hxxps://github[.]com/MalwareStudio?page=1&tab=repositories

Resubmissions

26-04-2024 19:32

240426-x87d1aaf29 1

26-04-2024 19:30

240426-x723wsbd7v 8

26-04-2024 19:24

240426-x4h6lsbc8x 8

Analysis

max time kernel
272s
max time network
265s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
26-04-2024 19:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/MalwareStudio?page=1&tab=repositories

Score

8^/10

bootkit discovery exploit persistence

Malware Config

Signatures

Possible privilege escalation attempt 2 IoCs
exploit

Processes:

takeown.exeicacls.exe

pid process

4404 takeown.exe
3736 icacls.exe
Executes dropped EXE 3 IoCs

Processes:

Logon_overwriter.exeMbrOverwriter.exeRSOD.exe

pid process

1612 Logon_overwriter.exe
4444 MbrOverwriter.exe
4164 RSOD.exe
Modifies file permissions 1 TTPs 2 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

takeown.exeicacls.exe

pid process

4404 takeown.exe
3736 icacls.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

41 raw.githubusercontent.com
42 raw.githubusercontent.com
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1542.003

Processes:

MbrOverwriter.exe

description ioc process

File opened for modification \??\PhysicalDrive0 MbrOverwriter.exe
Drops file in System32 directory 1 IoCs

Processes:

Logon_overwriter.exe

description ioc process

File opened for modification C:\Windows\System32\LogonUI.exe Logon_overwriter.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
4404	takeown.exe
3736	icacls.exe

pid	process
1612	Logon_overwriter.exe
4444	MbrOverwriter.exe
4164	RSOD.exe

pid	process
4404	takeown.exe
3736	icacls.exe

flow	ioc
41	raw.githubusercontent.com
42	raw.githubusercontent.com

description	ioc	process
File opened for modification	\??\PhysicalDrive0	MbrOverwriter.exe

description	ioc	process
File opened for modification	C:\Windows\System32\LogonUI.exe	Logon_overwriter.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133586330824760404"	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings chrome.exe
Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid process

3936 chrome.exe
3936 chrome.exe
3936 chrome.exe
3936 chrome.exe
4040 chrome.exe
4040 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

chrome.exe

pid process

3936 chrome.exe
3936 chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe

Suspicious use of FindShellTrayWindow 51 IoCs

Processes:

chrome.exe7zG.exenotepad.exe7zG.exe

pid	process
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
892	7zG.exe
1536	notepad.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
2632	7zG.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

chrome.exe

pid	process
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3936 wrote to memory of 5052	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 5052	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 4980	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 4980	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 4980	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 4980	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 4980	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 4980	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 4980	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 4980	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 4980	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 4980	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 4980	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 4980	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 4980	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 4980	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 4980	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 4980	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 4980	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 4980	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 4980	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 4980	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 4980	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 4980	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 4980	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 4980	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 4980	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 4980	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 4980	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 4980	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 4980	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 4980	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 4980	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 4980	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 4980	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 4980	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 4980	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 4980	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 4980	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 4980	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 3268	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 3268	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 4948	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 4948	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 4948	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 4948	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 4948	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 4948	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 4948	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 4948	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 4948	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 4948	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 4948	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 4948	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 4948	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 4948	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 4948	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 4948	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 4948	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 4948	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 4948	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 4948	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 4948	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 4948	3936	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/MalwareStudio?page=1&tab=repositories
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff801869758,0x7ff801869768,0x7ff801869778
2⤵
PID:5052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1536 --field-trial-handle=1748,i,17147177521632131996,2793784339276292621,131072 /prefetch:2
2⤵
PID:4980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1704 --field-trial-handle=1748,i,17147177521632131996,2793784339276292621,131072 /prefetch:8
2⤵
PID:3268

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2112 --field-trial-handle=1748,i,17147177521632131996,2793784339276292621,131072 /prefetch:8
2⤵
PID:4948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2816 --field-trial-handle=1748,i,17147177521632131996,2793784339276292621,131072 /prefetch:1
2⤵
PID:308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2824 --field-trial-handle=1748,i,17147177521632131996,2793784339276292621,131072 /prefetch:1
2⤵
PID:2652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3756 --field-trial-handle=1748,i,17147177521632131996,2793784339276292621,131072 /prefetch:8
2⤵
PID:4552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5072 --field-trial-handle=1748,i,17147177521632131996,2793784339276292621,131072 /prefetch:8
2⤵
PID:4852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4752 --field-trial-handle=1748,i,17147177521632131996,2793784339276292621,131072 /prefetch:8
2⤵
PID:4428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 --field-trial-handle=1748,i,17147177521632131996,2793784339276292621,131072 /prefetch:8
2⤵
PID:2188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 --field-trial-handle=1748,i,17147177521632131996,2793784339276292621,131072 /prefetch:8
2⤵
PID:988

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 --field-trial-handle=1748,i,17147177521632131996,2793784339276292621,131072 /prefetch:8
2⤵
PID:3644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3800 --field-trial-handle=1748,i,17147177521632131996,2793784339276292621,131072 /prefetch:8
2⤵
PID:1016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4724 --field-trial-handle=1748,i,17147177521632131996,2793784339276292621,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3780 --field-trial-handle=1748,i,17147177521632131996,2793784339276292621,131072 /prefetch:8
2⤵
PID:3452

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3788

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4404

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap29738:122:7zEvent24103
1⤵
- Suspicious use of FindShellTrayWindow
PID:892

C:\Users\Admin\Downloads\Logon_overwriter\Logon_overwriter\obj\Debug\Logon_overwriter.exe
"C:\Users\Admin\Downloads\Logon_overwriter\Logon_overwriter\obj\Debug\Logon_overwriter.exe"
1⤵
- Executes dropped EXE
- Drops file in System32 directory
PID:1612

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32 && icacls C:\Windows\System32 /grant "%username%:F"
2⤵
PID:704

C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32
3⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:4404

C:\Windows\system32\icacls.exe
icacls C:\Windows\System32 /grant "Admin:F"
3⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:3736

C:\Windows\system32\notepad.exe
"C:\Windows\system32\notepad.exe"
1⤵
- Suspicious use of FindShellTrayWindow
PID:1536

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap15164:114:7zEvent13734
1⤵
- Suspicious use of FindShellTrayWindow
PID:2632

C:\Users\Admin\Downloads\MbrOverwriter\MbrOverwriter\obj\Debug\MbrOverwriter.exe
"C:\Users\Admin\Downloads\MbrOverwriter\MbrOverwriter\obj\Debug\MbrOverwriter.exe"
1⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:4444

C:\Users\Admin\Downloads\RSOD\RSOD\obj\Debug\RSOD.exe
"C:\Users\Admin\Downloads\RSOD\RSOD\obj\Debug\RSOD.exe"
1⤵
- Executes dropped EXE
PID:4164

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003
Filesize
48KB

MD5
0c2234caae44ab13c90c9d322d937077

SHA1
94b497520fcfb38d9fc900cad88cd636e9476f87

SHA256
d8e6f62282e12c18c930a147325de25aef1633a034eaf7a3ce8de1fb8de09912

SHA512
66709f74b19499df1e06700e1c257e14a82ca4287194e4b177b3f333748d927f413c8c459a35e7e5a2f92d28410b0129f106d94e3dd85bc0dd0b986add83b18f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004
Filesize
24KB

MD5
e1831f8fadccd3ffa076214089522cea

SHA1
10acd26c218ff1bbbe6ac785eab5485045f61881

SHA256
9b9a4a9191b023df1aa66258eb19fc64ae5356cfc97a9dda258c6cc8ba1059ac

SHA512
372c486ac381358cc301f32cd89b7a05da7380c03fa524147c2ddf3f5e23f9b57c17485aaedc85b413461a879afc42e729547b0c96c26c49bbdb7301cd064298

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005
Filesize
44KB

MD5
2b312fee4bff7fb9b399aa619ae1811d

SHA1
cf5e3270ef62ea6ce023f9475dbf7ed67e10527c

SHA256
fd5fb41882dfe849ea47547bf38b9abc435683d7473703b4cb37e8c28b1de4cb

SHA512
3a42c3a12da46656d8dca9b54651027873f42d2ec2e6e706a41b4b520d387f0c3c0388e3d117bd49174d7074079f3404c00b6141c8dd22d38ef1a257f52a9791

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c
Filesize
21KB

MD5
9ccb3e387ecf1d1c32d33a33b61db8f3

SHA1
9d6625afcaa4d6bfe223268ccf82ff32ea9532a3

SHA256
3d34b64d0099f608de0e555d46338252a99d36f2a25af7180702c9966621fa0b

SHA512
05c3d41fd4115bd66c1a938ad644424f8df93f96ae27004c800e43acbc4b23568456574ceba605ea696fb594585811fedd0f9ec547a697344479e4d7516f65f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018
Filesize
1.2MB

MD5
960172ea8cf0196a4faa9be14e4cda24

SHA1
e0ef6319d2a0fe1963df12c2c23af3aaa468af78

SHA256
ec74af7c4f79fa4449f3acc8fbe0cf245eb70bee9d6d9458ab4f59ed18b3d18a

SHA512
f3bae2d783fb6b41934cf3449849f2dd98877c195500011034df290595fb1068a4393d764e91c8af0b29902dfc2566be638c4ea47abd69dc3ecabc016d36a4dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
08a98b7452af8a0fbd14a48121d48581

SHA1
51d2fb5c88f686d8f93987e98f5aee493a2cb81b

SHA256
bcbe48776fd0aac3c420ee17fe377b3a62aed2b3c675b1cf08029b072b9afbc6

SHA512
e7900df4db5f070a1bcd943b5d5605132c5614b4b57a243f0ab5faa128a25f0d2b2af63f1050a6c59bb74c8214d6638faeaa361be80fd18a50c09b9441c5280c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
f4ad23ae0e5d169065e9f6da3ec62536

SHA1
422c69651ae1207cd4ad03a66a7ef121da727082

SHA256
3b1ccad085e3747a67bf911d6400e9aaac57c1849a23adda6250e49644eed388

SHA512
fa49d241d6c0a72dfeb1dacd23628ebedeed095c99560e3ac1cbd267731c57a7bb5462dabc92f25e8f9e5f8d88d22d2214ec487f37f46d39a0673e67e7b55db1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
af49ec62e1336eb076fd58b680f5bdce

SHA1
32fcc89ea89c235619cc7bc571f0eb4921db9770

SHA256
f3094c3e65012b267a09af999a8a0961537192520e3b3c21630ebd0cdfffcdab

SHA512
f3608a1e77c2016fac877ca48f83f13686be9a4b6c1103f2f079b5884857db59bf5e8079d17c88e3f4700f3f5da2f7dd361bb18485c31c0dacd5d72240d8345e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\6df85641-80e3-4dd6-abeb-dbc7164f2724.tmp
Filesize
1KB

MD5
53e6d34a28d81f83fe2e76d76a3d082c

SHA1
86aeae90b8d08639df7e0c3b8a35d712d80ad327

SHA256
c595c062bb30bfd8e878fe7959a68563e85a7542405d820d4dc92338a7f0aa4c

SHA512
84831c83332bdaee74adddc8227b4c1a4af7f22fb89dd468ff21a6061297cf3e17db5d1ef0d9f437d28284e348012142ae74c3662b73bb6796a65d013ba7394a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
8a48ec3cb1ba0bb712f080e87059437c

SHA1
bf247855160bfff7d75ecdea52aaf9525359a887

SHA256
c5f4cc3cf8fa902d6d0e64ae9298d245a9d7a9435f743fd46f2d0c6aa95a6756

SHA512
693ce4137d2a0c4377ce178247a9f2e2f92b1944366103dcbf229692f237ca900395240e3451b6736c85d05316612d5d139febd09bb427dc0b892a9eb53799ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
0fca34f2d008d7493202f580322fe80b

SHA1
ef121c5c923514bc7f7e020bf0128707a2d8b381

SHA256
66a35d4c7ad16f0cb5a9c88ffac8c822d18a07e03185462836d5f1198d9c4f35

SHA512
887d7ba081dd0f3b17f3e929556794ed9d2c9544abd5d9b4656f0aeef392b858df8d6cb8076ebb97373214506fe591275545c0268103f5b8db924b31f2414bab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
2b3fbaf91340dae5e021b334fddb2de5

SHA1
052e532d8de2859a2a6654723457135ccdab1656

SHA256
848cb4801b5f4f5ff89f021b0a54bdde74dae944a16d4396de656e28575f96a2

SHA512
b10d245c9c10124ecfd111ad0bb7c8386312a5f48d9973c80b0abd352fcf130b9de4d5833e1ac8362596b20277dd9fe1e77007b9051b779cd53028af92c6a1ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
2da274535d907ccb6f1fe41d39094130

SHA1
c5e21aae1e928800ad3673976c92b4025722819d

SHA256
1cc620396b4e356f30e049638eb70a1b1a6b169877f119bc2c085f37d27976f2

SHA512
ff9ad0320f7ae9cb5fc69bba2b2e6e5dbaef541376db3362f6866a84b4817e6d8f5b251bc0d523cd1a71b92814107c5d3c7804a8919a0ae82d032a3b921838e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
a83654aac0b1647cfad9731142863501

SHA1
f16d00fa6985f74b74b4a91e72cbbe7ca6cfdb65

SHA256
bd943f33961ca62be6f997f93e1ea159d84c8ef2b2440b2e6c727fb60d36df14

SHA512
b3db6d06ed3df5206a815965006fa465d5efa359c373edb67f57e5f9a8a1e7d7aee133980b8f955bec58570a0b1852cd02f6519ccf3629afea3e422af2c62715

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
90c9500d07e807288edcc0bdac61d3cb

SHA1
28c9779203d5eadaea0a3b67cb2a0b73481d07eb

SHA256
b6d1b4eb2dee5e644be7e2cf25f8edb58aa54cff6fdb50627c85495a62e17d0a

SHA512
debd9fa1d8b80e8ca51747bac1be4c2afa7b065672ed33fa1e5ed396f637fe8c02414fdd19cc0770918266edcba49a4e9128feb583044be2c1226bb6f386bf03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
137e5019743907d8240a318e1f40e1f3

SHA1
9b40dd8b37de5afb64521b0430c38845111acd77

SHA256
9489b65eed54f575c9a12830a84dba3ca278d858ee92694c2874040188b96f49

SHA512
7008c68a881846da2bf657e82379df569b00b17cfe0c6b23313a7b7b2bee4a345f2d5380bac9739944d99ba094eecbe9bf7e7fc8c45a9bfe77109dd44b054711

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
8ec3d64d322e1c09beffa5a6a038f6ec

SHA1
2010fecdd4295348d0ac09df3aa2eb2144e79b52

SHA256
d94ba43f94d84863e1c550fb8721149b8cd51369c4451197dd045ceb751ccf99

SHA512
dc1e0b98b4c5c310bb2c0a92412a4102c3a457d79a7cbeb88584b5bc3d8c81c8c68154d7f5f9c1507008f99d58bbbe56d90b942fcdc1896f2727a7739ea58695

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
dd44b0f76137a23da227282f97274f37

SHA1
99e7c5b246e99532cdb24bfe88aeb76c0ba2e415

SHA256
ff41cb2314210f812cbe41a5d48b8667fe355627758adc7716977c28ad95757e

SHA512
f3121bbfbb6d2528bd28495bc434b05ce22846ee02e46fdc938bd26e0ba6d711bc54acf702ad5b399a1d8327a6ffeaf72e13f11241ad0c9aee1e0e5c44caf773

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
afa8460986b36de3002496f662e2d8a2

SHA1
35959eb90ff7caa0f8ee8077f0c2df9524ac7a47

SHA256
fa3c1cbdbade1edfd4016092dbb17a62d69ee99448feb232fe9f320d0551d01d

SHA512
5111284f30743018b73d117b0cd9262e78cb50544c6d72a16fa32995d1203840ca811b4fa1aac6d853f3d0d396ed978fc8ac6b63ba48030cbda4b77d33f32002

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
2a96692d2465d6798db2bc4714925746

SHA1
67f980775740090d395af6927712d2514cd41b65

SHA256
e2c3fb6c1d9a458aa0ddcc03c3372e3cdb65694acadac1030cb3d03fc61b8684

SHA512
cbbc7513122c3d9bbb2bd767fb3c04b82765a35d45a0314b4044fb3f9531057784c173f05b1712265bc92035dbaa47699e4ad3cda13b6e6567738b5714b93d5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
7b697d75b157a40cbda759c2ff9e4d39

SHA1
f7e56de0998e851716b47fdf9c135dd0e2126dd9

SHA256
50202c72defc790b01503fdcc36181fd3432e69862b08e0c2a69ba02adecb601

SHA512
407a53b45f62c52697b22ba017b3bef4297536e72ba3e92aa490aa6c9a110d820f08ba458baab0b871706ddfcdd6f6f621d83d8d196aedba92bf348fe25be0b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
138KB

MD5
986990ad451c82cfe99714dbffc63151

SHA1
e61d647ba7ddfe5097409e0ad6d19ee5292ebe39

SHA256
5e3840ad25083c103718e4fa521982b5e603b425d80b5f3a87d36eedddef0a1b

SHA512
1bd4aa2b63d6288eaaf74c7fa85bd1290173028c1827603596a988a5ace624d4be2e321154db887c7a8178d756d914526fe4af025980f37a7a9490d6ed4533f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
137KB

MD5
3eb28868dd3dc622eddf7ba0985e683a

SHA1
8f736a7742f9ad33e8061c416acbb908fb36d54d

SHA256
98ab929830a50700f72bc5425cf2b822615c0510a720057bb9ab48897503f9a4

SHA512
378c6ec6ec933c51059f8eb328d4a09f29853ca4c993b318cd494f1c173aa6b3847fb6ff2c3b2e402af5e7fac393274132e65619460e87b9f69c184e2818edbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
138KB

MD5
5f5be5ed16cfb6a1605b3572bbe906d0

SHA1
a0d7a4a9f36127d217e05f1cf7fe615593f8a00b

SHA256
0df5c6b422a1bf7cece6bf970feec2e6f298c141106a5244d78d03d577a66667

SHA512
bda003f3f993303b5df6dc5cc5150e9f5aa41c00a3e327fd2d634bf377baafe0e18982401a68298babb59651a8780ffd1a676ec1c6cc77fd83ddba887763da52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
157KB

MD5
d956f94b5d6cdd8760b7770b7264b787

SHA1
3aeabfd9ba6e856a73f94c46a0529ed9fb959777

SHA256
4b3deac71d99e5cdde029401ab73cbd60dfc9be1bf897582e74408f7feb5765e

SHA512
1c49516cfa26357730a1ce738f3ea9ac1743655b907df64d71e2e698c3023c8544acb9effd88d6cc60da0f84093d29e0a97a32d92c91aed81d171cd3e201d63f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
109KB

MD5
64210957527ca47fcbf4d9c444bb1384

SHA1
170b449b2a838c853683f068ee06a38b1dc9ea1e

SHA256
3d02307461ecabac06e09fd0e45893f09ed066c0d5a058acdc181200bb83432f

SHA512
8b1de53a6cdf0b5ce88446aa47dc7ca57f1169732a1f40bdeac3eb8801b7c9f2c3556b487a6341c39fcc02c37ee3bfb18e3cc2cb20d0c0bf3f95460a7047d5a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
105KB

MD5
ef59af0e410e965d88eecbba55ca7af3

SHA1
0e7f370382f431370c90e9e80aa7eab572401c06

SHA256
0f9208b803c572990db118c71d9f4f3920c9acc099244c054565e61835c6c1a0

SHA512
6a4d76c68d2453a3ed56dd59f2b6a27eee73dbadb989f6ca3d94bd5ebd6f6e5b3cc448c210999509fa86edac29dd8244d0971654e8b9e1842c815e37c5bc9b9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe580932.TMP
Filesize
98KB

MD5
cf6aeaf63593e79ffc57a6599f841331

SHA1
97430a862efed88a7f32457576fbac66c386b48c

SHA256
b10691282d6321de6b67d5ca76b6babc7e832072b9682e2a43185c6623e248a9

SHA512
ccbe7869a865910194bf2acc216acd9ed2c887092afc539a3bd1e2fa10d8c858248c32a690610165a163c6364cc752b956bcaa2c26c5142b251285232fc15615

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\LogonUI_overwriter_source_code.zip
Filesize
112KB

MD5
3c20c305466728aa8174c34434d98b3f

SHA1
927c4d779522423beaea517fa2fc0eaf3bf32350

SHA256
dca2d88f17f988d79900e1cb81654b0996b711415a52096eca892d175b28558e

SHA512
798f03976d76c8b08e2c0af12692c2c644738d2ea4caa6a02037c9a73ae90d172d4023c0d83b3b68c386625f7d48f178845c42c3da4e8813e846115b80dcf1c2

Download Submit
C:\Users\Admin\Downloads\Logon_overwriter\Logon_overwriter\obj\Debug\Logon_overwriter.exe
Filesize
34KB

MD5
942e4fe24043059c647f584cc657c4ab

SHA1
41e98f66887a4d912a49af32bf164ab9daebf543

SHA256
ed996aabbbd002aa1d2a26954c64f47072f9388142b85cf273c190ce357597e2

SHA512
dab7a646761a2f547e5e8dee83678c1b30852ad266d03b3408475a65a5a0f3088a5b7e641d78baea697152cea735ece7b9537c7c86b7dc74773cdb336b0ee7f5

Download Submit
C:\Users\Admin\Downloads\MbrOverwriter\MbrOverwriter\obj\Debug\.NETFramework,Version=v4.0.AssemblyAttributes.cs
Filesize
208B

MD5
1d18ab49c88d00ae24bcb32d63af66ab

SHA1
13b4b0c66f98cd84a7d68126d7c88cbc757da6c7

SHA256
a68f8a233f30cf4737696fb94daaf44cb3772d40be168381aefa9059b2d3bcab

SHA512
17c6319c1ba24bb48ca7385f4a9e4a5f1d6346dfc6f6460abc914a43134c703815a3c3cf54597605926af7b29d89c80f410407464915926df27fcb68071fac97

Download Submit
C:\Users\Admin\Downloads\MbrOverwriter\MbrOverwriter\obj\Debug\MbrOverwriter.exe
Filesize
9KB

MD5
45470bead60cc025c08e6960370122a6

SHA1
64a972bcf642d84810289995be6eaca730fd1d29

SHA256
ca34d8cd18d6615329bebb0730156ea48651c5c04c77773affa473e36c97d543

SHA512
839fdcfcc4cec710618f608c8e67ddfeb981054245d1ac491e82c82e4f96a40b648e42ebd2c49034ec5e1b0702e5017372e9939d2e4c37646059780c5dfa0f77

Download Submit
C:\Users\Admin\Downloads\NASM\rdf2ihx.exe
Filesize
90KB

MD5
dbfac314e9ef6d2968c90b28b97fd0b5

SHA1
37f33c70804a9824de34278ef85ab226f4e8d029

SHA256
1ec1dac43dcd30bd5f4ac05276f240524511aef1ece5541e0489b8f9148930ba

SHA512
55e4dd3d6c38330f1d2038fbed9400f10d99020ff4d7d92eac33cd7f3406092d4aa55feec9c5e867e955d42e9b19de6cc3ff21d479741a8c3e3f4830e8129f37

Download Submit
C:\Users\Admin\Downloads\RSOD\RSOD\Form1.resx
Filesize
10KB

MD5
1f905b104dc11994994cf4be39618136

SHA1
0e423469c4b518139a6e6d57e9b561085b72a125

SHA256
55939986ca32891ebda9057f08b7babb5aca1d8fc7455fd2ef9f788e0708dcab

SHA512
314362affb191e52da09286233fd2ac53bb8afda22d2d17e624b4757c446013c5472688add1c1c0e6cb45677fa08efb8045e4bdf6f210d9ace2e5688f7959503

Download Submit
C:\Users\Admin\Downloads\RSOD\RSOD\obj\Debug\RSOD.exe
Filesize
11KB

MD5
2cd94e786a624bf706e3d74f86f1352c

SHA1
a199fa3dc341e5d8a508a6b87ebde2d7949ade86

SHA256
ebcecd72b8bb18ed52787b47bdaabbe4a9cee534b1498b7da8243fff39a685c9

SHA512
cb44edf11e6d253ecda97d85363acbb80da4ac552bc2ea4176765c81de872f5bb70a91082a7235551aacedddc9a4f361cbe1df87ee348199c1c7ab8593399b29

Download Submit
\??\pipe\crashpad_3936_ATUQQKQZLKTZQFNZ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1612-563-0x00000000008F0000-0x00000000008FE000-memory.dmp

Filesize
56KB

Download
memory/4164-819-0x0000000000360000-0x000000000036A000-memory.dmp

Filesize
40KB

Download
memory/4444-815-0x0000000000F40000-0x0000000000F48000-memory.dmp

Filesize
32KB

Download