hxxps://www[.]diskgenius[.]com/dyna_download/?software=DGEngSetup5511508[.]exe

Analysis

max time kernel
99s
max time network
100s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
22/05/2024, 14:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.diskgenius.com/dyna_download/?software=DGEngSetup5511508.exe

Score

8^/10

bootkit discovery persistence

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 3 IoCs

pid	Process
1656	DGEngSetup5511508.exe
4560	DGEngSetup5511508.tmp
2844	DiskGenius.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 1 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	DiskGenius.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	DiskGenius.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
2844	DiskGenius.exe
2844	DiskGenius.exe

Drops file in Program Files directory 62 IoCs

description	ioc	Process
File created	C:\Program Files\DiskGenius\is-9T5EI.tmp	DGEngSetup5511508.tmp
File opened for modification	C:\Program Files\DiskGenius\avdevice-60.dll	DGEngSetup5511508.tmp
File opened for modification	C:\Program Files\DiskGenius\avcodec-60.dll	DGEngSetup5511508.tmp
File opened for modification	C:\Program Files\DiskGenius\swresample-4.dll	DGEngSetup5511508.tmp
File created	C:\Program Files\DiskGenius\is-GIB0C.tmp	DGEngSetup5511508.tmp
File created	C:\Program Files\DiskGenius\lang\is-O1M6L.tmp	DGEngSetup5511508.tmp
File opened for modification	C:\Program Files\DiskGenius\Options.ini	DGEngSetup5511508.tmp
File created	C:\Program Files\DiskGenius\is-HPQ7G.tmp	DGEngSetup5511508.tmp
File created	C:\Program Files\DiskGenius\is-NVAVA.tmp	DGEngSetup5511508.tmp
File created	C:\Program Files\DiskGenius\is-NCAMG.tmp	DGEngSetup5511508.tmp
File created	C:\Program Files\DiskGenius\lang\is-H9NTM.tmp	DGEngSetup5511508.tmp
File created	C:\Program Files\DiskGenius\lang\is-O813B.tmp	DGEngSetup5511508.tmp
File opened for modification	C:\Program Files\DiskGenius\DGFileViewer.exe	DGEngSetup5511508.tmp
File opened for modification	C:\Program Files\DiskGenius\SDL2.dll	DGEngSetup5511508.tmp
File created	C:\Program Files\DiskGenius\is-70631.tmp	DGEngSetup5511508.tmp
File created	C:\Program Files\DiskGenius\is-FK780.tmp	DGEngSetup5511508.tmp
File created	C:\Program Files\DiskGenius\is-I7I5C.tmp	DGEngSetup5511508.tmp
File created	C:\Program Files\DiskGenius\is-F4UQI.tmp	DGEngSetup5511508.tmp
File created	C:\Program Files\DiskGenius\lang\is-0KOR7.tmp	DGEngSetup5511508.tmp
File opened for modification	C:\Program Files\DiskGenius\Hdrwvdi.dll	DGEngSetup5511508.tmp
File created	C:\Program Files\DiskGenius\is-R33JU.tmp	DGEngSetup5511508.tmp
File created	C:\Program Files\DiskGenius\is-MLL6K.tmp	DGEngSetup5511508.tmp
File created	C:\Program Files\DiskGenius\lang\is-90PHU.tmp	DGEngSetup5511508.tmp
File opened for modification	C:\Program Files\DiskGenius\OfflineReg.exe	DGEngSetup5511508.tmp
File created	C:\Program Files\DiskGenius\lang\is-7O8TR.tmp	DGEngSetup5511508.tmp
File opened for modification	C:\Program Files\DiskGenius\DiskGenius.exe	DGEngSetup5511508.tmp
File opened for modification	C:\Program Files\DiskGenius\Hdrwvhdx.dll	DGEngSetup5511508.tmp
File created	C:\Program Files\DiskGenius\is-VP844.tmp	DGEngSetup5511508.tmp
File created	C:\Program Files\DiskGenius\is-M84SE.tmp	DGEngSetup5511508.tmp
File created	C:\Program Files\DiskGenius\lang\is-4F2Q3.tmp	DGEngSetup5511508.tmp
File created	C:\Program Files\DiskGenius\lang\is-KV9VN.tmp	DGEngSetup5511508.tmp
File created	C:\Program Files\DiskGenius\lang\is-ALR02.tmp	DGEngSetup5511508.tmp
File opened for modification	C:\Program Files\DiskGenius\Hdrwvm.dll	DGEngSetup5511508.tmp
File opened for modification	C:\Program Files\DiskGenius\libhefc.dll	DGEngSetup5511508.tmp
File opened for modification	C:\Program Files\DiskGenius\libwim.dll	DGEngSetup5511508.tmp
File created	C:\Program Files\DiskGenius\is-C5IE8.tmp	DGEngSetup5511508.tmp
File opened for modification	C:\Program Files\DiskGenius\unins000.dat	DGEngSetup5511508.tmp
File created	C:\Program Files\DiskGenius\lang\is-HAG33.tmp	DGEngSetup5511508.tmp
File created	C:\Program Files\DiskGenius\lang\is-23OB6.tmp	DGEngSetup5511508.tmp
File created	C:\Program Files\DiskGenius\lang\is-0433Q.tmp	DGEngSetup5511508.tmp
File opened for modification	C:\Program Files\DiskGenius\avutil-58.dll	DGEngSetup5511508.tmp
File created	C:\Program Files\DiskGenius\is-10A17.tmp	DGEngSetup5511508.tmp
File created	C:\Program Files\DiskGenius\unins000.msg	DGEngSetup5511508.tmp
File opened for modification	C:\Program Files\DiskGenius\Hdrwvhdd.dll	DGEngSetup5511508.tmp
File opened for modification	C:\Program Files\DiskGenius\avformat-60.dll	DGEngSetup5511508.tmp
File created	C:\Program Files\DiskGenius\is-QC6EJ.tmp	DGEngSetup5511508.tmp
File created	C:\Program Files\DiskGenius\is-60DCR.tmp	DGEngSetup5511508.tmp
File created	C:\Program Files\DiskGenius\is-96A30.tmp	DGEngSetup5511508.tmp
File created	C:\Program Files\DiskGenius\is-6TNE5.tmp	DGEngSetup5511508.tmp
File opened for modification	C:\Program Files\DiskGenius\Hdrwvhd.dll	DGEngSetup5511508.tmp
File opened for modification	C:\Program Files\DiskGenius\HdrwQcow.dll	DGEngSetup5511508.tmp
File created	C:\Program Files\DiskGenius\is-13G0I.tmp	DGEngSetup5511508.tmp
File created	C:\Program Files\DiskGenius\is-P4SEL.tmp	DGEngSetup5511508.tmp
File created	C:\Program Files\DiskGenius\is-1F27F.tmp	DGEngSetup5511508.tmp
File created	C:\Program Files\DiskGenius\is-JNL23.tmp	DGEngSetup5511508.tmp
File created	C:\Program Files\DiskGenius\lang\is-I7CEF.tmp	DGEngSetup5511508.tmp
File created	C:\Program Files\DiskGenius\is-2R61H.tmp	DGEngSetup5511508.tmp
File created	C:\Program Files\DiskGenius\is-C0RUK.tmp	DGEngSetup5511508.tmp
File opened for modification	C:\Program Files\DiskGenius\VPreview.dll	DGEngSetup5511508.tmp
File opened for modification	C:\Program Files\DiskGenius\avfilter-9.dll	DGEngSetup5511508.tmp
File opened for modification	C:\Program Files\DiskGenius\swscale-7.dll	DGEngSetup5511508.tmp
File created	C:\Program Files\DiskGenius\unins000.dat	DGEngSetup5511508.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133608624698882895"	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\DGEngSetup5511508.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4860	chrome.exe
4860	chrome.exe
4560	DGEngSetup5511508.tmp
4560	DGEngSetup5511508.tmp
2612	msedge.exe
2612	msedge.exe
3036	msedge.exe
3036	msedge.exe
2844	DiskGenius.exe
2844	DiskGenius.exe
2356	msedge.exe
2356	msedge.exe
1528	identity_helper.exe
1528	identity_helper.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2844	DiskGenius.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4860	chrome.exe
4860	chrome.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2844	DiskGenius.exe
2844	DiskGenius.exe
2844	DiskGenius.exe
2844	DiskGenius.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4860 wrote to memory of 1376	4860	chrome.exe	78
PID 4860 wrote to memory of 1376	4860	chrome.exe	78
PID 4860 wrote to memory of 3988	4860	chrome.exe	80
PID 4860 wrote to memory of 3988	4860	chrome.exe	80
PID 4860 wrote to memory of 3988	4860	chrome.exe	80
PID 4860 wrote to memory of 3988	4860	chrome.exe	80
PID 4860 wrote to memory of 3988	4860	chrome.exe	80
PID 4860 wrote to memory of 3988	4860	chrome.exe	80
PID 4860 wrote to memory of 3988	4860	chrome.exe	80
PID 4860 wrote to memory of 3988	4860	chrome.exe	80
PID 4860 wrote to memory of 3988	4860	chrome.exe	80
PID 4860 wrote to memory of 3988	4860	chrome.exe	80
PID 4860 wrote to memory of 3988	4860	chrome.exe	80
PID 4860 wrote to memory of 3988	4860	chrome.exe	80
PID 4860 wrote to memory of 3988	4860	chrome.exe	80
PID 4860 wrote to memory of 3988	4860	chrome.exe	80
PID 4860 wrote to memory of 3988	4860	chrome.exe	80
PID 4860 wrote to memory of 3988	4860	chrome.exe	80
PID 4860 wrote to memory of 3988	4860	chrome.exe	80
PID 4860 wrote to memory of 3988	4860	chrome.exe	80
PID 4860 wrote to memory of 3988	4860	chrome.exe	80
PID 4860 wrote to memory of 3988	4860	chrome.exe	80
PID 4860 wrote to memory of 3988	4860	chrome.exe	80
PID 4860 wrote to memory of 3988	4860	chrome.exe	80
PID 4860 wrote to memory of 3988	4860	chrome.exe	80
PID 4860 wrote to memory of 3988	4860	chrome.exe	80
PID 4860 wrote to memory of 3988	4860	chrome.exe	80
PID 4860 wrote to memory of 3988	4860	chrome.exe	80
PID 4860 wrote to memory of 3988	4860	chrome.exe	80
PID 4860 wrote to memory of 3988	4860	chrome.exe	80
PID 4860 wrote to memory of 3988	4860	chrome.exe	80
PID 4860 wrote to memory of 3988	4860	chrome.exe	80
PID 4860 wrote to memory of 3988	4860	chrome.exe	80
PID 4860 wrote to memory of 3140	4860	chrome.exe	81
PID 4860 wrote to memory of 3140	4860	chrome.exe	81
PID 4860 wrote to memory of 1992	4860	chrome.exe	82
PID 4860 wrote to memory of 1992	4860	chrome.exe	82
PID 4860 wrote to memory of 1992	4860	chrome.exe	82
PID 4860 wrote to memory of 1992	4860	chrome.exe	82
PID 4860 wrote to memory of 1992	4860	chrome.exe	82
PID 4860 wrote to memory of 1992	4860	chrome.exe	82
PID 4860 wrote to memory of 1992	4860	chrome.exe	82
PID 4860 wrote to memory of 1992	4860	chrome.exe	82
PID 4860 wrote to memory of 1992	4860	chrome.exe	82
PID 4860 wrote to memory of 1992	4860	chrome.exe	82
PID 4860 wrote to memory of 1992	4860	chrome.exe	82
PID 4860 wrote to memory of 1992	4860	chrome.exe	82
PID 4860 wrote to memory of 1992	4860	chrome.exe	82
PID 4860 wrote to memory of 1992	4860	chrome.exe	82
PID 4860 wrote to memory of 1992	4860	chrome.exe	82
PID 4860 wrote to memory of 1992	4860	chrome.exe	82
PID 4860 wrote to memory of 1992	4860	chrome.exe	82
PID 4860 wrote to memory of 1992	4860	chrome.exe	82
PID 4860 wrote to memory of 1992	4860	chrome.exe	82
PID 4860 wrote to memory of 1992	4860	chrome.exe	82
PID 4860 wrote to memory of 1992	4860	chrome.exe	82
PID 4860 wrote to memory of 1992	4860	chrome.exe	82
PID 4860 wrote to memory of 1992	4860	chrome.exe	82
PID 4860 wrote to memory of 1992	4860	chrome.exe	82
PID 4860 wrote to memory of 1992	4860	chrome.exe	82
PID 4860 wrote to memory of 1992	4860	chrome.exe	82
PID 4860 wrote to memory of 1992	4860	chrome.exe	82
PID 4860 wrote to memory of 1992	4860	chrome.exe	82
PID 4860 wrote to memory of 1992	4860	chrome.exe	82

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.diskgenius.com/dyna_download/?software=DGEngSetup5511508.exe
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd0a6dab58,0x7ffd0a6dab68,0x7ffd0a6dab78
  2⤵
  PID:1376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1544 --field-trial-handle=1744,i,10147627739872456757,4874956550749364365,131072 /prefetch:2
  2⤵
  PID:3988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1744,i,10147627739872456757,4874956550749364365,131072 /prefetch:8
  2⤵
  PID:3140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2148 --field-trial-handle=1744,i,10147627739872456757,4874956550749364365,131072 /prefetch:8
  2⤵
  PID:1992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3004 --field-trial-handle=1744,i,10147627739872456757,4874956550749364365,131072 /prefetch:1
  2⤵
  PID:3588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3008 --field-trial-handle=1744,i,10147627739872456757,4874956550749364365,131072 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4512 --field-trial-handle=1744,i,10147627739872456757,4874956550749364365,131072 /prefetch:8
  2⤵
  PID:3812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4724 --field-trial-handle=1744,i,10147627739872456757,4874956550749364365,131072 /prefetch:8
  2⤵
  PID:1908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4772 --field-trial-handle=1744,i,10147627739872456757,4874956550749364365,131072 /prefetch:8
  2⤵
  PID:832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4888 --field-trial-handle=1744,i,10147627739872456757,4874956550749364365,131072 /prefetch:8
  2⤵
  PID:4228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1452 --field-trial-handle=1744,i,10147627739872456757,4874956550749364365,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4552 --field-trial-handle=1744,i,10147627739872456757,4874956550749364365,131072 /prefetch:8
  2⤵
  PID:4872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4512 --field-trial-handle=1744,i,10147627739872456757,4874956550749364365,131072 /prefetch:8
  2⤵
  PID:3324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 --field-trial-handle=1744,i,10147627739872456757,4874956550749364365,131072 /prefetch:8
  2⤵
  PID:2524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 --field-trial-handle=1744,i,10147627739872456757,4874956550749364365,131072 /prefetch:8
  2⤵
  PID:2564
- C:\Users\Admin\Downloads\DGEngSetup5511508.exe
  "C:\Users\Admin\Downloads\DGEngSetup5511508.exe"
  2⤵
  - Executes dropped EXE
  PID:1656
- - C:\Users\Admin\AppData\Local\Temp\is-4N5LR.tmp\DGEngSetup5511508.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-4N5LR.tmp\DGEngSetup5511508.tmp" /SL5="$D004C,63462394,780800,C:\Users\Admin\Downloads\DGEngSetup5511508.exe"
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - Suspicious behavior: EnumeratesProcesses
    PID:4560
  - - C:\Program Files\DiskGenius\DiskGenius.exe
      "C:\Program Files\DiskGenius\DiskGenius.exe"
      4⤵
      Executes dropped EXE
      Enumerates connected drives
      Writes to the Master Boot Record (MBR)
      Suspicious use of NtSetInformationThreadHideFromDebugger
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of SetWindowsHookEx
      PID:2844
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.diskgenius.com/
      4⤵
      Enumerates system info in registry
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of SendNotifyMessage
      PID:3036
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffcf5953cb8,0x7ffcf5953cc8,0x7ffcf5953cd8
        5⤵
        
        PID:4752
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,10921295543985101315,9946905439725236729,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1900 /prefetch:2
        5⤵
        
        PID:1556
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,10921295543985101315,9946905439725236729,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2612
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,10921295543985101315,9946905439725236729,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8
        5⤵
        
        PID:2644
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,10921295543985101315,9946905439725236729,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
        5⤵
        
        PID:1176
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,10921295543985101315,9946905439725236729,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
        5⤵
        
        PID:4948
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,10921295543985101315,9946905439725236729,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:1
        5⤵
        
        PID:3348
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,10921295543985101315,9946905439725236729,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
        5⤵
        
        PID:2324
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1888,10921295543985101315,9946905439725236729,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 /prefetch:8
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2356
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,10921295543985101315,9946905439725236729,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3944 /prefetch:1
        5⤵
        
        PID:1444
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,10921295543985101315,9946905439725236729,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
        5⤵
        
        PID:2028
    - - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,10921295543985101315,9946905439725236729,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 /prefetch:8
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1528

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2612

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3148

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\DiskGenius\DiskGenius.exe

Filesize
27.4MB

MD5
d1f03fca148bfbf4e591334c21f04c09

SHA1
694b7a079df5f8956ac7418ad3987e73013e655f

SHA256
02d2132a121e3594aac13a18a9ed1869104b694b224443fe8d1451b8c4a48cfe

SHA512
20050dfaa0098326f12a6254fd71f87f23a6b5ea7bd2e96cdd2f504ca5f1be59b6dd08b4a63e50154b9c54165ad5c349a6bc90806879dc8e1e18427101a2b9b5

Download Submit
C:\Program Files\DiskGenius\Options.ini

Filesize
50B

MD5
14119208e31fdfb102a4177b8f543a0c

SHA1
cda476164955cb9ee48a97863032b602eac4755c

SHA256
08b0d14a1ef0f5b279a6bfd207eb6ebe6ab0f143a9fb600dcf97e624e01e1669

SHA512
1ae41e03b012f958a4ad5b44194481f000ae90d4f2e1266e973536632bf9032f136d8d307c982312fa7cb2e94d60cc7b2bf2c0fe818dc416672a22a82e7060c2

Download Submit
C:\Program Files\DiskGenius\lang\Language_arabic.lang

Filesize
306KB

MD5
e88b961f8f3f2d25c72a8a78689a7af0

SHA1
74886fc2e757a72c309d98d31969134ac9ef842b

SHA256
1827696912010f3d5c8941bc1a3f4c2c18e2578e47de6868f27029796aa34ce7

SHA512
489dfa4c8817773ce7aa9be22d33307a2b6cd0c3373499b7188abd0b7f8f3524a699ef8dadbb57d40e8713ef59f617025642f4c4d2a0424c1a839505ea7d1065

Download Submit
C:\Program Files\DiskGenius\lang\Language_dutch.lang

Filesize
362KB

MD5
021be8d9ae90854ad1fc5c52d46d3f06

SHA1
4594026f092c926ebdf93ff4e6d910c5a711e480

SHA256
21281ab4a7efec4937659dc888f020177986ba74ac545ba11c9645d390b766f4

SHA512
7e20214704958d824277a280fabccf96ffb7fd83600bebd8d6c8e24c2c63072f363b8b215dd432e4bb4624e816c687d6c460624e6fca7a3292687ffa130c4642

Download Submit
C:\Program Files\DiskGenius\lang\Language_french.lang

Filesize
381KB

MD5
28f770837db1a07a160f0f5ee1bbb372

SHA1
c0200adc5c7f9bd59c2244e257f57f69e229afb3

SHA256
b7ac755cf52df8467d329235611f7722c570edda3dc1ae5a30e282b8adab0c21

SHA512
72ea46f737d4744d2b9af1a243c4e232a3ff0d0779bdcc9fa60db61677e1828a7db6d8a02476c6cc6ef5abc0efec0aa5f2d2fe773d2e9171ee6f24cfd7db9cc1

Download Submit
C:\Program Files\DiskGenius\lang\Language_german.lang

Filesize
377KB

MD5
c1b5ad518a05f4053aa73362a461c480

SHA1
511d38d8d5c57b2ccc2ee058b3cccd7bc3aef379

SHA256
4940cc00aa0b5b38f20695eba67d6ba17a47d5b457640c0eeef81668d4f2d298

SHA512
e54d14e02fb9c69dd80e72adefaef9df7fa7fe5388405166b866f4a699e65b63671699fa242579be3b347c732f5c6bcd75e45c307ddfc361bbec34bda14ae04f

Download Submit
C:\Program Files\DiskGenius\lang\Language_hungarian.lang

Filesize
349KB

MD5
2d6a4eb0be3875d8616498386a232e9a

SHA1
52c717d4817902b93a8a177e4616c26a30652885

SHA256
7c0ac4caa8bba3b00e43dff06af066a290814ae49bf0bfe29f0a860378bcb40e

SHA512
533dac9912606f247ea1ba94cbcfd552fd2d010d3e865bca63d0d44fca8da0274a5cf1182acd6c3877cfb94ded40db624bb8abd028f35fecf10dc47f26745679

Download Submit
C:\Program Files\DiskGenius\lang\Language_italian.lang

Filesize
361KB

MD5
5cc1d005edb42468eeb8443b9472b86c

SHA1
6c9d9da258c73eaf60ddc89feeb7761981a15645

SHA256
0773f96573655e7e967c0fc3829e116dd3d554ed0fbb9ed70d39e6bd10aaf818

SHA512
86e894dc5c626b1cdee91d95ee6c79eab3340b7edefc2df9cd9bef969ef981d9a0204d1412326f91a26af30e80bbe2e60e44ea62843eb3599ecbea7943e5230a

Download Submit
C:\Program Files\DiskGenius\lang\Language_japanese.lang

Filesize
235KB

MD5
f19b411d859b2f92d0d5121ffb238d87

SHA1
252c7dc92a4c93bcd144395fb597e0aceab82d0d

SHA256
213b905b62e8f68360ebb8328c3b4fd93846133181de1a23be38fdc19454bfcb

SHA512
0ad60f61b2c0f48ea2b2ca4e92f834ac0c08ff2d8db89780d26e3101365cc441440fe021f0eb5bf5b54009dc106292c09039dfbc4d1cc389f16204cb073e3c17

Download Submit
C:\Program Files\DiskGenius\lang\Language_korean.lang

Filesize
235KB

MD5
744f84fd847646b269d34eb1255e5c04

SHA1
057b7e1ce8d6c6624092bedde7d2bcefdecf1004

SHA256
ee75ab4800feadae2e4f5691f93a1fce90c77cc1071cc538e271a4df3f832117

SHA512
07487f3f11cbccc4dad3d1c6fee0efabe11e76a4d1b2255b683576b82932f01ee861ea54b541e8c5f820378a85b57fa38b83d3277aeb64498e23ff603f901d05

Download Submit
C:\Program Files\DiskGenius\lang\Language_polish.lang

Filesize
358KB

MD5
e01c733cecf4194c1ec8ede30e6e1b3a

SHA1
95eb57e5ae2ad2c6b60805102758770e09e92722

SHA256
b64386d2c2368e58f9d1ec6e4bd41c8a62424b7759747f551311da05b50ed433

SHA512
e25de966c3ca63145576b05f805a033510021aee74b81ee83657a7de360b89544dd5491a77bf158b14841ce2ab1fa3fc5569d3069b00354f4ddfa68f6e80089f

Download Submit
C:\Program Files\DiskGenius\lang\Language_portuguese.lang

Filesize
359KB

MD5
a0dfbd4ebad1728e687f5ea7fbe6f043

SHA1
1bc69b27e13933817fa4e8baecc42e9e2f0ee750

SHA256
082a7381418f2f6dcf624bd788af2dc2059b803bd0837e68df82e1a16f757c90

SHA512
1628c40aa5d140800fd6976a378e32465fa8b9d2b90876e05d32e8d2dcbc78607b7db2cb71a899711aac2feef7306625686c0b74f43e80087c6c596d8d1c5622

Download Submit
C:\Program Files\DiskGenius\lang\Language_russian.lang

Filesize
362KB

MD5
9fc3b237f89701d4a5665ee4d896d071

SHA1
467b4050bf41843b0f106ecc38f2ed1c14af7d27

SHA256
8f770246d09e87d13b70b0bc0abc12f3090a89e0c0ee7cb18ca2aebdca1704d1

SHA512
d54d17f1cffcbec3aa6a6b7a13b28f1c522ba8d805b51e7f6acb2266e8656ea3deda8ed0b489ee70060a0f396c8a21e71dff7d9256f0dbd1e4b10f7ad377e185

Download Submit
C:\Program Files\DiskGenius\lang\Language_spanish.lang

Filesize
372KB

MD5
8b7ada57aed286eff9da89b5f9921adb

SHA1
46dfab537ed94bd129632fbece455809367f0d60

SHA256
608c58dba98a48d3b7ecc1c714f0949349e0e1a15179f0ce2467b32584ac228c

SHA512
65a37ac472443c8b7279c06f74d885ab965a238d95761e9e6b14958a363596b7d013bb8f1d9690aedc1dc4b959bf5247c267cd9fbe4bd84dd6cb65a9a5d66ca0

Download Submit
C:\Program Files\DiskGenius\lang\Language_turkish.lang

Filesize
329KB

MD5
c4edf12949997a6f6226b931e845233a

SHA1
34840b82a94775257206f5d42ad3f75ce609d5b2

SHA256
a1dab525d65f01ba47778e1733e6747efd8103ca99baf9130ec35a66ab077954

SHA512
6d88e8ef63f3322fec50c89b373b51e1b4ba2ad1bc985e97916f246305150ff028f9e3510c92d4e08138122b31ce28b24e6ddc3a9a0abe41a485f42b77854ee6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\92182f7d-715c-4f8a-9a34-1f32ffa40b24.tmp

Filesize
103KB

MD5
44dae373fe14734fd839ffbbe2fa42ec

SHA1
2d085da3fb89fbe11c477f33836bdbc4e0134209

SHA256
bac89b8965e3d971128708ef56ff17a0bbe988da81e3adaf1e5d8621d7969f77

SHA512
da9287aef08ca32a08398f7c9a28fb51a05c5c0075d62f0f4ff13a0c91e3d06475ab86f5ced8ef7c41584508e4705fe4f5d9b9c261e4f8814fd1818969c0df2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
5ce94542273486f9436beb3632269a9d

SHA1
54fe334090c44a300829d5ad4e9e76d20a261c93

SHA256
46fe34e3c9648cc1e79589e1488cd25dc36b522af9b9f923f5a37b70c44bc78d

SHA512
f4c61807402da104c6f012703939b5f136233677e0b5c1554e88b35f2e97ba6f53d5c4696493d81a204cb5ec6b94b531b1fb4a4bfa7a3efe8feadb7f33c8771d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c20a5a81d270c4ed3e069460ce9cf4b5

SHA1
1320d8aa01afcf0c637af8e3db6a61810dbb1778

SHA256
27b37de2923d4f8b00f142bae8d9c5a8ba178438fb9777b2638dab05b7ff2a51

SHA512
1b85e4b6cce7922ef2b40fcd391653a3fb627c52565640a206d00a5ff06e5a4d3ff0fb587a10215df83cebcd60f4cb9faecedbde76212f3b1a205426c83043f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
846b75b41a95522c6bb41fbd14334908

SHA1
47803cfa3a862b38459643fe7e60ce70a9d8ae34

SHA256
8bafb98cc09dc24643786ec1403132acc598b9a087d885e4b618d517c5c9b24e

SHA512
1e85cf9e224416509800164675c3ca14be53b72f21f6c666a8db0dfc938674e699e863734ec33773ee485adb8b23093637c7f9e2d17844c1b48264586dc9f948

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
d83eb41872fac5abdd999bb57a22a80f

SHA1
a7a8119034a1eaaed05daa68cc7013e0d36e636b

SHA256
8b54166e389c420355b6c6f09fdb534c3cca950aace4fc1b7d82475b59b8070b

SHA512
0bcbc539be7f0a168ff75f115a460affa48aa8d542973b24f9e07e28a1bde803c654a468b50b2dcce13f777138c09b49ab70b564a3f983bd4f04a6d5b6d7d6cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5824b9.TMP

Filesize
88KB

MD5
94d8cef6800e90f95804476a712e8ecd

SHA1
44c7d52023b90271a730ea391591778bf0add658

SHA256
58fd6aa88b3dfae483d7a4cdf53f3609a9d77df8a9e1c09e202a112c664979fd

SHA512
9845b094466e2de5eef6525f221ce18faa44346542a98342b1b2f0797cb7e6b1f0221c32fe001f302a000c0441a1ba8eceb63ff1ef67d1ee31ffb59e43803cca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\26a23529-715c-4065-b10e-2c68a23fb4d9.tmp

Filesize
11KB

MD5
6ce74abb7c3e61eadc10500d979791f2

SHA1
f8426f4cfdc4fc5d293b21e69ca07ec7dc50f23e

SHA256
a0d228921549cf251e798e77339cd82a8336f5e021e01a9b7bfbedb32e69379a

SHA512
07ed3d16fcc341877eaba13e79795642e59a5b023fa1f76d372b95240dd46549a24ace7427758bacf41964e53c8a8c601a3ef37225ccf7dd7a8eba1d60e265f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7915c5c12c884cc2fa03af40f3d2e49d

SHA1
d48085f85761cde9c287b0b70a918c7ce8008629

SHA256
e79d4b86d8cabd981d719da7f55e0540831df7fa0f8df5b19c0671137406c3da

SHA512
4c71eb6836546d4cfdb39cd84b6c44687b2c2dee31e2e658d12f809225cbd495f20ce69030bff1d80468605a3523d23b6dea166975cedae25b02a75479c3f217

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9faad3e004614b187287bed750e56acc

SHA1
eeea3627a208df5a8cf627b0d39561167d272ac5

SHA256
64a60300c46447926ce44b48ce179d01eff3dba906b83b17e48db0c738ca38a9

SHA512
a7470fe359229c2932aa39417e1cd0dc47f351963cbb39f4026f3a2954e05e3238f3605e13c870c9fe24ae56a0d07e1a6943df0e891bdcd46fd9ae4b7a48ab90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1bb467f810d4f7f68d74dc5e223a00d1

SHA1
9c51afc1aa1944870320e2aca3306da2bb39eb6d

SHA256
220eb58389f467e309e6eef2e5aad4d04ba75502492bb79cd38fb54c597b992b

SHA512
0d1b8d1dc78be83820e421820cd05a731abe0d72bf3be0c0b463e03c95a8c3dcfde7bd0227c759b32e3b24fc909707899c02d23f5a5705ba823935fc9d47f910

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f4424f31ab19f7cd8d0ffd2023cb205a

SHA1
23eb9863106983b45fad91e213b08477139021a4

SHA256
afed3ef5116da35deb3d04b87ce20641bef44b92bef12b8b2eb57db3972a2836

SHA512
98b54eb87b628de09dccc744251f469198e3bf8d264f92f0c724d164f419f92d7a6e53460859dcd5b0213c90f4453aaf7115ed2b835509bbc58bae7a849cb597

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-4N5LR.tmp\DGEngSetup5511508.tmp

Filesize
2.5MB

MD5
cb4f63f4fba0634b27b980421c57ab6c

SHA1
fd10be68bba91862ccc3d83e5ae70a757a31d048

SHA256
5414aaf779b47c1ed7ee5b8d86aa2f551871a622e647c68ca271c06b932eee70

SHA512
5548004a60035b7605f2b74a9b9c62bd59d44632a262c71f0ae40450e34ca50ff22e21a7f2a6b842cfdfd767cef28625ed401a9181262367cd77ba8f29188388

Download Submit
C:\Users\Admin\Downloads\DGEngSetup5511508.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/1656-252-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/1656-82-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/1656-84-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/1656-110-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/2844-286-0x0000000140000000-0x0000000143197000-memory.dmp

Filesize
49.6MB

Download
memory/2844-285-0x00007FFD195E0000-0x00007FFD195E2000-memory.dmp

Filesize
8KB

Download
memory/2844-284-0x00007FFD195D0000-0x00007FFD195D2000-memory.dmp

Filesize
8KB

Download
memory/4560-89-0x0000000000400000-0x0000000000682000-memory.dmp

Filesize
2.5MB

Download
memory/4560-111-0x0000000000400000-0x0000000000682000-memory.dmp

Filesize
2.5MB

Download
memory/4560-115-0x0000000000400000-0x0000000000682000-memory.dmp

Filesize
2.5MB

Download
memory/4560-223-0x0000000000400000-0x0000000000682000-memory.dmp

Filesize
2.5MB

Download
memory/4560-251-0x0000000000400000-0x0000000000682000-memory.dmp

Filesize
2.5MB

Download