74f0728b9cffd3ccb0fe0e8b88c2e2fad215f6ee6593e522f33b4f134b4321df

Analysis

max time kernel
578s
max time network
577s
platform
windows10-2004_x64
resource
win10v2004-20240802-es
resource tags

arch:x64arch:x86image:win10v2004-20240802-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
18/09/2024, 22:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Instalar_Super_SCR_Creador.exe
Size

815KB
MD5

32ac0f958e57af131fdf4879f7f8ee67
SHA1

df7e61f019b93602ce6151802f7ae5050d05330d
SHA256

74f0728b9cffd3ccb0fe0e8b88c2e2fad215f6ee6593e522f33b4f134b4321df
SHA512

c527d5931d7ff001e858e751ad1d83c6ae2fa2880c4e1379565376b74a1b5e447e2823a39f0acd59936cfe56afd896bd69d0cb43bd7c2793a278b0815b9fa2b5
SSDEEP

12288:QiXKsUD718dw0/6cLOmDuJDup9ODPLCL5Fk5Jvue2gkdxTda0YCdFycEuktZvlJJ:HXKDyi1c4ir9k5Jvuzp3Tr+fLZdJJ

Score

7^/10

discovery persistence spyware stealer upx

Malware Config

Signatures

Executes dropped EXE 5 IoCs

pid	Process
3588	Super Screen Saver Creador.EXE
3192	vs60wiz.exe
2632	acmsetup.exe
3116	ssaver.scr
3840	ssaver.scr

Loads dropped DLL 20 IoCs

pid	Process
4988	Instalar_Super_SCR_Creador.exe
2632	acmsetup.exe
2632	acmsetup.exe
2632	acmsetup.exe
2632	acmsetup.exe
2632	acmsetup.exe
2632	acmsetup.exe
2632	acmsetup.exe
2632	acmsetup.exe
2632	acmsetup.exe
2632	acmsetup.exe
2632	acmsetup.exe
2632	acmsetup.exe
2632	acmsetup.exe
2632	acmsetup.exe
2632	acmsetup.exe
2632	acmsetup.exe
2632	acmsetup.exe
2632	acmsetup.exe
2632	acmsetup.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 19 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/4988-0-0x0000000000400000-0x000000000042B000-memory.dmp	upx
behavioral1/memory/4988-6-0x0000000000400000-0x000000000042B000-memory.dmp	upx
behavioral1/memory/4988-7-0x0000000000400000-0x000000000042B000-memory.dmp	upx
behavioral1/files/0x000700000002357e-14.dat	upx
behavioral1/memory/4988-33-0x0000000000400000-0x000000000042B000-memory.dmp	upx
behavioral1/memory/4988-40-0x0000000000400000-0x000000000042B000-memory.dmp	upx
behavioral1/memory/3588-43-0x0000000000400000-0x00000000005AA000-memory.dmp	upx
behavioral1/memory/3588-44-0x0000000000400000-0x00000000005AA000-memory.dmp	upx
behavioral1/memory/3588-45-0x0000000000400000-0x00000000005AA000-memory.dmp	upx
behavioral1/memory/3588-47-0x0000000000400000-0x00000000005AA000-memory.dmp	upx
behavioral1/memory/3588-48-0x0000000000400000-0x00000000005AA000-memory.dmp	upx
behavioral1/memory/3588-50-0x0000000000400000-0x00000000005AA000-memory.dmp	upx
behavioral1/memory/3588-51-0x0000000000400000-0x00000000005AA000-memory.dmp	upx
behavioral1/memory/3588-773-0x0000000000400000-0x00000000005AA000-memory.dmp	upx
behavioral1/memory/3588-889-0x0000000000400000-0x00000000005AA000-memory.dmp	upx
behavioral1/files/0x000a000000023328-894.dat	upx
behavioral1/memory/3116-896-0x0000000000400000-0x00000000004E2000-memory.dmp	upx
behavioral1/memory/3116-917-0x0000000000400000-0x00000000004E2000-memory.dmp	upx
behavioral1/memory/3840-960-0x0000000000400000-0x00000000004E2000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\VS98_Setup_Wizard = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\vs60wiz.exe\" /runonce /reboot /location:E:"	vs60wiz.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 42 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\J:	acmsetup.exe
File opened (read-only)	\??\U:	acmsetup.exe
File opened (read-only)	\??\Y:	acmsetup.exe
File opened (read-only)	\??\X:	setup16.exe
File opened (read-only)	\??\Q:	setup16.exe
File opened (read-only)	\??\O:	setup16.exe
File opened (read-only)	\??\L:	setup16.exe
File opened (read-only)	\??\J:	setup16.exe
File opened (read-only)	\??\N:	acmsetup.exe
File opened (read-only)	\??\O:	acmsetup.exe
File opened (read-only)	\??\Q:	acmsetup.exe
File opened (read-only)	\??\T:	setup16.exe
File opened (read-only)	\??\R:	setup16.exe
File opened (read-only)	\??\P:	setup16.exe
File opened (read-only)	\??\A:	acmsetup.exe
File opened (read-only)	\??\K:	acmsetup.exe
File opened (read-only)	\??\V:	acmsetup.exe
File opened (read-only)	\??\X:	acmsetup.exe
File opened (read-only)	\??\K:	setup16.exe
File opened (read-only)	\??\I:	setup16.exe
File opened (read-only)	\??\H:	setup16.exe
File opened (read-only)	\??\G:	setup16.exe
File opened (read-only)	\??\L:	acmsetup.exe
File opened (read-only)	\??\Z:	setup16.exe
File opened (read-only)	\??\B:	acmsetup.exe
File opened (read-only)	\??\S:	acmsetup.exe
File opened (read-only)	\??\R:	acmsetup.exe
File opened (read-only)	\??\W:	acmsetup.exe
File opened (read-only)	\??\V:	setup16.exe
File opened (read-only)	\??\U:	setup16.exe
File opened (read-only)	\??\S:	setup16.exe
File opened (read-only)	\??\G:	acmsetup.exe
File opened (read-only)	\??\P:	acmsetup.exe
File opened (read-only)	\??\Z:	acmsetup.exe
File opened (read-only)	\??\Y:	setup16.exe
File opened (read-only)	\??\N:	setup16.exe
File opened (read-only)	\??\H:	acmsetup.exe
File opened (read-only)	\??\I:	acmsetup.exe
File opened (read-only)	\??\T:	acmsetup.exe
File opened (read-only)	\??\M:	setup16.exe
File opened (read-only)	\??\W:	setup16.exe
File opened (read-only)	\??\M:	acmsetup.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\ta02632	acmsetup.exe

Drops file in Program Files directory 10 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Super ScreenSaver Creador\Setup.exe	Instalar_Super_SCR_Creador.exe
File opened for modification	C:\Program Files (x86)\Super ScreenSaver Creador\Setup.exe	Instalar_Super_SCR_Creador.exe
File created	C:\Program Files (x86)\Super ScreenSaver Creador\Super Screen Saver Creador.EXE.tmp	Instalar_Super_SCR_Creador.exe
File opened for modification	C:\Program Files (x86)\Super ScreenSaver Creador\Super Screen Saver Creador.EXE.tmp	Instalar_Super_SCR_Creador.exe
File created	C:\Program Files (x86)\Super ScreenSaver Creador\_Setup.dll	Instalar_Super_SCR_Creador.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio\VSS\ta02632	acmsetup.exe
File opened for modification	C:\Program Files (x86)\Super ScreenSaver Creador\Super Screen Saver Creador.EXE	Instalar_Super_SCR_Creador.exe
File opened for modification	C:\Program Files (x86)\Super ScreenSaver Creador\_Setup.dll	Instalar_Super_SCR_Creador.exe
File created	C:\Program Files (x86)\Super ScreenSaver Creador\Setup.ini	Instalar_Super_SCR_Creador.exe
File opened for modification	C:\Program Files (x86)\Super ScreenSaver Creador\Setup.ini	Instalar_Super_SCR_Creador.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\INF\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup16.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	acmsetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ssaver.scr
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ssaver.scr
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Instalar_Super_SCR_Creador.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Super Screen Saver Creador.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vs60wiz.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000003	chrome.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\HardwareID	chrome.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Service	chrome.exe

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\identifier	vs60wiz.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133711722327190938"	chrome.exe

Modifies registry class 49 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.ssc	Super Screen Saver Creador.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\sscFile\DefaultIcon	Super Screen Saver Creador.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\sscFile\shell	Super Screen Saver Creador.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	Super Screen Saver Creador.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	Super Screen Saver Creador.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MS Setup (ACME)\Bootstrapper\Exit Level	setup16.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.ssc\ = "sscFile"	Super Screen Saver Creador.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\MS Setup (ACME)\Bootstrapper\Exit Level	setup16.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\MS Setup (ACME)	setup16.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	Super Screen Saver Creador.EXE
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	Super Screen Saver Creador.EXE
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	Super Screen Saver Creador.EXE
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	Super Screen Saver Creador.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257"	Super Screen Saver Creador.EXE
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Super Screen Saver Creador.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	Super Screen Saver Creador.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Super Screen Saver Creador.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MS Setup (ACME)\Bootstrapper\Exit Level\ = "Running"	acmsetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MS Setup (ACME)	setup16.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	Super Screen Saver Creador.EXE
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	Super Screen Saver Creador.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Super Screen Saver Creador.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	Super Screen Saver Creador.EXE
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings	Super Screen Saver Creador.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000	Super Screen Saver Creador.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MS Setup (ACME)\Bootstrapper	setup16.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MS Setup (ACME)\Bootstrapper\Exit Level\ = "2"	acmsetup.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	Super Screen Saver Creador.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	Super Screen Saver Creador.EXE
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy	Super Screen Saver Creador.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	Super Screen Saver Creador.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	Super Screen Saver Creador.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	Super Screen Saver Creador.EXE
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	Super Screen Saver Creador.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MS Setup (ACME)\Bootstrapper\Exit Level\ = "1"	acmsetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\sscFile	Super Screen Saver Creador.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Super Screen Saver Creador.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	Super Screen Saver Creador.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\MS Setup (ACME)\Bootstrapper	setup16.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	Super Screen Saver Creador.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	Super Screen Saver Creador.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MS Setup (ACME)\Bootstrapper\Exit Level\ = "Running"	setup16.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	Super Screen Saver Creador.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	Super Screen Saver Creador.EXE
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings	OpenWith.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\sscFile\DefaultIcon\ = "C:\\Program Files (x86)\\Super ScreenSaver Creador\\Super Screen Saver Creador.EXE,0"	Super Screen Saver Creador.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	Super Screen Saver Creador.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	Super Screen Saver Creador.EXE

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4016	chrome.exe
4016	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
3192	vs60wiz.exe
3192	vs60wiz.exe
3192	vs60wiz.exe
3192	vs60wiz.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3900	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3588	Super Screen Saver Creador.EXE
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe

Suspicious use of SetWindowsHookEx 58 IoCs

pid	Process
4988	Instalar_Super_SCR_Creador.exe
4988	Instalar_Super_SCR_Creador.exe
4988	Instalar_Super_SCR_Creador.exe
4988	Instalar_Super_SCR_Creador.exe
4988	Instalar_Super_SCR_Creador.exe
4988	Instalar_Super_SCR_Creador.exe
4988	Instalar_Super_SCR_Creador.exe
3588	Super Screen Saver Creador.EXE
3588	Super Screen Saver Creador.EXE
3588	Super Screen Saver Creador.EXE
3588	Super Screen Saver Creador.EXE
3900	OpenWith.exe
3900	OpenWith.exe
3900	OpenWith.exe
3900	OpenWith.exe
3900	OpenWith.exe
3900	OpenWith.exe
3900	OpenWith.exe
3900	OpenWith.exe
3900	OpenWith.exe
3900	OpenWith.exe
3900	OpenWith.exe
3900	OpenWith.exe
3900	OpenWith.exe
3900	OpenWith.exe
3900	OpenWith.exe
3900	OpenWith.exe
3900	OpenWith.exe
3900	OpenWith.exe
3900	OpenWith.exe
3900	OpenWith.exe
3900	OpenWith.exe
3900	OpenWith.exe
3900	OpenWith.exe
3900	OpenWith.exe
3900	OpenWith.exe
3900	OpenWith.exe
3900	OpenWith.exe
3900	OpenWith.exe
3900	OpenWith.exe
3900	OpenWith.exe
3900	OpenWith.exe
3900	OpenWith.exe
3900	OpenWith.exe
3900	OpenWith.exe
3900	OpenWith.exe
3900	OpenWith.exe
3900	OpenWith.exe
3900	OpenWith.exe
3900	OpenWith.exe
3900	OpenWith.exe
3900	OpenWith.exe
3588	Super Screen Saver Creador.EXE
3116	ssaver.scr
3116	ssaver.scr
3588	Super Screen Saver Creador.EXE
3840	ssaver.scr
3840	ssaver.scr

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4016 wrote to memory of 4512	4016	chrome.exe	105
PID 4016 wrote to memory of 4512	4016	chrome.exe	105
PID 4016 wrote to memory of 3608	4016	chrome.exe	106
PID 4016 wrote to memory of 3608	4016	chrome.exe	106
PID 4016 wrote to memory of 3608	4016	chrome.exe	106
PID 4016 wrote to memory of 3608	4016	chrome.exe	106
PID 4016 wrote to memory of 3608	4016	chrome.exe	106
PID 4016 wrote to memory of 3608	4016	chrome.exe	106
PID 4016 wrote to memory of 3608	4016	chrome.exe	106
PID 4016 wrote to memory of 3608	4016	chrome.exe	106
PID 4016 wrote to memory of 3608	4016	chrome.exe	106
PID 4016 wrote to memory of 3608	4016	chrome.exe	106
PID 4016 wrote to memory of 3608	4016	chrome.exe	106
PID 4016 wrote to memory of 3608	4016	chrome.exe	106
PID 4016 wrote to memory of 3608	4016	chrome.exe	106
PID 4016 wrote to memory of 3608	4016	chrome.exe	106
PID 4016 wrote to memory of 3608	4016	chrome.exe	106
PID 4016 wrote to memory of 3608	4016	chrome.exe	106
PID 4016 wrote to memory of 3608	4016	chrome.exe	106
PID 4016 wrote to memory of 3608	4016	chrome.exe	106
PID 4016 wrote to memory of 3608	4016	chrome.exe	106
PID 4016 wrote to memory of 3608	4016	chrome.exe	106
PID 4016 wrote to memory of 3608	4016	chrome.exe	106
PID 4016 wrote to memory of 3608	4016	chrome.exe	106
PID 4016 wrote to memory of 3608	4016	chrome.exe	106
PID 4016 wrote to memory of 3608	4016	chrome.exe	106
PID 4016 wrote to memory of 3608	4016	chrome.exe	106
PID 4016 wrote to memory of 3608	4016	chrome.exe	106
PID 4016 wrote to memory of 3608	4016	chrome.exe	106
PID 4016 wrote to memory of 3608	4016	chrome.exe	106
PID 4016 wrote to memory of 3608	4016	chrome.exe	106
PID 4016 wrote to memory of 3608	4016	chrome.exe	106
PID 4016 wrote to memory of 4004	4016	chrome.exe	107
PID 4016 wrote to memory of 4004	4016	chrome.exe	107
PID 4016 wrote to memory of 2844	4016	chrome.exe	108
PID 4016 wrote to memory of 2844	4016	chrome.exe	108
PID 4016 wrote to memory of 2844	4016	chrome.exe	108
PID 4016 wrote to memory of 2844	4016	chrome.exe	108
PID 4016 wrote to memory of 2844	4016	chrome.exe	108
PID 4016 wrote to memory of 2844	4016	chrome.exe	108
PID 4016 wrote to memory of 2844	4016	chrome.exe	108
PID 4016 wrote to memory of 2844	4016	chrome.exe	108
PID 4016 wrote to memory of 2844	4016	chrome.exe	108
PID 4016 wrote to memory of 2844	4016	chrome.exe	108
PID 4016 wrote to memory of 2844	4016	chrome.exe	108
PID 4016 wrote to memory of 2844	4016	chrome.exe	108
PID 4016 wrote to memory of 2844	4016	chrome.exe	108
PID 4016 wrote to memory of 2844	4016	chrome.exe	108
PID 4016 wrote to memory of 2844	4016	chrome.exe	108
PID 4016 wrote to memory of 2844	4016	chrome.exe	108
PID 4016 wrote to memory of 2844	4016	chrome.exe	108
PID 4016 wrote to memory of 2844	4016	chrome.exe	108
PID 4016 wrote to memory of 2844	4016	chrome.exe	108
PID 4016 wrote to memory of 2844	4016	chrome.exe	108
PID 4016 wrote to memory of 2844	4016	chrome.exe	108
PID 4016 wrote to memory of 2844	4016	chrome.exe	108
PID 4016 wrote to memory of 2844	4016	chrome.exe	108
PID 4016 wrote to memory of 2844	4016	chrome.exe	108
PID 4016 wrote to memory of 2844	4016	chrome.exe	108
PID 4016 wrote to memory of 2844	4016	chrome.exe	108
PID 4016 wrote to memory of 2844	4016	chrome.exe	108
PID 4016 wrote to memory of 2844	4016	chrome.exe	108
PID 4016 wrote to memory of 2844	4016	chrome.exe	108
PID 4016 wrote to memory of 2844	4016	chrome.exe	108

C:\Users\Admin\AppData\Local\Temp\Instalar_Super_SCR_Creador.exe
"C:\Users\Admin\AppData\Local\Temp\Instalar_Super_SCR_Creador.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=es --service-sandbox-type=asset_store_service --field-trial-handle=1304,i,15554696853514343836,10056627555468107043,262144 --variations-seed-version --mojo-platform-channel-handle=2616 /prefetch:8
1⤵
PID:880

C:\Program Files (x86)\Super ScreenSaver Creador\Super Screen Saver Creador.EXE
"C:\Program Files (x86)\Super ScreenSaver Creador\Super Screen Saver Creador.EXE"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:3588
- C:\Users\Admin\AppData\Local\Temp\ssaver.scr
  C:\Users\Admin\AppData\Local\Temp\ssaver.scr /t
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:3116
- C:\Users\Admin\AppData\Local\Temp\ssaver.scr
  C:\Users\Admin\AppData\Local\Temp\ssaver.scr /t
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:3840

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5060

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb1f3ccc40,0x7ffb1f3ccc4c,0x7ffb1f3ccc58
  2⤵
  PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1820,i,2387622872636896139,13422879229327062134,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1808 /prefetch:2
  2⤵
  PID:3608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2148,i,2387622872636896139,13422879229327062134,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  PID:4004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2280,i,2387622872636896139,13422879229327062134,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2256 /prefetch:8
  2⤵
  PID:2844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,2387622872636896139,13422879229327062134,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3352,i,2387622872636896139,13422879229327062134,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3732,i,2387622872636896139,13422879229327062134,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4564 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4856,i,2387622872636896139,13422879229327062134,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4868 /prefetch:8
  2⤵
  PID:3000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4100,i,2387622872636896139,13422879229327062134,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5008 /prefetch:8
  2⤵
  PID:1736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4892,i,2387622872636896139,13422879229327062134,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:4148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3180,i,2387622872636896139,13422879229327062134,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5068 /prefetch:8
  2⤵
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=1532,i,2387622872636896139,13422879229327062134,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4624,i,2387622872636896139,13422879229327062134,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4896,i,2387622872636896139,13422879229327062134,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4160 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3740,i,2387622872636896139,13422879229327062134,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4508 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5748,i,2387622872636896139,13422879229327062134,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5712 /prefetch:8
  2⤵
  PID:3116

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4624

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3836

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap21583:150:7zEvent6592
1⤵
PID:1640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=es --service-sandbox-type=asset_store_service --field-trial-handle=3064,i,15554696853514343836,10056627555468107043,262144 --variations-seed-version --mojo-platform-channel-handle=3736 /prefetch:8
1⤵
PID:3068

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Microsoft Visual SourceSafe 6.0c (2001) (ISO)\" -spe -an -ai#7zMap5409:150:7zEvent23805
1⤵
PID:3152

\??\E:\setup.exe
"E:\setup.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3344
- C:\Users\Admin\AppData\Local\Temp\vs60wiz.exe
  C:\Users\Admin\AppData\Local\Temp\vs60wiz.exe /location:E:
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  PID:3192
- - C:\Windows\SysWOW64\setup16.exe
    E:\acmboot.exe -m "E:\acmboot.exe" /n "" /o "" /k "8854141164"
    3⤵
    - Enumerates connected drives
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    PID:2008
  - - F:\~MSSETUP.T\tmp.t\acmsetup.exe
      F:\~MSSETUP.T\tmp.t\acmsetup /T VSS98STD.STF /S E:\ /n "" /o "" /k "8854141164"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Enumerates connected drives
      Drops file in System32 directory
      Drops file in Program Files directory
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:2632

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Microsoft Visual SourceSafe 6.0c (2001) (ISO)\serial.txt
1⤵
PID:2168

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Super ScreenSaver Creador\Super Screen Saver Creador.EXE

Filesize
778KB

MD5
6f788e376e41e35f38bc56cc36684403

SHA1
9639bca8eb937b7d6987d00d3be3857529365b15

SHA256
e608382ad74e10b6aee569dae852e158c3c771b0e1a6eb4277c0713fc2810e25

SHA512
da943d9a33bcd3d363112c68fd30d4323fc29f382cfc61b3086bf6bdc0c940aea380f57573424b0280e5e4a9f24141f2d678c3500385fb1ce5f099663af83862

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
6b1659445b7536aef1560e4ecad46e92

SHA1
bda1718d33824a2b64182631f696d11e54f4df05

SHA256
17ab542c3aefa747308ed5579896691c6dbb57117ac3ee44a4aa3924b82c5888

SHA512
bd283559643a80d542020243b6b6a6d75a4c8205aee34882b3382a43d5c5925df3117abcbf94665ef2c1b3e50b6c2f40fe27c8fc3637efc5bffcce38f90a4fe7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c

Filesize
72KB

MD5
ab0fbe93eee030d00f9082a8eaf86698

SHA1
4517a963cde18540cba1535d0f3d83c559f53ca1

SHA256
590247f4ccda0d838698df06c789ee098c11e09380c113484e26778481acdf4a

SHA512
c368235b01e0a19903ea66f9751170d2fb5e8a4bed0c89a5f91ba2f7eb2d8ef04b0491fcaa164c5a5147113a96e0d31e32ee116795ea6a231e73dce611417bb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
b354c32bf0c36fa3fb4c0461fb04d60a

SHA1
d234b3b00f09abc35c4d587909dab38bf8b3b425

SHA256
07f1774e5d684d496b654b365d39aa37d4d5c877aa0586f8355d99949a7f10a7

SHA512
e1812c70d6967179870ac32e7bd06663378bf34eb1bc933dadf8e69957b4450073d423fc48ed8d5d92870d0b11f643167a6561c6d2d3c848764167792ec9a512

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
996d9472fad86bdae0dfa3ed5323df1f

SHA1
a7fd85ee51664b1fef798b7bd23b5962eb04965c

SHA256
2b889f80f285c7750caf51cc158c6e81a7cb14eaaf3caf8952af9c2543b20d1a

SHA512
28e201dae658bc32177c9a32b23a836b3c56d858e55aecbec71b3410710b89804c86b2a9c6ec91e3be92289eb048c191309e05b44c698557bbc5db2193c42d10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
6f15bb7c253ec03ccea5bf0ef55fc5eb

SHA1
a036a4f256ac6736db07633b7e2993ce45ad2f37

SHA256
1f7070d566b05cd2ca24042e7328e5c0f477cda40935a369f39d9c9a0446ce22

SHA512
10b3a406530a3afdb738eb6081b8c5becb769df8b0d2dcdca2fc8f7f3bda5e051da55812636b3c668d5f0d616b6a612564a2d2b457507863b4d42e9c737393fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c3ab355bd1f2cd22efcbdca2b738fd5c

SHA1
e794395eb401a7ef23987a918674e45757bb232c

SHA256
8b85e2077be10b257fd9e986dd959c4bbf572fe0c63799ccb34f7608849c14e4

SHA512
5e6f5b8ba7cb5abc0a3fbbfe0c1e616b43615fbce014f12470d77760e55c375dcbde0cf3d42ccdaa58063206d0fb09a32d549bbada36de2232037d25bb12948a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
f9c3a7114b6e18189fe9b264f06c1ce9

SHA1
e3887c5eb48867319303d10cf53fea5227acca23

SHA256
e071277735b6f867c41b80d39b13eeb7897c8151d813aeafa83edd4f2591c00f

SHA512
e65350dd668b1379cfaae9e2aab3f5b7da019e32b20b278d541d3ec971744022fdc4c8822ff82ee8fcb7725ee1727be7a57c1697eca9f23b3291356457ca70ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
fe4d13fcca6e50ca770e24efadd39d6f

SHA1
887108cb40aab1b2c88c9c01140f39c774d51bf4

SHA256
32900733f5fac002adaaba3d017bf3b085f52ba4192d9b8c0d301c3e41a06204

SHA512
f67dffcede9f4945a216cecce25e541b5eb6b259964392001528d95ad74bba76a24068c904f0236891e2d5d58422b5ccfcb4c9508444c7b96ce033335b9e633e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
0078327ab2205dd62f2aca992e5abf32

SHA1
ffac0397735b2556134d114ac52b7dc76e944408

SHA256
2c84ecd0d9e2bb5c823d9285b5f21e7808a0f0f8c7499a471b6bb740d50ae3e3

SHA512
a1c5c32e96e41a4444b31ca280163a3bab5c9547a1cb298d8ca50f832008365281b760f987f189269385d5a6e50361629d9dbfc42cc51007a5dda15b08f879be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
c905ac61235806b2764252ee997fe46d

SHA1
9071f2aa5fdcb4634b17c8a53790b94929f0551e

SHA256
d7ace81a3ef248748de9cf510e40876f1d6b1684319c6ff689454cc97a1389e3

SHA512
841f498d2d564f1ed0067c4ed5d611d063ee158d4288f6787f562fd43eef9c36bf58f16da6979787286d84edfda0f373ae759decf49130feb8c080623af227e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
0e6235d900996a3ae34416f2df9539be

SHA1
d4d87096c541edcd77133add2c239ad0eebdbf27

SHA256
c2fe66e15d4572064454e7c33e25ef1193fafb7cc308a6737443dc4ca653b0b0

SHA512
49a6b5dcfccd0e0f3305c36594e87f5eb3e07534887770c66af6b6beed28a29696bc66a5bdca543668137f91860632e685796989734498997722205e20b66e70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
decd707ba8e4e26d9ab199c8525152d8

SHA1
8dcde76a514e62a56145bcf35ec9e9962510f5b4

SHA256
5f8bdb36750f6e2729cf86fcff1d731172b97ac84fde64a00b8dac7bb56a7e00

SHA512
5065986a0701dd45623f5473541d086ee4e38a98d91524f1f5699114041806759e4804fea82ffe4e5b8f54cce00b6749a129bfbeb4f9c373aa876b84ccaeb33a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
8f3fcc1d699f73bc5fecf8d06d0176ad

SHA1
8cc52e73cbccfa6f62cd95572e3bd24d41915404

SHA256
41c59c8af521e8914e72b6fd51f32c6ba0f43e60c2ff4db7b09801ed2d83b004

SHA512
774884b9c8522ada72aa8ac9792e95862a69f50eedfcfe24e38820a990e89561cd3fb9d0d08ccb3d2730902024686b1166bc9944ac56c5970a79c062f5079fe8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fd4ea369318b6610dbfa48d5994106e5

SHA1
746ef48cf39f5794901680c82dd58b8c3424d3c9

SHA256
c710975de839ef94600b048e3d24fbc7a6d53dac8003e46f3d931ab9cb93ff21

SHA512
1e618548d2fb226f52678f0555b0315ec7927bd735edcccea9cb8475db362ac7678872b255050f8718fe7e06a98f5c0fc9232077d8ed70d83b9fd410a89f0ec9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3ab0ee2bede82154d43021e4598d76ce

SHA1
c84bdf95753b4c2f5c683cda52c7aa49965fd4d7

SHA256
5b3aca3c0a832fea55f822f1a3c0a21e3fe49803e8b444c02552ec9653ea832c

SHA512
fd33e05b9f4e8aa11f7ffb16677c322324d07388e0e9c2d45995a9eb8e83b61344f8a4a2f60685d2dc85eae806cba079db615abfb26d0038f91c40787b08ec78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
295c174691ca6397bb7d02dfa3c77d75

SHA1
b0aed5ba1b5e5666aa99d29a390923a2215989e4

SHA256
31701261e75c6a9a793d675e6c504d14149c77791486cf5d888b0f3d85c3de4f

SHA512
16e438fc0bfa2d850ebe67d09da57a86342b0d2ba417b9de0f47a1e28818af479eaa844e7b254e145a95b2be7148b8ddcfa3f8e040f96be84a737894bc5d3c7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
cf1f756595b7286e5ebad7f571a037a7

SHA1
b49f9ec695941dd733a015d6071e6d5aeaf1a6b7

SHA256
a0056984d4306e7765a5dd0393366cb49cbf832bfff9de5135b3f923ae2c9ca3

SHA512
4e841376e21095fb878ae70b8f65741025d588c802601b281b3c2f4990bf7984aee055729af346b91f89addb8640ff56cfb14da52798b55ec3fe2bfbe42c5e9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e0ec9e4d58487a569a8d5cb9c04760af

SHA1
ffe97860c05ec51cff47ffb6bddba1d2a7ed6548

SHA256
9c7018b38d7a71759c496c13a299f0f65faee3ee38e163243eba8b55218bb2fb

SHA512
20fe630cbb62d329ad3278bcf1df87c9b518bf209c0b661fa96e828f1b216519391a16e39791db92135f64de6b8e705ab8e9eaee5b1ff04bfc27704098ca4950

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2edec8ad56808df63f7034b991501273

SHA1
49cc402c3bff6b3a7ffeb5ce52b7dc8dd1a7a7c9

SHA256
80ef0e8ac5a781721ec0dabf3a2e73ee2461f49dcbc5fa888b37976db90774f8

SHA512
a647a4f9f157f8949570b1cbebf325895bc9275b2f47d4fa9232b4db83646ce3f38ba652eb43a1e556b6ada18a9e9c8a490964ced2e5ca7fdcb6507c2ad96a10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0054e9caccb934b4b71678c5b8d18c20

SHA1
360a663fe601ffb0da5f69c0319bd52cd8543bbe

SHA256
4701008791f4b774fcfab8b9c45f5b70503d80ee711410d654c26ebaec673892

SHA512
8ab9f89cbd12a167ac74842065fb3f069b8f6c4695b5a332fd0a0147f19964021c299cef4a6e9c795e7b6dc860cac129b5e0d1c595344a0cd644f64427c2b6a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e0ea755e1cc5fe6edebbf1a70a0d7bc7

SHA1
83d42b5b27631757196bd9aa6f7207cc8a097583

SHA256
778ed54ceefba18116d34a05a67dac40c458891efda455a012638a5f6b534add

SHA512
0d1db62f06e00ff5347824bd8e56da3f0787950d081299d239fc655aa5e215f5c9f1c682a1afec5662cedf4f747b99ab5104f60449caa9656d2ef92fa5fd5235

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3ad47915a58cf7b62f07878ef1a0869b

SHA1
1d545685758d62a1ff7d272a250f9260fc3ff73a

SHA256
dcaeaa3ff3d05dbb0fccb6aa345d191d5edc389c0d9072563618f2b49417f3b0

SHA512
9b1484a86586d91ece944f067ebf29572628b9bac474990d9818000723433a59fc3fe9b59dabfaed972ad2ce2a90dccf7380ea53173019a3f00d80d20e1aacbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4efae805d1e4f6642f056d86d1ae2c27

SHA1
2787be0bf9213d70c813a5bc72b893df078cdc36

SHA256
5e06a2b689a9c894f0243b54f9290e8f5ab524a217c203403cec96b2a29ea589

SHA512
564b85457bfeea29bb7b369e6a1cf94094ad3200a2a61adc892e037abe8d6c711ca5d4dbb4492470fd69aeb6e325b47e9c852d9177963100f6d992ffb2a575d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
28575a598bef3d8780bf1daa7fbab670

SHA1
98c5f230e65dabc513026fd1a31ecc02db91fd59

SHA256
a2ab089daa73e70fa70758ee7639cca567c5fa1e778a69f700bc008cded447df

SHA512
29238ad80a27e04a95fa20262fff5cae5494ba306a3ac6cc8c55c830cad37409b1defe735a35926adf429380dfc78fa61c2575e8127ab5441f88fbebf593563f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
61df38c0c880576b73e3f157d630167e

SHA1
cc6558969c81bbcd364d256d8af101191f0dc98a

SHA256
1b3eff3fda74dc1a6add36f464e548f7408fee42fa3b9c05f782a290cd67d96d

SHA512
aec9056f3b00bb88deb5e37a7165d2884059896b5eab0938feb555799790703db352e0d1812f59a06ace2931a74e032236003cff7121fc7332f641dabd894aba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9c500253953b264c28b1a2114b0fa703

SHA1
179ecbfa4e15e9c4a1048ee611936292572ab5ae

SHA256
fcb3ddd468971a0c94d9f7706dc08d0a3187fc8f4a53d4524b96bf8048ed61cc

SHA512
5560109fa824cc41faa6e1696da1cc2faa596f481e0967bb953382e5a0e0dd32354686453c9644404d481284b6c3c688b27375b56049a9ae2d8b2af1ad114180

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
241471cff3b8e4cec5d9cfab96e5a4e5

SHA1
a94d251bbb7cddfb049805227afb0ca56f4a3c85

SHA256
fc585f56bf6ee5b81c1e075fb53b40c59593b4a3da2477a7ded14cd35c4569e8

SHA512
7292a0b589d457cf24dcc408afee18e06a800f4422b860a4f03b161170c7083d60f3aa72c573b01a99bf14e685130af1dd12921e73e1e03e746eb32a047374fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3d5f74a5150efd73360d2361b72f9c9f

SHA1
5b0cdeb74748d216a794caa0a96c020943164ba1

SHA256
3363d9690502c9ca9c011c206d0d4b1deb841bac8f2d6b361ed0c0d1cfad0d73

SHA512
c3c0de9e84b20602ce974a4991b79f5b9018329531898a9abf0bc8fcaee8e0c54f0ac1b57a0108f4a80421d4ff1d00273d682d283c5ba59eeba8e061760b1c5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
794f6c2025b535776e8f0dcc3f4f2958

SHA1
3f293c66b60da95a489de43d6f5dc5bb788b1019

SHA256
a46de64febaddaf19bdf10191a71a06560328da741c039dede14bf3465385bac

SHA512
9e707d627846b7791eb9943e386c0f7356a85a6f7306e923829458264c2c499ab8eaa27e167b4ecab72f8d3320075e6133ed5263846351ee91b0724be08240d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bb4b728ec7ab0e6939b8691f6cb65503

SHA1
01d112d8251ef9d65cd744dbd9cf4df7c769b9b2

SHA256
a7c2ead772b6173fd8a24d3c4f8df8db6da7c0e63daa802f5f1316976b762b1c

SHA512
c2e95ffbf0ea72e7f9db243bc028c4dfddadc3f38e0fc9e5be55023255daec71f939c7c5e5db804c28b4af15c18cff0b7d42231ba3db4ff7eea05f80300f7624

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5938b9a898f3f30b7f4a1e859f09c97c

SHA1
7e1ab64453f6da3fd07bed8a628273fceebed5da

SHA256
2e8726557ef3d9831be86340802ad55a9f337c8984f2e2ff5c88ca3cf092ad48

SHA512
24444760473521b7e418032ca12aa2c3cb115c1a59baed04780010d7ba47782c6546894d634e6259e0eef5a9c6b4bbe429efa7266c5f4f7c413bfea8a18f3c1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
61e621fad417645e1982abeb4a58bb5b

SHA1
a658d01f1f27b72cb8387c629f71773138b0715c

SHA256
509bb00b85badd96ee8547c72d95e9bd418f2c3c1ebc454f4769d8112e86dc1a

SHA512
2434dcda604bb8d8002a31a04dfb5836c06e07ecb970a184c88a7e0cd0a32af4b2aed58c6698bf3749c1529c9b3bcef709fc6245a958139438a808ab77080a29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a05e9df60a23f45098481c461fe45ad7

SHA1
9e1ceac74524159a1296dd1a8aab4715629ce093

SHA256
e015f2610f4093cba268159e0bf093f1efe86913a739be6e39c2ab3bdcd0aedd

SHA512
533c290ccf405fece3f841edc4284898993abf693a01fd9c75b41a79b880ea00d0d5af7762b2b81fd5525d97bd3f4ca49d512cb999342875cc283390dfde7c56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
99aea59b8358d37a75efec931f7d18dc

SHA1
c378aa2118e8367b86f9e62e07e95622f782aae8

SHA256
e0f0b9afe8215a7b4b4ffee5709d4cf1b1a83f8cc5eae1be14dc0c0dfbb4049e

SHA512
3739f32ce405662437e44700f579933004b1f42d15909cacebdef4fa7baac69e1169ecc27c1e711afb4d689e49d8358b5f1732d59993cc49742da2be2486300d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3ee90b23f0da296788fdbd194877ce84

SHA1
fee4d45a5ec66c13b89b1caaf5250c51994596e0

SHA256
c819bf0bd0542abaa8bcb380dcd6aa7f0ed2deae083d1ad076e56487e358a310

SHA512
1b24b72560380d7bfa4281ec11795d199524d139d28387daf4a5f1160818b9ef397d7d7d968e89a79c7ef5341166ecef9143ae540965ba57e857a21025ca38e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
847a21115476be47ab2c36b7bc26564e

SHA1
b231e0ab43fd3ba5d7f4fbab4c72735863cd8d76

SHA256
83973b417ed32e4f4b7d38e51e2c5e4b701c7a95adc086e5a2934561b21c3236

SHA512
e6d420e3c351a75e3c11c51db73137ec392ad3179475eb1f06c1967d4b021692f8ec46d2840582b773d4b83b8da8f1d611d80817e98cc67e914cbdd3f154749e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2d4bcb5d6beb170e4eba1fca5b47197e

SHA1
fab1d348f6305fa137dd5b25bb4d7b23c3a1efc3

SHA256
c7119df4cf2b0bba3bb06ffe7a9aa5e42d743bb68e83e34207d7f36d160c6f0b

SHA512
4cc04c9b87219d87c1016b2721c534db39496b3d07ec103807dcae55413855258eb78f17dd238100750afeedb6fcd4324dd71b72142c29d956065edc92fb6be6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
78c3dbf95513c28f16efef428c1370bd

SHA1
5658bfdf3f8ffa13f8df0070209e6429ee9b09ff

SHA256
d1a102aa291abe9bb7886194145b9be7b5fc73f66237c515f95bc89528d69844

SHA512
71e8c1408eaf9533120ec31f172469058dbf2fa7244ca6f09b0667f5199978373f8c2af69bdcd1c8108aaf9e74abd70b84b8941326e6631195106661444ade95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
84e4e2e6ce7ebda3a6e40c4d582b67e9

SHA1
617910775963f3b859139fcaae7bcab457ea1646

SHA256
c87e3f6ba4e7417f024016e388dd4148fdffca4618359c9f01f9dd0bca3ccc85

SHA512
5af237640a0bdc46b1546375fe3d3bbab1d45d1c1b1d3d8bb0b0de2283274cb0fed65cb3e6beb534dd7cf8fe808b63647188672dbe0935c31db470c12650e9de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fc6106507ed0036423a8faae81288efb

SHA1
f0158e18a596d68d27c378f3063090a5f1bfd08f

SHA256
7b438454518f173f268de89a1e33d7b20c59492e74f428256ef952115f3200d8

SHA512
ca3a71870b5a3d73bc00e7cae49ccde56910462bc0d61fb0854bb130d4cd78881d0bb8bf3e84a63702393a340d064a8338a0bb1a109120067b0071ec3a01b0be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8d235a204529b11191ffde4d75924173

SHA1
75ff72b033e3f55983cf2807e63c8e735b99d6e3

SHA256
ecfd84db37ce89fe7d3a95b89719650a7d61a44b98b800179493da0af0fa267f

SHA512
e2490201125e85f182ac5c07ff7d63328bbe15fbd917de57bbe80e894de4f82653fe2a5e40e1e9648b5abd5bbd89a8a67fbf87d9fbe4043aa8066aa708229746

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
73b593b8604260de7bb6ee4553e765d0

SHA1
1a78b93f781380ffa324c2b93ef3e256bc6b61f0

SHA256
6d7a9374ee20c13ade9697864ce6070760640ccd8b53238a44bb5151e9d60f10

SHA512
f91dca0547e87bf9d802a0d21088f02548c672418c79c893c86b3154a02211a68f25ae7e13d357388840bc89347b48c5d78348a6a0a1d45ee6dc4c3ad6e286c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
29b8a3af2e03dc65d487c5a25d4d9ddd

SHA1
83ea3da7302115baa9441770126f3ff91b2259c0

SHA256
138aafcf9702a1406b3851fd49dc75e81152a435ffcf01b3c218158afa4ca711

SHA512
139e51193017e2ba31fd5625cbe7d60864a286f06c5f943dd48c3f70fff73e8a14396db5c64d8173d440d59a69fb062daab833823ab7dedeff8c62581dd7f8c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
764bd6ea733891bc6ea9a613ae72e07c

SHA1
3cfda9dd6333601e21641af78b9d5f31471e06e5

SHA256
f63206c46e46a3684f8f8d96f1ca8f005b950cd4fc51958fd78612463cc48a5b

SHA512
14efc49b175027992880d7710956842b2c8bac10448d4ed3578c4a985be840264648556bdb2e4f74b7b3f0c6530e27a1da8e5a23c2f289e9431ca44a27881910

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
208KB

MD5
21d5e531c47cac5c7ce42e8f31c5fa3d

SHA1
38b2a3d3dc3745dab63cce041671294c81ce958d

SHA256
2a81c11d770a6fc2401f3b16eaa92a7253878231526ab61227b1e90e1bca675e

SHA512
8235c784296c5c54a78d98e4a93a3a38b0b539dce2b2c1179200eb794a1b1d9b49b85bd798082b6367b8a912355b69d7d3aad0c96b0f9325e3d5050d09872f1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
208KB

MD5
44477e7e9682245233cc41b92117683b

SHA1
bdf2d22929b68663098ab4129e1bde8a1b95e234

SHA256
e1650df68773183b721b3c231a34d05f34bb32b51ec581e0bcb6ff92ca003fae

SHA512
f5c8e32a0e15596ded893568962a2678dc7bafdfe5c27fd3b19fe91cf25c1f3d4c60cb9986d8723786e25b624a246e5af5039c87a22388afe34b5a0c85f6cce4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_Setup.dll

Filesize
17KB

MD5
51cc5388602468dc26e0bb9c1aabdec3

SHA1
8c5aecba7a069cb3ef854989f0653fc443f8ada0

SHA256
d13e26a90658b055eae7d1eec83622670c3cadc4a7eb059bbb0cc1bcc88926c6

SHA512
21387f5a492d87fea4460a7a9a7b66e18eeb88a19f14d5decc7e4c6aa4bc022364b68f1b722c3f75d2acd7aabaceb0e95b7575faba65ad800d880469c948c063

Download Submit
C:\Users\Admin\AppData\Local\Temp\ssaver.scr

Filesize
217KB

MD5
c947726a1467c85748ada3de88222a5b

SHA1
685cea3b358031b586d758ecf0a8d189bff9391c

SHA256
97aa04ea84fdc6258d000449b4a8c3dbbacf6a5795fcccc4ddd5cb54f26bd32d

SHA512
411682ca47436d035bb41eb9a16afb44c06e736ad3cb93c3d84512f3ea29eb7c7382ae601da783ce074a93bcf5023ebbc389b460fdfbc3c1e3ac7d6772534098

Download Submit
C:\Users\Admin\AppData\Local\Temp\vs60wiz.exe

Filesize
510KB

MD5
e07daf1ad290f782de4c84ff17ce1838

SHA1
95662fb61b8e21dbc50cc5d8bfd372bff57e6839

SHA256
f68910b0fbd18cf8b5b33afdcd8e2c5ca42ad1f926e3e337ab813934dbdcfca6

SHA512
91c63b0563fd75ce60428a230421084912459e90ca1cf5ea7c4524e618ba83061a6b7d330fbba8170d9cae4648aca1d86dfd151e99901a5cf36191cb85c2c66c

Download Submit
C:\Users\Admin\Downloads\Microsoft Visual SourceSafe 6.0c (2001) (ISO).7z.crdownload

Filesize
6.8MB

MD5
7b647fff0fccaf14107f9b6ad43ec551

SHA1
b1310e94057dd8efa44678407a6f5e5597b710c3

SHA256
751569e80570165c5f4ba41f650fbab153a22aafe05ef65872d773bcc5b03169

SHA512
a706e2bc19cbb21989022f73fd749dfbb3efcde33c4d76c766a4eade96b1ac38487427768ebdcf38aadc0777306e1195b4a700a69250e608eff4e66945155ebb

Download Submit
C:\Users\Admin\Downloads\Microsoft Visual SourceSafe 6.0c (2001) (ISO)\Artwork\disk01-front.jpg

Filesize
1.4MB

MD5
66c3162d33ae286b0be143be8932678f

SHA1
2ed36da7e88b92888fc3d020c3c40781eed9c014

SHA256
56e21a96b3f1e0679daf67ca27d0c1727aebfdcbe8a979360c97d54482db481f

SHA512
32deae1327100eef4a20e98cf09150cd669f66344050895fd420636cb4e2eeb9870ce130c604c68d6087da39a386e880a1c415087e452f92b4fd0a9016cb1f9d

Download Submit
C:\Users\Admin\Downloads\Microsoft Visual SourceSafe 6.0c (2001) (ISO)\Artwork\disk01envelope (cd key).jpg

Filesize
903KB

MD5
1ef60bfd073a97de100438194829904c

SHA1
aa040768e10ee23d7d57fc1d06cdf00bc83c350c

SHA256
c8d96faa0b4bf107ec4113273bf9664b3d575e3d55758e1b4fdc6f80a8899e95

SHA512
38c91f8e4ff63826a3270671ec62bb3f77e6cef913225b7a626f9c6abb5983f9f789a77e31058940ae768e2868b4592a73070a9eb3b9a3bdb5c421e163226943

Download Submit
C:\Users\Admin\Downloads\Microsoft Visual SourceSafe 6.0c (2001) (ISO)\disk01.iso

Filesize
31.9MB

MD5
7a82f32125f5de75f42ad23cb3a3dc22

SHA1
fb9462f648e9a6a04d66be2564ebe45ba84f3626

SHA256
20da0782d2731c7553bf85d76ed6b9f1e0b12cbcef3ddfbf9e7331a025f60df6

SHA512
d0a0d3692a4223b252518aa3c01f660996fdf14a238f841837216a2987c2e6223c777af2b2d42efee6d666d05561759d15c265e66c1c7192bb216589c9854b4e

Download Submit
C:\Users\Admin\Downloads\Microsoft Visual SourceSafe 6.0c (2001) (ISO)\serial.txt

Filesize
11B

MD5
fc1c2cc8252bd3f3008e94d1d223d31c

SHA1
b0ddf241d65c280a8cb0431b6ee3c87c041e617e

SHA256
357d5761ac925bc4f681dda7ae084236f26271b927c74ef7ca4c2d0d82a92a42

SHA512
e92dbb4ed7427bac6b1d99441d97541f0ff24e872efcc18d3cd3bdb220e91e93c0ec6783d5aa94f37296e7c2ea03681a0c755058d560915430af7878c3fa3ee2

Download Submit
C:\Users\Admin\Downloads\Microsoft Visual SourceSafe 6.0c (2001) (ISO)\winworldpc.com.txt

Filesize
691B

MD5
cae11a595ae01150d179b2de39ccf9ed

SHA1
ba41421eec585b193ba60010f1acb01765744fc3

SHA256
f319274880a90680e248978b5baf022a6b8471b867aa0b6a30d8ff85a1950b07

SHA512
0c0e95173092626733fef30224db098c71ff8c303a60a3749701f12f84644737f73da9bce1b1abc6787596feb6c6f60bbb63fd6a7bcd55b952cafc7aa5553852

Download Submit
F:\~MSSETUP.T\tmp.t\COMMON98.DLL

Filesize
182KB

MD5
2958a7485477da56f3693c9ce37aadca

SHA1
2e1b4d8bf6003da72a0ee1dfd76080a0f1ad7b53

SHA256
7e7d0379699c3a978d101890e95523dc63af29e027af8ce290bb39e492491f64

SHA512
50f1111c82665b62ed8079058f82f9dd377fc47f9e8a6e112c988f4bef3abdd6bda2514445d4583aff903b254e4a5a7dca05982bc23a2fb972803e6c8c5f6ffc

Download Submit
F:\~MSSETUP.T\tmp.t\VSS98STD.DLL

Filesize
36KB

MD5
a7f6e9a3e29cc2a844d617569cbc2664

SHA1
5789dbd0235f76d562c55e4253e8947b3262da77

SHA256
61a1c26937259887b2451245cfe1ca996202a14bc068eb20c9e410d3dcf6de78

SHA512
d0f60891250f990fdbddb918f8bce2982b07c2f5af2950b3f8252cc2a873d667eb214ccf1a8a51203a4d4e02bcbf80ae0f79dde78df0e6466e54b54c7b4503b2

Download Submit
F:\~MSSETUP.T\tmp.t\VSS98STD.INF

Filesize
13KB

MD5
421445470f998b63c65178c623f0e133

SHA1
56ef6f768d59d41b57846908efd6426f86e3d01b

SHA256
7fc8fe8faa84b1983ab9cab817f41b7eff27d6dee5d3d3ff0496101e1bc00401

SHA512
8cbf7e2fbb801eb2c8b655b6c43aff189d7d145f92b057753ff5f21d61632250d57374f442a5a92e328520244f5d9ecafe470ae9385ae7c76323e65de06a8d1a

Download Submit
F:\~MSSETUP.T\tmp.t\VSS98STD.STF

Filesize
33KB

MD5
75937d08fe4f30177381f719161286ac

SHA1
33cf8b59900d79ab7db991d2015f849eb05db1a7

SHA256
94f2d6e77eeebe159930cc763f2ae9ff382ce431c90264ab6fca56e804c6e0ee

SHA512
06fa9786781bfab6d92dbad58f55a290303f0904199c43c22b7eda79813abf74717c756530bbc5b920797ba17e7dbeb73baab2fc87813f0fcde63fd5dc55d5d0

Download Submit
F:\~MSSETUP.T\tmp.t\_MSSETUP._Q_

Filesize
724B

MD5
96c34055f2c825dab644b7ec0f5fe7cf

SHA1
737dc315e64a8dcb268dbc0e4ac4723e3009a7a2

SHA256
7db091aeeddfd72350c773f5e5bae3fe974f42ab3d635b07313fbcee1f9499b4

SHA512
c038b12df51277b696a0fd2ec767d17d7cea16646b53440a7938f956bb8c35bb2e66b46504ad14fd252c91fddaa600690ddb845fb6f38829d65731355a0b38d4

Download Submit
F:\~MSSETUP.T\tmp.t\_MSSETUP._Q_

Filesize
1KB

MD5
976682a7ccd88cac4aab2dc7b301078e

SHA1
5bad02ec93e14de46d351025e0ab30313fbaeb85

SHA256
648a1a0c51b824b1921d74126c00cef11de3021cd9f349cf17b68fc1531b3ecd

SHA512
1f6ef48613f4225ccb9248d015985d033d47abd81505d0fdd8d6f1b501d073c9f949d874ba14c9db14e9146ad7c0d7883af94d73dc4f80f26664008b51c31b21

Download Submit
F:\~MSSETUP.T\tmp.t\acmsetup.exe

Filesize
385KB

MD5
877257147b4b084bcb490fe07870afa0

SHA1
1d500f48f5e364471beac75795c96786356aaf68

SHA256
fc5013156214d398e9b2cbbbcaf57c666b7015761f47d6203db936ccc28745b3

SHA512
9c81cf696501791f0460568c91ada20108508009050c8ade08599067cb1593dbdf09e9b89c4b2391d2b699db9ea4c631f4120b7a65356a85b135f78f59375771

Download Submit
F:\~MSSETUP.T\tmp.t\mssetup.dll

Filesize
276KB

MD5
854c5ccd51c42659071a73a34fddbf90

SHA1
754dc73cfd46824691aa737dc06c8621e7facb54

SHA256
0115582135ba9af9d5a9e3b79bf6d81cce566e2fb6d923648092982c87e9b63f

SHA512
5b906d48f3ff8d531525978217699f216d9f6259ca799c3377b1772d9f517fea657448559ea484dc509288c9bdad2be71e1c4e17615058ea593c69dbad7f83b8

Download Submit
F:\~MSSETUP.T\tmp.t\pholder.dll

Filesize
29KB

MD5
96d416024a1fedddb7e38c0280549f2b

SHA1
475bfb5cfdbbfa22a56f1a68d87a62ec63baa0c5

SHA256
d14914a313474006e6fa28464e052cdbe33c25cd70a83d07f2454d015e888f26

SHA512
54b7a2deab70f60d151be9c94b54d62c9bcb3b7e76932262f2676fa4e8b92b6a71527074f72c8cc3629d4509a2a1374e50b51e28e7f7ad517d2e58eb89b5bd8d

Download Submit
F:\~MSSETUP.T\tmp.t\vsscantl.dll

Filesize
224KB

MD5
7ab792045a88c2f8ff9dd242b1013d37

SHA1
107966ffde6ce5270bc238ba01b0f0e7bb54d66d

SHA256
06144052eeda73c478a9c1785ea615fb11efb55d6cbb412773197c84ea84d53f

SHA512
d0f82fe60a02a517550c634aa7d95faa11733bb59a9aa9575a7ff738703fc79dff5848e8e5370949b454945b4aafc36aa9b81cffb8d10f34a96c1b4974638356

Download Submit
memory/2632-867-0x0000000010000000-0x000000001004C000-memory.dmp

Filesize
304KB

Download
memory/2632-900-0x0000000003770000-0x00000000037AE000-memory.dmp

Filesize
248KB

Download
memory/2632-861-0x0000000004D60000-0x0000000004D92000-memory.dmp

Filesize
200KB

Download
memory/2632-866-0x0000000000400000-0x0000000000465000-memory.dmp

Filesize
404KB

Download
memory/3116-896-0x0000000000400000-0x00000000004E2000-memory.dmp

Filesize
904KB

Download
memory/3116-917-0x0000000000400000-0x00000000004E2000-memory.dmp

Filesize
904KB

Download
memory/3588-47-0x0000000000400000-0x00000000005AA000-memory.dmp

Filesize
1.7MB

Download
memory/3588-50-0x0000000000400000-0x00000000005AA000-memory.dmp

Filesize
1.7MB

Download
memory/3588-51-0x0000000000400000-0x00000000005AA000-memory.dmp

Filesize
1.7MB

Download
memory/3588-889-0x0000000000400000-0x00000000005AA000-memory.dmp

Filesize
1.7MB

Download
memory/3588-48-0x0000000000400000-0x00000000005AA000-memory.dmp

Filesize
1.7MB

Download
memory/3588-43-0x0000000000400000-0x00000000005AA000-memory.dmp

Filesize
1.7MB

Download
memory/3588-773-0x0000000000400000-0x00000000005AA000-memory.dmp

Filesize
1.7MB

Download
memory/3588-44-0x0000000000400000-0x00000000005AA000-memory.dmp

Filesize
1.7MB

Download
memory/3588-45-0x0000000000400000-0x00000000005AA000-memory.dmp

Filesize
1.7MB

Download
memory/3840-960-0x0000000000400000-0x00000000004E2000-memory.dmp

Filesize
904KB

Download
memory/4988-40-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4988-33-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4988-6-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4988-7-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4988-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download