3afb601c88f3d5751f57c6478cb2af1211dc02d3b7f76d31936722f5d7c385f2

Resubmissions

23-05-2024 02:14

240523-cn6lraab4s 8

23-05-2024 01:59

240523-cewp7ahh34 3

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 02:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Eac Forcer.exe
Size

105KB
MD5

9d38c8fbe7254ab161071e3900da36ad
SHA1

0da5905b5077f23a4bc44570f0a1a18bed45391d
SHA256

3afb601c88f3d5751f57c6478cb2af1211dc02d3b7f76d31936722f5d7c385f2
SHA512

de9d5b8bdbaf015bdca126155a351950c382d9767b90b9e263f71582ed9935179d83456f4628145c3a45ae1533db7856617c14cf7a47303ef9a4a6aed3ec002d
SSDEEP

768:NeHspXXVl6Wqfccyk4lmw12xAaR8kJBzvPzgI75Dj6zAipK:NeHsllqfcDlL1KR8CBzvbH75Dy

Score

8^/10

microsoft discovery persistence phishing

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

VC_redist.x86.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	VC_redist.x86.exe

Executes dropped EXE 10 IoCs

Processes:

Eac Forcer.exeVC_redist.x86.exeVC_redist.x86.exeVC_redist.x86.exeEac Forcer.exeEac Forcer.exeVC_redist.x86.exeVC_redist.x86.exeVC_redist.x86.exeVC_redist.x86.exe

pid	process
4348	Eac Forcer.exe
436	VC_redist.x86.exe
1108	VC_redist.x86.exe
2168	VC_redist.x86.exe
868	Eac Forcer.exe
2072	Eac Forcer.exe
3476	VC_redist.x86.exe
5064	VC_redist.x86.exe
1592	VC_redist.x86.exe
4896	VC_redist.x86.exe

Loads dropped DLL 4 IoCs

Processes:

VC_redist.x86.exeVC_redist.x86.exeVC_redist.x86.exeVC_redist.x86.exe

pid process

1108 VC_redist.x86.exe
2068 VC_redist.x86.exe
5064 VC_redist.x86.exe
4896 VC_redist.x86.exe

pid	process
1108	VC_redist.x86.exe
2068	VC_redist.x86.exe
5064	VC_redist.x86.exe
4896	VC_redist.x86.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

VC_redist.x86.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{47109d57-d746-4f8b-9618-ed6a17cc922b} = "\"C:\\ProgramData\\Package Cache\\{47109d57-d746-4f8b-9618-ed6a17cc922b}\\VC_redist.x86.exe\" /burn.runonce"	VC_redist.x86.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

msiexec.exe

description	ioc	process
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe

Detected potential entity reuse from brand microsoft.
phishing microsoft

Drops file in System32 directory 49 IoCs

Processes:

msiexec.exe

description	ioc	process
File opened for modification	C:\Windows\SysWOW64\msvcp140_atomic_wait.dll	msiexec.exe
File created	C:\Windows\SysWOW64\msvcp140_1.dll	msiexec.exe
File created	C:\Windows\SysWOW64\msvcp140_atomic_wait.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc140ita.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\msvcp140_1.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc140jpn.dll	msiexec.exe
File created	C:\Windows\SysWOW64\mfc140esn.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc140cht.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\msvcp140.dll	msiexec.exe
File created	C:\Windows\SysWOW64\msvcp140_2.dll	msiexec.exe
File created	C:\Windows\SysWOW64\concrt140.dll	msiexec.exe
File created	C:\Windows\SysWOW64\msvcp140.dll	msiexec.exe
File created	C:\Windows\SysWOW64\vcamp140.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\msvcp140_2.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\concrt140.dll	msiexec.exe
File created	C:\Windows\SysWOW64\vcruntime140_threads.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc140fra.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc140kor.dll	msiexec.exe
File created	C:\Windows\SysWOW64\mfc140fra.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc140.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfcm140.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\vcomp140.dll	msiexec.exe
File created	C:\Windows\SysWOW64\mfc140deu.dll	msiexec.exe
File created	C:\Windows\SysWOW64\mfc140jpn.dll	msiexec.exe
File created	C:\Windows\SysWOW64\mfc140kor.dll	msiexec.exe
File created	C:\Windows\SysWOW64\mfcm140u.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\msvcp140_codecvt_ids.dll	msiexec.exe
File created	C:\Windows\SysWOW64\vccorlib140.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\vccorlib140.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfcm140u.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\vcruntime140.dll	msiexec.exe
File created	C:\Windows\SysWOW64\mfc140u.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc140chs.dll	msiexec.exe
File created	C:\Windows\SysWOW64\mfc140rus.dll	msiexec.exe
File created	C:\Windows\SysWOW64\vcruntime140.dll	msiexec.exe
File created	C:\Windows\SysWOW64\mfc140cht.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc140deu.dll	msiexec.exe
File created	C:\Windows\SysWOW64\mfcm140.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc140enu.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\vcamp140.dll	msiexec.exe
File created	C:\Windows\SysWOW64\vcomp140.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc140rus.dll	msiexec.exe
File created	C:\Windows\SysWOW64\mfc140.dll	msiexec.exe
File created	C:\Windows\SysWOW64\mfc140chs.dll	msiexec.exe
File created	C:\Windows\SysWOW64\mfc140ita.dll	msiexec.exe
File created	C:\Windows\SysWOW64\msvcp140_codecvt_ids.dll	msiexec.exe
File created	C:\Windows\SysWOW64\mfc140enu.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc140u.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc140esn.dll	msiexec.exe

Drops file in Windows directory 15 IoCs

Processes:

msiexec.exe

description	ioc	process
File created	C:\Windows\Installer\e590ce7.msi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{0C3457A0-3DCE-4A33-BEF0-9B528C557771}	msiexec.exe
File created	C:\Windows\Installer\e590cf8.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI1A57.tmp	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\Installer\e590cf9.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e590cf9.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI1749.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\SourceHash{5EA6C998-D5AC-4ED9-89C3-9F25B17CCD3D}	msiexec.exe
File opened for modification	C:\Windows\Installer\e590ce7.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF29.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI112E.tmp	msiexec.exe
File created	C:\Windows\Installer\e590d0e.msi	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

vssvc.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000c9712a8ab103c3e30000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000c9712a8a0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900c9712a8a000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1dc9712a8a000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000c9712a8a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 11 IoCs

Processes:

chrome.exemsiexec.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2D	msiexec.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133609040858169484"	chrome.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2B	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2c	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2C	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2d	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2e	msiexec.exe

Modifies registry class 64 IoCs

Processes:

msiexec.exechrome.exeVC_redist.x86.exeVC_redist.x86.exe

description	ioc	process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5040806F8AF9AAC49928419ED5A1D3CA\SourceList\Media	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\0A7543C0ECD333A4EB0FB925C8557717\Provider	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0A7543C0ECD333A4EB0FB925C8557717\Version = "237536274"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0A7543C0ECD333A4EB0FB925C8557717\InstanceType = "0"	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\679E80FBE29B63345BF612177149674C\SourceList\Media	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\679E80FBE29B63345BF612177149674C	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_x86,v14\Version = "14.40.33810"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\899C6AE5CA5D9DE4983CF9521BC7DCD3\Version = "237536274"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1337824034-2731376981-3755436523-1000\{230F006B-4AA0-488C-B5C6-9A231C53FA2E}	chrome.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5040806F8AF9AAC49928419ED5A1D3CA	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\0A7543C0ECD333A4EB0FB925C8557717	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0A7543C0ECD333A4EB0FB925C8557717\SourceList\PackageName = "vc_runtimeMinimum_x86.msi"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0A7543C0ECD333A4EB0FB925C8557717\Clients = 3a0000000000	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\679E80FBE29B63345BF612177149674C	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\899C6AE5CA5D9DE4983CF9521BC7DCD3\PackageCode = "56C1F3EFF13FBC94887129B2E83EB575"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x86,x86,14.40,bundle\Dependents	VC_redist.x86.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_x86,v14\DisplayName = "Microsoft Visual C++ 2022 X86 Additional Runtime - 14.40.33810"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_x86,v14	VC_redist.x86.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_x86,v14\ = "{0C3457A0-3DCE-4A33-BEF0-9B528C557771}"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_x86,v14\DisplayName = "Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.40.33810"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\899C6AE5CA5D9DE4983CF9521BC7DCD3\AdvertiseFlags = "388"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\15E8B87C56C0E773581D82F286F95E50\899C6AE5CA5D9DE4983CF9521BC7DCD3	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\899C6AE5CA5D9DE4983CF9521BC7DCD3\Clients = 3a0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\899C6AE5CA5D9DE4983CF9521BC7DCD3\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{5EA6C998-D5AC-4ED9-89C3-9F25B17CCD3D}v14.40.33810\\packages\\vcRuntimeAdditional_x86\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x86,x86,14.40,bundle\ = "{47109d57-d746-4f8b-9618-ed6a17cc922b}"	VC_redist.x86.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x86,x86,14.40,bundle\Version = "14.40.33810.0"	VC_redist.x86.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0A7543C0ECD333A4EB0FB925C8557717\DeploymentFlags = "3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0A7543C0ECD333A4EB0FB925C8557717\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{0C3457A0-3DCE-4A33-BEF0-9B528C557771}v14.40.33810\\packages\\vcRuntimeMinimum_x86\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\899C6AE5CA5D9DE4983CF9521BC7DCD3	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\899C6AE5CA5D9DE4983CF9521BC7DCD3	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\899C6AE5CA5D9DE4983CF9521BC7DCD3\Assignment = "1"	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5040806F8AF9AAC49928419ED5A1D3CA\SourceList	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0A7543C0ECD333A4EB0FB925C8557717\Language = "1033"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0A7543C0ECD333A4EB0FB925C8557717\Assignment = "1"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\899C6AE5CA5D9DE4983CF9521BC7DCD3\SourceList\Net	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\VC,redist.x86,x86,14.40,bundle	VC_redist.x86.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x86,x86,14.40,bundle\DisplayName = "Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.40.33810"	VC_redist.x86.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\60DB5E5629367203C8625813703DFCA1	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\0A7543C0ECD333A4EB0FB925C8557717\Servicing_Key	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\60DB5E5629367203C8625813703DFCA1\0A7543C0ECD333A4EB0FB925C8557717	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\15E8B87C56C0E773581D82F286F95E50	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\899C6AE5CA5D9DE4983CF9521BC7DCD3\Servicing_Key	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\899C6AE5CA5D9DE4983CF9521BC7DCD3\DeploymentFlags = "3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\899C6AE5CA5D9DE4983CF9521BC7DCD3\SourceList\Media\1 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_x86,v14\Version = "14.40.33810"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0A7543C0ECD333A4EB0FB925C8557717\PackageCode = "829638B4928B2094C8872CEC8D04BB92"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0A7543C0ECD333A4EB0FB925C8557717\SourceList\Media\1 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_x86,v14\ = "{5EA6C998-D5AC-4ED9-89C3-9F25B17CCD3D}"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\899C6AE5CA5D9DE4983CF9521BC7DCD3\VC_Runtime_Additional	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\INSTALLER\DEPENDENCIES\VC,REDIST.X86,X86,14.30,BUNDLE\DEPENDENTS\{4D8DCF8C-A72A-43E1-9833-C12724DB736E}	VC_redist.x86.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x86,x86,14.30,bundle	VC_redist.x86.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\899C6AE5CA5D9DE4983CF9521BC7DCD3\SourceList\Media	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0A7543C0ECD333A4EB0FB925C8557717\AuthorizedLUAApp = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0A7543C0ECD333A4EB0FB925C8557717\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{0C3457A0-3DCE-4A33-BEF0-9B528C557771}v14.40.33810\\packages\\vcRuntimeMinimum_x86\\"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\899C6AE5CA5D9DE4983CF9521BC7DCD3\Language = "1033"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\15E8B87C56C0E773581D82F286F95E50	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\899C6AE5CA5D9DE4983CF9521BC7DCD3\SourceList	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\INSTALLER\DEPENDENCIES\MICROSOFT.VS.VC_RUNTIMEADDITIONALVSU_X86,V14\DEPENDENTS\{4D8DCF8C-A72A-43E1-9833-C12724DB736E}	VC_redist.x86.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x86,x86,14.40,bundle\Dependents\{47109d57-d746-4f8b-9618-ed6a17cc922b}	VC_redist.x86.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5040806F8AF9AAC49928419ED5A1D3CA\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0A7543C0ECD333A4EB0FB925C8557717\ProductName = "Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.40.33810"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\60DB5E5629367203C8625813703DFCA1	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_x86,v14\Dependents\{47109d57-d746-4f8b-9618-ed6a17cc922b}	VC_redist.x86.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\679E80FBE29B63345BF612177149674C\SourceList	msiexec.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

Processes:

chrome.exemsiexec.exechrome.exe

pid	process
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
3980	msiexec.exe
3980	msiexec.exe
3980	msiexec.exe
3980	msiexec.exe
3980	msiexec.exe
3980	msiexec.exe
3980	msiexec.exe
3980	msiexec.exe
3496	chrome.exe
3496	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

Processes:

chrome.exe

pid	process
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe

Suspicious use of FindShellTrayWindow 63 IoCs

Processes:

chrome.exeVC_redist.x86.exe

pid	process
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
1108	VC_redist.x86.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

chrome.exe

pid	process
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 920 wrote to memory of 3424	920	chrome.exe	chrome.exe
PID 920 wrote to memory of 3424	920	chrome.exe	chrome.exe
PID 920 wrote to memory of 924	920	chrome.exe	chrome.exe
PID 920 wrote to memory of 924	920	chrome.exe	chrome.exe
PID 920 wrote to memory of 924	920	chrome.exe	chrome.exe
PID 920 wrote to memory of 924	920	chrome.exe	chrome.exe
PID 920 wrote to memory of 924	920	chrome.exe	chrome.exe
PID 920 wrote to memory of 924	920	chrome.exe	chrome.exe
PID 920 wrote to memory of 924	920	chrome.exe	chrome.exe
PID 920 wrote to memory of 924	920	chrome.exe	chrome.exe
PID 920 wrote to memory of 924	920	chrome.exe	chrome.exe
PID 920 wrote to memory of 924	920	chrome.exe	chrome.exe
PID 920 wrote to memory of 924	920	chrome.exe	chrome.exe
PID 920 wrote to memory of 924	920	chrome.exe	chrome.exe
PID 920 wrote to memory of 924	920	chrome.exe	chrome.exe
PID 920 wrote to memory of 924	920	chrome.exe	chrome.exe
PID 920 wrote to memory of 924	920	chrome.exe	chrome.exe
PID 920 wrote to memory of 924	920	chrome.exe	chrome.exe
PID 920 wrote to memory of 924	920	chrome.exe	chrome.exe
PID 920 wrote to memory of 924	920	chrome.exe	chrome.exe
PID 920 wrote to memory of 924	920	chrome.exe	chrome.exe
PID 920 wrote to memory of 924	920	chrome.exe	chrome.exe
PID 920 wrote to memory of 924	920	chrome.exe	chrome.exe
PID 920 wrote to memory of 924	920	chrome.exe	chrome.exe
PID 920 wrote to memory of 924	920	chrome.exe	chrome.exe
PID 920 wrote to memory of 924	920	chrome.exe	chrome.exe
PID 920 wrote to memory of 924	920	chrome.exe	chrome.exe
PID 920 wrote to memory of 924	920	chrome.exe	chrome.exe
PID 920 wrote to memory of 924	920	chrome.exe	chrome.exe
PID 920 wrote to memory of 924	920	chrome.exe	chrome.exe
PID 920 wrote to memory of 924	920	chrome.exe	chrome.exe
PID 920 wrote to memory of 924	920	chrome.exe	chrome.exe
PID 920 wrote to memory of 924	920	chrome.exe	chrome.exe
PID 920 wrote to memory of 1800	920	chrome.exe	chrome.exe
PID 920 wrote to memory of 1800	920	chrome.exe	chrome.exe
PID 920 wrote to memory of 3852	920	chrome.exe	chrome.exe
PID 920 wrote to memory of 3852	920	chrome.exe	chrome.exe
PID 920 wrote to memory of 3852	920	chrome.exe	chrome.exe
PID 920 wrote to memory of 3852	920	chrome.exe	chrome.exe
PID 920 wrote to memory of 3852	920	chrome.exe	chrome.exe
PID 920 wrote to memory of 3852	920	chrome.exe	chrome.exe
PID 920 wrote to memory of 3852	920	chrome.exe	chrome.exe
PID 920 wrote to memory of 3852	920	chrome.exe	chrome.exe
PID 920 wrote to memory of 3852	920	chrome.exe	chrome.exe
PID 920 wrote to memory of 3852	920	chrome.exe	chrome.exe
PID 920 wrote to memory of 3852	920	chrome.exe	chrome.exe
PID 920 wrote to memory of 3852	920	chrome.exe	chrome.exe
PID 920 wrote to memory of 3852	920	chrome.exe	chrome.exe
PID 920 wrote to memory of 3852	920	chrome.exe	chrome.exe
PID 920 wrote to memory of 3852	920	chrome.exe	chrome.exe
PID 920 wrote to memory of 3852	920	chrome.exe	chrome.exe
PID 920 wrote to memory of 3852	920	chrome.exe	chrome.exe
PID 920 wrote to memory of 3852	920	chrome.exe	chrome.exe
PID 920 wrote to memory of 3852	920	chrome.exe	chrome.exe
PID 920 wrote to memory of 3852	920	chrome.exe	chrome.exe
PID 920 wrote to memory of 3852	920	chrome.exe	chrome.exe
PID 920 wrote to memory of 3852	920	chrome.exe	chrome.exe
PID 920 wrote to memory of 3852	920	chrome.exe	chrome.exe
PID 920 wrote to memory of 3852	920	chrome.exe	chrome.exe
PID 920 wrote to memory of 3852	920	chrome.exe	chrome.exe
PID 920 wrote to memory of 3852	920	chrome.exe	chrome.exe
PID 920 wrote to memory of 3852	920	chrome.exe	chrome.exe
PID 920 wrote to memory of 3852	920	chrome.exe	chrome.exe
PID 920 wrote to memory of 3852	920	chrome.exe	chrome.exe

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\Eac Forcer.exe
"C:\Users\Admin\AppData\Local\Temp\Eac Forcer.exe"
1⤵
PID:4416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe576eab58,0x7ffe576eab68,0x7ffe576eab78
2⤵
PID:3424

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1884,i,10544850780376214193,4513866307471255906,131072 /prefetch:2
2⤵
PID:924

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1884,i,10544850780376214193,4513866307471255906,131072 /prefetch:8
2⤵
PID:1800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2216 --field-trial-handle=1884,i,10544850780376214193,4513866307471255906,131072 /prefetch:8
2⤵
PID:3852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2996 --field-trial-handle=1884,i,10544850780376214193,4513866307471255906,131072 /prefetch:1
2⤵
PID:1108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3024 --field-trial-handle=1884,i,10544850780376214193,4513866307471255906,131072 /prefetch:1
2⤵
PID:4804

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4292 --field-trial-handle=1884,i,10544850780376214193,4513866307471255906,131072 /prefetch:8
2⤵
PID:5076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4424 --field-trial-handle=1884,i,10544850780376214193,4513866307471255906,131072 /prefetch:1
2⤵
PID:2204

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4608 --field-trial-handle=1884,i,10544850780376214193,4513866307471255906,131072 /prefetch:8
2⤵
PID:4604

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4752 --field-trial-handle=1884,i,10544850780376214193,4513866307471255906,131072 /prefetch:8
2⤵
PID:1136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4896 --field-trial-handle=1884,i,10544850780376214193,4513866307471255906,131072 /prefetch:8
2⤵
PID:2964

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4636 --field-trial-handle=1884,i,10544850780376214193,4513866307471255906,131072 /prefetch:8
2⤵
PID:1188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 --field-trial-handle=1884,i,10544850780376214193,4513866307471255906,131072 /prefetch:8
2⤵
PID:2972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4696 --field-trial-handle=1884,i,10544850780376214193,4513866307471255906,131072 /prefetch:8
2⤵
PID:1172

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4200 --field-trial-handle=1884,i,10544850780376214193,4513866307471255906,131072 /prefetch:1
2⤵
PID:1532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4864 --field-trial-handle=1884,i,10544850780376214193,4513866307471255906,131072 /prefetch:1
2⤵
PID:1188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3472 --field-trial-handle=1884,i,10544850780376214193,4513866307471255906,131072 /prefetch:1
2⤵
PID:2204

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3380 --field-trial-handle=1884,i,10544850780376214193,4513866307471255906,131072 /prefetch:8
2⤵
PID:2972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4468 --field-trial-handle=1884,i,10544850780376214193,4513866307471255906,131072 /prefetch:8
2⤵
PID:2700

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4628 --field-trial-handle=1884,i,10544850780376214193,4513866307471255906,131072 /prefetch:8
2⤵
PID:2168

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4552 --field-trial-handle=1884,i,10544850780376214193,4513866307471255906,131072 /prefetch:1
2⤵
PID:2840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4124 --field-trial-handle=1884,i,10544850780376214193,4513866307471255906,131072 /prefetch:8
2⤵
PID:2404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5136 --field-trial-handle=1884,i,10544850780376214193,4513866307471255906,131072 /prefetch:8
2⤵
PID:64

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2524 --field-trial-handle=1884,i,10544850780376214193,4513866307471255906,131072 /prefetch:8
2⤵
PID:4804

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2688 --field-trial-handle=1884,i,10544850780376214193,4513866307471255906,131072 /prefetch:8
2⤵
PID:4892

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4676 --field-trial-handle=1884,i,10544850780376214193,4513866307471255906,131072 /prefetch:8
2⤵
PID:1592

C:\Users\Admin\Downloads\Eac Forcer.exe
"C:\Users\Admin\Downloads\Eac Forcer.exe"
2⤵
- Executes dropped EXE
PID:4348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=3148 --field-trial-handle=1884,i,10544850780376214193,4513866307471255906,131072 /prefetch:1
2⤵
PID:2740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5448 --field-trial-handle=1884,i,10544850780376214193,4513866307471255906,131072 /prefetch:8
2⤵
PID:3932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3392 --field-trial-handle=1884,i,10544850780376214193,4513866307471255906,131072 /prefetch:8
2⤵
PID:3596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=5480 --field-trial-handle=1884,i,10544850780376214193,4513866307471255906,131072 /prefetch:1
2⤵
PID:4916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2576 --field-trial-handle=1884,i,10544850780376214193,4513866307471255906,131072 /prefetch:8
2⤵
PID:3624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1664 --field-trial-handle=1884,i,10544850780376214193,4513866307471255906,131072 /prefetch:8
2⤵
PID:4892

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=5892 --field-trial-handle=1884,i,10544850780376214193,4513866307471255906,131072 /prefetch:1
2⤵
PID:4920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3024 --field-trial-handle=1884,i,10544850780376214193,4513866307471255906,131072 /prefetch:8
2⤵
PID:1036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=5904 --field-trial-handle=1884,i,10544850780376214193,4513866307471255906,131072 /prefetch:1
2⤵
PID:2368

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2572 --field-trial-handle=1884,i,10544850780376214193,4513866307471255906,131072 /prefetch:8
2⤵
PID:4664

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5912 --field-trial-handle=1884,i,10544850780376214193,4513866307471255906,131072 /prefetch:8
2⤵
- Modifies registry class
PID:3404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=3024 --field-trial-handle=1884,i,10544850780376214193,4513866307471255906,131072 /prefetch:1
2⤵
PID:4828

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=6132 --field-trial-handle=1884,i,10544850780376214193,4513866307471255906,131072 /prefetch:1
2⤵
PID:2308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5632 --field-trial-handle=1884,i,10544850780376214193,4513866307471255906,131072 /prefetch:8
2⤵
PID:2532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5180 --field-trial-handle=1884,i,10544850780376214193,4513866307471255906,131072 /prefetch:8
2⤵
PID:4764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 --field-trial-handle=1884,i,10544850780376214193,4513866307471255906,131072 /prefetch:8
2⤵
PID:4352

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2524 --field-trial-handle=1884,i,10544850780376214193,4513866307471255906,131072 /prefetch:8
2⤵
PID:3292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4820 --field-trial-handle=1884,i,10544850780376214193,4513866307471255906,131072 /prefetch:8
2⤵
PID:3740

C:\Users\Admin\Downloads\VC_redist.x86.exe
"C:\Users\Admin\Downloads\VC_redist.x86.exe"
2⤵
- Executes dropped EXE
PID:436

C:\Windows\Temp\{107AF57D-68CA-4BF2-8F98-91DB1F722AAC}\.cr\VC_redist.x86.exe
"C:\Windows\Temp\{107AF57D-68CA-4BF2-8F98-91DB1F722AAC}\.cr\VC_redist.x86.exe" -burn.clean.room="C:\Users\Admin\Downloads\VC_redist.x86.exe" -burn.filehandle.attached=536 -burn.filehandle.self=532
3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
PID:1108

C:\Windows\Temp\{7DFF2B42-D630-4750-9608-F84A11F1E18F}\.be\VC_redist.x86.exe
"C:\Windows\Temp\{7DFF2B42-D630-4750-9608-F84A11F1E18F}\.be\VC_redist.x86.exe" -q -burn.elevated BurnPipe.{39A15401-40CD-4573-BDA7-F3862C496E78} {1895B93B-3228-4E04-A7F1-358EC7B1ED73} 1108
4⤵
- Executes dropped EXE
- Adds Run key to start application
- Modifies registry class
PID:2168

C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe
"C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={47109d57-d746-4f8b-9618-ed6a17cc922b} -burn.filehandle.self=980 -burn.embedded BurnPipe.{EDFE79A3-2B48-4CA9-B161-058F7EF432F2} {52B0C1BD-8A82-4DD1-8924-3C2711EDC3F7} 2168
5⤵
PID:1196

C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe
"C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe" -burn.clean.room="C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe" -burn.filehandle.attached=516 -burn.filehandle.self=536 -uninstall -quiet -burn.related.upgrade -burn.ancestors={47109d57-d746-4f8b-9618-ed6a17cc922b} -burn.filehandle.self=980 -burn.embedded BurnPipe.{EDFE79A3-2B48-4CA9-B161-058F7EF432F2} {52B0C1BD-8A82-4DD1-8924-3C2711EDC3F7} 2168
6⤵
- Loads dropped DLL
PID:2068

C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe
"C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe" -q -burn.elevated BurnPipe.{B86A6596-F5FE-4385-986B-5BD761C6546D} {B9251BA9-E1D3-450C-9007-58545DE40DC6} 2068
7⤵
- Modifies registry class
PID:952

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5264 --field-trial-handle=1884,i,10544850780376214193,4513866307471255906,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3496

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=1560 --field-trial-handle=1884,i,10544850780376214193,4513866307471255906,131072 /prefetch:1
2⤵
PID:1696

C:\Users\Admin\Downloads\Eac Forcer.exe
"C:\Users\Admin\Downloads\Eac Forcer.exe"
2⤵
- Executes dropped EXE
PID:868

C:\Users\Admin\Downloads\Eac Forcer.exe
"C:\Users\Admin\Downloads\Eac Forcer.exe"
2⤵
- Executes dropped EXE
PID:2072

C:\Users\Admin\Downloads\VC_redist.x86.exe
"C:\Users\Admin\Downloads\VC_redist.x86.exe"
2⤵
- Executes dropped EXE
PID:3476

C:\Windows\Temp\{8F784107-B9D6-4B3B-9D9A-5459E3940B7C}\.cr\VC_redist.x86.exe
"C:\Windows\Temp\{8F784107-B9D6-4B3B-9D9A-5459E3940B7C}\.cr\VC_redist.x86.exe" -burn.clean.room="C:\Users\Admin\Downloads\VC_redist.x86.exe" -burn.filehandle.attached=540 -burn.filehandle.self=648
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5064

C:\Users\Admin\Downloads\VC_redist.x86.exe
"C:\Users\Admin\Downloads\VC_redist.x86.exe"
2⤵
- Executes dropped EXE
PID:1592

C:\Windows\Temp\{3DF376F8-942D-45C9-84C2-13E869E8F101}\.cr\VC_redist.x86.exe
"C:\Windows\Temp\{3DF376F8-942D-45C9-84C2-13E869E8F101}\.cr\VC_redist.x86.exe" -burn.clean.room="C:\Users\Admin\Downloads\VC_redist.x86.exe" -burn.filehandle.attached=692 -burn.filehandle.self=696
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4896

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1112

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
PID:3336

C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
1⤵
PID:2508

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:3980

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e590cec.rbs
Filesize
16KB

MD5
7b5b5d00889e46df0db09ff86f17b2db

SHA1
fa65a73623fe385902bf61b05d5e1e23b85a6c77

SHA256
487e398c637e0784e3d4446723d2421d0698a25a7315b628690c6c5bf2f866b3

SHA512
a2b0ca9ebdef8481b29f999bb3ebe3359182f6d67725b4b6372f85cac9a5d0225c29e63a94e670bb4a5e7d7faa1af1b415624638c35b5e24ed27d894a859b1f6

Download Submit
C:\Config.Msi\e590cf1.rbs
Filesize
18KB

MD5
0f9180cf482cb560631eb29667a8c0c0

SHA1
b96a825abccdc34a08f1b416d18d96380f7da80a

SHA256
c95732f898389cdfe1bf7f39d109135b24541b3de96205e08e2b68df08b3ce95

SHA512
3af34d976995a6b12c0c477f0601f62722b4fd7fd03e07b00ae6e73f07e129adc88494f0e3db977664fcf0728eedfe8687856343526e8fc2755ead52d5d514f7

Download Submit
C:\Config.Msi\e590cfe.rbs
Filesize
20KB

MD5
9c49602a9e6ea137976d6d5631c98a67

SHA1
bcd282666393ee190da3093872acd7ec2dc8b1f4

SHA256
278389496c658b4db7cac61db59c4bd9db332783c652ca3fbbc6b11d1659e872

SHA512
bca5ff1e32e6b145f7ef53256fec126ccb421ca29dbb59db24469e3c18de27ed259e8ba8a8972d00bf249e9943813de29c7621045f91b8b526fef5be37bf73a3

Download Submit
C:\Config.Msi\e590d0d.rbs
Filesize
19KB

MD5
b3a5e5a9d40ae18dd1d0fd590ce309a0

SHA1
fbecee63ceaa78c1e411937899374a9d5a210278

SHA256
ca935f3d20519ceec0f01cf509a13a217888b921b41b1b98ac6dd359a3cc61d5

SHA512
d78816355f93b5d967261e4370c6f10356d27f04c53948f4446f80387196136edb4a982928ad059483aa98cb7644849b3f2147efbcd0c757239bf06e981f833c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
432B

MD5
f40fd9a9a655af6515149cf8e72e2382

SHA1
bb0543959a3801eb778976928e7f914a55bb0082

SHA256
ff1e0141ccfa3e4a7ee43e3a90dd35d73d38adab0dd5e35f2b856f5f19742a51

SHA512
f7a235f4ebea086213f34e02f5f47879e157fd8428ef6d0e68a151751b05720b04ebddeb118ac4678ee617e6c0ea1c3a4fb23caa840d961e287e7812d5b6cf71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
d61032e44a37455aa3f041f8dee860bf

SHA1
e4ef458d6343c4daaa6ed806ce3b164a374c9b57

SHA256
2f4fecf7bdc586724eaffd9761b50353e2a582d88be14225cf33b9a565237d73

SHA512
9e0ebdb6416150637084baf0c905fd9175f46dc6f1567762f5a0a7c09fd939f01e78c5d98d30965c2ca40708a2d94609fd81774443e3a14b23e69430a5887d44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
f3fddbc6655084b3929e354bddd8dc79

SHA1
3586cdd115b968e17f1ae0c50acff52cd66c16eb

SHA256
ee0d91f12896c621a5197cf456cfe767cfa0da7a9a9ff6427d96602a90b3868a

SHA512
84ae90b04b7f24829552f21b5e89a9436969702a52e2271063765880d3ed497484b0d73871dab7f616129d08378f3af3b4354f28da49a5990b69bddb5dca0ac9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
1b6b3d33e967e0df231800edfc68e449

SHA1
f485382990c43889239bfd5b908697d7526d056a

SHA256
e377ac219be5ab722c4a4bf0dcddc8f36912ef77d0204f62dfe1355f1556304b

SHA512
5d8495ad197c4489ac6b7ff852c6a1e25ab16c19e101d3e0a2a8e614ccad3c4f6bb0321d6ec9e0a05f478d208dc74c0c9daebc77980bf75700c70b4ca649b6e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
70d17b1530180582fea53fac056f918f

SHA1
d354d1cecfdc8f5910e2549dd1139f3e8c3cfb88

SHA256
5a40686d0a9338351bf8a631febf84d311b34ff8cd7da064d0d040147250531b

SHA512
b2629e42dfea4efd1e2305e6573c804cead7e67de065d556edcb4388f2ff744269cc7e5799e0596f2c8319b9767fed4243c05bef892e069c286940f56d5f77a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
690B

MD5
86e2efd595026d05d9b306266448a92b

SHA1
d34454463b9bff883a334f7936ccba9b66f74b8a

SHA256
2fce74025bd6c37adf155e23d4f9df40fb81665ee7690d4395f132c7718cbf7d

SHA512
a8e401751b207cf7d57ba13608254ef3305b7de3f3523c111381f3d75f98e5aa746a3c5ba821e8535a52fb2c72c3efa6eace719d9d7138797b7d2e7b721dc356

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
3ccebca7ab6556402891b9fe0fe806c5

SHA1
7d6aa6fa67b7d340525e3de72d434f61e1d45dab

SHA256
9d4262cee375074d37c2b11876ceb575601b5cad32c1fd617c4ab479796ef6e6

SHA512
61133d292c82e2a94443b46483e31a028aaaffdd248313ec9236b9c842484ded6c7162ff519c7a90423cbb4c140dde0beef52b720104de54d59ad2001f781d4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
b278a87ca81f6595ca839c37a8891bb8

SHA1
f0d4fe72e3798e3d0eb08a7003caad88b82d782b

SHA256
1582dd36433c72b1237037b330b7069ef48b10c36c1fd5bb6ca2d45e5b76861d

SHA512
1c19cb4cf4e500769d27250a69c4bad0cd6ae7e99fb7fcab2e8574d2ff7899b79e9fae938b7b644f5762d7518f3103ad16e4737dba0ffb2972a76ffb6f04fb21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
7efe88f732536b0fc34d4b010cd03fa1

SHA1
c708d11655c0bf0c09a3e85609d186bbc7223b1f

SHA256
e5bc89c83d4d870f8ada757714bf078242fdd1c2f8098c227c1533bd7dba65d4

SHA512
2c55689d1a1b1664504d91e3ff897fc8416e4f9efa92dd33b20e756cc993333dbaedea1a95094d5b53c7bab7d9c925481e063bc2725a581c10e43a84d3b2a279

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
d50b71797165e27bb0e845f552cd354f

SHA1
f4fcf92ed8238e7b99ddec03fdb175dcaa54930a

SHA256
a6066a83c5b33da058efc69d10f749e7b52767a4c19005d15ed2081e6776af6c

SHA512
1ce1cda7905aceacdc5c53e67a9872e74ddd449c544679f691db613a2860151eb286d03d3c6f79c82b32a562eedc09efc062f870995a7906f177526f3f4d4779

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
857B

MD5
8e736d106da87c87a023617bd548326e

SHA1
d54fc38aee05b0b0315e9766543a81f460e7923d

SHA256
3c49fd48fa65594dafcd28f801dccc3aa0198b1d9972b8983c5020596f7f3865

SHA512
8cfffb73270cd3af61340344df36e69cd9ebec5b4835cb16393f2ebd147477ace4d8203d34aeee37632bd991289c880abbffd3fa69bca2f3b91d0973204af7df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
31d5699eeb0bf78cc6fea3638144d95e

SHA1
24c75e35d4c409dffa41dcf7779bb678d2b51c0b

SHA256
9b7d8a4abc2c65c6b572554453b0f76c37841580998e507d973ca7fb5e316ff4

SHA512
3fe45a807c7f22ba9ff5ca7682929e1f4b7a0ac6a600ad43e3b6fabd1668d3aac90ecb47a0acc65910dbd12ba64aeab868fedd5b0dd0217f372efa8d45a52979

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
3c7d0fe2ec946d03ff77fcd9e74a0f85

SHA1
c95c9570ed5a5d4022137a192f9fa0b039d51223

SHA256
c23864df4b0ef4e235166ecf072089bc2f04a72e69d126e78e73d924e3ca4f40

SHA512
5b67ac98422cc03ceea7a25616c9382ac9fb0c517d2e14c0a69a24e4a962ed7bb674f378d5d144d3f498e4a67a113c3c798b7e043cd3541c5fb900ff43a1a0b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
a78480d9fcb6741b7575aff2bd139a3d

SHA1
346ae2e4435991f0cd6c33cd312114d68d039abb

SHA256
7d691acdfac1af3ad0c33093c2b92bcabb1112b29a6cf4786c539ec084943c80

SHA512
d264a063a78fab00ffc1d3b17b25971825137f4acee728011d8c6cd8bf199e750a29431db034b69cc9d639fccfcfdfb5f641e2d006ead3c430487198edd52b56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
d1c2a2289bbca64a16b4473e42ed29b5

SHA1
8ba9736fdfc391191200662866bd197047d07eaf

SHA256
1bfdc42a62f2933715d0320cc1db2e3ec2d7499958b161bca31dc020969c69b2

SHA512
b3b698a8f0d612d381e33c14b7baab9098fdf15de9c301009fbcfcdcdbf2e8488f9d85af80314ccab70124a58cf028ff2e98d0cdc5eeed2379d391498fb0a719

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
e3766e99cc60f2b4b3b564bd2b9d84d5

SHA1
63efefe94e51616e37bc0f1f18f161adc527ac09

SHA256
a25d71975a2cb3d459bdba800f282934088d79cc7e8cf49d69669191ec592603

SHA512
51256d74f4cdce54d16ea87e7f55cd7f44015cf1d794c64dc847b8f5d79529c9d1eba221f19ab2eb23918525fd15853e55b60caa829ac4404bc32635c2298764

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
b40b860fa17e16b9ca806dd149b4522a

SHA1
91e717b719936f3cb9a3553e679df0f0fe1734fe

SHA256
9895c405f97d46c366d9c608524e4530ab49496c0b480f59060b7b2e2d3a755b

SHA512
8062ac56cc59dbdb0adfdfc8b6338b821db85ecb503313778da1dae6b2d9993042b2a9717bdc131532642d35930f881d600ce804c4ab198375ebec180013d5e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
abb9c65efd4ff5fa4c710db20ffbde18

SHA1
f4632cb0b7dcae103d1f31efd9200d8fa8bb959e

SHA256
72e8c99d3e2e21df3d6db8b1e96bf6fb2d20d089dbeb335af7e512f8f04ee557

SHA512
36bc2f35ec252f655cc5c078a0bbfd7b5753187a6ef6231e59977b7649f9a21da1df45b3a7000ad3749495b88d3eb19cdecc858a5f5c052df202d8d9c8fa33d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
16KB

MD5
49a9ef4b4df02dc402145ed62093cc26

SHA1
35e4430ded857f74cb69f988531cd2aa36e4db9d

SHA256
522b10e308a392026bb40ec74dd343d71747e5528bf0993a4763434c694ad010

SHA512
edf6afefd3676952a9ca23d86501f1420e955fe0e960ed11247f2d266db2943e407c0929382283d52df35dda016bbbc659e238109cbeae1d4d111116a7e846aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
262KB

MD5
84b5cfa9af933c20785291910c949897

SHA1
c6264a51034010a331adb42f793fdfd0413ab545

SHA256
97f0931dd0204f1391fbbf3e553567f3f0794e544aa1ba606a2fdf50262810e6

SHA512
2d93ebb0cee3b50aa29f56a9324e3d124b680b65ca4f100a59c78e7a69dc1b34ce6a49a603325d3c521e30169f551da39b561d2f3fcdbddee3619aedb6397c3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
262KB

MD5
116ab0a941a7c26ae16a7ec0d75b341f

SHA1
fc85fe647910a9074abf4d4a2229ebc8691ebc9c

SHA256
d4edfccee8d9bece023ec18fb6e969ac745d8c7fd99030f1fe0a3b0f6bbeac46

SHA512
157bf2615a05ff9a911e5ca02aa0c230cf4c068c26a75fd05f1e7e027a2a77f67176760027089b1af3df49076b6ad81f45d893e86eff1785b3ce05668f097db7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
257KB

MD5
78228a6fb7805b4c18b1972767c3962a

SHA1
4994fb0255f80fb9f86a8ee289c31705b85d857c

SHA256
64974f23c97d567a7e6da7d36b6d86aa3321e69b75fbcbc8ee7f97e0eac32786

SHA512
5b82c7e7c96e3df73148c82dd04035889536e6628a86783ee2381b28e03ac3341d59f278962b7d88a5c31b197bec799894db72706ddd363a73ffef01862bd722

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
282KB

MD5
bf2971a6098632e442984f585d5cfc66

SHA1
1c14a1878f3ef9c55e382d80c031fc4424f6d6c1

SHA256
cfbcce1ce40db130bd6dd5dc26013b53c2b7edb56af296369640e718d82ee706

SHA512
8ac0ee7afb3d9c3c819c30b8268d5a8aaa9e6fe243817151cceeb714463a7a705cff3189a5a4147612de1d0ec96b66cb91ee0a1a9bd1f7428285bf7bb65be735

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
262KB

MD5
8082b4cd0e9ce303d10fa54494ac7989

SHA1
c24e2139abe3f04fe47b21cf08973b67d3070323

SHA256
fef19e1813846cfdf79f919c91f8058f700a4adac90c3d04cf0822215da3394f

SHA512
7e596e3c8489172cabb75befa2c0d7202ac2459a12354ffc035105ab745baf31888286cb8c1897b2dec340ac41f5d94013ba66842629baaf3ef30232fc3c8a0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
262KB

MD5
68d892d718b0e1fc9505e600ba8a3da0

SHA1
a76092f2e9cc2061ffdb1cf9ee94beaae8c318af

SHA256
f115a95827dc0294c6d618004304dde0c093af24453906ece15c6c811cba5aff

SHA512
0c12f5ef1fd62707757db7faea56fa2775716d39184a4dad00941f500df803d7d169d8dcfdb6cb5bdabd5dc9994c17fcd0d72678d6dfc4a65cad509c8e120ea6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
104KB

MD5
0904b305e38a7bdd8dd7ded5583bd51f

SHA1
4df01f2ddc132339d47ab4a5aa9e25cc1d1811ad

SHA256
ea592ba2473dc52c2939338fd53dd91214b40197e3e2cb546acc62504511bcc0

SHA512
26cc8d2a3f9227560162b83785cc0215cd43dc32642af475f01a1a7ab524510d0391d316d5d63b60edb8b1017016bb7097de47f3de70061ef0abfc3fe3fe56fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
111KB

MD5
9b2ad7ad2360c365ffed891ea9648fee

SHA1
8677275f09997f60d7840cdefe46e85e6cf3d1a4

SHA256
5a2cce78a8e289c9ae72729838be0e3e96f30c3f83260432867b2a3c262f1f0c

SHA512
5422fbcbf114f8ed2f30a58f5db37e7b14c4e30761dde497776030e999288595f6457c9aa79db86651cb72d4859eccce20e8285e12923a130da4397677a3949a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe581d86.TMP
Filesize
88KB

MD5
0f44f02779911d5b4f867fdf80310e0f

SHA1
fd93cd44f04156b6c3257f9eecf8813f198725ff

SHA256
d02afc67082abfda5e70e08dfada4dae2cc8fe3e19100d5a51749bce37a988c0

SHA512
d895faba4d55732c269ba9918ce88d358164fc372ee2da2df74cbdaa5a21f3149c50a9e34ddd3ce151b1919fd3a84f9638bce67a0671581f96722a56f5df0cee

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_vcredist_x86_20240523021613_000_vcRuntimeMinimum_x86.log
Filesize
4KB

MD5
588b666a0201febf13d20c583c23a736

SHA1
3afab94fb06d3d51baee3ea41923080938a4c30c

SHA256
68290f31cc518a599bdeb621cafde7beaf3d5dd995363164f695ac6398f2d360

SHA512
c125602b42b9e050748b3c046498041b4229afd51ea3f89d3200ff301cb18e40219326b7e4c8c0bb505517f1cde70bbdd17ffb47baf0bd9481a177e90f2f85a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_vcredist_x86_20240523021613_001_vcRuntimeAdditional_x86.log
Filesize
2KB

MD5
e24fe7c1d205a20b0b8c56ba7189747b

SHA1
ae208b1dafc893cce13e6faf8caa74bf839d9c18

SHA256
4c0c58252ed8b9b93e8cc170bef3ec58bc542cdf03b31b22d2fade181a91db62

SHA512
72354b902ee93498861ccde33ff8090f8cfb18bbae4fb217426743c3f5ee9c60676d7e05defd0331199bb44cbc86afff731f666c491a3b195642b5a87108d5c7

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 439837.crdownload
Filesize
105KB

MD5
9d38c8fbe7254ab161071e3900da36ad

SHA1
0da5905b5077f23a4bc44570f0a1a18bed45391d

SHA256
3afb601c88f3d5751f57c6478cb2af1211dc02d3b7f76d31936722f5d7c385f2

SHA512
de9d5b8bdbaf015bdca126155a351950c382d9767b90b9e263f71582ed9935179d83456f4628145c3a45ae1533db7856617c14cf7a47303ef9a4a6aed3ec002d

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 464295.crdownload
Filesize
13.2MB

MD5
8457542fd4be74cb2c3a92b3386ae8e9

SHA1
198722b4f5fc62721910569d9d926dce22730c22

SHA256
a32dd41eaab0c5e1eaa78be3c0bb73b48593de8d97a7510b97de3fd993538600

SHA512
91a6283f774f9e2338b65aa835156854e9e76aed32f821b13cfd070dd6c87e1542ce2d5845beb5e4af1ddb102314bb6e0ad6214d896bb3e387590a01eae0c182

Download Submit
C:\Windows\Temp\{107AF57D-68CA-4BF2-8F98-91DB1F722AAC}\.cr\VC_redist.x86.exe
Filesize
634KB

MD5
337b547d2771fdad56de13ac94e6b528

SHA1
3aeecc5933e7d8977e7a3623e8e44d4c3d0b4286

SHA256
81873c2f6c8bc4acaad66423a1b4d90e70214e59710ea7f11c8aeb069acd4cd0

SHA512
0d0102fafb7f471a6836708d81952f2c90c2b126ad1b575f2e2e996540c99f7275ebd1f570cafcc945d26700debb1e86b19b090ae5cdec2326dd0a6a918b7a36

Download Submit
C:\Windows\Temp\{6DFBB33E-05F3-42B5-8E67-81860850E935}\.ba\license.rtf
Filesize
9KB

MD5
04b33f0a9081c10e85d0e495a1294f83

SHA1
1efe2fb2d014a731b752672745f9ffecdd716412

SHA256
8099dc3cf9502c335da829e5c755948a12e3e6de490eb492a99deb673d883d8b

SHA512
d1dbed00df921169dd61501e2a3e95e6d7807348b188be9dd8fc63423501e4d848ece19ac466c3cacfccc6084e0eb2f457dc957990f6f511df10fd426e432685

Download Submit
C:\Windows\Temp\{6DFBB33E-05F3-42B5-8E67-81860850E935}\.ba\thm.wxl
Filesize
2KB

MD5
fbfcbc4dacc566a3c426f43ce10907b6

SHA1
63c45f9a771161740e100faf710f30eed017d723

SHA256
70400f181d00e1769774ff36bcd8b1ab5fbc431418067d31b876d18cc04ef4ce

SHA512
063fb6685ee8d2fa57863a74d66a83c819fe848ba3072b6e7d1b4fe397a9b24a1037183bb2fda776033c0936be83888a6456aae947e240521e2ab75d984ee35e

Download Submit
C:\Windows\Temp\{6DFBB33E-05F3-42B5-8E67-81860850E935}\.ba\thm.xml
Filesize
8KB

MD5
f62729c6d2540015e072514226c121c7

SHA1
c1e189d693f41ac2eafcc363f7890fc0fea6979c

SHA256
f13bae0ec08c91b4a315bb2d86ee48fade597e7a5440dce6f751f98a3a4d6916

SHA512
cbbfbfa7e013a2b85b78d71d32fdf65323534816978e7544ca6cea5286a0f6e8e7e5ffc4c538200211f11b94373d5658732d5d8aa1d01f9ccfdbf20f154f1471

Download Submit
C:\Windows\Temp\{7DFF2B42-D630-4750-9608-F84A11F1E18F}\.ba\logo.png
Filesize
1KB

MD5
d6bd210f227442b3362493d046cea233

SHA1
ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

SHA256
335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

SHA512
464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

Download Submit
C:\Windows\Temp\{7DFF2B42-D630-4750-9608-F84A11F1E18F}\.ba\wixstdba.dll
Filesize
191KB

MD5
eab9caf4277829abdf6223ec1efa0edd

SHA1
74862ecf349a9bedd32699f2a7a4e00b4727543d

SHA256
a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041

SHA512
45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

Download Submit
C:\Windows\Temp\{7DFF2B42-D630-4750-9608-F84A11F1E18F}\cab54A5CABBE7274D8A22EB58060AAB7623
Filesize
822KB

MD5
25bd21af44d3968a692e9b8a85f5c11d

SHA1
d805d1624553199529a82151f23a1330ac596888

SHA256
f4576ef2e843c282d2a932f7c55d71cc3fcbb35b0a17a0a640eb5f21731cc809

SHA512
ed3660183bf4e0d39e4f43a643007afc143b1d4ec0b45f0fdce28d8e896f646ec24a2a7a5429e8b10f4379cb4ffd1572adba10fc426990d05c0cafefdd87a4fb

Download Submit
C:\Windows\Temp\{7DFF2B42-D630-4750-9608-F84A11F1E18F}\cabB3E1576D1FEFBB979E13B1A5379E0B16
Filesize
4.9MB

MD5
3a7979fbe74502ddc0a9087ee9ca0bdf

SHA1
3c63238363807c2f254163769d0a582528e115af

SHA256
7327d37634cc8e966342f478168b8850bea36a126d002c38c7438a7bd557c4ca

SHA512
6435db0f210ad317f4cd00bb3300eb41fb86649f7a0e3a05e0f64f8d0163ab53dbdb3c98f99a15102ce09fcd437a148347bab7bfd4afe4c90ff2ea05bb4febff

Download Submit
C:\Windows\Temp\{7DFF2B42-D630-4750-9608-F84A11F1E18F}\vcRuntimeAdditional_x86
Filesize
180KB

MD5
2ba51e907b5ee6b2aef6dfe5914ae3e3

SHA1
6cc2c49734bf9965fe0f3977705a417ed8548718

SHA256
be137dc2b1ec7e85ae7a003a09537d3706605e34059361404ea3110874895e3a

SHA512
e3ba5aa8f366e3b1a92d8258daa74f327248fb21f168b7472b035f8d38f549f5f556eb9093eb8483ca51b78e9a77ee6e5b6e52378381cce50918d81e8e982d47

Download Submit
C:\Windows\Temp\{7DFF2B42-D630-4750-9608-F84A11F1E18F}\vcRuntimeMinimum_x86
Filesize
180KB

MD5
828f217e9513cfff708ffe62d238cfc5

SHA1
9fb65d4edb892bf940399d5fd6ae3a4b15c2e4ba

SHA256
a2ad58d741be5d40af708e15bf0dd5e488187bf28f0b699d391a9ef96f899886

SHA512
ffc72b92f1431bbd07889e28b55d14ea11f8401e2d0b180e43a898914209893941affacc0a4ea34eeefc9b0ca4bc84a3045591cd98aae6bdb11ae831dc6bb121

Download Submit
C:\Windows\Temp\{8E997EFD-C47A-4CAB-8223-BAD412FCDC78}\.ba\BootstrapperApplicationData.xml
Filesize
12KB

MD5
2df83359a1ed20a4630b2c445b60f047

SHA1
89a5147a212d797b9ba11596ce528f7d0f07597c

SHA256
d9b920b7d734890da5b5c830875a8a47dcdda0027222d0169ba68db769071ded

SHA512
c6446a4abc56e1b35206501843c6a029c313ae6d20e26831a9bcc643d6cbf0336644db9d4c569bd66be2ab4ebf0753d3808b1b8f965c06023a889b934185678a

Download Submit
\??\pipe\crashpad_920_ASFEREUJAIUASVAK
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/868-788-0x00007FF65C790000-0x00007FF65C7C0000-memory.dmp

Filesize
192KB

Download
memory/952-686-0x0000000000510000-0x0000000000587000-memory.dmp

Filesize
476KB

Download
memory/1196-724-0x0000000000510000-0x0000000000587000-memory.dmp

Filesize
476KB

Download
memory/2068-723-0x0000000000510000-0x0000000000587000-memory.dmp

Filesize
476KB

Download
memory/2072-790-0x00007FF65C790000-0x00007FF65C7C0000-memory.dmp

Filesize
192KB

Download
memory/4348-195-0x00007FF65C790000-0x00007FF65C7C0000-memory.dmp

Filesize
192KB

Download
memory/4416-0-0x00007FF788F30000-0x00007FF788F60000-memory.dmp

Filesize
192KB

Download