f5731424bd22e4dc80888795557c2cbc7883bf93df68b331ecbb9a9d0bb1a235

Resubmissions

29-08-2024 03:34

240829-d4tgss1hqf 7

29-08-2024 03:28

240829-d1tndstclp 7

Analysis

max time kernel
224s
max time network
222s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
29-08-2024 03:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

file.html
Size

312KB
MD5

61c66341826f84dc69acbc091636b27c
SHA1

6a4d91dafccbc78db785bdd851d91089f5f0c06b
SHA256

f5731424bd22e4dc80888795557c2cbc7883bf93df68b331ecbb9a9d0bb1a235
SHA512

3cf2969d0201afa08758265cbca7c521f5a6c2598f6c8626619d97adb182e01d3d6a04a1284b47812a0e442ca9b1e60a517b8797dfbc9f75915a3b84c423c482
SSDEEP

3072:RiYgAkHnjPIQ6KSfc/yHDPaW+LN7DxRLlzglKaVQ/k:/gAkHnjPIQBSfTjPCN7jBaVQ/k

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

x86_64-w64-ranlib.exe

pid process

488 x86_64-w64-ranlib.exe
Loads dropped DLL 1 IoCs

Processes:

x86_64-w64-ranlib.exe

pid process

488 x86_64-w64-ranlib.exe

pid	process
488	x86_64-w64-ranlib.exe

pid	process
488	x86_64-w64-ranlib.exe

Drops file in System32 directory 2 IoCs

Processes:

chrome.exe

description	ioc	process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Suspicious use of SetThreadContext 1 IoCs

Processes:

x86_64-w64-ranlib.exe

description pid process target process

PID 488 set thread context of 3292 488 x86_64-w64-ranlib.exe aspnet_regiis.exe
Drops file in Windows directory 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Windows\SystemTemp chrome.exe
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Program crash 3 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exe

pid pid_target process target process

3988 3292 WerFault.exe aspnet_regiis.exe
2468 3292 WerFault.exe aspnet_regiis.exe
1708 3292 WerFault.exe aspnet_regiis.exe

description	pid	process	target process
PID 488 set thread context of 3292	488	x86_64-w64-ranlib.exe	aspnet_regiis.exe

description	ioc	process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

pid	pid_target	process	target process
3988	3292	WerFault.exe	aspnet_regiis.exe
2468	3292	WerFault.exe	aspnet_regiis.exe
1708	3292	WerFault.exe	aspnet_regiis.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

x86_64-w64-ranlib.exeaspnet_regiis.exeDllHost.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	x86_64-w64-ranlib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aspnet_regiis.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

Processes:

explorer.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133693760796296424"	chrome.exe

Modifies registry class 9 IoCs

Processes:

explorer.execontrol.exechrome.exe

description	ioc	process
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings	control.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings	chrome.exe

NTFS ADS 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\fix.zip:Zone.Identifier chrome.exe
Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

explorer.exe

pid process

3296 explorer.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\fix.zip:Zone.Identifier	chrome.exe

pid	process
3296	explorer.exe

Suspicious behavior: EnumeratesProcesses 28 IoCs

Processes:

chrome.exechrome.exetaskmgr.exe

pid	process
2036	chrome.exe
2036	chrome.exe
332	chrome.exe
332	chrome.exe
332	chrome.exe
332	chrome.exe
1992	taskmgr.exe
1992	taskmgr.exe
1992	taskmgr.exe
1992	taskmgr.exe
1992	taskmgr.exe
1992	taskmgr.exe
1992	taskmgr.exe
1992	taskmgr.exe
1992	taskmgr.exe
1992	taskmgr.exe
1992	taskmgr.exe
1992	taskmgr.exe
1992	taskmgr.exe
1992	taskmgr.exe
1992	taskmgr.exe
1992	taskmgr.exe
1992	taskmgr.exe
1992	taskmgr.exe
1992	taskmgr.exe
1992	taskmgr.exe
1992	taskmgr.exe
1992	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

explorer.exe

pid process

3296 explorer.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

Processes:

chrome.exe

pid process

2036 chrome.exe
2036 chrome.exe
2036 chrome.exe
2036 chrome.exe
2036 chrome.exe

pid	process
3296	explorer.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exe

pid	process
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe

Suspicious use of SendNotifyMessage 46 IoCs

Processes:

chrome.exetaskmgr.exe

pid	process
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
1992	taskmgr.exe
1992	taskmgr.exe
1992	taskmgr.exe
1992	taskmgr.exe
1992	taskmgr.exe
1992	taskmgr.exe
1992	taskmgr.exe
1992	taskmgr.exe
1992	taskmgr.exe
1992	taskmgr.exe
1992	taskmgr.exe
1992	taskmgr.exe
1992	taskmgr.exe
1992	taskmgr.exe
1992	taskmgr.exe
1992	taskmgr.exe
1992	taskmgr.exe
1992	taskmgr.exe
1992	taskmgr.exe
1992	taskmgr.exe
1992	taskmgr.exe
1992	taskmgr.exe
1992	taskmgr.exe
1992	taskmgr.exe
1992	taskmgr.exe
1992	taskmgr.exe
1992	taskmgr.exe
1992	taskmgr.exe
1992	taskmgr.exe
1992	taskmgr.exe
1992	taskmgr.exe
1992	taskmgr.exe
1992	taskmgr.exe
1992	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2036 wrote to memory of 1500	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 1500	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 4068	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 4068	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 4068	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 4068	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 4068	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 4068	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 4068	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 4068	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 4068	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 4068	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 4068	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 4068	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 4068	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 4068	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 4068	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 4068	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 4068	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 4068	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 4068	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 4068	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 4068	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 4068	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 4068	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 4068	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 4068	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 4068	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 4068	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 4068	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 4068	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 4068	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 4836	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 4836	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3896	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3896	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3896	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3896	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3896	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3896	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3896	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3896	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3896	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3896	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3896	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3896	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3896	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3896	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3896	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3896	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3896	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3896	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3896	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3896	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3896	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3896	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3896	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3896	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3896	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3896	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3896	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3896	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3896	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3896	2036	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\file.html
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9595fcc40,0x7ff9595fcc4c,0x7ff9595fcc58
  2⤵
  PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1760,i,15600500187705583565,1896308775274869095,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1748 /prefetch:2
  2⤵
  PID:4068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2024,i,15600500187705583565,1896308775274869095,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2088 /prefetch:3
  2⤵
  PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2160,i,15600500187705583565,1896308775274869095,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2368 /prefetch:8
  2⤵
  PID:3896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2960,i,15600500187705583565,1896308775274869095,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3116 /prefetch:1
  2⤵
  PID:3644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3076,i,15600500187705583565,1896308775274869095,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3544,i,15600500187705583565,1896308775274869095,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4428 /prefetch:1
  2⤵
  PID:1420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4432,i,15600500187705583565,1896308775274869095,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4272 /prefetch:1
  2⤵
  PID:1184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4480,i,15600500187705583565,1896308775274869095,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4456 /prefetch:1
  2⤵
  PID:2652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4700,i,15600500187705583565,1896308775274869095,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3092 /prefetch:8
  2⤵
  PID:3904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4364,i,15600500187705583565,1896308775274869095,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5464 /prefetch:8
  2⤵
  - NTFS ADS
  PID:1668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5496,i,15600500187705583565,1896308775274869095,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4556 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:332

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4636

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4616

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3888

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\fix\" -ad -an -ai#7zMap28960:68:7zEvent5209
1⤵
PID:4548

C:\Users\Admin\Downloads\fix\fix\x86_64-w64-ranlib.exe
"C:\Users\Admin\Downloads\fix\fix\x86_64-w64-ranlib.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:488
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3292
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 1252
    3⤵
    - Program crash
    PID:3988
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 1236
    3⤵
    - Program crash
    PID:2468
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 1240
    3⤵
    - Program crash
    PID:1708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 3292 -ip 3292
1⤵
PID:4644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 3292 -ip 3292
1⤵
PID:3688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 3292 -ip 3292
1⤵
PID:560

C:\Windows\system32\control.exe
"C:\Windows\system32\control.exe" /name Microsoft.AdministrativeTools
1⤵
- Modifies registry class
PID:4260

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:1504

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:3296
- C:\Windows\system32\taskmgr.exe
  "C:\Windows\system32\taskmgr.exe" /7
  2⤵
  - Checks SCSI registry key(s)
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SendNotifyMessage
  PID:1992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
002032ef86b63e0918832b475a2c3e76

SHA1
a2f6e0542b8bd7a9964a082a8c95ec07abb3630e

SHA256
b2e4d29196b60ef492cfb2468cc2aceb91314e33cfcdc3fdca696c23b453f621

SHA512
43dca9f89fe685499717cf6ee5cc5f0a737be929034027907187c0dca272d6427c600f9e87b4cdd1f2c1b6747ce36388f11a8f9cf61f2c62bbb0ee0be6798097

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
ca8b2c8062b6b9e92e45dbb226ee48c9

SHA1
eb017593d6a41cf2fb97df1aa632a825f3d3b70e

SHA256
923df6e92d60338e981c4a90cc3cc3f282d1270b29c916a2d6991b1b119c9456

SHA512
7a7d2e39e4cb4c8d1e016ba1817475e7e40ba62acab573d0e0d9b3cc0b52547ef379b16166077aa0cd22ae2474fd2c4739665154eec27913af650ce3b10d6d49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
b0c70f457dc99514892c518d126d7b60

SHA1
367362f89c239c8a945aec4e87ba4c672d859228

SHA256
964e2b5d0114e39178f05998a159903843c6816a53dd8fe455cf881ea4a75f2d

SHA512
29b577bcaa00eaf67314ac0a08996abc105067e5c3641615a5e8a5efb037f960f4b1cc04de91d05f9adc00b283403281c8256ec14cb2d6de73580e619fb2c73d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
e99b1f07f5279c76127e268ec84d9295

SHA1
693ab5db04d9314efb1c962cbb2aeb20f55e7153

SHA256
7eca4b8e6fc411037675a0fdd4e35a38be0f0d2e6799e203548a0ee0948d4333

SHA512
30e8170eef81ea716f954e7351f6d3ab465e5ea8007db5d459a679629eb4228d677b98d9a8dc2950699199fe544b6a390c8f73927b23caa6941e01659c254a7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bd8b23aa68570201b04ff004392a4a80

SHA1
3c9ede086e47e01d8979251589e174ddc2368a2c

SHA256
0d739a4c4528ac25878b09ea40668b37e43e8c504429248c8f72f4a5d8adbca5

SHA512
9011bfb17585ec4adc0fccb7b1d85aa01c0d438cc7e726df5b4f47f52b6ddb4560db6a8f890452535c12d9c663aa65739d35a2b94ba5bd42e0644a8c71a30abc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
be80504eca41d988b978bb807333efa3

SHA1
33d9d49eb0a2c1893c42235825c297021b7a9350

SHA256
94d4a4985a5fb040487144ad2697218738a96ff23ddd56bfe123cc366c4f96b2

SHA512
562614fb76833e03b8e1105fd1cb9249e7644105bd38c45cfbe9b5abbf2bac7627039187afedda972fdb8354e9ba0ea5f321e37f9ad077930ca4255b43104a5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a50198e134f19cc4a3df244589751056

SHA1
d7eba018407116806ef1d8d370bb8c14e9802538

SHA256
b7532189ce6dd37f61abf2d0b5d8d36cc2eddd983dc0fb7f43279c7d813554ad

SHA512
b1742557bb90639a8a3d731eac956a826fed94ac9e66abcc465accaa2e54dea9f9b3aa31a50eda81187392023d348d94261820d2b9ecfff05a355c30beb0772f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b4ccb3318b139cb3a0e0ea97578b30ef

SHA1
4beee45f9d897c76de8c17a561b3eb4501df2192

SHA256
bdb025e592f1478a59b1983ea552b5f5f6a5343398a96fef15867addab10b3d0

SHA512
de4d4c9fdacc0aeb0ddd44bdb23d8befd2ec896c9721c372673675a3f3b198d7f129c276a383224cde87d2dc954359882f333dec182b54c85ad8e59336787751

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9849725ceec5fb9df14ddebf52ee8f13

SHA1
ab08b75245890cba50acb411f39cd1ed50848eab

SHA256
ebcc4675fd0c31e1b302d44d57237f9465abc1f6188ec0ade118193a452a421c

SHA512
f9ce3d0a376f075134520d881ffabf6d1c18e195b5026382766fc2ca6c7d67a93b279b87bb474c0f5467edfe8ed5cf35a5e487cc12127f576b6f337e0fbf6bf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cfce3c12f506dea96d16fc295e075b19

SHA1
8fee77305dfdb6dc19f13bdfd9ed370c17015d17

SHA256
04dd8f4a611b61def721c25efa5350283a3bf8f12d79e02c38bd745896540ea8

SHA512
33da182df3c13ff9d84655382d65b7f07f4607a091e20ff083df4818fc712fa2788e7fbf1a00d265b5c580b3781b176949f5c6a3a4e1390e314eaac3f9b299de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
74bbd7d4e83dee64568ee2c8a9528a6c

SHA1
4294a8c721915c77d08cb59506479f20785588b8

SHA256
77bf21833de5bb6b74cbb08770a113764616ef663d2f79d8ed527e164ed551d3

SHA512
81620ad64df57cb2742029f11b5530a44716d2000be504f97af804c0dc36d9dbe87723f7444115a2d8479e31c6d8554f80064f67e852c1c48b44bdc9df704ad2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c56f1c549d9341b6fd42dba1fd7b8410

SHA1
ef5238e23c463dd1eee773ad1f54464349fc2b6a

SHA256
3c86e235fa8030806f2e9dd86e5672352c61a5d9b9cc33c64ec5e4224f2a8260

SHA512
921e16b40ed412f53de839b6dff8ceaf169d86657dfe11b7f55284bac6d2e58b6c57347282e54eaf5006818a5c0bb5b8ac362a56871c8009082f875fb41fe0d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2ee83ceece3118485ed8c5a67a4df50f

SHA1
ce0e6ae246c542ff505d0a07b0d11adb8fb0b939

SHA256
5af7e20f5b6422a681fe4a19ad2df4a5d8574736421244b39dfa0b6037579e12

SHA512
9d1907d409914e02fdc8cf63a98a070188541f9fcacd426dc96b428c9c617870b2c5ab9deb0786f06d72009d4661a605ec9aa7edf9679b6dfcf3cff12b90f0dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
68d3cfb6d2e9d4fad44f0720ad7883b9

SHA1
fd6ed22ffcc2f2b055170fce722eeb3634b5e6e4

SHA256
b47e63d72c59da895a022760861230e04b4a496c6e3385f988b54570f7507722

SHA512
c93819b0c37680332da71ed4d892b00fc86dcd91031e854e6775e59d70e7c47859682ed531fbab423eac613e9ed9d3213d51833bc74b82b779e4fe987d411e9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2d2ec5955f1b1a3327503db1165d36b3

SHA1
caf131bf40d29e3c3e217df9e91e6c034c0b1b0f

SHA256
91997a7ad69847b29cff45dbba322123c3d7af3f006d61ac3ae2932769c6f016

SHA512
01c105b0f39908e9281c21afdb0e12a30f8a9cc2270e773c68440b327ab1b51616466f844417b5a44d05ab0e6ea12f17d9158d02b9125b656e74cf2144587df9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1ae8ec4d54355869ae82d3b99dc5b953

SHA1
a6f2d41db49299d15a3be6a608fdd7c9ded499e5

SHA256
6c5e76247833bb884f2e61ec6710cb0537eaad2feb00892361f0e45fae9bd57e

SHA512
8553684a87ea1873006077b6508f299f6a98d8139ae7f5d551faeacdba9cf80032056852a6c15f95b372e52789088bf3b0f9311e115c5f443c907a38f009d571

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d55509b7edf401c77ef724d077d04832

SHA1
58838cbb89ed578e99bb0d02d6624d867ddb4379

SHA256
d00f801859b3c10990b9f0a3ba976364a0588d02d293e91ec38596152802c678

SHA512
4993763f35701ab0366733c9bc74ff496e200975b3162365272a6c03be6ae4021efefa20e76fccec27e13fe587ded78a666c6cb57a02483fc0ee872e2c6d2661

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cc45cad7889cb0ec43c3ea31bb9a3c02

SHA1
d819d8ceefa0a63a3e467361dd7489875673a2bd

SHA256
42ec6b86efa3e7695899eaa23941d9aefcb007ca7a773504961c0f7d3a18ccb5

SHA512
fcf7c89f8c3280627528ebc78aebf4d293c37c65c9cf14aa83be35d0bba8e25af7508262ba072df4066c26d31c0af7a06a7d6137193f9fbcfe269a26a37fa87e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4f426827aed63fedbbf7d554e3098da9

SHA1
bed8e52296fb42644232315a53d0ba2c7149b3bf

SHA256
0d80423a0d09b0d85fb953fad707200f0a0d9bb06ed65cf99a27529abdd35b7b

SHA512
481ef247362ef8918e8fb05c2a2bd22847041537740cc1b559e33d8367d9d3fa2929f65bc02a62e9e781a11c6f7558a6d0ad95795ae80bc2a1722f9536953852

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
996bba9ad3911ab111789cf462a7e80b

SHA1
32972f6bf74098fc211ccaf10a30cbc28c57669c

SHA256
6449b7cb50789b76f54c5f1c85dc1e027e4feacd8a9edc5849d1d81476fb41da

SHA512
6a20d74dc0658605198b376c161def67ea14bd79c8e8c7843f552ebd95439a79e58c205f05be9aadc73064a8a04e734210ee48298923f14f7eb2dd05479445bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
95c1fb672e5ef5cb32b587df436c30fd

SHA1
a00eb270fa009745c057b4787feb62d89cc01947

SHA256
0ccc86879d74a68d0900a9e88c6b90c9eae7412f56a3e5a7a6b73bdae9809898

SHA512
65961a5526911a73c6ab5781e78f6da48397d0a2df45030d75ae89e6142ab8defd76edaa04b2e97e924c1b0676a17bfe32d8d2a1703dc7512518029a447ce3b0

Download Submit
C:\Users\Admin\AppData\Roaming\appverifUI.dll

Filesize
518KB

MD5
5f35377dd8abd7bfcfe3b3e37f26006d

SHA1
c8bc44fdb44c410dfb30dce977cea0ed6f0f83b8

SHA256
e362c6d993b8894318d752652b93e2379a5fccfe35ad96f8c420ee99465601aa

SHA512
058d661d5dacf5df28c1023fea229426b1807bbae3d5c13a65d45543e457d0a411589e77f0b2d6824a3d75d2bd0d4f1a263d63187c0f395af3e78dd49a999089

Download Submit
C:\Users\Admin\AppData\Roaming\d3d9x.dll

Filesize
518KB

MD5
eddbe3435bb776aeb8eee7f7ab709d81

SHA1
76918bf104460e42dc1437b0cf5198ec5179518f

SHA256
57df4fa9b5259777e61028b8d333c64cb8d70267f139f6b782cc92e33cf4e92b

SHA512
c150f5b24b1a4a20fb80adb58da2716206621151eb36cc84844cc398d6d285da02e804e41568eb97f79147de83823a695b4116942537c3d55701cad540aedd3f

Download Submit
C:\Users\Admin\Downloads\fix.zip

Filesize
49.5MB

MD5
4b6c49c321c57a1608bb5ad847093b47

SHA1
e64ef0a68feba1b26bc37c7a31db1b3fe679ac3d

SHA256
03f6f9919e1a4813ba16336b2397cc90c43769e7347745cfd832c90cb2af958f

SHA512
5b70c9adbbe50c75612c6ecb3966b2a9f431e1b6fdf3471fc1f2a995ca76d96255673c70eef3850731853a491fddec09e1bce0cc0ba127444782a9ccee5311a5

Download Submit
C:\Users\Admin\Downloads\fix.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\fix\fix\x86_64-w64-ranlib.exe

Filesize
271KB

MD5
ceeaf311814a69cdb43ef2471c841ca5

SHA1
08332eb2fc473ced76233790399a963470233579

SHA256
19d359536eb1364d6d36c9d38c98b1aeb5888d016c655c2fec55dc447992ee33

SHA512
216301f28dd70d10064a41379881d50d6fad67844b4bfe977f775e54b90972b978e3eba89c5345260dc21195e7f9d6da7f7e1da9b89575236536e87335c0053c

Download Submit
\??\pipe\crashpad_2036_ZNELIHPHTTXKACJQ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/488-214-0x0000000077160000-0x00000000771C6000-memory.dmp

Filesize
408KB

Download
memory/488-213-0x0000000077441000-0x0000000077563000-memory.dmp

Filesize
1.1MB

Download
memory/488-215-0x0000000077150000-0x0000000077240000-memory.dmp

Filesize
960KB

Download
memory/488-219-0x0000000077150000-0x0000000077240000-memory.dmp

Filesize
960KB

Download
memory/1992-266-0x000001C920A40000-0x000001C920A41000-memory.dmp

Filesize
4KB

Download
memory/1992-272-0x000001C920A40000-0x000001C920A41000-memory.dmp

Filesize
4KB

Download
memory/1992-268-0x000001C920A40000-0x000001C920A41000-memory.dmp

Filesize
4KB

Download
memory/1992-267-0x000001C920A40000-0x000001C920A41000-memory.dmp

Filesize
4KB

Download
memory/1992-273-0x000001C920A40000-0x000001C920A41000-memory.dmp

Filesize
4KB

Download
memory/1992-278-0x000001C920A40000-0x000001C920A41000-memory.dmp

Filesize
4KB

Download
memory/1992-277-0x000001C920A40000-0x000001C920A41000-memory.dmp

Filesize
4KB

Download
memory/1992-276-0x000001C920A40000-0x000001C920A41000-memory.dmp

Filesize
4KB

Download
memory/1992-275-0x000001C920A40000-0x000001C920A41000-memory.dmp

Filesize
4KB

Download
memory/1992-274-0x000001C920A40000-0x000001C920A41000-memory.dmp

Filesize
4KB

Download
memory/3292-220-0x0000000077150000-0x0000000077240000-memory.dmp

Filesize
960KB

Download
memory/3292-218-0x0000000077150000-0x0000000077240000-memory.dmp

Filesize
960KB

Download
memory/3292-217-0x0000000000400000-0x0000000000457000-memory.dmp

Filesize
348KB

Download
memory/3292-212-0x0000000000400000-0x0000000000457000-memory.dmp

Filesize
348KB

Download