Analysis
-
max time kernel
380s -
max time network
381s -
platform
windows11-21h2_x64 -
resource
win11-20241007-en -
resource tags
arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system -
submitted
11-11-2024 17:12
Static task
static1
Behavioral task
behavioral1
Sample
link.txt
Resource
win11-20241007-en
Errors
General
-
Target
link.txt
-
Size
139B
-
MD5
b158f6f6f236146dbb84f01382f7b288
-
SHA1
6044e94429a90711f51626f628a3a9d51d4afd60
-
SHA256
ac87f8dd3c4ffb6ebfebe7e23be8ec298263cb5103bdd180e156997db328c85c
-
SHA512
9f52cd6d10066c7033c239494c513698ada42881768d23ad52785a3f787c53bbaafbc51e66806753e7b104c5d23c2a46eeed6d4740b5a0a9420bbbed85edefe9
Malware Config
Extracted
vidar
11.5
8b94a7bcafb394a6cda231fd95b94a68
https://t.me/gos90t
https://steamcommunity.com/profiles/76561199800374635
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
Signatures
-
Detect Vidar Stealer 45 IoCs
resource yara_rule behavioral1/memory/4044-1209-0x0000000000400000-0x0000000000659000-memory.dmp family_vidar_v7 behavioral1/memory/4044-1213-0x0000000000400000-0x0000000000659000-memory.dmp family_vidar_v7 behavioral1/memory/4044-1212-0x0000000000400000-0x0000000000659000-memory.dmp family_vidar_v7 behavioral1/memory/4044-1233-0x0000000000400000-0x0000000000659000-memory.dmp family_vidar_v7 behavioral1/memory/4044-1234-0x0000000000400000-0x0000000000659000-memory.dmp family_vidar_v7 behavioral1/memory/4044-1242-0x0000000000400000-0x0000000000659000-memory.dmp family_vidar_v7 behavioral1/memory/4044-1243-0x0000000000400000-0x0000000000659000-memory.dmp family_vidar_v7 behavioral1/memory/4044-1315-0x0000000000400000-0x0000000000659000-memory.dmp family_vidar_v7 behavioral1/memory/4044-1316-0x0000000000400000-0x0000000000659000-memory.dmp family_vidar_v7 behavioral1/memory/4044-1319-0x0000000000400000-0x0000000000659000-memory.dmp family_vidar_v7 behavioral1/memory/4044-1320-0x0000000000400000-0x0000000000659000-memory.dmp family_vidar_v7 behavioral1/memory/4044-1325-0x0000000000400000-0x0000000000659000-memory.dmp family_vidar_v7 behavioral1/memory/4044-1327-0x0000000000400000-0x0000000000659000-memory.dmp family_vidar_v7 behavioral1/memory/4044-1333-0x0000000000400000-0x0000000000659000-memory.dmp family_vidar_v7 behavioral1/memory/4044-1334-0x0000000000400000-0x0000000000659000-memory.dmp family_vidar_v7 behavioral1/memory/4044-1389-0x0000000000400000-0x0000000000659000-memory.dmp family_vidar_v7 behavioral1/memory/4044-1390-0x0000000000400000-0x0000000000659000-memory.dmp family_vidar_v7 behavioral1/memory/4044-1397-0x0000000000400000-0x0000000000659000-memory.dmp family_vidar_v7 behavioral1/memory/4044-1403-0x0000000000400000-0x0000000000659000-memory.dmp family_vidar_v7 behavioral1/memory/4044-1419-0x0000000000400000-0x0000000000659000-memory.dmp family_vidar_v7 behavioral1/memory/4044-1420-0x0000000000400000-0x0000000000659000-memory.dmp family_vidar_v7 behavioral1/memory/4044-1427-0x0000000000400000-0x0000000000659000-memory.dmp family_vidar_v7 behavioral1/memory/4044-1428-0x0000000000400000-0x0000000000659000-memory.dmp family_vidar_v7 behavioral1/memory/1200-1433-0x0000000000400000-0x0000000000659000-memory.dmp family_vidar_v7 behavioral1/memory/1200-1434-0x0000000000400000-0x0000000000659000-memory.dmp family_vidar_v7 behavioral1/memory/1200-1441-0x0000000000400000-0x0000000000659000-memory.dmp family_vidar_v7 behavioral1/memory/1200-1442-0x0000000000400000-0x0000000000659000-memory.dmp family_vidar_v7 behavioral1/memory/1200-1457-0x0000000000400000-0x0000000000659000-memory.dmp family_vidar_v7 behavioral1/memory/1200-1461-0x0000000000400000-0x0000000000659000-memory.dmp family_vidar_v7 behavioral1/memory/1200-1458-0x0000000000400000-0x0000000000659000-memory.dmp family_vidar_v7 behavioral1/memory/1200-1462-0x0000000000400000-0x0000000000659000-memory.dmp family_vidar_v7 behavioral1/memory/1200-1467-0x0000000000400000-0x0000000000659000-memory.dmp family_vidar_v7 behavioral1/memory/1200-1475-0x0000000000400000-0x0000000000659000-memory.dmp family_vidar_v7 behavioral1/memory/1200-1468-0x0000000000400000-0x0000000000659000-memory.dmp family_vidar_v7 behavioral1/memory/1200-1476-0x0000000000400000-0x0000000000659000-memory.dmp family_vidar_v7 behavioral1/memory/1200-1530-0x0000000000400000-0x0000000000659000-memory.dmp family_vidar_v7 behavioral1/memory/1200-1531-0x0000000000400000-0x0000000000659000-memory.dmp family_vidar_v7 behavioral1/memory/1200-1538-0x0000000000400000-0x0000000000659000-memory.dmp family_vidar_v7 behavioral1/memory/1200-1539-0x0000000000400000-0x0000000000659000-memory.dmp family_vidar_v7 behavioral1/memory/1200-1558-0x0000000000400000-0x0000000000659000-memory.dmp family_vidar_v7 behavioral1/memory/1200-1559-0x0000000000400000-0x0000000000659000-memory.dmp family_vidar_v7 behavioral1/memory/1200-1566-0x0000000000400000-0x0000000000659000-memory.dmp family_vidar_v7 behavioral1/memory/1200-1567-0x0000000000400000-0x0000000000659000-memory.dmp family_vidar_v7 behavioral1/memory/2820-1572-0x0000000000400000-0x0000000000659000-memory.dmp family_vidar_v7 behavioral1/memory/2820-1573-0x0000000000400000-0x0000000000659000-memory.dmp family_vidar_v7 -
Vidar family
-
Downloads MZ/PE file
-
Uses browser remote debugging 2 TTPs 36 IoCs
Can be used control the browser and steal sensitive information such as credentials and session cookies.
pid Process 2992 chrome.exe 4180 msedge.exe 764 chrome.exe 3400 chrome.exe 1396 msedge.exe 5048 msedge.exe 1756 msedge.exe 1400 msedge.exe 788 msedge.exe 1924 msedge.exe 4272 msedge.exe 1364 msedge.exe 3940 chrome.exe 2580 msedge.exe 2752 chrome.exe 2792 msedge.exe 3352 chrome.exe 4292 msedge.exe 2464 chrome.exe 1480 chrome.exe 4936 msedge.exe 1688 chrome.exe 2068 chrome.exe 2124 msedge.exe 4320 msedge.exe 4972 msedge.exe 2992 chrome.exe 3528 chrome.exe 2880 chrome.exe 4628 chrome.exe 4924 msedge.exe 4220 msedge.exe 2196 chrome.exe 2300 msedge.exe 4220 msedge.exe 2256 chrome.exe -
Executes dropped EXE 9 IoCs
pid Process 1280 Unlock_Tool_v2.5.7.exe 4044 Unlock_Tool_v2.5.7.exe 3012 Unlock_Tool_v2.5.7.exe 1200 Unlock_Tool_v2.5.7.exe 4572 Unlock_Tool_v2.5.7.exe 2820 Unlock_Tool_v2.5.7.exe 4936 Unlock_Tool_v2.5.7.exe 2548 Unlock_Tool_v2.5.7.exe 132 Unlock_Tool_v2.5.7.exe -
Loads dropped DLL 8 IoCs
pid Process 4044 Unlock_Tool_v2.5.7.exe 4044 Unlock_Tool_v2.5.7.exe 1200 Unlock_Tool_v2.5.7.exe 1200 Unlock_Tool_v2.5.7.exe 2820 Unlock_Tool_v2.5.7.exe 2820 Unlock_Tool_v2.5.7.exe 132 Unlock_Tool_v2.5.7.exe 132 Unlock_Tool_v2.5.7.exe -
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files 1 TTPs
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory 1 IoCs
description ioc Process File opened for modification C:\Windows\system32\Recovery\ReAgent.xml bootim.exe -
Suspicious use of SetThreadContext 4 IoCs
description pid Process procid_target PID 1280 set thread context of 4044 1280 Unlock_Tool_v2.5.7.exe 113 PID 3012 set thread context of 1200 3012 Unlock_Tool_v2.5.7.exe 163 PID 4572 set thread context of 2820 4572 Unlock_Tool_v2.5.7.exe 212 PID 4936 set thread context of 132 4936 Unlock_Tool_v2.5.7.exe 271 -
Drops file in Windows directory 12 IoCs
description ioc Process File opened for modification C:\Windows\SystemTemp chrome.exe File opened for modification C:\Windows\SystemTemp chrome.exe File opened for modification C:\Windows\Panther\UnattendGC\setuperr.log bootim.exe File opened for modification C:\Windows\Panther\UnattendGC\diagerr.xml bootim.exe File opened for modification C:\Windows\SystemTemp\Crashpad\metadata setup.exe File opened for modification C:\Windows\SystemTemp\Crashpad\settings.dat setup.exe File opened for modification C:\Windows\SystemTemp chrome.exe File opened for modification C:\Windows\Panther\UnattendGC\setupact.log bootim.exe File opened for modification C:\Windows\Panther\UnattendGC\diagwrn.xml bootim.exe File opened for modification C:\Windows\SystemTemp chrome.exe File opened for modification C:\Windows\SystemTemp setup.exe File opened for modification C:\Windows\SystemTemp chrome.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 4 IoCs
pid pid_target Process procid_target 1604 1280 WerFault.exe 111 912 3012 WerFault.exe 161 4144 4572 WerFault.exe 210 2116 4936 WerFault.exe 268 -
System Location Discovery: System Language Discovery 1 TTPs 13 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language timeout.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Unlock_Tool_v2.5.7.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language timeout.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language timeout.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Unlock_Tool_v2.5.7.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Unlock_Tool_v2.5.7.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Unlock_Tool_v2.5.7.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Unlock_Tool_v2.5.7.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language timeout.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe -
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName taskmgr.exe -
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString Unlock_Tool_v2.5.7.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Unlock_Tool_v2.5.7.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString Unlock_Tool_v2.5.7.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Unlock_Tool_v2.5.7.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString Unlock_Tool_v2.5.7.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Unlock_Tool_v2.5.7.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString Unlock_Tool_v2.5.7.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Unlock_Tool_v2.5.7.exe -
Delays execution with timeout.exe 4 IoCs
pid Process 1472 timeout.exe 2548 timeout.exe 4112 timeout.exe 2068 timeout.exe -
Enumerates system info in registry 2 TTPs 30 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies data under HKEY_USERS 21 IoCs
description ioc Process Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" LogonUI.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268" LogonUI.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00 LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "14" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" LogonUI.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133758188197787218" chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History LogonUI.exe -
Modifies registry class 3 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings chrome.exe Key created \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings taskmgr.exe -
NTFS ADS 1 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\Unlock_Tool.zip:Zone.Identifier chrome.exe -
Opens file in notepad (likely ransom note) 2 IoCs
pid Process 3600 NOTEPAD.EXE 2816 NOTEPAD.EXE -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2968 chrome.exe 2968 chrome.exe 4044 Unlock_Tool_v2.5.7.exe 4044 Unlock_Tool_v2.5.7.exe 4044 Unlock_Tool_v2.5.7.exe 4044 Unlock_Tool_v2.5.7.exe 2992 chrome.exe 2992 chrome.exe 4044 Unlock_Tool_v2.5.7.exe 4044 Unlock_Tool_v2.5.7.exe 4044 Unlock_Tool_v2.5.7.exe 4044 Unlock_Tool_v2.5.7.exe 2968 msedge.exe 2968 msedge.exe 4180 msedge.exe 4180 msedge.exe 4004 msedge.exe 4004 msedge.exe 4044 Unlock_Tool_v2.5.7.exe 4044 Unlock_Tool_v2.5.7.exe 4044 Unlock_Tool_v2.5.7.exe 4044 Unlock_Tool_v2.5.7.exe 1200 Unlock_Tool_v2.5.7.exe 1200 Unlock_Tool_v2.5.7.exe 1200 Unlock_Tool_v2.5.7.exe 1200 Unlock_Tool_v2.5.7.exe 2256 chrome.exe 2256 chrome.exe 1200 Unlock_Tool_v2.5.7.exe 1200 Unlock_Tool_v2.5.7.exe 1200 Unlock_Tool_v2.5.7.exe 1200 Unlock_Tool_v2.5.7.exe 1996 msedge.exe 1996 msedge.exe 1400 msedge.exe 1400 msedge.exe 1200 Unlock_Tool_v2.5.7.exe 1200 Unlock_Tool_v2.5.7.exe 1200 Unlock_Tool_v2.5.7.exe 1200 Unlock_Tool_v2.5.7.exe 2820 Unlock_Tool_v2.5.7.exe 2820 Unlock_Tool_v2.5.7.exe 2820 Unlock_Tool_v2.5.7.exe 2820 Unlock_Tool_v2.5.7.exe 2992 chrome.exe 2992 chrome.exe 2820 Unlock_Tool_v2.5.7.exe 2820 Unlock_Tool_v2.5.7.exe 2820 Unlock_Tool_v2.5.7.exe 2820 Unlock_Tool_v2.5.7.exe 3184 msedge.exe 3184 msedge.exe 4272 msedge.exe 4272 msedge.exe 2820 Unlock_Tool_v2.5.7.exe 2820 Unlock_Tool_v2.5.7.exe 3296 taskmgr.exe 3296 taskmgr.exe 3296 taskmgr.exe 2820 Unlock_Tool_v2.5.7.exe 2820 Unlock_Tool_v2.5.7.exe 3296 taskmgr.exe 3296 taskmgr.exe 3296 taskmgr.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 3296 taskmgr.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 36 IoCs
pid Process 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2992 chrome.exe 2992 chrome.exe 2992 chrome.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 2256 chrome.exe 2256 chrome.exe 2256 chrome.exe 1400 msedge.exe 1400 msedge.exe 1400 msedge.exe 1400 msedge.exe 2992 chrome.exe 2992 chrome.exe 2992 chrome.exe 4272 msedge.exe 4272 msedge.exe 4272 msedge.exe 4272 msedge.exe 2392 msedge.exe 2392 msedge.exe 2392 msedge.exe 3940 chrome.exe 3940 chrome.exe 3940 chrome.exe 2580 msedge.exe 2580 msedge.exe 2580 msedge.exe 2580 msedge.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2968 chrome.exe Token: SeCreatePagefilePrivilege 2968 chrome.exe Token: SeShutdownPrivilege 2968 chrome.exe Token: SeCreatePagefilePrivilege 2968 chrome.exe Token: SeShutdownPrivilege 2968 chrome.exe Token: SeCreatePagefilePrivilege 2968 chrome.exe Token: SeShutdownPrivilege 2968 chrome.exe Token: SeCreatePagefilePrivilege 2968 chrome.exe Token: SeShutdownPrivilege 2968 chrome.exe Token: SeCreatePagefilePrivilege 2968 chrome.exe Token: SeShutdownPrivilege 2968 chrome.exe Token: SeCreatePagefilePrivilege 2968 chrome.exe Token: SeShutdownPrivilege 2968 chrome.exe Token: SeCreatePagefilePrivilege 2968 chrome.exe Token: SeShutdownPrivilege 2968 chrome.exe Token: SeCreatePagefilePrivilege 2968 chrome.exe Token: SeShutdownPrivilege 2968 chrome.exe Token: SeCreatePagefilePrivilege 2968 chrome.exe Token: SeShutdownPrivilege 2968 chrome.exe Token: SeCreatePagefilePrivilege 2968 chrome.exe Token: SeShutdownPrivilege 2968 chrome.exe Token: SeCreatePagefilePrivilege 2968 chrome.exe Token: SeShutdownPrivilege 2968 chrome.exe Token: SeCreatePagefilePrivilege 2968 chrome.exe Token: SeShutdownPrivilege 2968 chrome.exe Token: SeCreatePagefilePrivilege 2968 chrome.exe Token: SeShutdownPrivilege 2968 chrome.exe Token: SeCreatePagefilePrivilege 2968 chrome.exe Token: SeShutdownPrivilege 2968 chrome.exe Token: SeCreatePagefilePrivilege 2968 chrome.exe Token: SeShutdownPrivilege 2968 chrome.exe Token: SeCreatePagefilePrivilege 2968 chrome.exe Token: SeShutdownPrivilege 2968 chrome.exe Token: SeCreatePagefilePrivilege 2968 chrome.exe Token: SeShutdownPrivilege 2968 chrome.exe Token: SeCreatePagefilePrivilege 2968 chrome.exe Token: SeShutdownPrivilege 2968 chrome.exe Token: SeCreatePagefilePrivilege 2968 chrome.exe Token: SeShutdownPrivilege 2968 chrome.exe Token: SeCreatePagefilePrivilege 2968 chrome.exe Token: SeRestorePrivilege 4852 7zG.exe Token: 35 4852 7zG.exe Token: SeSecurityPrivilege 4852 7zG.exe Token: SeSecurityPrivilege 4852 7zG.exe Token: SeShutdownPrivilege 2992 chrome.exe Token: SeCreatePagefilePrivilege 2992 chrome.exe Token: SeShutdownPrivilege 2992 chrome.exe Token: SeCreatePagefilePrivilege 2992 chrome.exe Token: SeShutdownPrivilege 2992 chrome.exe Token: SeCreatePagefilePrivilege 2992 chrome.exe Token: SeShutdownPrivilege 2992 chrome.exe Token: SeCreatePagefilePrivilege 2992 chrome.exe Token: SeShutdownPrivilege 2992 chrome.exe Token: SeCreatePagefilePrivilege 2992 chrome.exe Token: SeShutdownPrivilege 2992 chrome.exe Token: SeCreatePagefilePrivilege 2992 chrome.exe Token: SeShutdownPrivilege 2992 chrome.exe Token: SeCreatePagefilePrivilege 2992 chrome.exe Token: SeShutdownPrivilege 2256 chrome.exe Token: SeCreatePagefilePrivilege 2256 chrome.exe Token: SeShutdownPrivilege 2256 chrome.exe Token: SeCreatePagefilePrivilege 2256 chrome.exe Token: SeShutdownPrivilege 2256 chrome.exe Token: SeCreatePagefilePrivilege 2256 chrome.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 4852 7zG.exe 2992 chrome.exe 2992 chrome.exe 2992 chrome.exe 2992 chrome.exe 2992 chrome.exe 2992 chrome.exe 2992 chrome.exe 2992 chrome.exe 2992 chrome.exe 2992 chrome.exe 2992 chrome.exe 2992 chrome.exe 2992 chrome.exe 2992 chrome.exe 2992 chrome.exe 2992 chrome.exe 2992 chrome.exe 2992 chrome.exe 2992 chrome.exe 2992 chrome.exe 2992 chrome.exe 2992 chrome.exe 2992 chrome.exe 2992 chrome.exe 2992 chrome.exe 2992 chrome.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 2968 chrome.exe 3296 taskmgr.exe 3296 taskmgr.exe 3296 taskmgr.exe 3296 taskmgr.exe 3296 taskmgr.exe 3296 taskmgr.exe 3296 taskmgr.exe 3296 taskmgr.exe 3296 taskmgr.exe 3296 taskmgr.exe 3296 taskmgr.exe 3296 taskmgr.exe 3296 taskmgr.exe 3296 taskmgr.exe 3296 taskmgr.exe 3296 taskmgr.exe 3296 taskmgr.exe 3296 taskmgr.exe 3296 taskmgr.exe 3296 taskmgr.exe 3296 taskmgr.exe 3296 taskmgr.exe 3296 taskmgr.exe 3296 taskmgr.exe 3296 taskmgr.exe 3296 taskmgr.exe 3296 taskmgr.exe 3296 taskmgr.exe 3296 taskmgr.exe 3296 taskmgr.exe 3296 taskmgr.exe 3296 taskmgr.exe 3296 taskmgr.exe 3296 taskmgr.exe 3296 taskmgr.exe 3296 taskmgr.exe 3296 taskmgr.exe 3296 taskmgr.exe 3296 taskmgr.exe 3296 taskmgr.exe 3296 taskmgr.exe 3296 taskmgr.exe 3296 taskmgr.exe 3296 taskmgr.exe 3296 taskmgr.exe 3296 taskmgr.exe 3296 taskmgr.exe 3296 taskmgr.exe 3296 taskmgr.exe 3296 taskmgr.exe 3296 taskmgr.exe 3296 taskmgr.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1456 LogonUI.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2876 wrote to memory of 3600 2876 cmd.exe 80 PID 2876 wrote to memory of 3600 2876 cmd.exe 80 PID 2968 wrote to memory of 2192 2968 chrome.exe 85 PID 2968 wrote to memory of 2192 2968 chrome.exe 85 PID 2968 wrote to memory of 4572 2968 chrome.exe 86 PID 2968 wrote to memory of 4572 2968 chrome.exe 86 PID 2968 wrote to memory of 4572 2968 chrome.exe 86 PID 2968 wrote to memory of 4572 2968 chrome.exe 86 PID 2968 wrote to memory of 4572 2968 chrome.exe 86 PID 2968 wrote to memory of 4572 2968 chrome.exe 86 PID 2968 wrote to memory of 4572 2968 chrome.exe 86 PID 2968 wrote to memory of 4572 2968 chrome.exe 86 PID 2968 wrote to memory of 4572 2968 chrome.exe 86 PID 2968 wrote to memory of 4572 2968 chrome.exe 86 PID 2968 wrote to memory of 4572 2968 chrome.exe 86 PID 2968 wrote to memory of 4572 2968 chrome.exe 86 PID 2968 wrote to memory of 4572 2968 chrome.exe 86 PID 2968 wrote to memory of 4572 2968 chrome.exe 86 PID 2968 wrote to memory of 4572 2968 chrome.exe 86 PID 2968 wrote to memory of 4572 2968 chrome.exe 86 PID 2968 wrote to memory of 4572 2968 chrome.exe 86 PID 2968 wrote to memory of 4572 2968 chrome.exe 86 PID 2968 wrote to memory of 4572 2968 chrome.exe 86 PID 2968 wrote to memory of 4572 2968 chrome.exe 86 PID 2968 wrote to memory of 4572 2968 chrome.exe 86 PID 2968 wrote to memory of 4572 2968 chrome.exe 86 PID 2968 wrote to memory of 4572 2968 chrome.exe 86 PID 2968 wrote to memory of 4572 2968 chrome.exe 86 PID 2968 wrote to memory of 4572 2968 chrome.exe 86 PID 2968 wrote to memory of 4572 2968 chrome.exe 86 PID 2968 wrote to memory of 4572 2968 chrome.exe 86 PID 2968 wrote to memory of 4572 2968 chrome.exe 86 PID 2968 wrote to memory of 4572 2968 chrome.exe 86 PID 2968 wrote to memory of 4572 2968 chrome.exe 86 PID 2968 wrote to memory of 2164 2968 chrome.exe 87 PID 2968 wrote to memory of 2164 2968 chrome.exe 87 PID 2968 wrote to memory of 4456 2968 chrome.exe 88 PID 2968 wrote to memory of 4456 2968 chrome.exe 88 PID 2968 wrote to memory of 4456 2968 chrome.exe 88 PID 2968 wrote to memory of 4456 2968 chrome.exe 88 PID 2968 wrote to memory of 4456 2968 chrome.exe 88 PID 2968 wrote to memory of 4456 2968 chrome.exe 88 PID 2968 wrote to memory of 4456 2968 chrome.exe 88 PID 2968 wrote to memory of 4456 2968 chrome.exe 88 PID 2968 wrote to memory of 4456 2968 chrome.exe 88 PID 2968 wrote to memory of 4456 2968 chrome.exe 88 PID 2968 wrote to memory of 4456 2968 chrome.exe 88 PID 2968 wrote to memory of 4456 2968 chrome.exe 88 PID 2968 wrote to memory of 4456 2968 chrome.exe 88 PID 2968 wrote to memory of 4456 2968 chrome.exe 88 PID 2968 wrote to memory of 4456 2968 chrome.exe 88 PID 2968 wrote to memory of 4456 2968 chrome.exe 88 PID 2968 wrote to memory of 4456 2968 chrome.exe 88 PID 2968 wrote to memory of 4456 2968 chrome.exe 88 PID 2968 wrote to memory of 4456 2968 chrome.exe 88 PID 2968 wrote to memory of 4456 2968 chrome.exe 88 PID 2968 wrote to memory of 4456 2968 chrome.exe 88 PID 2968 wrote to memory of 4456 2968 chrome.exe 88 PID 2968 wrote to memory of 4456 2968 chrome.exe 88 PID 2968 wrote to memory of 4456 2968 chrome.exe 88 PID 2968 wrote to memory of 4456 2968 chrome.exe 88 PID 2968 wrote to memory of 4456 2968 chrome.exe 88 PID 2968 wrote to memory of 4456 2968 chrome.exe 88 PID 2968 wrote to memory of 4456 2968 chrome.exe 88
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\link.txt1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2876 -
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\link.txt2⤵
- Opens file in notepad (likely ransom note)
PID:3600
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2968 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb6e07cc40,0x7ffb6e07cc4c,0x7ffb6e07cc582⤵PID:2192
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1832,i,14918880671145847948,7409017589158291884,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1828 /prefetch:22⤵PID:4572
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2064,i,14918880671145847948,7409017589158291884,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2124 /prefetch:32⤵PID:2164
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2204,i,14918880671145847948,7409017589158291884,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2220 /prefetch:82⤵PID:4456
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,14918880671145847948,7409017589158291884,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:1536
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3184,i,14918880671145847948,7409017589158291884,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3304 /prefetch:12⤵PID:4952
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3584,i,14918880671145847948,7409017589158291884,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4468 /prefetch:12⤵PID:2076
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4600,i,14918880671145847948,7409017589158291884,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4592 /prefetch:82⤵PID:2652
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4728,i,14918880671145847948,7409017589158291884,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4740 /prefetch:82⤵PID:832
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4796,i,14918880671145847948,7409017589158291884,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3580 /prefetch:82⤵PID:4804
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4940,i,14918880671145847948,7409017589158291884,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4948 /prefetch:82⤵PID:4032
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level2⤵
- Drops file in Windows directory
PID:3776 -
C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff7cfe24698,0x7ff7cfe246a4,0x7ff7cfe246b03⤵
- Drops file in Windows directory
PID:4872
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3580,i,14918880671145847948,7409017589158291884,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4948 /prefetch:82⤵PID:4560
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4676,i,14918880671145847948,7409017589158291884,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4876 /prefetch:82⤵PID:2576
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4592,i,14918880671145847948,7409017589158291884,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5124 /prefetch:82⤵PID:956
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5260,i,14918880671145847948,7409017589158291884,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5364 /prefetch:82⤵PID:3328
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5604,i,14918880671145847948,7409017589158291884,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4780 /prefetch:22⤵PID:5096
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3740,i,14918880671145847948,7409017589158291884,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5504 /prefetch:12⤵PID:2880
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5176,i,14918880671145847948,7409017589158291884,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5252 /prefetch:82⤵
- NTFS ADS
PID:2408
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:2084
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:4824
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:4812
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.5.7\" -spe -an -ai#7zMap26195:122:7zEvent255141⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4852
-
C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.5.7\Unlock_Tool_v2.5.7.exe"C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.5.7\Unlock_Tool_v2.5.7.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:1280 -
C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.5.7\Unlock_Tool_v2.5.7.exe"C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.5.7\Unlock_Tool_v2.5.7.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
PID:4044 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"3⤵
- Uses browser remote debugging
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2992 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb6e09cc40,0x7ffb6e09cc4c,0x7ffb6e09cc584⤵PID:556
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2092,i,16744914773432041194,1309009546585368384,262144 --variations-seed-version=20241110-180057.762000 --mojo-platform-channel-handle=2088 /prefetch:24⤵PID:4060
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1860,i,16744914773432041194,1309009546585368384,262144 --variations-seed-version=20241110-180057.762000 --mojo-platform-channel-handle=2124 /prefetch:34⤵PID:4796
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2268,i,16744914773432041194,1309009546585368384,262144 --variations-seed-version=20241110-180057.762000 --mojo-platform-channel-handle=2244 /prefetch:84⤵PID:3256
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3188,i,16744914773432041194,1309009546585368384,262144 --variations-seed-version=20241110-180057.762000 --mojo-platform-channel-handle=3208 /prefetch:14⤵
- Uses browser remote debugging
PID:2068
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3212,i,16744914773432041194,1309009546585368384,262144 --variations-seed-version=20241110-180057.762000 --mojo-platform-channel-handle=3396 /prefetch:14⤵
- Uses browser remote debugging
PID:1688
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4560,i,16744914773432041194,1309009546585368384,262144 --variations-seed-version=20241110-180057.762000 --mojo-platform-channel-handle=4596 /prefetch:14⤵
- Uses browser remote debugging
PID:2752
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4720,i,16744914773432041194,1309009546585368384,262144 --variations-seed-version=20241110-180057.762000 --mojo-platform-channel-handle=4556 /prefetch:84⤵PID:5048
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4816,i,16744914773432041194,1309009546585368384,262144 --variations-seed-version=20241110-180057.762000 --mojo-platform-channel-handle=4828 /prefetch:84⤵PID:4456
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4568,i,16744914773432041194,1309009546585368384,262144 --variations-seed-version=20241110-180057.762000 --mojo-platform-channel-handle=4936 /prefetch:84⤵PID:1220
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4504,i,16744914773432041194,1309009546585368384,262144 --variations-seed-version=20241110-180057.762000 --mojo-platform-channel-handle=4532 /prefetch:84⤵PID:3312
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"3⤵
- Uses browser remote debugging
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:4180 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0xfc,0x130,0x7ffb6e0a3cb8,0x7ffb6e0a3cc8,0x7ffb6e0a3cd84⤵PID:892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,16664262538629924640,9211131853878926562,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1884 /prefetch:24⤵PID:836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1872,16664262538629924640,9211131853878926562,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
PID:2968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1872,16664262538629924640,9211131853878926562,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2592 /prefetch:84⤵PID:456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=1872,16664262538629924640,9211131853878926562,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:14⤵
- Uses browser remote debugging
PID:1924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=1872,16664262538629924640,9211131853878926562,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:14⤵
- Uses browser remote debugging
PID:1756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,16664262538629924640,9211131853878926562,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1876 /prefetch:24⤵PID:1216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,16664262538629924640,9211131853878926562,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2244 /prefetch:24⤵PID:1148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,16664262538629924640,9211131853878926562,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2016 /prefetch:24⤵PID:2216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,16664262538629924640,9211131853878926562,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=4580 /prefetch:24⤵PID:2204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,16664262538629924640,9211131853878926562,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=4780 /prefetch:24⤵PID:2072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=1872,16664262538629924640,9211131853878926562,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2244 /prefetch:14⤵
- Uses browser remote debugging
PID:2124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=1872,16664262538629924640,9211131853878926562,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:14⤵
- Uses browser remote debugging
PID:2792
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1872,16664262538629924640,9211131853878926562,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3560 /prefetch:84⤵
- Suspicious behavior: EnumeratesProcesses
PID:4004
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\CBFBGCGIJKJJ" & exit3⤵
- System Location Discovery: System Language Discovery
PID:2084 -
C:\Windows\SysWOW64\timeout.exetimeout /t 104⤵
- System Location Discovery: System Language Discovery
- Delays execution with timeout.exe
PID:1472
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 3242⤵
- Program crash
PID:1604
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1280 -ip 12801⤵PID:1456
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:4616
-
C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.5.7\Unlock_Tool_v2.5.7.exe"C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.5.7\Unlock_Tool_v2.5.7.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:3012 -
C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.5.7\Unlock_Tool_v2.5.7.exe"C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.5.7\Unlock_Tool_v2.5.7.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
PID:1200 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"3⤵
- Uses browser remote debugging
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
PID:2256 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb6e09cc40,0x7ffb6e09cc4c,0x7ffb6e09cc584⤵PID:3208
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2348,i,10942318210003451403,11847958584250213741,262144 --variations-seed-version=20241110-180057.762000 --mojo-platform-channel-handle=2344 /prefetch:24⤵PID:5004
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1776,i,10942318210003451403,11847958584250213741,262144 --variations-seed-version=20241110-180057.762000 --mojo-platform-channel-handle=2452 /prefetch:34⤵PID:1072
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1956,i,10942318210003451403,11847958584250213741,262144 --variations-seed-version=20241110-180057.762000 --mojo-platform-channel-handle=2572 /prefetch:84⤵PID:3608
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,10942318210003451403,11847958584250213741,262144 --variations-seed-version=20241110-180057.762000 --mojo-platform-channel-handle=3164 /prefetch:14⤵
- Uses browser remote debugging
PID:3400
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3172,i,10942318210003451403,11847958584250213741,262144 --variations-seed-version=20241110-180057.762000 --mojo-platform-channel-handle=3216 /prefetch:14⤵
- Uses browser remote debugging
PID:764
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4484,i,10942318210003451403,11847958584250213741,262144 --variations-seed-version=20241110-180057.762000 --mojo-platform-channel-handle=4392 /prefetch:14⤵
- Uses browser remote debugging
PID:3352
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4680,i,10942318210003451403,11847958584250213741,262144 --variations-seed-version=20241110-180057.762000 --mojo-platform-channel-handle=4628 /prefetch:84⤵PID:4320
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4636,i,10942318210003451403,11847958584250213741,262144 --variations-seed-version=20241110-180057.762000 --mojo-platform-channel-handle=4672 /prefetch:84⤵PID:2324
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4908,i,10942318210003451403,11847958584250213741,262144 --variations-seed-version=20241110-180057.762000 --mojo-platform-channel-handle=4964 /prefetch:84⤵PID:4796
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4916,i,10942318210003451403,11847958584250213741,262144 --variations-seed-version=20241110-180057.762000 --mojo-platform-channel-handle=4744 /prefetch:84⤵PID:1620
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"3⤵
- Uses browser remote debugging
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:1400 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb6e0a3cb8,0x7ffb6e0a3cc8,0x7ffb6e0a3cd84⤵PID:1472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,4748077263743607548,11418494200782114523,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1880 /prefetch:24⤵PID:940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,4748077263743607548,11418494200782114523,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
PID:1996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,4748077263743607548,11418494200782114523,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:84⤵PID:1452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=1888,4748077263743607548,11418494200782114523,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:14⤵
- Uses browser remote debugging
PID:4972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=1888,4748077263743607548,11418494200782114523,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:14⤵
- Uses browser remote debugging
PID:4320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,4748077263743607548,11418494200782114523,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1892 /prefetch:24⤵PID:1796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,4748077263743607548,11418494200782114523,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2528 /prefetch:24⤵PID:3208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,4748077263743607548,11418494200782114523,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=4784 /prefetch:24⤵PID:5100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,4748077263743607548,11418494200782114523,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2316 /prefetch:24⤵PID:2964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,4748077263743607548,11418494200782114523,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=4856 /prefetch:24⤵PID:3768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=1888,4748077263743607548,11418494200782114523,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3748 /prefetch:14⤵
- Uses browser remote debugging
PID:4292
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=1888,4748077263743607548,11418494200782114523,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:14⤵
- Uses browser remote debugging
PID:4924
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\HIIIIEGHDGDB" & exit3⤵
- System Location Discovery: System Language Discovery
PID:4756 -
C:\Windows\SysWOW64\timeout.exetimeout /t 104⤵
- System Location Discovery: System Language Discovery
- Delays execution with timeout.exe
PID:2548
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 2722⤵
- Program crash
PID:912
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 3012 -ip 30121⤵PID:1672
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:3668
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.5.7\Readme.txt1⤵
- Opens file in notepad (likely ransom note)
PID:2816
-
C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.5.7\Unlock_Tool_v2.5.7.exe"C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.5.7\Unlock_Tool_v2.5.7.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:4572 -
C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.5.7\Unlock_Tool_v2.5.7.exe"C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.5.7\Unlock_Tool_v2.5.7.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
PID:2820 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"3⤵
- Uses browser remote debugging
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:2992 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb6e09cc40,0x7ffb6e09cc4c,0x7ffb6e09cc584⤵PID:2812
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1892,i,13164151289968934554,12699120127595853536,262144 --variations-seed-version=20241110-180057.762000 --mojo-platform-channel-handle=1888 /prefetch:24⤵PID:4668
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1828,i,13164151289968934554,12699120127595853536,262144 --variations-seed-version=20241110-180057.762000 --mojo-platform-channel-handle=1904 /prefetch:34⤵PID:1176
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2216,i,13164151289968934554,12699120127595853536,262144 --variations-seed-version=20241110-180057.762000 --mojo-platform-channel-handle=2188 /prefetch:84⤵PID:4624
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,13164151289968934554,12699120127595853536,262144 --variations-seed-version=20241110-180057.762000 --mojo-platform-channel-handle=3184 /prefetch:14⤵
- Uses browser remote debugging
PID:2464
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3196,i,13164151289968934554,12699120127595853536,262144 --variations-seed-version=20241110-180057.762000 --mojo-platform-channel-handle=3212 /prefetch:14⤵
- Uses browser remote debugging
PID:3528
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4288,i,13164151289968934554,12699120127595853536,262144 --variations-seed-version=20241110-180057.762000 --mojo-platform-channel-handle=4512 /prefetch:14⤵
- Uses browser remote debugging
PID:1480
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4664,i,13164151289968934554,12699120127595853536,262144 --variations-seed-version=20241110-180057.762000 --mojo-platform-channel-handle=4672 /prefetch:84⤵PID:3668
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4792,i,13164151289968934554,12699120127595853536,262144 --variations-seed-version=20241110-180057.762000 --mojo-platform-channel-handle=4636 /prefetch:84⤵PID:2392
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4876,i,13164151289968934554,12699120127595853536,262144 --variations-seed-version=20241110-180057.762000 --mojo-platform-channel-handle=4840 /prefetch:84⤵PID:2272
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4900,i,13164151289968934554,12699120127595853536,262144 --variations-seed-version=20241110-180057.762000 --mojo-platform-channel-handle=3836 /prefetch:84⤵PID:2724
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"3⤵
- Uses browser remote debugging
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:4272 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb6e0a3cb8,0x7ffb6e0a3cc8,0x7ffb6e0a3cd84⤵PID:480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1856,8477805851381031518,11196880635084295594,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1868 /prefetch:24⤵PID:1644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1856,8477805851381031518,11196880635084295594,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
PID:3184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1856,8477805851381031518,11196880635084295594,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:84⤵PID:8
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=1856,8477805851381031518,11196880635084295594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:14⤵
- Uses browser remote debugging
PID:4936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=1856,8477805851381031518,11196880635084295594,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:14⤵
- Uses browser remote debugging
PID:4220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1856,8477805851381031518,11196880635084295594,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1868 /prefetch:24⤵PID:4340
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1856,8477805851381031518,11196880635084295594,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2268 /prefetch:24⤵PID:1672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1856,8477805851381031518,11196880635084295594,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=4392 /prefetch:24⤵PID:2216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1856,8477805851381031518,11196880635084295594,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=4376 /prefetch:24⤵PID:1964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1856,8477805851381031518,11196880635084295594,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=4296 /prefetch:24⤵PID:4728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=1856,8477805851381031518,11196880635084295594,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3668 /prefetch:14⤵
- Uses browser remote debugging
PID:1396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=1856,8477805851381031518,11196880635084295594,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3648 /prefetch:14⤵
- Uses browser remote debugging
PID:1364
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\KEGIDHJKKJDG" & exit3⤵
- System Location Discovery: System Language Discovery
PID:4732 -
C:\Windows\SysWOW64\timeout.exetimeout /t 104⤵
- System Location Discovery: System Language Discovery
- Delays execution with timeout.exe
PID:4112
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4572 -s 2762⤵
- Program crash
PID:4144
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 356 -p 4572 -ip 45721⤵PID:3888
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:5016
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /01⤵
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
PID:3296
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://appdata/1⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:2392 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb5d763cb8,0x7ffb5d763cc8,0x7ffb5d763cd82⤵PID:1476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,10794708012715116967,7377360237455130098,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1964 /prefetch:22⤵PID:1148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,10794708012715116967,7377360237455130098,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 /prefetch:32⤵PID:2720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,10794708012715116967,7377360237455130098,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:82⤵PID:3432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,10794708012715116967,7377360237455130098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:12⤵PID:4284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,10794708012715116967,7377360237455130098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:12⤵PID:5016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,10794708012715116967,7377360237455130098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:12⤵PID:788
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2988
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3240
-
C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.5.7\Unlock_Tool_v2.5.7.exe"C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.5.7\Unlock_Tool_v2.5.7.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:4936 -
C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.5.7\Unlock_Tool_v2.5.7.exe"C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.5.7\Unlock_Tool_v2.5.7.exe"2⤵
- Executes dropped EXE
PID:2548
-
-
C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.5.7\Unlock_Tool_v2.5.7.exe"C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.5.7\Unlock_Tool_v2.5.7.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Checks processor information in registry
PID:132 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"3⤵
- Uses browser remote debugging
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:3940 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb5d61cc40,0x7ffb5d61cc4c,0x7ffb5d61cc584⤵PID:4544
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1980,i,11576836437265080423,14736619475730684286,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1972 /prefetch:24⤵PID:3932
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1816,i,11576836437265080423,14736619475730684286,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2012 /prefetch:34⤵PID:4860
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2204,i,11576836437265080423,14736619475730684286,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2220 /prefetch:84⤵PID:2576
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3176,i,11576836437265080423,14736619475730684286,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3196 /prefetch:14⤵
- Uses browser remote debugging
PID:2196
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3204,i,11576836437265080423,14736619475730684286,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3240 /prefetch:14⤵
- Uses browser remote debugging
PID:4628
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4540,i,11576836437265080423,14736619475730684286,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4260 /prefetch:14⤵
- Uses browser remote debugging
PID:2880
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4648,i,11576836437265080423,14736619475730684286,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3180 /prefetch:84⤵PID:3972
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4784,i,11576836437265080423,14736619475730684286,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4776 /prefetch:84⤵PID:1592
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4860,i,11576836437265080423,14736619475730684286,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4656 /prefetch:84⤵PID:392
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4980,i,11576836437265080423,14736619475730684286,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4988 /prefetch:84⤵PID:2224
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"3⤵
- Uses browser remote debugging
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:2580 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb6d923cb8,0x7ffb6d923cc8,0x7ffb6d923cd84⤵PID:3324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1856,8483190692358323740,3257879979809603758,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:24⤵PID:1964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1856,8483190692358323740,3257879979809603758,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:34⤵PID:3992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1856,8483190692358323740,3257879979809603758,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:84⤵PID:2164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=1856,8483190692358323740,3257879979809603758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:14⤵
- Uses browser remote debugging
PID:5048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=1856,8483190692358323740,3257879979809603758,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:14⤵
- Uses browser remote debugging
PID:788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1856,8483190692358323740,3257879979809603758,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1852 /prefetch:24⤵PID:4700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1856,8483190692358323740,3257879979809603758,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2780 /prefetch:24⤵PID:776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1856,8483190692358323740,3257879979809603758,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=4780 /prefetch:24⤵PID:1708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1856,8483190692358323740,3257879979809603758,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=1884 /prefetch:24⤵PID:5076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1856,8483190692358323740,3257879979809603758,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=4908 /prefetch:24⤵PID:3120
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=1856,8483190692358323740,3257879979809603758,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2060 /prefetch:14⤵
- Uses browser remote debugging
PID:4220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=1856,8483190692358323740,3257879979809603758,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2248 /prefetch:14⤵
- Uses browser remote debugging
PID:2300
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\IIDHJDGCGDAA" & exit3⤵
- System Location Discovery: System Language Discovery
PID:4432 -
C:\Windows\SysWOW64\timeout.exetimeout /t 104⤵
- System Location Discovery: System Language Discovery
- Delays execution with timeout.exe
PID:2068
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 2922⤵
- Program crash
PID:2116
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 4936 -ip 49361⤵PID:3560
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:2204
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:3196
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x4 /state0:0xa3945055 /state1:0x41c64e6d1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:1456
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding1⤵PID:1232
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding1⤵PID:3184
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding1⤵PID:1588
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding1⤵PID:3724
-
C:\Windows\system32\bootim.exebootim.exe /startpage:11⤵
- Drops file in System32 directory
- Drops file in Windows directory
PID:3468
Network
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Modify Authentication Process
1Steal Web Session Cookie
1Unsecured Credentials
4Credentials In Files
4Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
114KB
MD51ac9296bf54211fc69a717d265d08da7
SHA184aa58b01e344562626c039a6befe45aa50480a4
SHA2562663aa18fa523dd88df4d099e859c78e8f488ed3ab2037156a0218d9d00ec46b
SHA5129df862aca72a3f706c1fefd02fbca3f6f5b4e2b2c27fe336a5a60e86cbc81b4ab5edce0e618d766d08ed335a84f7b8617bf94fef48f6737f3b04f5a612e11a3b
-
Filesize
10KB
MD5a6ac8b6edf32a108b43903e68f593429
SHA1100a1dd3c0dce4142dc987f71a7b6719e58c2cb0
SHA2564c2c8c6c8cf4d458b97e9572832f3b7d3a91b2d041199c94cdf3addeeab3c39c
SHA512066fdabd384413f1fcefcce4b6f9a64a9a7c8bcfd2dc7ea44dd9fd9b4960b6a9af812a1d051aa9eb7197913d4915c9208ef72fdbc3de2a865c9fa91438eb9e54
-
Filesize
116KB
MD54e2922249bf476fb3067795f2fa5e794
SHA1d2db6b2759d9e650ae031eb62247d457ccaa57d2
SHA256c2c17166e7468877d1e80822f8a5f35a7700ac0b68f3b369a1f4154ae4f811e1
SHA5128e5e12daf11f9f6e73fb30f563c8f2a64bbc7bb9deffe4969e23081ec1c4073cdf6c74e8dbcc65a271142083ad8312ec7d59505c90e718a5228d369f4240e1da
-
Filesize
112KB
MD587210e9e528a4ddb09c6b671937c79c6
SHA13c75314714619f5b55e25769e0985d497f0062f2
SHA256eeb23424586eb7bc62b51b19f1719c6571b71b167f4d63f25984b7f5c5436db1
SHA512f8cb8098dc8d478854cddddeac3396bc7b602c4d0449491ecacea7b9106672f36b55b377c724dc6881bee407c6b6c5c3352495ed4b852dd578aa3643a43e37c0
-
Filesize
40KB
MD5a182561a527f929489bf4b8f74f65cd7
SHA18cd6866594759711ea1836e86a5b7ca64ee8911f
SHA25642aad7886965428a941508b776a666a4450eb658cb90e80fae1e7457fc71f914
SHA5129bc3bf5a82f6f057e873adebd5b7a4c64adef966537ab9c565fe7c4bb3582e2e485ff993d5ab8a6002363231958fabd0933b48811371b8c155eaa74592b66558
-
Filesize
46KB
MD514ccc9293153deacbb9a20ee8f6ff1b7
SHA146b4d7b004ff4f1f40ad9f107fe7c7e3abc9a9f3
SHA2563195ce0f7aa2eae2b21c447f264e2bd4e1dc5208353ac72d964a750de9a83511
SHA512916f2178be05dc329461d2739271972238b22052b5935883da31e6c98d2697bd2435c9f6a2d1fcafb4811a1d867c761055532669aac2ea1a3a78c346cdeba765
-
Filesize
96KB
MD540f3eb83cc9d4cdb0ad82bd5ff2fb824
SHA1d6582ba879235049134fa9a351ca8f0f785d8835
SHA256cdd772b00ae53d4050150552b67028b7344bb1d345bceb495151cc969c27a0a0
SHA512cdd4dbf0b1ba73464cd7c5008dc05458862e5f608e336b53638a14965becd4781cdea595fd6bd18d0bf402dccffd719da292a6ce67d359527b4691dc6d6d4cc2
-
Filesize
5.0MB
MD5ef92db00a08398092891d5b25d4950a2
SHA118f078cfff3a4fb1fa40974e2999ec7ae9268be3
SHA256a0482b9c521ff1b1ea4a7f7eb7b7aab1d473455184c662cae75d382751ca8020
SHA5128a0366ebd34ec0c632427fff62b7d4fc38b470c57bcfc150e51f180d42140d969d41522683f857b8e7dab65f4c58c07b0bd830c2c339d4e242ba642b36076f84
-
Filesize
593KB
MD5c8fd9be83bc728cc04beffafc2907fe9
SHA195ab9f701e0024cedfbd312bcfe4e726744c4f2e
SHA256ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a
SHA512fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040
-
Filesize
2.0MB
MD51cc453cdf74f31e4d913ff9c10acdde2
SHA16e85eae544d6e965f15fa5c39700fa7202f3aafe
SHA256ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5
SHA512dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571
-
Filesize
40B
MD576025b9fb7201faad57e95ac873e37eb
SHA125c01eb7d9a63723eac365d764e96e45e953a5c1
SHA25603bb8cf70d96e562ff19d80ef9a01f8255aaa1a6ffa2005dbc004bb718e05269
SHA5126f5c8680823f3fc01c4668585518a1a535959ec456bca88f81eebe0484dc6cf6bbc40044db4ac7d18798529a20feca039bd986f243db817f27df220a7917a28f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\690dc1d3-7154-401a-8aa4-1de5c5d955de.tmp
Filesize1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
Filesize
649B
MD511bcbac99ca3e63af4f1a033031f6ad1
SHA1629c5a06dc8b5caec032d9e237b55e54d35f89dd
SHA25635e4531eab3c9c2b38c0248b50804366e2aa0456e75bf9ebca511a8405d192aa
SHA5122b428763c4e9438c4df20b940d6cbb94f1898844eba10b910428548e6c3547302648d0410d15e4e88755d9f8318f3e5c3ba52ff7118c840093bf8f4e3b7e3323
-
Filesize
44KB
MD5abe981778ae776a933a949dc421b146e
SHA1b245efe1664ed04a1dd6dea336c978f6aa906305
SHA256cf5bc2c79a1fe6f2992789718d16c9c3ace4a959ecee76a6bc54919de8d5fd8b
SHA512f6d8a53f1ddfd5c761c66aa547c7fcb395f51ca3635e1fa99c1e97488602e9f0c01e26b8735a976cc0cded3fabe55542238d39d8aea55e767ee48d2ecb50c1a8
-
Filesize
264KB
MD5086c411a70ceeb61458e1c3be9588e89
SHA122b6ee84a5f1099ce0abd428c70725f52186e7e5
SHA2564271a71e2b6c912004840d86a33092c6d8dbd2b6c09b6adf1431a809b7bd619c
SHA51210a4e08467108b86750ecf73a10ee3af793f57fc419a4f26b5a8a8d8beb5f6fc717d7ad64d63d940d0a2711853891897e723bcc6087abd3dfc8efcc9135d2688
-
Filesize
1.0MB
MD5cf217d712c4bf0982f5b4cbae6ddde5a
SHA1ea362dc171ac45038fb7771d2182c72d368d93fb
SHA25647bae565499a3df35910a66663b3a138ccf93dd55a23f65def59614c3e425467
SHA512961f9a710a18919decae3530b1b53b0ca7816712cb9ad4277b00ef49de0066d49003a2696754519fbd577f82f7b05d1c0859e8a5215793c909a9abac4b362442
-
Filesize
4.0MB
MD513f611ecc23835d577808f7cedcf642a
SHA122bc223009aabe957da735724c32b93980a798c9
SHA25606ce2a9cff4f538db09c3d92f6a3ae3fe88ad056e2c0b2b004938f1e2ce278ba
SHA512cea2db84eef00d3ebd07f41e7cbb1f59249bc14c7ac204f6ec4b443060c438bd6c2f0420334eb18829b5849ba83ecaee1942c00c66482d7d16db88fdfc4eac93
-
Filesize
36KB
MD52767f16817ff475686ffb8da264ee4e3
SHA17b91a3814c30032c1e86d22bf2afdf1ec64eaeec
SHA2567b4168d3a1ecacca7b55c7b746e52c37a3a0370fa725a1d72247adcfa73fb730
SHA512bb614af4914558bc2050fcba9d0a49a95bd5663b15cb897d156c2b1519430a6d50cde3601b3516bcd4aeca167837a17ac927456d399cfc746e5f6bdebbe2dd68
-
Filesize
62KB
MD524393e2ccc4e7a164f062df993d27335
SHA1c8f960244677439e72295d499440f295ae5be7c5
SHA2563ecbdf289749ebf07b749a91eb3db3d1f8fc338e5cae2dae22730fb893736130
SHA512a675af57b19197f17a1be1351c3cee6a291f23dc2614081bd7bd71adbe5eb0d191c4d50b295d43b3a002d48454a24ef9e4dc52510f2db54dcfe0c8e71948d10c
-
Filesize
38KB
MD5d4586933fabd5754ef925c6e940472f4
SHA1a77f36a596ef86e1ad10444b2679e1531995b553
SHA2566e1c3edffec71a01e11e30aa359952213ac2f297c5014f36027f308a18df75d2
SHA5126ce33a8da7730035fb6b67ed59f32029c3a94b0a5d7dc5aa58c9583820bb01ef59dd55c1c142f392e02da86c8699b2294aff2d7c0e4c3a59fce5f792c749c5ce
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json
Filesize851B
MD507ffbe5f24ca348723ff8c6c488abfb8
SHA16dc2851e39b2ee38f88cf5c35a90171dbea5b690
SHA2566895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c
SHA5127ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_metadata\computed_hashes.json
Filesize4KB
MD57a3448db5fa5835d53a800aaa881be43
SHA12648c873fb8f04ab6ab5ad08f237d9960ec9da80
SHA25673c4b3145bc4cc4c936ddae8ec853c3bd6302b7ad4a98cb82df44563b3e0995a
SHA512f7d91d6dfcdcc2a14ef69bfdd6499eedf39c65700cf96c2474c067fb2f02c31eb344736ef5f66d37facc00858620e1e501bfae2f3596659b93368a44041abb4d
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_metadata\verified_contents.json
Filesize11KB
MD5f897300492e3ab467e56883d23d02d77
SHA1decd6dc9e70eccf9b45983147680614c019b99ea
SHA256f9b3a5747dedcb5aed58fcfc0f4fd3bd2f2e903f2ccef90a92a73dbc0f8c3dbd
SHA512b8ac574e24814baf04a264e7f3f00b4285cd7b66104dfc77897440a898fca5230775300ec7def723678975a04c2cd1bc73a44f77da26262e8704029930990c62
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json
Filesize854B
MD54ec1df2da46182103d2ffc3b92d20ca5
SHA1fb9d1ba3710cf31a87165317c6edc110e98994ce
SHA2566c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6
SHA512939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d
-
Filesize
44KB
MD52cd6def41399a166ee7e007fe372df32
SHA1362b64bec21f65f6b0cb3601b42ba3ad34a0f1c6
SHA256aaeed4c46667bf90ec619ab538ecd5e9cfd5701c1ad2b8b6d4d270258ac87693
SHA51278e95c7fd6737b97305f8990f16405398a021d6fbb3f50cc59d6294462c113cc1054d91160c21fa7e8d9adc1db6b755f30d6da8454f017d98acd6749793bfc4a
-
Filesize
264KB
MD580f5be18640d239efc41cf2264194838
SHA105ded07d5b5c44f6d2d968e1513127a4f36890fb
SHA2561bae550632e6394a62ece90f1b36eb8825b638ae9599fab7019537d6a721eaec
SHA5127fb38717771954b8a85683d1ea8215dcc16960e65930dd764d47262709b77f1ff7a4f4aaa680bdd402286287cb790e2109d6c2fdd6b4fed368793b2bf7ec87a0
-
Filesize
1.0MB
MD561c252bd092f4508e9e14239fa38b6d9
SHA19f7ba481f9062f575542131f9c820dd6acaba3a0
SHA25600d5a696462456ec674917095d57e6b3b40b969b7a08763f50d8438853c720a1
SHA512f7fd84993b390fdc95e7c6631a97d5de3fb4f754f305e82fc9a754dcf9a0347f1df2c35e762576a2e9e3aaf44db72d1bb9d657cef88e53b4f61181e0ff8d3108
-
Filesize
4.0MB
MD5cfa172a650b84b3abdbcc47097ea7b57
SHA15b45943b506c37225942826c102fcca6bb743847
SHA25674581baa80a130006b3dd5628aa4845b20089bb80a5c5710c459e2708c95b038
SHA512fd8626ec91e0b48a17bfe1bbf51ff8419717f631109ea2ca39b908dbc06d7628b4ff5d861bee7bc2070685c59a63c9c3759db1cb589299a0cf430a7d3b5dabfe
-
Filesize
160KB
MD5a3e51c1be31c3d89f6b33facfc9704a8
SHA1034aaf77352e7b62e2a09c68763ae27b652a3a56
SHA256c6de67b918175696827ca98b3ef73daf73186d3d2e7f68f0df3d93d95ec43fa2
SHA512347b86c867e735b7a23ba687f37927b22cdaabcf80a3ada4e27917de33b89e5039ce165e118308ed7eb86b1a7efddd6c9536c8eaf6e7e27eddb17abbc43688b4
-
Filesize
332B
MD5f9186304f713a120525552dfdaff2b45
SHA18a7df2d472ba47047b2237d02485cd4b86ac8965
SHA256faf4c9554376136f6339b88b5a110300c60cae60d9828fda8eb394c0289598da
SHA51233cd0e5cbeb710813c0d9ffa25e43dfbadf79b0ec0cb9f4bb0cb9005662fc44c3417b87ab9cbc04b45cd1bd36cb73656b5f016caf4987f0f595c1351359f91b2
-
Filesize
20KB
MD533be0c8c3f5bf7c9edf049611efed046
SHA1f357acc5b935a3faee9732c0e19dc615ab8d0498
SHA25652b7e77ca813671aabba0f98ea5177d206804b0319757e68291d03ea3260feac
SHA512f5a52a0a73ee5e1c48f197b5365d07cb3286afcf4cf256a7c2dbee3058453ed56a704ed17a4fe1092418b3767a1679495ea36175d2ddd85a63b0c2531d8bca4f
-
Filesize
2KB
MD554b1d341225d015b82f0112ad4d3f983
SHA1db4a83f597416254b4aefdffc9d52f3b26193ad1
SHA2563f4e01599f063047c70894f2edca74f4839ce78493b0f3e7cce9d91b0afec56c
SHA51237f8aac791a7d550c4495d4bad14ae824a4aca64557a8d6b023953ce4193a6fb7d918083d24e533d8d0fc45355736088c428bacda403458baadb587097b7687e
-
Filesize
36KB
MD5b02551a75bacdae2619ec235278995c9
SHA1dffc20cbf439e317071030d258a1b9ef6539a864
SHA25626429e8033ba48db60ce282da2955e48ed9b3d70c8ebfc7547d84caede0d35db
SHA512d7a370eaa418bb9a7a3ccbb93fedd11b27f834c6da5184b70f87d10536703d9ae3af075058a7b6c9493af3f12e80f834de4f181d0ea6003e6d2f39dd5613bee1
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
690B
MD5e342f2d50875abf37d38903b517105dc
SHA145d1eb932663caf0f625414ada8f4d481a93d837
SHA2565c12a4515fd9ecf250a3720e8073283f7e5249c1cd6b8a714fafdd4e163b36d2
SHA512d1110a288f7a306d54072ba04329003d35d28ab35e0d0e1604b31fbf68ccc0bc6b6fd58e9fd63ef3b872392f377c58a4af8056db259c6012d695cb4a7db54c3e
-
Filesize
9KB
MD5cebda50ade32a4158545d006bb127bf0
SHA1fa4f0dd455470be9061065c00de0692b44b9c1ee
SHA256a4dcdbccdfc679320a4c991320dea1250f04e237e33f485fa7799bdedd8ad7cd
SHA5121b257d8d8dcb15768159501f81edbcbe077fea9163b626bedbe3da27c426743c180523fc5d7c80a8f7347aa22db47b44327db7acc729119ebf0d19ca97e35459
-
Filesize
9KB
MD5296a787dce9bc9b03bd39f9fd5ca6524
SHA1a3187468e521807017d4c3cabfd2338266f45436
SHA256a9a4a94e9a61711bcedc13468f6db1e15ed170a8c5bd6176f0ec3c69ec167c37
SHA512d891d0eab6980bd292398a1de3aa78aaa336920a4dd2d477c990c46a8ce39dbc6e014398f7f5944d42fe4205ac32132442290904e99119bcc17a6b83a8559513
-
Filesize
9KB
MD5de278fe7a5dcab21f2fa8bfcd2dc17b3
SHA12a929f95e2a75eff49d308e8580d49625c62fdbf
SHA256857d5b330a437af6945e75bd7d4a04bf4adb1caac0e9ad0768386935dff2c48f
SHA512728c4cbef87bad322d88ce1196b93d13e7313188d36fcedcf8b91d43436c0b5d0ece6e3c1e5fd9cd52ab2f866b3c9e7f925bbd3ff22e2171b25f8916109a92d3
-
Filesize
15KB
MD5ab967d234c9dad2c1d1fff64c801ca1a
SHA19f6dbc09edd76345e68c9a717d12c215dbd64425
SHA256f8d210bc62c11fffe7fb7dc00e54178710ca40a3980038fb6b8f84bf57ae6688
SHA512b3dfb0a96bf5dcb8b6595fee24e885a296e4672f090e68693b4d8472d04403e0e0b5f73e85bbeeb51c9d5a3ab63392aafe62e343b7acc15d4ae1b23eafa72e4c
-
Filesize
3KB
MD5615f3fadee975b48cf9e7ab10fd2ac57
SHA1c8701433b9dee915bd657a29a1cd858a62fa704f
SHA256b2e58e4a9cfc11488459655159b6a95d7a90a5b547a26b4b6b25e435903cc20a
SHA512a76444241c069e6cd25fbbfbd5c5d0317e150e53c430018d220bb3e5e9dbcc13405d5aaf6a7a522319a1b6762303c1164eb4a43a19afb801082c28ca9ecbfb2b
-
Filesize
336B
MD5265397158c84fd4c5c498d260523a8d2
SHA11a3ff443e2d2a3e3c6395f5a20ca75a2d6ab8356
SHA2560000eab1b4aaf3d3375c3202e4aba39bdb789115af294917acabd15d35b67e55
SHA5125b292e1656a9b3586188480daedf7f80b35785cfe0cf4040aac7f162ce6b70aaa53814a62355dd5a15f207614ca1928579ec0df6be021a1ccbe17ead382378c0
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize72B
MD5a4345860d2ba5f4a9d0e9c0156d7abfc
SHA1a668be9105a4c34d9bc2e3f571263d79885155d6
SHA2561d5161549b5053f4b6ea780af5decddda06927205333fe671066f6f026ff694a
SHA5126a2e3cf3fe779ccda8ad72a99ef099a1f8f745e388e5226301b72722a6000d2ed4a567adc24f32dfeca8ba3611373fba87fc90b26e13cce17f70c95ab2882dc6
-
Filesize
320B
MD538e4357ac9053858e1f8afc8766b41f9
SHA127d7f104dd9dbaf669a5ef727f1a856fbc961422
SHA256cb587b18db0235545b8bdcb471158eedf78c3100c121f9582875250b3b71a5a4
SHA512bffe5d8b895f5b7c46d7a5791e0bbedadbae9d367f1b3c2f1b1016660921c65c552e17ef8220a3a8c2bf31b2461894af52fcd12d4d2abaa88432becd68ddc642
-
Filesize
348B
MD5ee1facbe56770a070fae0d2967fc526c
SHA14d815f34636db41c3b4918bb1213f87de306f593
SHA2564c797f2822972e691ee999d3ef2b836c00741551e82328d3805a84442518c111
SHA5129edd0cea8c9c9812a2f5dfb8e174a972b4772905d36e5b38ebb39dd63976e1b272eb87921969c744f24e7194203ab69f7443be9439ee037c9e28367ad220632c
-
Filesize
321B
MD5227ee12d525a1aef1bce5034a3eb8c37
SHA1a708983aa4b82387ad88bcc1c710edc2103078a1
SHA256c321e04101a7c310d6febc2fee6b2e22e08e0b52e075457c1423164c307d2650
SHA512915a66e5546ba03dcb79a3c330d4d3df87f3fb3903abc1aaad63c14a1d0459b8c52364ce9ef054ea204f1254bb32c226bcab7fcd9f79f767e5e068db23593076
-
Filesize
40KB
MD50c62ee6bf74cd8447df5d9fc9511656d
SHA1a5cd62808320981dfbfea3953c335d9fe1b63380
SHA2566b957cfd2d5b69bfcf3fc5c9ff873f9fe030d617f3016a84887ef8d1fa200aaa
SHA51267eb36ea260bd7d6e5d1f93e7fc04573e2733edcc0520d6ef2424b46d1f46c0294487c21084f2ba38afefdb78e26cc4be6eb80ed9a6d20003eceab8886c0b956
-
Filesize
8KB
MD54042d51cfc96ca87daca393b8ee4978d
SHA18899ec40d409c6f1232a3c31ee0fca67c25bccfc
SHA25635ac8dda5a5e7193c36bd0a2e76de8fe804829dc549b7755b0575ee9c4d04706
SHA5127c25b0137c5815806d2f2aa86866f17d886522bf347137bf319b3e167b40245cd93316d4fdb9c14223261aa187b57a7b8750eb2476b33ca3c97a35101b3724e4
-
Filesize
338B
MD5b837defdc04490323306ea6230a57471
SHA11751e0f6d37c2cd5b02cc3e0f19fa7143e89975d
SHA2568fa1dd2c92c5fed92894d557d597d76818aee3ffc040c1e4eb05f771947ac99a
SHA51234e1d59c0e257f9a41b0ed78587e3f5860e23b7b482c7446f6800c88f8902b4c81822f12f5d866d77c98dd227eefb99a551e679b2a8c833aa2a2a469f019ec0d
-
Filesize
106B
MD5de9ef0c5bcc012a3a1131988dee272d8
SHA1fa9ccbdc969ac9e1474fce773234b28d50951cd8
SHA2563615498fbef408a96bf30e01c318dac2d5451b054998119080e7faac5995f590
SHA512cea946ebeadfe6be65e33edff6c68953a84ec2e2410884e12f406cac1e6c8a0793180433a7ef7ce097b24ea78a1fdbb4e3b3d9cdf1a827ab6ff5605da3691724
-
Filesize
14B
MD5ef48733031b712ca7027624fff3ab208
SHA1da4f3812e6afc4b90d2185f4709dfbb6b47714fa
SHA256c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99
SHA512ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029
-
Filesize
232KB
MD581549c23c39fa8ba226ad99bfc050a31
SHA1ca468231f74c7941c29d6901672b7eb045f31d64
SHA25631cb21f3ac8817797738e63b53eef3f4836d4faf5f0ef827ef00f42200dee7e2
SHA51209e5ed3c62baee3e06316ce57bd7e8b7e20d872289c073f1549bcc85b85d3f3ee622f248763917484ec4468880cc84515837f1c1301c1379d2b2e94f36c4f488
-
Filesize
232KB
MD59dee893e396c487bf7372e5576e4b3ed
SHA1868c3d2da2e81eb2bd1f9300ea2c94c2c1f417db
SHA25603e01d09b9878474c0229fc113332c07a240a06ae41c1363e9c86262682c0aaa
SHA5120c2ef74ad24e557bd353ac35a431f2ad2588137bb8142f491e5a3b9ef144658347e38b944872f6802d0ff896adaca19fccc1f50c3d5d2155df97b4def7f110ef
-
Filesize
86B
MD5961e3604f228b0d10541ebf921500c86
SHA16e00570d9f78d9cfebe67d4da5efe546543949a7
SHA256f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed
SHA512535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472
-
Filesize
152B
MD5a28bb0d36049e72d00393056dce10a26
SHA1c753387b64cc15c0efc80084da393acdb4fc01d0
SHA256684d797e28b7fd86af84bfb217d190e4f5e03d92092d988a6091b2c7bbbd67c1
SHA51220940fee33aa2194c36a3db92d4fd314ce7eacc2aa745abec62aa031c2a53ba4ff89f2568626e7bd2536090175f8d045c3bb52c5faa5ecc8da8410ab5fc519f7
-
Filesize
152B
MD5554d6d27186fa7d6762d95dde7a17584
SHA193ea7b20b8fae384cf0be0d65e4295097112fdca
SHA2562fa6145571e1f1ece9850a1ac94661213d3e0d82f1cef7ac1286ff6b2c2017cb
SHA51257d9008ccabc315bd0e829b19fe91e24bab6ef20bcfab651b937b0f38eec840b58d0aed092a3bbedd2d6a95d5c150372a1e51087572de55672172adc1fc468a7
-
Filesize
152B
MD5b01be3ea3b6721e56c5435f4aa038cbb
SHA12c21a031cefa8996de1338ced671bf97cb35efe5
SHA25610a459d7b410fc54e547cdc7add584e3fb07f13c7885ab1dbb8b124fef015e9a
SHA5122b168c10314490869abfe114af170cb3469fdc1011f2d19abc508e42e3902d49f313d00afcc09cafabb5436830e7d5a32004a1152a48317a7b413f55482094c3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\087b6d10-21a0-4b76-a620-29267b7bd92c.tmp
Filesize5KB
MD5de45bff3cdec175deb9233f692a7976d
SHA18d4eb3ff07def9961d264280110359950ba07194
SHA256ec3eb1344510b47abd59cd4c3b7d3d0e6453ca164de71779f5a6553177f79a3c
SHA512ed80d2f7cbf104ec36636abdc9a53b4d4cbfb76a5a7528fcd2101ec0c3978ac59709e59807273df76036b6a977c3a14a35b93f0d44e60d65acd9b75e02a11ccc
-
Filesize
5KB
MD53df3f4fcddfb542e8430d3655826dc44
SHA1ba27470273d81fe0db08653f14f38aebe24fef0a
SHA256aa6439905b3706eb61d5c0692bdb1712cb1608693e40e3e1a66246c90cc893ec
SHA51202d05a167e2acbae28a6d170df1521ece4db55f3cb2db2679aede93138b7bf0abfaf17aeff1d314002026eed3189ccff5536d117ede6044ac342f1c4c56a5a7d
-
Filesize
5KB
MD5888173291f04dba82cb807d63b1f8263
SHA13a721f966b907b58d1ecebcc96ea1f4701b43c6d
SHA2563d9f363ec60b4647c9b4556739e95e97c8ef328d8d626f6ce8782d4552424cb6
SHA512a7a3b686c459f0417f161ac3e261075eb583c40c4fd77e08ca615cf3572b59847da3cee5cf666284cd8ee618ef220aa73d16daf8d4d159b6035041f79e298897
-
Filesize
5KB
MD571f58cf7563a8eb096ba84c9c218d5b9
SHA1fb869427119987270670c62616ebacf04a5851c6
SHA256b22624e2a570a9c26760b8bed70e72997370fbc003a13f27a9de89c732260488
SHA512aac5400d9b1ea5f53d4337ad4ccac0711b8b607305c56d0f3ef9f3dc91df71f856699eb9f20653c5f9314a32cc4a03dc6d621b42361c2628bfc9e85cb00f9046
-
Filesize
5KB
MD5f13f47e67916f4b7f2d61b65b95f34ad
SHA12567255b68b4784dd916f795f0201752b8d290c4
SHA256884dcf365d538a8846450537684fe9f61ba6694775d41100cf33872364a189af
SHA5128b743e48a5c072f055fc08708c20dc0ca4f47ce0e8ffce71914014d06fa428f9644f2f9e3902f9da92c99d12e03db5a5f8c0d490e2365042c40462557280b18c
-
Filesize
6KB
MD5b1adb98e2b741449fb165894cd10d01c
SHA137833ff164f2f657f7d75fc91bbd2932db67fdda
SHA256b6ce07e626bd7c6368b43e0e9f1ab63698366ec2f47199026d8eb966d9910438
SHA512ffb6861101e628c155776537f4a385c2eec0a2dd36e61bafc6f536b58f9e93df855e4fe832daad424c821e4531b17cb2f2fec4fb11b2eef444f9fdaf5a0a800f
-
Filesize
11B
MD5b29bcf9cd0e55f93000b4bb265a9810b
SHA1e662b8c98bd5eced29495dbe2a8f1930e3f714b8
SHA256f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4
SHA512e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011
-
Filesize
10KB
MD59ec2a0fb2f88429238a8a36d21b96447
SHA1c20937f64a11ea3099b25f0432a860b7e5300807
SHA2562e6fc4e924bde18067caccfad20df22e06dbe0d12838b14dfe69fad8c5f39f77
SHA512887728dfc51482728d5f53c8a54f725fe3f9a0d70d96426b296043d386f06a4b4c037ea82799ca8f956313ee523174bd2c032594a419a9fdd4ed5d8b7cb9a342
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir2968_1306068921\27333311-e4b2-43b0-834b-e55dcb70af8f.tmp
Filesize132KB
MD5da75bb05d10acc967eecaac040d3d733
SHA195c08e067df713af8992db113f7e9aec84f17181
SHA25633ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2
SHA51256533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir2968_1306068921\CRX_INSTALL\_locales\en_CA\messages.json
Filesize711B
MD5558659936250e03cc14b60ebf648aa09
SHA132f1ce0361bbfdff11e2ffd53d3ae88a8b81a825
SHA2562445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b
SHA5121632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727
-
Filesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98
-
Filesize
1.3MB
MD5d5385fee466644e901e083397bc43e68
SHA121c93293c172c6f7f8db95cfb8075b0710ea62b3
SHA256d40bf69fa85a3a178bd29f371880c7a8b15bc2b81368ff0695f9f8a798f0d1fd
SHA5121b26331e2783d3925ddfc2f163de6a270025e0ad4e24d30f5e4876797ec2e495005d9c8668261c91b55d551d554646eda02e3a97501efecbc88b8647d5263e8e
-
Filesize
128KB
MD564d183ad524dfcd10a7c816fbca3333d
SHA15a180d5c1f42a0deaf475b7390755b3c0ecc951c
SHA2565a666340f42f0f985772024d90a83d15c9a241a68d58205cd4afbb1a31f1621a
SHA5123cab59dff09981f49d1070fba06a781439bb1ea2dae0cfcb937d9875bbe9e866be2c951cfc6a3ca4a92aea79dd3e9c4792a765f5a06f230a57dabcab2f0b3c1e
-
Filesize
1KB
MD580d4d4c896fcad74a4d211874305a9b7
SHA1f869ea7bf79246156f0b596dce410a79ad4fc979
SHA256a7f882784498257e2df60128e44031380934650503b86d3391ed4a841668d894
SHA51275a3e66ead67e0eb937e7bc8ad5149736daaeab102815aef108ff78d4764a590cd58cb7fccade5db696dc4343b2b947e0945a1ffc86bad0cde7678687761f189