344700d3141170111a9b77db100f6961cc54a2988d964d34f7e1ca57aa42aa2a

Resubmissions

05-08-2024 07:16

240805-h39jvazcnk 8

05-08-2024 07:13

240805-h13zaazcjr 6

Analysis

max time kernel
150s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
05-08-2024 07:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

WaveInstaller.exe
Size

1.5MB
MD5

c822ab5332b11c9185765b157d0b6e17
SHA1

7fe909d73a24ddd87171896079cceb8b03663ad4
SHA256

344700d3141170111a9b77db100f6961cc54a2988d964d34f7e1ca57aa42aa2a
SHA512

a8612836fb4714b939d03f7fe08391bbc635ca83ab853fc677159e5db6b00f76b9b586bdae9c19d2406d9a2713d1caf614132cb6c14e1dddc6ac45e47f7e5a5d
SSDEEP

24576:9viinbT3ipyqwPx4x3RyFoBkkAd04wJAAh/jV1gJcPNZI6fntX3HOt2pbs81ind2:EinbT3ipTD0anywJAaD/3U2pb7indT

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

36 raw.githubusercontent.com
52 raw.githubusercontent.com

flow	ioc
36	raw.githubusercontent.com
52	raw.githubusercontent.com

Drops file in System32 directory 2 IoCs

Processes:

chrome.exe

description	ioc	process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Windows directory 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Windows\SystemTemp chrome.exe
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

WaveInstaller.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WaveInstaller.exe

description	ioc	process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WaveInstaller.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133673156208071051"	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3007475212-2160282277-2943627620-1000\{25425429-0977-4ED4-8007-7A2400FFA65A}	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

chrome.exechrome.exe

pid process

4560 chrome.exe
4560 chrome.exe
4560 chrome.exe
4560 chrome.exe
3124 chrome.exe
3124 chrome.exe
3124 chrome.exe
3124 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

chrome.exe

pid process

4560 chrome.exe
4560 chrome.exe
4560 chrome.exe
4560 chrome.exe
4560 chrome.exe
4560 chrome.exe
4560 chrome.exe
4560 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

WaveInstaller.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	2352	WaveInstaller.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

chrome.exe

pid	process
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4560 wrote to memory of 4712	4560	chrome.exe	chrome.exe
PID 4560 wrote to memory of 4712	4560	chrome.exe	chrome.exe
PID 4560 wrote to memory of 1948	4560	chrome.exe	chrome.exe
PID 4560 wrote to memory of 1948	4560	chrome.exe	chrome.exe
PID 4560 wrote to memory of 1948	4560	chrome.exe	chrome.exe
PID 4560 wrote to memory of 1948	4560	chrome.exe	chrome.exe
PID 4560 wrote to memory of 1948	4560	chrome.exe	chrome.exe
PID 4560 wrote to memory of 1948	4560	chrome.exe	chrome.exe
PID 4560 wrote to memory of 1948	4560	chrome.exe	chrome.exe
PID 4560 wrote to memory of 1948	4560	chrome.exe	chrome.exe
PID 4560 wrote to memory of 1948	4560	chrome.exe	chrome.exe
PID 4560 wrote to memory of 1948	4560	chrome.exe	chrome.exe
PID 4560 wrote to memory of 1948	4560	chrome.exe	chrome.exe
PID 4560 wrote to memory of 1948	4560	chrome.exe	chrome.exe
PID 4560 wrote to memory of 1948	4560	chrome.exe	chrome.exe
PID 4560 wrote to memory of 1948	4560	chrome.exe	chrome.exe
PID 4560 wrote to memory of 1948	4560	chrome.exe	chrome.exe
PID 4560 wrote to memory of 1948	4560	chrome.exe	chrome.exe
PID 4560 wrote to memory of 1948	4560	chrome.exe	chrome.exe
PID 4560 wrote to memory of 1948	4560	chrome.exe	chrome.exe
PID 4560 wrote to memory of 1948	4560	chrome.exe	chrome.exe
PID 4560 wrote to memory of 1948	4560	chrome.exe	chrome.exe
PID 4560 wrote to memory of 1948	4560	chrome.exe	chrome.exe
PID 4560 wrote to memory of 1948	4560	chrome.exe	chrome.exe
PID 4560 wrote to memory of 1948	4560	chrome.exe	chrome.exe
PID 4560 wrote to memory of 1948	4560	chrome.exe	chrome.exe
PID 4560 wrote to memory of 1948	4560	chrome.exe	chrome.exe
PID 4560 wrote to memory of 1948	4560	chrome.exe	chrome.exe
PID 4560 wrote to memory of 1948	4560	chrome.exe	chrome.exe
PID 4560 wrote to memory of 1948	4560	chrome.exe	chrome.exe
PID 4560 wrote to memory of 1948	4560	chrome.exe	chrome.exe
PID 4560 wrote to memory of 1948	4560	chrome.exe	chrome.exe
PID 4560 wrote to memory of 4296	4560	chrome.exe	chrome.exe
PID 4560 wrote to memory of 4296	4560	chrome.exe	chrome.exe
PID 4560 wrote to memory of 3332	4560	chrome.exe	chrome.exe
PID 4560 wrote to memory of 3332	4560	chrome.exe	chrome.exe
PID 4560 wrote to memory of 3332	4560	chrome.exe	chrome.exe
PID 4560 wrote to memory of 3332	4560	chrome.exe	chrome.exe
PID 4560 wrote to memory of 3332	4560	chrome.exe	chrome.exe
PID 4560 wrote to memory of 3332	4560	chrome.exe	chrome.exe
PID 4560 wrote to memory of 3332	4560	chrome.exe	chrome.exe
PID 4560 wrote to memory of 3332	4560	chrome.exe	chrome.exe
PID 4560 wrote to memory of 3332	4560	chrome.exe	chrome.exe
PID 4560 wrote to memory of 3332	4560	chrome.exe	chrome.exe
PID 4560 wrote to memory of 3332	4560	chrome.exe	chrome.exe
PID 4560 wrote to memory of 3332	4560	chrome.exe	chrome.exe
PID 4560 wrote to memory of 3332	4560	chrome.exe	chrome.exe
PID 4560 wrote to memory of 3332	4560	chrome.exe	chrome.exe
PID 4560 wrote to memory of 3332	4560	chrome.exe	chrome.exe
PID 4560 wrote to memory of 3332	4560	chrome.exe	chrome.exe
PID 4560 wrote to memory of 3332	4560	chrome.exe	chrome.exe
PID 4560 wrote to memory of 3332	4560	chrome.exe	chrome.exe
PID 4560 wrote to memory of 3332	4560	chrome.exe	chrome.exe
PID 4560 wrote to memory of 3332	4560	chrome.exe	chrome.exe
PID 4560 wrote to memory of 3332	4560	chrome.exe	chrome.exe
PID 4560 wrote to memory of 3332	4560	chrome.exe	chrome.exe
PID 4560 wrote to memory of 3332	4560	chrome.exe	chrome.exe
PID 4560 wrote to memory of 3332	4560	chrome.exe	chrome.exe
PID 4560 wrote to memory of 3332	4560	chrome.exe	chrome.exe
PID 4560 wrote to memory of 3332	4560	chrome.exe	chrome.exe
PID 4560 wrote to memory of 3332	4560	chrome.exe	chrome.exe
PID 4560 wrote to memory of 3332	4560	chrome.exe	chrome.exe
PID 4560 wrote to memory of 3332	4560	chrome.exe	chrome.exe
PID 4560 wrote to memory of 3332	4560	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:2352

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4560

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x114,0x118,0x11c,0xf0,0x120,0x7ffffa65cc40,0x7ffffa65cc4c,0x7ffffa65cc58
2⤵
PID:4712

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1824,i,13427080695201866725,10312187478648222995,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1820 /prefetch:2
2⤵
PID:1948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2120,i,13427080695201866725,10312187478648222995,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2128 /prefetch:3
2⤵
PID:4296

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2164,i,13427080695201866725,10312187478648222995,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2212 /prefetch:8
2⤵
PID:3332

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3084,i,13427080695201866725,10312187478648222995,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3228 /prefetch:1
2⤵
PID:3240

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3104,i,13427080695201866725,10312187478648222995,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3260 /prefetch:1
2⤵
PID:844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4432,i,13427080695201866725,10312187478648222995,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4440 /prefetch:1
2⤵
PID:1508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4792,i,13427080695201866725,10312187478648222995,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4836 /prefetch:8
2⤵
PID:3676

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4416,i,13427080695201866725,10312187478648222995,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3544 /prefetch:8
2⤵
PID:1560

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4256,i,13427080695201866725,10312187478648222995,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5272 /prefetch:1
2⤵
PID:1028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3060,i,13427080695201866725,10312187478648222995,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4360 /prefetch:8
2⤵
PID:2808

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5368,i,13427080695201866725,10312187478648222995,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5380 /prefetch:8
2⤵
PID:1592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3372,i,13427080695201866725,10312187478648222995,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3548 /prefetch:1
2⤵
PID:3936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3516,i,13427080695201866725,10312187478648222995,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3436 /prefetch:8
2⤵
PID:1488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4260,i,13427080695201866725,10312187478648222995,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4852 /prefetch:8
2⤵
- Modifies registry class
PID:3428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4784,i,13427080695201866725,10312187478648222995,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3712 /prefetch:1
2⤵
PID:2776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5420,i,13427080695201866725,10312187478648222995,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5508 /prefetch:1
2⤵
PID:5020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5464,i,13427080695201866725,10312187478648222995,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5648 /prefetch:1
2⤵
PID:4112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1132,i,13427080695201866725,10312187478648222995,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4232 /prefetch:8
2⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
PID:3124

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:936

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3408

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002f
Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
7fc7e5662eb6e6fb59fe289a22970572

SHA1
281831f062079ee0e6f88fe713a8d94b25bdaab3

SHA256
950ca8b847ee43479eb08051e9f30ee78a5974b54caebc006b9d56ff70853912

SHA512
d10c8f6ac519cdd5c0b513d892048fdfb390ee9dc3220786ce86ca2d6b68f8aa5ad2bd793e0fea27531f447eb45e1eddceb6bcaab1e8072b75788280a5ae6b2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
0f3589e350509c5c5a52949941d2f35e

SHA1
5cfba854a34c4a52fcd3be0858a74cbed1585958

SHA256
85b60b401677fedbaa5be147d8d3c5bfd5822792914b2cae8e87b4cd2b5ff48d

SHA512
867a9f2cea5205357696a462f0f3a113a1be07ab5b5050c202ee6c001b8ab735850acd5f1c1d63d1851025aebd877563caf4f14ab36da79558cf8b27fd59475c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
5575405691144d9e12a41c73c24ccc9e

SHA1
fd5124f022a90a13a9384e31112b59feeb9ca0c5

SHA256
8db34cc444ad64e248ecc08f8d8c2f7291262c78d7518a949c372487738125d1

SHA512
1f9cb1cbd8b7323e696df6873f4899b372ca8f053ec5aead18ef68cf78bf042200fed0d35451785640349b78b4882f1c9b2aa9d40742be3e3e76c5b05d491d1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
569d906d358629d24884391d76057a05

SHA1
d578a5cf26fee3c37601675e7f93bec47617969c

SHA256
53d7dc97c110337c66d2c1dc76ebbad3ec709254f82325af50cae9e7878fbdbe

SHA512
1fb9a7f4a24065965559c8649788158961f0057632ed0b7ce98ab7948b38762a4c987ed9b955b273c205982f2d147e810de96767b3407c9905ac4eeb24c37081

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
5KB

MD5
9c699af206f18ea36e333ab1b88e13c7

SHA1
46f82b7c831897fb91662394bd9e5a8283edaf9a

SHA256
686b926d71e0725f968d78d5fdf7939305556b665979989ac7abf4d5ce9fea2d

SHA512
84f3d317d7e819d29463f406935cde0ee130d3b5d1593d10a63dc3ea62a98eca1e1fe11b76b2af37f7e4c91f9ce80390697175dccf9d78ef6ac64e933c2c265c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
6KB

MD5
8ee8b646d52cac828243b23eefce664d

SHA1
099fe25fb848edbdb02e2cf8d0632e69b48ec5ec

SHA256
bd3681a46124054c386d4bc5cac1f65c1cbc0c5229ad8df51e183d5502f1bcdf

SHA512
6e6683bba3e0897b4d7a2f994fd404cad40dcd8cf278b426a90aa64c0161ca9b08c7878333c500d71d670459fdd7cea2936746f8f04b59a5f30bc7694bd0c518

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
0557c2316b3442e1bfecf21a52f0eeea

SHA1
ef5c7165502cebbc54a61d32f03fd81bf6a15743

SHA256
1e4f6c36fcdfbb3cd188a644b0c6951ba4eb35fc2362ef94024f691558540313

SHA512
4520709bec6b016495545b6bd899e3d0304b730089a6e7faf33cf871461e45d334439f74060e0ddb2f38ec459dfebdabc4892cf91204b3592cfefea6273ce067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
44aceb68412153e67065970a48f2d25c

SHA1
2ff4c837cfbfbd54cc5fdcc61cfabb74a282ebc4

SHA256
e0194177a94ee372e98becdb750b0ee7daf0ec8eb4f1bfa47e8573b71cc23ca5

SHA512
c8aa06b9b62bb0b0a0a88261244570dde3a42ce3051c379acd49b5e99df4170bf1b2297b0d792530fa62f15b9afdcb255317a939f37f0871c4b1a9a8d88d2c3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
789952f2bb9129f2d7b38a62c5441efc

SHA1
687f6381567238d4ce4348993160104c4e44a253

SHA256
3d0d8e34d91797f4f016ce2ecec7a6bcc37a31c7702df88da65b35178a18df5c

SHA512
87d8b9b89b8c2506af3fe18d39e23a21b791eb0bf39da7f64617ee1f10eebc53cfd3a8685b80b7d68356a73d6be479ebba59ab0154f77288f308d9803e78b97b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
e3900d0d1636d9cd7d2e6fb95f92af27

SHA1
55a1d9aeb89ca3dfd936e88b80a0f9d81d28fd6a

SHA256
5717d6005732500ab1bebdd25ca78a6445fda321b06278c8bde79d622fe5c140

SHA512
2d4176804101ae674b8e374774e9901481dfdb02c7ae257b3bef2305864254ccef610ac7b1764768ca5586baef65228c930992716a95d5fd9fb88f056dc2d85f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
c7cda94da6833cb79b9f4ce09026ec52

SHA1
74a67504d30af9b10af82179e5af24c495183836

SHA256
16fea1e3fea27e5032dbc2050a9c7ec824896bb2aba0050e4bfe6c5fdcf1b58a

SHA512
a5d373e0c93886ab7dc2ee1ccc99ed2840fe607a8900d341ea63aae4916343ee7d04a2db5eabb4e916257681caff05654a65e1000cfdbc4fe98b779443c5e0b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
8be9e367dcbc3fcd1b7ec120920c9fd4

SHA1
1fd5cd7c3d634c046d78ee6420224d96e7d23ad5

SHA256
d004efb211d57f168208b2140b2f901841778e6cbe9a605fab6327ec285dbe28

SHA512
68c36e1ebffc6115ece742d71c42bde319565d1e2fc4a9e9a98949ab62ccb69f30414a020d16180131ba8aebcfe4ed40ff65eff56497afc4f2af83b668264ebe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
0f6e078b2a31cce3b855a2624e574d37

SHA1
292a4faeb8898dacc9cf993f561aa62433dd11e7

SHA256
0beb65284fe2c436fe0b049611c52edb377cc518d41e092e90b02ec969a483bf

SHA512
fb2b23ee06e67508e45ec5a7fef92f05b7b6bc4d69cdb7b89c887830a9f7a3c921aa8dd2592969fa188f00fc42cabe62827fcfc577e240487c2a59d0d5a6783e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
311b62d91eb06d1d05180175012e4c3c

SHA1
060c1fa30c00744e0aaea35047a35eadc0ff09a7

SHA256
a07087f7ed6a6b26e618a96e32ba8a001b16e00db1b74925a8a5e27f0abdf405

SHA512
067424b4b2d02f12924233692a597efbf7cf47a784c8a39e606c949a2068d44ca2e27a89b2728edf5858542547316f99a06934f90a6400f40560f7035475dd72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
5d300fa9957d3a371f2d2643af61d930

SHA1
7d8427b510146d9add4e9f4004bc63813c782f5e

SHA256
27e3cbccb6ec3387e4b36b6d61ee7fc418270adeeaff34773bcfef6754947111

SHA512
f54623dfc57d656690cbb120199fabbaec9d9a171569f719aed650864a0930856432a4288aea139ad04fc609b19fc44fcec68e1e40e84bc052a4461d9b73b9e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
3269920c357b5b0b3273b8980addef88

SHA1
656361392c2f06cc2d25b9248bb2332d38100510

SHA256
0824d1cbd860da2eb382bbb66a3d24b8a21299dda730dca3d193fa696dac883c

SHA512
0fdeb4be7e6ed79931ffb1f5865559a4bc560bfdfc6a1dbb0805e882197e3e9d6c40dc5c83a6d677e8345d0f9c7a52eee09af10e9c119579cd66996a56d74f22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
f8817b368ad90b037d7f3bd03edda264

SHA1
e044026b751200ff59f9c25b4285052bcca687cf

SHA256
94723fb2d7396a8bf44fb4ba6c01d70c366f534c465f25c91024ba9fefc8c6df

SHA512
c38ec6fe99fc026c1d9fa5a0e93d16bc45e9d3aed51b5d54b2bfb3caba3b89c856decb23cf8908f39b9624ab731a166ca6c6c7a3a61edc30bc3f9f261c30ce12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
d587743a3b4842ef0aceb3d2d1f36139

SHA1
af38e3ad9e4654d889da2b18b27e83766739340f

SHA256
8e142027b1f311fdf30eefc04bef9b032f261cf32f8bd8b36b897cc33d16e910

SHA512
b733393196a440a1d1f1c7f11e17b484bd312d5c418cc23bb8748f57a265bb0f777e6337144fd3fef8e8c35baae2db5914becf40d3fa47571ba13eab258e4d1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
58cf019afc59cbeab82880cfa13f4f91

SHA1
7b77d339c0da9a5167f41937abe812fc03e95daa

SHA256
aca5bf60532adff286750a7470eca79bb0f7383487bec5e04842831ad71b5dd8

SHA512
8da6ff271d15ed2374bd98a6c922b54c3f9ead9effe6c9726ec80d0eacc598d1221bebb8400906e5813f1969ed96f5efdba5b4806f6bb8b4432f2cb30b6b275c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
0ae8643be762987c66363654fd7faa8e

SHA1
b6c834c2f886676e58880c643c71b6beef77556b

SHA256
51e61cfc6fdbd0b718959ce074889b4a9259286df6c2386568ad5552db0bdf57

SHA512
912cedd0953200a188d3edb706ab96f5bd7baf40c88d3a6e35389f0a169385bab1ac650f3df79b887bfa1740f765de3545ff365f346033c7b8b74f9cc2003a92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
9ffb529a9444412f720352ad9ed06e91

SHA1
857b4e66085ba404fdf3952e205321f3b4477a35

SHA256
a140f95ffd70cecd359f02e33f2f2d99372d7689e67d891a735079f675466d39

SHA512
b5b48829537625ac6c69f64e0802a1fdece3d307037ec1cbcd84ef13748973da9f8925bc3d7be338426906fea2a7b9cbba8b78f766be828d2a46e190a4469433

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
e48806057fd7faf5db1327dc3acf63b7

SHA1
17e10ca34ee530ebddd475a8c3734b28263dad5a

SHA256
5236844fa45fe9eb81607ada5b5a0a02f1caf872bfe5d2ef0dbf9c53a4e120aa

SHA512
23f96b7a01fc572acf3cb3dd85f3c313d07721676b0d019dbcfe5048e8c553bd7a1719761bb1488f1d43c2208291fdf950954178e621d275a48a485ba6fef64a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
5b8dc83dc246f9abb8329b42e0c7bfa2

SHA1
cd07ec67d19d215c359f5852894f7a6150a5704c

SHA256
edd2334ffeef1b5178eb471de61fe37e2444bf7d2dfc7feca2a322f4019c245a

SHA512
3bd630de8540aa311974a6b9037c0c079df3574957473a5ab923c838df517993b2ec9d76786bfb56c308c2992e4c034c0cd797737b34ddb1f0bd64d5272ceeee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
c2edccb77413a8fbed08b713ee71cd45

SHA1
21a07d66f54189d9ff24d4927834017aced74e99

SHA256
4df4c2e79580e45d73fc4f99cd30b0e57eec5bb866622398718e56c2e12faf1f

SHA512
2287a7a1eb0395d99f7946fd359fb3f045abed48f58b82ed778a1a6459078bb5df38eb8658bd11de21742af5c773cee37371d9d5dbcd0353e111aa6c3dc52702

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
196KB

MD5
91f8c1a13003c55b611b53300e8b991a

SHA1
0cbacd8b6ed5f67dc02b73d8380cecdde2225bcc

SHA256
955f004ef097ea62418a579533b55b8a21ba285bb5af1e5d0e82f9c9b533e164

SHA512
c6c43e3d40a0ed19386413c38728c4d66b027d9dc522a31e91a490b5ec1d0c713b9a3c350d117c8600289390d3aba9996fb088029101333fdfa6ebf40d781bf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
196KB

MD5
b053d3eeb3a55e39c0055c9ed14a30a0

SHA1
c7cb1b78624a0946f1b913f8055b044d12e1a2f7

SHA256
d84f25d6c40b693975908b15e6e1076d1adc2d26ea810d1c6886dbf391daba1e

SHA512
11b5f15087344bd710556af8bc49717729b13becafc44f9bb3d6591d06b41df9af11a362c5197253d6494fc20f703d059693cd21e4ac125a8c2beba222542bca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
196KB

MD5
af345cf83817dc02f6fb87018561e451

SHA1
4f3b4727e233198c456383d89ff89a0327315da9

SHA256
75ee5859259906fd64d4ead2a6c476c8bd08afacfb258c99392b72f0952101cd

SHA512
64e8fab5b1bdfae2ab5a630bc5ea6daef2bcfd7c7c418423d545320cba69ce2d8ae18991a3758b7c8256fccd26eeacf114db48eaaada7dbd0e9f112ebc68e297

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
248KB

MD5
7b0d63af0757278c08a046b023de551d

SHA1
17cfeae505fb1d0f9636c8f3e3c4e4c1c267633d

SHA256
70a52d5b9047b206dfa4e2ebaff6cd54666df4c1a3f232a3ca681c640cfec963

SHA512
34ec8ea33329240163629932f261fccac3277b4307c9c268ba6ae8fd03af1dea9a37ef57a649c987d1de2d93f2a7b73560bb23215912d7794a23b54bc7d8cf20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
197KB

MD5
12e27e97d35f3d0c3f5dc5247af50e5d

SHA1
9fb4445dfe33241e1220b02e3f9eb74c1bead7be

SHA256
de06e50a91e55a93081ee13ea24f19ab834bf4c051b2facecceca8af8f9da90a

SHA512
5b4a2fe2e6f749201953c2f0b9869752bbd10d83ebad546e9c518a58957f7043969a324f7326472d62b2d80f8401e1e6ac6a9130225dc97c15a260a7c186b215

Download Submit
C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe
Filesize
949KB

MD5
8fb51b92d496c6765f7ba44e6d4a8990

SHA1
d3e5a8465622cd5adae05babeb7e34b2b5c777d7

SHA256
ab49d6166a285b747e5f279620ab9cea12f33f7656d732aa75900fcb981a5394

SHA512
20de93a52fff7b092cb9d77bd26944abed5f5cb67146e6d2d70be6a431283b6de52eb37a0e13dc8bc57dcf8be2d5a95b9c11b3b030a3e2f03dd6e4efc23527a6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\crashpad_4560_RHFWKPJEJPOXSFCL
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2352-243-0x0000000074ECE000-0x0000000074ECF000-memory.dmp

Filesize
4KB

Download
memory/2352-340-0x0000000005F30000-0x0000000005F3A000-memory.dmp

Filesize
40KB

Download
memory/2352-341-0x0000000005F40000-0x0000000005F4A000-memory.dmp

Filesize
40KB

Download
memory/2352-339-0x000000000AF60000-0x000000000AFD2000-memory.dmp

Filesize
456KB

Download
memory/2352-337-0x0000000005F10000-0x0000000005F18000-memory.dmp

Filesize
32KB

Download
memory/2352-336-0x0000000005EE0000-0x0000000005F06000-memory.dmp

Filesize
152KB

Download
memory/2352-335-0x000000000AD80000-0x000000000AE16000-memory.dmp

Filesize
600KB

Download
memory/2352-250-0x0000000074EC0000-0x0000000075671000-memory.dmp

Filesize
7.7MB

Download
memory/2352-249-0x0000000074EC0000-0x0000000075671000-memory.dmp

Filesize
7.7MB

Download
memory/2352-0-0x0000000074ECE000-0x0000000074ECF000-memory.dmp

Filesize
4KB

Download
memory/2352-4-0x0000000009BC0000-0x0000000009BF8000-memory.dmp

Filesize
224KB

Download
memory/2352-5-0x0000000009B90000-0x0000000009B9E000-memory.dmp

Filesize
56KB

Download
memory/2352-3-0x0000000074EC0000-0x0000000075671000-memory.dmp

Filesize
7.7MB

Download
memory/2352-2-0x0000000074EC0000-0x0000000075671000-memory.dmp

Filesize
7.7MB

Download
memory/2352-1-0x0000000000790000-0x0000000000922000-memory.dmp

Filesize
1.6MB

Download