Malware Analysis Report

2025-01-19 03:59

Sample ID 230724-jfvb3sbd34
Target https://bontoncompany.com/
Tags
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://bontoncompany.com/ was found to be: Known bad.

Malicious Activity Summary


Drops file in System32 directory

Uses Task Scheduler COM API

Enumerates system info in registry

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-07-24 07:37

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-07-24 07:37

Reported

2023-07-24 08:07

Platform

win10v2004-20230703-en

Max time kernel

1800s

Max time network

1690s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://bontoncompany.com/

Signatures

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{F64B4324-E3D5-424F-8890-361757803AB7}.catalogItem C:\Windows\System32\svchost.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat C:\Windows\System32\svchost.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133346578424746144" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3752 wrote to memory of 3248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 3248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 4616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 4616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 3588 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 3588 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 3588 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 3588 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 3588 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 3588 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 3588 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 3588 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 3588 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 3588 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 3588 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 3588 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 3588 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 3588 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 3588 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 3588 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 3588 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 3588 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 3588 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 3588 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 3588 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 3588 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://bontoncompany.com/

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb2a879758,0x7ffb2a879768,0x7ffb2a879778

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k netsvcs -p

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1932,i,8945087889154721513,13100799803066972826,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2180 --field-trial-handle=1932,i,8945087889154721513,13100799803066972826,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1932,i,8945087889154721513,13100799803066972826,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2896 --field-trial-handle=1932,i,8945087889154721513,13100799803066972826,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2888 --field-trial-handle=1932,i,8945087889154721513,13100799803066972826,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5064 --field-trial-handle=1932,i,8945087889154721513,13100799803066972826,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5056 --field-trial-handle=1932,i,8945087889154721513,13100799803066972826,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2448 --field-trial-handle=1932,i,8945087889154721513,13100799803066972826,131072 /prefetch:2

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k UnistackSvcGroup

Network

Country Destination Domain Proto
US 8.8.8.8:53 bontoncompany.com udp
SG 85.187.128.46:443 bontoncompany.com tcp
SG 85.187.128.46:443 bontoncompany.com tcp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 240.81.21.72.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 170.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 46.128.187.85.in-addr.arpa udp
SG 85.187.128.46:443 bontoncompany.com udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 39.142.81.104.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 54.120.234.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 assets.msn.com udp
NL 88.221.25.99:443 assets.msn.com tcp
US 8.8.8.8:53 99.25.221.88.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 233.141.81.104.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 121.208.253.8.in-addr.arpa udp
US 8.8.8.8:53 254.165.241.8.in-addr.arpa udp
US 8.8.8.8:53 74.175.53.84.in-addr.arpa udp
US 8.8.8.8:53 1.208.79.178.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 160.252.72.23.in-addr.arpa udp
NL 20.123.141.233:443 tcp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 12.173.189.20.in-addr.arpa udp

Files

\??\pipe\crashpad_3752_CJAIZAOYNRLFIIFB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 34d65b097de247c1796dd661ec295b28
SHA1 992b155e40269e73abb1d1e5f638e7b4ee5e1ba5
SHA256 3e719be5d570fefa5da905c447fb7367d35cda6efc9f27c79ad2356e547831d6
SHA512 a03754472fee3413f1cb53202e1b16a1eb655952668ddf6e5d9efbaa0f732890d49ba7dba63960202b280c5b1a0c86969a526a9bc3bd22773a5c3c152819e305

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f249b3d11707267ad3e109f627ec1932
SHA1 50b483917777c5d17b49bfefa3d8aeec9cefc470
SHA256 b40ca5b6ad2779e4616877d641b164ebefc55e14fd527fe6478c0463f3cf9133
SHA512 40a3ce040893513b52f2584040700489e36fb97a90a325a74e7f106ec888eea029c1286743a1cda134beb87f9e3f9861e119e9f1a1274e5e2b20298d8fe3f0dd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 db5368c462bc36d9f95bfb7da55be55c
SHA1 476f416f46bd1b77123fae6903d52be38dfa4c6f
SHA256 e932a5263fbfc47fb62bd6a7b768be88be814d53248b9371a96f6727ee5da56c
SHA512 5aa2a31a0a78033a37f957387a87c6c14fa16d49d66998b7ccd66aa5ff6b05572e472f41123a6f94697554d26ce3e220a16fd4fbe23c3e1030f6db82b9f6acbc

C:\Users\Admin\AppData\Local\Temp\wsuF1C2.tmp

MD5 c01eaa0bdcd7c30a42bbb35a9acbf574
SHA1 0aee3e1b873e41d040f1991819d0027b6cc68f54
SHA256 32297224427103aa1834dba276bf5d49cd5dd6bda0291422e47ad0d0706c6d40
SHA512 d26ff775ad39425933cd3df92209faa53ec5b701e65bfbcccc64ce8dd3e79f619a9bad7cc975a98a95f2006ae89e50551877fc315a3050e48d5ab89e0802e2b7

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

MD5 7003f385eac752d8ff3e4801ce385a0a
SHA1 80eedbf5f2859c4ae16140003504ddbe5499a9db
SHA256 073dc6164185d4c83d300ee1507f3d93b9c2425b3a4d7f539b04f84f6c8dce6c
SHA512 ee0a4d7a1b9922c750917e591a3a0439c0c922e63d0c720d5cdd81629d19008e855d787d4b9db63194fbd4e3b73404abdb0ee2d351e68526936230524f54dfc1

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

MD5 a7b2f2ce357940f6f4d06dd81c61d715
SHA1 4bf15b138d4f21c831e30e94da54d776a3ad7961
SHA256 0f51fcbda3e54f1cdd45a131dca00b997e67dac9731b01818bccc1162efb5613
SHA512 960a12f98d2c7a9f468acf2daee3b3a760264b237cffc32e5909533ba1562e50cad4c422e26e3e55e43e7d67af743b6f69dc76e8c57c83bf396de9328929fee3

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

MD5 109913e404f8700460c404685dec6a84
SHA1 53d48d301fd7265119c1b2c2b7ec7fba9b183d1f
SHA256 b7cbeb5954826843d8ac6767a9c7b2e3ff443662932f1a17d8a2aac3cf8c380e
SHA512 71853b06f4c57a76155fb314c47cf87d703f588bd39cf317ce7c322cbd5555ad6557ac935c7ea0db5dbd3c55ec65d253e881c9cadfd5cacc5e0e44492626253b

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

MD5 fa4ca4cdfafa9752e709b69a0055ee8d
SHA1 a3a7a0bde5148b42d71314fca8ba0fff6814234a
SHA256 6564fe43d1b949cf75a13c0371a676e08d41f11dbe6f1a7834d2b4fc874fa11d
SHA512 23ab1773e2f842362c52d136d8bff06fed5bd0f8fc8a5d483916f77cbf91a1b8d441a711b8420c22e5c7420aebb0096b85e8b4e8ecc0970fd027be9efb4374ae

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

MD5 aaed19652cd02d76bc049ac02a4151fd
SHA1 36e9ad089f5b052de7cbc2bca67961c1d57a8ce7
SHA256 2fcae85e80fd6eef56b025a126cdb6ef41d17ad001938d9d7137c36bb752367b
SHA512 0962d9327a53531b56639f0be5d5e559d72c6f897f488f43946917a1221975c7a8f2d59d3ec152ca693c9a1391b9c283aa85d9485235316704ba5a7eea588c31

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 44beca2d8c117e310ffe98a73207b335
SHA1 8cf48ce6a10e76c29dd8690f58ea85fe8e54f810
SHA256 c8a39c473cc57e9307ec1e4b1c49223809efd370f7009bdf9e2c77e7ad2138c7
SHA512 6648be5aea17e6af48d70821a5c786eac68da22a0c9af7092fc21444860ccd4026640a63b9d996005c5fde2df729107121d4579cd41817fcd8f89c162a398c30

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

MD5 9762ad28d2dd38d10ce862b6f48d1003
SHA1 bf2d756bad2dc21a86e575b8641f1683977dd4ef
SHA256 af69c036b07d23f9e15dd6279f9f8e237deeb91730bfcb0e3fe09415de4f6b1c
SHA512 d313571c811ac1fbff1705f753a7613bcb7025368585122bce3e382f59201193dc5838a682189a370d87aa4737a548368143a638a020e8354bee6aa86ce0f60e

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

MD5 efa24a0c95f0ffc052acd79285caf821
SHA1 3f4b8e55b28ee85810bf26d1d9bca1a6d0ab592e
SHA256 54a5cacced1dbac8f08491284d3bb3dff29ab524a34a8cc060eb770faf361119
SHA512 6d4d3295feabac772132e5dcf1546c5f2760d6cc6d0531d147188ebc91ef47ac9ffd7adf18495c73096730cc7f62e9699ae7f9dc5e5b2450bdd69216a454a2cb

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

MD5 16a32e336d17f87c1923c60d651caa4e
SHA1 da83f9ad8e3b9fa1ddc236000a6e28916a514394
SHA256 00b3b2fccdb417b6482edeb9e303e9b7a13fe53176cc621c95c97c01b0003842
SHA512 b3b5bb47a78098e79dac22bd721ce55c1b5808b4985153c3648a75723b0710cbf596427c522a3c335c0cb8095e2ef1fdb48e327cf317f06b5f29837bed80b4d3

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

MD5 80945375be3caa36db2a7963a0a8c12a
SHA1 4f081ee2c58c2d4618e81744b9fcf5e73d3b76cd
SHA256 eb443367e13cf1f417df84ed2780fd9e61b6a679333806793cd312589a271580
SHA512 6bec42e179365cba65d4164989d31e665530cecef4aab8898db6964fe4b54f094d33c2e78e05adbfdc9b01dc84ead23ebd48e87a0b79fbafbbc55b616fb7383c

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

MD5 c1522dd9352faaf3518fe0673389c7f1
SHA1 2e5ba3542c574f0230395d97f73dfe63167f2ae1
SHA256 eab5445374f01e35575352760dd3f60c661437fb6ef90ed464d53f85e147cd9d
SHA512 1e25740c09a4701963f44508afc640096477e34e940501307b13fc838cc50bcbbe06a28fd47775e1f94c1f94e7207135a201957ac66b78dae7576053548a053f

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

MD5 65267d21ab35012849c0dc01f4fc237d
SHA1 363dd0259ac94df5c1c3b11f2328821c61f2266a
SHA256 7d6f41eb9e4ef5a7172fb5a55f4a4d644d5c51c5a0a32ba80d9bb3718d6ff519
SHA512 6d2056295c808df876f42a4410664705c843ec10a84e6d2cd49ee95fd3d8cc13fa0872db1efebe0f9d55b114b3df38eb6f074cff93f37c4f6ee1402d12bc07ed

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

MD5 87ff7936ccc0f7de12cca00883de5345
SHA1 ed40bc635be67958ac0a5e525ce8e1cb042db8d5
SHA256 6a003a60dc3e2c550733d2d5a45a28ac0caba8dfe1a022de60d42b77c4a939ff
SHA512 193bca3745d45df78de7c0beb377e8bde83927cf151388e37256903d4a34ad7f43261bc5d3f043a3ca53f9fc9ae866d80446e425f4d8ccfcf9e28beda5805c60

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

MD5 3e5b95dba3bb797680a202e71c918d62
SHA1 1efc81646984c74b31c0bf66e4cc7d1f320403fa
SHA256 01db0c514b4eaa1754d706ba4b7cbfdf554199440bd0264f044ff8d8a0f54471
SHA512 21f8aa3aec6f032daafc76b638b4f135dbb62463dffdacfff7a76941f53476971aa5b1e45de3e358fbe35ac07e72cbebad00eacce02de48bf04688a2b21c6863

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

MD5 13b415b287e0d694414f8fa4ae106069
SHA1 b4eb13ec7f6cb2447ef98ab53f6d7368ac7531f7
SHA256 f4461d01554a0c6c87f198babf59a995749daa5ef1c7d38e93fbe9543d00824e
SHA512 fa1d9a9bc7a56acf2329d62c9b365a0eb15d41a28b9d86cfc601ce60f1e203c0c3bf0e89cb6d5cf3f01f7157c803dfbcc4eff3c9a651657797549b569869dcd6

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

MD5 ca7a5abef01e7413d333dae519cf00e1
SHA1 bb0396ffb5b4fdbf4574a99fa117d5ce8b606739
SHA256 c1578abd2e71fd9be1831f4e31c0d5c7ae192e9fd76a0c1ad19fe9433158f59a
SHA512 e26fd798a4fdee0a541c639c2f3c2dd7d688f6cd080074d81076e52308241e79c6ee6260d18a8a6e41da3e5aaeeee1e899188244aa8ff2e422c3145585ac552e

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

MD5 63fce3c13e9a8a6878504efd16c4778d
SHA1 c0dbb95f525e2db3abcaf7a72ab07bdc8f1654a4
SHA256 52f291434a25731145b558500f836d1bdc9e3f0194f117da8a74b1c63bce0e74
SHA512 6e3ddaf860645eddeac4811c5e17ab4edffc2e96fb714f6e5fce4587b6178395ec16ce7f55511832763c63d88f68da1176ea181ff9f95fc365b2500b00be597d

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

MD5 c0fd19ad7848b3066c1e371ac13683e0
SHA1 e547c6177d29ddf98406c7c891cef629e9f10fd8
SHA256 00548f69fd354f9d02c2a7519311e71fa6588aee048e530241fae15186af4054
SHA512 d4beedbd957ff6f6d9de87ba6edac1e751cdc24cf7c4bde2a7534471765245ba314c8a69cce1643cad018a0f57e2d123af1b0bae5cb70f5c98f897d940896f2a

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

MD5 095587f277be367f74c5ed8a8673d8cc
SHA1 20dc8bc06c9a60069acaf557165c8285efc396d3
SHA256 196c48c1d2eb5fc1cb169819abd0fe5293753f10e4b1225aecd1dc7e3b0288bd
SHA512 9299b97372fac11a893ccf314c693c4aeaf9a36ecda09e970b596365f074ff1bedb82fcf0cf42a97676bfe46a54df4fabc2343d0ee5de65d580175389333c95a

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

MD5 6bc3fcfe48e7e49ed7730945b09c895d
SHA1 1d40f729cbc5f91150341e4add16f9d73091920a
SHA256 34870b1adf20eaa67d3c8b411988ab7b21241c32a86f2f870fd8d6c038bf6310
SHA512 f656a69e31e66ceba7e1146e98c6c49db0df1226dd0010963c45e05289e0110232df6d7988c74588d1d1a7855206c1b430f5e917f35eb4180c9a67ed4b26d538

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

MD5 e68e7cb6c28b81fc03913c2b5352b632
SHA1 3dd3f0a748d5062bdff442d559e042e5cc36c1cc
SHA256 efd03da5ebd9fafd5abb3c038162ace3551cc9938b6ce7ad29c51159938f6a02
SHA512 ba94cc0589854ea1bf57c0dfd5aa57d93706a68bc9d4ba7d51f20e7103ff4fa2c41f448441f187542950adbfb8ad4c04ba52b3187e10b584e49bf878322ede55

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

MD5 133a69925ac2e436d133b632b5e32697
SHA1 ff31d275b6c11ece9559d6a144dd779ec83bcca4
SHA256 657f45e5ecd043840e8639e5c803fe7ab08596d9a22e0d3bb38458cb7ae3bf35
SHA512 bb7c39db26bef154bc74ee273008cb767a5e65a41d9bfd2c0380ac8454a3089d296c5964c5076580dfe6262f9eef4bc62c358560bd003015c2ef5b4a6e45c119

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

MD5 d4f37bb127b49d93e8d113c92ba2baf5
SHA1 fcbafc9301bb411b4b21e629c8c6c0e8f93a9022
SHA256 b597253903af30e9f2e6c6aeff6c093c147aec82220bc98ba18a2aa5762f654b
SHA512 a29bf5ebcb2344546ecb2bfa07f4f1f658a9cd7a9b037d7a1288f1edf24e71cf5ee2524846b687e242efe27f9f8e1fe4639d8a014869e0316981898adb2b9167

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

MD5 558ff8edefda86e1f990024bad1602d9
SHA1 26d69c9229698ae43426ca2cd666dc5a58037566
SHA256 cd51a0a460593e60edf36ae36e44cb192ddfa214f623128fa594e2e3149b8e96
SHA512 89fcb2739e42c708b2b2330021ca81ff4157d4e53cec055a0dade19ee54cf6e7a33f3d85544e694aa8bf576983afe463803eecefc3de18a2b90bc56eeb632773

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

MD5 7a4ade568d3a63f0776fbce55313111d
SHA1 469afc8a8175db209ef8edeb6861b9871d24d20e
SHA256 cb49f32829e7c437c91830528d90f2535273d25bb0c2bfafb5e53bda6ea5cce1
SHA512 5718288e5d31c790c543640d88a5423fa90a589ad877b9d223e097e875ef23b88d9f6a4a9f730b21df1020100ff086bddb9e0b87f9ba1b082817169ba626e548

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

MD5 943640081daea3ca3742ee23c1472b41
SHA1 24bd5cf28aab261cda1b62a3248dd87d747feebd
SHA256 9e3542cc538c96b341b751dd0c69d32f6b96753f34cca09ed0c8fc5dfab40a17
SHA512 c2b31d262592a102bf84261b620d32971a8b1b34d2432fa9b9fe264e9cc5cd46dd6f5a7160d644bdc133e5efbd709b1f1176c332d99331e042a791c12a1a4637

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

MD5 203ce6f76319e6020fc381bf2ae2ecd9
SHA1 9afa963a01f57690788019bb6b6791810bb93e71
SHA256 8c8ded039b72b4bb2fc97b753bb4141b29fad0e9fd41d7f948644f8538ab8df4
SHA512 cb5ed98a9ce3c5c76bd5cdd0936c6eb7b1c06d7924731db0807c2363c34aa586c273e7bfa0d95175decd72810777dd743b406b74468a1378ea4e85105ad11ab1

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

MD5 9e6a2e0916f846d5670c62db6275a611
SHA1 d218ab98b93bd53844426c8b6247bb465bf1dd35
SHA256 ca21d6e4bc966bed8d0933f80079c82f85ab3c92234595ac58c13a205d5c4eab
SHA512 84c9441b0aa6540caad1c9d426708310798f8281bb6235dfed7c3f92c5e89e3ef5eb7ba9f87356b6d5c467a58119392db7e1922258ad1d9707003af6e418fdab

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

MD5 e5bc9bb823b2fa7e030871be7023f07c
SHA1 5e24877133269c742e5e72ceab6a31847cbb2b0a
SHA256 be3b8aa0cea23e148e5d59f17041f3a219115b817b69764ea3775651216b8f16
SHA512 176a3586ca116ba602a45d4c695d118121d08cccf5e55735724f89a9de470c95b4ebb4d1c6861b93e71720913ed0632882afaef35ebc823c8f030fadb9e3ab36

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

MD5 ce7bd16d971e00fda03128705f8443ea
SHA1 88259a81dff628dc244bf74dbb0fa1f2f5d0e9b3
SHA256 b895b20f335b194d92ad35f3a90e0e97648aa427b18d8c3fdd3b83d1bfddfa88
SHA512 28eb67cbb5f9342c10daf4d067bde6c7da2ef49b107fe0dbf5810e77fa1480c80704cd834fe6896a8cdc30e3fcc98eabfae7ea9897b14f7066d9726a100c58da

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

MD5 5725b075bbb89a11c71f120d8fbfad47
SHA1 5422bae15a16566d9ea8136f2e75dcde3fae5af5
SHA256 2c75e6b742df3e88d2dace1e5f24fd43cc1d61670c9da03822840addde809825
SHA512 5864ba7d0a4ab9ce874b066577dfaa086b19d1ba8e3e0fc562ab6b069873c4d7205759c9351e28cde245ca8ed03a0eedce471e580ada3c3099f1742fd94d75c7

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

MD5 fa1cc52d6edee35033a7f2e2d961102a
SHA1 5be2d5e52bb027bedd02c48f928616d75d1cb33a
SHA256 31e52f24993206e580eb0309ef8e7cd8a4ab39dfaabc3be597ac9b01bd1b2232
SHA512 17e909e57deaa3492d8f692d6853fccedc9a965e941491e1aa444ca0ea5214c20753062ba07f24d1e94c5ce9d716cfb91ae15fea5ffa1ef5b18f541395f4d632

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

MD5 bbdbd9c05295d21bb271f7c36b9f247a
SHA1 22a00c7b8e1a89bee8b5f5b771feac755aaaf017
SHA256 4720a1bc94cb1d5d100e3ae4bbc37ff7ed9c5fe481a3accfd256cfe37adcd999
SHA512 f17d8bcd5f39f24554f7380af3c04695e549ed0857d19c491b5349ae9e3170d7d6951ee4d71b731e29eb07a4bdff9c8979c8127c0cce19a847d73c90e3519d74

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

MD5 86f6b02ea83e4e28cc765be1e333ab12
SHA1 c6d49b923682df4dc83db8eea3dd18d58cd98903
SHA256 d3d75fee2b6144c818948430fac628dfbbb92c1b41c2641e8d72e26dc2317533
SHA512 3ec4759b2f311cd74a6226488bed332eaaf76663dc58eadce04788917b3a3b3a995bcbf7365c9cebad7fb95eefa41e8f5d31db8f46c6bd4dd5b544de841d23f5

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

MD5 e55972932a07b5d7108ecf0e2d2be420
SHA1 bd053a506d32aaab2b36b0913e8f6c6629b97e43
SHA256 17367954349763eb171bf476bf65a257f97f6add5156f0ed7d9fbf13b0fe465c
SHA512 6f55a6da84c4260ffb67f91ad24a140b5e2c20bd7053c6e77a4a5e07b57431e14b67a708a07592fee4d28b396858a8e8f6b05e1e043ff2e7aa197e70a6deede8

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

MD5 246eb23f2f74fea288fc92b081812df5
SHA1 50c5a7892ceaa96bf87d8cfd1c1d5ea31e981ae2
SHA256 9357c3cf9b51828ebe854c47947f0e1c9529841dd9deee2ff179f273a9fa2ea2
SHA512 7684e1e1d23f92c33ca00a8117fb16c3a7b89c6056c20b9e8f78835604be63ebb5d99aa0167ed3513d02fc3e6ade5eae2a837767019765921338ed94adecb953

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

MD5 76420a51ca3f6a6ac4e3fdeff198a5cb
SHA1 96162e69565b5250808211b5bb7f262e30e825c6
SHA256 37a4e0a723643e459fd37a1541ef2c498d7c4a0cba03601a04b7cf8b3990eee6
SHA512 56dc7439b6284db91338eff62cd3b89aad1f490923a8c35b50892ca8044b3ddb6bd2fc8e33b3acee3f5dbb5eb475b7d2d914256dc1bce0a0f04147492c6a9616

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

MD5 f822b16788f6e8c650c9f884bd2ef377
SHA1 3c94fdc6592cc9aea26194191a81e04d8ae89f1c
SHA256 46e932b324e4ed7386bfe232b3749dfca78d3a16c917f34c313f1fe12058fe02
SHA512 a3aa20c6395aaa88a88a9fad1a2333159deb43824b7571d3ab5a79abc82fce60d9f0051da2457d69a7bc4cd8f4a5e6fdfcf3c487c96fa1eb0410e8121999969e

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

MD5 8cf2d3aca0589d89e4de3e335d50b320
SHA1 4e98928c8d2c017d602a601b4f280453bf4e8488
SHA256 81325ee48c9022ba7cad96b8186c13d341015885c92b55f32cece4359f016606
SHA512 a593dd23662a924a1d72ef0c2d5ed6b1f73a3fb121de71d23f519a4ca98f60115de2c0525d558837013f634c5805dcacc9af231777cd5746eba195a60f3a5170

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

MD5 76a8f2aeceadf1e7c2b7166f480b69ec
SHA1 a0ce2bc5c3aa09d1b54be9bbc8346d292083d534
SHA256 d3a58a92ec6811952c6cb3095f491f3bd43ad5d463c1b19b6ce2171e7b2f72b2
SHA512 6e7d4a651212cb98cc0443392258033533f704b57bcdb769c819323b59a65ad23a932c461845940a72f8064d05545e302da30610bbcd743f959bdbdd6abe9de8

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

MD5 4150f935a7e1654f632eb63682de6ac0
SHA1 2ade5f24d4ff061cc217639ed4928ac1193ec871
SHA256 31fbfa4e2ee7d81aa8e38845869cdb5390c9d207079ece37533446092f6bda64
SHA512 68b0ae7af13148bffae9b4d27225c86c18fe1a25a4a109f548053078cc024382bfeab7754aba3e55a1c9dd05ee58bb9e38cc4e20f59c1c66ca7ad0e0cf3a02bd

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

MD5 7b409cd32214e61e195d350693508b95
SHA1 3af47e2dc1afad2d4c591c17f8e4e94567b1be8f
SHA256 75e7eebc472185e9d60b4e590558de424e714c2e997d94b2394c8d3a413749ef
SHA512 5a09b7a5f7df3443ce477879933cd86da7f3bd06a1c83be1bb3c1ee58e16abe85df7542e810af4c148ba25c9d96efe9fcba3d56c3f0784d1ae2ae94c17a312f5

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

MD5 f8a6e551557065dc0676e4626683f0bd
SHA1 5984a656fd32990896d05a87114a6d6504724307
SHA256 2fbf8320320e76250ead6ee18c19814e1cc7093cffb5d349208245808862f31a
SHA512 801e8428eaf13d4ee826da29d62ecaf14fe1645bdd85692648c131125ff450f4d1f52955586c6781731fda61e7fd74f0f9487e9160048355ca418c5210cc7232

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

MD5 c61841861820c97df51333382742557e
SHA1 6f15348a0b39b27b79d443337eaab33d21086ae8
SHA256 eac532f6c87239747a75810b117354662ea34a17f040dc91900eb5f54b9b0b9f
SHA512 d7a0cff850ba46a20c8763278a86d478e82e3ad82f49bb80c248fe2ead34b948f527f34f9d4c5ad869a45111dfd7614c52c9f26599c65601100c5ec7a8fa83dc

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

MD5 00bbca5f2c5a51a78b829e9c053b8e69
SHA1 37969dcaa260c73cc366d6f0db8f354e1e4b646f
SHA256 be99ac6cb2055bbec11fe51d2750e6d5a6fa1fa55401f40171b196a9a605e6d7
SHA512 575e37916988329b8908dfb4e0df0f2b3ddc3726bc4524922b0d636365f6565f1af763bc82c00b45210e828689554882a4d32961c6383e6eee567b1a32cb34d6

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

MD5 7db979956ede1ca301ace9cf1acf4e96
SHA1 34d0f6a3f38cd13dc38eef480879165755bc0ab5
SHA256 29ff7d68403a9bf062b88227f92d73ca22c6bc6dc53462a9269075f58a6206fd
SHA512 625f68f9c09146db8ce459a6d256fd92bd07adf484ee6272d25793878f5384c2e4993500378e2741c438df2dc0ff657e29c097720e50b2f2d677bee0271c790d

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

MD5 8996f267653051794bc2a3f4762b2ba8
SHA1 728c1593c059842ae3c75859998ca92e64398695
SHA256 9a633ad5d50d7d064a432f03824760ed3bd98e1c4f18556f925dc58c0b3d1370
SHA512 cacfa562b9f02facbc823b2fb1c4e81f2df47515d6ac5b9a3c9b19c46aeb49f385a0d5edac3f72f2d1382650138fcf6d84386ab54b40c5297987a22553c3d9ec

memory/3228-1399-0x00000163D3D40000-0x00000163D3D50000-memory.dmp

memory/3228-1415-0x00000163D3E40000-0x00000163D3E50000-memory.dmp

memory/3228-1431-0x00000163DC160000-0x00000163DC161000-memory.dmp

memory/3228-1433-0x00000163DC190000-0x00000163DC191000-memory.dmp

memory/3228-1434-0x00000163DC190000-0x00000163DC191000-memory.dmp

memory/3228-1435-0x00000163DC2A0000-0x00000163DC2A1000-memory.dmp

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

MD5 de641264499f15eb62236dceb43b47d6
SHA1 69bf79e0de50bd994b6c046dd6daebbd433a5b74
SHA256 da848771334285a6337f8890c66716d66f28662aa0539022dc7d1472632af545
SHA512 3c8fb39a9e6f6c3a2c23305b8c49d999ad4e73d1f660333f13decf5afd8cce3019df2acb63a0245df61584c480d6a59764a32c76ba9f618c44c29c7fcc9df8b5

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

MD5 c9b508c45ad6509f35ce346bfcc2180a
SHA1 90b0318c078964df08c96913f4d0f84414077bee
SHA256 3867279d7fe830850084ce2543ad973c2e69eb4ce5a4c452be9a286f86ef86d3
SHA512 608b340ba102873648e721fdd418762fabd7a43339cabefc603e4a88b39411b1c425e209fb8a860d4aed99fdfdceb22df1ad39c5887ea0b4143ae94bedf165eb