e416d82e1c5bea2d8518c0a14644027c9dad8d23a930d663d3e6e11a99036472

Resubmissions

26-11-2024 15:52

241126-ta4cxatqfm 8

26-11-2024 15:48

241126-s8ypmstphk 8

26-11-2024 15:40

241126-s38bwstmhp 8

Analysis

max time kernel
543s
max time network
546s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
26-11-2024 15:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ModInjector.exe
Size

5.8MB
MD5

456e8d1820b74a7f6cc963d02c1a6513
SHA1

ebb63550be46eaaf9d0184f34cc6de235c61aa5e
SHA256

e416d82e1c5bea2d8518c0a14644027c9dad8d23a930d663d3e6e11a99036472
SHA512

9f333a7547492c5cf9d516be80eebff0f43f051154e611296a30fe694aaaf64b136a037b0406d27aa07abc1d7790095830b62e7a466b7c9c14ce7f7536a60aa5
SSDEEP

49152:+QNXVNXvNaYg8R59ckm3LpVAmYpi+b4BBjHQtDgznmDwOBOBJapTL2iKeRpJ6iai:zXfXVaE9OcundmtL2itpHaZFK

Score

8^/10

microsoft defense_evasion discovery phishing

Malware Config

Signatures

Downloads MZ/PE file
A potential corporate email address has been identified in the URL: EA76ADE95776D2EC7F000101@AdobeOrg
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing

Executes dropped EXE 1 IoCs

pid	Process
4980	MinecraftInstaller.exe

Loads dropped DLL 5 IoCs

pid	Process
4352	ModInjector.exe
4352	ModInjector.exe
4352	ModInjector.exe
4352	ModInjector.exe
4352	ModInjector.exe

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135
Detected potential entity reuse from brand MICROSOFT.
phishing microsoft

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\OperaSetup.exe:Zone.Identifier	msedgewebview2.exe
File opened for modification	C:\Users\Admin\Downloads\MinecraftInstaller.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MinecraftInstaller.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 15 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
1824	msedgewebview2.exe
4696	msedgewebview2.exe
2448	msedgewebview2.exe
2064	msedgewebview2.exe
2504	msedgewebview2.exe
4512	msedgewebview2.exe
4980	msedgewebview2.exe
1404	msedgewebview2.exe
4148	msedgewebview2.exe
2348	msedgewebview2.exe
1192	msedgewebview2.exe
4156	msedgewebview2.exe
4460	msedgewebview2.exe
3664	msedgewebview2.exe
724	msedgewebview2.exe

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	chrome.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	chrome.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	chrome.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133771100563146228"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Key created	\Registry\User\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\NotificationData	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Version = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe

NTFS ADS 4 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 632321.crdownload:SmartScreen	msedgewebview2.exe
File opened for modification	C:\Users\Admin\Downloads\OperaSetup.exe:Zone.Identifier	msedgewebview2.exe
File opened for modification	C:\Users\Admin\Downloads\MinecraftInstaller.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\LTSC-Add-MicrosoftStore.htm:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
2524	msedgewebview2.exe
2524	msedgewebview2.exe
2348	msedgewebview2.exe
2348	msedgewebview2.exe
4696	msedgewebview2.exe
4696	msedgewebview2.exe
2276	chrome.exe
2276	chrome.exe
2064	msedgewebview2.exe
2064	msedgewebview2.exe
2064	msedgewebview2.exe
2064	msedgewebview2.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 32 IoCs

pid	Process
3492	msedgewebview2.exe
3492	msedgewebview2.exe
3492	msedgewebview2.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeCreatePagefilePrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeCreatePagefilePrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeCreatePagefilePrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeCreatePagefilePrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeCreatePagefilePrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeCreatePagefilePrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeCreatePagefilePrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeCreatePagefilePrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeCreatePagefilePrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeCreatePagefilePrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeCreatePagefilePrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeCreatePagefilePrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeCreatePagefilePrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeCreatePagefilePrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeCreatePagefilePrivilege	2276	chrome.exe
Token: 33	2912	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2912	AUDIODG.EXE
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeCreatePagefilePrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeCreatePagefilePrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeCreatePagefilePrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeCreatePagefilePrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeCreatePagefilePrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeCreatePagefilePrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeCreatePagefilePrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeCreatePagefilePrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeCreatePagefilePrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeCreatePagefilePrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeCreatePagefilePrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeCreatePagefilePrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeCreatePagefilePrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeCreatePagefilePrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeCreatePagefilePrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeCreatePagefilePrivilege	2276	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3492	msedgewebview2.exe
3492	msedgewebview2.exe
3492	msedgewebview2.exe
3492	msedgewebview2.exe
3492	msedgewebview2.exe
3492	msedgewebview2.exe
3492	msedgewebview2.exe
3492	msedgewebview2.exe
3492	msedgewebview2.exe
3492	msedgewebview2.exe
3492	msedgewebview2.exe
3492	msedgewebview2.exe
3492	msedgewebview2.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
2516	chrome.exe
3732	OpenWith.exe
1460	chrome.exe
5820	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
5468	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4352 wrote to memory of 3492	4352	ModInjector.exe	80
PID 4352 wrote to memory of 3492	4352	ModInjector.exe	80
PID 3492 wrote to memory of 1744	3492	msedgewebview2.exe	81
PID 3492 wrote to memory of 1744	3492	msedgewebview2.exe	81
PID 3492 wrote to memory of 1404	3492	msedgewebview2.exe	82
PID 3492 wrote to memory of 1404	3492	msedgewebview2.exe	82
PID 3492 wrote to memory of 1404	3492	msedgewebview2.exe	82
PID 3492 wrote to memory of 1404	3492	msedgewebview2.exe	82
PID 3492 wrote to memory of 1404	3492	msedgewebview2.exe	82
PID 3492 wrote to memory of 1404	3492	msedgewebview2.exe	82
PID 3492 wrote to memory of 1404	3492	msedgewebview2.exe	82
PID 3492 wrote to memory of 1404	3492	msedgewebview2.exe	82
PID 3492 wrote to memory of 1404	3492	msedgewebview2.exe	82
PID 3492 wrote to memory of 1404	3492	msedgewebview2.exe	82
PID 3492 wrote to memory of 1404	3492	msedgewebview2.exe	82
PID 3492 wrote to memory of 1404	3492	msedgewebview2.exe	82
PID 3492 wrote to memory of 1404	3492	msedgewebview2.exe	82
PID 3492 wrote to memory of 1404	3492	msedgewebview2.exe	82
PID 3492 wrote to memory of 1404	3492	msedgewebview2.exe	82
PID 3492 wrote to memory of 1404	3492	msedgewebview2.exe	82
PID 3492 wrote to memory of 1404	3492	msedgewebview2.exe	82
PID 3492 wrote to memory of 1404	3492	msedgewebview2.exe	82
PID 3492 wrote to memory of 1404	3492	msedgewebview2.exe	82
PID 3492 wrote to memory of 1404	3492	msedgewebview2.exe	82
PID 3492 wrote to memory of 1404	3492	msedgewebview2.exe	82
PID 3492 wrote to memory of 1404	3492	msedgewebview2.exe	82
PID 3492 wrote to memory of 1404	3492	msedgewebview2.exe	82
PID 3492 wrote to memory of 1404	3492	msedgewebview2.exe	82
PID 3492 wrote to memory of 1404	3492	msedgewebview2.exe	82
PID 3492 wrote to memory of 1404	3492	msedgewebview2.exe	82
PID 3492 wrote to memory of 1404	3492	msedgewebview2.exe	82
PID 3492 wrote to memory of 1404	3492	msedgewebview2.exe	82
PID 3492 wrote to memory of 1404	3492	msedgewebview2.exe	82
PID 3492 wrote to memory of 1404	3492	msedgewebview2.exe	82
PID 3492 wrote to memory of 1404	3492	msedgewebview2.exe	82
PID 3492 wrote to memory of 1404	3492	msedgewebview2.exe	82
PID 3492 wrote to memory of 1404	3492	msedgewebview2.exe	82
PID 3492 wrote to memory of 1404	3492	msedgewebview2.exe	82
PID 3492 wrote to memory of 1404	3492	msedgewebview2.exe	82
PID 3492 wrote to memory of 1404	3492	msedgewebview2.exe	82
PID 3492 wrote to memory of 1404	3492	msedgewebview2.exe	82
PID 3492 wrote to memory of 1404	3492	msedgewebview2.exe	82
PID 3492 wrote to memory of 1404	3492	msedgewebview2.exe	82
PID 3492 wrote to memory of 1404	3492	msedgewebview2.exe	82
PID 3492 wrote to memory of 2524	3492	msedgewebview2.exe	83
PID 3492 wrote to memory of 2524	3492	msedgewebview2.exe	83
PID 3492 wrote to memory of 1824	3492	msedgewebview2.exe	84
PID 3492 wrote to memory of 1824	3492	msedgewebview2.exe	84
PID 3492 wrote to memory of 1824	3492	msedgewebview2.exe	84
PID 3492 wrote to memory of 1824	3492	msedgewebview2.exe	84
PID 3492 wrote to memory of 1824	3492	msedgewebview2.exe	84
PID 3492 wrote to memory of 1824	3492	msedgewebview2.exe	84
PID 3492 wrote to memory of 1824	3492	msedgewebview2.exe	84
PID 3492 wrote to memory of 1824	3492	msedgewebview2.exe	84
PID 3492 wrote to memory of 1824	3492	msedgewebview2.exe	84
PID 3492 wrote to memory of 1824	3492	msedgewebview2.exe	84
PID 3492 wrote to memory of 1824	3492	msedgewebview2.exe	84
PID 3492 wrote to memory of 1824	3492	msedgewebview2.exe	84
PID 3492 wrote to memory of 1824	3492	msedgewebview2.exe	84
PID 3492 wrote to memory of 1824	3492	msedgewebview2.exe	84
PID 3492 wrote to memory of 1824	3492	msedgewebview2.exe	84
PID 3492 wrote to memory of 1824	3492	msedgewebview2.exe	84
PID 3492 wrote to memory of 1824	3492	msedgewebview2.exe	84
PID 3492 wrote to memory of 1824	3492	msedgewebview2.exe	84

C:\Users\Admin\AppData\Local\Temp\ModInjector.exe
"C:\Users\Admin\AppData\Local\Temp\ModInjector.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:4352
- C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
  "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=ModInjector.exe --webview-exe-version=1.0.0+c3ce39f653ffc2c072637f61a3bd07afd7d2b8c7 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\ModInjector.exe.WebView2\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --mojo-named-platform-channel-pipe=4352.2008.3203438971626515924
  2⤵
  - Enumerates system info in registry
  - NTFS ADS
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:3492
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\ModInjector.exe.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\ModInjector.exe.WebView2\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Temp\ModInjector.exe.WebView2\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x114,0x7ffb7b903cb8,0x7ffb7b903cc8,0x7ffb7b903cd8
    3⤵
    PID:1744
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1328,10466724755578625797,6068959875602107106,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\ModInjector.exe.WebView2\EBWebView" --webview-exe-name=ModInjector.exe --webview-exe-version=1.0.0+c3ce39f653ffc2c072637f61a3bd07afd7d2b8c7 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1876 /prefetch:2
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:1404
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1328,10466724755578625797,6068959875602107106,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\ModInjector.exe.WebView2\EBWebView" --webview-exe-name=ModInjector.exe --webview-exe-version=1.0.0+c3ce39f653ffc2c072637f61a3bd07afd7d2b8c7 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2204 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2524
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1328,10466724755578625797,6068959875602107106,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\ModInjector.exe.WebView2\EBWebView" --webview-exe-name=ModInjector.exe --webview-exe-version=1.0.0+c3ce39f653ffc2c072637f61a3bd07afd7d2b8c7 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2460 /prefetch:8
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:1824
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1328,10466724755578625797,6068959875602107106,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\ModInjector.exe.WebView2\EBWebView" --webview-exe-name=ModInjector.exe --webview-exe-version=1.0.0+c3ce39f653ffc2c072637f61a3bd07afd7d2b8c7 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:4156
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1328,10466724755578625797,6068959875602107106,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\ModInjector.exe.WebView2\EBWebView" --webview-exe-name=ModInjector.exe --webview-exe-version=1.0.0+c3ce39f653ffc2c072637f61a3bd07afd7d2b8c7 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4224 /prefetch:1
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:4148
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1328,10466724755578625797,6068959875602107106,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\ModInjector.exe.WebView2\EBWebView" --webview-exe-name=ModInjector.exe --webview-exe-version=1.0.0+c3ce39f653ffc2c072637f61a3bd07afd7d2b8c7 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=4104 /prefetch:8
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2348
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1328,10466724755578625797,6068959875602107106,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\ModInjector.exe.WebView2\EBWebView" --webview-exe-name=ModInjector.exe --webview-exe-version=1.0.0+c3ce39f653ffc2c072637f61a3bd07afd7d2b8c7 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2632 /prefetch:1
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:1192
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1328,10466724755578625797,6068959875602107106,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=icon_reader --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\ModInjector.exe.WebView2\EBWebView" --webview-exe-name=ModInjector.exe --webview-exe-version=1.0.0+c3ce39f653ffc2c072637f61a3bd07afd7d2b8c7 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=5320 /prefetch:8
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:3664
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1328,10466724755578625797,6068959875602107106,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=icon_reader --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\ModInjector.exe.WebView2\EBWebView" --webview-exe-name=ModInjector.exe --webview-exe-version=1.0.0+c3ce39f653ffc2c072637f61a3bd07afd7d2b8c7 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=5332 /prefetch:8
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:4460
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1328,10466724755578625797,6068959875602107106,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\ModInjector.exe.WebView2\EBWebView" --webview-exe-name=ModInjector.exe --webview-exe-version=1.0.0+c3ce39f653ffc2c072637f61a3bd07afd7d2b8c7 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=5424 /prefetch:8
    3⤵
    - Subvert Trust Controls: Mark-of-the-Web Bypass
    - System Network Configuration Discovery: Internet Connection Discovery
    - NTFS ADS
    - Suspicious behavior: EnumeratesProcesses
    PID:4696
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1328,10466724755578625797,6068959875602107106,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\ModInjector.exe.WebView2\EBWebView" --webview-exe-name=ModInjector.exe --webview-exe-version=1.0.0+c3ce39f653ffc2c072637f61a3bd07afd7d2b8c7 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2756 /prefetch:8
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:2448
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1328,10466724755578625797,6068959875602107106,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\ModInjector.exe.WebView2\EBWebView" --webview-exe-name=ModInjector.exe --webview-exe-version=1.0.0+c3ce39f653ffc2c072637f61a3bd07afd7d2b8c7 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=4420 /prefetch:8
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:724
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1328,10466724755578625797,6068959875602107106,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\ModInjector.exe.WebView2\EBWebView" --webview-exe-name=ModInjector.exe --webview-exe-version=1.0.0+c3ce39f653ffc2c072637f61a3bd07afd7d2b8c7 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4308 /prefetch:2
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2064
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1328,10466724755578625797,6068959875602107106,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\ModInjector.exe.WebView2\EBWebView" --webview-exe-name=ModInjector.exe --webview-exe-version=1.0.0+c3ce39f653ffc2c072637f61a3bd07afd7d2b8c7 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=5848 /prefetch:8
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:2504
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1328,10466724755578625797,6068959875602107106,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\ModInjector.exe.WebView2\EBWebView" --webview-exe-name=ModInjector.exe --webview-exe-version=1.0.0+c3ce39f653ffc2c072637f61a3bd07afd7d2b8c7 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=1776 /prefetch:8
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:4512
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1328,10466724755578625797,6068959875602107106,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\ModInjector.exe.WebView2\EBWebView" --webview-exe-name=ModInjector.exe --webview-exe-version=1.0.0+c3ce39f653ffc2c072637f61a3bd07afd7d2b8c7 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=912 /prefetch:8
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:4980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2824

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffb79eccc40,0x7ffb79eccc4c,0x7ffb79eccc58
  2⤵
  PID:2592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1832,i,7313182534683539443,9128105283611268090,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1828 /prefetch:2
  2⤵
  PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1964,i,7313182534683539443,9128105283611268090,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2104 /prefetch:3
  2⤵
  PID:964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2196,i,7313182534683539443,9128105283611268090,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2164 /prefetch:8
  2⤵
  PID:4784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,7313182534683539443,9128105283611268090,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3172,i,7313182534683539443,9128105283611268090,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:1288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4504,i,7313182534683539443,9128105283611268090,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4484 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4724,i,7313182534683539443,9128105283611268090,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4732 /prefetch:8
  2⤵
  PID:1448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4764,i,7313182534683539443,9128105283611268090,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4720 /prefetch:8
  2⤵
  PID:4032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5108,i,7313182534683539443,9128105283611268090,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4444 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4660,i,7313182534683539443,9128105283611268090,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5112 /prefetch:8
  2⤵
  PID:2364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3260,i,7313182534683539443,9128105283611268090,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:72
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3396,i,7313182534683539443,9128105283611268090,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=872,i,7313182534683539443,9128105283611268090,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5396,i,7313182534683539443,9128105283611268090,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5440,i,7313182534683539443,9128105283611268090,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5600,i,7313182534683539443,9128105283611268090,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:1844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5696,i,7313182534683539443,9128105283611268090,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5812,i,7313182534683539443,9128105283611268090,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6140,i,7313182534683539443,9128105283611268090,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:1704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5616,i,7313182534683539443,9128105283611268090,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:2840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5580,i,7313182534683539443,9128105283611268090,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:3432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5132,i,7313182534683539443,9128105283611268090,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3528,i,7313182534683539443,9128105283611268090,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6008 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5348,i,7313182534683539443,9128105283611268090,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:2736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5420,i,7313182534683539443,9128105283611268090,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6028 /prefetch:1
  2⤵
  PID:4016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=5836,i,7313182534683539443,9128105283611268090,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=5856,i,7313182534683539443,9128105283611268090,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6112 /prefetch:1
  2⤵
  PID:712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=5776,i,7313182534683539443,9128105283611268090,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=5236,i,7313182534683539443,9128105283611268090,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=5544,i,7313182534683539443,9128105283611268090,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:3680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6228,i,7313182534683539443,9128105283611268090,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6232 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:2516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5876,i,7313182534683539443,9128105283611268090,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5328 /prefetch:8
  2⤵
  PID:4332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5728,i,7313182534683539443,9128105283611268090,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5392 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:4652
- C:\Users\Admin\Downloads\MinecraftInstaller.exe
  "C:\Users\Admin\Downloads\MinecraftInstaller.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=4912,i,7313182534683539443,9128105283611268090,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6236 /prefetch:1
  2⤵
  PID:5520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=6844,i,7313182534683539443,9128105283611268090,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6828 /prefetch:1
  2⤵
  PID:5628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=7020,i,7313182534683539443,9128105283611268090,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6840 /prefetch:1
  2⤵
  PID:5848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=5884,i,7313182534683539443,9128105283611268090,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7056 /prefetch:1
  2⤵
  PID:5904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6892,i,7313182534683539443,9128105283611268090,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6828 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:1460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6824,i,7313182534683539443,9128105283611268090,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6164 /prefetch:8
  2⤵
  - NTFS ADS
  PID:5588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=5172,i,7313182534683539443,9128105283611268090,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6256 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6868,i,7313182534683539443,9128105283611268090,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7288 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:5820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=7296,i,7313182534683539443,9128105283611268090,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6728 /prefetch:1
  2⤵
  PID:5408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6932,i,7313182534683539443,9128105283611268090,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7360 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:2080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6920,i,7313182534683539443,9128105283611268090,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7404 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:5468

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4876

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3532

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004BC 0x00000000000004C0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2912

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:3732

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:5336

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
b628fbf2c18458f9b2596c9e02f1c295

SHA1
9a6b1bdb2d240782f77556d7b7e659d27d0f4efe

SHA256
c7d3fd758afd677d0f1b3699701f6fad5f698df16ddd08139349dcd66b12e715

SHA512
1119e5b0e4a1aca2c8bfe37f09349b5c4f35db93dea73499dba7522f6022a7c93a762ccb699d3982e13ebace0242b166a8875020ed78b01c5d7b6fc0da4a3894

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
b7640c0aaacb5d920b501d9d276da5b9

SHA1
74eb9529f04538428c8bc4394f140fab65731e94

SHA256
41ece6e097eb2abbd9ee0cec6ace7071384b3cfec80decd428f8371cd73e68a3

SHA512
404c6bf034ab5bdd46ebf29956f779c25cfbc75461e276342681c79cc967ef760410458f91a503f920ae65443fa02a654756bcfbcefeb08b19b0fd5425b60960

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b7d1d07d2af288b4cc8890353a19ae2a

SHA1
7e933a8de0b422c9d99684fa75bfb1b0dbb2ce3d

SHA256
d1c843cf30973c31e9c1661aaecd6a2f0897985da3c6ee1161e810df02ecf2d9

SHA512
1fff6057650a539532005559b36eac90590e4229c619f4a2cdf16adc8869626ab84eeeab5a4dbb3f9392be41d5a52583557088d504903f7bb37569140c034773

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
cbecbbb2104913d262d722ecd4c02eb4

SHA1
1b59daf52838fbc3c6d9501d33d5c77a5ceb7e11

SHA256
30cd6e8b0ece52673e20f16bebe7826b6aa7906c35b9eb5f1cbe781f1289eeec

SHA512
ed060de495d326608122066cfcce7774b4a4772aea5fdf91dce70aa3293f92647dc87d7f3c88d5ff8ec45c3c371f7430012be987299619a89b649a53ff8c7ac1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
947f866c4d9f7a29c7fd663c104f746c

SHA1
cee33ad979532cbe67ee1af6c04d6d35a386e028

SHA256
5fdff56a2678409152a371c68b91697315574593ac7b9d54077fa85b127f7d36

SHA512
c3e5cdb742dd9516e558deef58c36cab6acda6a09d499a39700cb7986d8b1e20028db591c4e6b6dea88a0cba755601fca56f2c5effe4ead30cac7b99d018b0fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9c96b6acd1a3cd4947e70bd22323f4c4

SHA1
39bfbd6d2339dd4d0a4557db14b06c4b3a76036d

SHA256
b10acf634f2932ab36c591a7a468b4aaac75347861380bc6f3acf0ed6972e2dc

SHA512
87bf1e5f6a2b802f5e7f75b2ff0d00f9e13db7f3fa0e0d73f466a73e6363bae92bae5067360963052f9d2cfb8c598c8d89d57af238fa1b29c1559745dc756f02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
abe82221042ee389c7cd2b2526ab177c

SHA1
4747701ddb0181c0bf14c394bb9feb42637e493d

SHA256
3128dbe3a227d5e19bddcb247105d7142a89482069e0ae3ec3e8b0c5238c655c

SHA512
6877f255a0afd95e50dc17b0093d9368fcf64c5ba8e2128360c1dad5af054745b924af4cc880128c031af30eb38fb6bf12e5e1f5ab05d1d8406d36337abd7f5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
3662ff0e10d870e9a182243b2dc5be2e

SHA1
7515f2f154f51ec21b28d1a7c94deaf1b68c9f76

SHA256
b1a03f2984f0a8e5592a91f2169443c8766973a1531d102b541d3dc1ff682dd0

SHA512
71b35f6b9fbc056ec1146e290d9b8f48badd1b6b5083d5b47bd5e3629154f8468361c3713f83ff040b9e3de045a9501cfa188699829d991ba81308be6661c661

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
729d3e0d8fd40ed6ec76c88ef4649392

SHA1
62e6f52cfc94c8e9b63cc5bba3eaba2206c402af

SHA256
c745c94fa89bed37a4f2496c686818d73e65e4af898cb1d2ba588eb7c5ad9113

SHA512
5fad95910a6a30410e9094908115d13c72e2b40af739847cfb054df752c94e63fec6bf5d4d3366e92a1bfd6ebde8d0df29b7993737c21fb317485506011e0c78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
8e016b253f81769ac7e6af654896db70

SHA1
0fe13227e1eb540a3d1b11b75381c34f41515536

SHA256
301ff0b8c31cd17b86cb1829a8a4dd248f55896fbb7a0170646511965c3368ff

SHA512
c961f75dd92ca417ab728a0a1c56bc2f83bb761014964afd7eeddded033bd7d49d795140c16d8cf7a04d04dc35cb155c20f99b4534f926a9bc4e1e9119e42ad3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d9d957bf10cca4c57b3a4df0000b388e

SHA1
59c23275747a565218258b07195444c5a2cc8701

SHA256
a318a35e53dcc291dca372954523eef8897e8900f82d4888257e92f47f072b9d

SHA512
81b6612061d1ea0f2949439f92be6b6d18d450da542c50fabcee44c3aa1a05d0825c0e4507087a4331175cbeb9896149eebb09e9018c427e187fb74831c078fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0cd6184c9edff06c6eb0dc45d05d7328

SHA1
fdf9d57b4aa6df374b0cc87aa2268e8fc890b508

SHA256
08eac8f360f010f919aabf39122312f1726540144fa9643664d780a458c229b8

SHA512
f2aabe525ed0cd28e3bb9149907870e0b74e52ded3edb0106b9b4d7362371a408a2767c0c61e6c77faa936c5c2a44281ae7e37f968d6e317468010017070cbf9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
dcbd433a21df1ec248d90d3c9c634990

SHA1
eb753d185758a6f28efc983ee8ed18d8805d5108

SHA256
c988756ca8c93ef9564ee2220ae387a7ca8154f13d20d627285d88fe2fca228c

SHA512
557b401df3a2bb6dafbe590f8662cc8b3403626365b9e766c3cbef1a67f8151e2c99cd5e58a36c8cd08aa6e53de35a93519fadabf756d92c6078ca4f43959f1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
612c328c424b8c58691e8532f3ad32c9

SHA1
6c2a58ed0c6e44244dd9315a098fc89a0e5d341a

SHA256
da0a7eb4a0b281cbbdb9a70a028be2c6725c72aab91f1c185b644ddf57d50580

SHA512
20ebefa28bef72811a8c5b7e62d781f0cd04978b207d944a96a5024f4216db40efb5fbab7782363359dd02aa691c333e2511275607d506b161c453a1f1b55267

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
22307d8533a04033f7cc200b6e32c872

SHA1
875c38e78014d278e36b729d58306c391643cdc5

SHA256
a52ef0f8c077ecb2398f945870922e5ffe2aa967332e818629bc8786b5029497

SHA512
53a4296506512db19071e4ac8bf1a93b242d6c2d538051804bbb1592e254029c1579128d748868714223b9529374b89fc4bfe1eb097d5c1c0619823291c630b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c3d39334c1272a810ade72d659440308

SHA1
4cb87f711203f576475108e9d1c84b19d8e4706d

SHA256
33bc9a9d1c0ed7a06ed4cfbd8b11fd7084d41067e1f4b95aaf28f96d12340014

SHA512
43ed4ba4ce54fcc2ef90cc7809d22f579a06285d35588350a21e5e4b9a58670c03cbbf437687147578d50774d189de7513649f67d277914361719beaeda9d958

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ec75d54d4fedaa445bc7cb81999ed4a4

SHA1
03d5fb2dfa6237839f017fd1202a44f15a77675c

SHA256
0de24e24d31354dd8cf40de5b2897777da3b427ff5baccd740052585500d8704

SHA512
b9cde374593ea7a5ecf55f6e4b957168cd893ae65be5216ba1d1111faef9636abaec3a94c0fcf7151afb474343548be4b0232cf6bae9f094206810914d98a8dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7f32f7b93906cdaef498eb890784a546

SHA1
75090ffe735e131d2a5c2f1d2f22da62624cea02

SHA256
f7cd47cb68efda8c2d6f8b3a0064bec62da2e1a843991fa3dc4f3b188d1da9f4

SHA512
410d1ecdd409ac90af8b3bc01b5be802cb1a18536f4b5cf4b854355e4ba7a1fe0b55c92ddfb930e31a628d79c88e6bcd2d6b2a4479c48cd820a44f8584d5f03d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e821f1bf00147d67808a7e0c2d6dbd43

SHA1
f7fcfe0fbd8185e05ca75c25d6d6fd96bfea982e

SHA256
31c667ef3c0401c653eb8cee1ab80ee046e7b142042cf8acdf85d830e1d9c46f

SHA512
d41e84ff5b1240dfd6a96db132bfd6c669b279e7a5ea3be9a61d5b2e2a05f12a3620c38e9eff85cb1feb73d429338fadd998dfd8b0695c808825a3d82ce46f7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
80b58c65bf533076f53041bc3124f23b

SHA1
29417403627d5c8fa3d557dbebe896d1ddb39ba4

SHA256
d77c55dc060bc095b150ec7d9ec5f07ac58b2966100c3683036d228f827c7597

SHA512
a5b49f0edde8b3194f8d46c4015594a52f81e0ae316cf85cca23268edc1b2080012cb662ab7a8ecbde1f71e278ae05912a6347736f141260dc440357f570025f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e87732b750c3c7a109d78dfd03c7672b

SHA1
e35c3aee2d6fe0379dec63c4f2b7b231f4c61cfc

SHA256
faa1801705292c794e7c8388e27a59f4a3704d906ccd4d61260f0e781f6fd9df

SHA512
277bd46ffc261f31773d3c42ccb1378a6c32f78c739ab21c3e5a77d4e29eb411945aeca3b1c5f991bef4de8e2afed9234f0d6b07326ed211527156a6ee4ddb25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
86b8979abf8aea7a3af76a0c95d5ad72

SHA1
0503825eafe5fbab6ba65d90e1d7d31d7408e4e6

SHA256
de78a43f613c1dd93e8b107e4526bbc91d857e842d288f0724b25da520cc17ca

SHA512
fee948564a58b7fe3ad0b5c1140bf1345bcba7356478a5ce7a57bee78751179583a6fe54e710b55d71a8a492d334bea11fff07d9e5051f3bb8fe5fc17ac8f9bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f74d375d87603cb22cf07ff738dae9d6

SHA1
84043d3282629232e306d8a1620948980655783e

SHA256
d7da0c14c011157c1d1bfff86e7bd02cb373511199c7cae7271093b9b0bee8b8

SHA512
ca75fcd57981bb02e5f9f05359739ea6bf7b85dad5cacf1373601ca010b8994cac652298d1bac7aba61ac0bdd6e7016fe9fdbaa266670da6d0d2396471620b64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ffb5948bc3017e5a2b71c096957cc7ff

SHA1
6950bf6f80b947825604410aaefe5b1d693cd209

SHA256
785d34d99a8e001dfc310ea35fce5674d77a6def59d33b0e38db4f12426255fb

SHA512
5646434d4b548ff5b8ff88dae3b95df9d259efd761b2172955f1fdf4778014165836096a542468ff467a75a9687c294cd5e616e313182873eab13d2b10804094

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5d8cf8c983d735b682018f6770e88568

SHA1
9f19d64529cb3b2ea4b93b912b2c8d3ab5724847

SHA256
534da1def179ebdc682d53d46bc8d6b8f9a9a4c905c8f61dda46669452102e4f

SHA512
21b0c2a9133806a84cade6d4545d1eea4fe39febf301966f4db7e45e347063ae42a2e61d013a1bf8f399c46df46400d54a3e5ddcc337092afd6c708a4129bd7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2eb0daecb3c672d6396b0937140d531d

SHA1
ab821b2b3c1717b0fb031fe8ffc9f842cad79d0e

SHA256
fe8eb836114646c7b5b5027c8e837d5ab804d6f3e85b3c4a396331d75a8882ad

SHA512
145a90bd1c1df3666466565253e07bb3a3e0bffad9fa0d3348f835ce5cae96441556d73a144528ebe7805b94ecc98c15f56cc633723f92d64d28529bb026b294

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
50220b29a0e8a534058d664ab1011ae1

SHA1
3e5142e18d81d126462464f7ea9186608ba3e904

SHA256
c5c279c2240299745009a86b645754bddf8f15899c4ced9131a2a4b5565e23dd

SHA512
fd3b0fb29bb7e892f4193e6d4ec7c0b3fee51b845f4534ad6f6e9a6c1c9d3340a3de7cf31ff41ca4162b50be3726165bd144ac9b9a70e35e375fbe38dfd28632

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2ea5dd94880bd225f08576713b115033

SHA1
bb60167d2833d7a6793a7e78894b0c8b60ff536a

SHA256
a76e629666fa6457d7cefc30354215f50dce8a85d5c581f09bbcb5ec5d7b3346

SHA512
108aca7fce65efd55c12392c908505cf4b941809be4781742ee819eb8104345917538fefa1889ed9bfc2c3a69b635782006922cf0d1e7720e6b7945b98464fb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bcd699e6ec2a8526f3327b2c6a5e2e47

SHA1
1e903572ed6784c9d8cd68edb8f127545238cca6

SHA256
20dbd7d9b09f53cae119a1208f50ecc5b13fc38c12428b713005a1cec0627df6

SHA512
291afd8ccbabab7d57e54f3aa8ad155ffefe74a05dd19a4487c8512164d0042d1185968e2f71770523bc6136404c8e9eec64a835edd6997bd3062bbf1ec39310

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d0f4ce08e79f6537f29748866b41566f

SHA1
6a12f426a5dffdac5dcc1c778743e4b66622c491

SHA256
3bece16c28be93310f2ffe51e285b9a8346d15d39f6522dcb49b22346fefcbfd

SHA512
acb65a350803f0884e54bb4da799f1956b492ebaf2639691611d749ace7ddcb2578dc0635a5220a15b3f84fffaab8cf0e610c3749dfc717f44ba822d90075d6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f7280b09f36d4103b38ba65be53c4798

SHA1
437c929a316a92c88f2a97f0d4f4eb54e4cca4c4

SHA256
c897d3af78537893454e6c1302a252a9bcf6e6f223b672248c71941c930fdf12

SHA512
2516188b00f3569f28c25f1d9e33e4c101b83db3b93bbd58b93d00fb8b6ad8eed39fff6f292dd646114b2f5adc1efce5c71edce8a93f3fa9d0dc72052b7b18cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0566ad866d58bfaed51a25160bdd665b

SHA1
be2de990ed514b3c5b3bebf91e5a7ce15f843f60

SHA256
59e147a2aa14079dbb440c7cf01401c4c34f202838a1b820fe51b2605e609671

SHA512
6d5033e0762d30f853704c8ba452f2c8f2551d3bdd063f82bd5221b8f7a3e626327140f4597f6de8e714b818cf3ba8aaa7fb30ca6aa687c6367eddef093a4d8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ee87337dde4a7dcdebfb4ddfad6524fc

SHA1
1c2258467d07a1991a61bf076815054d476a38d6

SHA256
aaae09010b01b45a1bdd1509847817b22394341e61d765bac13848f144eeb711

SHA512
bf0175eda3536c15abf824714dcb10e247ceb44debd7b965c51d9930fd9a876a59d3dcb3bbe22a067bb4e09f0f52c5de55b8ffa83a3ae5dbef088a48534ac784

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
da1272f929b082de7eb0fbb8c7983a41

SHA1
4d2c767aa380c5c04046bd7d2baaddacd711d4fc

SHA256
7109b0a262dd41cdfe949217ec45d7424c65a063d118b9eea4f2eae0c098b2c4

SHA512
ee8ae66a8e644b9473caae56918d5e20e4742726767d8a158ad8de69cb0c179bf1b811109a1c58a77a98deed7e2bc3d58177fc8e96a2826cbb0c4d6d8af238b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7978d8b91dd859d98e8b5ee4b2473723

SHA1
f99a792ef2ea3a76b4e05891cb2c671455e198dc

SHA256
0dfbfffa9beff7d93a0f13addffaf4b459679a502e5b8be5f829519c832f717d

SHA512
82da075c164ba8902e47f9784ce7d11a79ee0dc2a3c5c4833038eb90eb7022569b6cec1555b0ff6044f123d198aa716a9fbd0545ab2445380a2672bc9f15e32d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
507ea5c1a6ba98fe0ac747175cc94121

SHA1
80c233afa55ba652a756b0e28dfce2cd2c9fb9f7

SHA256
ff0a7f4acef06ebeb1380dd1c3aa51aa2e2b3aefe45c685401291a353635a8e8

SHA512
1f454398f5a5d8054989f823c5c83544171405360d2745a2dfaae56571328a045baf52a9daeff42f240f3d8295e9048d0c2aa67bedce79e28b20ea12d7618566

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
539e4f2690a6dcbedc5ad658b33be5a7

SHA1
0644f17c667ba979b0cfa5e5dd5fc47e646e75d4

SHA256
03b9fbc2d4f8f80dc709d818e0738d92f32609f05cc731d2062cb130f429433d

SHA512
92b62694c5296f8feaccb9797fdc581d18cf7b80ae70fa59457aef22eb6b61e78fe12744cb0dbdc49717d118a2a8e8e1543a9683de14f4967a91f491487ae31e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9190c2f802ad29deabec643c1826e6f3

SHA1
af3c6236353598e1ce6ff5c19df36d88a0499a55

SHA256
52829324a7894434080d3388afe5672525ec3db52097a829fc232d5c3744a7ea

SHA512
6f9e66a4c240bc77d003264da31eba65eb809ada2818da2b6e43d2519d807cfcff0ac350d59c138428ad0c0e4c78794b73802291d12a582f8d7ccd0b5b373895

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
07255008c610cb1979e6786d5a60576e

SHA1
b83c1c8e2df37819bdffb29bb644194e13be7bed

SHA256
d51297988f6eca4680aff3daa12be42eb62409db7d4ea0b71e1f59d029e8290b

SHA512
826096ffe6108131791e09913f8ef490bf62e29690a152610bbb6945fa2516bc46c37c3b55742b1d30b87eed1a08fd95bc8b27f1fd3d1436595f73ba048de164

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b8cce2e54693069d256a3982e927f4f9

SHA1
cc1c243408c2cea388ce66eae32e9fe8dd9c6111

SHA256
32161aa8e59407ac6d3dbc1927d1f28112f3ff08a4b22e3a911ce6137aa56777

SHA512
91ce1676442f048554494f727a64d3e904eb248e844f1cdede5f00cdb1f084854002751cc13b16cc54ec29484e3c082538b7a0e05183f729fe720ceb21f0cd23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ce755ad33be8c824e661cf7e0c0927d7

SHA1
e7cfbc3c3b1e6b271bcf53c2373923fa7776fd39

SHA256
a88acabaa8fd5bb9c3eea0af8e31b48d39c9595343c2e3f4ee5002787c3727a1

SHA512
a6ae57726f17043ea3735df7cf122d9d12f89702f1055a637a88e4f6b216aade9098d79a3d525ff7ef425329130645f981d4610683d0ba6bc717822e51e40012

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
5ba62088432e82d52a7bb79b0072d734

SHA1
b329eb58c771c17336d3a382be31efec6672486a

SHA256
ea5fe6cc2ace1c7d9382aa861c46c325a9cbc23f77321c9e7e5b915b36de8e5c

SHA512
a04c6d64f6bdef7c4cf2afef96f6888954be07d35fa102c4ee33a6e25ee0627b0238b9489941b2feb1281169e3c4d0b53d3cc3ff15375229c67dc05936505007

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
76B

MD5
a7a2f6dbe4e14a9267f786d0d5e06097

SHA1
5513aebb0bda58551acacbfc338d903316851a7b

SHA256
dd9045ea2f3beaf0282320db70fdf395854071bf212ad747e8765837ec390cbc

SHA512
aa5d81e7ee3a646afec55aee5435dc84fe06d84d3e7e1c45c934f258292c0c4dc2f2853a13d2f2b37a98fe2f1dcc7639eacf51b09e7dcccb2e29c2cbd3ba1835

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe5a7dad.TMP

Filesize
140B

MD5
d91a334183a369e1532107b189e5d2e7

SHA1
4cdd3718c154eabbda638eb0382195b5f73fa059

SHA256
03b1414126663d182020bc909f16118c50daee85ff8ec879b5b0f97e76042f3b

SHA512
42e3a7383ba3e990c0c92f3f15a0a5136fd210e32611fca129f939628308eace7e65ab73225b8b8cae6426d7a8c176908e9af09670124067977f962eca5164a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
a51e48f9f941c176dfb38d0e1b714fb7

SHA1
f57daff16b699f9ff1c409cd4f8778bedb0231b0

SHA256
79070b9f8c23d26b9b461d3df25c18ba6d329122439fbfe4ae2f519309cd5d75

SHA512
79be6e5488b1780027d98e47e68c8932307294559e9c7c8feadf5a29dceb1d11c3be6c7453578a3672231b17948baa87ee1718b1a32e25d85cad7a43733e6006

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
de50b285d02ad87db1fddef4fe6dfead

SHA1
596344f59edc1cf844bc38529293f769c2c9e1ea

SHA256
8f9244509d64da7a30c1395ed388dbb23e023dfd762821237092b97a49382bf9

SHA512
5aa77874f3a36df0c664ab5a5013d736a6581ddd3ce89fa4f87a432b9ad8b6eddc8856f0e25860a0c783217d0e0aaa305e87f63c30b80463e9f3877933665f07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
711d0a6beeb8e5ef013408a350f46eb0

SHA1
d91fa84906046bb54558771629780120b619c704

SHA256
e2609939d2ac7984fd53d397f214b2d339585e3e61044b14b505503e8a668f83

SHA512
8eb20b7db35226d1fa03477a1180cba7f30b29de320420b44651f1ce1923c444828c331e9ccba51b5c8dd5290798a12cac5a82e0a1bfd3bbe9dea7ea9b210f82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
b39ea8f0dce1b4de9d77a7a852f8a100

SHA1
1b977959b7e055622a1fe09da02aede9e5004c3b

SHA256
1252bd235d9a42eda0893bb454d14369a1e51d1a23c85f93fdf08161df18513e

SHA512
3f8fab3e5c707a1d9524939f6c48f53066b9ccae8de95495d95ec50308d5e56d2717839cabe988d29d93a805f4b0477f3ee007756782db265c52d7ecd01f3b43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
8336d09d88f7671be7ea85a2f3782f1b

SHA1
8d0f060fd31b7c5e533284eb56b3d2ea86991a55

SHA256
1c1a4defd912d06504aa614d852739dd06a0bf006cd23d9511a2727a5501fdf2

SHA512
d61cfffbaa22305fd1dcc01bc692e28dce960453bb3a9590d05ea329be416c17be94ec7b729472cbce94ac652e967697ef70a9f19276797d2aa58d129d9697c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
28d659e9eca00221d68fc09cd03f6350

SHA1
49231c82ef6237c78f394abc62c2cc14c8e32bd3

SHA256
78d4382d10f2a93d0c0498827b7733415c822acdb03fa053e36f3cc7634cfaa7

SHA512
cdc5fb749e25bcaa2c31d3a48be476cff89b1c79c11986b7b7ec8ffc73b286b08fec1f89bb0701228a6269811a165b6cac0554a2f40cbc3286ae6632bc0038b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
a2238a4864888c810b28272310434fcb

SHA1
ef47b825591a2c036340c4669a343fb27828c1d2

SHA256
22ccf38d84ed6045772d450887839c149dc3d812d8e624948b2e1f59c5c9057e

SHA512
342ec38fa47872025e5992cbab5311cceea7934d8b637c84c9ba977cf94a0724cbc2d3d2cb10775dcc8f31969cceb3e5925c903fe6a88d6b11992fa249285ab2

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\0d70ab55-d1e4-44ba-9101-d11ba8340f52.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\ModInjector\pslUXVJuEoT6r4WDqyw8QCKQ5+7TeLU=\FluentWPF.dll

Filesize
328KB

MD5
8cadfd021139b7eea4ea78cfd67b5f77

SHA1
b983ae5eb7c2867206d8a727d914d96b27e8e642

SHA256
68f0ae5371d81e6c320487aeb0f1214bc6b0f50ea8cca840db99ede88014e298

SHA512
76f52734fc20da094733dd175105c38902b780d818ce99438e1e0445470351c86fc9dc483a9832568d8159bc6f0e1ba4b433c1505d6d04462b7095cf700d38aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\ModInjector\pslUXVJuEoT6r4WDqyw8QCKQ5+7TeLU=\Microsoft.Web.WebView2.Core.dll

Filesize
1.0MB

MD5
003f6e9c93608c77f07cb3677b7e71c6

SHA1
dffa911b59034a56b4dc7fef20116b72f1d3c74a

SHA256
4e848ba0ea2c2fd11cca74d9d206daee07f1bc119b70beb1bb516584081bd690

SHA512
8ec0a96cb674b87dd848386e9aa5f7477a3d78ad200a9e7670ae9e3fecd27da4cbbb276afaf1e5b40bea29a046ef76011e741924541fbf9b4c3185c64e056f07

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\ModInjector\pslUXVJuEoT6r4WDqyw8QCKQ5+7TeLU=\Mod Index Injector.dll

Filesize
1.1MB

MD5
5a648fcf86304a29c91f61bf303dcd06

SHA1
cd03b15e73e3499ab533b20a15d857cdf26553f3

SHA256
2473b49afca1ea5cdddc5f2403d9e13366426027f11f66cdcdb4b30a8fe52c30

SHA512
8268e7742bba079d50d54677afedde4ac8fe4d1fb3375cd33b740f8c67712aa22cd7d857ec2f03050747d7a8abd15b7b291d542d60b63e245bc052ee375ea617

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\ModInjector\pslUXVJuEoT6r4WDqyw8QCKQ5+7TeLU=\Newtonsoft.Json.dll

Filesize
1.8MB

MD5
ab65620c75d4187565957069cdf343b1

SHA1
433221e3abdbf4b3edf9085fcd465de95578f7a9

SHA256
081d2744e37dac60cb04cb5da12b55d8bc7dafc4a20c0cace598d63be877340a

SHA512
4abd1bf4e7effc9afde1293d691a86293f096714b4cdec25100963f0ebbb95a5ee759b7a566570604a744f75336b61912541ecf4ffc245f3a30efc7be6a09f70

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\ModInjector\pslUXVJuEoT6r4WDqyw8QCKQ5+7TeLU=\WebView2Loader.dll

Filesize
161KB

MD5
3fac859547077abafe806ff1e4709f47

SHA1
0366df220c5d224ee64a42c929574407d2e6d2c9

SHA256
f4d811cda483adb33220c5a856c5ec8dca3a095fde54b44f08e1279a6a5efd33

SHA512
9b7b7aabf6bdc11dfd74430336e02d7d2b96b6bbf352f1e2d158a4900bead364900820af56cf9af25366ff5704e2ffcc2458d45dc3efe00ebd0843d127ab7435

Download Submit
C:\Users\Admin\AppData\Local\Temp\ModInjector.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
f0e6af8ac8a3b532dfe636b27a52ab43

SHA1
7cbfb70342295d7784c605b64fd1d25964c46957

SHA256
b7ed8640ba47e5437f2672547291b7d96b064454a2abdc0748ab372a825ea8ab

SHA512
9990a9f9d0e9ade446fc43f53b0381514b4db8d4b98a27662b62c5536d501fa0be4fcd685ade62ad12d6f5565f32225a0a39877681caefecfa483f106ca7b5a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\ModInjector.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
9fff9c3c727fc8636e578f6395a6c881

SHA1
41259bec86e21c96be3518208547e45c730aea9b

SHA256
cd07d0c7bc59deac583fe45615aee24462c19b650675b09f14e8102aabb5d0cc

SHA512
a0f462fb030d81833f0104fdd117f13eb68acd875e1a0d97aba8dcd7c8076284a56270160d61122112893ecd86186c3aedf355b2a460c1bfdf9c3eda2ab562a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\ModInjector.exe.WebView2\EBWebView\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\Temp\ModInjector.exe.WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
356162406f60d237ea8ce9796d1f1b20

SHA1
43c002338b9509e928b5c60a7fd53cb8dfd06fb4

SHA256
ff35b02a2eea2dfad80286b095707d36df111a50ba2207ba2263ab38b64f01e3

SHA512
58784faddbef531692184f417fbfd03dc54e812181c85aca5b0196eb94a56a08dbd0e696468c77e05a6c92f22e019a631bf485843e4017dd8fcd54349ae43755

Download Submit
C:\Users\Admin\AppData\Local\Temp\ModInjector.exe.WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index~RFe582ab5.TMP

Filesize
48B

MD5
acb54f4792a85c2201e38c3f254b082a

SHA1
79a0bf04a661fc0f456b1188303410222beb1a24

SHA256
eee247088a61c7faf192462f2c6e39af924530a1cea6044e6b401eff06efd6ae

SHA512
8c8e452dfeb23fe8639315bfa665b64c1a6192284616d1738e7521fab7e4a793882b21a4b3860df17d815135a0daf289f0bc0a605bfa5cc6d1fac6c3abfc8540

Download Submit
C:\Users\Admin\AppData\Local\Temp\ModInjector.exe.WebView2\EBWebView\Default\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ModInjector.exe.WebView2\EBWebView\Default\Network Persistent State

Filesize
1KB

MD5
62c491007218b80be1deba2635db5087

SHA1
7f2fb3215dae949a274fd758189317957a47a1c4

SHA256
92f1e717c05e4e6b44a0ab79a9e2e88e70b6986c5c0e94eb39feba12bff44ede

SHA512
73f8039aabeb5a63286bdfeede738896dc9c74d6fab197495226abdb6392ffe8008979d9ebe959847f529de75606e3db6b006adcac20e7e94fdffbb87f0b7982

Download Submit
C:\Users\Admin\AppData\Local\Temp\ModInjector.exe.WebView2\EBWebView\Default\Network Persistent State

Filesize
1KB

MD5
8de929f6c20c552f5b5308579bc91096

SHA1
d0378b9a2b1b624dcfdcf00f3ee1b756d4383c46

SHA256
b1f788d498d012222facf9a4deae2e60b2856114dab1b5db7eda4429b0ec532d

SHA512
88a03d4cb201f51f9ed467dd969520f91ed03f833a5983c80518a9eea8b58934a3bd685846b29cea7f301834f0b706037052c4d6ad3e38b1289f75607ce1b016

Download Submit
C:\Users\Admin\AppData\Local\Temp\ModInjector.exe.WebView2\EBWebView\Default\Network Persistent State~RFe58e51b.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ModInjector.exe.WebView2\EBWebView\Default\Preferences

Filesize
4KB

MD5
7730b04ff29af2b0f390f1502efe9776

SHA1
7f0edd152f55b0089344a32bebff555694987b33

SHA256
d0bd2491de0325001f900b94ab70894b44a3984dea8036cd9f38d293fb15a53e

SHA512
f71afd9afbbbeb857df7622fae7b9f54b67ea397ba84d78d29d1f4b46db1fad3a831d99c2f7041277129b776ac91c64f39f7acd51bb13b23608c0b1f82f2024b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ModInjector.exe.WebView2\EBWebView\Default\Preferences~RFe58cc05.TMP

Filesize
3KB

MD5
c2cb02c5d20f3952aa7844498d6b8e5e

SHA1
ac574328a4641dceb446be4139026ec0029b2319

SHA256
df5158ae2ccb2372cea6b993a4bdafe9a4295e319c9ea1c958ef3bcdb819ba62

SHA512
bc4280a5ac37b74e6a600a63fd395819df0f1527dc91df8cf472b204c13d64d4c88e8223fca9c1129e605ba70970b35410c93861d9ec560aad7dabd104abaca8

Download Submit
C:\Users\Admin\AppData\Local\Temp\ModInjector.exe.WebView2\EBWebView\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\ModInjector.exe.WebView2\EBWebView\Default\TransportSecurity

Filesize
872B

MD5
83f7b9c73c491f8b6583eafabe84161d

SHA1
df37132de1872ee7791b24b97f9b7a49c61ff193

SHA256
44a8cde70a6549f5586d80830bf6b752df2ad999a7e53dcd18b8c0e9c8dce2a0

SHA512
9493fe27fd490bddf68f42986eb2689340bf88433e9713bde71d66dc599e0993957b3e24c45ac2b9afffeeccc8848f541b63b0f738531369a6694213c5b8cf65

Download Submit
C:\Users\Admin\AppData\Local\Temp\ModInjector.exe.WebView2\EBWebView\Default\TransportSecurity~RFe58c61a.TMP

Filesize
705B

MD5
0d3e7e70094defe9dd39ac1f11a211f5

SHA1
16ed152b97e3679c7014c05ea6c9c49141e40002

SHA256
af9bcc3fd22190c261484e4b7c59b2532480ebf89fe0208a529928c1f34aaad2

SHA512
ec10563b16e1dfb210e3c5200705099921e49958998ea66c7583e1efe42204447dccd27614b33b2cd29c0e0b1a51a6fb1b7bbf18b1a0cd3972e2a343fab33557

Download Submit
C:\Users\Admin\AppData\Local\Temp\ModInjector.exe.WebView2\EBWebView\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Temp\ModInjector.exe.WebView2\EBWebView\Local State

Filesize
9KB

MD5
c5ced3d5080df2cac8534d0d94ae0658

SHA1
efbfc003e61d538304a5689bb9f7079862bbdeea

SHA256
352d2dc194e3690e85a5b9817e766e614fde7ccbfff61af30b54d2a7b4c7852f

SHA512
385c6fd49ce5d3502008fc1bdbd22daefdf1b27f1434771ffb4edbd2a9186af84105df27a3af09e7a6825183c573e96249481295d8f932efd7fc960a2408417f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ModInjector.exe.WebView2\EBWebView\Local State

Filesize
8KB

MD5
e7e36a94acf8f7ca5fedd2a161421bc0

SHA1
0d226c36dfccb5081c6d34b53dce1f1f4bbe38de

SHA256
e983ccdc5fd03a6e51372dc7a7b21cc964e22941abfd572c35cb441c52e52011

SHA512
2d75472a2ab1dcb741fbb9a925e4faa9bdd219a2af50534f7e05416c2ac1184006698fda653d2a290fc088a4a6b8259de832567fd1addb637de3031d228702d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\ModInjector.exe.WebView2\EBWebView\Local State~RFe58118f.TMP

Filesize
8KB

MD5
16c06aa28af37f92e460409993669e2e

SHA1
ff7dfa762281b9bd55f60f9c563af7944371e0dc

SHA256
eb28135d079cc1da97f7d644224e12afdc9095216af19eb1444c8534664d6b0f

SHA512
2ce4ea80121043daf727c502b0728b7ed6ac0caac34dc39b8ac9f7137f0693df117ec70d489435520bfcddf3d2e738bceefbe2139d69b4603a4db79088a88d6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ModInjector.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Mu\Advertising

Filesize
24KB

MD5
131857baba78228374284295fcab3d66

SHA1
180e53e0f9f08745f28207d1f7b394455cf41543

SHA256
b1666e1b3d0b31e147dc047e0e1c528939a53b419c6be4c8278ee30a0a2dbd49

SHA512
c84c3794af8a3a80bb8415f18d003db502e8cb1d04b555f1a7eef8977c9f24e188ae28fc4d3223b52eab4046342b2f8fd0d7461130f3636609214a7b57f49cb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\ModInjector.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Mu\Analytics

Filesize
4KB

MD5
da298eacf42b8fd3bf54b5030976159b

SHA1
a976f4f5e2d81f80dc0e8a10595190f35e9d324b

SHA256
3abd2e1010e8824f200878942e0850d6e2620a2f0f15b87d32e2451fdda962ec

SHA512
5bf24c2df7cc12c91d1fb47802dbac283244c1010baa68bfae9eb5eb8ee25758156bb1e21f6cc3f55e7d71e5c330888ffd41469b2630eb86237c9970d7ede75e

Download Submit
C:\Users\Admin\AppData\Local\Temp\ModInjector.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Mu\CompatExceptions

Filesize
689B

MD5
108de320dc5348d3b6af1f06a4374407

SHA1
90aa226d3c9d50cf4435ecdd2b8b0086d8edeb8b

SHA256
5b462316a51c918d0bae95959bf827cb9c72bbd84ffb0e43b750aa91fbf3ba53

SHA512
70f30c45e20b7cddd0cba6476af9338975cec8e40b8b19603af5fa859a34c6eb2138957daaa263633fe65213e2186402d05d9d29ad53e8f311335555116314c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\ModInjector.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Mu\Content

Filesize
6KB

MD5
97ea4c3bfaadcb4b176e18f536d8b925

SHA1
61f2eae05bf91d437da7a46a85cbaa13d5a7c7af

SHA256
72ec1479e9cc7f90cf969178451717966c844889b715dff05d745915904b9554

SHA512
5a82729fd2dce487d5f6ac0c34c077228bee5db55bf871d300fcbbd2333b1ee988d5f20ef4d8915d601bd9774e6fa782c8580edca24a100363c0cdce06e5503f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ModInjector.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Mu\Cryptomining

Filesize
1KB

MD5
16779f9f388a6dbefdcaa33c25db08f6

SHA1
d0bfd4788f04251f4f2ac42be198fb717e0046ae

SHA256
75ad2a4d85c1314632e3ac0679169ba92ef0a0f612f73a80fdd0bc186095b639

SHA512
abd55eff87b4445694b3119176007f71cf71c277f20ea6c4dcadfb027fdce78f7afbcf7a397bd61bd2fa4bc452e03087a9e0e8b9cc5092ec2a631c1ebb00ee25

Download Submit
C:\Users\Admin\AppData\Local\Temp\ModInjector.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Mu\Entities

Filesize
68KB

MD5
571c13809cc4efaff6e0b650858b9744

SHA1
83e82a841f1565ad3c395cbc83cb5b0a1e83e132

SHA256
ab204851f39da725b5a73b040519c2e6aaf52cb7a537c75802cb25248d02ec1b

SHA512
93ff4625866abf7cd96324528df2f56ecb358235ff7e63438ac37460aeb406a5fb97084e104610bb1d7c2e8693cabedc6239b95449e9abb90252a353038cb2a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\ModInjector.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Mu\Fingerprinting

Filesize
1KB

MD5
b46196ad79c9ef6ddacc36b790350ca9

SHA1
3df9069231c232fe8571a4772eb832fbbe376c23

SHA256
a918dd0015bcd511782ea6f00eed35f77456944981de7fd268471f1d62c7eaa3

SHA512
61d6da8ee2ca07edc5d230bdcbc5302a2c6e3a9823e95ccfd3896d2e09a0027fece76f2c1ea54e8a8c4fa0e3cf885b35f3ff2e6208bf1d2a2757f2cbcdf01039

Download Submit
C:\Users\Admin\AppData\Local\Temp\ModInjector.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Mu\Other

Filesize
34B

MD5
cd0395742b85e2b669eaec1d5f15b65b

SHA1
43c81d1c62fc7ff94f9364639c9a46a0747d122e

SHA256
2b4a47b82cbe70e34407c7df126a24007aff8b45d5716db384d27cc1f3b30707

SHA512
4df2ce734e2f7bc5f02bb7845ea801b57dcf649565dd94b1b71f578b453ba0a17c61ccee73e7cff8f23cdd6aa37e55be5cb15f4767ff88a9a06de3623604fbf0

Download Submit
C:\Users\Admin\AppData\Local\Temp\ModInjector.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Mu\Social

Filesize
355B

MD5
4c817c4cb035841975c6738aa05742d9

SHA1
1d89da38b339cd9a1aadfc824ed8667018817d4e

SHA256
4358939a5a0b4d51335bf8f4adb43de2114b54f3596f9e9aacbdb3e52bef67e6

SHA512
fa8e1e8aa00bf83f16643bf6a22c63649402efe70f13cd289f51a6c1172f504fedd7b63fc595fb867ecb9d235b8a0ea032b03d861ebb145f0f6a7d5629df8486

Download Submit
C:\Users\Admin\AppData\Local\Temp\ModInjector.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Sigma\Advertising

Filesize
2KB

MD5
326ddffc1f869b14073a979c0a34d34d

SHA1
df08e9d94ad0fad7cc7d2d815ee7d8b82ec26e63

SHA256
d4201efd37aec4552e7aa560a943b4a8d10d08af19895e6a70991577609146fb

SHA512
3822e64ca9cf23e50484afcc2222594b4b2c7cd8c4e411f557abea851ae7cbd57f10424c0c9d8b0b6a5435d6f28f3b124c5bc457a239f0a2f0caf433b01da83f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ModInjector.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Sigma\Analytics

Filesize
432B

MD5
01f1f3c305218510ccd9aaa42aee9850

SHA1
fbf3e681409d9fb4d36cba1f865b5995de79118c

SHA256
62d7286cd7f74bdfda830ee5a48bce735ee3661bda8ceac9903b5627cbd0b620

SHA512
e5b665e981f702a4a211d0569bb0bc42e3c29b76b3f75aaf8dc173f16f18f7c443f5cf0ccf1550df3aa2b151e607969c2c90ab1a6e7a910dfeb83854cea4e690

Download Submit
C:\Users\Admin\AppData\Local\Temp\ModInjector.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Sigma\Content

Filesize
48B

MD5
7b0b4a9aafc18cf64f4d4daf365d2d8d

SHA1
e9ed1ecbec6cccfefe00f9718c93db3d66851494

SHA256
0b55eb3f97535752d3c1ef6cebe614b9b67dddfcfd3c709b84c6ecad6d105d43

SHA512
a579069b026ed2aaef0bd18c3573c77bfb5e0e989c37c64243b12ee4e59635aaa9d9c9746f82dcc16ca85f091ec4372c63e294c25e48dfffbed299567149c4e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\ModInjector.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Sigma\Cryptomining

Filesize
32B

MD5
4ec1eda0e8a06238ff5bf88569964d59

SHA1
a2e78944fcac34d89385487ccbbfa4d8f078d612

SHA256
696e930706b5d391eb8778f73b0627ffc2be7f6c9a3e7659170d9d37fc4a97b5

SHA512
c9b1ed7b61f26d94d7f5eded2d42d40f3e4300eee2319fe28e04b25cdb6dd92daf67828bff453bf5fc8d7b6ceb58cab319fc0daac9b0050e27a89efe74d2734e

Download Submit
C:\Users\Admin\AppData\Local\Temp\ModInjector.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Sigma\Entities

Filesize
42KB

MD5
f446eb7054a356d9e803420c8ec41256

SHA1
98a1606a2ba882106177307ae11ec76cfb1a07ee

SHA256
4dc67d4b882621a93ffdb21a198a48a0bc491148c91208cf440af5f0de3ef640

SHA512
3cc3a521b297e4f48ed4ba29866a5ade380c9f0c06d85bea4140e24b05c6762d645df3d03d0a7058383b559baa3ae34ad3ed2b06017e91a061632862911a823b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ModInjector.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Sigma\Fingerprinting

Filesize
172B

MD5
3852430540e0356d1ba68f31be011533

SHA1
d3f622450bcf0ced36d9d9c0aad630ebccfcb7ff

SHA256
f1f413704c32a28a31a646f60cad36cc2da793e143f70eee72ae56f736df8054

SHA512
7a4faa493c141ea88d6cd933dfc0b50ef6d25983323db2b931c7512e039859d60c4935e56b771264ca72b45c035b1962ad8680d616eaaf04fbc5a6e0b674e435

Download Submit
C:\Users\Admin\AppData\Local\Temp\ModInjector.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Sigma\Other

Filesize
91B

MD5
09cedaa60eab8c7d7644d81cf792fe76

SHA1
e68e199c88ea96fcb94b720f300f7098b65d1858

SHA256
c8505ea2fe1b8f81a1225e4214ad07d8d310705be26b3000d7df8234e0d1f975

SHA512
564f8e5c85208adabb4b10763084b800022bb6d6d74874102e2f49cc8f17899ce18570af1f462aa592a911e49086a2d1c2d750b601eedd2f61d1731689a0a403

Download Submit
C:\Users\Admin\AppData\Local\Temp\ModInjector.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Sigma\Social

Filesize
3KB

MD5
318801ce3611c0d25c65b809dd9b5b3c

SHA1
b9d07f2aa9da1d83180dc24459093e20fe9cf1d8

SHA256
2458da5d79b393459520e1319937cfc39caadbc2294f175659fae5df804e1d03

SHA512
7daff0253da90f35bf00141b53d39c7cadacf451a7ecf1667c4ca6e8aed59a0c4a6b44ddc2afffa690e12c2134eddb9f46f72e4317ce99c307d9e524a5fd1103

Download Submit
C:\Users\Admin\AppData\Local\Temp\ModInjector.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Sigma\Staging

Filesize
16KB

MD5
39bdf35ac4557a2d2a4efdeeb038723e

SHA1
9703ca8af3432b851cb5054036de32f8ba7b083f

SHA256
04441a10b0b1deee7996e298949ac3b029bd7c24257faf910fe14f9996ba12ae

SHA512
732337f7b955e6acaf1e3aaa3395bc44c80197d204bd3cbb3e201b6177af6153cc9d7b22ad0e90b36796f92b0022806c32ac763eaec733b234503890900bf284

Download Submit
C:\Users\Admin\Downloads\OperaSetup.exe

Filesize
2.1MB

MD5
69b5b1ef03de4f6fff2c964891a42869

SHA1
86871c6365b19f9f2308e045fb81054efca236cf

SHA256
16fcf0e545227b9ab2af9964798bf2ffe8fe87ef4f83e2ac8b85e358033c916b

SHA512
97ed57b979e9c61a277da658c07cddb2341a9d1e36465784875d833ec050b990172318fc84a90c1cfb1b930b806a39f3d6172b8f073822bbddcdb8b20836cc0e

Download Submit
C:\Users\Admin\Downloads\OperaSetup.exe:Zone.Identifier

Filesize
239B

MD5
ec1373813261b95a472072ea80c65b10

SHA1
820bb5674067b3deed4fa6968d2e8ef214605544

SHA256
95940c9cac4e0dc723db0231a99a2cbbe0e19c05aab437d54f5b32a29c79b845

SHA512
4d084b07298f6b9c760ad92a90a8a1d00be998910e7a5edee7a3987aef591f08254357af29b606721042f0f24faa9f578480fb7cd440daf4f820d4a247c76690

Download Submit
memory/1404-45-0x00007FFB9FEB0000-0x00007FFB9FEB1000-memory.dmp

Filesize
4KB

Download
memory/4980-1164-0x000000000ACA0000-0x000000000ACAE000-memory.dmp

Filesize
56KB

Download
memory/4980-1163-0x000000000B520000-0x000000000B558000-memory.dmp

Filesize
224KB

Download
memory/4980-1162-0x000000000AC40000-0x000000000AC48000-memory.dmp

Filesize
32KB

Download
memory/4980-1160-0x00000000080B0000-0x00000000080B8000-memory.dmp

Filesize
32KB

Download
memory/4980-1158-0x0000000007320000-0x00000000074E2000-memory.dmp

Filesize
1.8MB

Download
memory/4980-1157-0x0000000000480000-0x00000000024D6000-memory.dmp

Filesize
32.3MB

Download