338af0ad5b0fb47fbd9c27b400e85eb0204f227e00d6eb03a14df00b7a463d32

Resubmissions

13-03-2024 21:12

240313-z2h4yaha5v 3

13-03-2024 21:10

13-03-2024 21:04

13-03-2024 20:47

13-03-2024 20:28

13-03-2024 20:24

13-03-2024 20:05

13-03-2024 19:44

Analysis

max time kernel
932s
max time network
938s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
13-03-2024 19:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

WCD Board.jpg
Size

74KB
MD5

42f61aa98d6253e0f5243f816abcd82e
SHA1

8e2d53b71e084146a9842d0f9a3c6cc73f79dbbf
SHA256

338af0ad5b0fb47fbd9c27b400e85eb0204f227e00d6eb03a14df00b7a463d32
SHA512

f72bd0e5de6263d8a45b6a47f51694ee93bc88e8590ee9b47c8e3f86fb0ed805be101c36302a6a6a9366a73df62dd0f912eedd7969a0090cc924f2348ad50616
SSDEEP

1536:qc13SlopKR8x1LPfd3bQqXyXILKk63GdHH/VkK9VLw:L1rrDV3bQqCXILKkcGdDXw

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3332	PDFixers.exe

Drops file in Windows directory 8 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133548327713351500"	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\PDFixers.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
240	chrome.exe
240	chrome.exe
3480	chrome.exe
3480	chrome.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
700	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	240	chrome.exe
Token: SeCreatePagefilePrivilege	240	chrome.exe
Token: SeShutdownPrivilege	240	chrome.exe
Token: SeCreatePagefilePrivilege	240	chrome.exe
Token: SeShutdownPrivilege	240	chrome.exe
Token: SeCreatePagefilePrivilege	240	chrome.exe
Token: SeShutdownPrivilege	240	chrome.exe
Token: SeCreatePagefilePrivilege	240	chrome.exe
Token: SeShutdownPrivilege	240	chrome.exe
Token: SeCreatePagefilePrivilege	240	chrome.exe
Token: SeShutdownPrivilege	240	chrome.exe
Token: SeCreatePagefilePrivilege	240	chrome.exe
Token: SeShutdownPrivilege	240	chrome.exe
Token: SeCreatePagefilePrivilege	240	chrome.exe
Token: SeShutdownPrivilege	240	chrome.exe
Token: SeCreatePagefilePrivilege	240	chrome.exe
Token: SeShutdownPrivilege	240	chrome.exe
Token: SeCreatePagefilePrivilege	240	chrome.exe
Token: SeShutdownPrivilege	240	chrome.exe
Token: SeCreatePagefilePrivilege	240	chrome.exe
Token: SeShutdownPrivilege	240	chrome.exe
Token: SeCreatePagefilePrivilege	240	chrome.exe
Token: SeShutdownPrivilege	240	chrome.exe
Token: SeCreatePagefilePrivilege	240	chrome.exe
Token: SeShutdownPrivilege	240	chrome.exe
Token: SeCreatePagefilePrivilege	240	chrome.exe
Token: SeShutdownPrivilege	240	chrome.exe
Token: SeCreatePagefilePrivilege	240	chrome.exe
Token: SeShutdownPrivilege	240	chrome.exe
Token: SeCreatePagefilePrivilege	240	chrome.exe
Token: SeShutdownPrivilege	240	chrome.exe
Token: SeCreatePagefilePrivilege	240	chrome.exe
Token: SeShutdownPrivilege	240	chrome.exe
Token: SeCreatePagefilePrivilege	240	chrome.exe
Token: SeShutdownPrivilege	240	chrome.exe
Token: SeCreatePagefilePrivilege	240	chrome.exe
Token: SeShutdownPrivilege	240	chrome.exe
Token: SeCreatePagefilePrivilege	240	chrome.exe
Token: SeShutdownPrivilege	240	chrome.exe
Token: SeCreatePagefilePrivilege	240	chrome.exe
Token: SeShutdownPrivilege	240	chrome.exe
Token: SeCreatePagefilePrivilege	240	chrome.exe
Token: SeShutdownPrivilege	240	chrome.exe
Token: SeCreatePagefilePrivilege	240	chrome.exe
Token: SeShutdownPrivilege	240	chrome.exe
Token: SeCreatePagefilePrivilege	240	chrome.exe
Token: SeShutdownPrivilege	240	chrome.exe
Token: SeCreatePagefilePrivilege	240	chrome.exe
Token: SeShutdownPrivilege	240	chrome.exe
Token: SeCreatePagefilePrivilege	240	chrome.exe
Token: SeShutdownPrivilege	240	chrome.exe
Token: SeCreatePagefilePrivilege	240	chrome.exe
Token: SeShutdownPrivilege	240	chrome.exe
Token: SeCreatePagefilePrivilege	240	chrome.exe
Token: SeShutdownPrivilege	240	chrome.exe
Token: SeCreatePagefilePrivilege	240	chrome.exe
Token: SeShutdownPrivilege	240	chrome.exe
Token: SeCreatePagefilePrivilege	240	chrome.exe
Token: SeShutdownPrivilege	240	chrome.exe
Token: SeCreatePagefilePrivilege	240	chrome.exe
Token: SeShutdownPrivilege	240	chrome.exe
Token: SeCreatePagefilePrivilege	240	chrome.exe
Token: SeShutdownPrivilege	240	chrome.exe
Token: SeCreatePagefilePrivilege	240	chrome.exe

Suspicious use of FindShellTrayWindow 61 IoCs

pid	Process
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe

Suspicious use of SendNotifyMessage 14 IoCs

pid	Process
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe
240	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3332	PDFixers.exe
3332	PDFixers.exe
2816	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 240 wrote to memory of 1428	240	chrome.exe	91
PID 240 wrote to memory of 1428	240	chrome.exe	91
PID 240 wrote to memory of 3672	240	chrome.exe	94
PID 240 wrote to memory of 3672	240	chrome.exe	94
PID 240 wrote to memory of 3672	240	chrome.exe	94
PID 240 wrote to memory of 3672	240	chrome.exe	94
PID 240 wrote to memory of 3672	240	chrome.exe	94
PID 240 wrote to memory of 3672	240	chrome.exe	94
PID 240 wrote to memory of 3672	240	chrome.exe	94
PID 240 wrote to memory of 3672	240	chrome.exe	94
PID 240 wrote to memory of 3672	240	chrome.exe	94
PID 240 wrote to memory of 3672	240	chrome.exe	94
PID 240 wrote to memory of 3672	240	chrome.exe	94
PID 240 wrote to memory of 3672	240	chrome.exe	94
PID 240 wrote to memory of 3672	240	chrome.exe	94
PID 240 wrote to memory of 3672	240	chrome.exe	94
PID 240 wrote to memory of 3672	240	chrome.exe	94
PID 240 wrote to memory of 3672	240	chrome.exe	94
PID 240 wrote to memory of 3672	240	chrome.exe	94
PID 240 wrote to memory of 3672	240	chrome.exe	94
PID 240 wrote to memory of 3672	240	chrome.exe	94
PID 240 wrote to memory of 3672	240	chrome.exe	94
PID 240 wrote to memory of 3672	240	chrome.exe	94
PID 240 wrote to memory of 3672	240	chrome.exe	94
PID 240 wrote to memory of 3672	240	chrome.exe	94
PID 240 wrote to memory of 3672	240	chrome.exe	94
PID 240 wrote to memory of 3672	240	chrome.exe	94
PID 240 wrote to memory of 3672	240	chrome.exe	94
PID 240 wrote to memory of 3672	240	chrome.exe	94
PID 240 wrote to memory of 3672	240	chrome.exe	94
PID 240 wrote to memory of 3672	240	chrome.exe	94
PID 240 wrote to memory of 3672	240	chrome.exe	94
PID 240 wrote to memory of 3672	240	chrome.exe	94
PID 240 wrote to memory of 3672	240	chrome.exe	94
PID 240 wrote to memory of 3672	240	chrome.exe	94
PID 240 wrote to memory of 3672	240	chrome.exe	94
PID 240 wrote to memory of 3672	240	chrome.exe	94
PID 240 wrote to memory of 3672	240	chrome.exe	94
PID 240 wrote to memory of 3672	240	chrome.exe	94
PID 240 wrote to memory of 3672	240	chrome.exe	94
PID 240 wrote to memory of 2172	240	chrome.exe	95
PID 240 wrote to memory of 2172	240	chrome.exe	95
PID 240 wrote to memory of 708	240	chrome.exe	96
PID 240 wrote to memory of 708	240	chrome.exe	96
PID 240 wrote to memory of 708	240	chrome.exe	96
PID 240 wrote to memory of 708	240	chrome.exe	96
PID 240 wrote to memory of 708	240	chrome.exe	96
PID 240 wrote to memory of 708	240	chrome.exe	96
PID 240 wrote to memory of 708	240	chrome.exe	96
PID 240 wrote to memory of 708	240	chrome.exe	96
PID 240 wrote to memory of 708	240	chrome.exe	96
PID 240 wrote to memory of 708	240	chrome.exe	96
PID 240 wrote to memory of 708	240	chrome.exe	96
PID 240 wrote to memory of 708	240	chrome.exe	96
PID 240 wrote to memory of 708	240	chrome.exe	96
PID 240 wrote to memory of 708	240	chrome.exe	96
PID 240 wrote to memory of 708	240	chrome.exe	96
PID 240 wrote to memory of 708	240	chrome.exe	96
PID 240 wrote to memory of 708	240	chrome.exe	96
PID 240 wrote to memory of 708	240	chrome.exe	96
PID 240 wrote to memory of 708	240	chrome.exe	96
PID 240 wrote to memory of 708	240	chrome.exe	96
PID 240 wrote to memory of 708	240	chrome.exe	96
PID 240 wrote to memory of 708	240	chrome.exe	96

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\WCD Board.jpg"
1⤵
PID:3156

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xe0,0x10c,0x7ff87f1e9758,0x7ff87f1e9768,0x7ff87f1e9778
  2⤵
  PID:1428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=1848,i,5070636159160709529,3646520230701329321,131072 /prefetch:2
  2⤵
  PID:3672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1848,i,5070636159160709529,3646520230701329321,131072 /prefetch:8
  2⤵
  PID:2172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2160 --field-trial-handle=1848,i,5070636159160709529,3646520230701329321,131072 /prefetch:8
  2⤵
  PID:708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3180 --field-trial-handle=1848,i,5070636159160709529,3646520230701329321,131072 /prefetch:1
  2⤵
  PID:968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3204 --field-trial-handle=1848,i,5070636159160709529,3646520230701329321,131072 /prefetch:1
  2⤵
  PID:900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4564 --field-trial-handle=1848,i,5070636159160709529,3646520230701329321,131072 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 --field-trial-handle=1848,i,5070636159160709529,3646520230701329321,131072 /prefetch:8
  2⤵
  PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5080 --field-trial-handle=1848,i,5070636159160709529,3646520230701329321,131072 /prefetch:8
  2⤵
  PID:3156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 --field-trial-handle=1848,i,5070636159160709529,3646520230701329321,131072 /prefetch:8
  2⤵
  PID:4796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5332 --field-trial-handle=1848,i,5070636159160709529,3646520230701329321,131072 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2540 --field-trial-handle=1848,i,5070636159160709529,3646520230701329321,131072 /prefetch:8
  2⤵
  PID:1616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1656 --field-trial-handle=1848,i,5070636159160709529,3646520230701329321,131072 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5648 --field-trial-handle=1848,i,5070636159160709529,3646520230701329321,131072 /prefetch:1
  2⤵
  PID:3884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1732 --field-trial-handle=1848,i,5070636159160709529,3646520230701329321,131072 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3328 --field-trial-handle=1848,i,5070636159160709529,3646520230701329321,131072 /prefetch:8
  2⤵
  PID:3912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 --field-trial-handle=1848,i,5070636159160709529,3646520230701329321,131072 /prefetch:8
  2⤵
  PID:3268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5732 --field-trial-handle=1848,i,5070636159160709529,3646520230701329321,131072 /prefetch:8
  2⤵
  PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5784 --field-trial-handle=1848,i,5070636159160709529,3646520230701329321,131072 /prefetch:8
  2⤵
  PID:1824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4384 --field-trial-handle=1848,i,5070636159160709529,3646520230701329321,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:3728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4376 --field-trial-handle=1848,i,5070636159160709529,3646520230701329321,131072 /prefetch:8
  2⤵
  PID:1020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5508 --field-trial-handle=1848,i,5070636159160709529,3646520230701329321,131072 /prefetch:8
  2⤵
  PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 --field-trial-handle=1848,i,5070636159160709529,3646520230701329321,131072 /prefetch:8
  2⤵
  PID:2972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6020 --field-trial-handle=1848,i,5070636159160709529,3646520230701329321,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2700 --field-trial-handle=1848,i,5070636159160709529,3646520230701329321,131072 /prefetch:8
  2⤵
  PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5032 --field-trial-handle=1848,i,5070636159160709529,3646520230701329321,131072 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5792 --field-trial-handle=1848,i,5070636159160709529,3646520230701329321,131072 /prefetch:1
  2⤵
  PID:3904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5804 --field-trial-handle=1848,i,5070636159160709529,3646520230701329321,131072 /prefetch:1
  2⤵
  PID:5056

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2072

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:252

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:1592

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:4468

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
PID:4532

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DevicesFlow -s DevicesFlowUserSvc
1⤵
PID:4028

C:\Users\Admin\Downloads\PDFixers.exe
"C:\Users\Admin\Downloads\PDFixers.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3332

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:2816

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:3324

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
PID:2356

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
194KB

MD5
f5b4137b040ec6bd884feee514f7c176

SHA1
7897677377a9ced759be35a66fdee34b391ab0ff

SHA256
845aa24ba38524f33f097b0d9bae7d9112b01fa35c443be5ec1f7b0da23513e6

SHA512
813b764a5650e4e3d1574172dd5d6a26f72c0ba5c8af7b0d676c62bc1b245e4563952bf33663bffc02089127b76a67f9977b0a8f18eaef22d9b4aa3abaaa7c40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
4320dd180d3931361043d306325f978f

SHA1
ed28ea7267a682a7ec82bf7976f1b5b90b6cf47d

SHA256
26d84defda1a980809a4313066ddf361afa8e5f4cd904404ae37c14b523d234a

SHA512
c3e86e201e97d393749b55bd8db9844ad2ee8948927c40c55aaede47f84d723256ffd75e6882cdfce6dee96b144c703c50cf5bc6cc8f9f386b72839fc8e3c296

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
059670dd1f5e94196494c96e8fe557d6

SHA1
14ebc8b585c8067b63ab5405bd9f475c52566ea8

SHA256
4f99beb1fa653370a138969ca15d8fcf31f16d2a56ac9a041273401d1079fb79

SHA512
2fe4418f9398e87b1df4c2a4eefedd0384d9b57cdc1909e5b3e9e845e9383e1db48f2e01deafede7eb63725b701e09db7b991b729e75ea474655d764c93ce442

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
ae07f592cf6bc20a0e2546602b414222

SHA1
3f8eea69a805ec505b234c2e911d974cac746053

SHA256
b8433275a67de8398f5995c64b0135deff1febd0170b732ce9f07cfa0c6151bf

SHA512
8a8f4ad5ba185d95f3b1b46cf0d22831fcaf7cb8ac0268d8ca16e3df036e3a4c8ebc60897cc5083d3685054d0b5ae385bd6075d21c64cce674991c36040a4269

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
439f4e5166d6945650066669364e57f0

SHA1
5169a9806733ce7976e2d1c592c9996981d8b884

SHA256
94dc85062976082efa77422fa30d3d1be70afe3f2a0955ec3a4f21f8e723a366

SHA512
564b7b4bbb469343baa46aada96bef461020034b1ebf2b80aadf23df3f5f8159db9f4730e48c5f103e66c93cf404981d02b08a66665c786280daff59d7cbbafe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
34793188c5a15b2cda33e6172423d1bb

SHA1
c5aa9f7d44c77f1fb0cc6955e2b795b0d470bc6e

SHA256
52037c0d5c83e73eca97ca017c747d660eb7dad3f756c29ed64b542b135be9cf

SHA512
12ae2207fc772436bc9b0268931debe727c9303645d4f18e15cd5e45423ba9c1c955cf5aad5fa384a06e73ed87dfe0daa346dab1541dbdb652597ec5a88054ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
f01afc2cf048b717170bb8dd30f9f8b4

SHA1
89905acff5b21632e704258312fdc9aa8449194e

SHA256
27eed0fd5a435478e2dfdfa37dc9cde8eeb76f0fc41bf181e9c070ee7865d956

SHA512
8bf5ff8125f64059fd9bba715d78ec0ce2870c3a7c4dd2a4967819cc1a19794491bef2322e094f088dafdcc75e7389153cd6318a57a32a0e8371bea845b7f8d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
48f5a726ce71e7ede446482e59299e47

SHA1
80410036397eb7ce2fe06e51e40fab8187a3b1b0

SHA256
2f99ce2b27525a334702d054065d2b9130af57b613ab0156653a89897deef234

SHA512
c953ebe2802351dc84b536c23a3efb176e803f346eb253b9b5fb4827aee4bc5f1fa52b7e24332ce5d02f6b142284441fedb9a67428d9d9159d8e29e412e69861

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
773572e48d7159ed9afe387271a973dd

SHA1
c40759fb5982a0fd76d164845c2d0d7e83faab12

SHA256
c8afe78734d19fa09e58beb048b9c534a12501ddce0ebf2435e3e21b1e8618a3

SHA512
6b4cb48912ebf8da9b2b1768640ba0f6778d7a70b11320ace3a58fa05f30714507673ccb11d5f9c9d88a9291ec247b275751bc52f6ec4d111ebb97b28b175c1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
023ba999279977e4465097e66e510586

SHA1
4ba28c6e6dffcc2c377c30be4edaed9674c52861

SHA256
0528108bba74d71b5b2fd55b2e9cb8e73cc80b55b0a119157cbc48986964f187

SHA512
c8d8085d4a6ddacd225f7d1e6f0f20873510f786859eaca271f3df3db43cf823873f40022a1c3e6b68a0fd8fe4dd66ef91ffc2a0395203160b52cebf0245574f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\df6b4bfa-11ed-4b45-ac3b-dcafbef2c740.tmp

Filesize
5KB

MD5
288bfae585cc4482c34414e185c608c7

SHA1
a68e989eecc4538e6178d2a41dbfe5202dfc78a6

SHA256
2b19db298fee9037e38ea14f4e99fd34e93de5b73d53ce83663ca49fbc206732

SHA512
9e747a7b675c9a806a4bd7e0142c4e2e04703d83eab9f6a44d403a1b45fff8a35c8f1ee54e7152227efe36a5aa0d84e1941fddff068bcf6e7aaee769a5bc2902

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f01fe49f1d3d00c424a597ebb3006dd0

SHA1
f8caf7fc6b85ef481c1513899157173224b5f3ef

SHA256
6a59b85b8e83b6baae5e809cf3655b67a30164848415bc1ef7fd94f35e0c5e89

SHA512
1ca17dd4fae6408197eccf1038b31dd454dd2384e25cd7ddd66bd8ab80e38bdc518c96263ce4b48073b89a4f01f07ed0ce0100343c0be4f56e6dc7c8d18838fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4879da6fb53b0b7e80900014c09c7c7a

SHA1
8d863a36528ed445994d628f2b7991906685f961

SHA256
307833692345752b070a6f2ae0a7c4707fee618f582448c5908f069968dce725

SHA512
0081512791f17b49dbfa113430277698fc8ae4b2be18b565536caf3fa491765da6a708313852a1dd9e3e54bd0ab480390cb32d3ebca5fdb84ff058fcf9dd6d24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
51dad252a0b2047b363d9700d91144db

SHA1
90ddf7815ede4a10296b227ab9b040e56f20ae02

SHA256
1bc0e917fe81cb7a724e6eebc533409bcbf5cdde51ba4b8216ff1f4b50516295

SHA512
6e5b5c674d12d4a780a40289a8084608ecb8525cf38ec51367604ed05cf349c565231124eaf550fee48ad12b112241afa8474c5c93ccd3e09357b97671289d8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
5f0b05e1717c98ad5298442da63462f6

SHA1
2d05b779691ac27b8b4e1347c8a62f53dcac3630

SHA256
5e733132e6884e96a38d9d144b26ad932a8d2e01661b4df4c682b6f15ab7e8ca

SHA512
0e8985f2c4c76f9b2d0e3fea123e875483c4df0ecabac605720fe127be5b48fa4dcbbec2393d1d4b22e48fcaff99697817a6b3ea229f021332dcddd11f7fcfdf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c6e18b88dd921fee5a455e4a94b4b923

SHA1
ccedf08bcee7101d352c62f08719a322887dce22

SHA256
76479f531fac7bd80d5bc4396d74ab314417055809df2b813afafa4a565bf2ef

SHA512
af38dfb5f9a9b483df2c7e9cc1040453936aa6c65db5d952d71f3efc388861511c9ba32472bed3d72bd513cdfe2b6bd293c3a1e45ff01fc673a3855c856161f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ef5f26a20bcd1769149db9a929249fae

SHA1
14c4dc1f5d1a0e07ca8a9ab2e1462eb662ede241

SHA256
1894e68c6f8772b368549238edec01ef0e3be730a83ba11701699f094e6cbf63

SHA512
23e2651780cc884e959c3123f95a8d17ddb77f7e498902e14c41d2052a00dce9943f9cf3a1ee99cbe33efe43308af6d19feb1f339e0464156587fbfaaf18b08f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2716d4291c085c2659cd5f2841cdbd70

SHA1
56e959212dd562887d5606b3b4a59d2fb1c36cfe

SHA256
137493beb46f8ca27ecf4091d600e037be1201de2e16bdd593738226988008e4

SHA512
722b092f1ad3a3d5ac77d1a5258836c49258a8f71550b29bf8ec78dc57bd030740052ef52ea7d04488c334933b48aad25c88e21afae0e44212e93f2983b2b725

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
55283c2fec7cd8a153fb44d3a4adaf00

SHA1
fcc95fb15d84745d95c8123b027b25cfcb03e2c1

SHA256
77d93239eea7f8f5993726bdb529cce48e4796f49f0c1bb109195eba40168b51

SHA512
577e951da5f157f92028b0cd4f898d36fff73711bb9b72187aea0c16055ee61e805c48104a8d0ed04a05b68d07328eaa600bc9c208352b7986a910a52fec98f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
259KB

MD5
cf99bd8d1e26e69a7e4d7b32572a97b4

SHA1
994235195300fc74dc2732a69e0f8c963a83a6e2

SHA256
35cbd6f8834cad18675b1b9019dfd76da06e0a6bec652cd21c4f7a69dd5da592

SHA512
6619f0444a0a5a9062a1612c343d813f2774872cd285364490b065f4e0be236de9150d5e26a35648502c93be0668c9f35e3f73113f0b1d068125c3d7eff9b0c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
259KB

MD5
0ba4523c93a96a029e3aa12f61cc7bcc

SHA1
83487b78c3c1761bad2aaa4bfd8c71d79ade8bda

SHA256
844dcd825500b45ba3a34e577cbd252ed83b408f8abd868ff5d2f309943d95d4

SHA512
10255818982eeb5d06e231e446ceeea22df90ce5eebe779b5270d20e89db2d82dbfa28ada4a6f51e6c4b52a6758d10efa09bcdbe68e9a8f909015a1edff0462c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
259KB

MD5
b8873b59b6b35b6b1512feb3e1231235

SHA1
3f8c6f110037d8dbd302c7fd941a415d02542dcd

SHA256
b4cf84aeaec8f7ca012b2f107e4b7d8a2fd8f391d5a00157ee766d7333c7817f

SHA512
cc2f8870f720ddf3e3f516c50d6fabfee2f4af47d6a4fe3d6c6907fd33ee6135f9c798f961223a81dea41924fbe022789b921593c4cc832de4b983e55e054c52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
95KB

MD5
0284dc58d2c7a4472deaf22c4d95bb5b

SHA1
94c41d16b09ff748901bf7db17bbfb902106f05b

SHA256
fb4bd5034a3720e6491c3e699b707cea5dd38163c39d26a5f21283ca738404ab

SHA512
b769c68151cb1a93c3d081fc7f3972c17d75a17079b35a51f23f107cb1a5b2ed23db8a5a263d553c1de6adcccb7a53488f84893006ab4ca498959da273ed34d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
104KB

MD5
2e7e65b2fd03cf631e5621b6c834927d

SHA1
49fe671d42adaeb19ef990d36170f0e3fc06a627

SHA256
8c45aabb689bd0d524c9462ed415b1bd8ab5aee36b390347f58fc36317526ef2

SHA512
7843df0aa862dfbecc6c58c27fa0904466c7be25d7a0c4ff8566805fb375ddca61d49db686cd1ab1794a2480b4fd114d606318420bded3d665f6492ac95f1d2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
107KB

MD5
1555a8e3b37d4dedbcdf70e4cbf73edc

SHA1
934a67a895cb362f5925fc0bd08bd4dfb6bedf96

SHA256
15fe0942dde46703871a528df4b1bc25db8e49012fd15870e33dd114b30ca4f1

SHA512
45772066c16c8c53ee46e2e3ac48687d5f7d3f2f40eff650686b0270a449e1736607975d4c08bc1a00bbdc7b5bbd05ea5fd477f886bd05265b46658c3b2052e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
99KB

MD5
86bb51def112c64ae863a329ecd1d9f0

SHA1
c61c0ad586cb6156080d86af0fa1511c597cb7d6

SHA256
0a03571578ead9d9cb105a1bd0c2a16ad645a1a7ea0d063985e349cf5aec6533

SHA512
08c7611d5fbfcdc422a9ffe0470c5657387d906e6fe5ad966952efc74494c3956415a796dd5957d2ff2336c8e6640e18d3f98181078a1a82b7e2d1aa9496e76c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe592abf.TMP

Filesize
89KB

MD5
bc340ed2d5223524551864d4cc47bae4

SHA1
eb9bb67bda5ced7e008684c749e75a0183005c53

SHA256
2b97f76c8fbce8dfb21b4c8a609ed6add0c650dc9e8c39a57b02cc6780f09faf

SHA512
f485b1f65df19f2bb2798e79b2dca0b7692e35e573f956e0476a6047ccdd49485c2c40772e03120e6bbdba2e7a152897360848a9718e8c6bd127bfd09a3d371c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2024-3-13.1956.4532.1.odl

Filesize
706B

MD5
78a3830573700f8228df4216d2194391

SHA1
4e23d00b0223f35d81086f256a7b66d2a0028920

SHA256
85d4787c264f458ab48b830d3fccda6a2e99a7bb0c26ec9af59e221750a1542f

SHA512
088ef0a6db8af0b202412ca0a877df68f305dcbaa515bd6ee7ab93348f88f00557a0162e01ec8e4f82524e02032d99bb50e28c274d4e10e68adc8b695c3bf059

Download Submit
C:\Users\Admin\Downloads\PDFixers.exe

Filesize
8.1MB

MD5
b4440eea7367c3fb04a89225df4022a6

SHA1
5a6c01f821f10f6ed1f1283ecba36c5bacfb5838

SHA256
a024a18e27707738adcd7b5a740c5a93534b4b8c9d3b947f6d85740af19d17d0

SHA512
69c3a0339aa6d060845570527205136d4aa04b2f13b983e1e84a0d2d9a90e99ec827999a20c57e27a4c27d36e633bb264ddd95a43c03e47cfa3d9f6377e57e76

Download Submit
C:\Users\Admin\Downloads\PDFixers.exe

Filesize
6.2MB

MD5
be69557b368008302f888046f734393e

SHA1
e2d81f1d0ff1246f3f0b6fe70ae6c4364152532d

SHA256
59e0693c009b4cd6965a6fb3f229b3146083939db3ff423d992f2221ec016d87

SHA512
26bee087e74607d66036ef5354d3c1c399472242b55094d46bb6228bb99ce641a6ad0b526a26235dbbe59d3b304a406fb9754a6005f2c58acb46d4ac23b5cc23

Download Submit
C:\Users\Admin\Downloads\PDFixers.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/3332-357-0x000002CB0C4D0000-0x000002CB0CCEE000-memory.dmp

Filesize
8.1MB

Download
memory/3332-358-0x00007FF87A920000-0x00007FF87B3E2000-memory.dmp

Filesize
10.8MB

Download
memory/3332-359-0x000002CB27450000-0x000002CB27460000-memory.dmp

Filesize
64KB

Download
memory/3332-360-0x000002CB27450000-0x000002CB27460000-memory.dmp

Filesize
64KB

Download
memory/3332-361-0x000002CB27450000-0x000002CB27460000-memory.dmp

Filesize
64KB

Download
memory/3332-363-0x000002D329B20000-0x000002D32A2C6000-memory.dmp

Filesize
7.6MB

Download
memory/3332-364-0x000002CB27450000-0x000002CB27460000-memory.dmp

Filesize
64KB

Download
memory/3332-365-0x00007FF87A920000-0x00007FF87B3E2000-memory.dmp

Filesize
10.8MB

Download