5552455c5f953e0d18d1eb8a7b3bde5d0d2c795510699e11f863747f9964313c

Analysis

max time kernel
167s
max time network
171s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10/06/2024, 20:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Abyss-Overlay-Setup-v2.0.3.exe
Size

120.6MB
MD5

f52a51ed605d8730fb0e7fb9769b8201
SHA1

f687d2b12c20df27871318d98394d449e327baa6
SHA256

5552455c5f953e0d18d1eb8a7b3bde5d0d2c795510699e11f863747f9964313c
SHA512

518161bb2f4ec61d788dd9c549d6a0b938f03f256b8c49274cbaccc43a67162308886f2f9badaef2a852744c92096314b0291a33ad5de1b82b4bc43844543c43
SSDEEP

3145728:gDi0upvTt37csdcHd+rPhMNpMuo0upvrYclgsw8cys:UIR7cUKErPuNpMuIUclPo

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 6 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	Abyss Overlay.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	Abyss Overlay.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	Abyss Overlay.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	Abyss Overlay.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	Abyss Overlay.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	Abyss Overlay.exe

Executes dropped EXE 14 IoCs

pid	Process
1608	Abyss Overlay.exe
4912	Abyss Overlay.exe
2980	Abyss Overlay.exe
1476	Abyss Overlay.exe
2364	Abyss Overlay.exe
4648	Abyss Overlay.exe
3628	Abyss Overlay.exe
1740	Abyss Overlay.exe
4204	Abyss Overlay.exe
388	Abyss Overlay.exe
4692	Abyss Overlay.exe
1212	Abyss Overlay.exe
2028	Abyss Overlay.exe
4484	Abyss Overlay.exe

Loads dropped DLL 32 IoCs

pid	Process
3628	Abyss-Overlay-Setup-v2.0.3.exe
3628	Abyss-Overlay-Setup-v2.0.3.exe
3628	Abyss-Overlay-Setup-v2.0.3.exe
3628	Abyss-Overlay-Setup-v2.0.3.exe
3628	Abyss-Overlay-Setup-v2.0.3.exe
3628	Abyss-Overlay-Setup-v2.0.3.exe
3628	Abyss-Overlay-Setup-v2.0.3.exe
3628	Abyss-Overlay-Setup-v2.0.3.exe
3628	Abyss-Overlay-Setup-v2.0.3.exe
3628	Abyss-Overlay-Setup-v2.0.3.exe
1608	Abyss Overlay.exe
4912	Abyss Overlay.exe
2980	Abyss Overlay.exe
1476	Abyss Overlay.exe
4912	Abyss Overlay.exe
4912	Abyss Overlay.exe
4912	Abyss Overlay.exe
2364	Abyss Overlay.exe
2364	Abyss Overlay.exe
4648	Abyss Overlay.exe
3628	Abyss Overlay.exe
1740	Abyss Overlay.exe
4204	Abyss Overlay.exe
388	Abyss Overlay.exe
4692	Abyss Overlay.exe
1212	Abyss Overlay.exe
2028	Abyss Overlay.exe
388	Abyss Overlay.exe
388	Abyss Overlay.exe
388	Abyss Overlay.exe
4484	Abyss Overlay.exe
2028	Abyss Overlay.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service

T1102

flow	ioc
25	raw.githubusercontent.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates processes with tasklist 1 TTPs 1 IoCs

Process Discovery

T1057

pid	Process
1968	tasklist.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
3628	Abyss-Overlay-Setup-v2.0.3.exe
3628	Abyss-Overlay-Setup-v2.0.3.exe
1968	tasklist.exe
1968	tasklist.exe
2980	Abyss Overlay.exe
2980	Abyss Overlay.exe
1476	Abyss Overlay.exe
1476	Abyss Overlay.exe
2364	Abyss Overlay.exe
2364	Abyss Overlay.exe
3628	Abyss Overlay.exe
3628	Abyss Overlay.exe
3628	Abyss Overlay.exe
3628	Abyss Overlay.exe
4692	Abyss Overlay.exe
4692	Abyss Overlay.exe
1212	Abyss Overlay.exe
1212	Abyss Overlay.exe
2028	Abyss Overlay.exe
2028	Abyss Overlay.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	1968	tasklist.exe
Token: SeSecurityPrivilege	3628	Abyss-Overlay-Setup-v2.0.3.exe
Token: 33	1548	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1548	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 18 IoCs

pid	Process
1608	Abyss Overlay.exe
1608	Abyss Overlay.exe
1608	Abyss Overlay.exe
1608	Abyss Overlay.exe
1608	Abyss Overlay.exe
1608	Abyss Overlay.exe
1608	Abyss Overlay.exe
1608	Abyss Overlay.exe
1608	Abyss Overlay.exe
1608	Abyss Overlay.exe
1608	Abyss Overlay.exe
4204	Abyss Overlay.exe
4204	Abyss Overlay.exe
4204	Abyss Overlay.exe
4204	Abyss Overlay.exe
4204	Abyss Overlay.exe
4204	Abyss Overlay.exe
4204	Abyss Overlay.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3628 wrote to memory of 4876	3628	Abyss-Overlay-Setup-v2.0.3.exe	86
PID 3628 wrote to memory of 4876	3628	Abyss-Overlay-Setup-v2.0.3.exe	86
PID 3628 wrote to memory of 4876	3628	Abyss-Overlay-Setup-v2.0.3.exe	86
PID 4876 wrote to memory of 1968	4876	cmd.exe	88
PID 4876 wrote to memory of 1968	4876	cmd.exe	88
PID 4876 wrote to memory of 1968	4876	cmd.exe	88
PID 4876 wrote to memory of 1744	4876	cmd.exe	89
PID 4876 wrote to memory of 1744	4876	cmd.exe	89
PID 4876 wrote to memory of 1744	4876	cmd.exe	89
PID 1608 wrote to memory of 4912	1608	Abyss Overlay.exe	94
PID 1608 wrote to memory of 4912	1608	Abyss Overlay.exe	94
PID 1608 wrote to memory of 4912	1608	Abyss Overlay.exe	94
PID 1608 wrote to memory of 4912	1608	Abyss Overlay.exe	94
PID 1608 wrote to memory of 4912	1608	Abyss Overlay.exe	94
PID 1608 wrote to memory of 4912	1608	Abyss Overlay.exe	94
PID 1608 wrote to memory of 4912	1608	Abyss Overlay.exe	94
PID 1608 wrote to memory of 4912	1608	Abyss Overlay.exe	94
PID 1608 wrote to memory of 4912	1608	Abyss Overlay.exe	94
PID 1608 wrote to memory of 4912	1608	Abyss Overlay.exe	94
PID 1608 wrote to memory of 4912	1608	Abyss Overlay.exe	94
PID 1608 wrote to memory of 4912	1608	Abyss Overlay.exe	94
PID 1608 wrote to memory of 4912	1608	Abyss Overlay.exe	94
PID 1608 wrote to memory of 4912	1608	Abyss Overlay.exe	94
PID 1608 wrote to memory of 4912	1608	Abyss Overlay.exe	94
PID 1608 wrote to memory of 4912	1608	Abyss Overlay.exe	94
PID 1608 wrote to memory of 4912	1608	Abyss Overlay.exe	94
PID 1608 wrote to memory of 4912	1608	Abyss Overlay.exe	94
PID 1608 wrote to memory of 4912	1608	Abyss Overlay.exe	94
PID 1608 wrote to memory of 4912	1608	Abyss Overlay.exe	94
PID 1608 wrote to memory of 4912	1608	Abyss Overlay.exe	94
PID 1608 wrote to memory of 4912	1608	Abyss Overlay.exe	94
PID 1608 wrote to memory of 4912	1608	Abyss Overlay.exe	94
PID 1608 wrote to memory of 4912	1608	Abyss Overlay.exe	94
PID 1608 wrote to memory of 4912	1608	Abyss Overlay.exe	94
PID 1608 wrote to memory of 4912	1608	Abyss Overlay.exe	94
PID 1608 wrote to memory of 4912	1608	Abyss Overlay.exe	94
PID 1608 wrote to memory of 4912	1608	Abyss Overlay.exe	94
PID 1608 wrote to memory of 4912	1608	Abyss Overlay.exe	94
PID 1608 wrote to memory of 4912	1608	Abyss Overlay.exe	94
PID 1608 wrote to memory of 4912	1608	Abyss Overlay.exe	94
PID 1608 wrote to memory of 4912	1608	Abyss Overlay.exe	94
PID 1608 wrote to memory of 4912	1608	Abyss Overlay.exe	94
PID 1608 wrote to memory of 4912	1608	Abyss Overlay.exe	94
PID 1608 wrote to memory of 4912	1608	Abyss Overlay.exe	94
PID 1608 wrote to memory of 4912	1608	Abyss Overlay.exe	94
PID 1608 wrote to memory of 4912	1608	Abyss Overlay.exe	94
PID 1608 wrote to memory of 4912	1608	Abyss Overlay.exe	94
PID 1608 wrote to memory of 4912	1608	Abyss Overlay.exe	94
PID 1608 wrote to memory of 4912	1608	Abyss Overlay.exe	94
PID 1608 wrote to memory of 2980	1608	Abyss Overlay.exe	95
PID 1608 wrote to memory of 2980	1608	Abyss Overlay.exe	95
PID 1608 wrote to memory of 1476	1608	Abyss Overlay.exe	96
PID 1608 wrote to memory of 1476	1608	Abyss Overlay.exe	96
PID 1608 wrote to memory of 2364	1608	Abyss Overlay.exe	97
PID 1608 wrote to memory of 2364	1608	Abyss Overlay.exe	97
PID 1608 wrote to memory of 4648	1608	Abyss Overlay.exe	99
PID 1608 wrote to memory of 4648	1608	Abyss Overlay.exe	99
PID 1608 wrote to memory of 4648	1608	Abyss Overlay.exe	99
PID 1608 wrote to memory of 4648	1608	Abyss Overlay.exe	99
PID 1608 wrote to memory of 4648	1608	Abyss Overlay.exe	99
PID 1608 wrote to memory of 4648	1608	Abyss Overlay.exe	99
PID 1608 wrote to memory of 4648	1608	Abyss Overlay.exe	99
PID 1608 wrote to memory of 4648	1608	Abyss Overlay.exe	99
PID 1608 wrote to memory of 4648	1608	Abyss Overlay.exe	99

C:\Users\Admin\AppData\Local\Temp\Abyss-Overlay-Setup-v2.0.3.exe
"C:\Users\Admin\AppData\Local\Temp\Abyss-Overlay-Setup-v2.0.3.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3628
- C:\Windows\SysWOW64\cmd.exe
  cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Abyss Overlay.exe" | find "Abyss Overlay.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4876
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq Abyss Overlay.exe"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1968
- - C:\Windows\SysWOW64\find.exe
    find "Abyss Overlay.exe"
    3⤵
    PID:1744

C:\Users\Admin\AppData\Local\Programs\Abyss Overlay\Abyss Overlay.exe
"C:\Users\Admin\AppData\Local\Programs\Abyss Overlay\Abyss Overlay.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1608
- C:\Users\Admin\AppData\Local\Programs\Abyss Overlay\Abyss Overlay.exe
  "C:\Users\Admin\AppData\Local\Programs\Abyss Overlay\Abyss Overlay.exe" --type=gpu-process --field-trial-handle=1576,8359869180574381993,4890292787574455729,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1600 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4912
- C:\Users\Admin\AppData\Local\Programs\Abyss Overlay\Abyss Overlay.exe
  "C:\Users\Admin\AppData\Local\Programs\Abyss Overlay\Abyss Overlay.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1576,8359869180574381993,4890292787574455729,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2068 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:2980
- C:\Users\Admin\AppData\Local\Programs\Abyss Overlay\Abyss Overlay.exe
  "C:\Users\Admin\AppData\Local\Programs\Abyss Overlay\Abyss Overlay.exe" --type=renderer --field-trial-handle=1576,8359869180574381993,4890292787574455729,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --app-user-model-id=AbyssOverlay --app-path="C:\Users\Admin\AppData\Local\Programs\Abyss Overlay\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2176 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:1476
- C:\Users\Admin\AppData\Local\Programs\Abyss Overlay\Abyss Overlay.exe
  "C:\Users\Admin\AppData\Local\Programs\Abyss Overlay\Abyss Overlay.exe" --type=renderer --field-trial-handle=1576,8359869180574381993,4890292787574455729,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --app-user-model-id=AbyssOverlay --app-path="C:\Users\Admin\AppData\Local\Programs\Abyss Overlay\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2320 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:2364
- C:\Users\Admin\AppData\Local\Programs\Abyss Overlay\Abyss Overlay.exe
  "C:\Users\Admin\AppData\Local\Programs\Abyss Overlay\Abyss Overlay.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1576,8359869180574381993,4890292787574455729,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2756 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4648
- C:\Users\Admin\AppData\Local\Programs\Abyss Overlay\Abyss Overlay.exe
  "C:\Users\Admin\AppData\Local\Programs\Abyss Overlay\Abyss Overlay.exe" --type=gpu-process --field-trial-handle=1576,8359869180574381993,4890292787574455729,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3064 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:3628
- C:\Users\Admin\AppData\Local\Programs\Abyss Overlay\Abyss Overlay.exe
  "C:\Users\Admin\AppData\Local\Programs\Abyss Overlay\Abyss Overlay.exe" --type=relauncher --no-sandbox --- "C:\Users\Admin\AppData\Local\Programs\Abyss Overlay\Abyss Overlay.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1740
- - C:\Users\Admin\AppData\Local\Programs\Abyss Overlay\Abyss Overlay.exe
    "C:\Users\Admin\AppData\Local\Programs\Abyss Overlay\Abyss Overlay.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of FindShellTrayWindow
    PID:4204
  - - C:\Users\Admin\AppData\Local\Programs\Abyss Overlay\Abyss Overlay.exe
      "C:\Users\Admin\AppData\Local\Programs\Abyss Overlay\Abyss Overlay.exe" --type=gpu-process --field-trial-handle=1596,7449157614196807269,2819779768092442653,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1604 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:388
  - - C:\Users\Admin\AppData\Local\Programs\Abyss Overlay\Abyss Overlay.exe
      "C:\Users\Admin\AppData\Local\Programs\Abyss Overlay\Abyss Overlay.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1596,7449157614196807269,2819779768092442653,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2064 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      PID:4692
  - - C:\Users\Admin\AppData\Local\Programs\Abyss Overlay\Abyss Overlay.exe
      "C:\Users\Admin\AppData\Local\Programs\Abyss Overlay\Abyss Overlay.exe" --type=renderer --field-trial-handle=1596,7449157614196807269,2819779768092442653,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --app-user-model-id=AbyssOverlay --app-path="C:\Users\Admin\AppData\Local\Programs\Abyss Overlay\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2192 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      PID:1212
  - - C:\Users\Admin\AppData\Local\Programs\Abyss Overlay\Abyss Overlay.exe
      "C:\Users\Admin\AppData\Local\Programs\Abyss Overlay\Abyss Overlay.exe" --type=renderer --field-trial-handle=1596,7449157614196807269,2819779768092442653,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --app-user-model-id=AbyssOverlay --app-path="C:\Users\Admin\AppData\Local\Programs\Abyss Overlay\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2332 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      PID:2028
  - - C:\Users\Admin\AppData\Local\Programs\Abyss Overlay\Abyss Overlay.exe
      "C:\Users\Admin\AppData\Local\Programs\Abyss Overlay\Abyss Overlay.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1596,7449157614196807269,2819779768092442653,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2784 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4484

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4064

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3ac 0x2f0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1548

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1480

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Programs\Abyss Overlay\D3DCompiler_47.dll

Filesize
4.3MB

MD5
7641e39b7da4077084d2afe7c31032e0

SHA1
2256644f69435ff2fee76deb04d918083960d1eb

SHA256
44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47

SHA512
8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

Download Submit
C:\Users\Admin\AppData\Local\Programs\Abyss Overlay\chrome_100_percent.pak

Filesize
123KB

MD5
a59ea69d64bf4f748401dc5a46a65854

SHA1
111c4cc792991faf947a33386a5862e3205b0cff

SHA256
f1a935db8236203cbc1dcbb9672d98e0bd2fa514429a3f2f82a26e0eb23a4ff9

SHA512
12a1d953df00b6464ecc132a6e5b9ec3b301c7b3cefe12cbcad27a496d2d218f89e2087dd01d293d37f29391937fcbad937f7d5cf2a6f303539883e2afe3dacd

Download Submit
C:\Users\Admin\AppData\Local\Programs\Abyss Overlay\chrome_200_percent.pak

Filesize
183KB

MD5
1985b8fc603db4d83df72cfaeeac7c50

SHA1
5b02363de1c193827062bfa628261b1ec16bd8cf

SHA256
7f9ded50d81c50f9c6ed89591fa621fabbd45cef150c8aabcceb3b7a9de5603b

SHA512
27e90dd18cbce0e27c70b395895ef60a8d2f2f3c3f2ca38f48b7ecf6b0d5e6fefbe88df7e7c98224222b34ff0fbd60268fdec17440f1055535a79002044c955b

Download Submit
C:\Users\Admin\AppData\Local\Programs\Abyss Overlay\ffmpeg.dll

Filesize
2.7MB

MD5
b34d74a152e1788532b0acfa8cfbdf1e

SHA1
e99e5a26d8b695b57cb1a1bb0d2c032d822d0461

SHA256
8653b57b37618f11e358c93aad9dc9ef0193f0288f7e59147194e42b0842b50e

SHA512
06f8def21101d8c899c321b3a445e6838f824d6d6305d569b49fb7ad14a197a57c601a8965c50057e7af1d5414b74dd2c79e2f27a58eedab31b3b36202947dd9

Download Submit
C:\Users\Admin\AppData\Local\Programs\Abyss Overlay\icudtl.dat

Filesize
9.9MB

MD5
70499b58dc18e7ee1d7452a1d7a8bc6e

SHA1
41c5382f08c6a88670ce73a20c0dcdb3822f19e9

SHA256
02db39ba465fc8b7a4cd280732760f29911edde87b331bf7cea7677e94d483e0

SHA512
a80939e9809bb7d20f00ad685c94d5c182fa729616c975e605abf09afb58376be73a49fefa35b75ed1a284eccf208af7656c8df44c5959df7eaf51367d232dc6

Download Submit
C:\Users\Admin\AppData\Local\Programs\Abyss Overlay\libEGL.dll

Filesize
436KB

MD5
0784e4ae88ce1d7c92e26d78ffcc90c6

SHA1
c00e10888c062f8d5294d18c44433d932a9e5dd0

SHA256
b516cf5b8073ef35797e8cd422b62ebc117d8bc49471392a9f249d5d20dd8269

SHA512
84c18b2bc77b2832104ba63dc018aa6aa4917d09f8c43bb002bedee0d9f58f74a8f27913c7fb7ec5351f64408458358e68f452b96fccf2923dce48eb8b9c31a0

Download Submit
C:\Users\Admin\AppData\Local\Programs\Abyss Overlay\libGLESv2.dll

Filesize
7.5MB

MD5
3a7fe037b4a1f7c4862dea99d6017b42

SHA1
6342ef92e0c813cf304e496184d486dff1ff6145

SHA256
47b58af0713e4563489f85716abaed659d8ac85064e3e498cc5af5582da3f537

SHA512
e57fe62f8aeb281b315184c80350dca15553eb2672bd8f1468488e82672643b07f78aacb2b56f9752b0446d691005019a18026c1e78ee02259a53ea88a03fc30

Download Submit
C:\Users\Admin\AppData\Local\Programs\Abyss Overlay\locales\en-US.pak

Filesize
85KB

MD5
6bbeeb72daebc3b0cbd9c39e820c87a9

SHA1
bd9ebec2d3fc03a2b27f128cf2660b33a3344f43

SHA256
ac1cdb4fb4d9fb27a908ed0e24cc9cc2bd885bc3ffba7e08b0b907fd4d1a8c4b

SHA512
66944fb1abcc2a7e08e5fd8a2cee53eb9da57653d7880aea226f25879e26379f7d745ebf62a3518378fa503f3a31b3ea3716f49fe4c7db4f4af0228b81b53a10

Download Submit
C:\Users\Admin\AppData\Local\Programs\Abyss Overlay\resources.pak

Filesize
4.9MB

MD5
5507bc28022b806ea7a3c3bc65a1c256

SHA1
9f8d3a56fef7374c46cd3557f73855d585692b54

SHA256
367467609a389b67600628760c26732fc1a25f563f73263bc2c4bf6eec9033df

SHA512
ae698d4feacc3e908981ee44df3a9d76e42a39bf083eaf099442ace2b863f882b43232e26e2c18051ca7aec81dccef5742acc7b82fb0cda2e14086b14d5a9a26

Download Submit
C:\Users\Admin\AppData\Local\Programs\Abyss Overlay\resources\app-update.yml

Filesize
95B

MD5
0cea5c4be41b1b80e12a97fd91c782ba

SHA1
be23695dce84ea457526d3ef41febcdbd35abbe7

SHA256
6825a7b31d6de5e79ebda67c3a01d1ca431d0c67519c3eee8244bdd5bdf5a17d

SHA512
a7cb2210d32eefad01767b6fb05ff75537c62a5337f849df160f6082519c4ec803041b5fd2dc05a131a98984c2a48570faf6aec76c12800fbc87c9aefd3bf24d

Download Submit
C:\Users\Admin\AppData\Local\Programs\Abyss Overlay\resources\app.asar

Filesize
19.1MB

MD5
9fe3a848a143b5798e163009e186ff33

SHA1
5f82a87683aa02d8104865b4f55a9b29da5348a4

SHA256
39a72a89f9e1681b7b64619d26ed196b392a516ee1a439b0a446d4f2509e5b2e

SHA512
219109dad57cb3e9c7c3e3e114eb25d006700e066d465c92cbe79e1c78b1d2c00c75a3003fff0ac55fbd02e5dec8e0f957427b4fcfa8443be69c16d6d66d2662

Download Submit
C:\Users\Admin\AppData\Local\Programs\Abyss Overlay\v8_context_snapshot.bin

Filesize
160KB

MD5
b64c1fc7d75234994012c86dc5af10a6

SHA1
d0d562b5735d28381d59d0d86078ff6b493a678e

SHA256
31c3aa5645b5487bf484fd910379003786523f3063e946ef9b50d257d0ee5790

SHA512
6218fcb74ef715030a2dd718c87b32f41e976dd4ce459c54a45341ee0f5ca5c927ad507d3afcffe7298b989e969885ed7fb72030ea59387609e8bd5c4b8eb60a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7facdeaf-b979-46dd-b5fe-4b336acc1b04.tmp.node

Filesize
127KB

MD5
c29c0b8dff69351f3fe722671fa66246

SHA1
42a3c6df92ba41e5b5b4cdaa66338c12ec70f70f

SHA256
2707866be68547868e3b7b564bd40b7d3f6a1f99e464f76fe064b3a16bd04fb4

SHA512
3770f27959e7cf3a76c462559bcdf20e5ac9be6d4b870a4d6b5d4e5d2fc21794f73f4983a6ddaaf8b57c53ecda129a05af669dd85f34550971f8b776ec811d9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\90427441-6890-4989-bfa5-31206b48d85d.tmp.ico

Filesize
18KB

MD5
01e4409f06b879617c09ee4260ce9c14

SHA1
4aa5b782b756ce1523cc87c6bf5f749ed63c196b

SHA256
907a06685d958d40647f16183cb6f0eb1307d913c06c449835d806befecffae4

SHA512
60f7016a6691793d093d23e3e98abf77ca8c37bc07cf2e495166b6a4a916f4f81b4c5405dee2024f069097ecb0b29fcc704257ddb26c064c33b0f3b511028b76

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh5862.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh5862.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh5862.tmp\UAC.dll

Filesize
14KB

MD5
adb29e6b186daa765dc750128649b63d

SHA1
160cbdc4cb0ac2c142d361df138c537aa7e708c9

SHA256
2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

SHA512
b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh5862.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh5862.tmp\nsDialogs.dll

Filesize
9KB

MD5
466179e1c8ee8a1ff5e4427dbb6c4a01

SHA1
eb607467009074278e4bd50c7eab400e95ae48f7

SHA256
1e40211af65923c2f4fd02ce021458a7745d28e2f383835e3015e96575632172

SHA512
7508a29c722d45297bfb090c8eb49bd1560ef7d4b35413f16a8aed62d3b1030a93d001a09de98c2b9fea9acf062dc99a7278786f4ece222e7436b261d14ca817

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh5862.tmp\nsExec.dll

Filesize
6KB

MD5
ec0504e6b8a11d5aad43b296beeb84b2

SHA1
91b5ce085130c8c7194d66b2439ec9e1c206497c

SHA256
5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962

SHA512
3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh5862.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Roaming\Abyss Overlay\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
b8cab915baec00fef379c0855a3e2710

SHA1
b99309c61933f0500d2d653d7cfffd0402f9c6a9

SHA256
eecce9891f5055fd81a5438071a7ee772fcc4b4fa44ffeec6682f5fc81c99c0b

SHA512
ba0af28a3f1dce4033ba5155bc6d348a05411b0b4cd99aed5d11cde3569e096b2bec5fb1fdb62c8f7c57672eb67b1ba38c2ebd313ae3fe45f35390019de0d3a9

Download Submit
C:\Users\Admin\AppData\Roaming\Abyss Overlay\Code Cache\wasm\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Roaming\Abyss Overlay\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Roaming\Abyss Overlay\GPUCache\data_1

Filesize
264KB

MD5
b3b0d9ceeed0a321fc3426f829396d79

SHA1
6488e2af51b09538ef6e3450337f7b369e805fdd

SHA256
d0642d237319d3438bad8594dc8363e18b585a4cb57b0a11b1fae467e1e6899a

SHA512
37ef9a0ebd565dc187c39bd8dc541a41d046563f8f4f14a52205e2ff739295bdaa68bd53a68e564c7a860e1e3b547151166fa058a2e0f1cf0a79fbb26e370c68

Download Submit
C:\Users\Admin\AppData\Roaming\Abyss Overlay\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Roaming\Abyss Overlay\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Roaming\Abyss Overlay\GPUCache\index

Filesize
256KB

MD5
cb3a54f9bf67be137e6b663294259944

SHA1
f398f7df009a4b9193b401de5c450fcd8bb75ca2

SHA256
2fc0f984ebef838fa18d130374e6b7686f5ff4763c66ebd7e4a689c4bbe90146

SHA512
581a856f132c28bdee6a4c376af1ac87c7ebb8b172a9fee6108f10b0bfc11d7440445322bcb57c12a61aaccec59ca4fbf9d4553d682cc6752685c504a79025b6

Download Submit
C:\Users\Admin\AppData\Roaming\Abyss Overlay\Local Storage\leveldb\LOG

Filesize
129B

MD5
e3fff6c7941201f8aa998f1c02d6a1af

SHA1
5e2cf54e494195a3a94a57c12a7a3f9c5e84ef7d

SHA256
a19572bc34c69adcb5900423ce1e9813b74b1a257109523f5ba8b7979bacaf5f

SHA512
b9dd83baefc1cb2adfe63585ecead47a7a1c2eccdd2fdacd870268145f1fcbd8347a89e49dace2591a4ee0199336c06523e1f2ac849e161cbc24caec17f52584

Download Submit
C:\Users\Admin\AppData\Roaming\Abyss Overlay\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Roaming\Abyss Overlay\Network Persistent State~RFe59a445.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\Abyss Overlay\Preferences

Filesize
57B

MD5
58127c59cb9e1da127904c341d15372b

SHA1
62445484661d8036ce9788baeaba31d204e9a5fc

SHA256
be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de

SHA512
8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

Download Submit
C:\Users\Admin\AppData\Roaming\Abyss Overlay\Preferences~RFe57f07a.TMP

Filesize
86B

MD5
d11dedf80b85d8d9be3fec6bb292f64b

SHA1
aab8783454819cd66ddf7871e887abdba138aef3

SHA256
8029940de92ae596278912bbbd6387d65f4e849d3c136287a1233f525d189c67

SHA512
6b7ec1ca5189124e0d136f561ca7f12a4653633e2d9452d290e658dfe545acf6600cc9496794757a43f95c91705e9549ef681d4cc9e035738b03a18bdc2e25f0

Download Submit
C:\Users\Admin\AppData\Roaming\Abyss Overlay\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\Abyss Overlay\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Roaming\Abyss Overlay\config.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Abyss Overlay\config.json

Filesize
93B

MD5
31d63e5ccd63c80195a72459faa20276

SHA1
b1187e1929105bf2be05c9a06591fe84c7ee9047

SHA256
00a976f69e01cfc20866fa0cc8c28c76dd477a28e862ea15da81a3645dc7f80b

SHA512
f5fe2d762781b7204a1976592daf4ebfa3f571354759928f76d3db27cd69880c54e421199a624c98007e3a449578b35154aa460a8fd4534afd707d682498794d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/4912-224-0x00007FFA36180000-0x00007FFA36181000-memory.dmp

Filesize
4KB

Download