fickerstealer | e99ca0fc692290f683b6a3e0ad3812894f539a4a7c8f20998b17b006d1e92dc8

Resubmissions

09-07-2024 06:47

240709-hkayka1cmn 4

06-06-2024 13:11

240606-qffx1see5v 10

Analysis

max time kernel
599s
max time network
600s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
06-06-2024 13:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aLZhlBKT.html
Size

2KB
MD5

f124b5c09d374d0f69d640b89a9ee2c2
SHA1

b3eabbdb05e682802b862161cd584468095ba168
SHA256

e99ca0fc692290f683b6a3e0ad3812894f539a4a7c8f20998b17b006d1e92dc8
SHA512

03477213af313cad9fee791d9bed12ac887fe999b19169024413720289037e2b832f39d99a6de270fe124f4560209a6ea6c5a4a6f415ded5dfaaacbb898732cc

Score

10^/10

fickerstealer infostealer

Malware Config

Extracted

Family

fickerstealer

45.93.201.181:80

Signatures

Fickerstealer
Ficker is an infostealer written in Rust and ASM.
infostealer fickerstealer

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
109	api.ipify.org

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\4272278488\2581520266.pri	SecHealthUI.exe
File created	C:\Windows\rescache\_merged\4272278488\2581520266.pri	SecHealthUI.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133621531566333435"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 46 IoCs

pid	Process
512	chrome.exe
512	chrome.exe
3848	chrome.exe
3848	chrome.exe
4332	Setup.exe
4332	Setup.exe
4332	Setup.exe
4332	Setup.exe
4332	Setup.exe
4332	Setup.exe
4332	Setup.exe
4332	Setup.exe
4332	Setup.exe
4332	Setup.exe
4332	Setup.exe
4332	Setup.exe
4332	Setup.exe
4332	Setup.exe
4332	Setup.exe
4332	Setup.exe
4332	Setup.exe
4332	Setup.exe
4332	Setup.exe
4332	Setup.exe
4332	Setup.exe
4332	Setup.exe
4332	Setup.exe
4332	Setup.exe
4332	Setup.exe
4332	Setup.exe
4332	Setup.exe
4332	Setup.exe
4332	Setup.exe
4332	Setup.exe
4332	Setup.exe
4332	Setup.exe
4332	Setup.exe
4332	Setup.exe
4332	Setup.exe
4332	Setup.exe
4332	Setup.exe
4332	Setup.exe
4332	Setup.exe
4332	Setup.exe
4332	Setup.exe
4332	Setup.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	512	chrome.exe
Token: SeCreatePagefilePrivilege	512	chrome.exe
Token: SeShutdownPrivilege	512	chrome.exe
Token: SeCreatePagefilePrivilege	512	chrome.exe
Token: SeShutdownPrivilege	512	chrome.exe
Token: SeCreatePagefilePrivilege	512	chrome.exe
Token: SeShutdownPrivilege	512	chrome.exe
Token: SeCreatePagefilePrivilege	512	chrome.exe
Token: SeShutdownPrivilege	512	chrome.exe
Token: SeCreatePagefilePrivilege	512	chrome.exe
Token: SeShutdownPrivilege	512	chrome.exe
Token: SeCreatePagefilePrivilege	512	chrome.exe
Token: SeShutdownPrivilege	512	chrome.exe
Token: SeCreatePagefilePrivilege	512	chrome.exe
Token: SeShutdownPrivilege	512	chrome.exe
Token: SeCreatePagefilePrivilege	512	chrome.exe
Token: SeShutdownPrivilege	512	chrome.exe
Token: SeCreatePagefilePrivilege	512	chrome.exe
Token: SeShutdownPrivilege	512	chrome.exe
Token: SeCreatePagefilePrivilege	512	chrome.exe
Token: SeShutdownPrivilege	512	chrome.exe
Token: SeCreatePagefilePrivilege	512	chrome.exe
Token: SeShutdownPrivilege	512	chrome.exe
Token: SeCreatePagefilePrivilege	512	chrome.exe
Token: SeShutdownPrivilege	512	chrome.exe
Token: SeCreatePagefilePrivilege	512	chrome.exe
Token: SeShutdownPrivilege	512	chrome.exe
Token: SeCreatePagefilePrivilege	512	chrome.exe
Token: SeShutdownPrivilege	512	chrome.exe
Token: SeCreatePagefilePrivilege	512	chrome.exe
Token: SeShutdownPrivilege	512	chrome.exe
Token: SeCreatePagefilePrivilege	512	chrome.exe
Token: SeShutdownPrivilege	512	chrome.exe
Token: SeCreatePagefilePrivilege	512	chrome.exe
Token: SeShutdownPrivilege	512	chrome.exe
Token: SeCreatePagefilePrivilege	512	chrome.exe
Token: SeShutdownPrivilege	512	chrome.exe
Token: SeCreatePagefilePrivilege	512	chrome.exe
Token: SeShutdownPrivilege	512	chrome.exe
Token: SeCreatePagefilePrivilege	512	chrome.exe
Token: SeShutdownPrivilege	512	chrome.exe
Token: SeCreatePagefilePrivilege	512	chrome.exe
Token: SeShutdownPrivilege	512	chrome.exe
Token: SeCreatePagefilePrivilege	512	chrome.exe
Token: SeShutdownPrivilege	512	chrome.exe
Token: SeCreatePagefilePrivilege	512	chrome.exe
Token: SeShutdownPrivilege	512	chrome.exe
Token: SeCreatePagefilePrivilege	512	chrome.exe
Token: SeShutdownPrivilege	512	chrome.exe
Token: SeCreatePagefilePrivilege	512	chrome.exe
Token: SeShutdownPrivilege	512	chrome.exe
Token: SeCreatePagefilePrivilege	512	chrome.exe
Token: SeShutdownPrivilege	512	chrome.exe
Token: SeCreatePagefilePrivilege	512	chrome.exe
Token: SeShutdownPrivilege	512	chrome.exe
Token: SeCreatePagefilePrivilege	512	chrome.exe
Token: SeShutdownPrivilege	512	chrome.exe
Token: SeCreatePagefilePrivilege	512	chrome.exe
Token: SeShutdownPrivilege	512	chrome.exe
Token: SeCreatePagefilePrivilege	512	chrome.exe
Token: SeShutdownPrivilege	512	chrome.exe
Token: SeCreatePagefilePrivilege	512	chrome.exe
Token: SeShutdownPrivilege	512	chrome.exe
Token: SeCreatePagefilePrivilege	512	chrome.exe

Suspicious use of FindShellTrayWindow 60 IoCs

pid	Process
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2820	SecHealthUI.exe
220	SecHealthUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 512 wrote to memory of 4164	512	chrome.exe	73
PID 512 wrote to memory of 4164	512	chrome.exe	73
PID 512 wrote to memory of 2548	512	chrome.exe	75
PID 512 wrote to memory of 2548	512	chrome.exe	75
PID 512 wrote to memory of 2548	512	chrome.exe	75
PID 512 wrote to memory of 2548	512	chrome.exe	75
PID 512 wrote to memory of 2548	512	chrome.exe	75
PID 512 wrote to memory of 2548	512	chrome.exe	75
PID 512 wrote to memory of 2548	512	chrome.exe	75
PID 512 wrote to memory of 2548	512	chrome.exe	75
PID 512 wrote to memory of 2548	512	chrome.exe	75
PID 512 wrote to memory of 2548	512	chrome.exe	75
PID 512 wrote to memory of 2548	512	chrome.exe	75
PID 512 wrote to memory of 2548	512	chrome.exe	75
PID 512 wrote to memory of 2548	512	chrome.exe	75
PID 512 wrote to memory of 2548	512	chrome.exe	75
PID 512 wrote to memory of 2548	512	chrome.exe	75
PID 512 wrote to memory of 2548	512	chrome.exe	75
PID 512 wrote to memory of 2548	512	chrome.exe	75
PID 512 wrote to memory of 2548	512	chrome.exe	75
PID 512 wrote to memory of 2548	512	chrome.exe	75
PID 512 wrote to memory of 2548	512	chrome.exe	75
PID 512 wrote to memory of 2548	512	chrome.exe	75
PID 512 wrote to memory of 2548	512	chrome.exe	75
PID 512 wrote to memory of 2548	512	chrome.exe	75
PID 512 wrote to memory of 2548	512	chrome.exe	75
PID 512 wrote to memory of 2548	512	chrome.exe	75
PID 512 wrote to memory of 2548	512	chrome.exe	75
PID 512 wrote to memory of 2548	512	chrome.exe	75
PID 512 wrote to memory of 2548	512	chrome.exe	75
PID 512 wrote to memory of 2548	512	chrome.exe	75
PID 512 wrote to memory of 2548	512	chrome.exe	75
PID 512 wrote to memory of 2548	512	chrome.exe	75
PID 512 wrote to memory of 2548	512	chrome.exe	75
PID 512 wrote to memory of 2548	512	chrome.exe	75
PID 512 wrote to memory of 2548	512	chrome.exe	75
PID 512 wrote to memory of 2548	512	chrome.exe	75
PID 512 wrote to memory of 2548	512	chrome.exe	75
PID 512 wrote to memory of 2548	512	chrome.exe	75
PID 512 wrote to memory of 2548	512	chrome.exe	75
PID 512 wrote to memory of 4488	512	chrome.exe	76
PID 512 wrote to memory of 4488	512	chrome.exe	76
PID 512 wrote to memory of 5108	512	chrome.exe	77
PID 512 wrote to memory of 5108	512	chrome.exe	77
PID 512 wrote to memory of 5108	512	chrome.exe	77
PID 512 wrote to memory of 5108	512	chrome.exe	77
PID 512 wrote to memory of 5108	512	chrome.exe	77
PID 512 wrote to memory of 5108	512	chrome.exe	77
PID 512 wrote to memory of 5108	512	chrome.exe	77
PID 512 wrote to memory of 5108	512	chrome.exe	77
PID 512 wrote to memory of 5108	512	chrome.exe	77
PID 512 wrote to memory of 5108	512	chrome.exe	77
PID 512 wrote to memory of 5108	512	chrome.exe	77
PID 512 wrote to memory of 5108	512	chrome.exe	77
PID 512 wrote to memory of 5108	512	chrome.exe	77
PID 512 wrote to memory of 5108	512	chrome.exe	77
PID 512 wrote to memory of 5108	512	chrome.exe	77
PID 512 wrote to memory of 5108	512	chrome.exe	77
PID 512 wrote to memory of 5108	512	chrome.exe	77
PID 512 wrote to memory of 5108	512	chrome.exe	77
PID 512 wrote to memory of 5108	512	chrome.exe	77
PID 512 wrote to memory of 5108	512	chrome.exe	77
PID 512 wrote to memory of 5108	512	chrome.exe	77
PID 512 wrote to memory of 5108	512	chrome.exe	77

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\aLZhlBKT.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffea7679758,0x7ffea7679768,0x7ffea7679778
  2⤵
  PID:4164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1516 --field-trial-handle=1752,i,12204439569805778643,15285483711293056638,131072 /prefetch:2
  2⤵
  PID:2548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1660 --field-trial-handle=1752,i,12204439569805778643,15285483711293056638,131072 /prefetch:8
  2⤵
  PID:4488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2032 --field-trial-handle=1752,i,12204439569805778643,15285483711293056638,131072 /prefetch:8
  2⤵
  PID:5108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2792 --field-trial-handle=1752,i,12204439569805778643,15285483711293056638,131072 /prefetch:1
  2⤵
  PID:2780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2800 --field-trial-handle=1752,i,12204439569805778643,15285483711293056638,131072 /prefetch:1
  2⤵
  PID:4184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4124 --field-trial-handle=1752,i,12204439569805778643,15285483711293056638,131072 /prefetch:8
  2⤵
  PID:3848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4168 --field-trial-handle=1752,i,12204439569805778643,15285483711293056638,131072 /prefetch:8
  2⤵
  PID:2012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4304 --field-trial-handle=1752,i,12204439569805778643,15285483711293056638,131072 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4528 --field-trial-handle=1752,i,12204439569805778643,15285483711293056638,131072 /prefetch:1
  2⤵
  PID:372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 --field-trial-handle=1752,i,12204439569805778643,15285483711293056638,131072 /prefetch:8
  2⤵
  PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4032 --field-trial-handle=1752,i,12204439569805778643,15285483711293056638,131072 /prefetch:8
  2⤵
  PID:3004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5188 --field-trial-handle=1752,i,12204439569805778643,15285483711293056638,131072 /prefetch:8
  2⤵
  PID:1048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5340 --field-trial-handle=1752,i,12204439569805778643,15285483711293056638,131072 /prefetch:8
  2⤵
  PID:928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5484 --field-trial-handle=1752,i,12204439569805778643,15285483711293056638,131072 /prefetch:8
  2⤵
  PID:2552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4452 --field-trial-handle=1752,i,12204439569805778643,15285483711293056638,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4488 --field-trial-handle=1752,i,12204439569805778643,15285483711293056638,131072 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2868 --field-trial-handle=1752,i,12204439569805778643,15285483711293056638,131072 /prefetch:8
  2⤵
  PID:2856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2888 --field-trial-handle=1752,i,12204439569805778643,15285483711293056638,131072 /prefetch:8
  2⤵
  PID:1392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=936 --field-trial-handle=1752,i,12204439569805778643,15285483711293056638,131072 /prefetch:8
  2⤵
  PID:2284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4292 --field-trial-handle=1752,i,12204439569805778643,15285483711293056638,131072 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=964 --field-trial-handle=1752,i,12204439569805778643,15285483711293056638,131072 /prefetch:8
  2⤵
  PID:1156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4044 --field-trial-handle=1752,i,12204439569805778643,15285483711293056638,131072 /prefetch:8
  2⤵
  PID:4536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5068 --field-trial-handle=1752,i,12204439569805778643,15285483711293056638,131072 /prefetch:8
  2⤵
  PID:568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 --field-trial-handle=1752,i,12204439569805778643,15285483711293056638,131072 /prefetch:8
  2⤵
  PID:4476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 --field-trial-handle=1752,i,12204439569805778643,15285483711293056638,131072 /prefetch:8
  2⤵
  PID:3268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4340 --field-trial-handle=1752,i,12204439569805778643,15285483711293056638,131072 /prefetch:1
  2⤵
  PID:2052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 --field-trial-handle=1752,i,12204439569805778643,15285483711293056638,131072 /prefetch:8
  2⤵
  PID:3028

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3928

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3d0
1⤵
PID:1628

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2336

C:\Users\Admin\Downloads\Setup (password is THEPIRATEBAY007)\Setup.exe
"C:\Users\Admin\Downloads\Setup (password is THEPIRATEBAY007)\Setup.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4332
- C:\Users\Admin\Downloads\Setup (password is THEPIRATEBAY007)\Setup.exe
  "C:\Users\Admin\Downloads\Setup (password is THEPIRATEBAY007)\Setup.exe"
  2⤵
  PID:2172

C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
"C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe" -ServerName:SecHealthUI.AppXep4x2tbtjws1v9qqs0rmb3hxykvkpqtn.mca
1⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:2820

C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
"C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe" -ServerName:SecHealthUI.AppXep4x2tbtjws1v9qqs0rmb3hxykvkpqtn.mca
1⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\krosqm.txt

Filesize
14B

MD5
1207bc197a1ebd72a77f1a771cad9e52

SHA1
8ed121ff66d407150d7390b9276fe690dd213b27

SHA256
260658b9cb063d6ce96f681b18704e02fae7bf8fc995fc249ab0be1400983476

SHA512
d037cfa3b6e6ced9652b2c781bb54cf48dbaa0aaff05039ae4fd0122749eda472807d4198981aa6ceffeba6d2b23d7ad08d7d96983dbd8539cf6b07e46e157f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003c

Filesize
17KB

MD5
950eca48e414acbe2c3b5d046dcb8521

SHA1
1731f264e979f18cdf08c405c7b7d32789a6fb59

SHA256
c0bbe530abfce19e06697bc4358eb426e076ccdb9113e22df4a6f32085da67a2

SHA512
27e55525ade4d099a6881011f6e2e0d5d3a9ca7181f4f014dc231d40b3b1907d0d437b0c44d336c25dd7b73209cd773b8563675ac260c43c7752e2d2d694d4d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
e71cb2f5c1d89864a9f71324833b6aa4

SHA1
09c4f2d024c798bac815c70680bfcf14a021e792

SHA256
373f8e4a69f9160fea0ffe398f238a66df13d69779e20d088e05a063d7b7c5f6

SHA512
e57941dc9e5fd61a439860bd218a080c86f240d4cc54fcba613ae9c35670180488d02574538078bc39b8de6abe059fcec9db99bb57465313edcf9d55185b1e76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
c0bb7835014bcb64ffd907bd6c73ad06

SHA1
9a9d7db3157ae2d8a9f6efe502fa3e34be48e98f

SHA256
8f9a159db939f0b3386822f7f6bfbe313c2823fa8555875c362e951a8550d5ad

SHA512
f0ee54979acabb069068408681cfce8e9064f7c68be8705ea353b17dba76c18525bb72ddf6b80724fb238e769cd549d59dd6e61ed5cadaf5a4dfb9f0bd799e9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\0309f15a-e951-4c84-9096-30630ef87a51.tmp

Filesize
369B

MD5
8ffafb0469fc7a28ab823c5fccdefb66

SHA1
0d6899d838dc2f696cc1415f79521b507e696619

SHA256
51f9b87f20b0d5f15b41ae44d9a601e90bff5ca79f7f8019e4e537000466df03

SHA512
14797962ae5278f7f08ed17983953d2cdeb7cea49ee10682b82c327478d9f289f3974299942405751bd6b8a902c5d7f9f19806f29ed0b7c4d3ec36bd1568ae14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
4f275106e29607df078a2c7ffa57463c

SHA1
a3192f93ae78c251864426e6a90f78061159c7fb

SHA256
38d7ce1339d977bd30aedd3f64d55ca18b80b1a81074374e1d156e628ed976b9

SHA512
abe59af197b68f4418a9d052fa4b8e6c8d0adc8619b3bc4e07eb477985c1d249cb1f944b1b3c47711da462e638ce09051c16691aded66907864eabe63a838b5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
6a514eb64d05f95dec9372167ed66ab0

SHA1
1fd79f33ee5a8d2a039b5cc8979bd906d910e92e

SHA256
9ccea1e7f2d62388330a87202fd21b7e4706a895804fa8149f9a78f6612fb70e

SHA512
fcfdabf86eeebe57c01690ab6656927ef706bb94a0f2ec7ed66df90ffa0788bd00a9dc804e257fe89af914e39d59015bbd63a9c19e1872daf08c6b1fe15d650c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
817b109c5706001b83b5bf996454e9ab

SHA1
08f1252a88e271f30a15a7be0444e1e2455ca716

SHA256
1231d97de8ebfade19854f29048ebdc5ab5c0f410c1635299cb37898f82fbc54

SHA512
e0f73210b624d1d5f5d5f5709dda89987efaea84af268366d0eb4e9e21d33582a7d8fa0aaeaac6c736abc76d466f656cb711e0358ac710a0c1d4011d98d4535f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
536B

MD5
87f7138fd2ff4a6d02f5e2c14d1c90aa

SHA1
5b1e3421818eb51e694c3b169e6233e56d455ec1

SHA256
bf6fc371e6166db42505a9b3617031b6020330ba8c2c34473b7b19262a1d44a2

SHA512
09fbf1840105cbfff62f85b410b5cda3f9faf43e9528a5f6222ebf2eb3186d718ae5d6efdfb8a877ec67fe48569edc20960365769d2d004019d5e43e66edd796

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
2d81b1544ef49f971273cd684a4ecc15

SHA1
c560c9c70768fed5b79ecf11799b50fcd2da8c49

SHA256
c9867077313d14a55672c5cd9dd659e3c445fdb40068e92e21860966e3aac358

SHA512
a66df0077653885ce55d5f6929a28b124f9af55f196a0f20cd032ff3633c9ac089eccc6a9f604c9c3fa4884cb9a06253019c5e2543b92ec9e342bd45ad145f92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
3853e7f45fb61dafdfd0a7469d77a9cf

SHA1
d2eb0de40fe717377f89f360c1032ecd45f56756

SHA256
e8f14321fc86c7240dd7e7fec69d9e191877ef5aa94534d1f834ad4aacbf410b

SHA512
a84be50139cd629ed7d68e05eb55b91f2b2546b21c57252b76d8e67b2f1e109fe00ff8d6757e82cf92b216009debc10a11e1b190c6e48c6e651edd14f4b0c1f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5955a13d0b3f18f7d1b7955b8e9ba0b4

SHA1
2059c9da1d8dd5d573ffaa83013c89f43bfcc669

SHA256
4e5e6709feb5946d2a63a88e89992b4ac7f070de095db450fc6faff3afd78c7c

SHA512
93da6ad242fe00ad100afb7ef18a6ef29d63d82876a3ab1dd3a96518797bdf873d38a3b59906aa0fc52bd086b8aa1fd049bc262dd5722880a901a7a6c4ee1132

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3423108bbda11820219370e89aa94015

SHA1
47c9b400e0d80070702274a4b680e998a09bc3fb

SHA256
215ad2faa005632916c78ee85b1c0d3228d0bdf18ae7cc90349916c95fc3d92c

SHA512
9374ee5bf15f1a2c10acbaa096ce341e2fad5c92a4cae2b1f9800be4ff1f45ac7129e59d33d0ce3158ca228cb8c904357045151c554ccf934ae6a083ce1283be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
92d2562f6c7ffa3f8db5ba88fb23b501

SHA1
0b4389423525109e00b5427164096964d05fabaf

SHA256
eec9e324ee307531afcd7ecc3a2988b61f35f043d8b6c787e28b0ee0fa0880e6

SHA512
596884917cb347b587cf42a2b0c1a2cd063cc72f50378e7228114e0a092f28b7d58040e55a1986f913713690680a1c604f649ca5a0a74b398d352b457efa8e36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5390ecdf4f5eb65ab6e82cc406f390d4

SHA1
75b47df8fec5599b1b33f52cf2eb2fe4d7766d96

SHA256
5764deda5b9c60eec35093a6a52c25bdef97d805caa71bc8ca62f9e99af21247

SHA512
30478e6c5ae7c70d8eb26f6b4f969bbf387dab6e489352016eb658d8a0fc00105715814daebcd82c1dbddb252cb23a1784eb4b4aa3c078fb7ccc1b5b95f5c4c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
44b9841e56984126bc042aed4cf8f6bc

SHA1
751a9348ecda4b8f135b54ef15caa38ccfadeb2c

SHA256
39beec919bb11c43f3e7431c8c13f83aa13a7bd0b758eaac86a0afc7a2f42650

SHA512
ef418d027af24aac11274a23c67540c4eff24f4cc1e1d1e6768d24224fe1ccbe018638e7c450cf5d4434d82b3de4f66b468ba7888d429d40c04d60ea7bdb06ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
ba23dc39c7d1396a9666c66c540bb68e

SHA1
96523587201cb9487c329dfa2c87611c23795d0c

SHA256
afa64e0567881a648cc8628d984cfbd8c4151220f7290c52ae3403af7f2a71f9

SHA512
19b49ec2e4ddc7460e2ba6f0a46f397086997a57a92e184aae2fb4b104f79070cb877b632353a47ecece5ec8aaf56b105c13f3fc20119393398bb115a6341901

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5ae9f4.TMP

Filesize
48B

MD5
e8bb8eb20bb7a750483baeff2115998f

SHA1
c45f5e407613d80dca41faf8c9fad99e6b9b4ec9

SHA256
d589cc605dfc75e1e35e10590b9ffbd6083fe55741792414fcd5118cd74eadca

SHA512
050c083bb769babb37dc171145297c7f230fead8fbbaba45df3fbd4c889bc96ca4d204922176a89d2f16238b2d2283e6d2c5907d366a72e5a551fcda176bd9d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
c0b43844b7ba0c7a077dac6e69adeba0

SHA1
d98fc62fe0bc76af3557d872e9120b7f9a9876d9

SHA256
6f0ce615507c83b62ad8bf6d7c49d69e3f44e66e4819774bb2be0de803fc96c9

SHA512
2a53158a2fa1dafc5ca828cd0a60df07702f139029c8a5c1bafa960f1fc5953902399169601961fea4e34c649ae50a704934b36bb6dfdcde53ebe8f5063e332c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
611556bd6387ea8cbeb94974b1a8041b

SHA1
ce1e50c5673d92fdaec4236c66fb61b63ef8c04c

SHA256
105ae3016fb11063408b2f313d158a48a5f0036e8109fcf01b8ef8f848970eb3

SHA512
e7f8b63599f3380a2f72706069d6f4e00f0c77d4a9b52f5af3d27a4a79b39cc5ca14d0003d75c053837a4b6bf150d03795cf50a882e949d9c64f32f714c10d2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
2ae419693c2cd0eb22478ac7c2d82dbb

SHA1
24a625e851273cd015e60732384386e3903e3d04

SHA256
f7107d3d1416980f26d64042d69f9e328b10fe08801557b734c09fa977830be5

SHA512
adb63011f06d582ba0ab67fbf98265ea91fa6e0e4b62a6e7e783c0ec24bce7fd74642adfada677d9b67e7752fe77b5ff9dada6b14be942642fdeeb3e850feee8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
93KB

MD5
da9ce16dee4546a778ec46a70407bc4d

SHA1
872453fc260522fa2e75bd5e7e89bf718891c8f8

SHA256
e0f00fd6972295f7bfe66653eef5ae9907af839c4fed02c5760e8191fd10a09b

SHA512
b6f04fcddfc34bde49ebe6ae5ed51880151e6747eab1a6ba8141c5771a56173c6ce1caf9a27f72642062cefe3a4e4c81746b0574f434baf4ce64c807b2f00c00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
105KB

MD5
e91cf668af6031b8834637fb18c64461

SHA1
ea0ea7b1fad4918ab364c20995fbbe6294ec13d7

SHA256
4435d38880ad5cf31c12f5bb4d6cf666c6a9b638b8f942689b274482cc57a492

SHA512
4508b6356f8cd34aa84641d85271b0fc2a6b3b73421645de3ac2469b0220afc18a1f24fec378477f92b5411ee8b7fe9822899f8af3f26012dae85c7f794ecccb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
93KB

MD5
a9023c6f67ba2a7faa92d4042480c6e5

SHA1
84e916ba93de596812d7de0667067f62d1482649

SHA256
1fe1d03d16ebe3629eb27bafa1dc0d32a788c782fde75fbf2bad5596895e7dce

SHA512
835bc141fd8dd59134c7f82e31d8f39c18b47157f716f1128b351c3102ea13a2d3ff0fbcce61d4896059cdd4eb5d3f7b0b87620cd0f900a1c6c05429a18cf2a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
95KB

MD5
81bb26d536f7419ac68e16455971a4f9

SHA1
a581c9abeadb5cdfa89b4001f7dd6cb1f2aa3f61

SHA256
8eea6dc587f44ad2433389f5ee7a37dae51be7f0c78ce8334d71cb5030351bad

SHA512
1d34e65d4b2c44912ca386e1109f667599ee4e7d05a09952323d5e2dee13aa70dc14806750d6ae28770bba36039d34da7d7519126f900739f0b746e6236b33a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
107KB

MD5
375875c419e2ea80093837c0579b4f08

SHA1
bc2ebb84ac43990ac6335fa93595e9b72f266d09

SHA256
452f1551fb381e3e3daf0084d79e97a073ecf38705ddf3ce632c08f0ed8950b1

SHA512
c6938d9087c13b20e3ddf4b7b8865565e408f3bed3bf15981395dbe65d0baf95908e38326750aa381a1ad93299349e332ac19d842ecf4364579be369f83af74e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe580858.TMP

Filesize
91KB

MD5
3654cf691607f65d17e542f56337785e

SHA1
005f423bc23e66678c27a0bdd918e0b67415cca7

SHA256
ae22d4321b298c9e443bca40faf53e4a69af32a97b69563dbee8ac19891b4f56

SHA512
5bff69a5a4eab2746327717d920a13abf9f92f8a7070fc042d337e87bffd145f06f3ea350cd6c0207e178f75db7c6401b61dddba82adfea7303e7241dc94d098

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.sechealthui_cw5n1h2txyewy\AC\Microsoft\Windows\4272278488\2581520266.pri

Filesize
70KB

MD5
dc37deff2947a4ec8bf9b40a3dc25c49

SHA1
422bdce2dc21c634760c8b06a60c4ebf131cc592

SHA256
00dee1b03565baf7c105f1484f27a2e04d900538c153372482fbedd8cde61d85

SHA512
bbe9730344e0f648c53d2d5c518791ce8d92c1f04e1b9646bb4feca24d5f41fae255eff57ad7c36ff1d26869ad25eede25bbd4e98a59267d41ee71f3885d9dd4

Download Submit
memory/2172-542-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/2172-550-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/2172-543-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/4332-541-0x0000000000400000-0x0000000001400000-memory.dmp

Filesize
16.0MB

Download