344700d3141170111a9b77db100f6961cc54a2988d964d34f7e1ca57aa42aa2a

Resubmissions

05-08-2024 07:16

240805-h39jvazcnk 8

05-08-2024 07:13

240805-h13zaazcjr 6

Analysis

max time kernel
150s
max time network
152s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
05-08-2024 07:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

WaveInstaller.exe
Size

1.5MB
MD5

c822ab5332b11c9185765b157d0b6e17
SHA1

7fe909d73a24ddd87171896079cceb8b03663ad4
SHA256

344700d3141170111a9b77db100f6961cc54a2988d964d34f7e1ca57aa42aa2a
SHA512

a8612836fb4714b939d03f7fe08391bbc635ca83ab853fc677159e5db6b00f76b9b586bdae9c19d2406d9a2713d1caf614132cb6c14e1dddc6ac45e47f7e5a5d
SSDEEP

24576:9viinbT3ipyqwPx4x3RyFoBkkAd04wJAAh/jV1gJcPNZI6fntX3HOt2pbs81ind2:EinbT3ipTD0anywJAaD/3U2pb7indT

Score

8^/10

defense_evasion discovery

Malware Config

Signatures

Downloads MZ/PE file

Drops file in System32 directory 2 IoCs

Processes:

chrome.exe

description	ioc	process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Windows directory 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Windows\SystemTemp chrome.exe
Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs
When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.
defense_evasion

SIP and Trust Provider Hijacking
T1553.003

Processes:

chrome.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\Bloxstrap-v2.7.0.exe:Zone.Identifier chrome.exe
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

WaveInstaller.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WaveInstaller.exe

description	ioc	process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Bloxstrap-v2.7.0.exe:Zone.Identifier	chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WaveInstaller.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133673158335578886"	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3761892313-3378554128-2287991803-1000\{F9BECD2C-5F4B-4D55-AC38-DE5CE693549D}	chrome.exe

NTFS ADS 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\Bloxstrap-v2.7.0.exe:Zone.Identifier chrome.exe
Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

chrome.exechrome.exe

pid process

4552 chrome.exe
4552 chrome.exe
4552 chrome.exe
4552 chrome.exe
2392 chrome.exe
2392 chrome.exe
2392 chrome.exe
2392 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

chrome.exe

pid process

4552 chrome.exe
4552 chrome.exe
4552 chrome.exe
4552 chrome.exe
4552 chrome.exe
4552 chrome.exe
4552 chrome.exe
4552 chrome.exe
4552 chrome.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Bloxstrap-v2.7.0.exe:Zone.Identifier	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

Processes:

chrome.exe

pid	process
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

chrome.exe

pid	process
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4552 wrote to memory of 3468	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3468	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3564	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3564	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3564	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3564	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3564	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3564	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3564	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3564	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3564	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3564	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3564	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3564	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3564	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3564	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3564	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3564	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3564	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3564	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3564	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3564	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3564	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3564	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3564	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3564	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3564	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3564	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3564	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3564	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3564	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 3564	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 1504	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 1504	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 1544	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 1544	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 1544	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 1544	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 1544	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 1544	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 1544	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 1544	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 1544	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 1544	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 1544	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 1544	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 1544	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 1544	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 1544	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 1544	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 1544	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 1544	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 1544	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 1544	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 1544	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 1544	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 1544	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 1544	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 1544	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 1544	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 1544	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 1544	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 1544	4552	chrome.exe	chrome.exe
PID 4552 wrote to memory of 1544	4552	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff15f0cc40,0x7fff15f0cc4c,0x7fff15f0cc58
2⤵
PID:3468

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1832,i,16073913387316147609,12749729283486184794,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1828 /prefetch:2
2⤵
PID:3564

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1432,i,16073913387316147609,12749729283486184794,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2152 /prefetch:3
2⤵
PID:1504

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2224,i,16073913387316147609,12749729283486184794,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1776 /prefetch:8
2⤵
PID:1544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3096,i,16073913387316147609,12749729283486184794,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3256 /prefetch:1
2⤵
PID:2144

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3112,i,16073913387316147609,12749729283486184794,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3304 /prefetch:1
2⤵
PID:3532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3092,i,16073913387316147609,12749729283486184794,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4484 /prefetch:8
2⤵
PID:2660

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4580,i,16073913387316147609,12749729283486184794,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4556 /prefetch:1
2⤵
PID:4492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4740,i,16073913387316147609,12749729283486184794,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4756 /prefetch:8
2⤵
PID:3160

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=212,i,16073913387316147609,12749729283486184794,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4968 /prefetch:8
2⤵
PID:1932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4956,i,16073913387316147609,12749729283486184794,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4864 /prefetch:8
2⤵
PID:4164

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4552,i,16073913387316147609,12749729283486184794,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4764 /prefetch:1
2⤵
PID:3792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5076,i,16073913387316147609,12749729283486184794,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4716 /prefetch:1
2⤵
PID:2404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5080,i,16073913387316147609,12749729283486184794,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5112 /prefetch:8
2⤵
PID:3548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4572,i,16073913387316147609,12749729283486184794,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5260 /prefetch:8
2⤵
PID:892

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4996,i,16073913387316147609,12749729283486184794,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5064 /prefetch:1
2⤵
PID:944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5248,i,16073913387316147609,12749729283486184794,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5192 /prefetch:1
2⤵
PID:556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5436,i,16073913387316147609,12749729283486184794,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5492 /prefetch:1
2⤵
PID:4812

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3400,i,16073913387316147609,12749729283486184794,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5144 /prefetch:8
2⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- NTFS ADS
PID:4780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5576,i,16073913387316147609,12749729283486184794,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5412 /prefetch:1
2⤵
PID:3168

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3460,i,16073913387316147609,12749729283486184794,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5608 /prefetch:8
2⤵
PID:5080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5172,i,16073913387316147609,12749729283486184794,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5640 /prefetch:8
2⤵
- Modifies registry class
PID:2348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3488,i,16073913387316147609,12749729283486184794,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5792 /prefetch:8
2⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
PID:2392

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:232

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4216

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

System Location Discovery

T1614

System Language Discovery

T1614.001

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
0536337f5312dcbe6e80350af6ec125c

SHA1
903552374105693084aa81e325b03ac391a7e0fa

SHA256
ef352767d4c4cbc8ff24f000aed4ef43fee56b3789eefb38b358061c8e6b8c9a

SHA512
e7e4e2eb18a94ee2a9b5dd1472e97ddfe3498ca73e0e7ec6bb73a840d4301c67923b229638da007d33f9dd29679c1828c31c9cfc875f2e96ded8703861c54c9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
5e6e2c8bb329bce47b36393655324620

SHA1
240b68e40a97835edeb7c2938d8efd99f994fbb6

SHA256
e8a104c2af6ff215cc69d0d7f3aa8e7bcd0bbcd7ed3d8d939e414bd19adb83d0

SHA512
6fced6f12e527f5486e9c8c36b154ea5a1e21699a05e2f2d400363adec7e1812cc10166a0b3b17d5a05fa97339468da62235648fe97cf3059c656e43d108a576

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
6KB

MD5
c5c23743c0e0bb2a11ff874535a16e4b

SHA1
b4fa784171c10d6a90df5f4552dbd582e160e0d3

SHA256
6d831fc3383dcba88e52b3bbf956d75c5a7fb0574d12ee17545d486a0c8f468c

SHA512
6ce8dfceab6bff8c4ae706c19102091c4d8c2e9b7d980ec84a13e6b7a3b75a03c18034f953fa59a619b0b248b7a44db9c7710ede4c88ffb953ad726aed4780d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
373df659ebcdc32c3f0bc8fa27978500

SHA1
2c974b28433f149f7bb18c2d2236169bcd8b123d

SHA256
9f92bcd841a1dafbdf75caed0a2585d71936c474d1bd2a71656266ddaee0a977

SHA512
a7c975141951283f4c4fb7d2633783efef83cbb8c0c2d075a16a31ec3725d09e468d0bbbc506639a20debf505ccfa7eefdcf435871beebe485a4d1a46f23d7a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
d03f7ff6955850505b9c13c3cdd028de

SHA1
bcf271dc7a25d537023414cde69ef6035c142f48

SHA256
4499060f66436cb79d0420ab71478ff716f6fb74aee244dfcd44532d4639f980

SHA512
72c81f95a831556c794010d1b6416b9b30f245728f19c8bdb9147f9cbf22584364fa3479614dd6da2a0e49864dcc6350865223e205442c08a5fd552e3f78f85b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
f3deac8f7f1393e0789b9c62dea47990

SHA1
ef107e0a89173512a52b578366a4de15a7c5551b

SHA256
3c284bbf5a02da35a1c1ddf919ee375c676b42ac2bc2fce03e514244a6f49c1b

SHA512
30a43bdeac8703fff0944db0d4cba02fa5fa912682f20fafe3ab828ef555342e6f3fd9ba3ccf5edad18a018ea90a6858f0d583a047018eed6f37ce996865a340

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
49823f24b429dd716982538f7b93799d

SHA1
b7f8b33a59eb8d9ce51f70b53cb031271bd3d9ed

SHA256
699423e1b4faff7347927f274b20c648e4059213333b8c30d16189fc25ad4572

SHA512
4fe7b66f7d7af9f4de752ee8e98fcbb97a85e88c5a1ee26fb32f1f66df2fa65b90e4aaa38b64508b6c436fe6732efb4e6d01f27ee92d0bf788bd63d628d7e120

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
f89e584e49695a87919a3216890591a4

SHA1
40b42c990e277c9e011e580ca0376b65738be744

SHA256
31465d38945de035dedba3087038e8ddb7527a6e045b3cd85eb2e8ff9173409a

SHA512
35e9146b7d53d0861b3fac7ee4092f58483b4e77c2e4998f03713cb9ab9dee2573df373a73d90621e52c8a25fc1f2840334f3023e8080d2f3f00bbe7b73b6662

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
ce26e342fb126a393f4b444e7dda9a39

SHA1
756d8d55624e996ed3ebed93e11b65cf0fbc6822

SHA256
4c6e751623158b35501ed04a667633350a6767006d25bd01ee0958a0cb8c0623

SHA512
09f98d4791fc9696aec1559d4e025c1e9495b0a881fc60119d830b999ec2a7443a5b45614e5bcf0fd7123057479171d47646a108c83c118b6e420aa1c4876b12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
4fc5a50fcf11c8d989efd3de029b2e80

SHA1
a9ee1c0e0e4991e01c192cf9c7ee24327af1415b

SHA256
3a9c50f48d72a14148b6639ac6f09551910f643204db9ee0b067c6d0e1af457d

SHA512
760e1f2f3867edb1d05943a44362cefa9140cb7066dea06cccb1954fb990b4c20b5657e76826058c85832024901afc1ab5c49d1aa2c60c4cb75c0a97819494a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
638c1e8788c30253d0e67207f3a6b3b0

SHA1
ad131f1b39e411dda28b3a542b90726a5806c53b

SHA256
53388a8d5b793107e42661909feac34ce96487e7ba7fe3f8bebefaf22c101d20

SHA512
ccb2b0de8e64b10931c8d60553b9d9693a95dcef449dd8ad429ab86659ccc646fe6a7053f59ea20faebd4a845491c3a8da8e62b896d5973899e92df7abbc34c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
7c5799bf030c20bc61affe098d5ac35c

SHA1
73873e8ab54409e0a9decc86fb1f759040dc831f

SHA256
18ce88e06a17275b9b35ce56f6ad577b14e0b066c11340ee2ee4fcb53fbab009

SHA512
1d6cc3732cd13188117caf09046b113a7c4084ef64f37e69dfb0e489fd36cdfe8916284e6e8f68476fe08f357c1582ec432f02ddb0f7f835658d0473f5432ffb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
1b7ccf6febcb0c503cc57d754495b0d2

SHA1
c3111158ea93376e5ee8984ff3aa4ecc3bca3280

SHA256
9ad4dce363617615c68063a767906413edc23b4a4ee68794e1dad129fdcd33ee

SHA512
0131d9de1149ab673a0aea4f0e0329f93dbbb5ea526c1cf2944fc8de736165abd0e46609911d75cc208299eeb53417028c38533a5a7342e4d3806063fccc640e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
87dd835c8ec43faa0085ab5f8959cd6a

SHA1
0ca82ccc5aa8ab6eaa6a98b95ab8fc5cb78e6671

SHA256
c934ca7db9d59c11a5a129da151681264175a602bca181452fc6b20ea1c60d2f

SHA512
976dd986aeca7b90a1cc861a4792c80daaf521058a8fc9527dafea6493fad8e98054e3a85dcb137056753e4f03fa4ee07e02f20e3e18ecacfa4375332c776d30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
cd6a2b0681698ef06df462c10fada098

SHA1
ad766ab726b74e246dca791057f40d8e873e6227

SHA256
9b3f7f68f8a7c098cae5c5c0afd2d576604bb4e08cca82992a1efb6151c12577

SHA512
c3fdf7dc70ef378b69577dda3921d18e27b2f30aa46a76f753f5718ffb8443d41da6f929f7fb7c8f423487be9cd84b4af56871873f8b03827d65319ff35f4911

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
24feadab6d42b217adbc9ee192b65c97

SHA1
11dc95a75579a0e7a5d4c660ce0f6fe19f2426f4

SHA256
5c42525181d1d7079b4551607940cbc75f70764e711f9e39eccd5aee8b76835f

SHA512
baff97811cfc0c77291457f33130aa6e00775905eb2cb2cd37ccf8cee40d165a198c3849f7808bcd70276616548cf8d67c63b9f12a1552e436ed18762ed75e86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
8e53d3fcfa94ada47d39ea1eb6887b70

SHA1
382cd399838b99758f97b2a02db7363a80049c1a

SHA256
875dab79c6f60e91a7c2c10ec34c32a01baf3e2d3a30b5f5c762ce9d7c0c7e70

SHA512
87203ba222f3ea775b4e438e3dfb55dc22751ac5641ce847e7de6d8df8ae0f277e799df50c0c09a90a2fc20d4f8a944eb8401fa4f6771049f4efac06e1eab680

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
0ea5bd363acfcff6173f66b560a832f2

SHA1
8ffd1085368922e452e8028a41490e126a551193

SHA256
6b9ab3f5253f123eca4129ca7af50693336308c48547b3fdc4761e2b561d4528

SHA512
9446ed9a0306d76c1cfc972d73363baa586c966bc15758dc083d5b506ae4f082c58e74c96a74bf0b89a60a3f7017fd0778ac3f3681e83a588fdd10c334d63ace

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
a355c722ff22ab586102a5ca6af6b2f9

SHA1
f79edcf5c64ccf0611467a5beebb3676f4fda37e

SHA256
f52b155a2d9c1f85b78d363e21bb89303046596d59d996370ad761d868ac98bc

SHA512
eb3d74615f64eea0bcca097c2de13a8abee60eb202665e968d5e74c6ee126234a666d543d9271313e90678466cbc2fd0339a2645f49d7b4cf9322c39429f1688

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
2a561c98897749f2010e535ac57b9f10

SHA1
e5233f796b598c7e7bfda88badf8b40b08bc036b

SHA256
407d78644ab1f49fabab8aac48521fe00846b8675136c5b8937a061c18d4487e

SHA512
f9c92726d02c914b30897cd71c9011f49ab97ca8431304dc70312d4b6388051777c40e4f5b33b24ecf8286394f12f6b7e1c77962c6a8b6e80862eaf2f954d8af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
7514ff3b4cc02693f76a66e1be880fa9

SHA1
2a1fb333ed18fb99b3f004689d3ca6d0aceba53d

SHA256
890cec168c1f98e129bc90966346a22a8d9fadd108814aa0f9d242b6df84f75f

SHA512
83a1f7c7eafa5ed19fe7f198e30b668b38572f52c8e72bb34824c0d4bc9cecb828eb5cdcf3d36cdd4a28a5250a45448ccb371d6c840d8e534c0856e071c0cc66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
852038af5cf5c843887a916be47cffbd

SHA1
1b874c09e58b64967434fbc1e959de3055046c7e

SHA256
3f01177db209f4d5c329399543fd2e012f76a55a0d549ffec8b9f51daa49307e

SHA512
b5e9e089ae98bbc5ab0ad4c6003cc1648fb58ddaf63a0847589dc9b169c6c2bc9cade8b7e8f18854afd3a391bdf79df5177e98dc9c8578caf93b7fd1b41b7a8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
13KB

MD5
a7f8b97410a6b731d78d902c8d63cc74

SHA1
d8c287b8f7b353bdb64af2d0ed8a9c6150b62093

SHA256
c0a03955599fe22f8ff7648c254588087c3ad3ad297e3a3b175fe2b9c07df90c

SHA512
182086e09237c6d273fef3909ebbe05bf2c3cf7827b6c23bff53ebeb309df42d5c9a887db28db03be30ca1d031ad098271f3040b05f67b0b91695c5acd1f9544

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
101KB

MD5
5f0c0dc23dcae7cbdf9a400b2c8a47ca

SHA1
5b06ccdafff1668367e8ef46ff59167d06c33995

SHA256
55719e41e396f7a015476505bea1f27dc6689fce8001173cf9308f1b74636e0d

SHA512
27fd7131f56ca12b3a5e4e2e73f08e4ca996f47167c051c8878721738983742e62ae28639ff308e2f6798e7b554aee419db57f5fcf04d9b10149ae62e959bf87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
229KB

MD5
3b750bcf6f70b98b16524853620e6a34

SHA1
9374bc495d491bf6f0b8da5d7f6e16282c990db6

SHA256
dbeda4fb6b41fc29ee4352b3bd571de950a34de631ba5745ff481d6fb13f7a73

SHA512
cf4a12df02c207ab50f928060b7746c542f38f846bca5de36450f1fc36e02f3fa1916b975b62065275710b7635b005e76f480a511d0b801a66213b71dcf44033

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
197KB

MD5
64f35eb532836e06279c149f1eeb3dd1

SHA1
09a92646963ac73b6c1c5185e9a3d000507b8d17

SHA256
b52cbf034eff674ce08d8dcd2a4de9842535feb88bc98829b9a1063cb418a6f3

SHA512
6cf843269324cdc85495ded2c30a5f7c8b33d72ff7807c91c205de9bf2af02dd20f197d2e9814c6f37869479f2f247fdf52bb9570e86ce2b1954095f70bd7651

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
197KB

MD5
4a09833fe5e32690e9a0da0a1c914ade

SHA1
db5e1abd7cfb808c3dd6c3f4da5cc6abeb6a07a4

SHA256
fbbbd78c1bf487dc026df6d837be3167319d86e8417aef7e36f732d5e1118441

SHA512
e4a3e1dbe68de6e54be255a293cce22d16e7cdffe7b1165914183c08606a38fa969c82cbcb4777806c2a7041d99167bc60fb04d06aefd42b224bd7e3e35d87cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
197KB

MD5
6fdbad9aa08a2c5a765c17eaad0f3269

SHA1
e0cd4ddfedfd8062d0c021bf608ab5964f5edf8b

SHA256
afc286047c7a71bfb8b27756318cba72b0554585bc99824ba1c7252231539501

SHA512
708de713ce711177e04183ccb844fb31665fed55ca480600b9fd0ff27d25c8b958fd80ba8a0904cc3a09788583c68f35b6304ee958b72671d18954178d076468

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\Bloxstrap-v2.7.0.exe:Zone.Identifier
Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 600465.crdownload
Filesize
10.1MB

MD5
2c752edef5b0aa0962a3e01c4c82a2fa

SHA1
9c3afd1c63f2b0dbdc2dc487709471222d2cb81e

SHA256
891846bf656253ca1cdd28584a28681e9604e2a03d74cd6b99313e3bff11daf8

SHA512
04d25fe7d40c8c320ffc545a038ad6ea458df6a8a552b0e0393b369a03b9bf273c72f30169bd54e8eb10757c04bdddf3859c601c1eb9e1a12fe4d15658906dfe

Download Submit
\??\pipe\crashpad_4552_ZGAUEBJQKWAHVRQD
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/3068-62-0x00000000751FE000-0x00000000751FF000-memory.dmp

Filesize
4KB

Download
memory/3068-0-0x00000000751FE000-0x00000000751FF000-memory.dmp

Filesize
4KB

Download
memory/3068-5-0x0000000005FA0000-0x0000000005FAE000-memory.dmp

Filesize
56KB

Download
memory/3068-4-0x0000000009740000-0x0000000009778000-memory.dmp

Filesize
224KB

Download
memory/3068-3-0x00000000751F0000-0x00000000759A1000-memory.dmp

Filesize
7.7MB

Download
memory/3068-2-0x00000000751F0000-0x00000000759A1000-memory.dmp

Filesize
7.7MB

Download
memory/3068-1-0x0000000000690000-0x0000000000822000-memory.dmp

Filesize
1.6MB

Download
memory/3068-63-0x00000000751F0000-0x00000000759A1000-memory.dmp

Filesize
7.7MB

Download