eternity | a5236b3142e898d26bf6f106029a3dafc72960eb4949b1ebb59cac601364fd61

Analysis

max time kernel
1859s
max time network
1841s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
04-07-2024 19:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

KRNLWRD/ScintillaNET.dll
Size

1.3MB
MD5

9166536c31f4e725e6befe85e2889a4b
SHA1

f0cd8253b7e64157d39a8dc5feb8cf7bda7e8dae
SHA256

ad0cc5a4d4a6aae06ee360339c851892b74b8a275ce89c1b48185672179f3163
SHA512

113a7b77d2d557d135470787deead744d42f8292d853e2b55074e9cb3591fd045ffd10e5c81b5c15dde55861b806363568611e591ae25dcb31cf011da7e72562
SSDEEP

24576:IJSShz305vgNF7/cOCPHPSVs4Eq+QTNX+cfQdS+2MMPishd/Ws5:ti0aNvoHqs4L95X+cfx/HGC

Score

10^/10

eternity execution spyware stealer

Malware Config

Signatures

Detects Eternity stealer 2 IoCs

stealer

Processes:

resource	yara_rule
C:\Users\Admin\Downloads\GrowDice Predictor.exe	eternity_stealer
behavioral2/memory/5408-521-0x0000000000E80000-0x0000000001368000-memory.dmp	eternity_stealer

Eternity
Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
eternity
Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
execution

PowerShell
T1059.001

Processes:

powershell.exe

pid process

3476 powershell.exe
Drops file in Drivers directory 1 IoCs

Processes:

Silviozas Premium Proxy.exe

description ioc process

File opened for modification C:\Windows\System32\drivers\etc\hosts Silviozas Premium Proxy.exe

pid	process
3476	powershell.exe

description	ioc	process
File opened for modification	C:\Windows\System32\drivers\etc\hosts	Silviozas Premium Proxy.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

GrowDice Predictor.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2547232018-1419253926-3356748848-1000\Control Panel\International\Geo\Nation	GrowDice Predictor.exe

Drops startup file 2 IoCs

Processes:

GrowDice Predictor.exe

description	ioc	process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GrowDice Predictor.exe	GrowDice Predictor.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GrowDice Predictor.exe	GrowDice Predictor.exe

Executes dropped EXE 3 IoCs

Processes:

GrowDice Predictor.exeSilviozas Premium Proxy.exedcd.exe

pid process

5408 GrowDice Predictor.exe
6132 Silviozas Premium Proxy.exe
4356 dcd.exe
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
5408	GrowDice Predictor.exe
6132	Silviozas Premium Proxy.exe
4356	dcd.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe
Suspicious behavior: EnumeratesProcesses 9 IoCs

Processes:

chrome.exepowershell.exechrome.exe

pid process

5400 chrome.exe
5400 chrome.exe
5400 chrome.exe
5400 chrome.exe
3476 powershell.exe
3476 powershell.exe
3476 powershell.exe
3076 chrome.exe
3076 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

chrome.exe

pid process

5400 chrome.exe
5400 chrome.exe
5400 chrome.exe
5400 chrome.exe
5400 chrome.exe
5400 chrome.exe
5400 chrome.exe
5400 chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	5400	chrome.exe
Token: SeCreatePagefilePrivilege	5400	chrome.exe
Token: SeShutdownPrivilege	5400	chrome.exe
Token: SeCreatePagefilePrivilege	5400	chrome.exe
Token: SeShutdownPrivilege	5400	chrome.exe
Token: SeCreatePagefilePrivilege	5400	chrome.exe
Token: SeShutdownPrivilege	5400	chrome.exe
Token: SeCreatePagefilePrivilege	5400	chrome.exe
Token: SeShutdownPrivilege	5400	chrome.exe
Token: SeCreatePagefilePrivilege	5400	chrome.exe
Token: SeShutdownPrivilege	5400	chrome.exe
Token: SeCreatePagefilePrivilege	5400	chrome.exe
Token: SeShutdownPrivilege	5400	chrome.exe
Token: SeCreatePagefilePrivilege	5400	chrome.exe
Token: SeShutdownPrivilege	5400	chrome.exe
Token: SeCreatePagefilePrivilege	5400	chrome.exe
Token: SeShutdownPrivilege	5400	chrome.exe
Token: SeCreatePagefilePrivilege	5400	chrome.exe
Token: SeShutdownPrivilege	5400	chrome.exe
Token: SeCreatePagefilePrivilege	5400	chrome.exe
Token: SeShutdownPrivilege	5400	chrome.exe
Token: SeCreatePagefilePrivilege	5400	chrome.exe
Token: SeShutdownPrivilege	5400	chrome.exe
Token: SeCreatePagefilePrivilege	5400	chrome.exe
Token: SeShutdownPrivilege	5400	chrome.exe
Token: SeCreatePagefilePrivilege	5400	chrome.exe
Token: SeShutdownPrivilege	5400	chrome.exe
Token: SeCreatePagefilePrivilege	5400	chrome.exe
Token: SeShutdownPrivilege	5400	chrome.exe
Token: SeCreatePagefilePrivilege	5400	chrome.exe
Token: SeShutdownPrivilege	5400	chrome.exe
Token: SeCreatePagefilePrivilege	5400	chrome.exe
Token: SeShutdownPrivilege	5400	chrome.exe
Token: SeCreatePagefilePrivilege	5400	chrome.exe
Token: SeShutdownPrivilege	5400	chrome.exe
Token: SeCreatePagefilePrivilege	5400	chrome.exe
Token: SeShutdownPrivilege	5400	chrome.exe
Token: SeCreatePagefilePrivilege	5400	chrome.exe
Token: SeShutdownPrivilege	5400	chrome.exe
Token: SeCreatePagefilePrivilege	5400	chrome.exe
Token: SeShutdownPrivilege	5400	chrome.exe
Token: SeCreatePagefilePrivilege	5400	chrome.exe
Token: SeShutdownPrivilege	5400	chrome.exe
Token: SeCreatePagefilePrivilege	5400	chrome.exe
Token: SeShutdownPrivilege	5400	chrome.exe
Token: SeCreatePagefilePrivilege	5400	chrome.exe
Token: SeShutdownPrivilege	5400	chrome.exe
Token: SeCreatePagefilePrivilege	5400	chrome.exe
Token: SeShutdownPrivilege	5400	chrome.exe
Token: SeCreatePagefilePrivilege	5400	chrome.exe
Token: SeShutdownPrivilege	5400	chrome.exe
Token: SeCreatePagefilePrivilege	5400	chrome.exe
Token: SeShutdownPrivilege	5400	chrome.exe
Token: SeCreatePagefilePrivilege	5400	chrome.exe
Token: SeShutdownPrivilege	5400	chrome.exe
Token: SeCreatePagefilePrivilege	5400	chrome.exe
Token: SeShutdownPrivilege	5400	chrome.exe
Token: SeCreatePagefilePrivilege	5400	chrome.exe
Token: SeShutdownPrivilege	5400	chrome.exe
Token: SeCreatePagefilePrivilege	5400	chrome.exe
Token: SeShutdownPrivilege	5400	chrome.exe
Token: SeCreatePagefilePrivilege	5400	chrome.exe
Token: SeShutdownPrivilege	5400	chrome.exe
Token: SeCreatePagefilePrivilege	5400	chrome.exe

Suspicious use of FindShellTrayWindow 42 IoCs

Processes:

chrome.exe

pid	process
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

chrome.exe

pid	process
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe
5400	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 5400 wrote to memory of 1404	5400	chrome.exe	chrome.exe
PID 5400 wrote to memory of 1404	5400	chrome.exe	chrome.exe
PID 5400 wrote to memory of 4760	5400	chrome.exe	chrome.exe
PID 5400 wrote to memory of 4760	5400	chrome.exe	chrome.exe
PID 5400 wrote to memory of 4760	5400	chrome.exe	chrome.exe
PID 5400 wrote to memory of 4760	5400	chrome.exe	chrome.exe
PID 5400 wrote to memory of 4760	5400	chrome.exe	chrome.exe
PID 5400 wrote to memory of 4760	5400	chrome.exe	chrome.exe
PID 5400 wrote to memory of 4760	5400	chrome.exe	chrome.exe
PID 5400 wrote to memory of 4760	5400	chrome.exe	chrome.exe
PID 5400 wrote to memory of 4760	5400	chrome.exe	chrome.exe
PID 5400 wrote to memory of 4760	5400	chrome.exe	chrome.exe
PID 5400 wrote to memory of 4760	5400	chrome.exe	chrome.exe
PID 5400 wrote to memory of 4760	5400	chrome.exe	chrome.exe
PID 5400 wrote to memory of 4760	5400	chrome.exe	chrome.exe
PID 5400 wrote to memory of 4760	5400	chrome.exe	chrome.exe
PID 5400 wrote to memory of 4760	5400	chrome.exe	chrome.exe
PID 5400 wrote to memory of 4760	5400	chrome.exe	chrome.exe
PID 5400 wrote to memory of 4760	5400	chrome.exe	chrome.exe
PID 5400 wrote to memory of 4760	5400	chrome.exe	chrome.exe
PID 5400 wrote to memory of 4760	5400	chrome.exe	chrome.exe
PID 5400 wrote to memory of 4760	5400	chrome.exe	chrome.exe
PID 5400 wrote to memory of 4760	5400	chrome.exe	chrome.exe
PID 5400 wrote to memory of 4760	5400	chrome.exe	chrome.exe
PID 5400 wrote to memory of 4760	5400	chrome.exe	chrome.exe
PID 5400 wrote to memory of 4760	5400	chrome.exe	chrome.exe
PID 5400 wrote to memory of 4760	5400	chrome.exe	chrome.exe
PID 5400 wrote to memory of 4760	5400	chrome.exe	chrome.exe
PID 5400 wrote to memory of 4760	5400	chrome.exe	chrome.exe
PID 5400 wrote to memory of 4760	5400	chrome.exe	chrome.exe
PID 5400 wrote to memory of 4760	5400	chrome.exe	chrome.exe
PID 5400 wrote to memory of 4760	5400	chrome.exe	chrome.exe
PID 5400 wrote to memory of 4760	5400	chrome.exe	chrome.exe
PID 5400 wrote to memory of 5440	5400	chrome.exe	chrome.exe
PID 5400 wrote to memory of 5440	5400	chrome.exe	chrome.exe
PID 5400 wrote to memory of 3368	5400	chrome.exe	chrome.exe
PID 5400 wrote to memory of 3368	5400	chrome.exe	chrome.exe
PID 5400 wrote to memory of 3368	5400	chrome.exe	chrome.exe
PID 5400 wrote to memory of 3368	5400	chrome.exe	chrome.exe
PID 5400 wrote to memory of 3368	5400	chrome.exe	chrome.exe
PID 5400 wrote to memory of 3368	5400	chrome.exe	chrome.exe
PID 5400 wrote to memory of 3368	5400	chrome.exe	chrome.exe
PID 5400 wrote to memory of 3368	5400	chrome.exe	chrome.exe
PID 5400 wrote to memory of 3368	5400	chrome.exe	chrome.exe
PID 5400 wrote to memory of 3368	5400	chrome.exe	chrome.exe
PID 5400 wrote to memory of 3368	5400	chrome.exe	chrome.exe
PID 5400 wrote to memory of 3368	5400	chrome.exe	chrome.exe
PID 5400 wrote to memory of 3368	5400	chrome.exe	chrome.exe
PID 5400 wrote to memory of 3368	5400	chrome.exe	chrome.exe
PID 5400 wrote to memory of 3368	5400	chrome.exe	chrome.exe
PID 5400 wrote to memory of 3368	5400	chrome.exe	chrome.exe
PID 5400 wrote to memory of 3368	5400	chrome.exe	chrome.exe
PID 5400 wrote to memory of 3368	5400	chrome.exe	chrome.exe
PID 5400 wrote to memory of 3368	5400	chrome.exe	chrome.exe
PID 5400 wrote to memory of 3368	5400	chrome.exe	chrome.exe
PID 5400 wrote to memory of 3368	5400	chrome.exe	chrome.exe
PID 5400 wrote to memory of 3368	5400	chrome.exe	chrome.exe
PID 5400 wrote to memory of 3368	5400	chrome.exe	chrome.exe
PID 5400 wrote to memory of 3368	5400	chrome.exe	chrome.exe
PID 5400 wrote to memory of 3368	5400	chrome.exe	chrome.exe
PID 5400 wrote to memory of 3368	5400	chrome.exe	chrome.exe
PID 5400 wrote to memory of 3368	5400	chrome.exe	chrome.exe
PID 5400 wrote to memory of 3368	5400	chrome.exe	chrome.exe
PID 5400 wrote to memory of 3368	5400	chrome.exe	chrome.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\KRNLWRD\ScintillaNET.dll,#1
1⤵
PID:5388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff2d86ab58,0x7fff2d86ab68,0x7fff2d86ab78
  2⤵
  PID:1404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 --field-trial-handle=1996,i,18262751817764386794,13225065656002093326,131072 /prefetch:2
  2⤵
  PID:4760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 --field-trial-handle=1996,i,18262751817764386794,13225065656002093326,131072 /prefetch:8
  2⤵
  PID:5440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2328 --field-trial-handle=1996,i,18262751817764386794,13225065656002093326,131072 /prefetch:8
  2⤵
  PID:3368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=1996,i,18262751817764386794,13225065656002093326,131072 /prefetch:1
  2⤵
  PID:2496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3092 --field-trial-handle=1996,i,18262751817764386794,13225065656002093326,131072 /prefetch:1
  2⤵
  PID:1912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4340 --field-trial-handle=1996,i,18262751817764386794,13225065656002093326,131072 /prefetch:1
  2⤵
  PID:1604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4752 --field-trial-handle=1996,i,18262751817764386794,13225065656002093326,131072 /prefetch:8
  2⤵
  PID:5284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4856 --field-trial-handle=1996,i,18262751817764386794,13225065656002093326,131072 /prefetch:8
  2⤵
  PID:2904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4952 --field-trial-handle=1996,i,18262751817764386794,13225065656002093326,131072 /prefetch:8
  2⤵
  PID:3200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4972 --field-trial-handle=1996,i,18262751817764386794,13225065656002093326,131072 /prefetch:1
  2⤵
  PID:808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5092 --field-trial-handle=1996,i,18262751817764386794,13225065656002093326,131072 /prefetch:1
  2⤵
  PID:5480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4448 --field-trial-handle=1996,i,18262751817764386794,13225065656002093326,131072 /prefetch:8
  2⤵
  PID:4964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4740 --field-trial-handle=1996,i,18262751817764386794,13225065656002093326,131072 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4128 --field-trial-handle=1996,i,18262751817764386794,13225065656002093326,131072 /prefetch:8
  2⤵
  PID:5844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4468 --field-trial-handle=1996,i,18262751817764386794,13225065656002093326,131072 /prefetch:8
  2⤵
  PID:2440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 --field-trial-handle=1996,i,18262751817764386794,13225065656002093326,131072 /prefetch:8
  2⤵
  PID:5936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4124 --field-trial-handle=1996,i,18262751817764386794,13225065656002093326,131072 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5216 --field-trial-handle=1996,i,18262751817764386794,13225065656002093326,131072 /prefetch:8
  2⤵
  PID:1568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 --field-trial-handle=1996,i,18262751817764386794,13225065656002093326,131072 /prefetch:8
  2⤵
  PID:5768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5632 --field-trial-handle=1996,i,18262751817764386794,13225065656002093326,131072 /prefetch:8
  2⤵
  PID:5472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5676 --field-trial-handle=1996,i,18262751817764386794,13225065656002093326,131072 /prefetch:8
  2⤵
  PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5412 --field-trial-handle=1996,i,18262751817764386794,13225065656002093326,131072 /prefetch:8
  2⤵
  PID:4028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5872 --field-trial-handle=1996,i,18262751817764386794,13225065656002093326,131072 /prefetch:8
  2⤵
  PID:3048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1664 --field-trial-handle=1996,i,18262751817764386794,13225065656002093326,131072 /prefetch:8
  2⤵
  PID:5996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5968 --field-trial-handle=1996,i,18262751817764386794,13225065656002093326,131072 /prefetch:8
  2⤵
  PID:5168
- C:\Users\Admin\Downloads\GrowDice Predictor.exe
  "C:\Users\Admin\Downloads\GrowDice Predictor.exe"
  2⤵
  - Checks computer location settings
  - Drops startup file
  - Executes dropped EXE
  PID:5408
- - C:\Users\Admin\AppData\Local\Temp\vdb4fh0e.o1m\Silviozas Premium Proxy.exe
    "C:\Users\Admin\AppData\Local\Temp\vdb4fh0e.o1m\Silviozas Premium Proxy.exe"
    3⤵
    - Drops file in Drivers directory
    - Executes dropped EXE
    PID:6132
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c color 0A
      4⤵
      PID:5812
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c powershell "Add-MpPreference -ExclusionPath 'C:\Users\Public\Proxy_Stuff\Silviozas Premium Proxy.exe'"
      4⤵
      PID:672
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell "Add-MpPreference -ExclusionPath 'C:\Users\Public\Proxy_Stuff\Silviozas Premium Proxy.exe'"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        
        PID:3476
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c color 0A
      4⤵
      PID:5484
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\vdb4fh0e.o1m\Silviozas Premium Proxy.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
      4⤵
      PID:448
    - - C:\Windows\system32\certutil.exe
        
        certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\vdb4fh0e.o1m\Silviozas Premium Proxy.exe" MD5
        5⤵
        
        PID:4608
    - - C:\Windows\system32\find.exe
        
        find /i /v "md5"
        5⤵
        
        PID:2392
    - - C:\Windows\system32\find.exe
        
        find /i /v "certutil"
        5⤵
        
        PID:3516
- - C:\Users\Admin\AppData\Local\Temp\dcd.exe
    "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
    3⤵
    - Executes dropped EXE
    PID:4356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1192 --field-trial-handle=1996,i,18262751817764386794,13225065656002093326,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=1932 --field-trial-handle=1996,i,18262751817764386794,13225065656002093326,131072 /prefetch:1
  2⤵
  PID:4600

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3448

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f4 0x324
1⤵
PID:2964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
408ce5eb159476f50bb6292f4b9d9ec2

SHA1
1d2d7995d6be22e656515e0b88430673b86e4e4c

SHA256
816b0b8b6ad69fa8561b943c652769adf8f16d72e4eb2f3aa74a885ca7cc2590

SHA512
55b8f29bd2ceaed3b6ab3fa0faa8a88f6c11317f3415850b2f91ae6b4e383221e9d3fa40c1f0834ed987017cd2565cb7b16a852865cdccf2d4ff0c709035e443

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
12752c90f5531f3ef5dad0071899b394

SHA1
96d65de47fbbae8dace9af46705319f0b1fe220d

SHA256
771546e24de4a2d3dcfb615337f7ee6ea975c598f7ddcc6689d82c0522642260

SHA512
b78ff4ca50ff30fe3889c15e9c9df4c21f5faff751902548b3968634426fded583399de281e4be34d228223c24fb6a58c484723d191bb5f8d7bb89ee73b7961a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\p\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
f3d7ec6c2204a63e35916439488f884f

SHA1
3206f1f18cb34c00f8447af7c833fa6223e218df

SHA256
a0575659357a302f0c69d5e9836b48406181b808d24a3694841a8a5904fcc92c

SHA512
3f5b0378b89f9e816ef8c3aece7cbcfbf551e8a84b349f566999e4aa2d33ca76f3fa179048dafd3130a5d369359439caadc9686a66a0329975dbb3900088087b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
6156010b678262b2e1d2dd784c36d569

SHA1
40e6056346aa710422a2037cd48bab08a5c2711e

SHA256
d00f83ded6783bda5865d061b38887a769ac5f53ac40503ff44836f004cd3538

SHA512
d923d75e591cae9eb72b2854153834a6d4eb28d1715151a3a55daaf077639464bcf4e52af80a94c281cf04a24b3aadca181cbccb64bce427551e6c221c9dcdc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
76a5e5b1c0d3d5b6c21774ce63c6f38b

SHA1
40640c1282e5cd216fcf1a91efb4f9470caef4a0

SHA256
99ac7036cb4716060544b959177554dd20329545c325dc32d96872efdfa2ec51

SHA512
7e64d5800b2e29d32038626e6b1abab6fc8a31bf1064d4432cd54c59a053949aafc7eb6f760494055c70acc6c7d0f6ecc3e0ee8f57989168937e52f170f826ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
15ae876c5c244103b45bd90214ff14d5

SHA1
4e3460075a735c14dece590608aad9be3a4d7310

SHA256
99881467f638a3a7823fd473bbcd0f4bbc1ba8d23dc883e3e6006395259cdfe3

SHA512
307668b7876522f5a02da492c876c06c53dbb7964e602913621f32405914a401425cc85c7020726a7bd49f384ecbb31bffec8bed9f38f2660c8c2b2406913de9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
1f85dc6e59b0e2b859701a06553d87fe

SHA1
19cb4c8867d1cc32a18b9d31d417e8c132222306

SHA256
0a453048937d31c85694622d9b3504f06959a748fd2afd9167b851a359b11b97

SHA512
bfa6029bb4ea606e55a1f7f1af76013bedc4cb29aa0d90f2d6b8fc1586e8e8296c5f36f950f2419bac63e7181f4b6c9f28261b0dcca6725db97ac05a1942fbe6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b10100a76b48be6f1318b0f88aac33a5

SHA1
372f2ed4918e64372c9b861bb52a918aff946bc3

SHA256
d1c0bac4a82a67bcfaa5ac4049d714f58632a0387f6e2d5c81d33c6397523f56

SHA512
59945b63a76f6a8c4778e9d88adbe7ef1e134454136ccc066c598c692d032af8aac19f5bb86691929b6702a235c8f4410e78d1aa5a5cd3650cf8286c685b0e25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ed2142390cd7f3e175f8c82b2e9f3f13

SHA1
2da6e11c651c99071bcdd5d36fe949df9d5a045a

SHA256
14b3999254e083cc8c9c72f0d7626e9975ab54e81e7a5c2cd8dee1a3b0526780

SHA512
97c2612d5941854257af546e66a2982506d368180f732064409a10f4da575dd919318b118e31e0a8575a96e2baff5c20fdfde39362fe770c2c18066b23e7adc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
519B

MD5
f63383b7786454e4d5cf4c2c6ccdf0ea

SHA1
8da7674779cccce287c079918a335b6cfeab169a

SHA256
0b4ed50986a82c2411225e69668bbc41db1d20ce158347c98b73b1c5ef58f6a2

SHA512
18d5dcf2f6268aa62e648270d12cf94e429fe2e528fcd8c91d21ca8c35b04bd2f58ccaf163df7960ca6b89134dcabff47193a272e557b615cacd7cf48a02b4d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
27084a4e03272ff20548549c4f879a9a

SHA1
448b585e5d5a352530ae9536cb5fc80adf442cb4

SHA256
27af5cd5fc2232d3715300ee717c95a6d73d9ff84369e4285383a52a56aba259

SHA512
c6767f6941e37c7c8482909926c81fe41cc925dc08b72d060482966990a934f7009bc99a9b1051b789e004e40b522775afcdd24570e748a5b26a0ca9f1e319e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
86f887f43d9fdc37a151b5dc8a784895

SHA1
698827bba2401279e083a14c75a8bb5d5d0bb1b5

SHA256
2dc57e8daa5ea56eeec4a2bc08e7a101cddc03684a4ff905aaf3a77a2f6fb1d8

SHA512
3ad68de8770d6a1251c4362cb4f75b26860e0924898446003a6fd16092f2458722ba1dbdaeb967cc1b90a5819801f94b887c4134d82bfc42e228e1b88715fb7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c8eb0b1a62285b2cc9d150969790566f

SHA1
c63bcff800902c4bc78095d48ee3cf845b76f240

SHA256
5c4294dc0023a465a9c21b9f06d6514e6e72c2f39d634855170088a458a5c4e8

SHA512
a90085d228074592dd90ae6829927f56a4173872275492f58af459ce5d7ebd437c887973b6bd9e12791df47dd0540583d411c7d8049075b29e0b582ab4aedcc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
2f4fbe2ae8625b4ed942d766036a8038

SHA1
fe2c6c1524883345ef8e9d38e8067e9a540a520b

SHA256
9ad81482e79b44ad8e1a1cc2c4fb622c3bc9b2e3e803902e575930fca0373bee

SHA512
cc6974e1a8e6b684dbe4deb25a53a5865c58d7d33018bf7446d19b7711eb904a2ca4c54346b11007f6567168a2a90ee782b416a334c49850efa75e4efa8761e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d4ac8b8236bde237347944a9739f2827

SHA1
a1acb7934f6668f61f1be4808969a9f4fa7daf0a

SHA256
4d9137e8c037357a2e6aa90c4fde31a3e4df82944322686a6e9cf8e903d90b30

SHA512
be23093fda3adda96d5fd03c402c9061301ad859d654f1dbd6e3f5153c759e8d6a977a845fb2ba9e6b487367fafd1386869459c1a54578ccf81e2cab0a792226

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
bf7e92a6ba8cc5f1ab63b4be0f4cf7e8

SHA1
e64f7814c6b556237efcea4f211e221c638d858b

SHA256
0e6c2f4ec149026b483f183489d215f7b927b2848f1f4ee512b087e6209dec46

SHA512
a59e5d1811fd14bc183382f1f55da729641fb6183b4f5b29cac1783f3f2c3abda9e4aed75e79dfd29e64a622d4417e09ed5ccde19006da61271467a70223bcfc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
240a9a767b03802c3fea959f82c25b13

SHA1
922315abccc9086ab4e911f5529c14779da80a0f

SHA256
c8f58878b2b866dfe7f90dd68c4c1cf383a6c4fdf3a0305a73a5beb8964708e0

SHA512
b639911dbd7facff4d6d5f73e698ee37bbf771ecae35942fa79d185239b585842bd77c2604fdbab26a0c39921729e5136a4f00486969a268e13a1100dd7e52c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
146KB

MD5
b981cd2bac4078d83e43d2ac0733005f

SHA1
ff5eb56a8a0d33df194f3f230f9df968814afc80

SHA256
02755cf4685f348319afb59df92fce99c486eb750a50095d133be44d109639a6

SHA512
0dcbf36856282874fad0f3facd7dce3acf19ac8e16441d68097467fcd52558ecfd784de15be25dfb6dddede686fe717343306e612ea140a4c5d0f3e4bd547553

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
167KB

MD5
968e687e334309ab37912c8b9ca3332e

SHA1
3cbedd1b3b4f574a9727a0c4138051e605297fd2

SHA256
1e7084833c191440daebd6bc2ab58fe4711f6f0fd1c6e581d9b73ab34bdb8f96

SHA512
079f408166e43bfcdeafb0df387ad621a3d01c7661c67c90095eec7fcfa0fa76426b0c56ece93647cd24591a2a57a59ef84d3cbc38e7a6b053a94cc9627e2fe9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
146KB

MD5
65bbf13f007427d20955ebb54a9fdb5c

SHA1
fb5fc7875c5ebd5433ee9267906d5a8e8f7ac5c6

SHA256
3414ac7ef4a48d522dd66df5f185f7dd30e836f95f4acbe25b12f810d61945ed

SHA512
aafbefe05d8d4a9b5534dea64e9f20dbbea2b0ea299341a0e1a24258d8d81848251daf5eafd1c9fa8f223c93a3e1d74c63bafacd9908d38958e655f3d36dd096

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
146KB

MD5
8d25cd1cfd5e20d56556c3db170a55b3

SHA1
36e4b72216cad18dfb24c4b1fb4f1c4def25eb36

SHA256
1cadc6c3332c2034b505b22b8767d7ae2e0f60fceb6fe2a9be7c12457d8c6988

SHA512
8466253c0b57178a65c777180c854f299884df62738721081ed39901408e06943ed11fb33715a6f6516065cd6ba9f7421aa860087aa8bd138925b468f38dec6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
1434855e10ae8363c5cc2447b28857f4

SHA1
09acec021320e268ee3134d08053f249e515d21e

SHA256
14b4b7f664012e6b40c62c59b4055699cef0394ac39c363f003b875d74b2da36

SHA512
b5dc0f66abbbb085a92fce0078806c7904578f72edcb74ab7dc4a96ee270bff1fbd3f41221cbbe40056259ef511244f6f530d41d8bdc7608cecc4db2a126b02c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
106KB

MD5
7a1e8239e9196a67ad7e3a456e5debcc

SHA1
034ac91ff7f01c95b3754bf32c882643eb2c9f69

SHA256
e595eb7bc5382f950fedef3bc81e479614f29f0e731b3aefd2534e192c3ca4f7

SHA512
801239f7099e81fda3b704c93ad2cc5a29f4dfd726901d789024626c39c9fa34c8131afb8d68e6af6b22f25d14bd0428da26899ff4b49806df80d04a0f158c62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
94KB

MD5
a732a98b2f1a66050142a05ae34808e4

SHA1
58e5da6d2fc23af9aff749aae30351e3cda17b61

SHA256
8848ad8c1faf77f6d99729f27b76c9e6dd46d764b756981f118b5d018aa87b05

SHA512
71258660ef94076ae80f5f7234408569ae909c147e79ea1de30f31fd407a668187964e8eb6bc399060eda02028893c15688f726fd16427edbc95560b3b3b5461

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5c8ab3.TMP

Filesize
91KB

MD5
7939b55e65896c8c0b49f7ad1c918519

SHA1
05ade9dcc23a4a87e47ea6e43f8544609a04172e

SHA256
28951e084cabd9c0278f613670b360f706f2b972d44217ae9f1bc1dc84c88ced

SHA512
e21e0185929e701c6ec5ae505677c4305dc600a7003c65143bcfbb6e4e6b941468363b3d7ae2e6608d04470535c285c9f1c5621c546748463d2f00c93c8979d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_2ttbigia.w54.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\dcd.exe

Filesize
227KB

MD5
b5ac46e446cead89892628f30a253a06

SHA1
f4ad1044a7f77a1b02155c3a355a1bb4177076ca

SHA256
def7afcb65126c4b04a7cbf08c693f357a707aa99858cac09a8d5e65f3177669

SHA512
bcabbac6f75c1d41364406db457c62f5135a78f763f6db08c1626f485c64db4d9ba3b3c8bc0b5508d917e445fd220ffa66ebc35221bd06560446c109818e8e87

Download Submit
C:\Users\Admin\AppData\Local\Temp\vdb4fh0e.o1m\Silviozas Premium Proxy.exe

Filesize
1.9MB

MD5
bb21485e4a35693716d507f1a11e7b4f

SHA1
db9793a6a46bedcfb5c7589acc17c9d96a54ff82

SHA256
d732486f5f9c48b56737c708f1c789657bff78c7ffc9ea7bdf640f5fa0cce37d

SHA512
130d6c4bef1eac7c74719a27018392efe24fff97edc2250ed268d96403863c642f58e73c1bbfacef4033771d4722b677ef66fbfeb5729ab846d31acf10ab4dc4

Download Submit
C:\Users\Admin\Downloads\GrowDice Predictor.exe

Filesize
5.1MB

MD5
10f91c98dba610f5f0c170e525940bb4

SHA1
642a760a895e3a4fa4f949234e6ec1ae93341c99

SHA256
2b14ec6610caf860b003fb24a82eef03e817c70582cfd486174fca66117c40fa

SHA512
7f5f3c95f6d2f4a180e4ad02ff9fb4ebf4e5cfa0c529b2708a703642533f2da4e301e4a2f4a8bf16ec0c0152f4dab19f3e760cd80db0b100503e4f82a456c645

Download Submit
C:\Windows\system32\drivers\etc\hosts

Filesize
1KB

MD5
3a19121498aa4a500f33519964565b99

SHA1
a881fe7bce9804b653a087a073c97472ca27fc14

SHA256
e5c414ee59ffc5fe19bf968ecadd6271ffcd1fc22b51ef772dfcfe956579f9ec

SHA512
c70fdacebd725b43fe65f84cbf9d7ddf9e9c95919b58d772211b2aa9fc2f24639fb13080a8fb38a6688ffa95ca14d4855e882f8f92a346bae6c134db1cffafc9

Download Submit
\??\pipe\crashpad_5400_QAOPRPFMWJZGOUZW

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/3476-554-0x0000012321030000-0x0000012321052000-memory.dmp

Filesize
136KB

Download
memory/5408-523-0x00007FFF2A2D0000-0x00007FFF2AD91000-memory.dmp

Filesize
10.8MB

Download
memory/5408-524-0x000000001C1F0000-0x000000001C412000-memory.dmp

Filesize
2.1MB

Download
memory/5408-520-0x00007FFF2A2D3000-0x00007FFF2A2D5000-memory.dmp

Filesize
8KB

Download
memory/5408-565-0x00007FFF2A2D0000-0x00007FFF2AD91000-memory.dmp

Filesize
10.8MB

Download
memory/5408-555-0x00007FFF2A2D0000-0x00007FFF2AD91000-memory.dmp

Filesize
10.8MB

Download
memory/5408-543-0x00007FFF2A2D0000-0x00007FFF2AD91000-memory.dmp

Filesize
10.8MB

Download
memory/5408-521-0x0000000000E80000-0x0000000001368000-memory.dmp

Filesize
4.9MB

Download
memory/5408-522-0x0000000003530000-0x0000000003580000-memory.dmp

Filesize
320KB

Download
memory/5408-557-0x00007FFF2A2D0000-0x00007FFF2AD91000-memory.dmp

Filesize
10.8MB

Download
memory/5408-526-0x00007FFF2A2D0000-0x00007FFF2AD91000-memory.dmp

Filesize
10.8MB

Download
memory/5408-539-0x00007FFF2A2D0000-0x00007FFF2AD91000-memory.dmp

Filesize
10.8MB

Download
memory/5408-527-0x00007FFF2A2D0000-0x00007FFF2AD91000-memory.dmp

Filesize
10.8MB

Download
memory/6132-593-0x00007FF74DC50000-0x00007FF74E441000-memory.dmp

Filesize
7.9MB

Download
memory/6132-586-0x00007FF74DC50000-0x00007FF74E441000-memory.dmp

Filesize
7.9MB

Download
memory/6132-585-0x00007FF74DC50000-0x00007FF74E441000-memory.dmp

Filesize
7.9MB

Download
memory/6132-584-0x00007FF74DC50000-0x00007FF74E441000-memory.dmp

Filesize
7.9MB

Download
memory/6132-556-0x00007FF74DC50000-0x00007FF74E441000-memory.dmp

Filesize
7.9MB

Download