a66db067ef18b291b51738dca057ac5536e12741dd0e8923669bb76c14fb5bd3

Analysis

max time kernel
216s
max time network
219s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
01/05/2024, 02:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Downloads.zip
Size

6.1MB
MD5

81985e05b2cfb004445e2d8fdcb5e5f9
SHA1

7b2c9fea703d6f69d74446ce0eac9566de9be091
SHA256

a66db067ef18b291b51738dca057ac5536e12741dd0e8923669bb76c14fb5bd3
SHA512

742cd96f732161014c0dfaf6e2c3bed083f426292989ef73a60a8e68e2dd9e27290123a9e063654a0dfa8a36ab02b58d3ac5fe00d06711239199d58972af8924
SSDEEP

98304:8MuVTFa2vbEYJBSJgKpsRzWyjV1Yvlfmg6FW8tne+fQqy0CDnSpJ6WkeWjsK:NuVTFEvsRzWyjV1YjyWio0wng6vsK

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
5612	Setup.tmp

Loads dropped DLL 4 IoCs

pid	Process
5612	Setup.tmp
5612	Setup.tmp
5612	Setup.tmp
5612	Setup.tmp

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	POWERPNT.EXE

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	POWERPNT.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	POWERPNT.EXE

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133590041349203954"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4636	POWERPNT.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4896	chrome.exe
4896	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe

Suspicious use of FindShellTrayWindow 38 IoCs

pid	Process
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
4636	POWERPNT.EXE
4636	POWERPNT.EXE
4636	POWERPNT.EXE
4636	POWERPNT.EXE
5404	Setup.exe
5612	Setup.tmp

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4896 wrote to memory of 2512	4896	chrome.exe	113
PID 4896 wrote to memory of 2512	4896	chrome.exe	113
PID 4896 wrote to memory of 3172	4896	chrome.exe	114
PID 4896 wrote to memory of 3172	4896	chrome.exe	114
PID 4896 wrote to memory of 3172	4896	chrome.exe	114
PID 4896 wrote to memory of 3172	4896	chrome.exe	114
PID 4896 wrote to memory of 3172	4896	chrome.exe	114
PID 4896 wrote to memory of 3172	4896	chrome.exe	114
PID 4896 wrote to memory of 3172	4896	chrome.exe	114
PID 4896 wrote to memory of 3172	4896	chrome.exe	114
PID 4896 wrote to memory of 3172	4896	chrome.exe	114
PID 4896 wrote to memory of 3172	4896	chrome.exe	114
PID 4896 wrote to memory of 3172	4896	chrome.exe	114
PID 4896 wrote to memory of 3172	4896	chrome.exe	114
PID 4896 wrote to memory of 3172	4896	chrome.exe	114
PID 4896 wrote to memory of 3172	4896	chrome.exe	114
PID 4896 wrote to memory of 3172	4896	chrome.exe	114
PID 4896 wrote to memory of 3172	4896	chrome.exe	114
PID 4896 wrote to memory of 3172	4896	chrome.exe	114
PID 4896 wrote to memory of 3172	4896	chrome.exe	114
PID 4896 wrote to memory of 3172	4896	chrome.exe	114
PID 4896 wrote to memory of 3172	4896	chrome.exe	114
PID 4896 wrote to memory of 3172	4896	chrome.exe	114
PID 4896 wrote to memory of 3172	4896	chrome.exe	114
PID 4896 wrote to memory of 3172	4896	chrome.exe	114
PID 4896 wrote to memory of 3172	4896	chrome.exe	114
PID 4896 wrote to memory of 3172	4896	chrome.exe	114
PID 4896 wrote to memory of 3172	4896	chrome.exe	114
PID 4896 wrote to memory of 3172	4896	chrome.exe	114
PID 4896 wrote to memory of 3172	4896	chrome.exe	114
PID 4896 wrote to memory of 3172	4896	chrome.exe	114
PID 4896 wrote to memory of 3172	4896	chrome.exe	114
PID 4896 wrote to memory of 3172	4896	chrome.exe	114
PID 4896 wrote to memory of 3172	4896	chrome.exe	114
PID 4896 wrote to memory of 3172	4896	chrome.exe	114
PID 4896 wrote to memory of 3172	4896	chrome.exe	114
PID 4896 wrote to memory of 3172	4896	chrome.exe	114
PID 4896 wrote to memory of 3172	4896	chrome.exe	114
PID 4896 wrote to memory of 3172	4896	chrome.exe	114
PID 4896 wrote to memory of 3172	4896	chrome.exe	114
PID 4896 wrote to memory of 4640	4896	chrome.exe	115
PID 4896 wrote to memory of 4640	4896	chrome.exe	115
PID 4896 wrote to memory of 4040	4896	chrome.exe	116
PID 4896 wrote to memory of 4040	4896	chrome.exe	116
PID 4896 wrote to memory of 4040	4896	chrome.exe	116
PID 4896 wrote to memory of 4040	4896	chrome.exe	116
PID 4896 wrote to memory of 4040	4896	chrome.exe	116
PID 4896 wrote to memory of 4040	4896	chrome.exe	116
PID 4896 wrote to memory of 4040	4896	chrome.exe	116
PID 4896 wrote to memory of 4040	4896	chrome.exe	116
PID 4896 wrote to memory of 4040	4896	chrome.exe	116
PID 4896 wrote to memory of 4040	4896	chrome.exe	116
PID 4896 wrote to memory of 4040	4896	chrome.exe	116
PID 4896 wrote to memory of 4040	4896	chrome.exe	116
PID 4896 wrote to memory of 4040	4896	chrome.exe	116
PID 4896 wrote to memory of 4040	4896	chrome.exe	116
PID 4896 wrote to memory of 4040	4896	chrome.exe	116
PID 4896 wrote to memory of 4040	4896	chrome.exe	116
PID 4896 wrote to memory of 4040	4896	chrome.exe	116
PID 4896 wrote to memory of 4040	4896	chrome.exe	116
PID 4896 wrote to memory of 4040	4896	chrome.exe	116
PID 4896 wrote to memory of 4040	4896	chrome.exe	116
PID 4896 wrote to memory of 4040	4896	chrome.exe	116
PID 4896 wrote to memory of 4040	4896	chrome.exe	116

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Downloads.zip
1⤵
PID:4544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3912 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:8
1⤵
PID:3968

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1256

C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE
"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" "C:\Users\Admin\Downloads\InstallResolve.pptm" /ou ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4636

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9d4b09758,0x7ff9d4b09768,0x7ff9d4b09778
  2⤵
  PID:2512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1868,i,9582484835229553265,10678791189084381299,131072 /prefetch:2
  2⤵
  PID:3172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1868,i,9582484835229553265,10678791189084381299,131072 /prefetch:8
  2⤵
  PID:4640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2308 --field-trial-handle=1868,i,9582484835229553265,10678791189084381299,131072 /prefetch:8
  2⤵
  PID:4040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3092 --field-trial-handle=1868,i,9582484835229553265,10678791189084381299,131072 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3100 --field-trial-handle=1868,i,9582484835229553265,10678791189084381299,131072 /prefetch:1
  2⤵
  PID:3540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4668 --field-trial-handle=1868,i,9582484835229553265,10678791189084381299,131072 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4904 --field-trial-handle=1868,i,9582484835229553265,10678791189084381299,131072 /prefetch:8
  2⤵
  PID:3000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5020 --field-trial-handle=1868,i,9582484835229553265,10678791189084381299,131072 /prefetch:8
  2⤵
  PID:5104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 --field-trial-handle=1868,i,9582484835229553265,10678791189084381299,131072 /prefetch:8
  2⤵
  PID:5404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 --field-trial-handle=1868,i,9582484835229553265,10678791189084381299,131072 /prefetch:8
  2⤵
  PID:5500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5448 --field-trial-handle=1868,i,9582484835229553265,10678791189084381299,131072 /prefetch:1
  2⤵
  PID:5720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5584 --field-trial-handle=1868,i,9582484835229553265,10678791189084381299,131072 /prefetch:1
  2⤵
  PID:5808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3956 --field-trial-handle=1868,i,9582484835229553265,10678791189084381299,131072 /prefetch:1
  2⤵
  PID:6048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 --field-trial-handle=1868,i,9582484835229553265,10678791189084381299,131072 /prefetch:8
  2⤵
  PID:6140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 --field-trial-handle=1868,i,9582484835229553265,10678791189084381299,131072 /prefetch:8
  2⤵
  PID:2264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2928 --field-trial-handle=1868,i,9582484835229553265,10678791189084381299,131072 /prefetch:8
  2⤵
  PID:5348

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2460

C:\Users\Admin\AppData\Local\Temp\Temp1_Downloads.zip\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Downloads.zip\Setup.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:5404
- C:\Users\Admin\AppData\Local\Temp\is-3KU51.tmp\Setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-3KU51.tmp\Setup.tmp" /SL5="$103F4,5902719,227840,C:\Users\Admin\AppData\Local\Temp\Temp1_Downloads.zip\Setup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:5612

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Temp1_Downloads.zip\malwaretest.bat" "
1⤵
PID:440
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:1264
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:5684
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:6000
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:1068
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:380
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:4048
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:3020
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:500
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:5616
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:3540
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:3124
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:6016
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:3200
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:2116
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:2072
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:436
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:5904
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:5908
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:5900
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:6060
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:6072
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:4736
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:5124
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:4572
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:2524
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:1092
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:5220
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:3612
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:5224
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:4388
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:5240
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:1188
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:4992
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:2464
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:2376
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:1516
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:4596
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:5184
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:5128
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:6140
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:5520
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:5356
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:5400
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:5436
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:5348
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:3192
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:5604
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:5168
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:5632
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:1276
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:5672
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:4000
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:2420
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:5532
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:5536
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:5836
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:5852
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:5860
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:5244
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:5252
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:5280
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:5296
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:5660
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:5920
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:5924
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:5948
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:1716
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:5976
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:5960
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:1436
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:2864
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:5688
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:6004
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:4592
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:380
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:4048
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:5624
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:684
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:1840
- C:\Windows\system32\xcopy.exe
  xcopy "C:\Program Files (x86)\DODI-Repacks" "C:\Users\Admin\3D Objects" /s /e /h /y
  2⤵
  PID:6020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
1f3f8a0d5aa206036cb06d1c588bc5db

SHA1
5af77728f3cd422c7f5a6f7aa7f80b4c751ceaa5

SHA256
cd2956a45331b9ff98f2ce7f5d532d0b780a06f0a59fe80b94f5e924f55e03aa

SHA512
ac987fa06457399a7aa9b9ef371d69253138ddc27262139b56fe85e77655d92e53504a40b18460ab44e9006cf9d5d222075e48216393740b8f97eabb750e4b21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
703B

MD5
8882fd94667b517d28a8b78d063de123

SHA1
5103a56d49b8a7144d2de3820bdca4fe30e2885c

SHA256
a27e3f974c3fb89b3da00911abe0ea4dfa0c190f598586026b4b4c86498d32b4

SHA512
4193ec143d980d138fb9c030b640c73862aafc41f1b628db8fb57f1115002da71a40763d06848613c9eda154359ef0a80d603a2625a8c8bea5b48b4c7933cdf9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
1a6113fbad8f3122cdd854ca51a0b380

SHA1
c8d68483864a89ef61e1782b03f333ea4d33bb7b

SHA256
d12683331ac7571d8a5bce5c94f95ac013563f655d732b39886c1f7ef9ce2601

SHA512
9a3832154c2cb919750488cc56edddc0e83102de077262be6ca3098a8e7d986f651aac150a0324a1b55fdabb142c22cc04ce8a5a973894f26864baf430d68e5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ad18fddf43a8c00be0f506dd412eb208

SHA1
af60b39b90725132c2643ff31967e5b160a0095c

SHA256
f3d58423171c9c5b369f1a7706eac55aca213bc61bcb7278b836f4ac0a50a196

SHA512
15923082571b31d49d087c099d6ef06ad8a538ff5a4d062dd84bd2a0693ff51d51181377c134a961d388288958b9a25dd6ea136671257b494d50609decd5deaf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c1bfff2ec1bb975d0f86e22c7787ca6c

SHA1
e760128056e606cd87db0566328609f7216cea8b

SHA256
00e9caa78b71ccb182d5421b9f7cb71772f765ea2a6573d6c1fc4b0436170323

SHA512
02a4cef94dc2a760870bac494a6065e12fab5460cb2417abf7b3e5e078a8a3ec21d6662e7bdad1443f3425c793a56f30554938a1549ee7960b152d61e22f5cad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
265KB

MD5
43124be818286a5d9388a2dd1b6bcdb4

SHA1
f57455cd4d6050f38bd286ed3f5efbec43099ef0

SHA256
94ce4e2d977aae159d4fcc8dfd0aa50c1eeea75f6496a60897744cfcb6ecbd09

SHA512
df24dcb13c26872035aa49cd5a742f8f5c4fc1686b47ce585f53f321b39df0cee5dbdc2310c06592e13c3a9b63c089dfb3632149ae7877ec507730dd5fec40d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
105KB

MD5
f2cb0c9e738e492e3cc3dfe17f067780

SHA1
af9cc67efcffd815a4f5e0cf5145838cb8bc0465

SHA256
3e01286569b7954be5969fa65ba79b72d38b849cfe94e89bb48b1dd9ec1bd82f

SHA512
a2d4e1e373b70877d23585b79135fa0a0115f01e14c6a4c20d5956b291018bb0c8fc5a755e6a392fc8b88be470a6398114fed897d0c018149f868bd1f381698a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5afd1e.TMP

Filesize
97KB

MD5
c0c60eadd9108ce0a5dfdea01bda7cff

SHA1
1c351b9ed1585cb3b64d1efab06e95b76d7dfe5e

SHA256
804fbf236c3a60eaf31c638108b1ac7dd0553a97364cd8805c9d00c6c6195b7c

SHA512
71f1349fa4d7cb6b5da1b6dd254d8cf5bfc3c8ec1a8114feab5858b23ed0bbcc91f815c9fbfa3cd5faecbbdcd0135b8a8db5b007411d64c7645bad1baae7e64a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-3KU51.tmp\Setup.tmp

Filesize
1.5MB

MD5
6e4e83302159ec46e10280abe1d62ce1

SHA1
eb439d7b73e64605eb9f37b9b057722861ada267

SHA256
bb22238b9de45d10013cdf18b66d13646137bf5ddc075c781a160ef8739b2fd7

SHA512
22331088377154be8b11825c95c1a2a8765d71c3394714faed00a6185ab84afac63ae95103f20f1a9e4fe447259976734e1bd905e4a45bbe0567cee5241f1033

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-B256E.tmp\Autorun1.jpg

Filesize
294KB

MD5
336b561714280385c771b7359cc2fb51

SHA1
6136cf4e6286960a80f840695108747ec70a4829

SHA256
24aa776e0437e60ae0c7877c7a26f4816deb22a900507cf6e467010dcf9e5ba6

SHA512
291c76be891cd1c69c12e5b601038acb69617c3c0b146292cb57c8d5161bf839dc56c336ba96fa72aacca98f295f71bc4b32890bea90e7e13a74f58e6cc957a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-B256E.tmp\Dark.png

Filesize
65KB

MD5
185d31c702a861fd7026c693513eb3fb

SHA1
4857cba77bce860ee34df70d2ed06ac51958b53f

SHA256
56e1b926b344ef760fea6a4fd862e066ea5295f7e5671fc7c0d1f1bc148e2009

SHA512
9cabac5d73a9dada0d809fdfbbb552c105d0de975a545fef70322b8c86b001691af6e2dc58e980343342a953bed12d91553dc253928cd6357836b6aaf5efb8e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-B256E.tmp\Exit.png

Filesize
9KB

MD5
91f97aa4b051e7b2991e5456d2c8655b

SHA1
901dd406613f3e97d8d6141bb061b242a3b5fb4f

SHA256
0ff3fbfbb177d5ffc8b577f821a91f9d39f13f5f548f9570c12cb85ccef526e3

SHA512
b664f7aff75308d416c9e479bbd9a9b840816d41fb1dc218187c01636e443c4c7976a635459f626f971961c89d0b8e3c91bb0d61940e487a36179437fb0aa296

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-B256E.tmp\ISDone.dll

Filesize
452KB

MD5
4feafa8b5e8cdb349125c8af0ac43974

SHA1
7f17e5e1b088fc73690888b215962fbcd395c9bd

SHA256
bb8a0245dcc5c10a1c7181bad509b65959855009a8105863ef14f2bb5b38ac71

SHA512
d63984ee385b4f1eba8e590d6de4f082fb0121689295ec6e496539209459152465f6db09e6d8f92eec996a89fc40432077cbfa807beb2de7f375154fef6554bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-B256E.tmp\Install.png

Filesize
22KB

MD5
3a104b9ff4b59bba6dc3b30114c5b31b

SHA1
3a03ebe2b3ff5d4bac88355c82a86da3bb30cfde

SHA256
1a72008c2393b330c3a9e05bcba070e538d9d5078767adc49a86a05473226ced

SHA512
8d4d985d5003b2b7739c9f5549b8ea143adcfa78188fea45de49a73f82dd1e88709ef35a62bdcfdf360a1d3face0cb40fb8ff782d15f5081127dd6121a7e0289

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-B256E.tmp\Lockscreen.jpg

Filesize
294KB

MD5
a50d1284b3709220da74209e11bb0758

SHA1
946f94b81bbb6c6a872d454eef5a761bd8a0364e

SHA256
b8d131cbb9fcf5369fb728c16d21bd30f1760e0e647b38cd676d25e7270ecc46

SHA512
28fe1a424da12e18b9373aab640aa0cc43cd7447ce32612f5a94832793d2afb8472d5ab9061e5704cd09e1848e3f6e041ea6336c4231212213b44a7202f96e6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-B256E.tmp\Lockscreen_overlay.png

Filesize
77KB

MD5
f5f4fe2b811e5a07ae1184579cf36557

SHA1
9ae1594e259f1aa06734c8653796596113f2d08b

SHA256
d66bbf3a8d5f5890c3dbc95e77068abb10f3db4ebd0c71ae5dbf15d99174889c

SHA512
eded97ed79f84916e5727f83e170f3999478df537bebe39767c49a3bedf4c86cd5bc3dcfd5d767559b9333ce9e06bddeceb96469e5a70eaae47145a838438f56

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-B256E.tmp\Tile1_Background.jpg

Filesize
294KB

MD5
fa864d2e07ba7811638d5a07152f3277

SHA1
56734493764e6dbd9871e1bdad6222ea97f45eba

SHA256
fc36ef1c5559899c2c2e752cff7bc9408dafd6ba126ec51c2be859d5a44919a4

SHA512
42a87178b3000c8a28a6a1880d762b4b7e65213c04ceca5ef8ec9b52cba0be6970d4aeef909c3b9b48fa39688390460ce3d4faf099f13370e669865ebf5b6f25

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-B256E.tmp\Tile1_Icon1.png

Filesize
12KB

MD5
688231d073c8260004d860b29726e589

SHA1
33ef340a8671fe0b74cab319e7c3f2a197eb6c3e

SHA256
81ddf630398427b4d81e15b6feb595669d06923a5e95954cb36a442d7f0e26c3

SHA512
94aa5fbede7d9da05b8216c2cf451e927edbcc0f8808f89fb3ce612870e849836d2df477c9630358b92bead596d2a900fe1879b3c99fdd630a4c8cecbf5f6a6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-B256E.tmp\Uninstall.png

Filesize
9KB

MD5
1dbec7e15bb3fe912ea362c7f5305cb8

SHA1
8ee2dca3f834cd7809dd50681bb432fa17f982f6

SHA256
43bfe50a575e87237abe4f65eee18b23e667c0a6c9fa1fd6fc2176948edfa527

SHA512
dc46536df17a17410a4aa2b6afaee9a620612e23498d009e766411bf2d17c87da0ac3b3f5a950375c34f4355f6b2924dfdc99c52102e1e702fd55f29333fc55f

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-B256E.tmp\botva2.dll

Filesize
37KB

MD5
619bf9ddcb5fe39ee9e5b0167e7f4f0d

SHA1
6da8c0d2407d5221172765b00452efa0f361902f

SHA256
609661a14733f6e9c2c2f2ff9c274f8a4cbedaff4dd32049aa5161f8d7083d6a

SHA512
a89fc731805e83f889f408fe3fea769d0e44faf1e1dd37d3569bbf57a6086b1ffc8783778e0be8236447c7661c44051b2d4b1d3a643f7ebc35f6ef0625c6897a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-B256E.tmp\logo.png

Filesize
26KB

MD5
a5ba8ba0b1985ca8f6d2d8bc3ff1f09f

SHA1
e198a54f426d139bd19a836502dd226d83973f8f

SHA256
1f6fec81aae4f62d18b834e1fc634603882155b23d6d5825b786ee9dbf9ddf3d

SHA512
e457b152f85611b49ab3270ac524e1e957a24570ac036e570b45d892652890bb94fee98700898d55cf31d5f5f47ee1bfd1e3acf03875edd7db5ef94395e70181

Download Submit
C:\Users\Admin\Downloads\Downloads.zip.crdownload

Filesize
6.1MB

MD5
81985e05b2cfb004445e2d8fdcb5e5f9

SHA1
7b2c9fea703d6f69d74446ce0eac9566de9be091

SHA256
a66db067ef18b291b51738dca057ac5536e12741dd0e8923669bb76c14fb5bd3

SHA512
742cd96f732161014c0dfaf6e2c3bed083f426292989ef73a60a8e68e2dd9e27290123a9e063654a0dfa8a36ab02b58d3ac5fe00d06711239199d58972af8924

Download Submit
memory/4636-5-0x00007FF9F56F0000-0x00007FF9F58E5000-memory.dmp

Filesize
2.0MB

Download
memory/4636-28-0x00007FF9F56F0000-0x00007FF9F58E5000-memory.dmp

Filesize
2.0MB

Download
memory/4636-7-0x00007FF9F56F0000-0x00007FF9F58E5000-memory.dmp

Filesize
2.0MB

Download
memory/4636-10-0x00007FF9F56F0000-0x00007FF9F58E5000-memory.dmp

Filesize
2.0MB

Download
memory/4636-4-0x00007FF9F56F0000-0x00007FF9F58E5000-memory.dmp

Filesize
2.0MB

Download
memory/4636-6-0x00007FF9B5770000-0x00007FF9B5780000-memory.dmp

Filesize
64KB

Download
memory/4636-8-0x00007FF9F56F0000-0x00007FF9F58E5000-memory.dmp

Filesize
2.0MB

Download
memory/4636-2-0x00007FF9B5770000-0x00007FF9B5780000-memory.dmp

Filesize
64KB

Download
memory/4636-3-0x00007FF9B5770000-0x00007FF9B5780000-memory.dmp

Filesize
64KB

Download
memory/4636-1-0x00007FF9B5770000-0x00007FF9B5780000-memory.dmp

Filesize
64KB

Download
memory/4636-9-0x00007FF9F56F0000-0x00007FF9F58E5000-memory.dmp

Filesize
2.0MB

Download
memory/4636-0-0x00007FF9B5770000-0x00007FF9B5780000-memory.dmp

Filesize
64KB

Download
memory/4636-12-0x00007FF9B35C0000-0x00007FF9B35D0000-memory.dmp

Filesize
64KB

Download
memory/4636-11-0x00007FF9B35C0000-0x00007FF9B35D0000-memory.dmp

Filesize
64KB

Download
memory/5404-147-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/5404-245-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/5612-198-0x0000000002D30000-0x0000000002D3F000-memory.dmp

Filesize
60KB

Download
memory/5612-161-0x0000000002BA0000-0x0000000002C17000-memory.dmp

Filesize
476KB

Download
memory/5612-246-0x0000000000400000-0x000000000058E000-memory.dmp

Filesize
1.6MB

Download
memory/5612-248-0x0000000002D30000-0x0000000002D3F000-memory.dmp

Filesize
60KB

Download
memory/5612-247-0x0000000002BA0000-0x0000000002C17000-memory.dmp

Filesize
476KB

Download