hxxp://youareanidiot[.]cc

Resubmissions

22/02/2024, 07:19

240222-h5tleaea6t 4

22/02/2024, 07:16

240222-h3323aea4z 4

22/02/2024, 07:09

240222-hzaaksdh9w 4

22/02/2024, 07:06

240222-hw7fxaee38 1

Analysis

max time kernel
126s
max time network
150s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22/02/2024, 07:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://youareanidiot.cc

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	MSPUB.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 46 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 101db9425e65da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel	MSPUB.EXE
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c00000002000000030000000083ffff0083ffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts = "55"	MSPUB.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\EXCEL.EXE/3000"	MSPUB.EXE
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Toolbar\ShowDiscussionButton = "Yes"	MSPUB.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\ONBttnIE.dll/105"	MSPUB.EXE
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6C986191-D151-11EE-BDCC-E25BC60B6402} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote	MSPUB.EXE
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000fffacc0240230f40b575ac5982df49bd000000000200000000001066000000010000200000007b6e91ed1c924a96371f9cd404e460333321d00b31166ae3a4a9cdc31642baff000000000e8000000002000020000000c11e53c7eb425644f89e0fe0d8d61770a8561d22955a85711024f2acab00291d2000000014ebac19a5b77ad8d2ab23f0162845738345f39dc448e7554807d156e12feccc40000000d6f73ab8dd6520aafb2051625837aa61fa22b4f441e11b6709242ad2f07438cf348870b16313241b5e558d55e412b93695b679127f20e2a7b54222014af7b006	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000fffacc0240230f40b575ac5982df49bd00000000020000000000106600000001000020000000af03aa8598b8e0698b096ce2c38e6226ec47821757036be88af3012b4128f6ab000000000e8000000002000020000000302d3693b3d2561d3b8d57c8b2d1e42dacfce83f49f4ce7a4c5af817a140e566900000001c4b968e04167a3a4b0110b04e852f2bbaf38f2edf42a51aeab401273da38007f21deed6f35e5133bd7049b6b9e0561bf7ac6a80e398d1f293a359df30fbee2966d2fab96b38838e667a9bc2f3c7030d3d3dbbcaa7428556a654e4434dcb6def38e890d7c3926920f1ee61e0579065d3f7e4a8b2b5dd46221d48a82cfd36bb90a8e85ee53ac309a984329f01c69476e2400000008a3ff93729c2ce1dd47a2107022248c1ea2d0f5610dd9d93d4f61aef3302ac8d3e5047f76a963a273a6413cb89c1962b69d716fa977dfc59f4019ced6ac1db67	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts = "1"	MSPUB.EXE
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Toolbar	MSPUB.EXE
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\MenuExt	MSPUB.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
304	chrome.exe
304	chrome.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: 33	2880	IEXPLORE.EXE
Token: SeIncBasePriorityPrivilege	2880	IEXPLORE.EXE
Token: SeShutdownPrivilege	304	chrome.exe
Token: SeShutdownPrivilege	304	chrome.exe
Token: SeShutdownPrivilege	304	chrome.exe
Token: SeShutdownPrivilege	304	chrome.exe
Token: SeShutdownPrivilege	304	chrome.exe
Token: SeShutdownPrivilege	304	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
1500	iexplore.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe
304	chrome.exe

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
1500	iexplore.exe
1500	iexplore.exe
2880	IEXPLORE.EXE
2880	IEXPLORE.EXE
2880	IEXPLORE.EXE
2880	IEXPLORE.EXE
1500	iexplore.exe
2428	MSPUB.EXE
2428	MSPUB.EXE
2428	MSPUB.EXE
2428	MSPUB.EXE
2428	MSPUB.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1500 wrote to memory of 2880	1500	iexplore.exe	28
PID 1500 wrote to memory of 2880	1500	iexplore.exe	28
PID 1500 wrote to memory of 2880	1500	iexplore.exe	28
PID 1500 wrote to memory of 2880	1500	iexplore.exe	28
PID 2428 wrote to memory of 852	2428	MSPUB.EXE	36
PID 2428 wrote to memory of 852	2428	MSPUB.EXE	36
PID 2428 wrote to memory of 852	2428	MSPUB.EXE	36
PID 2428 wrote to memory of 852	2428	MSPUB.EXE	36
PID 304 wrote to memory of 1936	304	chrome.exe	38
PID 304 wrote to memory of 1936	304	chrome.exe	38
PID 304 wrote to memory of 1936	304	chrome.exe	38
PID 304 wrote to memory of 1476	304	chrome.exe	40
PID 304 wrote to memory of 1476	304	chrome.exe	40
PID 304 wrote to memory of 1476	304	chrome.exe	40
PID 304 wrote to memory of 1476	304	chrome.exe	40
PID 304 wrote to memory of 1476	304	chrome.exe	40
PID 304 wrote to memory of 1476	304	chrome.exe	40
PID 304 wrote to memory of 1476	304	chrome.exe	40
PID 304 wrote to memory of 1476	304	chrome.exe	40
PID 304 wrote to memory of 1476	304	chrome.exe	40
PID 304 wrote to memory of 1476	304	chrome.exe	40
PID 304 wrote to memory of 1476	304	chrome.exe	40
PID 304 wrote to memory of 1476	304	chrome.exe	40
PID 304 wrote to memory of 1476	304	chrome.exe	40
PID 304 wrote to memory of 1476	304	chrome.exe	40
PID 304 wrote to memory of 1476	304	chrome.exe	40
PID 304 wrote to memory of 1476	304	chrome.exe	40
PID 304 wrote to memory of 1476	304	chrome.exe	40
PID 304 wrote to memory of 1476	304	chrome.exe	40
PID 304 wrote to memory of 1476	304	chrome.exe	40
PID 304 wrote to memory of 1476	304	chrome.exe	40
PID 304 wrote to memory of 1476	304	chrome.exe	40
PID 304 wrote to memory of 1476	304	chrome.exe	40
PID 304 wrote to memory of 1476	304	chrome.exe	40
PID 304 wrote to memory of 1476	304	chrome.exe	40
PID 304 wrote to memory of 1476	304	chrome.exe	40
PID 304 wrote to memory of 1476	304	chrome.exe	40
PID 304 wrote to memory of 1476	304	chrome.exe	40
PID 304 wrote to memory of 1476	304	chrome.exe	40
PID 304 wrote to memory of 1476	304	chrome.exe	40
PID 304 wrote to memory of 1476	304	chrome.exe	40
PID 304 wrote to memory of 1476	304	chrome.exe	40
PID 304 wrote to memory of 1476	304	chrome.exe	40
PID 304 wrote to memory of 1476	304	chrome.exe	40
PID 304 wrote to memory of 1476	304	chrome.exe	40
PID 304 wrote to memory of 1476	304	chrome.exe	40
PID 304 wrote to memory of 1476	304	chrome.exe	40
PID 304 wrote to memory of 1476	304	chrome.exe	40
PID 304 wrote to memory of 1476	304	chrome.exe	40
PID 304 wrote to memory of 1476	304	chrome.exe	40
PID 304 wrote to memory of 1680	304	chrome.exe	41
PID 304 wrote to memory of 1680	304	chrome.exe	41
PID 304 wrote to memory of 1680	304	chrome.exe	41
PID 304 wrote to memory of 2392	304	chrome.exe	42
PID 304 wrote to memory of 2392	304	chrome.exe	42
PID 304 wrote to memory of 2392	304	chrome.exe	42
PID 304 wrote to memory of 2392	304	chrome.exe	42
PID 304 wrote to memory of 2392	304	chrome.exe	42
PID 304 wrote to memory of 2392	304	chrome.exe	42
PID 304 wrote to memory of 2392	304	chrome.exe	42
PID 304 wrote to memory of 2392	304	chrome.exe	42
PID 304 wrote to memory of 2392	304	chrome.exe	42
PID 304 wrote to memory of 2392	304	chrome.exe	42
PID 304 wrote to memory of 2392	304	chrome.exe	42

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://youareanidiot.cc
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1500
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1500 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:2880

C:\Program Files (x86)\Microsoft Office\Office14\MSPUB.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\MSPUB.EXE" C:\Users\Admin\Desktop\GroupApprove.pub
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2428
- C:\Windows\splwow64.exe
  C:\Windows\splwow64.exe 12288
  2⤵
  PID:852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5449758,0x7fef5449768,0x7fef5449778
  2⤵
  PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1152 --field-trial-handle=1324,i,17386090851287647406,593861439745941361,131072 /prefetch:2
  2⤵
  PID:1476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1528 --field-trial-handle=1324,i,17386090851287647406,593861439745941361,131072 /prefetch:8
  2⤵
  PID:1680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1664 --field-trial-handle=1324,i,17386090851287647406,593861439745941361,131072 /prefetch:8
  2⤵
  PID:2392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2320 --field-trial-handle=1324,i,17386090851287647406,593861439745941361,131072 /prefetch:1
  2⤵
  PID:2596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2292 --field-trial-handle=1324,i,17386090851287647406,593861439745941361,131072 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1356 --field-trial-handle=1324,i,17386090851287647406,593861439745941361,131072 /prefetch:2
  2⤵
  PID:2868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2236 --field-trial-handle=1324,i,17386090851287647406,593861439745941361,131072 /prefetch:1
  2⤵
  PID:2700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3688 --field-trial-handle=1324,i,17386090851287647406,593861439745941361,131072 /prefetch:8
  2⤵
  PID:3044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3720 --field-trial-handle=1324,i,17386090851287647406,593861439745941361,131072 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2636 --field-trial-handle=1324,i,17386090851287647406,593861439745941361,131072 /prefetch:8
  2⤵
  PID:2412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2324 --field-trial-handle=1324,i,17386090851287647406,593861439745941361,131072 /prefetch:8
  2⤵
  PID:1580

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
036f6ad203e2aaea82c1bceffb530e8a

SHA1
bd890b5b0faa2bff1dceeef26ccf6a0ba01741b4

SHA256
3c700a477c74864741af7f75164cc960d6b239df56538693ce5c09d1e6a014e3

SHA512
d39096334846d7546757d69167e82d567822bc1592fc87901404eb119e20029f64d08f8fb765cfa2a64d93d2f2039f50d34ab36af962b56dad1d77be473a554a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
724B

MD5
8202a1cd02e7d69597995cabbe881a12

SHA1
8858d9d934b7aa9330ee73de6c476acf19929ff6

SHA256
58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5

SHA512
97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
d16952eaa61bb4f7767ff1a32c8cf70e

SHA1
eeea10bc2f50b395949b32ebf0e111d1411fa08b

SHA256
d5a842abe1a073612ce9fd47f1c198926bb85a048cc01bfa0949d71e249f5682

SHA512
f14809b81dc9870400d5a381ef4a78c7ebe406bfeb5de8e80936d3e87db04f64af10d5ee9b8c4e9825fd97c436ed854492eb6a6d5176f70e9c84afdbdfad6686

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fb515c3d09d20c4e3abfc987a2f7b07b

SHA1
ea9f0ceea37fda8a8dd8f6906f32382dd81172e1

SHA256
acd41a513ddfdb7168b07d4cc2266f2d147179a971a38edc739df30403736a71

SHA512
53c95ae75c2dd05041af3e5259feb2017868c14816462b401103edf05fcb9bdae61d8060b88b83cf5e392f967791d9893d0ec58983afafa00b9a6ad8e781ff04

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c1e5ca615e0f5c27fce692e0b9544acc

SHA1
49d893d9cfcd03fdcb59bb34f13fe73a3e903480

SHA256
b60124dc776c00b6ba24f891e243abcad2721eabea62c6f798e953f0ead7df66

SHA512
ac445819148e90551690d70c6e1ebee1fc4026484b0e3b9bc077f78068bbcba114c1728c3996fcea297e582d74ebf759e7bb7fb3d3a81fd06b773612426cd481

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e6890b8c6933b52d12c877ca06f7ac74

SHA1
dabb613b480e9342206203d28f4a516ccf906ad1

SHA256
baa5529ac085c07c2685e854f93e0dcb313747ce9fed9d0d1dc55b40f1e29ff0

SHA512
6f90cc392dc32d8897cd4b0b641175a0d4eb7b350df130c6b916d4dbb15ec922a83c15d8704ff78f69be5b2ed44224afcd784dcb04a5c2b0412e438b5fa8b796

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
724ebeb4dad721ce1cca86e9050936ea

SHA1
7c9264031691d05576ba337325a17bdc1e8aa377

SHA256
4a95491f11dfbc20a6c87f03a66c35ed28e9dd096532594740415aad6dfa17d0

SHA512
3f7578a85ebc7cb1170d8255d742bfe93483d8ed5b0a1484cf66466447f45c973f121c8ede5a12596ee63384bc8489c36ed09bec76356db888f80dc8a8f8999f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dc4ac60548829b7dfbc5d56bdd32b60d

SHA1
8314923c56401e4fd468034ed011489559c2ad31

SHA256
c72be03f3fad50d48465e9821dbad5747c42a699f8f16febb311909a44db28a2

SHA512
4dd12b5e9f71d89773f126d326613b2b50219c6dccb785d71b34d84ac35fae5bb382bb1a6af904aa9991ff7507922a1a5804eb8cd8065dec5d7d48c6f55fe69f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
828e66a0e0e8e32ab8b57ea1bd3b5482

SHA1
03b885d7481fb1aa8891ef1beed946d8249d1bfc

SHA256
05995e2ea2b2ef5b685b74d007286074da80b8b3364de85e27d70cdad23cd3f2

SHA512
b1c6be3fc4a416601898805e1a96505a6e3d56f30a92866697be53e7b5fd54c030fb8733d34570245b027463ebba94605a671287488d2fcff5ef0cd40942bd99

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
63521da3a925acd81ab5ca65fa0adcf9

SHA1
99bea31f4f0c5c9505a67c00c6e9ae4f0c7e1525

SHA256
9dfc241a2c61f26799077af4a299250d4fa6a1269ce45ef1f384d47221eff3bf

SHA512
7011a62bdeef4282da0250f0fcb1d2f597788b01c53640372a6a6c238ce4fa481d2b92dcbb07daab5a2bcea18829f6f4eb33689c9703604171b55d5c4cbd3ee7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a95895e262e7b2b337cf3ab56bb76894

SHA1
9a50ec0c4c8668a1ffa3d51ffa9ee2fc4451a069

SHA256
8050dc30f369953ab973989c67daaad49d995a48136bbc70ecb94766d66dbeda

SHA512
949e9b23697a2337768f9ba48f4cdc20ae2fe1d4b1a804a40f293fc9acd68165c0d08b877ff1b9c534502e4f358113f731dc5aad3f77c6d14abcc04283d3fdf0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
801023ded8d77cd03d2819013ca7a2dc

SHA1
2f505ff2b4a698408c746465b01e53ec9e7555a4

SHA256
3a4eb84153ddff1bdfb166e3b6d444aafb3ffb26fd778cd3205b40d9ec65f537

SHA512
e6d6ffc22da6190af5f285065ec2b8ffe28cc5b25bc41d85037f0eab03d085cbb6968c7117c982ceab7815e21867f55ccdf8c0b6992c6a4eb469f0651e7282bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9408a84998211dc678b8d1e7a5ea3a92

SHA1
daf961468b765b4d554fdbd7ee63feea64841f9a

SHA256
beea75d9c3b62108b59402dff7c5b2d57d84cda9d77b0425e54aab17bcf0e9fa

SHA512
825e88c972aaa107576b74edf827adece5737dba4edb881da28d02a01df8b01edaa0b6c2bdf46171b78854f477ee0e1fff6a011f15de9c338040dc619bb06780

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
963525a06f4143f1c7a00a68e509b508

SHA1
1ca980b14b7290ef331b77f12054605937caedf4

SHA256
b0bca63d6dc9dab9eab8e9a6a00704bb186de6dcb20d3f96822713bb93c8137a

SHA512
c071edc5b102c7abba2cbdb6d1dd6ae8d05a1d4d1b593f140c6eca7cb61ae1777624c71f3e7b15fd7e22b89fee2b19db22bdf9be7a289079cad261cdeea6ca4c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fe88cdef2027196f6e94c96918170e38

SHA1
19d13330d06cabc7fd08070742dfa5f81acb37f9

SHA256
cd8c2232da7ec1863e02d9c75fb9494b8ac8635fd19a17cc3d9f39773c11c63e

SHA512
49797a7a2ef97c030e2a6d68e4f4544cf889a29b5b02dec11476f26822afae251a98cec8a16a4c2017136f0b5db1f31e95449a91ff1ff1df6a835aff45a0dfed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
392B

MD5
a390c2e1bc8bf4be49bb2fa375c186ba

SHA1
a6416f7f2c028a617c8b2cf422a8bbe7f7159168

SHA256
f2bb3e1115d4aa61dd9e6ad39a67e97603f904f3fbaa22bcf95f8505e3c2226c

SHA512
1f24c589f7fe1fd8608eab75ed57686396d5042dee891071e533a1b5c22b49ad67e8ff37f51b5efdee4feed4207750cef9d860b52ee9cdb61c8761c2c115f6bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
246aa78d96adf324b253dfb23bf0d469

SHA1
dbe9a182ef8b410a44a4d250efc659bc696504f5

SHA256
32d8cad828272636fd14cdc10e20a27228d0ed9e74e6ae24abd92135d8de0587

SHA512
47392915016de83701c37b7595a680a529aeeaa454cdf2d6ea10984cd7a2f7118d05af8ca3f3f2323b90f120e0d2aa608d1f4a766b8875791d221fe8e8d9cdfa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
202KB

MD5
9901c48297a339c554e405b4fefe7407

SHA1
5182e80bd6d4bb6bb1b7f0752849fe09e4aa330e

SHA256
9a5974509d9692162d491cf45136f072c54ddc650b201336818c76a9f257d4d2

SHA512
b68ef68c4dcc31716ce25d486617f6ef929ddbb8f7030dd4838320e2803dd6dd1c83966b3484d2986b19f3bd866484c5a432f4f6533bb3e72f5c7457a9bb9742

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\5dcsbzd\imagestore.dat

Filesize
1KB

MD5
1cc90c69a59666e765f538c4e52f2a0c

SHA1
d75dc9f900d8ad1770d4effde9021ef1589e5363

SHA256
1e5e8c6666d3b635235584a54a59a43aebbb7793241f4bfb22b449e70c26493c

SHA512
15fd30f5ec05e84b36162252508b92c5bbb099fa68f0ba48f617c856dca7f35790301dd161947819b393fd9043ff3b787ac105d80c114dbd75eac8885a29c0ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8HPZEQOB\favicon[1].ico

Filesize
1KB

MD5
0b6dcf9c1429088c7f079d7cc291bb66

SHA1
d23f9a17c55011a829c1365bcba999b27c4115f4

SHA256
4b0358b16230208179720a09d205b99a3e9764e63815b09e9f1716a02fccadcb

SHA512
50b3d19252cf4601c93108639c0c82cd578c1869aeedbb327a7f917c7c9142ebe893347c9a065ad8dbd61b0edcb160b5169b7272c2f3a3f807649b007461ab74

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab608A.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar608B.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\vcredist2010_x64.log-MSI_vc_red.msi.txt

Filesize
363KB

MD5
ca70e00c15c56aea5d2274a9c238d8db

SHA1
4c2c5e04aefb6e5cfbc5f783fb7013c842ddad06

SHA256
2c694b780fed5df3c2f0d4d22523b88045a7b3eb8f4040350508a6bf4381fab1

SHA512
3c12c3449916d3619e9b15fc946de018e6d7ee53a0edf3e2f2c9f0dadc8d82975bcec625d80c419450715cd74f4f33ac32b40271d42c75e589afefe3db21eb65

Download Submit
C:\vcredist2010_x64.log.html

Filesize
86KB

MD5
6ff35661237812107b62f09af07fe9a7

SHA1
7439e263aef413cdedb09115deda8e04480d71f2

SHA256
5e04ab14131811b1ac50d83f43f09fea458ce273c1070ea528bd49f7b861edf3

SHA512
c58d4f963916f5e2445b8c01ef63be5aa0f31b0d46a6ddde9a26dd4b7aa42329796161fb8ecc1d2894083dbc969bd9e29b73ca59e8dc41cbb287d0c2743d6705

Download Submit
C:\vcredist2010_x86.log-MSI_vc_red.msi.txt

Filesize
378KB

MD5
3e10c7648cedb4f38549f7d79da48634

SHA1
73a71758485ec0b25209dd0ede50e75c20bca50c

SHA256
51092eedb875cc1ba461a06dc550246e2a591a5e6758ed22205fc91d7432ca40

SHA512
a6dc52c7afd516766facc9f408ed7d48212b9a47adadc4fd5e9ed8beb10faee1ce6e7fc44e3c6120abed39a286a46d8521ed8b5acaccd372bb78c27cdb252985

Download Submit
C:\vcredist2010_x86.log.html

Filesize
81KB

MD5
61dfccf6827ce0047dfcbfd017570c74

SHA1
29e8655d7e7fc04074ae858357f199b3599edd98

SHA256
a16d9668c5b655dd4280fa861b48bc386f6d8b0be45af6d54c38a079a9af5fcf

SHA512
6073326f9b8ebe0b3867a7ab6aa06d2e86a5c613539f82eb23250f5e65d616a574a157e08dd6f99bb251f01d11543ff80afd91ed47e89a35602b1ef7aa1322c0

Download Submit
C:\vcredist2012_x64_0_vcRuntimeMinimum_x64.log

Filesize
165KB

MD5
1c34ef97c1ef649537c5e8ed572a8c7d

SHA1
17b7f34c2121bd62933af29158a1e37ade8516c5

SHA256
77d9be63fb1ee594dcbd623c944564295f70cb4cf0d1ee034c226349bf4d2cdc

SHA512
6cf9636972d24a94a18c64808a3ae3c3442fb52ae286aa185d8c29f9c353e1e99704901c67d975c0ec4b4cf435d3b45316ecf9566d3bd3ca74e2fe84a664c0f4

Download Submit
C:\vcredist2012_x64_1_vcRuntimeAdditional_x64.log

Filesize
193KB

MD5
36936a6e3bdbdab815d17ba42d6fe55f

SHA1
5758ee3fff9fa635d0d4144a732e3771759a58f2

SHA256
8d60f2571bf3501f3638fd6b534c5868279f6c5f3d83366d82e281053d1aea10

SHA512
209e51fef3dd02c95eb87342e6a2cd3fec04c6dde88b2724356c02f11f320b625983abe35059c663cb63bf296b9a5881a3739bfa47589775d3b0f81f7b9167cc

Download Submit
C:\vcredist2012_x86_0_vcRuntimeMinimum_x86.log

Filesize
168KB

MD5
5243e7933e05a5d20745c2a14310540f

SHA1
703c5c80e9d4731a828020fd9c5995bc1e5eb8ec

SHA256
db84fb00673491322d4ef050a2bfb7aa43757c3eee3889fb6e3d58b8dd388e3a

SHA512
f569f196df5d42114dcb1b5f576cd512d8366112cee7371190d62ab1820166d4702e3905d45515202e9074223c45aca0a5d9147e3289b1ffbaaf4fc692c0c83d

Download Submit
C:\vcredist2012_x86_1_vcRuntimeAdditional_x86.log

Filesize
206KB

MD5
712b09245e3d2f9648badd46b00ea78d

SHA1
62a35eb8b085775628823cf757c1636d70f08607

SHA256
1e912ef5d4045bfdd7a680bbac2f47d0d65b0473d8c8ed6e70d14891eceed540

SHA512
2e130bb2ee654e3d8893ade3be5b7cc76e493a1a5f2159dc90be25eb97af72908b847502d57b41e06e02b7c45c7cc805fc84070d084316555256e0d6fad47425

Download Submit
C:\vcredist2013_x64_000_vcRuntimeMinimum_x64.log

Filesize
167KB

MD5
3f8c0e13b8d0a5b67f107dac2500ba3e

SHA1
0a43c98c00b53cf981295d5686b1250b771fdf4a

SHA256
11fe35ea75b03fb0c5f901b0c486300f81d1022ba96b6c183492d1fefdb4c1a3

SHA512
c758042f213d027b938d6401cc3fb990a27148f76247a24e59f9730a27877f04c8a04cf55a494a1034cb0329636a9d71a57a0331740f3f78a271257e054ed1e2

Download Submit
C:\vcredist2013_x64_001_vcRuntimeAdditional_x64.log

Filesize
188KB

MD5
baf9acdb777454cea7c7243794fd8bc5

SHA1
dc2949d579a09393a3e4290bc7ffcb44326c85f8

SHA256
62f93a957c455494f0e8ca784ffb52fc7f293a9242bdf4173a6546ed3ee8feeb

SHA512
cd488b7358ce2186f0adb4dcf194b016dbda5a22ea469646c603cecf0ea3f854fa31f8412f71d04939cbbc6ce14c8cebb59deb890ff2d06f2db8407be3f19f76

Download Submit
C:\vcredist2013_x86_000_vcRuntimeMinimum_x86.log

Filesize
168KB

MD5
c70e1ecb84f68b542058f43c58a31039

SHA1
5a7e26c4b753ac44b93c535d211a08090f68c69e

SHA256
1d1c96a247c1d2f379d226494c1b7f8ceac1beaac5338f91556b6e23b38604d2

SHA512
5c1fc9cb6f2fff697a679b6b1b98bdb3d293460d645ef797fa06d8bdc61f7d9149e095418ee3fb8b34b2064410f55d531d431caee1d5b389fbd709bd7353cfba

Download Submit
C:\vcredist2013_x86_001_vcRuntimeAdditional_x86.log

Filesize
196KB

MD5
cc99beb70f493a21b9491dfe752d2d35

SHA1
706951ab1b628f204b9f1705b44683baa9b595c3

SHA256
a19241d7d5fe0115c235e2b037de707af761341731d479549f1908d0f645d5f2

SHA512
9d54af34d093a13a7611659b23ab0df4a89796ae4bf883f73509ca2b7aed1cbd40e07f41b7d5e82f0bb66620a6ecc513f76263af0fe6742cefe5721753b3b783

Download Submit
C:\vcredist2022_x64_000_vcRuntimeMinimum_x64.log

Filesize
121KB

MD5
c430b815abe2beb4b9427b6de02e6233

SHA1
6f04b4b7e43a8cdcf23602437e76a741d81249b5

SHA256
b053774cbb6e1c1a99a4191fd2682455f106d6288e12868c68671e33ecae7e5f

SHA512
c92f4e9564e5c94b1afa7b90bfcce5c201ff5c2f73ffa45eec1e87483303b47b299842f5532608062dc0a350165f7a96d6864da8b5897794161100ed1f463415

Download Submit
C:\vcredist2022_x64_001_vcRuntimeAdditional_x64.log

Filesize
127KB

MD5
a0f4de3606aea6db0f33fc6784ea1e39

SHA1
22521825b5e2bbcc88e450dbd925b8634db4355d

SHA256
f5c04f1488c817dc016b07f627c52375080c1a8af9345081cfbe8a53f16eb19c

SHA512
d2e309a8057e212843105e318c3df641850d8f22924ce953f1fd1918aa5d10d78dbdec08edb7bbac139b05da57b8085f70959a459cc3e3833d4ffe2df0bc4136

Download Submit
C:\vcredist2022_x86_001_vcRuntimeMinimum_x86.log

Filesize
121KB

MD5
63d4be69999bdc29f540aa259992d36b

SHA1
a089afcd7466e1ddd327e1473e8983d288a3f91d

SHA256
d2e4402d045f86cf2d4ab1efe8830b38d4b9151e925ae8c3a62af4db5c9300ef

SHA512
a8de58977cb492f614110cd1b59a0d3e33d4a1134bdfd1f680e2fa0c9c4e8b81794270b837dd8763fcda5782fd0b729d22d83e326cbdb9c370146ab94c756f73

Download Submit
C:\vcredist2022_x86_002_vcRuntimeAdditional_x86.log

Filesize
133KB

MD5
772235a3acd0f8490b841af7410d1919

SHA1
8020f60a6aee08f563dc052eaed7ec724457a8f4

SHA256
97aebcde73c7f66f6aa4c44d5f774882f92d0b795f4ebb9585d687af1c6d5eca

SHA512
27624e258e67dd351d87873971c5c2e1751270f5c7d2c066594cf31e69aefe51e6db3a05f4fd9445bf5b5d4dfd8881e150edf858c069143d0ad49a37a4a392b6

Download Submit
memory/2428-512-0x000000007391D000-0x0000000073928000-memory.dmp

Filesize
44KB

Download
memory/2428-511-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/2428-515-0x000000007391D000-0x0000000073928000-memory.dmp

Filesize
44KB

Download
memory/2428-514-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download