hxxp://google[.]de

Resubmissions

19/11/2024, 15:48

241119-s8wv2sxngt 3

19/11/2024, 15:46

241119-s7qyeaxgma 4

19/11/2024, 15:45

241119-s7hl2aspbq 4

19/11/2024, 15:42

241119-s5n12aspak 7

Analysis

max time kernel
149s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
19/11/2024, 15:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.de

Score

7^/10

defense_evasion discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4660	UltraUXThemePatcher_4.4.3.exe

Loads dropped DLL 10 IoCs

pid	Process
4660	UltraUXThemePatcher_4.4.3.exe
4660	UltraUXThemePatcher_4.4.3.exe
4660	UltraUXThemePatcher_4.4.3.exe
4660	UltraUXThemePatcher_4.4.3.exe
4660	UltraUXThemePatcher_4.4.3.exe
4660	UltraUXThemePatcher_4.4.3.exe
4660	UltraUXThemePatcher_4.4.3.exe
4660	UltraUXThemePatcher_4.4.3.exe
4660	UltraUXThemePatcher_4.4.3.exe
4660	UltraUXThemePatcher_4.4.3.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\UltraUXThemePatcher_4.4.3.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	UltraUXThemePatcher_4.4.3.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133765045817279592"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3870231897-2573482396-1083937135-1000\{20E0C65D-C056-4307-8CDF-6BAC6724733B}	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\UltraUXThemePatcher_4.4.3.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
5184	chrome.exe
5184	chrome.exe
5392	chrome.exe
5392	chrome.exe
5392	chrome.exe
5392	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
5184	chrome.exe
5184	chrome.exe
5184	chrome.exe
5184	chrome.exe
5184	chrome.exe
5184	chrome.exe
5184	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5184	chrome.exe
Token: SeCreatePagefilePrivilege	5184	chrome.exe
Token: SeShutdownPrivilege	5184	chrome.exe
Token: SeCreatePagefilePrivilege	5184	chrome.exe
Token: SeShutdownPrivilege	5184	chrome.exe
Token: SeCreatePagefilePrivilege	5184	chrome.exe
Token: SeShutdownPrivilege	5184	chrome.exe
Token: SeCreatePagefilePrivilege	5184	chrome.exe
Token: SeShutdownPrivilege	5184	chrome.exe
Token: SeCreatePagefilePrivilege	5184	chrome.exe
Token: SeShutdownPrivilege	5184	chrome.exe
Token: SeCreatePagefilePrivilege	5184	chrome.exe
Token: SeShutdownPrivilege	5184	chrome.exe
Token: SeCreatePagefilePrivilege	5184	chrome.exe
Token: SeShutdownPrivilege	5184	chrome.exe
Token: SeCreatePagefilePrivilege	5184	chrome.exe
Token: SeShutdownPrivilege	5184	chrome.exe
Token: SeCreatePagefilePrivilege	5184	chrome.exe
Token: SeShutdownPrivilege	5184	chrome.exe
Token: SeCreatePagefilePrivilege	5184	chrome.exe
Token: SeShutdownPrivilege	5184	chrome.exe
Token: SeCreatePagefilePrivilege	5184	chrome.exe
Token: SeShutdownPrivilege	5184	chrome.exe
Token: SeCreatePagefilePrivilege	5184	chrome.exe
Token: SeShutdownPrivilege	5184	chrome.exe
Token: SeCreatePagefilePrivilege	5184	chrome.exe
Token: SeShutdownPrivilege	5184	chrome.exe
Token: SeCreatePagefilePrivilege	5184	chrome.exe
Token: SeShutdownPrivilege	5184	chrome.exe
Token: SeCreatePagefilePrivilege	5184	chrome.exe
Token: SeShutdownPrivilege	5184	chrome.exe
Token: SeCreatePagefilePrivilege	5184	chrome.exe
Token: SeShutdownPrivilege	5184	chrome.exe
Token: SeCreatePagefilePrivilege	5184	chrome.exe
Token: SeShutdownPrivilege	5184	chrome.exe
Token: SeCreatePagefilePrivilege	5184	chrome.exe
Token: SeShutdownPrivilege	5184	chrome.exe
Token: SeCreatePagefilePrivilege	5184	chrome.exe
Token: SeShutdownPrivilege	5184	chrome.exe
Token: SeCreatePagefilePrivilege	5184	chrome.exe
Token: SeShutdownPrivilege	5184	chrome.exe
Token: SeCreatePagefilePrivilege	5184	chrome.exe
Token: SeShutdownPrivilege	5184	chrome.exe
Token: SeCreatePagefilePrivilege	5184	chrome.exe
Token: SeShutdownPrivilege	5184	chrome.exe
Token: SeCreatePagefilePrivilege	5184	chrome.exe
Token: SeShutdownPrivilege	5184	chrome.exe
Token: SeCreatePagefilePrivilege	5184	chrome.exe
Token: SeShutdownPrivilege	5184	chrome.exe
Token: SeCreatePagefilePrivilege	5184	chrome.exe
Token: SeShutdownPrivilege	5184	chrome.exe
Token: SeCreatePagefilePrivilege	5184	chrome.exe
Token: SeShutdownPrivilege	5184	chrome.exe
Token: SeCreatePagefilePrivilege	5184	chrome.exe
Token: SeShutdownPrivilege	5184	chrome.exe
Token: SeCreatePagefilePrivilege	5184	chrome.exe
Token: SeShutdownPrivilege	5184	chrome.exe
Token: SeCreatePagefilePrivilege	5184	chrome.exe
Token: SeShutdownPrivilege	5184	chrome.exe
Token: SeCreatePagefilePrivilege	5184	chrome.exe
Token: SeShutdownPrivilege	5184	chrome.exe
Token: SeCreatePagefilePrivilege	5184	chrome.exe
Token: SeShutdownPrivilege	5184	chrome.exe
Token: SeCreatePagefilePrivilege	5184	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
5184	chrome.exe
5184	chrome.exe
5184	chrome.exe
5184	chrome.exe
5184	chrome.exe
5184	chrome.exe
5184	chrome.exe
5184	chrome.exe
5184	chrome.exe
5184	chrome.exe
5184	chrome.exe
5184	chrome.exe
5184	chrome.exe
5184	chrome.exe
5184	chrome.exe
5184	chrome.exe
5184	chrome.exe
5184	chrome.exe
5184	chrome.exe
5184	chrome.exe
5184	chrome.exe
5184	chrome.exe
5184	chrome.exe
5184	chrome.exe
5184	chrome.exe
5184	chrome.exe
5184	chrome.exe
5184	chrome.exe
5184	chrome.exe
5184	chrome.exe
5184	chrome.exe
5184	chrome.exe
5184	chrome.exe
5184	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
5184	chrome.exe
5184	chrome.exe
5184	chrome.exe
5184	chrome.exe
5184	chrome.exe
5184	chrome.exe
5184	chrome.exe
5184	chrome.exe
5184	chrome.exe
5184	chrome.exe
5184	chrome.exe
5184	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4660	UltraUXThemePatcher_4.4.3.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5184 wrote to memory of 4232	5184	chrome.exe	79
PID 5184 wrote to memory of 4232	5184	chrome.exe	79
PID 5184 wrote to memory of 2672	5184	chrome.exe	81
PID 5184 wrote to memory of 2672	5184	chrome.exe	81
PID 5184 wrote to memory of 2672	5184	chrome.exe	81
PID 5184 wrote to memory of 2672	5184	chrome.exe	81
PID 5184 wrote to memory of 2672	5184	chrome.exe	81
PID 5184 wrote to memory of 2672	5184	chrome.exe	81
PID 5184 wrote to memory of 2672	5184	chrome.exe	81
PID 5184 wrote to memory of 2672	5184	chrome.exe	81
PID 5184 wrote to memory of 2672	5184	chrome.exe	81
PID 5184 wrote to memory of 2672	5184	chrome.exe	81
PID 5184 wrote to memory of 2672	5184	chrome.exe	81
PID 5184 wrote to memory of 2672	5184	chrome.exe	81
PID 5184 wrote to memory of 2672	5184	chrome.exe	81
PID 5184 wrote to memory of 2672	5184	chrome.exe	81
PID 5184 wrote to memory of 2672	5184	chrome.exe	81
PID 5184 wrote to memory of 2672	5184	chrome.exe	81
PID 5184 wrote to memory of 2672	5184	chrome.exe	81
PID 5184 wrote to memory of 2672	5184	chrome.exe	81
PID 5184 wrote to memory of 2672	5184	chrome.exe	81
PID 5184 wrote to memory of 2672	5184	chrome.exe	81
PID 5184 wrote to memory of 2672	5184	chrome.exe	81
PID 5184 wrote to memory of 2672	5184	chrome.exe	81
PID 5184 wrote to memory of 2672	5184	chrome.exe	81
PID 5184 wrote to memory of 2672	5184	chrome.exe	81
PID 5184 wrote to memory of 2672	5184	chrome.exe	81
PID 5184 wrote to memory of 2672	5184	chrome.exe	81
PID 5184 wrote to memory of 2672	5184	chrome.exe	81
PID 5184 wrote to memory of 2672	5184	chrome.exe	81
PID 5184 wrote to memory of 2672	5184	chrome.exe	81
PID 5184 wrote to memory of 2672	5184	chrome.exe	81
PID 5184 wrote to memory of 3348	5184	chrome.exe	82
PID 5184 wrote to memory of 3348	5184	chrome.exe	82
PID 5184 wrote to memory of 3748	5184	chrome.exe	83
PID 5184 wrote to memory of 3748	5184	chrome.exe	83
PID 5184 wrote to memory of 3748	5184	chrome.exe	83
PID 5184 wrote to memory of 3748	5184	chrome.exe	83
PID 5184 wrote to memory of 3748	5184	chrome.exe	83
PID 5184 wrote to memory of 3748	5184	chrome.exe	83
PID 5184 wrote to memory of 3748	5184	chrome.exe	83
PID 5184 wrote to memory of 3748	5184	chrome.exe	83
PID 5184 wrote to memory of 3748	5184	chrome.exe	83
PID 5184 wrote to memory of 3748	5184	chrome.exe	83
PID 5184 wrote to memory of 3748	5184	chrome.exe	83
PID 5184 wrote to memory of 3748	5184	chrome.exe	83
PID 5184 wrote to memory of 3748	5184	chrome.exe	83
PID 5184 wrote to memory of 3748	5184	chrome.exe	83
PID 5184 wrote to memory of 3748	5184	chrome.exe	83
PID 5184 wrote to memory of 3748	5184	chrome.exe	83
PID 5184 wrote to memory of 3748	5184	chrome.exe	83
PID 5184 wrote to memory of 3748	5184	chrome.exe	83
PID 5184 wrote to memory of 3748	5184	chrome.exe	83
PID 5184 wrote to memory of 3748	5184	chrome.exe	83
PID 5184 wrote to memory of 3748	5184	chrome.exe	83
PID 5184 wrote to memory of 3748	5184	chrome.exe	83
PID 5184 wrote to memory of 3748	5184	chrome.exe	83
PID 5184 wrote to memory of 3748	5184	chrome.exe	83
PID 5184 wrote to memory of 3748	5184	chrome.exe	83
PID 5184 wrote to memory of 3748	5184	chrome.exe	83
PID 5184 wrote to memory of 3748	5184	chrome.exe	83
PID 5184 wrote to memory of 3748	5184	chrome.exe	83
PID 5184 wrote to memory of 3748	5184	chrome.exe	83
PID 5184 wrote to memory of 3748	5184	chrome.exe	83

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://google.de
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffc5becc40,0x7fffc5becc4c,0x7fffc5becc58
  2⤵
  PID:4232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1816,i,18360655370168216365,16453025100535358786,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1812 /prefetch:2
  2⤵
  PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2068,i,18360655370168216365,16453025100535358786,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2092 /prefetch:3
  2⤵
  PID:3348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2164,i,18360655370168216365,16453025100535358786,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2392 /prefetch:8
  2⤵
  PID:3748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2976,i,18360655370168216365,16453025100535358786,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3012 /prefetch:1
  2⤵
  PID:2332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2980,i,18360655370168216365,16453025100535358786,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3104 /prefetch:1
  2⤵
  PID:4172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4364,i,18360655370168216365,16453025100535358786,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4272 /prefetch:1
  2⤵
  PID:3360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4636,i,18360655370168216365,16453025100535358786,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3284 /prefetch:8
  2⤵
  PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4264,i,18360655370168216365,16453025100535358786,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4896 /prefetch:1
  2⤵
  PID:1292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4824,i,18360655370168216365,16453025100535358786,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4276 /prefetch:1
  2⤵
  PID:1160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4372,i,18360655370168216365,16453025100535358786,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3144 /prefetch:8
  2⤵
  PID:4712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5092,i,18360655370168216365,16453025100535358786,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5096 /prefetch:8
  2⤵
  - Modifies registry class
  PID:5912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5184,i,18360655370168216365,16453025100535358786,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  PID:404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5108,i,18360655370168216365,16453025100535358786,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5096 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3728,i,18360655370168216365,16453025100535358786,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:2660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5412,i,18360655370168216365,16453025100535358786,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:3312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3788,i,18360655370168216365,16453025100535358786,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5628 /prefetch:8
  2⤵
  PID:3204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5508,i,18360655370168216365,16453025100535358786,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5760 /prefetch:8
  2⤵
  PID:5144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5876,i,18360655370168216365,16453025100535358786,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5880 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:1852
- C:\Users\Admin\Downloads\UltraUXThemePatcher_4.4.3.exe
  "C:\Users\Admin\Downloads\UltraUXThemePatcher_4.4.3.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:4660

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5852

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1880

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E4 0x00000000000004B8
1⤵
PID:5956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
4832bed61463c8247a1fdfdfde8ffadc

SHA1
fd573f09c9b25ed61b1d6793ebad091443c5b260

SHA256
378c0a259fa95e415b6bdf29e87cd418238b135330edbc93bce1ce1c97588ce3

SHA512
f84506614167697676e3c4061b773c67a780e1c7acc86e11efe0a2508ae48ecee44d13c58c796ea232f1d29b81cdb744df329c830ac78acacec092d6b36d7379

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
e579aca9a74ae76669750d8879e16bf3

SHA1
0b8f462b46ec2b2dbaa728bea79d611411bae752

SHA256
6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf

SHA512
df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
696B

MD5
72febd21846d840b42f6f285e7f70b79

SHA1
ecb445a5e3df920ba79afef89097336a7813ec8b

SHA256
bfa0e58b8e0b0e27705b79821d381ea9f1781fcbc6a8408b8ef4cd2e5336a7bc

SHA512
6fd376420a3002e65be03201e5f7135cdcf934d2bcb4753f131bdb286141fa0d9e3b4124c6dd3678f54279b8e3aa66b0a28b92471910235481e5d70105dee36a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
0aa85069159c2d0a5035afd561adbc68

SHA1
2854d40109d74bd4d2572ce39b2c4ea7a5d19117

SHA256
ae23f75e2ab14423f76e5b8231504360bf140d5bde77b08a04dd76e3619a491b

SHA512
f3cab7b9096800bae3a9e53bef6716a3dd01f61287fe106c79424916d283ace26b3b53d341c9045bbd767e01cc9ba625f161d44df032dd01a1e03c1cb7318c3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
8db4da505440330ebee2410b21d135e1

SHA1
63073febb0898684e9a137b4c158a941b808f9bb

SHA256
68ea579db3c571f1566da278ffacf7ec2fa3790cf0500ca8353b57046c2273f6

SHA512
96636b6c89ee7762610d8db3b7e28c3164aae8ec17745e99dca101fb83ca8e454626e8e8379a9bfac80927d388b9357260b1591ffbd8d87d6533995d8ed2d382

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
a0d5cd90dc1021d753a69934ee98aa08

SHA1
4b6ee61458cf74be049661c9cc04bebad7006cc8

SHA256
b4a81ab0aaa58ee384b94875c3aabae56e1bc1af14c53b02790fd2c1c5b69ef7

SHA512
6d88505745b770ff45639682b6d1ee063b1e4c465103e8ba2fa27d0add528b28096dee59cd36a45fcc6db4f8ebb0da8bc3b03b2bc63206cdda093051de9c05be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
ffc8045f7cf9fd19a14f756d400014c9

SHA1
64b16be01e2a280a160e57fa77384830cee0a8f2

SHA256
0278f69c55870bf38d2219132a333a0a46aa34f3b8af01beba07d24e546d3a58

SHA512
0e562622b558a2e62d9f129d11b9a773e7fcbb1ddab9829d78c6a3c02c972d6d41df221d1f2127555d2ae35e35a3ff5acf83fee341f4ead36c27f32b1f28efab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
851B

MD5
aa1df343f932aa956621ca02d78ff9ab

SHA1
4d769e5ba765b8eb0ea9aa89a8d0cf5d6e584053

SHA256
241cb4de1d2cd9019fd3d778feb1bde236f14a61964c0df810c1da08511c4042

SHA512
f4e6d7aee0214a18a0e9e6146cbfa86c90546af53d62c4f3a21fcdcc40fcf01b0bf6d153e607f2d7087c7be8c3f2e883fd3097e16231d18dd106823abfeabd76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1020B

MD5
eb177737729117cb1f32fbbea25179dc

SHA1
3af5a11e8ffd7bbcfbb29573de7a393e93433d9e

SHA256
cdf6cb1dc89baec4d5b6bf7be83d8e6aa5a5c3bcf238095f7e34d44a53f82e43

SHA512
932ba5efce1fc01b0234eef8b39f45068b95f28af98cfbe9e8d4eb361033d3964865289667f97f2e574b28378374a789dca82e20a7406f2434fc8fbd09767d61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a1d4a49fdafdcdd76bb5b9b34856ab6a

SHA1
53f5c46b563471c0ca3660f41be2b6283f4f1773

SHA256
4e8c00f1a5689b18c843b2f91cb6f6e360e2cae022eec7e9257676d097ba9bab

SHA512
8596f56614d0e95afb1355bdd0f48b7974e1fd2a26858a83ac811b7e42d21a95b05da36c1321351902f49d553ab667c1bb19fc4260653c2d398174a7908fecb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
521ba404d808287fd77507a555e36af1

SHA1
93fb37afe38624d97fff6a52d5139ff348644006

SHA256
6d265b596b26225cf58f2b85071e63585ee2fa5c99ce82c6099dedaddedac9e8

SHA512
6b297c603f1f98271dfa68c69fdd37016d998994af10595ac7375e708e48e55dfbee7b51c49ff3f72c95238cc46731f24623c854b21b3fa448ca9001e92942b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d4106ca1336dc52ace7c62ac436125b8

SHA1
99028d6d149661b390702aa1473ea1735d7d91a7

SHA256
dc7a37fab718ee60d664a42b90aad4fd85e3b70d02848619588b2085d9bad673

SHA512
118f0673da1cc02bb02ee62caa4fae828553ff22ce1d7c900bee7abbfdbefccce83ac908a62a030e576bce09890b37028d4eae00721f6d3e11bef634e8dae3c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
baeb75df8013948b696ff80cb426436d

SHA1
baa876937bfc498686fa3fe161d4f1382a419b80

SHA256
91931f87c4c698c59e7eb0bf53c6b57262319043c1b599f4029000b39e318b65

SHA512
c9e022a89e5989b0a9d4cba45df5b5f793716062c4033a5e69d827f9a1df1414ecdde784624760493d3cdfa84813c81b91e3fe7c50cdeabaf11e52fe7aeb4e0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a5702e89d09159baa145478fd424a3a4

SHA1
61a5cbd7167ba35163eb8847315bd616f3de3a99

SHA256
847ca05331c3265f0310070d460fb39b49b882d6ce74ab97580793d39bec4701

SHA512
a404ccaab6e0dd56478b250e19b6b4f4210eaf9d96e28b096355ecf758005f5546941872825c7447ea5c6e03c5c444a50d48c1a51f5c96ec7d8c1423119a23e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2efd929e8b55f9b4e2b516eade4e3011

SHA1
2b53d52575a928de1ea2a46a33ab64e0e2c721c9

SHA256
12c5d4552f63f2c400ca733b6aebda07fc562f9c0faf2299115c4caf90a570de

SHA512
07bda8140601158dcc01dce3ae23299de6aa1f5c224f3bdbe0bf3f7d33ef0bf81fff7d20c04b23db826d8094e013a9f1582d183e50a52a6c6957cd80985e49f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b6985d91a9b3edefd5237e11101344aa

SHA1
1dfca4c5e916784f8b6b61c15e7a3e4308de48dd

SHA256
783dd0e28e30c9bb2f8165dc2e594f88fee06c9aa0ae9087cc9be8c619f80000

SHA512
94b2e3065f37cb1ce58701456c508312343b11df36d5528d14c7a18d954155e9c1d1c0155cf91b5f72a92ec139105c6c5a7315d5a98b064a1fed0af35dccd958

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d993136f13814ad435b1fcf0d10b72ae

SHA1
3d8331750845c50194d020ae24da2c0a04a170a9

SHA256
ae889087882554e800a057766de114323f2ebf3ff2df1323ea87c0b879a13c2f

SHA512
4a5a679aa65f3ece601fceb2508b37e4b89ea810abbf657277f9ba92f4d498f3b012e35275f2c71a01a4e9687bf4e52b9664d80c66b09d987cbfed672745fdf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f94a756639b6c8b7fb3535fdcec8f6fd

SHA1
15c20856ee519d66269bb2d074ad1d5f5c194ee3

SHA256
b8349c072eed6413fde7f06d5e35d01be73cc3425e895d0140b470d52b522674

SHA512
51abd1d180d5b744ff8ecc2a4039cafc2b6e2639fb8a2ee8da6521cf86eb2d16d81b6b6e78b2076d26acd357efdc9d735725ea6bb5d1a35e09907d70c846fe99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
450656bcf6f70527d0dd909a511162f5

SHA1
2350454ae5498d79240720c0fc603b97412a15c9

SHA256
c278d926eb72a3ccd2d3f2aeb9981a8f548b6473ff507cdf73e027ece1e5f4ac

SHA512
db1cd73588099b01676845a89d87b7a2be66f1bc05e2f3b4cb7ba87ce9fa721170b4a318d40956c0d13e00a3f826172d237fe0cd651d87b5ec8d8d36978e1273

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
3f6072d2852be5981bd733f66363563e

SHA1
49748aba28f588a02c5d54ced13313a7dc5f7049

SHA256
07725b7c02f146f33494f5d05f4d9c688a51481b49f73f3021ed0cd85340699a

SHA512
d35435a5a2870039868d2a9c7074110225ea4da71f3c1c585ae51a82d4d31aeff1610f2f5c678429e002231b0c70d1764d469063d043c0f8da0eedcd61629d23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5927f1.TMP

Filesize
119B

MD5
ecf3a9c6d2dc24d66cce6394074a5200

SHA1
cf910d3ff1a9a5f808c5fdc560dd80923e73b933

SHA256
23b2d48044b6a0b4f56e5127c5fb93649516ec9d869ad54d266670b2f2353392

SHA512
44d847df7cca99e89348ce04857f7c3a53e8804a2160295bfc56ae295c5885070c079a7ae1bc4634c239ce34d4b38f8489538ebbba06bcfbc9af6334e8a1b28f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
911a0a68b53150962461a284d502dd1b

SHA1
64f758ae72c31b086d436ad936abac2910a28559

SHA256
889b0461a4ed1a5f4779b893abd0e44985114e2b2e5d23f30adfc5a8edd56a47

SHA512
2b826aa46ed1ff930f5fb47abe679c64fa7b72ec362237a9ae74d6b98f27d1ea5c9ec804cf6a41c1912a8c9791b634a8155f168cb6494f4420ca58dc96806027

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Shortcuts Menu Icons\Monochrome\1\512.png

Filesize
10KB

MD5
529a0ad2f85dff6370e98e206ecb6ef9

SHA1
7a4ff97f02962afeca94f1815168f41ba54b0691

SHA256
31db550eb9c0d9afd316dc85cdfd832510e2c48e7d37d4a610c175667a4599c6

SHA512
d00e2d741a0a6321c92a4aab632f8f3bafd33c0e2875f37868e195ed5e7200a647b4c83358edcef5fc7acbc5c57f70410903f39eac76e23e88a342ac5c9c21cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir5184_1669693809\Shortcuts Menu Icons\Monochrome\0\512.png

Filesize
2KB

MD5
206fd9669027c437a36fbf7d73657db7

SHA1
8dee68de4deac72e86bbb28b8e5a915df3b5f3a5

SHA256
0d17a989f42bc129aca8e755871a7025acb6292ce06ca2437e95bedbc328fa18

SHA512
2c89878ec8466edf1f214d918aefc6a9b3de46d06ffacff4fdb85566560e94068601b1e4377d9d2eabefdc1c7f09eb46b00cf4545e377cc84a69edf8e57e48b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\c7b9e006-1b1f-4ddd-bad2-ff02a8d4bd0d.tmp

Filesize
9KB

MD5
468cafc883ad5a32fb326d93b320b68d

SHA1
a8670f3abd6739e06dcca5422b278922176191da

SHA256
f19bd70b506ddc5d368d554910fb778cba344f97418265ecc7cd5836ea13c970

SHA512
a34d517c7b2120d5fba5e9298cb3d188c987430815d6bc6faf3f429d47acf9b6cbfcb9e280142c9712784c43ec4a723300b030ae121d35dae05e371beb6ab5c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
4197a041037b77f718fced87d4731594

SHA1
dce71c4e3a64775ceeb91d9f3e64e04ae45389bc

SHA256
7da2945c0e341873d5222d3767c0a99261a18a83a87b95ff9cbfdc03a2cf1543

SHA512
5bbe4f05e99c923edbe825179da7104b5107fe1ff094934de72f57d80c5c88802c41a58102583d0864355e0604583139a85b288f64758965654787cbf43bd94b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
08221c63ec8789bf006a482fbff6ceea

SHA1
1550d6ef1ce51e7c7a9cc9f8ba104a1a7419530a

SHA256
7e56d78af6a6182d0a653a97f5b38c0be2eb7c2d8cf6a23a7cdd5b1e1b69406a

SHA512
d2de7aeab894cc6b8f7d908e98d06b531630991e059aefc447007312ea02c80ce2ffccd0cf555c107fd239221ad53691cdef60c879111f5f46d22789d8d2aa99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
fb0d646c1b38e316cfc3119573939fb3

SHA1
de3ef67ae347c72a208abb62d725746e20ca507f

SHA256
2e09209b2ce1990895be0042ad3ede3d2769fb51963c7adbb225a8e1a112a2af

SHA512
68f776481885ecdd7ea36f8193ab8b57d4bc65a5d096928b85d13c35d09c083c03791fab056f784528588635d2d4e109f84e26a91412c4c66289fea52b10b5b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswD162.tmp\System.dll

Filesize
12KB

MD5
192639861e3dc2dc5c08bb8f8c7260d5

SHA1
58d30e460609e22fa0098bc27d928b689ef9af78

SHA256
23d618a0293c78ce00f7c6e6dd8b8923621da7dd1f63a070163ef4c0ec3033d6

SHA512
6e573d8b2ef6ed719e271fd0b2fd9cd451f61fc9a9459330108d6d7a65a0f64016303318cad787aa1d5334ba670d8f1c7c13074e1be550b4a316963ecc465cdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswD162.tmp\nsDialogs.dll

Filesize
9KB

MD5
b7d61f3f56abf7b7ff0d4e7da3ad783d

SHA1
15ab5219c0e77fd9652bc62ff390b8e6846c8e3e

SHA256
89a82c4849c21dfe765052681e1fad02d2d7b13c8b5075880c52423dca72a912

SHA512
6467c0de680fadb8078bdaa0d560d2b228f5a22d4d8358a1c7d564c6ebceface5d377b870eaf8985fbee727001da569867554154d568e3b37f674096bbafafb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswD162.tmp\nsisFile.dll

Filesize
5KB

MD5
b7d0d765c151d235165823b48554e442

SHA1
fe530e6c6fd60392d4ce611b21ec9daad3f1bc84

SHA256
a820a32e5ce89e3e336afc71aa1bf42a357ec542c2bc6e50c6255c1333812587

SHA512
5d801c24dfa1b7326f72f9c0acf3a330ef0cc3fce25ceee200bb12eab8c2b653025602e610e0cecda1e7cbd851ce1b66252531220b557a378ddb0b4a1741fa66

Download Submit
C:\Users\Admin\Downloads\UltraUXThemePatcher_4.4.3.exe

Filesize
159KB

MD5
8992718c128b589e19216ef1609c50c3

SHA1
dee042937934ae88ba0adb59752ef5ed13edb0ad

SHA256
431675fcbb448567fafc83fee2b93c620ab7a7f5d3d7a7c7b922fec52d58deb2

SHA512
b517d678e8590fc100a9aae590f6d37d440452cfab97397a8b62f592a164598cbc0f5a21f65bab22e3c623faeff205d1b137d1f6d104a4792b472682767d65c9

Download Submit
C:\Users\Admin\Downloads\UltraUXThemePatcher_4.4.3.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit