14c4da526aa0f4dda5f38f95752cf355b329ecf052d2e0cf2b5f5ce39760f436

Analysis

max time kernel
2700s
max time network
2655s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
26-04-2024 05:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ff8622cb-1a90-4803-b6ad-a0df680db36b.png
Size

93KB
MD5

4931631716d779d369d04e14fd9d3af4
SHA1

154be452c16e47a35a4f10ec6883d00621328cfd
SHA256

14c4da526aa0f4dda5f38f95752cf355b329ecf052d2e0cf2b5f5ce39760f436
SHA512

3cc25050f0445a83a94502d70c749621be596574ae1ea28cddd60f8b41b27e99c4d55fe0471ee281e611e696b9a57c9d7b2490a14d11784bd4b54279f45a115a
SSDEEP

1536:vNv7OFwv4nZdGnP7ylyEC5Copn4sJ8I7HoYhHO3vAsfn/2+sUx9htW4W6V9gDBmh:vdJS/m7NNfd8IM0H8n/2B0UyKAcFcr5

Score

7^/10

discovery link pdf

Malware Config

Signatures

Checks BIOS information in registry 2 TTPs 1 IoCs
BIOS information is often read in order to detect sandboxing environments.

Query Registry
T1012

System Information Discovery
T1082

Processes:

BeadTool4.exe

description ioc process

Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion BeadTool4.exe
Executes dropped EXE 3 IoCs

Processes:

BeadTool4925.exeBeadTool4925.tmpBeadTool4.exe

pid process

1856 BeadTool4925.exe
988 BeadTool4925.tmp
2516 BeadTool4.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	BeadTool4.exe

pid	process
1856	BeadTool4925.exe
988	BeadTool4925.tmp
2516	BeadTool4.exe

Loads dropped DLL 17 IoCs

Processes:

BeadTool4.exe

pid	process
2516	BeadTool4.exe
2516	BeadTool4.exe
2516	BeadTool4.exe
2516	BeadTool4.exe
2516	BeadTool4.exe
2516	BeadTool4.exe
2516	BeadTool4.exe
2516	BeadTool4.exe
2516	BeadTool4.exe
2516	BeadTool4.exe
2516	BeadTool4.exe
2516	BeadTool4.exe
2516	BeadTool4.exe
2516	BeadTool4.exe
2516	BeadTool4.exe
2516	BeadTool4.exe
2516	BeadTool4.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 38 IoCs

Processes:

BeadTool4925.tmp

description	ioc	process
File opened for modification	C:\Program Files (x86)\BeadTool4\BeadTool4 Libs\Internet Encodings.dll	BeadTool4925.tmp
File created	C:\Program Files (x86)\BeadTool4\is-A9TQB.tmp	BeadTool4925.tmp
File created	C:\Program Files (x86)\BeadTool4\is-4AFJT.tmp	BeadTool4925.tmp
File created	C:\Program Files (x86)\BeadTool4\Language\is-MMQ4R.tmp	BeadTool4925.tmp
File created	C:\Program Files (x86)\BeadTool4\is-1HDP3.tmp	BeadTool4925.tmp
File opened for modification	C:\Program Files (x86)\BeadTool4\BeadTool4.exe	BeadTool4925.tmp
File opened for modification	C:\Program Files (x86)\BeadTool4\BeadTool4 Libs\RegEx.dll	BeadTool4925.tmp
File created	C:\Program Files (x86)\BeadTool4\BeadTool4 Libs\is-TKKQC.tmp	BeadTool4925.tmp
File created	C:\Program Files (x86)\BeadTool4\Language\is-8LC3M.tmp	BeadTool4925.tmp
File opened for modification	C:\Program Files (x86)\BeadTool4\libhpdf.dll	BeadTool4925.tmp
File created	C:\Program Files (x86)\BeadTool4\is-7T99D.tmp	BeadTool4925.tmp
File created	C:\Program Files (x86)\BeadTool4\BeadTool4 Libs\is-EMTBR.tmp	BeadTool4925.tmp
File created	C:\Program Files (x86)\BeadTool4\is-KL0AJ.tmp	BeadTool4925.tmp
File opened for modification	C:\Program Files (x86)\BeadTool4\BeadTool4 Libs\Shell.dll	BeadTool4925.tmp
File created	C:\Program Files (x86)\BeadTool4\is-UCCBP.tmp	BeadTool4925.tmp
File created	C:\Program Files (x86)\BeadTool4\is-SHO4O.tmp	BeadTool4925.tmp
File created	C:\Program Files (x86)\BeadTool4\BeadTool4 Libs\is-0UTFC.tmp	BeadTool4925.tmp
File created	C:\Program Files (x86)\BeadTool4\is-OO41U.tmp	BeadTool4925.tmp
File created	C:\Program Files (x86)\BeadTool4\Language\is-4BCA7.tmp	BeadTool4925.tmp
File opened for modification	C:\Program Files (x86)\BeadTool4\BeadTool4 Libs\SSLSocket.dll	BeadTool4925.tmp
File opened for modification	C:\Program Files (x86)\BeadTool4\BeadTool4 Libs\XML.dll	BeadTool4925.tmp
File created	C:\Program Files (x86)\BeadTool4\is-TD462.tmp	BeadTool4925.tmp
File created	C:\Program Files (x86)\BeadTool4\is-M8KSA.tmp	BeadTool4925.tmp
File created	C:\Program Files (x86)\BeadTool4\BeadTool4 Libs\is-HKN68.tmp	BeadTool4925.tmp
File created	C:\Program Files (x86)\BeadTool4\BeadTool4 Libs\is-SI0FV.tmp	BeadTool4925.tmp
File opened for modification	C:\Program Files (x86)\BeadTool4\BeadTool4 Libs\Appearance Pak.dll	BeadTool4925.tmp
File opened for modification	C:\Program Files (x86)\BeadTool4\zlib1.dll	BeadTool4925.tmp
File created	C:\Program Files (x86)\BeadTool4\unins000.dat	BeadTool4925.tmp
File created	C:\Program Files (x86)\BeadTool4\unins000.msg	BeadTool4925.tmp
File opened for modification	C:\Program Files (x86)\BeadTool4\BeadTool4 Libs\MD5.dll	BeadTool4925.tmp
File opened for modification	C:\Program Files (x86)\BeadTool4\BeadTool4 Libs\REALSQLDatabase.dll	BeadTool4925.tmp
File created	C:\Program Files (x86)\BeadTool4\BeadTool4 Libs\is-O73FJ.tmp	BeadTool4925.tmp
File created	C:\Program Files (x86)\BeadTool4\is-848LE.tmp	BeadTool4925.tmp
File created	C:\Program Files (x86)\BeadTool4\Language\is-UKNSI.tmp	BeadTool4925.tmp
File opened for modification	C:\Program Files (x86)\BeadTool4\BeadTool4.url	BeadTool4925.tmp
File created	C:\Program Files (x86)\BeadTool4\BeadTool4 Libs\is-H6MGR.tmp	BeadTool4925.tmp
File created	C:\Program Files (x86)\BeadTool4\BeadTool4 Libs\is-7KEBD.tmp	BeadTool4925.tmp
File opened for modification	C:\Program Files (x86)\BeadTool4\unins000.dat	BeadTool4925.tmp

HTTP links in PDF interactive object 1 IoCs

Detects HTTP links in interactive objects within PDF files.

pdf link

Processes:

resource	yara_rule
C:\Program Files (x86)\BeadTool4\BeadTool4.pdf	pdf_with_link_action

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133585826394253854"	chrome.exe

Modifies registry class 40 IoCs

Processes:

BeadTool4925.tmp

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.btp	BeadTool4925.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BeadTool.Pattern\ = "BeadTool Pattern"	BeadTool4925.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.btc	BeadTool4925.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BeadTool.Palette\shell\open	BeadTool4925.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.bta\ = "BeadTool.Addon"	BeadTool4925.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BeadTool.Addon\DefaultIcon\ = "C:\\Program Files (x86)\\BeadTool4\\bta.ico"	BeadTool4925.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BeadTool.Addon\shell	BeadTool4925.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BeadTool.Pattern	BeadTool4925.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BeadTool.Pattern\DefaultIcon	BeadTool4925.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BeadTool.Pattern\shell\open\command	BeadTool4925.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BeadTool.Palette\DefaultIcon	BeadTool4925.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BeadTool.Palette\shell	BeadTool4925.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BeadTool.Layout\DefaultIcon	BeadTool4925.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BeadTool.Pattern\shell\open\command\ = "\"C:\\Program Files (x86)\\BeadTool4\\BeadTool4.exe\" \"%1\""	BeadTool4925.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BeadTool.Palette\shell\open\command\ = "\"C:\\Program Files (x86)\\BeadTool4\\BeadTool4.exe\" \"%1\""	BeadTool4925.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.btl	BeadTool4925.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BeadTool.Layout\shell\open\command	BeadTool4925.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BeadTool.Layout\shell\open	BeadTool4925.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BeadTool.Layout\shell\open\command\ = "\"C:\\Program Files (x86)\\BeadTool4\\BeadTool4.exe\" \"%1\""	BeadTool4925.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BeadTool.Addon\DefaultIcon	BeadTool4925.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BeadTool.Pattern\DefaultIcon\ = "C:\\Program Files (x86)\\BeadTool4\\btp.ico"	BeadTool4925.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BeadTool.Palette	BeadTool4925.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BeadTool.Palette\shell\open\command	BeadTool4925.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BeadTool.Layout\ = "BeadTool Layout"	BeadTool4925.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BeadTool.Layout\shell	BeadTool4925.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BeadTool.Palette\DefaultIcon\ = "C:\\Program Files (x86)\\BeadTool4\\btc.ico"	BeadTool4925.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.btc\ = "BeadTool.Palette"	BeadTool4925.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BeadTool.Palette\ = "BeadTool Palette"	BeadTool4925.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.btl\ = "BeadTool.Layout"	BeadTool4925.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BeadTool.Addon\ = "BeadTool Addon"	BeadTool4925.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BeadTool.Addon\shell\open	BeadTool4925.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BeadTool.Addon\shell\open\command\ = "\"C:\\Program Files (x86)\\BeadTool4\\BeadTool4.exe\" \"%1\""	BeadTool4925.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BeadTool.Pattern\shell\open	BeadTool4925.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.btp\ = "BeadTool.Pattern"	BeadTool4925.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BeadTool.Pattern\shell	BeadTool4925.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BeadTool.Layout	BeadTool4925.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BeadTool.Layout\DefaultIcon\ = "C:\\Program Files (x86)\\BeadTool4\\btl.ico"	BeadTool4925.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.bta	BeadTool4925.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BeadTool.Addon	BeadTool4925.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BeadTool.Addon\shell\open\command	BeadTool4925.tmp

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exeBeadTool4925.tmpchrome.exe

pid process

4576 chrome.exe
4576 chrome.exe
988 BeadTool4925.tmp
988 BeadTool4925.tmp
4376 chrome.exe
4376 chrome.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

BeadTool4.exe

pid process

2516 BeadTool4.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

chrome.exe

pid process

4576 chrome.exe
4576 chrome.exe
4576 chrome.exe
4576 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exe

pid	process
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4576 wrote to memory of 4256	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 4256	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3656	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3656	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3656	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3656	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3656	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3656	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3656	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3656	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3656	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3656	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3656	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3656	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3656	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3656	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3656	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3656	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3656	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3656	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3656	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3656	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3656	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3656	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3656	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3656	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3656	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3656	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3656	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3656	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3656	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3656	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3656	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3656	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3656	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3656	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3656	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3656	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3656	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3656	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 2928	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 2928	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 744	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 744	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 744	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 744	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 744	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 744	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 744	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 744	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 744	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 744	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 744	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 744	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 744	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 744	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 744	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 744	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 744	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 744	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 744	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 744	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 744	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 744	4576	chrome.exe	chrome.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\ff8622cb-1a90-4803-b6ad-a0df680db36b.png
1⤵
PID:2368

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4576

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc4f429758,0x7ffc4f429768,0x7ffc4f429778
2⤵
PID:4256

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=1896,i,17066773998607274364,3623338176718436090,131072 /prefetch:2
2⤵
PID:3656

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1820 --field-trial-handle=1896,i,17066773998607274364,3623338176718436090,131072 /prefetch:8
2⤵
PID:2928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2300 --field-trial-handle=1896,i,17066773998607274364,3623338176718436090,131072 /prefetch:8
2⤵
PID:744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3208 --field-trial-handle=1896,i,17066773998607274364,3623338176718436090,131072 /prefetch:1
2⤵
PID:2920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3228 --field-trial-handle=1896,i,17066773998607274364,3623338176718436090,131072 /prefetch:1
2⤵
PID:4736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4636 --field-trial-handle=1896,i,17066773998607274364,3623338176718436090,131072 /prefetch:1
2⤵
PID:4840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4812 --field-trial-handle=1896,i,17066773998607274364,3623338176718436090,131072 /prefetch:8
2⤵
PID:4772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4920 --field-trial-handle=1896,i,17066773998607274364,3623338176718436090,131072 /prefetch:8
2⤵
PID:2488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 --field-trial-handle=1896,i,17066773998607274364,3623338176718436090,131072 /prefetch:8
2⤵
PID:228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 --field-trial-handle=1896,i,17066773998607274364,3623338176718436090,131072 /prefetch:8
2⤵
PID:4308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4884 --field-trial-handle=1896,i,17066773998607274364,3623338176718436090,131072 /prefetch:1
2⤵
PID:1860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3368 --field-trial-handle=1896,i,17066773998607274364,3623338176718436090,131072 /prefetch:8
2⤵
PID:2040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5400 --field-trial-handle=1896,i,17066773998607274364,3623338176718436090,131072 /prefetch:8
2⤵
PID:2920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5448 --field-trial-handle=1896,i,17066773998607274364,3623338176718436090,131072 /prefetch:8
2⤵
PID:5024

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3364 --field-trial-handle=1896,i,17066773998607274364,3623338176718436090,131072 /prefetch:8
2⤵
PID:4740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3216 --field-trial-handle=1896,i,17066773998607274364,3623338176718436090,131072 /prefetch:8
2⤵
PID:3048

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5468 --field-trial-handle=1896,i,17066773998607274364,3623338176718436090,131072 /prefetch:8
2⤵
PID:636

C:\Users\Admin\Downloads\BeadTool4925.exe
"C:\Users\Admin\Downloads\BeadTool4925.exe"
2⤵
- Executes dropped EXE
PID:1856

C:\Users\Admin\AppData\Local\Temp\is-98MKA.tmp\BeadTool4925.tmp
"C:\Users\Admin\AppData\Local\Temp\is-98MKA.tmp\BeadTool4925.tmp" /SL5="$C014C,4587600,121344,C:\Users\Admin\Downloads\BeadTool4925.exe"
3⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:988

C:\Program Files (x86)\BeadTool4\BeadTool4.exe
"C:\Program Files (x86)\BeadTool4\BeadTool4.exe"
4⤵
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
PID:2516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 --field-trial-handle=1896,i,17066773998607274364,3623338176718436090,131072 /prefetch:8
2⤵
PID:4068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=244 --field-trial-handle=1896,i,17066773998607274364,3623338176718436090,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4376

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4848 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:8
1⤵
PID:60

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5376 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:8
1⤵
PID:4384

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\BeadTool4\BeadTool.db
Filesize
924KB

MD5
ddf2b2810ad530ed474d5f44aeb95d8d

SHA1
56a4fca7ffc760b1696f41e4b3f0bae017479ab0

SHA256
0754668291dbb098e022dbbe0da43520fe4eca94090dd3963ccd1f614d915277

SHA512
c9bed1ac7f3ff2d501eeb607643c2166957c7e952cc4aa6da6f5fd41e84e982da9c4019246f3e93a62efad3f11e00dffda6fe9c36f823a024e53dc4cfdc527e1

Download Submit
C:\Program Files (x86)\BeadTool4\BeadTool4 Libs\Appearance Pak.dll
Filesize
132KB

MD5
88c48a17095476743e390971d6a88918

SHA1
4ae2d749882c71d9f423eaa5b3cb1b9e8b9390a9

SHA256
2f9634b1e28c70ee013c45cd36aeca55dc90cf47126d42c114c35f815102e826

SHA512
972688defffc3aadaa7478deaad26dafaf4300e8c55dede1717c19bf24fc2e1ac92985963945b3b535574528295cb05468389e21c61d6e4b3c67f71ec9da5ecf

Download Submit
C:\Program Files (x86)\BeadTool4\BeadTool4 Libs\Internet Encodings.dll
Filesize
72KB

MD5
30a8d4e5a292c9cbf899fd93fc100fb9

SHA1
f63645d25d3b8ad740804438c606bb829b0e3c85

SHA256
148d9e1b93b1860dcb1df0de7756fccbff2788f3a71708e509a6861b95208a6a

SHA512
13306f010ca3470f4d4b2baddd127b791e40fdca567a7c4ece9a5969d6d967d9a937ee129352ebd31c8e0d7bd4876906a7b3a6440402e247b49fe88772dc2f8f

Download Submit
C:\Program Files (x86)\BeadTool4\BeadTool4 Libs\MD5.dll
Filesize
92KB

MD5
d8c7e94b3795d8d8ce759ddabc8d92f7

SHA1
611223224115a8b4b9884afe396e08e2352237f5

SHA256
cd9f9d156e6914974f4b5e111b4798bdd19515404cdc6b5fb116e118cf8262d6

SHA512
b9c9e3038bfde9d927267d5f1ddf3a7d3f074ac5a2aa541befb226eeacdd771da427a6baf2124296a2996044206886087cc05799181eab1c891deb662ee67d5d

Download Submit
C:\Program Files (x86)\BeadTool4\BeadTool4 Libs\REALSQLDatabase.dll
Filesize
440KB

MD5
450a7aa843783c4d7030c3eefedbd58a

SHA1
d5ff80833c02f90c01b31fe5728dc40333dde661

SHA256
6724a79321e2316cfa20bee87c6dd697f75c47ae3f1c373da2cccd9901a725e3

SHA512
e08c54cf790b72bdd595acaada0c7385731d08437244cc46c3ffcfc05de16b80d3b3de735a4b31486df173413b065e4530e8a0e5cebb19af1de374e4cc07c6d1

Download Submit
C:\Program Files (x86)\BeadTool4\BeadTool4 Libs\RegEx.dll
Filesize
144KB

MD5
8a4725be0666fa6cc9c9accb7dce46f6

SHA1
3126aa4fb34aa3f839cccbbeef4d9aeb38ba1921

SHA256
399dd6e8e8b56ad9b565250ec1374bf4d582ab8751613ed03a599713e29b2371

SHA512
336c4383ff971f5420e7ded2204fd625d2289f1c92b7f85713b5ed48d8f53282a97c7dc9039cc30aa0c8c6a1cd7643ee753ed74d6edde3af4e9693376e7b43a1

Download Submit
C:\Program Files (x86)\BeadTool4\BeadTool4 Libs\SSLSocket.dll
Filesize
1.2MB

MD5
cfba405f4bb9d20096f939c8e0c4c99c

SHA1
3df1234583ed175213cdda37d92e97f1e6da803e

SHA256
31c8e1b875ecab4b04df169b37b98298ea0231c08b065ada078c119e51f3291c

SHA512
8ffccc54ae6cf4ef50ed7761d26d9ca7f939e3e4449a6ffa79c91024ac78c4ac46952519a87103a02d8830fa841b6ac48044d02300905ac7b23d788feb9abe91

Download Submit
C:\Program Files (x86)\BeadTool4\BeadTool4 Libs\Shell.dll
Filesize
96KB

MD5
3f1e04f28ee56a2427b9c564b9a65ff2

SHA1
cfe1ef35dde8077c4ee89a8a003561b8bdac894f

SHA256
06390ea9f9beabd14b5a9ccfbf5e5fe7ee5dc3d6ef71c1b792c5607347359d11

SHA512
cd5961d12fe1ad7b7c75f179eb0e9b8af32cb28fe3d7210aa60525d9573c3ca9294a4384e78dbbd781c84e22a1c861108e7a846f602b551b38ac7aa9956d6f07

Download Submit
C:\Program Files (x86)\BeadTool4\BeadTool4 Libs\XML.dll
Filesize
744KB

MD5
b82eef6abcb5071f1d54d7abc33935f1

SHA1
784de8dacc2aa1aee8ef9d874d0cb216172dcc1e

SHA256
7aaeafa033bf96fe3914f864e948a115388cb644ddf3cfb33eb5947f0e7eac87

SHA512
c327b61f3a84b1bf03234e890c01026c3b6c67ab670115a5d599cde40df2c5fb56fb686769c84a2376a5ec1f54fa02d4b73ddd76f6088c6bca0dfc9f5bf2df66

Download Submit
C:\Program Files (x86)\BeadTool4\BeadTool4.exe
Filesize
11.3MB

MD5
90534c4473452af1347495866cb2e754

SHA1
99120c1d3f9a9fa8e909adf8c28571dc891a2751

SHA256
43e0d6df9ec0181eec72686e0dab43a64429f1a0a258fb048aec23fe5f368a4b

SHA512
23b0a3a4a10fd43fc1101487c84066ab63df586089dd29236dcde7735d15bf7d8bc1562e7d018c7fb1988d17c5fee9bc7bdb6106fdbe8f15a963a5699885b64a

Download Submit
C:\Program Files (x86)\BeadTool4\BeadTool4.exe
Filesize
3.6MB

MD5
465190c3ec55b06d5c7db4147108992b

SHA1
a94e11aed5318508ce59b171b4c47145188f035a

SHA256
26f3c3286a3a1d275f35726d30bf9d68c7390790b1fd4fb1c8f2ce4b895cb1f1

SHA512
29ac6d213b7fad47a8f60f83900db414206be0f458cd7afb5af785be2eb0d8cae3525d85f1580f818f6c7cdae2a35b34b76309d91fdf91edaf4a8d4f164469fb

Download Submit
C:\Program Files (x86)\BeadTool4\BeadTool4.exe
Filesize
1.2MB

MD5
b72e80ac373a798b36bd56ee3767f50e

SHA1
4bdb2b2b6b354a87326b36b60b820916adedbed7

SHA256
3244cca5835852787b8bc41716ec11b341abaf8dbd3a14e770ddad8d4144e82e

SHA512
63952a0e0ab72f4c3073dcd32cb845b7f4314e71fa2ffe3adf923b61a1f2dd08bdcccee302a6c03593ee317dc9e112f7dd4077467857a6d3081123c9e2e8fd5a

Download Submit
C:\Program Files (x86)\BeadTool4\BeadTool4.pdf
Filesize
278KB

MD5
9dc3c250f31ebc581f52535749a9f49b

SHA1
ac870ffdaeee9c07ac061c62090c7e047826b821

SHA256
178a0ed216bcc5d61a620336eaf77ac064bb995a257749d8a68d8155f6bd8493

SHA512
ecc526a35b2c23ca092864279b7076e72e356464fb455567a48ecc9514a432d0c7db0afc5b5b6da8c511996f8be8b86185f10320a926300253438984c23c1533

Download Submit
C:\Program Files (x86)\BeadTool4\zlib1.dll
Filesize
61KB

MD5
6c39173ee2d67806de165e28e6c427cd

SHA1
508a4eba4b2a1901a6c832432557a9821d05965d

SHA256
ae1920e3bc258c5f063e4e4b5c3e33c91ca1dbd065bf98759af328128009220f

SHA512
f11e6fbc30cd338e210af295ac1f433f987248ac6a448e6f7cdc36b44ea60ebae6d889660547d3ad0a20a3308a1005d08aa1fe47f1f27fd8069c0f4606951c5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
216B

MD5
8b098c33aa551cd5279871cb410bb43a

SHA1
dcf2c6d1ade69c9ed8701e2c1bdfa0e57c484fbd

SHA256
ece805f3e8dd6ad62c9281265e6426ac1f8bc20428fec55c8a3a65c501af1776

SHA512
abb2bbdc3aca2ae686f9a36f114531b5217dcfdfebba3f8685d377fced2136840b5ee40b615bd69ff71ad3eba9063dc54a78792470ec271aa1774d731f0638d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
64124752879007fe44187465234573bd

SHA1
3e2315546ebb86b9350384bf36ce9bfa4a70480e

SHA256
9c1e11736fece39a15e6b2e7d72c43c0424681d3a57d0eacc1545ba699fcf00f

SHA512
4108050c4fbcdf4cdb837b3657a66f6aa90182bc307989425dd6370c2da11687280238cd53a300af84c37405e4b3542b075c7afae7f4101d5a2cf04b4d42e079

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
df5a8790512e70df32387f3afd1cde92

SHA1
d666e2793e76377d6edd01d2c43cf19080df0cdc

SHA256
1c13e8010371bf2532ed3d97fd2bfc19f4ff1b1fac3fe2112246b6ed4fc42f74

SHA512
d61feafef2da39e070c8d2cebd25fb614b9c9d2300a89dfc021bac087bd319b3c2697db5fc82f77d34a96ce005461590a8d9e6229d177ce63bf99e70e02110ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
19e218bbd72ab0853a3d8a5bba5b9033

SHA1
86bbd90688f5d248a142973fd33d2f352f6e9f25

SHA256
8493b6657ff82fcacd04976b053db19b6747e163e9eeb13826a02de414088f21

SHA512
42a9e81acecc44aa0a0644386d0fa45b68368a53c13ade846afb76cc7154e84e75a0d0f8530ae4d0a69d92cf226a9f7882524d021ed386e4819c2a103fd0ebb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
369B

MD5
3a869053388042971acef30f59e5020f

SHA1
a2d929f9bd8745e6128c4fe76f2c011274957b37

SHA256
0a434fdf7f0e5757601a87f70141579015de87f86ac31dcfbdd3ba50484ea427

SHA512
571e29f0c2863ef00747f59888e0de76009cc55476eccb4f50b91c4fab3f577c82e3c9a1dece9b5d5f2c1bbf9ad0497c3ec4a0399da55ec035f84f597d5c9cd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
0c53df6de637794da871b9c6dfaac3bf

SHA1
a121a3d65a053d5be5027bf4d16cc78cbaffabd0

SHA256
bb8c6ac3ff205bf1e71e995d10705431bc5a7067a5cf684e27d36d2f1502a8a4

SHA512
655253425c0362c14cf090c7415f27f3e38a9d15eb6f696577a5e063f4cfdfc4582da8fce8c154b2d86c82801850788bdc7c05904a7a8b663f171990945a0810

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
84241ad4a0a3705b39e25e0f4455d689

SHA1
28770a0b9ad77e948664277222f7cd070fa80f3a

SHA256
122dfc69caab56b2976a03136b405c5d85676919b16d65cc9f3f722de3642aad

SHA512
922864818265ff615f6964046a7ade52a88cb5feadad0952c5e61129dfdc1dfd2fec02342dd00ae52c8528e22550d562712ad4c418e461c23168c51c6b672b09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
2819ceb55a675c9ff24f7b264262e1d1

SHA1
78807d827cf1896e50a1931d8ccad5f7d0a5c79e

SHA256
ec7fa3f9503ddb4f8255194c32b5274a7bfb0f61d7e8b369fe54361fde19c965

SHA512
30c71c08a79ab9cce5e2ce35f8e1c3199289dd759641d1d76941a851ab841555101d1ed46679011f4a227227a20cb2c15bd13e148e79552ecaf912895c07102d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
109bb8a72970fdf4e4ff4d70b0efd42a

SHA1
5297ba81b46713646edcc2cad41e98009338a0d9

SHA256
65b1c28968d5d8eb0ec81308bd36768d202bdf317158fd879652421084f8c899

SHA512
1b96922884bf441b8ea37c6777b1d365c001614ae4889b05e8aa42adb1cdfcfea053ab69780dc9970cf23069ced400ee29fe033e3be98048538195994382dffd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
91d267b7626faa0d75df5021e9ac9e5b

SHA1
136ac5341f839f4ae41a76149853121e7a317b42

SHA256
d46fcb2e824c8c26e8524946b398aad0102c7a7bdc02d686fbc5bbd70b2fb5db

SHA512
67145cb3fb8da8462cff64539d9f082688b8ee909dd64350c225136ae9eef092b9133f4f6ba10dfdf09132dd04eb2fb230a78e1580a0fb0531f4ba0b1e295634

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
265KB

MD5
3dc2a1f605facc74f1558d38fe705dc8

SHA1
09ec2c35f17a1d83d0447de496ec34ae8de636f3

SHA256
f1cf5578e6b3b4aa833a98bd1b9675c87995b4a7641c64b8e7f4d28e55018089

SHA512
59ba8df70dff552a9917ceed7a00fd96a7d3b47024ce8393863cfebbd3fcd673431624b226187e6c7a5e104dfee81135506be7860906b1836c060f9d4a054a76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
265KB

MD5
4c3ddaa11758c52a66bcc0d9177ff054

SHA1
783f152368bb94054ad40c3b657398f45b24b21d

SHA256
04b21257c839cc5b25c366d535c79d2f4d28fb8093bff95c9ac84b05a04a79f8

SHA512
a4839cb722aa1abc1b17b9dd17457e7cfea0054828e41f6eab0697b997334024f63e5927694e3db76e0351f2b5ee09ccf1249256a07f00965d91ba02101a1c31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
103KB

MD5
2db4d0b96e00d3292b7f3c603a0245ee

SHA1
72b0f8ccd42ec080778d44fc28c56187e31bb3fe

SHA256
d5172a016b7f85bd29436d2b5bbfaef16718bcf9aa243636efeedd33efa8ad47

SHA512
cc5bec4278a190e830d7b344650b6422572ad8ae20e388f82d80accaf66c43ae05b82f0e129dc494fcf0fc88db65a46f73aef8d6870f620647c3e427d0b7552d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
110KB

MD5
4f07a57911805886aad44a96252ac225

SHA1
93862435568b8dcbdddc3ad82f971c8eea9df4be

SHA256
0e7e565edb6e4b97510c7300f84865ede4c11d00c8092c4aa34ab45b817e1843

SHA512
c1e6ca074784986c4e46a2a74b5cdcc43a3a150b4ebd0ffc75bd26e73d3ad73fbc0962fbb913c724b7fc3cf567a5ffe2ea3195ee04fc3fd8e7e3ce0e265cd454

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe588af5.TMP
Filesize
98KB

MD5
7e2709391801a72d613906815f4735bb

SHA1
3e0d490048dea67de38a1d663a0a2afdba1c623c

SHA256
8041f0b8598bb3cff6e878f0165000714f48f6efd7d40a94744cd0eec658f77d

SHA512
47bc0f1ca6b21fe8471fd8d4716d37f86dd0a412cb92fc4fb3109841a150d437c7c03af62a2b75f8bccb565d48ec2e97bdc857023b8d9711854fe3cc4bed1fb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-98MKA.tmp\BeadTool4925.tmp
Filesize
1.1MB

MD5
cd242415f47c54555b64ab519f418391

SHA1
0adf9033f5e48a675115031e177faa1ccdc3b0fc

SHA256
645e2a179f061ec66f2f2f2e5ab2cde1151dc6a76c9fccfea0e0de59b6d61f12

SHA512
b447afdb17d56de2006dd4bd5013547c609c1c402dcd5ad6a27237b452e18fe1fcba492a04ae31e04c1cf7982a87ddd96d82bccd7a7b322c01edbf51ebecf777

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 785785.crdownload
Filesize
4.8MB

MD5
4216d8da6c9d0fa2a0970f65910e656c

SHA1
cbfaea8585f1e040c09a320f7d86d91d141bfe29

SHA256
5a600d5b28725e4ea3268844a8eb03251bc48663116d2d2709787b2e6bed5d35

SHA512
2acc3f9cb831612195d51475fd57aa35f644c50c7ce6fa7fb90d45928a6b744d8417fa831ae074125173d9a1b9700a5eeaacd604123e9c3af52e1129762d8252

Download Submit
\??\pipe\crashpad_4576_BKZEZLCYJUKLADST
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/988-156-0x00000000022F0000-0x00000000022F1000-memory.dmp

Filesize
4KB

Download
memory/988-251-0x00000000022F0000-0x00000000022F1000-memory.dmp

Filesize
4KB

Download
memory/988-180-0x0000000000400000-0x000000000052D000-memory.dmp

Filesize
1.2MB

Download
memory/988-258-0x0000000000400000-0x000000000052D000-memory.dmp

Filesize
1.2MB

Download
memory/988-182-0x0000000000400000-0x000000000052D000-memory.dmp

Filesize
1.2MB

Download
memory/988-300-0x0000000000400000-0x000000000052D000-memory.dmp

Filesize
1.2MB

Download
memory/1856-301-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/1856-179-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/1856-149-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/1856-151-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/2516-285-0x0000000003970000-0x000000000398A000-memory.dmp

Filesize
104KB

Download
memory/2516-294-0x0000000003BB0000-0x0000000003C73000-memory.dmp

Filesize
780KB

Download
memory/2516-265-0x0000000002680000-0x0000000002DE1000-memory.dmp

Filesize
7.4MB

Download
memory/2516-276-0x00000000038E0000-0x0000000003950000-memory.dmp

Filesize
448KB

Download
memory/2516-305-0x00000000064C0000-0x00000000064D3000-memory.dmp

Filesize
76KB

Download
memory/2516-281-0x00000000039A0000-0x00000000039C5000-memory.dmp

Filesize
148KB

Download
memory/2516-307-0x0000000003BB0000-0x0000000003C73000-memory.dmp

Filesize
780KB

Download
memory/2516-306-0x0000000003AB0000-0x0000000003BA4000-memory.dmp

Filesize
976KB

Download
memory/2516-289-0x0000000003AB0000-0x0000000003BA4000-memory.dmp

Filesize
976KB

Download
memory/2516-356-0x0000000003BB0000-0x0000000003C73000-memory.dmp

Filesize
780KB

Download
memory/2516-268-0x0000000003510000-0x0000000003522000-memory.dmp

Filesize
72KB

Download
memory/2516-272-0x0000000003540000-0x000000000355A000-memory.dmp

Filesize
104KB

Download