e3f22625f5206c759782cea5aa25de80a5661ac464cb7ec3cc6a408f30ae6bbf

Analysis

max time kernel
2699s
max time network
2701s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
25-04-2024 11:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0000.png
Size

1.9MB
MD5

8a91bcf7e012f5f829be1b228e758340
SHA1

90a9f5cb4b7b6f1d0ec282e4a374ea662c82d792
SHA256

e3f22625f5206c759782cea5aa25de80a5661ac464cb7ec3cc6a408f30ae6bbf
SHA512

9417c7a6c6aaf4226057e7597221a42059f64e7287c46ba599d1f21e53544f4469ad22868259d3486848dd0f8885d3f39f0e26d83c64b577ba9899d2c8a66721
SSDEEP

49152:rReELyuW3kFKj/Pty7XMa4HGp2CL3dt+wt7axpxU1Lnv6gNKoSs:NeELyuW0FOQ78a4mj3dXauwgjSs

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file
Executes dropped EXE 2 IoCs

Processes:

CascadeTrainerGUI_3.3.1_x64_Setup.exeCascade-Trainer-GUI.exe

pid process

2108 CascadeTrainerGUI_3.3.1_x64_Setup.exe
2184 Cascade-Trainer-GUI.exe

Loads dropped DLL 16 IoCs

Processes:

Cascade-Trainer-GUI.exe

pid	process
2184	Cascade-Trainer-GUI.exe
2184	Cascade-Trainer-GUI.exe
2184	Cascade-Trainer-GUI.exe
2184	Cascade-Trainer-GUI.exe
2184	Cascade-Trainer-GUI.exe
2184	Cascade-Trainer-GUI.exe
2184	Cascade-Trainer-GUI.exe
2184	Cascade-Trainer-GUI.exe
2184	Cascade-Trainer-GUI.exe
2184	Cascade-Trainer-GUI.exe
2184	Cascade-Trainer-GUI.exe
2184	Cascade-Trainer-GUI.exe
2184	Cascade-Trainer-GUI.exe
2184	Cascade-Trainer-GUI.exe
2184	Cascade-Trainer-GUI.exe
2184	Cascade-Trainer-GUI.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 62 IoCs

Processes:

CascadeTrainerGUI_3.3.1_x64_Setup.exe

description	ioc	process
File opened for modification	C:\Program Files\Cascade Trainer GUI\iconengines	CascadeTrainerGUI_3.3.1_x64_Setup.exe
File opened for modification	C:\Program Files\Cascade Trainer GUI\imageformats\qwebp.dll	CascadeTrainerGUI_3.3.1_x64_Setup.exe
File opened for modification	C:\Program Files\Cascade Trainer GUI\translations	CascadeTrainerGUI_3.3.1_x64_Setup.exe
File opened for modification	C:\Program Files\Cascade Trainer GUI\Qt5Gui.dll	CascadeTrainerGUI_3.3.1_x64_Setup.exe
File opened for modification	C:\Program Files\Cascade Trainer GUI\Qt5Widgets.dll	CascadeTrainerGUI_3.3.1_x64_Setup.exe
File opened for modification	C:\Program Files\Cascade Trainer GUI\translations\qt_bg.qm	CascadeTrainerGUI_3.3.1_x64_Setup.exe
File opened for modification	C:\Program Files\Cascade Trainer GUI\imageformats\qgif.dll	CascadeTrainerGUI_3.3.1_x64_Setup.exe
File opened for modification	C:\Program Files\Cascade Trainer GUI\imageformats\qtga.dll	CascadeTrainerGUI_3.3.1_x64_Setup.exe
File opened for modification	C:\Program Files\Cascade Trainer GUI\translations\qt_lv.qm	CascadeTrainerGUI_3.3.1_x64_Setup.exe
File opened for modification	C:\Program Files\Cascade Trainer GUI\translations\qt_pl.qm	CascadeTrainerGUI_3.3.1_x64_Setup.exe
File opened for modification	C:\Program Files\Cascade Trainer GUI\network.xml	CascadeTrainerGUI_3.3.1_x64_Setup.exe
File opened for modification	C:\Program Files\Cascade Trainer GUI\imageformats\qsvg.dll	CascadeTrainerGUI_3.3.1_x64_Setup.exe
File opened for modification	C:\Program Files\Cascade Trainer GUI\translations\qt_fi.qm	CascadeTrainerGUI_3.3.1_x64_Setup.exe
File opened for modification	C:\Program Files\Cascade Trainer GUI\translations\qt_hu.qm	CascadeTrainerGUI_3.3.1_x64_Setup.exe
File opened for modification	C:\Program Files\Cascade Trainer GUI\translations\qt_ja.qm	CascadeTrainerGUI_3.3.1_x64_Setup.exe
File opened for modification	C:\Program Files\Cascade Trainer GUI\maintenancetool.ini	CascadeTrainerGUI_3.3.1_x64_Setup.exe
File opened for modification	C:\Program Files\Cascade Trainer GUI\InstallationLog.txt	CascadeTrainerGUI_3.3.1_x64_Setup.exe
File opened for modification	C:\Program Files\Cascade Trainer GUI\opencv_createsamples.exe	CascadeTrainerGUI_3.3.1_x64_Setup.exe
File opened for modification	C:\Program Files\Cascade Trainer GUI\Cascade-Trainer-GUI.exe	CascadeTrainerGUI_3.3.1_x64_Setup.exe
File opened for modification	C:\Program Files\Cascade Trainer GUI\translations\qt_da.qm	CascadeTrainerGUI_3.3.1_x64_Setup.exe
File opened for modification	C:\Program Files\Cascade Trainer GUI\translations\qt_en.qm	CascadeTrainerGUI_3.3.1_x64_Setup.exe
File created	C:\Program Files\Cascade Trainer GUI\testjsfdjlkdsjflkdsjfldsjlfds450.OD2108	CascadeTrainerGUI_3.3.1_x64_Setup.exe
File created	C:\Program Files\Cascade Trainer GUI\maintenancetool.ini.cj2108	CascadeTrainerGUI_3.3.1_x64_Setup.exe
File opened for modification	C:\Program Files\Cascade Trainer GUI\Qt5Core.dll	CascadeTrainerGUI_3.3.1_x64_Setup.exe
File opened for modification	C:\Program Files\Cascade Trainer GUI\imageformats\qtiff.dll	CascadeTrainerGUI_3.3.1_x64_Setup.exe
File opened for modification	C:\Program Files\Cascade Trainer GUI\opencv_traincascade.exe	CascadeTrainerGUI_3.3.1_x64_Setup.exe
File opened for modification	C:\Program Files\Cascade Trainer GUI\opencv_ffmpeg320_64.dll	CascadeTrainerGUI_3.3.1_x64_Setup.exe
File opened for modification	C:\Program Files\Cascade Trainer GUI\platforms\qwindows.dll	CascadeTrainerGUI_3.3.1_x64_Setup.exe
File opened for modification	C:\Program Files\Cascade Trainer GUI\translations\qt_ca.qm	CascadeTrainerGUI_3.3.1_x64_Setup.exe
File opened for modification	C:\Program Files\Cascade Trainer GUI\translations\qt_cs.qm	CascadeTrainerGUI_3.3.1_x64_Setup.exe
File opened for modification	C:\Program Files\Cascade Trainer GUI\translations\qt_sk.qm	CascadeTrainerGUI_3.3.1_x64_Setup.exe
File opened for modification	C:\Program Files\Cascade Trainer GUI\opencv_world320.dll	CascadeTrainerGUI_3.3.1_x64_Setup.exe
File opened for modification	C:\Program Files\Cascade Trainer GUI\imageformats\qwbmp.dll	CascadeTrainerGUI_3.3.1_x64_Setup.exe
File opened for modification	C:\Program Files\Cascade Trainer GUI\platforms	CascadeTrainerGUI_3.3.1_x64_Setup.exe
File opened for modification	C:\Program Files\Cascade Trainer GUI\translations\qt_he.qm	CascadeTrainerGUI_3.3.1_x64_Setup.exe
File opened for modification	C:\Program Files\Cascade Trainer GUI\translations\qt_ko.qm	CascadeTrainerGUI_3.3.1_x64_Setup.exe
File created	C:\Program Files\Cascade Trainer GUI\maintenancetool.ini.Uc2108	CascadeTrainerGUI_3.3.1_x64_Setup.exe
File opened for modification	C:\Program Files\Cascade Trainer GUI\maintenancetool.ini.cj2108	CascadeTrainerGUI_3.3.1_x64_Setup.exe
File opened for modification	C:\Program Files\Cascade Trainer GUI\libEGL.dll	CascadeTrainerGUI_3.3.1_x64_Setup.exe
File opened for modification	C:\Program Files\Cascade Trainer GUI\translations\qt_es.qm	CascadeTrainerGUI_3.3.1_x64_Setup.exe
File created	C:\Program Files\Cascade Trainer GUI\maintenancetool.ini.EE2108	CascadeTrainerGUI_3.3.1_x64_Setup.exe
File opened for modification	C:\Program Files\Cascade Trainer GUI\opengl32sw.dll	CascadeTrainerGUI_3.3.1_x64_Setup.exe
File opened for modification	C:\Program Files\Cascade Trainer GUI\translations\qt_de.qm	CascadeTrainerGUI_3.3.1_x64_Setup.exe
File opened for modification	C:\Program Files\Cascade Trainer GUI\translations\qt_fr.qm	CascadeTrainerGUI_3.3.1_x64_Setup.exe
File opened for modification	C:\Program Files\Cascade Trainer GUI\components.xml	CascadeTrainerGUI_3.3.1_x64_Setup.exe
File opened for modification	C:\Program Files\Cascade Trainer GUI\iconengines\qsvgicon.dll	CascadeTrainerGUI_3.3.1_x64_Setup.exe
File opened for modification	C:\Program Files\Cascade Trainer GUI\imageformats\qicns.dll	CascadeTrainerGUI_3.3.1_x64_Setup.exe
File opened for modification	C:\Program Files\Cascade Trainer GUI\imageformats\qjpeg.dll	CascadeTrainerGUI_3.3.1_x64_Setup.exe
File opened for modification	C:\Program Files\Cascade Trainer GUI\translations\qt_gd.qm	CascadeTrainerGUI_3.3.1_x64_Setup.exe
File opened for modification	C:\Program Files\Cascade Trainer GUI\translations\qt_ru.qm	CascadeTrainerGUI_3.3.1_x64_Setup.exe
File opened for modification	C:\Program Files\Cascade Trainer GUI\maintenancetool.dat.new	CascadeTrainerGUI_3.3.1_x64_Setup.exe
File opened for modification	C:\Program Files\Cascade Trainer GUI\tbb.dll	CascadeTrainerGUI_3.3.1_x64_Setup.exe
File opened for modification	C:\Program Files\Cascade Trainer GUI\imageformats	CascadeTrainerGUI_3.3.1_x64_Setup.exe
File opened for modification	C:\Program Files\Cascade Trainer GUI\maintenancetool.exe.new	CascadeTrainerGUI_3.3.1_x64_Setup.exe
File created	C:\Program Files\Cascade Trainer GUI\maintenancetool.ini.lock	CascadeTrainerGUI_3.3.1_x64_Setup.exe
File opened for modification	C:\Program Files\Cascade Trainer GUI\D3Dcompiler_47.dll	CascadeTrainerGUI_3.3.1_x64_Setup.exe
File opened for modification	C:\Program Files\Cascade Trainer GUI\libGLESV2.dll	CascadeTrainerGUI_3.3.1_x64_Setup.exe
File opened for modification	C:\Program Files\Cascade Trainer GUI\Qt5Svg.dll	CascadeTrainerGUI_3.3.1_x64_Setup.exe
File opened for modification	C:\Program Files\Cascade Trainer GUI\imageformats\qico.dll	CascadeTrainerGUI_3.3.1_x64_Setup.exe
File opened for modification	C:\Program Files\Cascade Trainer GUI\translations\qt_uk.qm	CascadeTrainerGUI_3.3.1_x64_Setup.exe
File created	C:\Program Files\Cascade Trainer GUI\maintenancetool.exe.new	CascadeTrainerGUI_3.3.1_x64_Setup.exe
File opened for modification	C:\Program Files\Cascade Trainer GUI\translations\qt_it.qm	CascadeTrainerGUI_3.3.1_x64_Setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133585173288231589"	chrome.exe

Modifies registry class 40 IoCs

Processes:

Cascade-Trainer-GUI.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	Cascade-Trainer-GUI.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Cascade-Trainer-GUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	Cascade-Trainer-GUI.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	Cascade-Trainer-GUI.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 8c003100000000009958845a110050524f4752417e310000740009000400efbe724a6fa89958845a2e0000003f0000000000010000000000000000004a00000000000b4f2801500072006f006700720061006d002000460069006c0065007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370038003100000018000000	Cascade-Trainer-GUI.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = ffffffff	Cascade-Trainer-GUI.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	Cascade-Trainer-GUI.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance	Cascade-Trainer-GUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	Cascade-Trainer-GUI.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings	Cascade-Trainer-GUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	Cascade-Trainer-GUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	Cascade-Trainer-GUI.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	Cascade-Trainer-GUI.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	Cascade-Trainer-GUI.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	Cascade-Trainer-GUI.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 70003100000000009958875a10004341534341447e310000580009000400efbe9958845a9958875a2e000000d6ac010000000c000000000000000000000000000000b054aa004300610073006300610064006500200054007200610069006e00650072002000470055004900000018000000	Cascade-Trainer-GUI.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	Cascade-Trainer-GUI.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance	Cascade-Trainer-GUI.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	Cascade-Trainer-GUI.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 00000000ffffffff	Cascade-Trainer-GUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	Cascade-Trainer-GUI.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic"	Cascade-Trainer-GUI.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Cascade-Trainer-GUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	Cascade-Trainer-GUI.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	Cascade-Trainer-GUI.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	Cascade-Trainer-GUI.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	Cascade-Trainer-GUI.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	Cascade-Trainer-GUI.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	Cascade-Trainer-GUI.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	Cascade-Trainer-GUI.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}"	Cascade-Trainer-GUI.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff	Cascade-Trainer-GUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	Cascade-Trainer-GUI.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Cascade-Trainer-GUI.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	Cascade-Trainer-GUI.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Cascade-Trainer-GUI.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	Cascade-Trainer-GUI.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 19002f433a5c000000000000000000000000000000000000000000	Cascade-Trainer-GUI.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	Cascade-Trainer-GUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\NodeSlot = "1"	Cascade-Trainer-GUI.exe

NTFS ADS 4 IoCs

Processes:

CascadeTrainerGUI_3.3.1_x64_Setup.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\C:/Program Files/Cascade Trainer GUI/iconengines	CascadeTrainerGUI_3.3.1_x64_Setup.exe
File opened for modification	C:\Users\Admin\Downloads\C:/Program Files/Cascade Trainer GUI/imageformats	CascadeTrainerGUI_3.3.1_x64_Setup.exe
File opened for modification	C:\Users\Admin\Downloads\C:/Program Files/Cascade Trainer GUI/platforms	CascadeTrainerGUI_3.3.1_x64_Setup.exe
File opened for modification	C:\Users\Admin\Downloads\C:/Program Files/Cascade Trainer GUI/translations	CascadeTrainerGUI_3.3.1_x64_Setup.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

Processes:

CascadeTrainerGUI_3.3.1_x64_Setup.exeCascade-Trainer-GUI.exe

pid process

2108 CascadeTrainerGUI_3.3.1_x64_Setup.exe
2184 Cascade-Trainer-GUI.exe
Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exeCascadeTrainerGUI_3.3.1_x64_Setup.exechrome.exe

pid process

4052 chrome.exe
4052 chrome.exe
2108 CascadeTrainerGUI_3.3.1_x64_Setup.exe
2108 CascadeTrainerGUI_3.3.1_x64_Setup.exe
4448 chrome.exe
4448 chrome.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

Cascade-Trainer-GUI.exe

pid process

2184 Cascade-Trainer-GUI.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

chrome.exe

pid process

4052 chrome.exe
4052 chrome.exe
4052 chrome.exe
4052 chrome.exe
4052 chrome.exe
4052 chrome.exe
4052 chrome.exe
4052 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exe

pid	process
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe

Suspicious use of SetWindowsHookEx 7 IoCs

Processes:

CascadeTrainerGUI_3.3.1_x64_Setup.exeCascade-Trainer-GUI.exe

pid	process
2108	CascadeTrainerGUI_3.3.1_x64_Setup.exe
2108	CascadeTrainerGUI_3.3.1_x64_Setup.exe
2108	CascadeTrainerGUI_3.3.1_x64_Setup.exe
2108	CascadeTrainerGUI_3.3.1_x64_Setup.exe
2184	Cascade-Trainer-GUI.exe
2184	Cascade-Trainer-GUI.exe
2184	Cascade-Trainer-GUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4052 wrote to memory of 1648	4052	chrome.exe	chrome.exe
PID 4052 wrote to memory of 1648	4052	chrome.exe	chrome.exe
PID 4052 wrote to memory of 1012	4052	chrome.exe	chrome.exe
PID 4052 wrote to memory of 1012	4052	chrome.exe	chrome.exe
PID 4052 wrote to memory of 1012	4052	chrome.exe	chrome.exe
PID 4052 wrote to memory of 1012	4052	chrome.exe	chrome.exe
PID 4052 wrote to memory of 1012	4052	chrome.exe	chrome.exe
PID 4052 wrote to memory of 1012	4052	chrome.exe	chrome.exe
PID 4052 wrote to memory of 1012	4052	chrome.exe	chrome.exe
PID 4052 wrote to memory of 1012	4052	chrome.exe	chrome.exe
PID 4052 wrote to memory of 1012	4052	chrome.exe	chrome.exe
PID 4052 wrote to memory of 1012	4052	chrome.exe	chrome.exe
PID 4052 wrote to memory of 1012	4052	chrome.exe	chrome.exe
PID 4052 wrote to memory of 1012	4052	chrome.exe	chrome.exe
PID 4052 wrote to memory of 1012	4052	chrome.exe	chrome.exe
PID 4052 wrote to memory of 1012	4052	chrome.exe	chrome.exe
PID 4052 wrote to memory of 1012	4052	chrome.exe	chrome.exe
PID 4052 wrote to memory of 1012	4052	chrome.exe	chrome.exe
PID 4052 wrote to memory of 1012	4052	chrome.exe	chrome.exe
PID 4052 wrote to memory of 1012	4052	chrome.exe	chrome.exe
PID 4052 wrote to memory of 1012	4052	chrome.exe	chrome.exe
PID 4052 wrote to memory of 1012	4052	chrome.exe	chrome.exe
PID 4052 wrote to memory of 1012	4052	chrome.exe	chrome.exe
PID 4052 wrote to memory of 1012	4052	chrome.exe	chrome.exe
PID 4052 wrote to memory of 1012	4052	chrome.exe	chrome.exe
PID 4052 wrote to memory of 1012	4052	chrome.exe	chrome.exe
PID 4052 wrote to memory of 1012	4052	chrome.exe	chrome.exe
PID 4052 wrote to memory of 1012	4052	chrome.exe	chrome.exe
PID 4052 wrote to memory of 1012	4052	chrome.exe	chrome.exe
PID 4052 wrote to memory of 1012	4052	chrome.exe	chrome.exe
PID 4052 wrote to memory of 1012	4052	chrome.exe	chrome.exe
PID 4052 wrote to memory of 1012	4052	chrome.exe	chrome.exe
PID 4052 wrote to memory of 1012	4052	chrome.exe	chrome.exe
PID 4052 wrote to memory of 1012	4052	chrome.exe	chrome.exe
PID 4052 wrote to memory of 1012	4052	chrome.exe	chrome.exe
PID 4052 wrote to memory of 1012	4052	chrome.exe	chrome.exe
PID 4052 wrote to memory of 1012	4052	chrome.exe	chrome.exe
PID 4052 wrote to memory of 1012	4052	chrome.exe	chrome.exe
PID 4052 wrote to memory of 1012	4052	chrome.exe	chrome.exe
PID 4052 wrote to memory of 1012	4052	chrome.exe	chrome.exe
PID 4052 wrote to memory of 4956	4052	chrome.exe	chrome.exe
PID 4052 wrote to memory of 4956	4052	chrome.exe	chrome.exe
PID 4052 wrote to memory of 4964	4052	chrome.exe	chrome.exe
PID 4052 wrote to memory of 4964	4052	chrome.exe	chrome.exe
PID 4052 wrote to memory of 4964	4052	chrome.exe	chrome.exe
PID 4052 wrote to memory of 4964	4052	chrome.exe	chrome.exe
PID 4052 wrote to memory of 4964	4052	chrome.exe	chrome.exe
PID 4052 wrote to memory of 4964	4052	chrome.exe	chrome.exe
PID 4052 wrote to memory of 4964	4052	chrome.exe	chrome.exe
PID 4052 wrote to memory of 4964	4052	chrome.exe	chrome.exe
PID 4052 wrote to memory of 4964	4052	chrome.exe	chrome.exe
PID 4052 wrote to memory of 4964	4052	chrome.exe	chrome.exe
PID 4052 wrote to memory of 4964	4052	chrome.exe	chrome.exe
PID 4052 wrote to memory of 4964	4052	chrome.exe	chrome.exe
PID 4052 wrote to memory of 4964	4052	chrome.exe	chrome.exe
PID 4052 wrote to memory of 4964	4052	chrome.exe	chrome.exe
PID 4052 wrote to memory of 4964	4052	chrome.exe	chrome.exe
PID 4052 wrote to memory of 4964	4052	chrome.exe	chrome.exe
PID 4052 wrote to memory of 4964	4052	chrome.exe	chrome.exe
PID 4052 wrote to memory of 4964	4052	chrome.exe	chrome.exe
PID 4052 wrote to memory of 4964	4052	chrome.exe	chrome.exe
PID 4052 wrote to memory of 4964	4052	chrome.exe	chrome.exe
PID 4052 wrote to memory of 4964	4052	chrome.exe	chrome.exe
PID 4052 wrote to memory of 4964	4052	chrome.exe	chrome.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\0000.png
1⤵
PID:524

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffe88119758,0x7ffe88119768,0x7ffe88119778
2⤵
PID:1648

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1856,i,11214201969320924581,17298346193095182694,131072 /prefetch:2
2⤵
PID:1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1824 --field-trial-handle=1856,i,11214201969320924581,17298346193095182694,131072 /prefetch:8
2⤵
PID:4956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2112 --field-trial-handle=1856,i,11214201969320924581,17298346193095182694,131072 /prefetch:8
2⤵
PID:4964

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2888 --field-trial-handle=1856,i,11214201969320924581,17298346193095182694,131072 /prefetch:1
2⤵
PID:4356

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2896 --field-trial-handle=1856,i,11214201969320924581,17298346193095182694,131072 /prefetch:1
2⤵
PID:4600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3972 --field-trial-handle=1856,i,11214201969320924581,17298346193095182694,131072 /prefetch:1
2⤵
PID:992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4592 --field-trial-handle=1856,i,11214201969320924581,17298346193095182694,131072 /prefetch:8
2⤵
PID:4788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4640 --field-trial-handle=1856,i,11214201969320924581,17298346193095182694,131072 /prefetch:8
2⤵
PID:3252

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4640 --field-trial-handle=1856,i,11214201969320924581,17298346193095182694,131072 /prefetch:8
2⤵
PID:4608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 --field-trial-handle=1856,i,11214201969320924581,17298346193095182694,131072 /prefetch:8
2⤵
PID:1784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5000 --field-trial-handle=1856,i,11214201969320924581,17298346193095182694,131072 /prefetch:8
2⤵
PID:60

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5152 --field-trial-handle=1856,i,11214201969320924581,17298346193095182694,131072 /prefetch:1
2⤵
PID:4148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5260 --field-trial-handle=1856,i,11214201969320924581,17298346193095182694,131072 /prefetch:1
2⤵
PID:1548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 --field-trial-handle=1856,i,11214201969320924581,17298346193095182694,131072 /prefetch:8
2⤵
PID:828

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5656 --field-trial-handle=1856,i,11214201969320924581,17298346193095182694,131072 /prefetch:1
2⤵
PID:1444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5232 --field-trial-handle=1856,i,11214201969320924581,17298346193095182694,131072 /prefetch:1
2⤵
PID:4204

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5832 --field-trial-handle=1856,i,11214201969320924581,17298346193095182694,131072 /prefetch:8
2⤵
PID:524

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5664 --field-trial-handle=1856,i,11214201969320924581,17298346193095182694,131072 /prefetch:1
2⤵
PID:2588

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3800 --field-trial-handle=1856,i,11214201969320924581,17298346193095182694,131072 /prefetch:8
2⤵
PID:4448

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3208 --field-trial-handle=1856,i,11214201969320924581,17298346193095182694,131072 /prefetch:8
2⤵
PID:292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3832 --field-trial-handle=1856,i,11214201969320924581,17298346193095182694,131072 /prefetch:8
2⤵
PID:4488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 --field-trial-handle=1856,i,11214201969320924581,17298346193095182694,131072 /prefetch:8
2⤵
PID:1904

C:\Users\Admin\Downloads\CascadeTrainerGUI_3.3.1_x64_Setup.exe
"C:\Users\Admin\Downloads\CascadeTrainerGUI_3.3.1_x64_Setup.exe"
2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- NTFS ADS
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2108

C:\Windows\SysWOW64\cscript.exe
cscript //Nologo C:\Users\Admin\AppData\Local\Temp\deferredrenameLi2108.vbs
3⤵
PID:292

C:\Windows\SysWOW64\cscript.exe
cscript //Nologo C:\Users\Admin\AppData\Local\Temp\deferredrenameyO2108.vbs
3⤵
PID:4636

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4956 --field-trial-handle=1856,i,11214201969320924581,17298346193095182694,131072 /prefetch:8
2⤵
PID:1900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5760 --field-trial-handle=1856,i,11214201969320924581,17298346193095182694,131072 /prefetch:8
2⤵
PID:4388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 --field-trial-handle=1856,i,11214201969320924581,17298346193095182694,131072 /prefetch:8
2⤵
PID:4084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5804 --field-trial-handle=1856,i,11214201969320924581,17298346193095182694,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4448

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3096

C:\Program Files\Cascade Trainer GUI\Cascade-Trainer-GUI.exe
"C:\Program Files\Cascade Trainer GUI\Cascade-Trainer-GUI.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2184

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Cascade Trainer GUI\Cascade-Trainer-GUI.exe
Filesize
1.9MB

MD5
dc1c2248fd6fc3921e4448cfeeabd58c

SHA1
5849ad8089c15caac5273487b35c0fad373c8cc0

SHA256
2a047799f2adf9bef71de3ad28c18f453dc0c84281ebf61ca038821cf271aa2b

SHA512
baddc0296f0cbef7593662a0c498a92b2da0523a229a654d583c62cd68c0f398af0ba64cfdfc136f9fed8af79af3ff79d8368fc84e30c6f655c51d1308e86619

Download Submit
C:\Program Files\Cascade Trainer GUI\iconengines\qsvgicon.dll
Filesize
37KB

MD5
ce2693c256c3807dc7559927ebba5bfd

SHA1
2c4be6948c3a0f204424cc640a570ffc28a7ca69

SHA256
81ce10af22a0f1cc43666c89905ddd566363b612ef6c4509fc12b09074d3bbdb

SHA512
e35dbcb289356e7a4a94985078e95d89647dc96acbe08a5ef20aee1a1580cbaa7bb777498626a9d09ac824cb80c01264e885ad06d57a43a950659c71aa9ae842

Download Submit
C:\Program Files\Cascade Trainer GUI\imageformats\qsvg.dll
Filesize
25KB

MD5
14404bea7b1e5c056bf687145e27ee37

SHA1
85062ee2545498c9c008ec24ff51ba87dd5b5ee3

SHA256
a8e20e0b5a1b0e7e953ba9e8fca23d17e34fe83678e031416b9abcb37a4d3a79

SHA512
e49224912de09fe5f75b93d9649296ff842e9d269ffa128aee9278dee7ddc7dc1258f7e82016e4468ed8f262b72ce436ef84b0d536a925d6c22796d1ff8b6056

Download Submit
C:\Program Files\Cascade Trainer GUI\imageformats\qtga.dll
Filesize
25KB

MD5
322b3b52bf049c3b2088302b78bbdd14

SHA1
c54644d0dcc33b82aca616db5e7bc95f3c502603

SHA256
9f0eaa7742e8339f37a2f214d8e38c5ebd967fcf675c59525b83568ef7abcfd6

SHA512
f1ec2c00f2048244a69dd856dc7c3205d9415685bf3756bb7e33ae0bc3ceed53f11df3e7dcf28c6e7e76873d6726addff08ea5042a0598f69bdac362fdfb2861

Download Submit
C:\Program Files\Cascade Trainer GUI\imageformats\qtiff.dll
Filesize
307KB

MD5
f18d8960993e0e7332c3cffe2baad37d

SHA1
a2d64e68b1bdbc91b824b3de13b160231943630b

SHA256
f803fceb6ef104ae85797780a70f740a2feba79efe25dfac3a60c74b194bfa57

SHA512
a9d20903552da2cabc41d08cf8f59647631e961eb134e0191a5fb60d538e6f7aa15fead7c59923d23b4c985249b4c821e3c32fa505a6cfcadb66894fe3f198a9

Download Submit
C:\Program Files\Cascade Trainer GUI\imageformats\qwbmp.dll
Filesize
23KB

MD5
72a71487365e0ac393b1683cd88e4caa

SHA1
3447b3ce3c957a4e7c0f7c5426b1d374b60c1261

SHA256
ec175e916ea2cef0929da892564479785681b078f8a58334d329093e5c848295

SHA512
96137663e17d2e2b95a5c28746d2b093ba9434884e334e6920f18d2f4f572f3222416d70e3869b0e56a82bb86f5c8408546b2d8a165e4b64c20aac06e54ccb78

Download Submit
C:\Program Files\Cascade Trainer GUI\imageformats\qwebp.dll
Filesize
470KB

MD5
3792e7231579a8f87993d784dc3315a1

SHA1
7223493776e0f0a092fd02e579dca3aa73187c82

SHA256
755ac3ece16668b0b9cadc091b803d96841057775a2e384863184c98102664a6

SHA512
e7c6be65cbbe555f9a6b12024442b3b6e64aee94a4cb166c1a4663b3d492ab4925457924bbaec180666c4d040ebb2772105c4bc6be6ea8251755b0e91c839364

Download Submit
C:\Program Files\Cascade Trainer GUI\maintenancetool.dat.new
Filesize
14KB

MD5
88f820f575a8e3ff984ac7fa9bcecd77

SHA1
1c240305c0febbaca0ad64aaff909d17a6ecacd2

SHA256
b315b13b9ba1122c52ca0f6d1b386419f03969b20fbf790afcca03616c19ce96

SHA512
039717e09879c2c6a11cc7f886e43c0fd859208608a03e708c48210ef7b0c900fab0fb2516df1da2ef6a536ae940322f133d515929a3535301dbe1a7c067b97b

Download Submit
C:\Program Files\Cascade Trainer GUI\maintenancetool.exe.new
Filesize
17.9MB

MD5
dc18c855a0798c0396f2cb1796628abe

SHA1
32990b86f53371fb193b25fc8eb95afbd159b478

SHA256
d50136dbbf7d2684039507cbcf17c495804809bab58934e6b43d97459d744b03

SHA512
32adfbd26e3dd1c776704f2a2755e1a3ed429131cf926b5459b900ef00495a1917c2b52ddc111e43341dfa9eb70f9daf8b2bb53e2ac746a6ce193b87244e596a

Download Submit
C:\Program Files\Cascade Trainer GUI\maintenancetool.ini
Filesize
4KB

MD5
58f7f7d8f5e875b0b2c14cf96a2a1911

SHA1
199f9f18a6ed7d5c898ea77ab75f537f451deb68

SHA256
66c82945c5b3002e4eaab575586763bf71631a41cd631bac956c5f42918170a5

SHA512
a800142d4d9d2fc4699b15deb257940698509c37b82570f33b2973aae6051f4c24a831a5a9ede3878a9330a637dd915702dd73357fea84796e6e990ebc8cdeeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\1a7d1f76-d7c6-4a9a-b816-11b61ae94884.tmp
Filesize
272KB

MD5
d1b111759cd50f5efc175d29f79cd806

SHA1
5313b9707114aa78fdcceb6772a6d17c6aa9df5c

SHA256
0ddfe2882269543ccbbbedc726fb83989b804db5fae83e576034b89a6ac57950

SHA512
7e7aaf49f56235eb72a7ffc0fb9af9dbc61dcf296331a53c3cd990cae05a89ba87c2662edcb30a7460eb27a6a623d0d10004debb9d49a011640f1311e951c274

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026
Filesize
64KB

MD5
9ab10d71ba9d5687f36807e669b870d1

SHA1
e156f2cfdda7b5dcca0db32860759e954626e6f1

SHA256
7cdc09376d5fad31e928ac542ed83ed3ddfc5507180e94417b0cf4116b1c15e4

SHA512
c70c189dd7e515c2317a276319668073b8f73151bf7a1e0b6623ce888f590cebc7b7a69fd0b39cf7fb5206166202b6cf9b1baeec9c59ed9b3f926c7d7e13935e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031
Filesize
19KB

MD5
d17d64e55067f5f164aa5dcab0e4eb6d

SHA1
e887b24c99ebf05cef7de818db18f17a82ccc612

SHA256
e010e5a62f6cfc598cbcbe4e0ba9b9f3aded1ae590bcc209cbb15027249cdea0

SHA512
72a77a0f04b05a29d40f9ce9ecc4aee1e74391d2ae632dfe4f192eeae7cb937a16a8dc38c2c0b060daaaf6916f7a32d2de6060aa485d2435583c40527d9496bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
85c9ea1bc268565913516c285d786454

SHA1
d50062ed174ab44ec0861f44e45b03c05644be78

SHA256
eca260f7ceda7744a9d72291f51c495425da519e6a184323c2fc98ea6c9c82e3

SHA512
6b732435824ac42eac07e13b49a39e49450867142b35013530d9cf625b46234086005cb76b8af3c6d4f5d6653cb4d5f0e0e1754199bbdfa6907ed86eb77ba6e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
5KB

MD5
2c59348a55de55b1fb79e7651585f710

SHA1
ba25bebe95f6f9c7a1a45b64d595cc12d24cb226

SHA256
284468ef0bd12c38cba1723155a62615144e471eab53b0029d42ca58639685c1

SHA512
e7a92244e2d7bd4b5e952d2d1a32d9c9af2a8a2a9720cfbd7c11d604f668e3a6c0d7ae9eb1b77c8a7f5605ffa70473b1a56ea7d7961ed9ac2a7b63bfa045197a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
08db19a8eff8ae2bcefe4eca80e102db

SHA1
0bfdda561470ae7926dd91ef12fff30b7d26446d

SHA256
cc3b928b44f86959c85dd2bcd1e566e38a661a4a9360aaafbc1c2e0bd8648b82

SHA512
0ca4899036426de29bb03aeda6e1263d3ba99bf0d74922074806eab6bbde9dcb33689aa6aa9665317cb83f50048b626effb2c80ccb94bb68fe8e36feecc7f84a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
870B

MD5
ed2f16d07ba5aa05d3bc7d0a47d9fc9d

SHA1
5417ebb8d87e6a9d87cd3db0cce1250abd8becdc

SHA256
0b288a48266f57b2ecaf8225a64b3dbe4bde94b78394282a99829b03b9487222

SHA512
93975c7b013e74ddc579a6da097297e4873f6d7f05a8611806a43d8798e02579b6f978033f99548996d75edf7a25d7470d3e3daab5e600071a12d529da3d94fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
369B

MD5
5572cc5b821bfad01f8cf02109d045fc

SHA1
f10f4b1e18e6bae76c02130a38c7525f0195b06c

SHA256
8fa4853c48bd857236a4f7be8b0360ab62b579205a5ee723f145ecffb6819168

SHA512
916981345c1e54c11e141b79ded905a8e43cfb2e3846bc48715c83011f2d0b5e316d207f6bd701d3e5566d469329972cf9b8b0dea8bed2580b6e0894954869b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
f4ba7786d09ca9307f13237cbc002ec7

SHA1
7651b32649c301f94438048c33f6e9e649d04218

SHA256
f3ce01030ea993c772581ca41c8b98d858aed8369644ed1176eefe99d198e20b

SHA512
5a405246362d1f0ba5ae26c1487be97725c52960a27d1267e12931f526e6f054f36b2694cc37cf2c02e9a6e03e9d752091f23db5935ac40199bb792246d0415d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
ebe044b58d185df4f2a7035e55a71051

SHA1
5d59adf7b22ffff6209b57e00234d9371fe387d2

SHA256
5e43404a15d488850b45301e2a353d59fa65fa17feb6071aac7ac14dd4b3504e

SHA512
50881afdb5d41d5bba71d168fdae174ab89a58ca40696980aad2003f620948735d5b2ea246faf3e56009657120bf9aae197860d6c9906dd3929c45cfc7c7355c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
416b2a5b442db3ca1e60862f06909c30

SHA1
7400454313fa9ccb38c530cef68196c14d7bec03

SHA256
e9570af6fb04e4c72fa3ceb33dad5631ed6930d72791749921a9d470db878da5

SHA512
7a1a2ac035d9ac7d5e2a29009df36e756342070fa390a38770248b109f0d666c98aac065ead922155f44f645008701bf65727b988fa56020623aa722616ff688

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
178b7e30bcec8bfbb38a7d883ec1c0b2

SHA1
ffbfb6b0d2c2790ad931442a5abdc99be7f0a52b

SHA256
b7b0a1ab6397ef549c24d273f3dc7eb5ea849171ede65741c84e251cb8b1cdd3

SHA512
a53b7e977cb0a4a38d29c5337c49384ead4b4eb19394d28a2d28abf6ebb07bbee444a74cbca570d16cc45202ef0d8dc8355b045b34911882205815d890157808

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
ccbf1f3528df34cfbf21b03db6ef7f8b

SHA1
4a65ab6879e3657a525be65c7ffccdc1a2c06244

SHA256
126e0aa8b51b4c8c9ef43e804a77fe459bc4925122fb1792da0a1827f761b844

SHA512
e5cac80a48fd64fedead064245af125dc16abadf8e205e9e587cc38ed4c698aaf6a4fd07de4821525a81f3d38bc92eaa8e62573345cc8852dacde6445f7568a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
54c52524f0a1b3de6196a91ea5f1c367

SHA1
6cee61f442fd136ed8642e202eb81fa54457a6ec

SHA256
7a56198ad6759a6a8c80a293a651b3e60e783a87fc8e275fb3f799fd254eab5b

SHA512
efb51e820cb7bf4848b877415495b68b8c579121ada28a26abe3821aeb37faf3fc5b662facfbcc299d645405729c20bbb2b402370ae0c79886428ab4a54fa0fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
12KB

MD5
24277732a2c009fc2cec3cce85b27f90

SHA1
169624840ce03774f6c6cab9aab61e0679f585c6

SHA256
dea334a4bf42712158e21342d9f6732d7fb0565e5597acd48cecdd1b6547adda

SHA512
85e65d9b6d1b408e4c8555f9d37f621fd5cc90495f5d4261c5a85d4c6cbf1336ebb4a7e3bf00bebce6f3b7a1ad9d473064fb55ae6f3e53f47f57300ce35f380a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
272KB

MD5
661584beb1b7e99cef6be7d8a6f70592

SHA1
3f62b23553ecbe638cb76ecf97a442b2637249df

SHA256
2c38ba2bf0d66c503268e29531909cb2480b15c0ef3a09f68d62b5e337b9b5e6

SHA512
ce88599bf70e0afc110865d78e639aaf16053be2a40d047ba2377b6ce4eeecabe5ff20977fdb6cc1a796d072a989c870c2b7eecc6cd5988b82836cd087c097f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
272KB

MD5
b6a9b86f660b98267a78267929fc8f62

SHA1
a9598f7610cb58a934449abb5392871af9835c9e

SHA256
8edcd9fc32a49f46d24068845069ee3bd3c65153045f16ef93dfb3e386fe8b77

SHA512
9e5dd6ed6676fb10ea0175419f9dd7b86d0d8cd132b0f7a997fe181d6b98597cca8231c07705c3425607e9ff3c26481f3b87a6b37431004e5c3da7901a718a7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
107KB

MD5
4cc031ece1c7574a289be278defdaa0f

SHA1
e48bf85a3d6650e0658468d557d3f1fd99019cdb

SHA256
7b6f658f8f79e64eb385898dee4273ed829ad69e23ee65909cc517f754b30da7

SHA512
8aee9f6319c6eec19c28d4ec9f12b1f1998f6dae23fb6ac94e809084e03cc00d93722d9b5cc51aebe00e845807b3c71fd15a3f05ae331a24b00b1859a9c711fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
99KB

MD5
e699db87c78288e23bb2531a0afcd4e3

SHA1
e7730e1249e536de733965e17b830b37bcd0fb4e

SHA256
235ca07358bfdce50944797e97d1611370368ca469b809e80f92ddfb3c001ca5

SHA512
18136cb5cb1b3a8a9680ac5340d4892effe577683ee09f157048e59a8f1fe678315e4371bdf29320a838b878c4eca3230d18092b92f4fadce40e82f4293d6280

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
113KB

MD5
7816a752c9addef34dd99b19edc29305

SHA1
0161e009a717576ac7223f021dc51c27d93d9e64

SHA256
a7abad1a2d02b648503586494aa08bdd7682b98ff8fc96d0cd36a46a3c496edd

SHA512
41b93a0d1f945893005ee9437f1ae8c4a8ff6d7281e861103e0774bd1c9cf152e25978fd7524a20731ef74fdddf14237707b7ef3bd6001a8ccc312c257c52cd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58e0c6.TMP
Filesize
92KB

MD5
b18d0cce68022c271d5230e16d3c489b

SHA1
21261e3ce22f5c44094500492593fd10d530071e

SHA256
5707c3e7efee577b62c25622966416da04ae3e5b89dbc9bfdf90eb324a9ba1f3

SHA512
c4e3e87df8a05bd8c603619b9719a30cc7ff754b0792957f5e10b0964e39175c64474412edc235a652d3c64b21d213f85c794480adf094f6ce1e4123af55513b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\deferredrenameLi2108.vbs
Filesize
398B

MD5
dd2e28140ed6016014054dcd6bad3527

SHA1
738a5d1a3608f98c2f16524c922b868a95cf9b8b

SHA256
e499ee0bad74d4b22a13cf6159cbb7ed70e6a263cf1d45839ef47856c02fd968

SHA512
71923bf1e0ad68c155c22d7be720736ec0e508a20e11c9384ba1b93b11b9ae29947f5d3df0a503a4d4dbb2880963f1fed3f11fe1505f4a37c8bcaaeb3fa11f1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\deferredrenameyO2108.vbs
Filesize
398B

MD5
a2af04f1bc88cdcb4b1c21fb10e6d7c8

SHA1
202839748acb113ee8f3729cc918a023f65660f5

SHA256
bb113951df58c1230e26d9b977c1c381da2b2a17264d7f8e4cda12bbb9a86431

SHA512
12693764f74bfa3fb7dcd16557e2a1dfe1945bf8d1d6d4c58443e5ed2506b5c538d22cfce471ee1c2b07df35ca5e093b4e97bcfc8d45dcccb321db2fb54eb533

Download Submit
C:\Users\Admin\Downloads\CascadeTrainerGUI_3.3.1_x64_Setup.exe
Filesize
45.3MB

MD5
8505e4fdfafac0106b60564de0e3a923

SHA1
fde457a555980eb56318bc4b3ad1ed5da1cd1d3f

SHA256
8fbb832e123ac73ab4a7346db797a0e972ccb75c15fd5588e336543ce5a3bda0

SHA512
16d59ce4bca522f386e81316acac2947eb22d71982a0e83fed9de5ae77ca8285148f58beb4a6f680598c3f05033f29bdb4ef56322eda494abaed904f75f97a6c

Download Submit
\??\pipe\crashpad_4052_MFLPIQPCOMEIUUYV
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\Program Files\Cascade Trainer GUI\Qt5Core.dll
Filesize
5.5MB

MD5
3b4179d7b6eb68dd9d39233ccc0f9c48

SHA1
f4b59983871e66f98799bd33abfe67e018f2c4ee

SHA256
1df00b2ca7e3a1bdd526282d23efb9cee327d6a3654570bd7966eb33f7e54a73

SHA512
f0077e8848e1bac803ba481b30673abddeceaf18e03fc5d794c43d1b156e3560fe44697b3da6e9fe342db3ee4742e0ce6a1e256dffae1ec41dc2c499fe58a86a

Download Submit
\Program Files\Cascade Trainer GUI\Qt5Gui.dll
Filesize
5.8MB

MD5
5c41c365aa919022b3692708f0fb6f9c

SHA1
5fd34b2d3121fb19e6aa0fbdad64ff51ccc87e54

SHA256
98f948e0307027a64048b7dfa0ce02aa40f2a025f1b5c8e6c59f3bb996142c3f

SHA512
91cab08c9d84477671ed24620098c8789cb0cc57a2e9f14b84f3e5500e195c7b6bc25c0acbe12265f344d734998796b3d8b4ff7486355a49c163f8017418ed6c

Download Submit
\Program Files\Cascade Trainer GUI\Qt5Svg.dll
Filesize
321KB

MD5
00abecd0143498a1026d4a1f1f03c38b

SHA1
4b75483e6556bbe73aa88017a47fdb617b89f233

SHA256
4d36b17cacfea9a7117eb5452e84f2cee617c2da9f9347aa70d76d8bca54e8c9

SHA512
f3c96f8c10274524f6c06e6c6d6b92baab38b2d0f1ac6945af0ea043bbb2afec9ce6b141d2f1b489d9bac17e8c35e193188d719bfd3d49458bfa5974a693965b

Download Submit
\Program Files\Cascade Trainer GUI\Qt5Widgets.dll
Filesize
5.3MB

MD5
5cc51ec3321156834a18980f533591f5

SHA1
056d25c4ebc9861f15eaeaf09550695051edcbaf

SHA256
83c4b80cd187650eb9091ef392ef7e84f7aa10790bbe0c5a790df3569410421e

SHA512
9b2766484c7e9a78b28dea7166ef4117fbafe3f206f0be0df9582ae0b9df9abf7314133d0fd8f9846b489e0535e75079b77d7228cd929fdafb3af518071fa45d

Download Submit
\Program Files\Cascade Trainer GUI\imageformats\qgif.dll
Filesize
32KB

MD5
51da21626c4fcef364c09d3aa517ab62

SHA1
23d0ec1b5cd542089cd203e23602636990496f46

SHA256
e0c3fe4eda565c021ac8e37783df3e62218f6bd7d1dcdc5156bc9e9666aba59d

SHA512
45481293c5ba3bc42de3ec345b054bbcc20571ceca017dd00e47036667d5f96ae43fd0263c221e61e1f357d27bfd22991ed4e0f1c07a42c43810b520e9e8b835

Download Submit
\Program Files\Cascade Trainer GUI\imageformats\qicns.dll
Filesize
39KB

MD5
c5c71b44fc09a2ba73820f11912f7e21

SHA1
2a6053fb9ad0d69be8d388f742ed500a4810df97

SHA256
e185775b6a6af69b2a4d546110e1480cd06a3b5f256f8b6c9bef650dd811d282

SHA512
e03c59a6e733f8ca0f3b686bb921f751319f360baac850e89df09699ac7ef14f6a0e4f2ca7fe7001efee0aaaa8b9dd438406195cdf3e61b559669ae20cc3a75f

Download Submit
\Program Files\Cascade Trainer GUI\imageformats\qico.dll
Filesize
34KB

MD5
659b0881d64d02ad0be717529aabab12

SHA1
0bda59a6062d969c7fa1bfb059bb899732b0813d

SHA256
ad64a9ce17c13b7e010849e790ef7c69b9816fb88aed32fbebcdc0ddfb09df89

SHA512
7d25229d8f5a9bf650176e7017641fcf6147a65d998ac7d47d385ec9799385cc2582132d43c7d302303cd3af58d948c6ad26f15d7fe8386e0d7f3e5eb7f060a4

Download Submit
\Program Files\Cascade Trainer GUI\imageformats\qjpeg.dll
Filesize
232KB

MD5
f3c9ba9b016a84fa0f8f7769b61fd68f

SHA1
d9b86e0175df8b5e673cc866fbf82b7412f857dd

SHA256
4b681bd19be568a4e45b00b6f55d597dfc7c8997f7bea68fc21c0d148f125d19

SHA512
692a7cc96280f4e5b151bea6cd71466cdfd264bf4725b5573e6c510c7157980b180175a46d911ba87afe8c834c598417eee9a8ebc5a759186060f8d8cf0ca693

Download Submit
\Program Files\Cascade Trainer GUI\opencv_world320.dll
Filesize
40.3MB

MD5
66651fe6997097c600b1537909adfa52

SHA1
153050da13319b86a4e7da52c7aea4b68a5bc222

SHA256
8e96de7be32b20940eccad6ddc24b607888289ae0946db41da0fda85382fbbbe

SHA512
03f7580ca2320cba93b36f6673df86db69c5c533ea5ffc892cff78ac85733086427bae559ea1d9b043ae0716f745e0f07ff9d850a4cd894c161a5021c1b3f85c

Download Submit
\Program Files\Cascade Trainer GUI\platforms\qwindows.dll
Filesize
1.3MB

MD5
2f6dd640c97a20e7e65a5648a6bc42a0

SHA1
76e2516950c283154ec291d373422a6cb65f3221

SHA256
8589eefb76b04b48f212cb92fb2e69ca64ddb71f33456e4b6ce97214f9889465

SHA512
8aa9a134560832554a59f77a5a24655681aab7695abfabd11fcd895f60e8b577affef4e44c0e903828e7a952c8bc66d3295140ac0669d15d1ecf8bbe7b1187e4

Download Submit
\Program Files\Cascade Trainer GUI\tbb.dll
Filesize
255KB

MD5
566c762defc19a9b17bc71c11e346199

SHA1
9a10f9a6a1b9d09c784882f63e352e0b9fa3b252

SHA256
8e0f6b10d288356f1e34bd99dff0a0610eb28f5fd1227790a564bc3a23207184

SHA512
848b8d104b31dc864a581cf7606d8ed907bee3f6c5e5f3fe64f920cd87bc8a06d51345db35d5efd868aed4dcb821a09e00e676fb5f2900a6937e4cbf99901c34

Download Submit
memory/2108-557-0x0000000005C50000-0x0000000005C51000-memory.dmp

Filesize
4KB

Download
memory/2108-646-0x0000000005C90000-0x0000000005C91000-memory.dmp

Filesize
4KB

Download
memory/2108-508-0x0000000005C40000-0x0000000005C41000-memory.dmp

Filesize
4KB

Download
memory/2108-507-0x0000000005C50000-0x0000000005C51000-memory.dmp

Filesize
4KB

Download
memory/2108-510-0x0000000005C40000-0x0000000005C41000-memory.dmp

Filesize
4KB

Download
memory/2108-509-0x0000000005C40000-0x0000000005C41000-memory.dmp

Filesize
4KB

Download
memory/2108-512-0x0000000005C40000-0x0000000005C41000-memory.dmp

Filesize
4KB

Download
memory/2108-511-0x0000000005C40000-0x0000000005C41000-memory.dmp

Filesize
4KB

Download
memory/2108-519-0x0000000005C60000-0x0000000005C61000-memory.dmp

Filesize
4KB

Download
memory/2108-521-0x0000000005C60000-0x0000000005C61000-memory.dmp

Filesize
4KB

Download
memory/2108-518-0x0000000005C60000-0x0000000005C61000-memory.dmp

Filesize
4KB

Download
memory/2108-517-0x0000000005C60000-0x0000000005C61000-memory.dmp

Filesize
4KB

Download
memory/2108-516-0x0000000005C60000-0x0000000005C61000-memory.dmp

Filesize
4KB

Download
memory/2108-515-0x0000000005C40000-0x0000000005C41000-memory.dmp

Filesize
4KB

Download
memory/2108-514-0x0000000005C40000-0x0000000005C41000-memory.dmp

Filesize
4KB

Download
memory/2108-513-0x0000000005C40000-0x0000000005C41000-memory.dmp

Filesize
4KB

Download
memory/2108-506-0x0000000005C50000-0x0000000005C51000-memory.dmp

Filesize
4KB

Download
memory/2108-505-0x0000000005C50000-0x0000000005C51000-memory.dmp

Filesize
4KB

Download
memory/2108-504-0x0000000005C50000-0x0000000005C51000-memory.dmp

Filesize
4KB

Download
memory/2108-503-0x0000000005C50000-0x0000000005C51000-memory.dmp

Filesize
4KB

Download
memory/2108-502-0x0000000005C50000-0x0000000005C51000-memory.dmp

Filesize
4KB

Download
memory/2108-501-0x0000000005C50000-0x0000000005C51000-memory.dmp

Filesize
4KB

Download
memory/2108-500-0x0000000005C50000-0x0000000005C51000-memory.dmp

Filesize
4KB

Download
memory/2108-523-0x0000000005C60000-0x0000000005C61000-memory.dmp

Filesize
4KB

Download
memory/2108-525-0x0000000005C60000-0x0000000005C61000-memory.dmp

Filesize
4KB

Download
memory/2108-527-0x0000000005C60000-0x0000000005C61000-memory.dmp

Filesize
4KB

Download
memory/2108-526-0x0000000005C60000-0x0000000005C61000-memory.dmp

Filesize
4KB

Download
memory/2108-529-0x0000000005C60000-0x0000000005C61000-memory.dmp

Filesize
4KB

Download
memory/2108-531-0x0000000005C60000-0x0000000005C61000-memory.dmp

Filesize
4KB

Download
memory/2108-533-0x0000000005C50000-0x0000000005C51000-memory.dmp

Filesize
4KB

Download
memory/2108-532-0x0000000005C60000-0x0000000005C61000-memory.dmp

Filesize
4KB

Download
memory/2108-534-0x0000000005C50000-0x0000000005C51000-memory.dmp

Filesize
4KB

Download
memory/2108-559-0x0000000005C70000-0x0000000005C71000-memory.dmp

Filesize
4KB

Download
memory/2108-499-0x0000000005C50000-0x0000000005C51000-memory.dmp

Filesize
4KB

Download
memory/2108-561-0x0000000005C80000-0x0000000005C81000-memory.dmp

Filesize
4KB

Download
memory/2108-563-0x0000000005C80000-0x0000000005C81000-memory.dmp

Filesize
4KB

Download
memory/2108-565-0x0000000005C80000-0x0000000005C81000-memory.dmp

Filesize
4KB

Download
memory/2108-567-0x0000000005C80000-0x0000000005C81000-memory.dmp

Filesize
4KB

Download
memory/2108-571-0x0000000005C80000-0x0000000005C81000-memory.dmp

Filesize
4KB

Download
memory/2108-573-0x0000000005C80000-0x0000000005C81000-memory.dmp

Filesize
4KB

Download
memory/2108-578-0x0000000005C80000-0x0000000005C81000-memory.dmp

Filesize
4KB

Download
memory/2108-581-0x0000000005C90000-0x0000000005C91000-memory.dmp

Filesize
4KB

Download
memory/2108-584-0x0000000005C90000-0x0000000005C91000-memory.dmp

Filesize
4KB

Download
memory/2108-589-0x0000000005C60000-0x0000000005C61000-memory.dmp

Filesize
4KB

Download
memory/2108-591-0x0000000005C60000-0x0000000005C61000-memory.dmp

Filesize
4KB

Download
memory/2108-593-0x0000000005CA0000-0x0000000005CA1000-memory.dmp

Filesize
4KB

Download
memory/2108-600-0x0000000005CA0000-0x0000000005CA1000-memory.dmp

Filesize
4KB

Download
memory/2108-602-0x0000000005CA0000-0x0000000005CA1000-memory.dmp

Filesize
4KB

Download
memory/2108-598-0x0000000005CA0000-0x0000000005CA1000-memory.dmp

Filesize
4KB

Download
memory/2108-606-0x0000000005CA0000-0x0000000005CA1000-memory.dmp

Filesize
4KB

Download
memory/2108-608-0x0000000005CA0000-0x0000000005CA1000-memory.dmp

Filesize
4KB

Download
memory/2108-611-0x0000000005CA0000-0x0000000005CA1000-memory.dmp

Filesize
4KB

Download
memory/2108-636-0x0000000005CA0000-0x0000000005CA1000-memory.dmp

Filesize
4KB

Download
memory/2108-638-0x0000000005CB0000-0x0000000005CB1000-memory.dmp

Filesize
4KB

Download
memory/2108-639-0x0000000005CC0000-0x0000000005CC1000-memory.dmp

Filesize
4KB

Download
memory/2108-642-0x0000000005C90000-0x0000000005C91000-memory.dmp

Filesize
4KB

Download
memory/2108-644-0x0000000005C90000-0x0000000005C91000-memory.dmp

Filesize
4KB

Download
memory/2108-498-0x0000000005C50000-0x0000000005C51000-memory.dmp

Filesize
4KB

Download
memory/2108-648-0x0000000005C90000-0x0000000005C91000-memory.dmp

Filesize
4KB

Download
memory/2108-651-0x0000000005C90000-0x0000000005C91000-memory.dmp

Filesize
4KB

Download
memory/2108-657-0x0000000005CD0000-0x0000000005CD1000-memory.dmp

Filesize
4KB

Download
memory/2108-655-0x0000000005C90000-0x0000000005C91000-memory.dmp

Filesize
4KB

Download
memory/2108-663-0x0000000005CD0000-0x0000000005CD1000-memory.dmp

Filesize
4KB

Download
memory/2108-667-0x0000000005CD0000-0x0000000005CD1000-memory.dmp

Filesize
4KB

Download
memory/2108-665-0x0000000005CD0000-0x0000000005CD1000-memory.dmp

Filesize
4KB

Download
memory/2108-669-0x0000000005CD0000-0x0000000005CD1000-memory.dmp

Filesize
4KB

Download
memory/2108-684-0x0000000005CD0000-0x0000000005CD1000-memory.dmp

Filesize
4KB

Download
memory/2108-686-0x0000000005CE0000-0x0000000005CE1000-memory.dmp

Filesize
4KB

Download
memory/2108-690-0x0000000005CE0000-0x0000000005CE1000-memory.dmp

Filesize
4KB

Download
memory/2108-694-0x0000000005CE0000-0x0000000005CE1000-memory.dmp

Filesize
4KB

Download
memory/2108-727-0x0000000005CF0000-0x0000000005CF1000-memory.dmp

Filesize
4KB

Download
memory/2108-729-0x0000000005CC0000-0x0000000005CC1000-memory.dmp

Filesize
4KB

Download
memory/2108-730-0x0000000005D00000-0x0000000005D01000-memory.dmp

Filesize
4KB

Download
memory/2108-732-0x0000000005D00000-0x0000000005D01000-memory.dmp

Filesize
4KB

Download
memory/2108-736-0x0000000005D00000-0x0000000005D01000-memory.dmp

Filesize
4KB

Download
memory/2108-734-0x0000000005D00000-0x0000000005D01000-memory.dmp

Filesize
4KB

Download
memory/2108-741-0x0000000005D10000-0x0000000005D11000-memory.dmp

Filesize
4KB

Download
memory/2108-743-0x0000000005D10000-0x0000000005D11000-memory.dmp

Filesize
4KB

Download
memory/2108-748-0x0000000005D10000-0x0000000005D11000-memory.dmp

Filesize
4KB

Download
memory/2108-750-0x0000000005D10000-0x0000000005D11000-memory.dmp

Filesize
4KB

Download
memory/2108-756-0x0000000005D10000-0x0000000005D11000-memory.dmp

Filesize
4KB

Download
memory/2108-758-0x0000000005D10000-0x0000000005D11000-memory.dmp

Filesize
4KB

Download
memory/2108-768-0x0000000005D20000-0x0000000005D21000-memory.dmp

Filesize
4KB

Download
memory/2108-766-0x0000000005D20000-0x0000000005D21000-memory.dmp

Filesize
4KB

Download
memory/2108-776-0x0000000005CF0000-0x0000000005CF1000-memory.dmp

Filesize
4KB

Download
memory/2108-780-0x0000000005CF0000-0x0000000005CF1000-memory.dmp

Filesize
4KB

Download
memory/2108-778-0x0000000005CF0000-0x0000000005CF1000-memory.dmp

Filesize
4KB

Download
memory/2108-787-0x0000000005D20000-0x0000000005D21000-memory.dmp

Filesize
4KB

Download
memory/2108-497-0x0000000005C50000-0x0000000005C51000-memory.dmp

Filesize
4KB

Download
memory/2108-489-0x0000000005370000-0x0000000005371000-memory.dmp

Filesize
4KB

Download
memory/2108-490-0x0000000005370000-0x0000000005371000-memory.dmp

Filesize
4KB

Download
memory/2108-491-0x0000000005370000-0x0000000005371000-memory.dmp

Filesize
4KB

Download
memory/2108-492-0x0000000005370000-0x0000000005371000-memory.dmp

Filesize
4KB

Download
memory/2108-496-0x0000000005C50000-0x0000000005C51000-memory.dmp

Filesize
4KB

Download
memory/2108-493-0x0000000005370000-0x0000000005371000-memory.dmp

Filesize
4KB

Download
memory/2108-494-0x0000000005370000-0x0000000005371000-memory.dmp

Filesize
4KB

Download
memory/2108-495-0x0000000005370000-0x0000000005371000-memory.dmp

Filesize
4KB

Download
memory/2108-481-0x0000000005C40000-0x0000000005C41000-memory.dmp

Filesize
4KB

Download
memory/2108-483-0x0000000005C40000-0x0000000005C41000-memory.dmp

Filesize
4KB

Download
memory/2108-487-0x0000000005C40000-0x0000000005C41000-memory.dmp

Filesize
4KB

Download
memory/2108-488-0x0000000005370000-0x0000000005371000-memory.dmp

Filesize
4KB

Download
memory/2108-484-0x0000000005C40000-0x0000000005C41000-memory.dmp

Filesize
4KB

Download
memory/2108-485-0x0000000005C40000-0x0000000005C41000-memory.dmp

Filesize
4KB

Download
memory/2108-482-0x0000000005C40000-0x0000000005C41000-memory.dmp

Filesize
4KB

Download
memory/2108-480-0x0000000005C40000-0x0000000005C41000-memory.dmp

Filesize
4KB

Download
memory/2108-479-0x0000000005C40000-0x0000000005C41000-memory.dmp

Filesize
4KB

Download
memory/2108-475-0x0000000005370000-0x0000000005371000-memory.dmp

Filesize
4KB

Download
memory/2108-474-0x0000000005370000-0x0000000005371000-memory.dmp

Filesize
4KB

Download
memory/2108-472-0x0000000005370000-0x0000000005371000-memory.dmp

Filesize
4KB

Download
memory/2108-470-0x0000000005370000-0x0000000005371000-memory.dmp

Filesize
4KB

Download
memory/2108-469-0x0000000005370000-0x0000000005371000-memory.dmp

Filesize
4KB

Download
memory/2108-468-0x0000000005370000-0x0000000005371000-memory.dmp

Filesize
4KB

Download
memory/2108-466-0x0000000005370000-0x0000000005371000-memory.dmp

Filesize
4KB

Download
memory/2108-465-0x0000000005370000-0x0000000005371000-memory.dmp

Filesize
4KB

Download
memory/2108-464-0x00000000052E0000-0x00000000052E1000-memory.dmp

Filesize
4KB

Download
memory/2108-462-0x0000000004AA0000-0x00000000052A0000-memory.dmp

Filesize
8.0MB

Download