cdfc9080043ffeebae6

                                    SHA1

                                    1e2b0e1cf9608bf353d0b37c9c7ae5f5a1d2e1b7

                                    SHA256

                                    aa5a27e0f0326283c526c997c071308d916df882a7ea4fd2b1075dec524150ee

                                    SHA512

                                    4540cf7afb276b078719f1cc774cecbc3fe92fa1acfc521b0d8daadadcd3d274e6241a4ceb12123755966fc287729dee51f80d80f70946f8cb2d77d8a49b1c77

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                    Filesize

                                    1KB

                                    MD5

                                    73dcd543b04b1846772ddaf3a36ba052

                                    SHA1

                                    037eff6e356db0783c1ff3da5416285b5ecc6f66

                                    SHA256

                                    cde0047fa57b14ca7b7e2dd2c475e68c839913e7f6ce8ac5203c684b15019948

                                    SHA512

                                    b38b1b7cbbbd6aaa06d12b0a6352ddf4479dab5bd9f21c9e515120254e904cea5c8a08370f1325a84c99b58ea4cb4bafe5453ff6171fa78b27ce7dc8912cb8db

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                    Filesize

                                    1KB

                                    MD5

                                    80390af5f09d979dc4af6d0cf46fe330

                                    SHA1

                                    b0b82243cbcfe5b31660191f03d236eec4277f2d

                                    SHA256

                                    5d29c253189bcec6744990b7f6e0e6cc3293707aec8732b761d3f0239b281761

                                    SHA512

                                    11d5f2a7e284bc84cc420b361509fbc30efeb50cd3562f8dc303758ee986f339e34c3c4684dc449ec16af3938ae6d2ca411f7210a40f78eb41bd85cb1a211410

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                    Filesize

                                    536B

                                    MD5

                                    c69fb6b5288061339c61d284881d96f1

                                    SHA1

                                    f311d35ee210b5a9526cf8c51597c28d9311efc2

                                    SHA256

                                    ae529b434ee18a08a8c19cae743477fc4996de01d784862f162033f65024a4e3

                                    SHA512

                                    060c60166bf3db20c72721507addd432d51cb5b934013b505b293be84157c7d6cfc7df11bef7438fd044e6c9c6ef6d82bf3f2eebf6020709b54ee7c469afc258

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                    Filesize

                                    538B

                                    MD5

                                    1e3e5c1b64b2f60a4e6748e66c619847

                                    SHA1

                                    0e183666ec45e3b3996d016f7d6c37f851db0c31

                                    SHA256

                                    65b3ad7fcda7c1b43839f7a84677c8e78e950e499aee50c70b4e484161234fef

                                    SHA512

                                    e8ff2ece090467247b8b96ea57a34af06d1f9b5a58e75db0fec1b2789440f8590bdec8720812c6cccca12d356b3caba47983071592bfa9b97e5aeab757103093

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\a98731d4-56a7-4c01-84e4-8e7cd374ad77.tmp

                                    Filesize

                                    2KB

                                    MD5

                                    7c30ab83f177d4bf346194a0a4a99b1a

                                    SHA1

                                    b678d6ba3149d11ae6aa7c4a7b0ffc251095eaa5

                                    SHA256

                                    f362078c0c010a174e0637610a458c88503fc05b25bf9d117177d3a27340207c

                                    SHA512

                                    a64d21c9145d99e657844a01e8ebda012ec1966f685a9da77d73fa579bcfc56bb678802d5ef710f1e4d5810171efcc04c2e90721f01bedc9f51b3c6fb0bc53f4

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                    Filesize

                                    9KB

                                    MD5

                                    66d8fe6f1f0102df1d7ed36c4dcb659a

                                    SHA1

                                    03d4fe250774b05b12fd38946e2194291f80e67b

                                    SHA256

                                    68ec6f9a7725d3916fc3ef767259ad985142d925c7ca9cf2e7f33edaf5b9773f

                                    SHA512

                                    0196cb3d5698a4a1234aefcbf56c5fadfb644bd3807f5dc235d176218a787223ac372a36004d6ca2841234b24eb5ed2dbc6b1af703958477fd9fdcf13497c0d7

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                    Filesize

                                    9KB

                                    MD5

                                    fe2bd3bde81b64745b1875c0ebdae735

                                    SHA1

                                    d2921844496f86a87efd468b882a287e89e1bf74

                                    SHA256

                                    c6a3f4b94513315047b15004a95e8e1d1e101634c7d0b127ea9366ab50535120

                                    SHA512

                                    7c575580ac65b3d40554bd9f9e8bdc0840bc1be150b8b5b99449e3c227ddc06e136eceda7cbe537ca469b0191c03130799fc28f914d6afc0ca2010c30f396a74

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                    Filesize

                                    9KB

                                    MD5

                                    f911e389e4452ded4b36df04861fcd9f

                                    SHA1

                                    59a7c4de58a08da07f1c3e85626999c4174d6415

                                    SHA256

                                    9de9c2badb46027e440845f470d0bc25b3184df9f332a25727917b3c56f016f8

                                    SHA512

                                    375cf6342b97732ed7b97d51539cd53f2a9d397c8e9b8300f7a34155cf7aef6f8dfd3cd082d698a807d4e988a9b84ebe55e242b51f3bd99a1d76af7480f761e0

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                    Filesize

                                    6KB

                                    MD5

                                    3595ff81279fdad0e394784a66e4a2e9

                                    SHA1

                                    4dd1988ea0031ac62e0992d5da17c5c136aa7fbd

                                    SHA256

                                    d5ae2460e48092ddb0d65b95dc579dd82e5123da23bdbf5a5cec53c1c0f408ce

                                    SHA512

                                    8748979aa86c06349e9d24f6f8c75b941da096986317365d0b330f63a4a1e20e49526fb1d20a1c6b6ba1f074e300322b066d0a8dec716d05e85f4b1615bd77b5

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                    Filesize

                                    87KB

                                    MD5

                                    9addaf35d69388f85fe408339af7d081

                                    SHA1

                                    f41ad311b4d815daf562575ba7c633195c1391fa

                                    SHA256

                                    391f81854bb121deeb07741874f2ee570d9be5efbfca7355ce11c03fbed45700

                                    SHA512

                                    87068fe61bb94832bbfffdf2fdd2aa7b92666412f3befff1a6c17c7f91655fd7ff1155cb6ba2584f5ff4fffcf2ba0db983d932ee9eec105114b9a4143e0cd05a

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                    Filesize

                                    87KB

                                    MD5

                                    17058e68c645ec5fa04e2544ce715cd0

                                    SHA1

                                    3ef36e243f0c57c3db41d78886bbee6306564289

                                    SHA256

                                    c0503d46d1219646458380658d87b6806989dc4c4cc760838bc6f53e16c76d46

                                    SHA512

                                    e9e43b06648ddb31d30f8ccda2feca0df8c09621cf4f8dbb3e70604288fc36e6692612ef31480720346f79dd6839a7e354aac44885669430e3eacdb45de6fe7e

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                                    Filesize

                                    2B

                                    MD5

                                    99914b932bd37a50b983c5e7c90ae93b

                                    SHA1

                                    bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                    SHA256

                                    44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                    SHA512

                                    27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                  • C:\Users\Admin\AppData\Local\Temp\wsuAB15.tmp

                                    Filesize

                                    14KB

                                    MD5

                                    c01eaa0bdcd7c30a42bbb35a9acbf574

                                    SHA1

                                    0aee3e1b873e41d040f1991819d0027b6cc68f54

                                    SHA256

                                    32297224427103aa1834dba276bf5d49cd5dd6bda0291422e47ad0d0706c6d40

                                    SHA512

                                    d26ff775ad39425933cd3df92209faa53ec5b701e65bfbcccc64ce8dd3e79f619a9bad7cc975a98a95f2006ae89e50551877fc315a3050e48d5ab89e0802e2b7

                                  • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

                                    Filesize

                                    29KB

                                    MD5

                                    02976674212a9c484fade6e0889b59c9

                                    SHA1

                                    cf2ef13150196a67b178725c47591ded4a77b6c9

                                    SHA256

                                    1e299832b66a60f0be59cfbeff4161ad8861d86de42dda9e68b327248d9ad63e

                                    SHA512

                                    fab5968046a6d1bb0ab71877b93bdf498d64ffb8c17d441357ff5ad557cb6127feb17e6dc787446fc18731a7c0f153107446608f1b22612c3f4c1afd29005409

                                  • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

                                    Filesize

                                    29KB

                                    MD5

                                    26937d938cabff66cc5f37dc38a7d5e0

                                    SHA1

                                    d36f4016db832e07e202968e130b5b4078751e60

                                    SHA256

                                    84983cec5c65495e954e05f9c0c458c43b5979c5fee81e3e66c3b116342cbca2

                                    SHA512

                                    e547753c44104ba72cf35ed4a73b67840434d55b1037d62052447eaa11d757d2ac7efeb6df47db93643c2080584650f327783e817bb1391da1b0a8067c2691f9

                                  • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

                                    Filesize

                                    29KB

                                    MD5

                                    99e22a335540dc05c95dcaef82a4b1c6

                                    SHA1

                                    45536607d633e268e0abe86a2a92d11f92397f2e

                                    SHA256

                                    026e4fdc0c7855b03230975ce24675b3feda9c722718ead31e79b21bfac1ae98

                                    SHA512

                                    abb6c8e7f7df1c65903bf3a21f05381bfa4b057c471f3d3da1fd0b0cb9d1b368d4d5a0508b32e066341a4f4bbe98be8ff77e9d2110b423c5d548a2c09ca8157f

                                  • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

                                    Filesize

                                    29KB

                                    MD5

                                    fed6f5cb077026a93e4d62cab9c6c9c6

                                    SHA1

                                    77ef5d02eaeae759134eefb189fb9cea55cd4c78

                                    SHA256

                                    d156ed6fbbcea360caa01e20f51e102b95cb42204ba9805cf85db6dfd1da5312

                                    SHA512

                                    153d55fdc58335e946167ad99d2b89cffef96e20985fc0b5cbae10f468c6131805e2249c6d25a91360787081a64a125f31ca5d77547b34891e90ed7bf8617666

                                  • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

                                    Filesize

                                    29KB

                                    MD5

                                    f5c3daf1e8af459da9519122ccd5fabb

                                    SHA1

                                    f576fd3e8c0f48ff78678b760abb13dfaebb8a06

                                    SHA256

                                    5393ec758ffcb96fc6dbb74a1fa7c2ceb81644e6a522d9cf571fa303f723eef8

                                    SHA512

                                    9dec10b1e4b393845634d732a37ba3b1a13bde516463053994d118b7e2f3640f0f68f9cb605eacb6944434c7a887303842043c348f24a213b4b5e159363211ea

                                  • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

                                    Filesize

                                    29KB

                                    MD5

                                    5cfa2a9d51740954b32043da5eb65e6c

                                    SHA1

                                    07002bc1d6babaecf5b5845f43d920dcbc2f4fce

                                    SHA256

                                    212420a0bedde558fbbe4f4a6e60ec1f9e1a55782791f048c94cc9e20ef1e9eb

                                    SHA512

                                    6b580393fae81a5be0a3675a55739d57dda51e11e4346927a133055b0639811ad795c27d0d9dcf6bb7e23a7840ee748e2a6a5dc57e72745809fe16f7f8cfa260

                                  • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

                                    Filesize

                                    29KB

                                    MD5

                                    22c075dd126bdd57fed5c86eb963d32c

                                    SHA1

                                    102e36144c9d64e5442ecabb8cc0e27ae0000a0e

                                    SHA256

                                    db9c36012afa5080afa0f05e490a076fb19971184c07b0d97091587104a5ea92

                                    SHA512

                                    917fd0cd93de5813d2f0187e08bae11ab6714f88d7c8c4b5c10109f519989a8997f864c903877ccf10c7e33bd593bbd00ef8bae97815b00d0552fae2c062a8db

                                  • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

                                    Filesize

                                    29KB

                                    MD5

                                    f2f110ee82460d65997616f8a4ed2c6e

                                    SHA1

                                    ee42a439177b4b03b4f16c7f835d0839edfe3663

                                    SHA256

                                    ee417cf7284bbeda7e391ed25cabd4c2e08a163844b50d03d395bf8a6c9a9857

                                    SHA512

                                    130214a47b9df4d22abfae8d7b75c2a608140237f127f6039cd7a35a9973e8a7fb172ee7a4a0b2894776cca9b9d8ef4b5a26596f457ebf52e0fc3c92080fe7eb

                                  • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

                                    Filesize

                                    29KB

                                    MD5

                                    2c338c35b74a41b0b60b2451344c5bb8

                                    SHA1

                                    cdf1967171075de9f7644d03d7335e00b987bacc

                                    SHA256

                                    a900517c18b087212c07b85c2c7db31eecbc1bf26ff319fe83f0870c9a0f1f91

                                    SHA512

                                    403e017e8d95c5454712c6fc37936a39583fdbe7e689a1d9c4f219b1a5b45930fa651b64a61afd3286aeb859dec6a65f736318a74e21c05e32b181172140c56e

                                  • memory/392-449-0x0000024F199F0000-0x0000024F199F1000-memory.dmp

                                    Filesize

                                    4KB

                                  • memory/392-450-0x0000024F199F0000-0x0000024F199F1000-memory.dmp

                                    Filesize

                                    4KB

                                  • memory/392-451-0x0000024F19B00000-0x0000024F19B01000-memory.dmp

                                    Filesize

                                    4KB

                                  • memory/392-438-0x0000024F199C0000-0x0000024F199C1000-memory.dmp

                                    Filesize

                                    4KB

                                  • memory/392-419-0x0000024F11650000-0x0000024F11660000-memory.dmp

                                    Filesize

                                    64KB

                                  • memory/392-403-0x0000024F11550000-0x0000024F11560000-memory.dmp

                                    Filesize

                                    64KB