Analysis

  • max time kernel
    55s
  • max time network
    48s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240426-en
  • resource tags

    arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    03-06-2024 10:03

General

  • Target

    https://cdn.discordapp.com/attachments/1202749812177510402/1247126849788575804/processhacker-2.39-setup.exe?ex=665ee4e3&is=665d9363&hm=c3045153ddc105ecd5a5ff001acd83f0237bf0e7abe480b96e385a8a8fe3faca&

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 12 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Drops file in Program Files directory 42 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 50 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cdn.discordapp.com/attachments/1202749812177510402/1247126849788575804/processhacker-2.39-setup.exe?ex=665ee4e3&is=665d9363&hm=c3045153ddc105ecd5a5ff001acd83f0237bf0e7abe480b96e385a8a8fe3faca&
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1376
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff1f9dab58,0x7fff1f9dab68,0x7fff1f9dab78
      2⤵
        PID:3524
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=1824,i,14526386916363868515,16210001811145041251,131072 /prefetch:2
        2⤵
          PID:5000
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=1824,i,14526386916363868515,16210001811145041251,131072 /prefetch:8
          2⤵
            PID:2016
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2140 --field-trial-handle=1824,i,14526386916363868515,16210001811145041251,131072 /prefetch:8
            2⤵
              PID:492
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3044 --field-trial-handle=1824,i,14526386916363868515,16210001811145041251,131072 /prefetch:1
              2⤵
                PID:3108
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3196 --field-trial-handle=1824,i,14526386916363868515,16210001811145041251,131072 /prefetch:1
                2⤵
                  PID:2504
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4424 --field-trial-handle=1824,i,14526386916363868515,16210001811145041251,131072 /prefetch:8
                  2⤵
                    PID:1488
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4704 --field-trial-handle=1824,i,14526386916363868515,16210001811145041251,131072 /prefetch:8
                    2⤵
                      PID:2120
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4836 --field-trial-handle=1824,i,14526386916363868515,16210001811145041251,131072 /prefetch:8
                      2⤵
                        PID:5092
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 --field-trial-handle=1824,i,14526386916363868515,16210001811145041251,131072 /prefetch:8
                        2⤵
                          PID:3940
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3808 --field-trial-handle=1824,i,14526386916363868515,16210001811145041251,131072 /prefetch:8
                          2⤵
                          • NTFS ADS
                          PID:684
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4796 --field-trial-handle=1824,i,14526386916363868515,16210001811145041251,131072 /prefetch:8
                          2⤵
                            PID:952
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4812 --field-trial-handle=1824,i,14526386916363868515,16210001811145041251,131072 /prefetch:8
                            2⤵
                              PID:2976
                            • C:\Users\Admin\Downloads\processhacker-2.39-setup.exe
                              "C:\Users\Admin\Downloads\processhacker-2.39-setup.exe"
                              2⤵
                              • Executes dropped EXE
                              PID:1900
                              • C:\Users\Admin\AppData\Local\Temp\is-04KN8.tmp\processhacker-2.39-setup.tmp
                                "C:\Users\Admin\AppData\Local\Temp\is-04KN8.tmp\processhacker-2.39-setup.tmp" /SL5="$C0140,1874675,150016,C:\Users\Admin\Downloads\processhacker-2.39-setup.exe"
                                3⤵
                                • Executes dropped EXE
                                • Drops file in Program Files directory
                                • Suspicious behavior: EnumeratesProcesses
                                • Suspicious use of FindShellTrayWindow
                                PID:2904
                                • C:\Program Files\Process Hacker 2\ProcessHacker.exe
                                  "C:\Program Files\Process Hacker 2\ProcessHacker.exe"
                                  4⤵
                                  • Executes dropped EXE
                                  • Loads dropped DLL
                                  • Checks processor information in registry
                                  • Suspicious behavior: EnumeratesProcesses
                                  • Suspicious behavior: GetForegroundWindowSpam
                                  • Suspicious use of AdjustPrivilegeToken
                                  • Suspicious use of FindShellTrayWindow
                                  • Suspicious use of SendNotifyMessage
                                  PID:2060
                          • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                            "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                            1⤵
                              PID:796

                            Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Program Files\Process Hacker 2\ProcessHacker.exe

                              Filesize

                              1.6MB

                              MD5

                              b365af317ae730a67c936f21432b9c71

                              SHA1

                              a0bdfac3ce1880b32ff9b696458327ce352e3b1d

                              SHA256

                              bd2c2cf0631d881ed382817afcce2b093f4e412ffb170a719e2762f250abfea4

                              SHA512

                              cc3359e16c6fe905a9e176a87acf4c4ed5e22c29bfca11949799caf8442e00ec0d1679b3d8754dbc3e313528d3e8e82c0ec1941e2c3530b48229c1cb337f6b8b

                            • C:\Program Files\Process Hacker 2\ProcessHacker.sig

                              Filesize

                              64B

                              MD5

                              2ccb4420d40893846e1f88a2e82834da

                              SHA1

                              ef29efec7e3e0616948f9fe1fd016e43b6c971de

                              SHA256

                              519c2c2ca0caf00db5b3eb2b79dfe42e6128161c13aeb4b4d8b86fbffc67e3d4

                              SHA512

                              b2a000b33d4a9b2e886208fc78aeb3a986f7bd379fb6910da9f6577603aa6e8237cb552eabca70445f37b427419beeff0b061090cb952331b8db322ce2e58bc6

                            • C:\Program Files\Process Hacker 2\plugins\DotNetTools.dll

                              Filesize

                              132KB

                              MD5

                              b16ce8ba8e7f0ee83ec1d49f2d0af0a7

                              SHA1

                              cdf17a7beb537853fae6214d028754ce98e2e860

                              SHA256

                              b4cc0280e2caa0335361172cb7d673f745defc78299ded808426ffbc2458e4d9

                              SHA512

                              32de59c95d1690f4221b236376e282c8be1bb7f5d567592b935dcd798b36b80e86da81741c5845fa280386f75f6eafc9bbd41035362984150b134d24aede61eb

                            • C:\Program Files\Process Hacker 2\plugins\ExtendedNotifications.dll

                              Filesize

                              140KB

                              MD5

                              be4dc4d2d1d05001ab0bb2bb8659bfad

                              SHA1

                              c0ed9e375b447b61c07c0b00c93bb81c87bcfc2e

                              SHA256

                              61e8cd8de80a5c0d7ced280fe04ad8387a846a7bf2ee51bcbba96b971c7c1795

                              SHA512

                              31389e268fe3bf1175fa3c251ca026f77dc59361b8425c9826f31d18c5174e6de68c6092aef187f2bd2c92d89b3093a660b2fe6189af369293c1117c856b5cdf

                            • C:\Program Files\Process Hacker 2\plugins\ExtendedServices.dll

                              Filesize

                              136KB

                              MD5

                              4858bdb7731bf0b46b247a1f01f4a282

                              SHA1

                              de2f9cbcec1e1fa891d9693fb3cadfdd4cfe1f60

                              SHA256

                              5ae7c0972fd4e4c4ae14c0103602ca854377fefcbccd86fa68cfc5a6d1f99f60

                              SHA512

                              41b39560e15d620733ca29dc37f55a939a653f99686ac86643ccc67fbb807ad95d1996b867319d98506f3b8a30772fff3c3317bbcc205987f48031923f674d9a

                            • C:\Program Files\Process Hacker 2\plugins\ExtendedTools.dll

                              Filesize

                              196KB

                              MD5

                              bc61e6fb02fbbfe16fb43cc9f4e949f1

                              SHA1

                              307543fcef62c6f8c037e197703446fcb543424a

                              SHA256

                              f2805e0f81513641a440f1a21057a664961c22192cb33fca3870362c8f872d87

                              SHA512

                              0bbfe53e1dd933a3080d9775ad890fcbd73f9820885efa6b69e9664261249f34eaae3870f74de8511734fc9a0114f36e1bfc529a032d303a8e3e583e37a506c6

                            • C:\Program Files\Process Hacker 2\plugins\HardwareDevices.dll

                              Filesize

                              180KB

                              MD5

                              a46c8bb886e0b9290e5dbc6ca524d61f

                              SHA1

                              cfc1b93dc894b27477fc760dfcfb944cb849cb48

                              SHA256

                              acd49f2aa36d4efb9c4949e2d3cc2bd7aee384c2ced7aa9e66063da4150fcb00

                              SHA512

                              5a4d2e0fa7a1a14bc4c94a0c144bfbfcef1ecabe4dc15f668605d27f37f531934778f53e7377bab0ff83531732dc15e9fc40b16f2d1f7e925429681bd5bdca73

                            • C:\Program Files\Process Hacker 2\plugins\NetworkTools.dll

                              Filesize

                              134KB

                              MD5

                              d6bed1d6fdbed480e32fdd2dd4c13352

                              SHA1

                              544567d030a19e779629eed65d2334827dcda141

                              SHA256

                              476aa6af14dd0b268786e32543b9a6917a298d4d90e1015dac6fb2b522cf5d2e

                              SHA512

                              89362a7b675651f44649f0ea231f039e0b91aba9f84c91545f15e187c6cbd07bbf3648a4e232dfe5122cf5636e67c458f4f7dab49ed4de3f3a303aa396c41d1c

                            • C:\Program Files\Process Hacker 2\plugins\OnlineChecks.dll

                              Filesize

                              222KB

                              MD5

                              12c25fb356e51c3fd81d2d422a66be89

                              SHA1

                              7cc763f8dc889a4ec463aaba38f6e6f65dbdbb8c

                              SHA256

                              7336d66588bbcfea63351a2eb7c8d83bbd49b5d959ba56a94b1fe2e905a5b5de

                              SHA512

                              927d785d03c1ee44b5e784b35a09168978b652f37fb73a1a2eeecd3583c28595fb030e8c1f87ab9a20beac4622775777820d1a2ad7219ba8b9ae8b6fbc4568a0

                            • C:\Program Files\Process Hacker 2\plugins\SbieSupport.dll

                              Filesize

                              95KB

                              MD5

                              37cbfa73883e7e361d3fa67c16d0f003

                              SHA1

                              ffa24756cdc37dfd24dc97ba7a42d0399e59960a

                              SHA256

                              57c56f7b312dc1f759e6ad039aac3f36ce5130d259eb9faad77239083398308b

                              SHA512

                              6e0bfab9ff44f580f302cabd06fc537a9e24432effd94b50ab696b35f57a61772072b7f9045a9e99fa4bf3bc316f43ea25ab6c87517242e7957eb86575203bed

                            • C:\Program Files\Process Hacker 2\plugins\ToolStatus.dll

                              Filesize

                              243KB

                              MD5

                              3788efff135f8b17a179d02334d505e6

                              SHA1

                              d6c965ba09b626d7d157372756ea1ec52a43f6b7

                              SHA256

                              5713d40dec146dbc819230daefe1b886fa6d6f6dbd619301bb8899562195cbab

                              SHA512

                              215d6c3665323901d41ae5151908c4e084a04a1558617016f0788194304e066410b92943bd6c119339727037ee02cfda893b9baf5603b2870d9fc5ae0c77ca7e

                            • C:\Program Files\Process Hacker 2\plugins\Updater.dll

                              Filesize

                              110KB

                              MD5

                              6976b57c6391f54dbd2828a45ca81100

                              SHA1

                              a8c312a56ede6f4852c34c316c01080762aa5498

                              SHA256

                              0c11cdc3765ffb53ba9707b6f99ec17ae4f7334578a935ba7bcbbc9c7bdeed2e

                              SHA512

                              54d8b39457f516d921bb907615ff60a46b6031e1444a443c9657e06d78c9fb0f637ae4756bb7b884e4dca2f55902372ad4ddba1d020abe02e0a381702ae270cc

                            • C:\Program Files\Process Hacker 2\plugins\UserNotes.dll

                              Filesize

                              114KB

                              MD5

                              e48c789c425f966f5e5ee3187934174f

                              SHA1

                              96f85a86a56cbf55ebd547039eb1f8b0db9d9d8d

                              SHA256

                              fc9d0d0482c63ab7f238bc157c3c0fed97951ccf2d2e45be45c06c426c72cb52

                              SHA512

                              efdb42e4a1993ee6aa5c0c525bd58316d6c92fbc5cebbc3a66a26e2cf0c69fe68d19bc9313656ad1d38c4aef33131924684e226f88ef920e0e2cd607054a857c

                            • C:\Program Files\Process Hacker 2\plugins\WindowExplorer.dll

                              Filesize

                              133KB

                              MD5

                              0e8d04159c075f0048b89270d22d2dbb

                              SHA1

                              d0fa2367d329909b6c9efcb3cc2c2902d8cf9b22

                              SHA256

                              282696487ea5dc781788d5d8477b977f72b7c70f201c2af0cfe7e1a9fd8d749a

                              SHA512

                              56440f3feddc124574debfe3789e14d908982d4d8e9516f42fab7db7bcecdd3badd2f75e005016a7b9d87a00d5646b8df722bae8fba3932198babbe5335cf197

                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3781B4A3713292956206932165FA4132_29912A7EA9EDB60BB42BD5D9643E27BB

                              Filesize

                              471B

                              MD5

                              afc966cc880908a60efb3637d6cc639e

                              SHA1

                              3d9e1a6560ed5b546526f671911c5aa6e045e2b0

                              SHA256

                              0d0f1c865a81d3ade2125a6f412c5f6635608a87d29ba81e31fc4d8154e9f03e

                              SHA512

                              b575b09e72cacc5b8923cd2d01c6a71beb5ea168f76a0a909cfa7ebac50aae9a28fb0ae54f9ec45092e6cfe513dfe45c847091b8db42b10ae4ed688dedc3806e

                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8890A77645B73478F5B1DED18ACBF795_E1EDEF0C21AE75D448F7327475DF4C9E

                              Filesize

                              471B

                              MD5

                              ef11a754f2a3a44f3349c1c0069f5ad5

                              SHA1

                              42446985899dce071dd04a2dcc782963a3daa301

                              SHA256

                              688437e3466dc45255fc58b39616a2884fdb479b377ffe1bbc2776422af63e1f

                              SHA512

                              248ac1727638f1cf725755c3ed827a5e86fd1beb5e4d2bc6db0391703fa95cb2418b368d7d964d90f7c698645f924c682518e2bfea7746c7aaf2e8344cf0771c

                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3781B4A3713292956206932165FA4132_29912A7EA9EDB60BB42BD5D9643E27BB

                              Filesize

                              404B

                              MD5

                              bf95cc262771a4e86145fc4f37f5b3c7

                              SHA1

                              fec166e5015111980811c5138797750dc8cdef39

                              SHA256

                              a4eb044302a17ff8151d5cbf5e6e562592e14dcc1fe5178ccf959532f2c319bc

                              SHA512

                              2901482ab0fdd3bed4ef3def7c6b186a3432f5b29ab5eb8693a4fe8f2ca42df2a48adfe0b35e6e2e241e8827de56cc886b62a03740d093a7d964b99c299da3da

                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8890A77645B73478F5B1DED18ACBF795_E1EDEF0C21AE75D448F7327475DF4C9E

                              Filesize

                              400B

                              MD5

                              0945ad59d345e61718e675089d37191e

                              SHA1

                              447543926fa8275256d963bc60da2ffa394ab3bc

                              SHA256

                              987e277b2c9678677169df62fc540fecf6d3a8b96743e153715e96f4703a8e69

                              SHA512

                              455ec45ae2914523e345acd3e8a7c026912a8139214e7dab3c2f06f33bf494c8b32828955774193372f90fc70364beb83bc85039d3f8dee1cc9e7dd269704afb

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\5c39622d-0aa2-451f-a663-295467e84fa2.tmp

                              Filesize

                              2B

                              MD5

                              d751713988987e9331980363e24189ce

                              SHA1

                              97d170e1550eee4afc0af065b78cda302a97674c

                              SHA256

                              4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                              SHA512

                              b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                              Filesize

                              1KB

                              MD5

                              2c87c486d4681f221c4141e7da23b826

                              SHA1

                              9ad790a6f89cea4af9f480f00351dda45fa2e441

                              SHA256

                              a060e5317b876cb1de5a6df85a2793fcbacf827eb03fc28383c260e566316613

                              SHA512

                              914c25a457cc43ed58fab2fa8d9d5eb28feede235d5fcd3d7d8b25b5562cfe0c9b9374e26261b755438ce221e3721e87f39e32aaead08efbd89fad8c8afb9396

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                              Filesize

                              7KB

                              MD5

                              2fe25e58597574ab32db8987718bfc72

                              SHA1

                              66b510e8fd1e85cc6357f532255ea9c3449e250d

                              SHA256

                              4a64754a5878827f6232c7166b712cfa9237955512a10383e848fc2762ba48c5

                              SHA512

                              fe578d558821103c31635138e900a4e396c0f42cab43c6fa09a26a56ef25e5652cb6d1aa543a2f917206fdd05fc83cbb822ec039dd3aafc9e4fd60b25dfe9c1b

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                              Filesize

                              7KB

                              MD5

                              5e789d1a81de534447ce00c56368dbae

                              SHA1

                              26216ccf8f640d243a6827f354cbe08ceec3ace1

                              SHA256

                              202b1aea9896e972aee2e188eabff51ee72d95845fb858a3af12e0838ba035e7

                              SHA512

                              e35db11842c7b5085531918e3a3be6de9098cc26eb5d5d312260869b0f8028a8a89759a46f88328762937bd0974078ac168d2a03ade48063e64a22482a4445fd

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                              Filesize

                              130KB

                              MD5

                              10c2bd3e5a5bb9a32236a27a87b3fc72

                              SHA1

                              5577bb9b584b59f64d0406d82f5fa1be0a877da3

                              SHA256

                              543e4c3e099d5fcd4f755c43aeb9f94d815316d44eca47a2f41ccf4203e38369

                              SHA512

                              772aada71a45bd0e87a4b8603eb43aa25ba848371cec897989ae32d87653240e9ae480ea4a30b27ef9bc7a038f3a5c3041631daf276b286b14ec7133e4b66355

                            • C:\Users\Admin\AppData\Local\Temp\is-04KN8.tmp\processhacker-2.39-setup.tmp

                              Filesize

                              785KB

                              MD5

                              1c96ed29e0136825e06f037bf10b2419

                              SHA1

                              b74a55279474253639bebf9c92f10f947145ff30

                              SHA256

                              b10cf8cdf541ca0dd6df79e66fb4b0854dcac717aba034ba0c4961bff92fd021

                              SHA512

                              0e74854d9de4e3944b2cff9b5de7eb19fdec1fee6c9576cae6cd81741adf84eac421cb743b1df30183f645ffe849357b6a85b5be8d7f6e2efe289bbe4573e177

                            • C:\Users\Admin\Downloads\Unconfirmed 439537.crdownload

                              Filesize

                              2.2MB

                              MD5

                              54daad58cce5003bee58b28a4f465f49

                              SHA1

                              162b08b0b11827cc024e6b2eed5887ec86339baa

                              SHA256

                              28042dd4a92a0033b8f1d419b9e989c5b8e32d1d2d881f5c8251d58ce35b9063

                              SHA512

                              8330de722c8800ff64c6b9ea16a4ff7416915cd883e128650c47e5cb446dd3aaa2a9ba5c4ecda781d243be7fb437b054bbcf942ea714479e6cc3cef932390829

                            • C:\Users\Admin\Downloads\processhacker-2.39-setup.exe:Zone.Identifier

                              Filesize

                              236B

                              MD5

                              2d2fd0a6e84a9478f40b26899f662be4

                              SHA1

                              34467c963d8ea6dabdc6fdafaac99d0ba477b70e

                              SHA256

                              ec4604148b0432f7df8b494249416e4cf4d3920b313162ecbc101da4a08ed548

                              SHA512

                              90bcccd6286b7b68ef39afa5464352283dcfa5ec055d773acd91bfc3c0ed8763fb9cc97d8d1ace86e7a2489782539d756bf9a705b988a94c78e068a4cd9879a2

                            • \??\pipe\crashpad_1376_LSBUZECUHZRKCNRS

                              MD5

                              d41d8cd98f00b204e9800998ecf8427e

                              SHA1

                              da39a3ee5e6b4b0d3255bfef95601890afd80709

                              SHA256

                              e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                              SHA512

                              cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                            • memory/1900-184-0x0000000000400000-0x000000000042B000-memory.dmp

                              Filesize

                              172KB

                            • memory/1900-56-0x0000000000400000-0x000000000042B000-memory.dmp

                              Filesize

                              172KB

                            • memory/1900-58-0x0000000000401000-0x000000000040B000-memory.dmp

                              Filesize

                              40KB

                            • memory/1900-81-0x0000000000400000-0x000000000042B000-memory.dmp

                              Filesize

                              172KB

                            • memory/2904-82-0x0000000000400000-0x00000000004D4000-memory.dmp

                              Filesize

                              848KB

                            • memory/2904-183-0x0000000000400000-0x00000000004D4000-memory.dmp

                              Filesize

                              848KB

                            • memory/2904-62-0x0000000000400000-0x00000000004D4000-memory.dmp

                              Filesize

                              848KB