51bd245f8cb24c624674cd2bebcad4152d83273dab4d1ee7d982e74a0548890b

Analysis

max time kernel
123s
max time network
148s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
24-11-2024 20:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

UpdateCazyAndtwce.exe
Size

15.6MB
MD5

76ed914a265f60ff93751afe02cf35a4
SHA1

4f8ea583e5999faaec38be4c66ff4849fcf715c6
SHA256

51bd245f8cb24c624674cd2bebcad4152d83273dab4d1ee7d982e74a0548890b
SHA512

83135f8b040b68cafb896c4624bd66be1ae98857907b9817701d46952d4be9aaf7ad1ab3754995363bb5192fa2c669c26f526cafc6c487b061c2edcceebde6ac
SSDEEP

393216:QAiUmWQEnjaa4cqmAa4ICSSF1a0HPRV8gtFlSiZh5ZlZ:bhnGhMAXSmHXFA+

Score

9^/10

discovery evasion themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Processes:

UpdateCazyAndtwce.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	UpdateCazyAndtwce.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

UpdateCazyAndtwce.exe

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	UpdateCazyAndtwce.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	UpdateCazyAndtwce.exe

Themida packer 3 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
behavioral1/memory/1404-7-0x0000000000D00000-0x0000000002980000-memory.dmp	themida
behavioral1/memory/1404-8-0x0000000000D00000-0x0000000002980000-memory.dmp	themida
behavioral1/memory/1404-19-0x0000000000D00000-0x0000000002980000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

UpdateCazyAndtwce.exe

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	UpdateCazyAndtwce.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

Processes:

flow	ioc
21	discord.com
18	discord.com
19	discord.com
20	discord.com

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes:

UpdateCazyAndtwce.exe

pid	Process
1404	UpdateCazyAndtwce.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

IEXPLORE.EXE

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 39 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{38FA7D11-AAA3-11EF-A322-62CAC36041A9} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\discord.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b3e8f15f634dfc43bfa5c3a2648d88c400000000020000000000106600000001000020000000547c6a86d0fb259793a386521164efe25954c4de15abc5da45e42501b4803921000000000e8000000002000020000000976af4de5cbef658670d816130c79f67a11e3930b6ab377731797fb08f38a3299000000075a990f38be1faca988397cc23bf51b50e3a65871ab65147da27070d178619769299c9a858f715af8694c2aa0cbc4235daf1982bfa6c6de1516c5d78f22e7909a1e02dfd907c18999d2a0a326f0bf7c722018cf233f5d74f3c5956ec2cb81df5d9c782ab283b9b8fe05f222d1cac9ca0798c207ca0d8baa96052dc6cb178aa4dbc946db154c8d7af5d70b267c9678804400000003b213d06f65838047a56cec9041f533c1b2a9b9dd5ad71e49cc6bdec00568d0761e1f8f0ecc12b12b2a335af50bc6020b08befde073641832a1fd8634903eb97	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "438642216"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50311110b03edb01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\discord.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b3e8f15f634dfc43bfa5c3a2648d88c40000000002000000000010660000000100002000000061dfe9205825576f9f1dd7c2d249a611d29be7b394072c6d56d37003ef1e8012000000000e8000000002000020000000433e653f485e9a8058df8a69cfff3453096569e9470285ff0768e066149d400c2000000023a1337563f0506861e74a2853e198eece3fde630a58257be064bfe037d2f16840000000d2109c7aac17fef6dc2e1dd14e1529d3bae60c2e84b9309952a6ce91a91634d6a6e550409268127770d228dbb042cca22678ed03beb2ea4784e55425ea181ca0	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid	Process
1000	chrome.exe
1000	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

UpdateCazyAndtwce.exechrome.exe

description	pid	Process
Token: SeDebugPrivilege	1404	UpdateCazyAndtwce.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

Processes:

iexplore.exechrome.exe

pid	Process
1936	iexplore.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

chrome.exe

pid	Process
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid	Process
1936	iexplore.exe
1936	iexplore.exe
2784	IEXPLORE.EXE
2784	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

UpdateCazyAndtwce.exeiexplore.exechrome.exe

description	pid	Process	procid_target
PID 1404 wrote to memory of 1936	1404	UpdateCazyAndtwce.exe	31
PID 1404 wrote to memory of 1936	1404	UpdateCazyAndtwce.exe	31
PID 1404 wrote to memory of 1936	1404	UpdateCazyAndtwce.exe	31
PID 1936 wrote to memory of 2784	1936	iexplore.exe	32
PID 1936 wrote to memory of 2784	1936	iexplore.exe	32
PID 1936 wrote to memory of 2784	1936	iexplore.exe	32
PID 1936 wrote to memory of 2784	1936	iexplore.exe	32
PID 1000 wrote to memory of 2024	1000	chrome.exe	36
PID 1000 wrote to memory of 2024	1000	chrome.exe	36
PID 1000 wrote to memory of 2024	1000	chrome.exe	36
PID 1000 wrote to memory of 408	1000	chrome.exe	38
PID 1000 wrote to memory of 408	1000	chrome.exe	38
PID 1000 wrote to memory of 408	1000	chrome.exe	38
PID 1000 wrote to memory of 408	1000	chrome.exe	38
PID 1000 wrote to memory of 408	1000	chrome.exe	38
PID 1000 wrote to memory of 408	1000	chrome.exe	38
PID 1000 wrote to memory of 408	1000	chrome.exe	38
PID 1000 wrote to memory of 408	1000	chrome.exe	38
PID 1000 wrote to memory of 408	1000	chrome.exe	38
PID 1000 wrote to memory of 408	1000	chrome.exe	38
PID 1000 wrote to memory of 408	1000	chrome.exe	38
PID 1000 wrote to memory of 408	1000	chrome.exe	38
PID 1000 wrote to memory of 408	1000	chrome.exe	38
PID 1000 wrote to memory of 408	1000	chrome.exe	38
PID 1000 wrote to memory of 408	1000	chrome.exe	38
PID 1000 wrote to memory of 408	1000	chrome.exe	38
PID 1000 wrote to memory of 408	1000	chrome.exe	38
PID 1000 wrote to memory of 408	1000	chrome.exe	38
PID 1000 wrote to memory of 408	1000	chrome.exe	38
PID 1000 wrote to memory of 408	1000	chrome.exe	38
PID 1000 wrote to memory of 408	1000	chrome.exe	38
PID 1000 wrote to memory of 408	1000	chrome.exe	38
PID 1000 wrote to memory of 408	1000	chrome.exe	38
PID 1000 wrote to memory of 408	1000	chrome.exe	38
PID 1000 wrote to memory of 408	1000	chrome.exe	38
PID 1000 wrote to memory of 408	1000	chrome.exe	38
PID 1000 wrote to memory of 408	1000	chrome.exe	38
PID 1000 wrote to memory of 408	1000	chrome.exe	38
PID 1000 wrote to memory of 408	1000	chrome.exe	38
PID 1000 wrote to memory of 408	1000	chrome.exe	38
PID 1000 wrote to memory of 408	1000	chrome.exe	38
PID 1000 wrote to memory of 408	1000	chrome.exe	38
PID 1000 wrote to memory of 408	1000	chrome.exe	38
PID 1000 wrote to memory of 408	1000	chrome.exe	38
PID 1000 wrote to memory of 408	1000	chrome.exe	38
PID 1000 wrote to memory of 408	1000	chrome.exe	38
PID 1000 wrote to memory of 408	1000	chrome.exe	38
PID 1000 wrote to memory of 408	1000	chrome.exe	38
PID 1000 wrote to memory of 408	1000	chrome.exe	38
PID 1000 wrote to memory of 2248	1000	chrome.exe	39
PID 1000 wrote to memory of 2248	1000	chrome.exe	39
PID 1000 wrote to memory of 2248	1000	chrome.exe	39
PID 1000 wrote to memory of 2664	1000	chrome.exe	40
PID 1000 wrote to memory of 2664	1000	chrome.exe	40
PID 1000 wrote to memory of 2664	1000	chrome.exe	40
PID 1000 wrote to memory of 2664	1000	chrome.exe	40
PID 1000 wrote to memory of 2664	1000	chrome.exe	40
PID 1000 wrote to memory of 2664	1000	chrome.exe	40
PID 1000 wrote to memory of 2664	1000	chrome.exe	40
PID 1000 wrote to memory of 2664	1000	chrome.exe	40
PID 1000 wrote to memory of 2664	1000	chrome.exe	40
PID 1000 wrote to memory of 2664	1000	chrome.exe	40
PID 1000 wrote to memory of 2664	1000	chrome.exe	40
PID 1000 wrote to memory of 2664	1000	chrome.exe	40

C:\Users\Admin\AppData\Local\Temp\UpdateCazyAndtwce.exe
"C:\Users\Admin\AppData\Local\Temp\UpdateCazyAndtwce.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1404
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" https://discord.gg/Qt5NMSgdzU
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1936
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1936 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7759758,0x7fef7759768,0x7fef7759778
  2⤵
  PID:2024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1164 --field-trial-handle=1148,i,7421573123763637032,16545826252007373422,131072 /prefetch:2
  2⤵
  PID:408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1520 --field-trial-handle=1148,i,7421573123763637032,16545826252007373422,131072 /prefetch:8
  2⤵
  PID:2248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1544 --field-trial-handle=1148,i,7421573123763637032,16545826252007373422,131072 /prefetch:8
  2⤵
  PID:2664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2300 --field-trial-handle=1148,i,7421573123763637032,16545826252007373422,131072 /prefetch:1
  2⤵
  PID:3024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2332 --field-trial-handle=1148,i,7421573123763637032,16545826252007373422,131072 /prefetch:1
  2⤵
  PID:688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1472 --field-trial-handle=1148,i,7421573123763637032,16545826252007373422,131072 /prefetch:2
  2⤵
  PID:880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1452 --field-trial-handle=1148,i,7421573123763637032,16545826252007373422,131072 /prefetch:1
  2⤵
  PID:2456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3660 --field-trial-handle=1148,i,7421573123763637032,16545826252007373422,131072 /prefetch:8
  2⤵
  PID:484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3720 --field-trial-handle=1148,i,7421573123763637032,16545826252007373422,131072 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2620 --field-trial-handle=1148,i,7421573123763637032,16545826252007373422,131072 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3760 --field-trial-handle=1148,i,7421573123763637032,16545826252007373422,131072 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3872 --field-trial-handle=1148,i,7421573123763637032,16545826252007373422,131072 /prefetch:1
  2⤵
  PID:336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3692 --field-trial-handle=1148,i,7421573123763637032,16545826252007373422,131072 /prefetch:1
  2⤵
  PID:1200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2488 --field-trial-handle=1148,i,7421573123763637032,16545826252007373422,131072 /prefetch:1
  2⤵
  PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1056 --field-trial-handle=1148,i,7421573123763637032,16545826252007373422,131072 /prefetch:1
  2⤵
  PID:1784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3856 --field-trial-handle=1148,i,7421573123763637032,16545826252007373422,131072 /prefetch:8
  2⤵
  PID:2028

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:584

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x518
1⤵
PID:1916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
b71dcfa099476fb426975769cbc730db

SHA1
cf21c579ae7b657145a69df0a085d34454c88393

SHA256
95e037bbc2da02f85403fe1b891c9d8b1358098d49378f12b633557b078a2122

SHA512
879f8ced5e44918db88eeadfc6ec973a753e8b426416b8681c82abd7ffb9d1f6340cc0e084da82474851d44824b11fad291a7e7a3434d16f9081a09b888f61dd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c3ff91de4a83a9d98ae9ee278bfec13e

SHA1
27d7a62fee4048aba0691c5615abbb78e52e2276

SHA256
0dc3f70e207a573e253eab40fdc2a22ca72a30e442dad18faad4c6edd21bc1e4

SHA512
798a9643b393ab4bdfa4727b75f20feb9be2c48f2fa8d5bce7e6bfff99ec0bce07cb66fc36964cd9c22a50c4f2bebd21089f0aa968812279747bc2ecbc3fd6f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1d66ec485421639263d07872e21346b2

SHA1
df78c4b61a2d8cd9ffacd326e9c44b5ed7280fd5

SHA256
c993b9205c5e0e09a60ca3822c5817c0a136d000f3b9087a5156397728ba894d

SHA512
66edec28afb3018c9aadf7d1f958f31b4733686b673ae3dfb7da267e82fd866a0b5c867a459ba23cc2f5560876c60adbe91929ac4fe042cb95ba28b40233a0b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bd065cc7a7e06874f20d9a15be82e4a5

SHA1
88cc5d633c8675b7e7bec4f51d3213e7fafda3b0

SHA256
295a13a03c28518a449325c3405c3c441d432d4088e33f12eb3d3573d5805787

SHA512
14ce4451ef41c7d421793dba4d975cf01d3cef96bed622171359b1a0531b851f1d85822252c92572f74d0d87635da42032ce866c660c0c69e243d2ebb27e7ce4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
da907bfc4e7ab203134dd76d488cbe0e

SHA1
1b3902ddd4eda4f23bad94c0660fe5b33368fde0

SHA256
355d79b989c39a7493fd45598fffa9cd38ffd1af1ddcd0a2da9679f6d4ea230e

SHA512
2bc839d7a26f989c8bce207506c91fc9edbf97ebaf9b301e185671f49c1f35c14efd13e3a26adea8aa9955d5a8d5340811e2421eb7a969fdf46f09b4a14ac131

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c7ae862e9ff2bacf3cb9951af556ccb5

SHA1
cae10c1a9b4a4bfcc6fc067e5336139813bf01d8

SHA256
da47ab1630c71c686405fda1706c6840c76e4ebd162747c72efda3c112ec1f18

SHA512
07e22136f920d27f35dcf88bf0c3b7835f090f73ee3a06a6842e05cdb12a343c204e242e2fb046a5f264b8168aa6c9eb2e77e32e8b333f19aca6ca4c3be181b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c614c0e37ecde0993e959a7a187b4c71

SHA1
76dd58b0ccf28b585bcfcbdaea0d31fedc0bdfda

SHA256
4dc65b04a577ddc5462291ba24a97b5dceefa0d47f76969a7f53ecdcb2995c2e

SHA512
9d18bfd090beb5b048c81e70532cbfb94af862d9efcdc9ef5ac7d4120fe858f82d22f9833dca45782ef831868eef135e16f7b13853e58e2fa4672ad1c7718808

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
605a37df243d13b2babc9d3cff136e47

SHA1
2a66c6ce0a60bec86f3d1a0a37fc4aa56220f156

SHA256
0850c9aeb884a49c52cee35c3dda573b2f2601774e4bd075fcc44a1c556f254c

SHA512
fd543e2846546ab16911028aceef18f35440b0fcf04f8a829be698af57f583ca346e6afebdbbbaabc33f696cb011952ff2e5c4a8f02686b81948dcc8344bc3d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
082347598a2a13dab5b49a8ae58d368c

SHA1
ef6fcf0c311e9b6c812c7347e74a2412b3c508de

SHA256
09ebb1f250994375e4437e689a56de2abd8826c12f1673b2ac911dd0ca52707c

SHA512
3081de35b7ddbbd5941087c56177efef9ce3d2161e97e2e9dbeab96a3c930908bf39d7c77724f6c428de2198827aa7f9f0459d30f8cc7cb304bebe174b93df24

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
da32f6badf40bc75553bb05d34a77fa6

SHA1
1264147930dd447d5cc5a8b3ac0efa2449d099cd

SHA256
89c785b341ae857a7233022dfadee43d080df461b414d9acc37243d4766fe3e4

SHA512
6d525aa6f646e2b2cda5c5497a2c8ab17d9c83a3ab7d26630454a94240cfde0b2b98c52402a73b9b4bb206bd8c296b74127c97fe23d798fdd020adca8cfa40da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cfc2a0711d5981fe83a093ce7f0852bc

SHA1
5cff170fb6a3bbd3c8383e0d41567ce08e289a0a

SHA256
f78da05e0f316109a7d113a614e014476d1978168d7e0832514f08b8ba0d023e

SHA512
62296e11b4ba69190ebf75a86bf8316a06fd34e596346f851c9804c770bbdbb2f8370407fc119f0684ab3efc16b90c430e2d5cd759c31b6b9cb6f3a160304216

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
176759fb24addff091412ab6b5f6a83e

SHA1
ae7c90346d3c7b0e11544177ab551498671ee952

SHA256
227d62c86bbbb20a48f8b25c9ac57ecfda481271434b048f3c781bcbd2eab499

SHA512
7d019b8789987c1fdd0604202a3e945d2227ea01156cee02a092b42a90f680bb06c98c4bf8eb6ea34e0ec9f5c6332158c0e327f62c664f9b5da1a5e15428fbeb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
34c3e2fa73e5b6a3049ad17cb5633c0a

SHA1
a9d118c8949f5a7a91ebad9e305a9888a619a0b7

SHA256
0544732810a19cf19b0ab33f7b71b0dc839f09a6a56e3b4ef59d655ba9e81b0c

SHA512
6873da9fb5f10a77f71bbd213f95d460a78ed0a477cbe7a2406be6d4f199e0e7945fa5b3abb059fed28d5d24640d68dcb701321ee7bba5ec3793a98b799e1686

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
58ee7be9602c0945b3f3622875fef3ad

SHA1
fb1b82dee585109c9a5250e0de0bec5d24db454a

SHA256
0c21a74d16a0dd39d81aaf8d0b43086eab1cb26a9385b8c47a9227887e06565f

SHA512
d0ed273bb61854c1d286cd09f12b895cbe4c8ca403dee6f0bcc421597acc87253dcbcf83c8c95b10f4c23e9c6b14c663d50573388c661bad46de0ceae0887afc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3dec8c4c5efe615cafd8091fd00b8e8f

SHA1
b2eb51d5ae80faf8687a842e7bdd2b09a65d7d18

SHA256
e664f1ee193a877ccd08ebf2ca47fc9d1e1b510567818584aa3202e043030cc1

SHA512
a032a586d26f348a04a216530f9b10627641c5c00bdc4b5102fc9ce43031919a4f58e63bf442f6ff5e6f182001b825d93704748466b26e73b34ec45621e3dfd2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ab341b12b56d50cdc2527b64f23fe9ad

SHA1
a68275287aae7247abed5715a7196c8d79ee1230

SHA256
5227c8507608560a9be7d075aafd792801696076fecac8810d11d6c61e14deef

SHA512
114c73e6d1681ce896bfec747c2d1eeceb6e45e5c695726d6f20dc7c42648b8bb8dee308169b73fe4c1fe4923043a674157d19a892e06c0a0194c879aae005ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a3164a04c37bb07c416ff1b0494107ba

SHA1
5d921e3622e16adc96572e71238159cf898014a8

SHA256
a2d26af0dd8cdeef490afbcaa742de6b0d904878c39d5b3b22cedc14014e00fd

SHA512
431cf3056d3963efe67e74cfaf317c9ecfc0b01c3f497c29162d51a91bb62465759efb00f81f35dbb3b1c52d253d7175ab0cfd3f62d1064f6d329a0a1be0d490

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bd49421bb20fb521dbaefd36a9894745

SHA1
c200c61c9e91568425dff75d34ac2fb846bbe90e

SHA256
ceeb39a313f7e4416a2792c75c7a7330b86f2e839d3f6354cf370fa019fe236f

SHA512
7b0ba77efc41a021b57c7e74a96fb8255f73968138979cd37f4ff0f67f0589abbcc5065de6f7a69583b518c05cb34d66b63b1bb2d29bd91010c4e08c373b60db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b7b5a818dba32edc2baf13cfc7378730

SHA1
bfe02b610a9225ab6809efb9c39dac423a73c878

SHA256
3bf2833f8ccfd74496323db63e9ad3ffbf87b015ca9ead05b51d68252158ee65

SHA512
a4fa41cc25b4f2523967825452039da8e0ca660034ab7d63b8359e679597ebe159add6d0387253356242326b3878f893235c49d34758bd0fb63a5210d3cfa0e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
71810abdfc661f3710d597623bd68024

SHA1
6893bdfe4d8435eee575130604738e63290b2892

SHA256
1dea9e556e5b6853ab691470f16be52c1888db071c06b784c9f0b61f25bed715

SHA512
4b0df72936458f6d025b37c3a0c4c350fa45a08cac483baa2872fb5ed722783d4cc985abf9eeef8ee68330068f0b407e39fffdc97e9e8d2d6977d8be98499866

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
230a07c7515cdf99260f9ea26b76d5f1

SHA1
b4e8fde1592b2891368a9c6076f50df24849ee53

SHA256
e8de01a041acc5a8c90ecd34cfc2160f704fea7ee92e67d94a4b5da9320a5fd3

SHA512
b9c6736c76ded841aa04e4f64411c667d2f836c1ef44e1f5972ca3222bb882efeb7a73af4ee99ee824d7327cf11a6836280ad4165f38be7c077455beab586b55

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4ffb270c630d0a024e6960c2df0b6a68

SHA1
67d801b0dcef5be529ba2bb04ea4f4a7dc240672

SHA256
32e33afd386f1219351333b27ad10ec3b92c14e75535ff06fd5f1e791d8f97ac

SHA512
cb1954e5aa14cd1abe33bee8b39b042407fbca428ba90584cee8068918e5751c0fceadd78af1bf43b4633a76b3bc62b71b427565c601779991205332001eeddf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f64ee189a2c6325bc7ee6e9f12355c08

SHA1
958d4d2b3bf1919279dbee34713edb5f1e6efc8f

SHA256
9c7c86bbd9adb5e71bd43487433bd4983adb22ef47715c1ddf6b4f9234625e7e

SHA512
75f10863c819c75c693c950c3b894e5406b657d99e0cd58894c407f6f45e85f8924d977a08e1c3c11643de5bd71c64495e98f063a46074cd21f6de50fc0b3812

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cf3f9d630e40c6e7e8a53006a6a22b33

SHA1
55f61c97f95de8134af8923a9a3a0f9b28b131ee

SHA256
f65b4c5054d05437f912bfd61535467949f5a8112dc6530a351b3a3bd68f22c5

SHA512
362385b8506834b00c9a95f39e32f695a5f7e8512983b394c0c2020eeea73cc86bd10c9f007a2ec62e181369c8d98ceca8f3da6c446cf380aede9a6d8aeeb23f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b9638cf025aac86bf6c9b5da57edba33

SHA1
93461cd4dd0712f62e4a5a471c8cf5d5f5524859

SHA256
c21c9457320d619b640a9a3162345134a59e7e6924a5d90fcc33fb9c47ce75e5

SHA512
150d41062b8385933ea4613280351107f8c82688fda13312d935b2ff137be3f0a7306dcae81c6a5f68be0d272b3f5bd7db56b5b2233b0801f6579aea8d606980

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
08c33577e5cc9a1b8bf4d4bcef9fb229

SHA1
a56d0601b28d9fcdb78e4af9b89948e6ca43017f

SHA256
dd0eee53672de79e589bfb3416e2281a89b5e25e06dad837a2781f511e2824d1

SHA512
c2957da93de96644d7782df8f9c56f13bfd222f7b116dd096c926861b070592dc13da145a6c11b72871244b90761597068724f8157612719a616e3ffa0df0ec4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6c3f41a1fbea9bec0cf1a2291175027d

SHA1
cc51c0cc744d03e61e0785c8e7299ae8fd2375c0

SHA256
018d6eee0a0ac8a1b5bd01179d303dda1dba7a721a2cd7673d2278b5934be044

SHA512
c4dfe3199bd6f6f54e098da07f1aecc0a273d036760c0e74ef0a2f655df2f7b5d74f4b5ebb35983be916a9b3ba35f76a92c4531e1f9a7a08c0b5178f1f510834

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
113bf78bd2d9e3382e22c8ab2db65d30

SHA1
97ca7dbe43ff59b90da62bcf7ebb188a49269d94

SHA256
b92145778b8a07397234537da74f7001680dc72ad6a077237426e381c3839e09

SHA512
e8e3f2dd24461fd72901ee9899dd1a47629a9cfdda33bc4b939f0aa19cf969f24941c718d7d0b548d5ed8f3591a003da87dfe2c861895702bebd5b12e78194c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
698228297a2bba75e30885f951e45a3b

SHA1
195b83cde5e277df2a81ca31db3cde6a081c6df9

SHA256
ddaf8ca25f83f09a82df22e23f716eaa50054bb4d99b7d58607c7be6ef639a19

SHA512
22d5d1a2d52baaba45be2da4419c1e9b3bebaad9dc90445c30d5433568975fb926776d34c492aee782f0c7b2dd2b2caf6b165e9c4e94d38520cfc4db828ee3b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
522B

MD5
583189457f9b114f127e4bfdf8e20425

SHA1
943eafe2d25dba9ec7bfbf14b34ed088ccd6eab7

SHA256
4cca29e045d2228d72ad71935d754cf12f179ffedc08083b5eac7dc0c9779192

SHA512
7221c002afdc45869eac5b002c0d03427c41a88b854dc25c03d7a4b590d53078085b89a41e2a7c2c77c96071f0ee24ad93800fbb034687f7c585bb04ff271f00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
6fea9f5c24233c110febe269ee9704bb

SHA1
636f0126e80634d19bab06ba78a499892079fec5

SHA256
ada903e0502d05ce4787396ca8b49cff4996c4b648bd9ed5947b8ed916b2d595

SHA512
2e793600c3517eaec14fdb8891ae717d20fa82555d14b002134a5d40c3745c771990ec7f15f8f2ae757706cd57c3c96c4441035fecb39f1305936395dd19c101

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
fab5f3a875862c3c788fc472224095b6

SHA1
86024dd9e3b74a6ab3a79829ed9173c791adf07d

SHA256
711b18342427be3711435e03e59ef2888f31aa5c223a9dafbd8f0ab69fa074fd

SHA512
d665df36de0ba46cacbfa2e88cb7e4e91b45cb117d9a9273e29f8d78a726a50a90527830e80bd7542433a00252ef498b02db6c9845b73a0dc6d02f1c56ec282b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
317a41c7d831d694dcca6f9b5abe455f

SHA1
914e8969611c5698828e2cd23cd9b000ce7387bc

SHA256
313eba2165fa7bf53ce4b4f559bb79977c8ae8bc7822e398e16af5886f38db9a

SHA512
32875c0f89366578f478cb954b503544b165ab28e53526e3e749e77691c0a4e53ae2e056b2b895684b92b1cc9f799b7cce76f53d6fa7b6fa705c5fdcf92b08ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
347KB

MD5
8fdfdb1b376be483079f5e3a7701e86b

SHA1
7138f38df640d9d35ab39bfe5218122677660153

SHA256
d6c242cfcfd75a25e4356470d303c3ba5bb42a08d35e21b3425600f77559b043

SHA512
f54c0697d03f344456cc1fe70ea5fbffa0d0714c6c728600ae15eb6296789e06f4eee6c6fd961fff3ca2e730b686326d6707c3ed633e07a28dab0e44fab7d74e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\e1ur8h2\imagestore.dat

Filesize
24KB

MD5
ff8d5647e219c11d08453ab5aa93f10f

SHA1
4e99bbd2431342a8eee71a1661129626f23fadc6

SHA256
4d465cdf2a8b5a341c36233619945055b986bedfdb2317dd3a2f3acaf46b62dd

SHA512
9400207d38702463dc7e7c431961cc4ef45ea30f31c7ede8caf2b034379e80d2ec6c6137e2584181d9b602df4bc49ff54e9d9f2d01266f9c8abe317688beb605

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AS91FDNI\favicon[1].ico

Filesize
23KB

MD5
ec2c34cadd4b5f4594415127380a85e6

SHA1
e7e129270da0153510ef04a148d08702b980b679

SHA256
128e20b3b15c65dd470cb9d0dc8fe10e2ff9f72fac99ee621b01a391ef6b81c7

SHA512
c1997779ff5d0f74a7fbb359606dab83439c143fbdb52025495bdc3a7cb87188085eaf12cc434cbf63b3f8da5417c8a03f2e64f751c0a63508e4412ea4e7425c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2ECF.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2ED1.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
\??\pipe\crashpad_1000_MUMAMYLUENVQMWUW

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1404-0-0x0000000000D00000-0x0000000002980000-memory.dmp

Filesize
28.5MB

Download
memory/1404-2-0x000007FEFDA10000-0x000007FEFDA7C000-memory.dmp

Filesize
432KB

Download
memory/1404-11-0x000007FEFDA10000-0x000007FEFDA7C000-memory.dmp

Filesize
432KB

Download
memory/1404-10-0x0000000000570000-0x0000000000571000-memory.dmp

Filesize
4KB

Download
memory/1404-8-0x0000000000D00000-0x0000000002980000-memory.dmp

Filesize
28.5MB

Download
memory/1404-7-0x0000000000D00000-0x0000000002980000-memory.dmp

Filesize
28.5MB

Download
memory/1404-4-0x000007FEFDA10000-0x000007FEFDA7C000-memory.dmp

Filesize
432KB

Download
memory/1404-12-0x000000001DA90000-0x000000001DB42000-memory.dmp

Filesize
712KB

Download
memory/1404-3-0x000007FEFDA10000-0x000007FEFDA7C000-memory.dmp

Filesize
432KB

Download
memory/1404-5-0x000007FEFDA10000-0x000007FEFDA7C000-memory.dmp

Filesize
432KB

Download
memory/1404-1-0x000007FEFDA23000-0x000007FEFDA24000-memory.dmp

Filesize
4KB

Download
memory/1404-13-0x0000000000D00000-0x0000000002980000-memory.dmp

Filesize
28.5MB

Download
memory/1404-14-0x000007FEFDA10000-0x000007FEFDA7C000-memory.dmp

Filesize
432KB

Download
memory/1404-16-0x000007FEFDA10000-0x000007FEFDA7C000-memory.dmp

Filesize
432KB

Download
memory/1404-18-0x000007FEFDA10000-0x000007FEFDA7C000-memory.dmp

Filesize
432KB

Download
memory/1404-19-0x0000000000D00000-0x0000000002980000-memory.dmp

Filesize
28.5MB

Download