6868573aa665bed9c2fa51484b7f312e897192ddd0a34a7d2d109d1b45378b68

Analysis

max time kernel
1018s
max time network
428s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
01-01-2025 17:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Temp.exe
Size

121KB
MD5

471e29e03752d0fc458e2ff45d25a2a7
SHA1

706f369d0d1345beca1ee452e1ed1120d97d1334
SHA256

6868573aa665bed9c2fa51484b7f312e897192ddd0a34a7d2d109d1b45378b68
SHA512

4a4e8e0ea5d9d3fa3db07e553f3571c541f56036de91f8addf8e7b8c2c2b140235193ba863fb87c69da4044b41f4c88b01481f19c5f509737eb4090386efb96f
SSDEEP

1536:rA2AgplVcyg3xClEnKUR0Q/OmpfFBbBkb:rAWU3onUpOmpNBdo

Score

8^/10

microsoft discovery persistence phishing

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	VC_redist.x64.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	VC_redist.x86.exe

Executes dropped EXE 6 IoCs

pid	Process
5088	VC_redist.x64.exe
3812	VC_redist.x64.exe
2288	VC_redist.x64.exe
4336	VC_redist.x86.exe
4560	VC_redist.x86.exe
4708	VC_redist.x86.exe

Loads dropped DLL 4 IoCs

pid	Process
3812	VC_redist.x64.exe
5000	VC_redist.x64.exe
4560	VC_redist.x86.exe
4432	VC_redist.x86.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{e7802eac-3305-4da0-9378-e55d1ed05518} = "\"C:\\ProgramData\\Package Cache\\{e7802eac-3305-4da0-9378-e55d1ed05518}\\VC_redist.x86.exe\" /burn.runonce"	VC_redist.x86.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{804e7d66-ccc2-4c12-84ba-476da31d103d} = "\"C:\\ProgramData\\Package Cache\\{804e7d66-ccc2-4c12-84ba-476da31d103d}\\VC_redist.x64.exe\" /burn.runonce"	VC_redist.x64.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\system32\vcruntime140.dll	msiexec.exe
File created	C:\Windows\system32\vcruntime140_threads.dll	msiexec.exe
File created	C:\Windows\SysWOW64\mfc140esn.dll	msiexec.exe
File created	C:\Windows\SysWOW64\vcruntime140_threads.dll	msiexec.exe
File opened for modification	C:\Windows\system32\msvcp140_codecvt_ids.dll	msiexec.exe
File created	C:\Windows\system32\vcruntime140_1.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\msvcp140_1.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\msvcp140_codecvt_ids.dll	msiexec.exe
File created	C:\Windows\SysWOW64\msvcp140_atomic_wait.dll	msiexec.exe
File created	C:\Windows\SysWOW64\vcamp140.dll	msiexec.exe
File created	C:\Windows\SysWOW64\vccorlib140.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc140chs.dll	msiexec.exe
File opened for modification	C:\Windows\system32\msvcp140_1.dll	msiexec.exe
File created	C:\Windows\system32\mfc140kor.dll	msiexec.exe
File created	C:\Windows\SysWOW64\msvcp140_1.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc140.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfcm140u.dll	msiexec.exe
File created	C:\Windows\SysWOW64\mfc140rus.dll	msiexec.exe
File opened for modification	C:\Windows\system32\vcruntime140_1.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140ita.dll	msiexec.exe
File created	C:\Windows\SysWOW64\concrt140.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc140deu.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc140kor.dll	msiexec.exe
File created	C:\Windows\SysWOW64\mfc140deu.dll	msiexec.exe
File created	C:\Windows\SysWOW64\mfc140jpn.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140jpn.dll	msiexec.exe
File created	C:\Windows\SysWOW64\mfc140cht.dll	msiexec.exe
File created	C:\Windows\SysWOW64\mfc140kor.dll	msiexec.exe
File opened for modification	C:\Windows\system32\msvcp140_atomic_wait.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140rus.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\concrt140.dll	msiexec.exe
File created	C:\Windows\SysWOW64\msvcp140_codecvt_ids.dll	msiexec.exe
File created	C:\Windows\SysWOW64\mfc140.dll	msiexec.exe
File created	C:\Windows\SysWOW64\msvcp140_2.dll	msiexec.exe
File opened for modification	C:\Windows\system32\msvcp140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfcm140u.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140chs.dll	msiexec.exe
File created	C:\Windows\system32\mfc140deu.dll	msiexec.exe
File created	C:\Windows\system32\mfc140fra.dll	msiexec.exe
File created	C:\Windows\SysWOW64\msvcp140.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc140esn.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc140fra.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\msvcp140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\vcruntime140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\concrt140.dll	msiexec.exe
File created	C:\Windows\system32\msvcp140_atomic_wait.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140u.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140deu.dll	msiexec.exe
File created	C:\Windows\system32\mfc140chs.dll	msiexec.exe
File created	C:\Windows\system32\mfcm140u.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc140cht.dll	msiexec.exe
File created	C:\Windows\SysWOW64\mfc140u.dll	msiexec.exe
File created	C:\Windows\SysWOW64\mfc140chs.dll	msiexec.exe
File opened for modification	C:\Windows\system32\msvcp140_2.dll	msiexec.exe
File created	C:\Windows\system32\mfc140.dll	msiexec.exe
File created	C:\Windows\system32\mfc140ita.dll	msiexec.exe
File created	C:\Windows\system32\mfc140rus.dll	msiexec.exe
File created	C:\Windows\system32\mfc140u.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\vcruntime140.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc140u.dll	msiexec.exe
File created	C:\Windows\system32\msvcp140.dll	msiexec.exe
File created	C:\Windows\system32\msvcp140_codecvt_ids.dll	msiexec.exe
File created	C:\Windows\system32\vccorlib140.dll	msiexec.exe

Drops file in Windows directory 27 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\MSIC6A2.tmp	msiexec.exe
File created	C:\Windows\Installer\e58cd2e.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e58cd2e.msi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{84E3E712-6343-484B-8B6C-9F145F019A70}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSICE35.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e58cd69.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSICB27.tmp	msiexec.exe
File created	C:\Windows\Installer\e58cd57.msi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{C2BB95AA-90F3-4891-81C1-A7E565BB836C}	msiexec.exe
File created	C:\Windows\Installer\e58cd68.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSID165.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e58cd57.msi	msiexec.exe
File created	C:\Windows\Installer\e58cd7e.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSICF9F.tmp	msiexec.exe
File created	C:\Windows\Installer\e58cd56.msi	msiexec.exe
File created	C:\Windows\Installer\e58cd41.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSID7FF.tmp	msiexec.exe
File created	C:\Windows\Installer\SourceHash{E1902FC6-C423-4719-AB8A-AC7B2694B367}	msiexec.exe
File created	C:\Windows\Installer\SourceHash{382F1166-A409-4C5B-9B1E-85ED538B8291}	msiexec.exe
File opened for modification	C:\Windows\Installer\e58cd41.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSID5BC.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIC4CC.tmp	msiexec.exe
File created	C:\Windows\Installer\e58cd69.msi	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\Installer\e58cd40.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 12 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VC_redist.x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VC_redist.x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VC_redist.x86.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VC_redist.x86.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VC_redist.x86.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VC_redist.x86.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VC_redist.x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VC_redist.x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VC_redist.x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VC_redist.x86.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VC_redist.x86.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VC_redist.x64.exe

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000009fc5eef0dbaffe7c0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800009fc5eef00000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809009fc5eef0000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d9fc5eef0000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000009fc5eef000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 20 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\27	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\29	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2e	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2C	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2d	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2D	msiexec.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133802271683889523"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\29	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2B	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2c	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\28	msiexec.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v14\Version = "14.42.34433"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v14\DisplayName = "Microsoft Visual C++ 2022 X64 Additional Runtime - 14.42.34433"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\AA59BB2C3F091984181C7A5E56BB38C6\Servicing_Key	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_x86,v14\Dependents\{e7802eac-3305-4da0-9378-e55d1ed05518}	VC_redist.x86.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\15E8B87C56C0E773581D82F286F95E50\217E3E483436B484B8C6F941F510A907	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8800A266DCF6DD54E97A86760485EA5D\SourceList\Net	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AA59BB2C3F091984181C7A5E56BB38C6\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\6CF2091E324C9174BAA8CAB762493B76\VC_Runtime_Additional	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\8800A266DCF6DD54E97A86760485EA5D	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\6611F283904AB5C4B9E158DE35B82819	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x86,x86,14.42,bundle\ = "{e7802eac-3305-4da0-9378-e55d1ed05518}"	VC_redist.x86.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5040806F8AF9AAC49928419ED5A1D3CA	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\217E3E483436B484B8C6F941F510A907\SourceList\Media\1 = ";"	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8800A266DCF6DD54E97A86760485EA5D\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6611F283904AB5C4B9E158DE35B82819\ProductName = "Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.42.34433"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6611F283904AB5C4B9E158DE35B82819\DeploymentFlags = "3"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6CF2091E324C9174BAA8CAB762493B76\SourceList\Net	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AA59BB2C3F091984181C7A5E56BB38C6\SourceList\Net	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AA59BB2C3F091984181C7A5E56BB38C6\Clients = 3a0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AA59BB2C3F091984181C7A5E56BB38C6\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{C2BB95AA-90F3-4891-81C1-A7E565BB836C}v14.42.34433\\packages\\vcRuntimeMinimum_x86\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\217E3E483436B484B8C6F941F510A907	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\09A86F63C932FD435BC8463B1035EC53	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\217E3E483436B484B8C6F941F510A907\SourceList\Net	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\INSTALLER\DEPENDENCIES\VC,REDIST.X64,AMD64,14.30,BUNDLE\DEPENDENTS\{57A73DF6-4BA9-4C1D-BBBB-517289FF6C13}	VC_redist.x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x86,x86,14.42,bundle\Dependents\{e7802eac-3305-4da0-9378-e55d1ed05518}	VC_redist.x86.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AA59BB2C3F091984181C7A5E56BB38C6\Language = "1033"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\217E3E483436B484B8C6F941F510A907	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\INSTALLER\DEPENDENCIES\VC,REDIST.X86,X86,14.30,BUNDLE\DEPENDENTS\{4D8DCF8C-A72A-43E1-9833-C12724DB736E}	VC_redist.x86.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\88AAB0B9F51EF1A3CA0C2B609EDD7FC1\6CF2091E324C9174BAA8CAB762493B76	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.42,bundle\Dependents\{804e7d66-ccc2-4c12-84ba-476da31d103d}	VC_redist.x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v14\Version = "14.42.34433"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6CF2091E324C9174BAA8CAB762493B76\Clients = 3a0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6CF2091E324C9174BAA8CAB762493B76\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{E1902FC6-C423-4719-AB8A-AC7B2694B367}v14.42.34433\\packages\\vcRuntimeAdditional_amd64\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v14\Dependents\{804e7d66-ccc2-4c12-84ba-476da31d103d}	VC_redist.x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AA59BB2C3F091984181C7A5E56BB38C6\Version = "237667969"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.42,bundle\DisplayName = "Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.42.34433"	VC_redist.x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6611F283904AB5C4B9E158DE35B82819\AuthorizedLUAApp = "0"	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\INSTALLER\DEPENDENCIES\MICROSOFT.VS.VC_RUNTIMEMINIMUMVSU_AMD64,V14\DEPENDENTS\{57A73DF6-4BA9-4C1D-BBBB-517289FF6C13}	VC_redist.x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x86,x86,14.42,bundle\DisplayName = "Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.42.34433"	VC_redist.x86.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5040806F8AF9AAC49928419ED5A1D3CA\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_x86,v14\ = "{C2BB95AA-90F3-4891-81C1-A7E565BB836C}"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\AA59BB2C3F091984181C7A5E56BB38C6\VC_Runtime_Minimum	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.42,bundle	VC_redist.x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\217E3E483436B484B8C6F941F510A907\Version = "237667969"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AA59BB2C3F091984181C7A5E56BB38C6\SourceList\PackageName = "vc_runtimeMinimum_x86.msi"	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8A567BD6FA501A947AD1F646E53EEC14	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6CF2091E324C9174BAA8CAB762493B76\PackageCode = "C115E40EF1D73624BAA68F6193F24D7D"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6CF2091E324C9174BAA8CAB762493B76\Version = "237667969"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6CF2091E324C9174BAA8CAB762493B76\SourceList\PackageName = "vc_runtimeAdditional_x64.msi"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AA59BB2C3F091984181C7A5E56BB38C6	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AA59BB2C3F091984181C7A5E56BB38C6\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{C2BB95AA-90F3-4891-81C1-A7E565BB836C}v14.42.34433\\packages\\vcRuntimeMinimum_x86\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\217E3E483436B484B8C6F941F510A907\VC_Runtime_Additional	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8800A266DCF6DD54E97A86760485EA5D	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\217E3E483436B484B8C6F941F510A907\AuthorizedLUAApp = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\217E3E483436B484B8C6F941F510A907\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{84E3E712-6343-484B-8B6C-9F145F019A70}v14.42.34433\\packages\\vcRuntimeAdditional_x86\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\217E3E483436B484B8C6F941F510A907\Provider	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6CF2091E324C9174BAA8CAB762493B76\Assignment = "1"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AA59BB2C3F091984181C7A5E56BB38C6\PackageCode = "2A6913A281E36934992C8D584A14C6CB"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AA59BB2C3F091984181C7A5E56BB38C6\AuthorizedLUAApp = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_x86,v14\Version = "14.42.34433"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_x86,v14	VC_redist.x86.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\INSTALLER\DEPENDENCIES\MICROSOFT.VS.VC_RUNTIMEADDITIONALVSU_X86,V14\DEPENDENTS\{4D8DCF8C-A72A-43E1-9833-C12724DB736E}	VC_redist.x86.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\6611F283904AB5C4B9E158DE35B82819\VC_Runtime_Minimum	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_x86,v14	msiexec.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
3004	chrome.exe
3004	chrome.exe
4444	msiexec.exe
4444	msiexec.exe
4444	msiexec.exe
4444	msiexec.exe
4444	msiexec.exe
4444	msiexec.exe
4444	msiexec.exe
4444	msiexec.exe
2028	chrome.exe
2028	chrome.exe
4444	msiexec.exe
4444	msiexec.exe
4444	msiexec.exe
4444	msiexec.exe
4444	msiexec.exe
4444	msiexec.exe
4444	msiexec.exe
4444	msiexec.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3812	VC_redist.x64.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe

Suspicious use of SendNotifyMessage 50 IoCs

pid	Process
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3004 wrote to memory of 4952	3004	chrome.exe	86
PID 3004 wrote to memory of 4952	3004	chrome.exe	86
PID 3004 wrote to memory of 2784	3004	chrome.exe	87
PID 3004 wrote to memory of 2784	3004	chrome.exe	87
PID 3004 wrote to memory of 2784	3004	chrome.exe	87
PID 3004 wrote to memory of 2784	3004	chrome.exe	87
PID 3004 wrote to memory of 2784	3004	chrome.exe	87
PID 3004 wrote to memory of 2784	3004	chrome.exe	87
PID 3004 wrote to memory of 2784	3004	chrome.exe	87
PID 3004 wrote to memory of 2784	3004	chrome.exe	87
PID 3004 wrote to memory of 2784	3004	chrome.exe	87
PID 3004 wrote to memory of 2784	3004	chrome.exe	87
PID 3004 wrote to memory of 2784	3004	chrome.exe	87
PID 3004 wrote to memory of 2784	3004	chrome.exe	87
PID 3004 wrote to memory of 2784	3004	chrome.exe	87
PID 3004 wrote to memory of 2784	3004	chrome.exe	87
PID 3004 wrote to memory of 2784	3004	chrome.exe	87
PID 3004 wrote to memory of 2784	3004	chrome.exe	87
PID 3004 wrote to memory of 2784	3004	chrome.exe	87
PID 3004 wrote to memory of 2784	3004	chrome.exe	87
PID 3004 wrote to memory of 2784	3004	chrome.exe	87
PID 3004 wrote to memory of 2784	3004	chrome.exe	87
PID 3004 wrote to memory of 2784	3004	chrome.exe	87
PID 3004 wrote to memory of 2784	3004	chrome.exe	87
PID 3004 wrote to memory of 2784	3004	chrome.exe	87
PID 3004 wrote to memory of 2784	3004	chrome.exe	87
PID 3004 wrote to memory of 2784	3004	chrome.exe	87
PID 3004 wrote to memory of 2784	3004	chrome.exe	87
PID 3004 wrote to memory of 2784	3004	chrome.exe	87
PID 3004 wrote to memory of 2784	3004	chrome.exe	87
PID 3004 wrote to memory of 2784	3004	chrome.exe	87
PID 3004 wrote to memory of 2784	3004	chrome.exe	87
PID 3004 wrote to memory of 3924	3004	chrome.exe	88
PID 3004 wrote to memory of 3924	3004	chrome.exe	88
PID 3004 wrote to memory of 1624	3004	chrome.exe	89
PID 3004 wrote to memory of 1624	3004	chrome.exe	89
PID 3004 wrote to memory of 1624	3004	chrome.exe	89
PID 3004 wrote to memory of 1624	3004	chrome.exe	89
PID 3004 wrote to memory of 1624	3004	chrome.exe	89
PID 3004 wrote to memory of 1624	3004	chrome.exe	89
PID 3004 wrote to memory of 1624	3004	chrome.exe	89
PID 3004 wrote to memory of 1624	3004	chrome.exe	89
PID 3004 wrote to memory of 1624	3004	chrome.exe	89
PID 3004 wrote to memory of 1624	3004	chrome.exe	89
PID 3004 wrote to memory of 1624	3004	chrome.exe	89
PID 3004 wrote to memory of 1624	3004	chrome.exe	89
PID 3004 wrote to memory of 1624	3004	chrome.exe	89
PID 3004 wrote to memory of 1624	3004	chrome.exe	89
PID 3004 wrote to memory of 1624	3004	chrome.exe	89
PID 3004 wrote to memory of 1624	3004	chrome.exe	89
PID 3004 wrote to memory of 1624	3004	chrome.exe	89
PID 3004 wrote to memory of 1624	3004	chrome.exe	89
PID 3004 wrote to memory of 1624	3004	chrome.exe	89
PID 3004 wrote to memory of 1624	3004	chrome.exe	89
PID 3004 wrote to memory of 1624	3004	chrome.exe	89
PID 3004 wrote to memory of 1624	3004	chrome.exe	89
PID 3004 wrote to memory of 1624	3004	chrome.exe	89
PID 3004 wrote to memory of 1624	3004	chrome.exe	89
PID 3004 wrote to memory of 1624	3004	chrome.exe	89
PID 3004 wrote to memory of 1624	3004	chrome.exe	89
PID 3004 wrote to memory of 1624	3004	chrome.exe	89
PID 3004 wrote to memory of 1624	3004	chrome.exe	89
PID 3004 wrote to memory of 1624	3004	chrome.exe	89
PID 3004 wrote to memory of 1624	3004	chrome.exe	89

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\Temp.exe
"C:\Users\Admin\AppData\Local\Temp\Temp.exe"
1⤵
PID:4456

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff943b5cc40,0x7ff943b5cc4c,0x7ff943b5cc58
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1832,i,3717687233001838702,11153877905773886656,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1848 /prefetch:2
  2⤵
  PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2172,i,3717687233001838702,11153877905773886656,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  PID:3924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2280,i,3717687233001838702,11153877905773886656,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2480 /prefetch:8
  2⤵
  PID:1624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3144,i,3717687233001838702,11153877905773886656,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3176,i,3717687233001838702,11153877905773886656,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4036,i,3717687233001838702,11153877905773886656,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4600 /prefetch:1
  2⤵
  PID:4280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4752,i,3717687233001838702,11153877905773886656,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4716 /prefetch:8
  2⤵
  PID:4640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5048,i,3717687233001838702,11153877905773886656,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5072 /prefetch:8
  2⤵
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4836,i,3717687233001838702,11153877905773886656,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5008 /prefetch:8
  2⤵
  PID:4020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5072,i,3717687233001838702,11153877905773886656,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5172 /prefetch:8
  2⤵
  PID:1476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5068,i,3717687233001838702,11153877905773886656,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5276 /prefetch:8
  2⤵
  PID:3380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5148,i,3717687233001838702,11153877905773886656,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5268 /prefetch:8
  2⤵
  PID:4380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5276,i,3717687233001838702,11153877905773886656,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5216 /prefetch:2
  2⤵
  PID:1284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5324,i,3717687233001838702,11153877905773886656,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:4028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5396,i,3717687233001838702,11153877905773886656,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3480,i,3717687233001838702,11153877905773886656,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3552 /prefetch:8
  2⤵
  PID:4500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=208,i,3717687233001838702,11153877905773886656,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3524 /prefetch:1
  2⤵
  PID:412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3388,i,3717687233001838702,11153877905773886656,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4620 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5200,i,3717687233001838702,11153877905773886656,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:3328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5612,i,3717687233001838702,11153877905773886656,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5604 /prefetch:8
  2⤵
  PID:3744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5632,i,3717687233001838702,11153877905773886656,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5780 /prefetch:8
  2⤵
  PID:112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5648,i,3717687233001838702,11153877905773886656,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5236 /prefetch:8
  2⤵
  PID:4936
- C:\Users\Admin\Downloads\VC_redist.x64.exe
  "C:\Users\Admin\Downloads\VC_redist.x64.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5088
- - C:\Windows\Temp\{72718804-5B5E-4F2A-AB29-7AE8C27D5181}\.cr\VC_redist.x64.exe
    "C:\Windows\Temp\{72718804-5B5E-4F2A-AB29-7AE8C27D5181}\.cr\VC_redist.x64.exe" -burn.clean.room="C:\Users\Admin\Downloads\VC_redist.x64.exe" -burn.filehandle.attached=688 -burn.filehandle.self=692
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of FindShellTrayWindow
    PID:3812
  - - C:\Windows\Temp\{7ECCB8E3-C467-49A2-A2A0-6792B73B36D0}\.be\VC_redist.x64.exe
      "C:\Windows\Temp\{7ECCB8E3-C467-49A2-A2A0-6792B73B36D0}\.be\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{77680E3F-CD3C-4462-84CE-810034FC0889} {4F901DD6-DEE5-484B-823D-B62F853B23E3} 3812
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:2288
    - - C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
        
        "C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={804e7d66-ccc2-4c12-84ba-476da31d103d} -burn.filehandle.self=1140 -burn.embedded BurnPipe.{14D95450-C136-4187-98CD-DDDDB1722CCB} {2938CEE8-614C-4334-850B-3C066BF2F85B} 2288
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4780
      - C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
        
        "C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.filehandle.attached=516 -burn.filehandle.self=536 -uninstall -quiet -burn.related.upgrade -burn.ancestors={804e7d66-ccc2-4c12-84ba-476da31d103d} -burn.filehandle.self=1140 -burn.embedded BurnPipe.{14D95450-C136-4187-98CD-DDDDB1722CCB} {2938CEE8-614C-4334-850B-3C066BF2F85B} 2288
        6⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:5000
        
        C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
        
        "C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{8EB81644-BB20-4E80-A374-3D5461F1DE02} {197D6F9F-9FFD-4EDD-89FF-B727D20B5F0F} 5000
        7⤵
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:740

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4924

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3932

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
PID:1264

C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
1⤵
PID:3164

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:4444

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3924

C:\Users\Admin\AppData\Local\Temp\Temp.exe
"C:\Users\Admin\AppData\Local\Temp\Temp.exe"
1⤵
PID:3920

C:\Users\Admin\AppData\Local\Temp\Temp.exe
"C:\Users\Admin\AppData\Local\Temp\Temp.exe"
1⤵
PID:3344

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\OZMCVSQS-20241007-0916.log
1⤵
PID:760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff943b5cc40,0x7ff943b5cc4c,0x7ff943b5cc58
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1904,i,15159281491201610978,4105483334368262494,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=2024 /prefetch:2
  2⤵
  PID:1752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1804,i,15159281491201610978,4105483334368262494,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  PID:3292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2144,i,15159281491201610978,4105483334368262494,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=2316 /prefetch:8
  2⤵
  PID:4280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,15159281491201610978,4105483334368262494,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3128,i,15159281491201610978,4105483334368262494,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:2552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4560,i,15159281491201610978,4105483334368262494,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=3672 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4832,i,15159281491201610978,4105483334368262494,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=4840 /prefetch:8
  2⤵
  PID:2192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4972,i,15159281491201610978,4105483334368262494,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=5100 /prefetch:8
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5208,i,15159281491201610978,4105483334368262494,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3676,i,15159281491201610978,4105483334368262494,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=4044 /prefetch:8
  2⤵
  PID:4328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4364,i,15159281491201610978,4105483334368262494,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4952,i,15159281491201610978,4105483334368262494,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:2568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5228,i,15159281491201610978,4105483334368262494,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=3464 /prefetch:8
  2⤵
  PID:4228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5104,i,15159281491201610978,4105483334368262494,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=4028 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3368,i,15159281491201610978,4105483334368262494,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=4912 /prefetch:1
  2⤵
  PID:2796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4848,i,15159281491201610978,4105483334368262494,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:4704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5612,i,15159281491201610978,4105483334368262494,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=5628 /prefetch:8
  2⤵
  PID:2192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5624,i,15159281491201610978,4105483334368262494,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=5688 /prefetch:8
  2⤵
  PID:668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5172,i,15159281491201610978,4105483334368262494,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=4592 /prefetch:8
  2⤵
  PID:116
- C:\Users\Admin\Downloads\VC_redist.x86.exe
  "C:\Users\Admin\Downloads\VC_redist.x86.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4336
- - C:\Windows\Temp\{5DBE43B1-2A29-4D30-B7C6-0E6366B480F0}\.cr\VC_redist.x86.exe
    "C:\Windows\Temp\{5DBE43B1-2A29-4D30-B7C6-0E6366B480F0}\.cr\VC_redist.x86.exe" -burn.clean.room="C:\Users\Admin\Downloads\VC_redist.x86.exe" -burn.filehandle.attached=688 -burn.filehandle.self=692
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:4560
  - - C:\Windows\Temp\{6701C908-4876-4A93-9738-5F617540CBC3}\.be\VC_redist.x86.exe
      "C:\Windows\Temp\{6701C908-4876-4A93-9738-5F617540CBC3}\.be\VC_redist.x86.exe" -q -burn.elevated BurnPipe.{4295CFCB-F8AE-44D6-A0D1-862BC439C455} {C658440F-A652-4BDD-9FCD-09DAF4E1D6FA} 4560
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:4708
    - - C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe
        
        "C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={e7802eac-3305-4da0-9378-e55d1ed05518} -burn.filehandle.self=996 -burn.embedded BurnPipe.{2CA0E4C5-4AA9-4F6F-BCDC-0284B84B5F9F} {CCC7086B-39E8-4951-94F7-163D0693729A} 4708
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4776
      - C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe
        
        "C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe" -burn.clean.room="C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe" -burn.filehandle.attached=516 -burn.filehandle.self=536 -uninstall -quiet -burn.related.upgrade -burn.ancestors={e7802eac-3305-4da0-9378-e55d1ed05518} -burn.filehandle.self=996 -burn.embedded BurnPipe.{2CA0E4C5-4AA9-4F6F-BCDC-0284B84B5F9F} {CCC7086B-39E8-4951-94F7-163D0693729A} 4708
        6⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:4432
        
        C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe
        
        "C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe" -q -burn.elevated BurnPipe.{A059CCFE-5F8D-4400-9B02-3B6BA5D14D65} {D19239E5-374D-456F-9588-61ED9D2B6D6E} 4432
        7⤵
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:3408

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2096

C:\Users\Admin\AppData\Local\Temp\Temp.exe
"C:\Users\Admin\AppData\Local\Temp\Temp.exe"
1⤵
PID:2388

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e58cd33.rbs

Filesize
19KB

MD5
618965678031dc3367a1c57ab4560881

SHA1
dcd44628a631a114f1c72503cceced09c42d7592

SHA256
f5c8a0e83171262e31c9d02f7944748ca31655f9e9196f362b64e283fe98f0c1

SHA512
536afb28eeace474b1c888fde10c58342654e0bfecab22809191921f382ab3444a0159b0e3e11c4a465c4b9735212088e11e8008b3f31d7a18ead10365f906bb

Download Submit
C:\Config.Msi\e58cd3f.rbs

Filesize
19KB

MD5
684336b1f81a4953d57e48b150a2e1dd

SHA1
0161965bbaa9684a0a78f62a0e9d017904da00b7

SHA256
753243d92289a0e5afeb1c40d3a10b473768f5d761494902a9d972804d86e96f

SHA512
5f7b77ac56d2a7c327ab01ac5bd00ac0e83028feb4cb5623323a46ddeaac744d96b743a782aa7a403e0352e049c0e9cd12fa301f6646f02afa9278573b267c1f

Download Submit
C:\Config.Msi\e58cd46.rbs

Filesize
21KB

MD5
bf6b959ef6c784994ce1086b5711b7ea

SHA1
38c808db58ae7d4649bbcf9509d61d95563fa13f

SHA256
880fe81f45e69e69dc2c9cf5c84337faff705b7eaeaa0759c7bbea317ae41d93

SHA512
94267ac6c17b556ef2672edc0ec1c1bba9129cdcdc6abe1ed6b1d6caceb83b20ad4a544c5e4305bfb264d00af802216a0c03186db8efa0a58d3c0bf22f290b47

Download Submit
C:\Config.Msi\e58cd55.rbs

Filesize
21KB

MD5
76d1cce12a6920942c47cdbfbf76afee

SHA1
f7cbc3408aa6febf7178909d31255b9350e4f75f

SHA256
e2b8e9f942619376e411db8938a5e5422e0f3d048be44f0fb4214ab20e10c2a1

SHA512
49faf98c1921f7707fa65cfe0eb95f90819053d3e25541ecbcb4494334aa2dea395abf45a550ef0c1d0ec446d2ebdaa5b88cbe1a90e609c6f57da601b1c19d53

Download Submit
C:\Config.Msi\e58cd5c.rbs

Filesize
16KB

MD5
87a174c837e69a091e569609a8b70f9d

SHA1
adc19feb06291eca8ec9af86cd585d3e7466c016

SHA256
075ad5879464c70384592684d66002876e6cf4200ec4fb89ce80b0d25971eae7

SHA512
9fd1e843ba3a8aa44188009aae63978820f603aea1a080c4888c04c41d0480dbe628438b0b2bda9bd8351cefdd014f0bdc5bc854e5073f419bcbb6e02bd3ec85

Download Submit
C:\Config.Msi\e58cd61.rbs

Filesize
18KB

MD5
ed8f7a254f37a1d941995db84f50dccf

SHA1
0742d742b37742196d800fd6d7b95afe0d58ad64

SHA256
73fffb78f56410d73d1c6b82598b861356bfeef9d25b041ba4f294fee8b8f585

SHA512
c260edff1e2b87fd24d332aed1c49600702e800c1e0a704308442537d8567ff78fc2380165905e0ec0ee5a0e7838dd33224988c8fa9f4394ab67036d79ea47e1

Download Submit
C:\Config.Msi\e58cd6e.rbs

Filesize
20KB

MD5
ece86be4738dff3800f19873932e7e20

SHA1
8e29a797ad22b6170ecb291e9600980573d6394b

SHA256
d87c7c6965b5c594212ad2a3764490e99709febbbeee3386405fc016e6813714

SHA512
b2064e33640ecab39dc369e2eeb223ad292d562d318d29bd2c0d0b3cf4345f701b68b6a45bfad44d3ce6fba284d37dae72b099fe82f0e264f0042bf1b7d266e6

Download Submit
C:\Config.Msi\e58cd7d.rbs

Filesize
19KB

MD5
d04892f03bb0e17fa0690d018a236f2e

SHA1
94d278e037b990d29aa3dc15a3a78914bc7f591e

SHA256
0a800f34a1155baf3a189ce2dc3094af7ae98be0c2c47436aee8cd263457d344

SHA512
b7b08920915c455320a789529b765fa4fb6db2221c87a0483e841587449579e2fcdb067e1651437635998c433441fdc206af0d0a2154bb873bd5eab4a536d33b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
1fd2bcf7be677e004a5421b78e261340

SHA1
4e5abd04329ee1ffaebe9c04b67deef17f89ff84

SHA256
f539c848f584add20b43d5daefd614526b67adbf22b0c89eaa7802a8a653cd31

SHA512
929499946e38281bd808b37b362c4a86f3b6382eb1ecd5fc094410d3688906d14a114ca930a2cf38b6241ab734bc5959e6fe541270d47ca9538e82a68c99cc77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\919d93c9-4a09-4fc7-99af-371823240de1.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
d1b1b7aef97c822d1ddda2f3731b5e4d

SHA1
e3243d3a6a6f71bbee1e97b21666504d2e273de9

SHA256
88763cb2f369ef35785335b2bc1fda3182f61a635fd751d96c92d85416113a8a

SHA512
f89c3485dd7927f9f26f3b3dd2f660b07b6602a95323641caa2456e7786650583ed10703c8a73f7d65c6f2f2e7e1ac950d1ed53eec8be1ad92e771f050fd347a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
baabe9c110f526b93f91ef9dc2eb1292

SHA1
3eaba7435d05eb5c58b427191b0da171b13dcb2b

SHA256
43ec8852e61874d5361a102199b27ed888fc1149f03d2c038a08280dbca818cd

SHA512
c237d8f21fe480ccf93259f6783d00338f9fea1589f9f3d973b3ae357be96f38246a4c44816e1bf824190cc8a5a7f52171d6978715a8b28f2144ea505b68d98f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
7b745c9335a40464914861016ad3fcc6

SHA1
fa1cd975c37db13fdc8a3be63435e9bcc376dd9a

SHA256
14c5431ea452d38b04334fa77145a515f6fdb9d1f1cdacbc8b4fa515df235d96

SHA512
413c19b66acce4d45c30717bb30adff6b1d0092dbc2c9a83cf2b9e7d13dcdae50e10da2058a96c6176e388217fb936737cad7034bcb8a2ce39522b1c417155bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
3ba7197d9f6d04b95eeb73a758bf8090

SHA1
29b232cef39a27e880e89badf49203f3f2f27a20

SHA256
e4efd56f68955f3715690684e73c13d4758321e9eb62e65d1fee829e9db229a7

SHA512
51e68be5e9cf4ce0cbfe5457c219861b7813070b3beb3ce4b3cc1a12cda3a941d9d3c9d188b897a277a8131e99fa6040ff0a91a9656ca1d5443286ef6f5cf654

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
8502c615fa825f4fc781eea97c861824

SHA1
3f9cf838989746a5df50ccae39b905e06c9adb57

SHA256
34c349c7a8bfb922d729a19bb5b7e0dc2c3d747a62b4d0222642360ebeb54192

SHA512
5bc4ff997e5cbffe795d93488b2d7a2751e0dd4c2363b931605ef4e788f49c88db79b0cd0e89718ce8868dc9d52980bf4137cf48d3afb07e734449c52cb61332

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
41KB

MD5
ca9e4686e278b752e1dec522d6830b1f

SHA1
1129a37b84ee4708492f51323c90804bb0dfed64

SHA256
b36086821f07e11041fc44b05d2cafe3fb756633e72b07da453c28bd4735ed26

SHA512
600e5d6e1df68423976b1dcfa99e56cb8b8f5cd008d52482fefb086546256a9822025d75f5b286996b19ee1c7cd254f476abf4de0cf8c6205d9f7d5e49b80671

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
41KB

MD5
5036e1122480abc5d5731c96722f3527

SHA1
7e69d26d8b43933d8d3291909f5a78a080299161

SHA256
13f7c3561ece8f14eb346dc691183be5a77fb26f85b863c114e6d112d732d2ca

SHA512
9db09b4a71cda4c8aca2d8ac0637607f0cf02d4520c0ec3c701beca15caeaa9d3e702eab6af57d1430ae9329b58f167e51f5e317838555a43343dfdf7e5e0196

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
41KB

MD5
bea2f2c57fd0938f810a390881b94483

SHA1
868a05b04cd4d4d40ae9a40b04161fb666a72000

SHA256
fd731c27d80914e34ce001f8152f27179dcd2ece1296d0a0eb03648168a8616a

SHA512
4a26d98d634ca2606af36f9836ff2376f8ca810ee622112f3d70cc7af853cc99feffe7d63b09d5875f8f1abd7bda97bdd197bb63c682a890e3c218b4e3e56df2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
17KB

MD5
c6c2e8ff36374d54a2e8c44a2883fb6b

SHA1
6298616e5bf0bd30a807d15a5bbd8490711ce1db

SHA256
09b479014d5c3fa170c8f246eeb64f5b6ee8fa94da764297f118b9c3532e4d1d

SHA512
8c083afbb03e3c35175463e97aa43100d29393e2faca61325b18eac71239ee05e902dc591e58cef3fb1c98d0a84c7a26a33956edaf4e0efa42f76dc0621af89e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
40KB

MD5
3ad8223a25e7f6bd337ce40cb84ef456

SHA1
5c94f4e230f5cc72ae812f203398713d57933a06

SHA256
b8f5f6a0e5942c6b1e44048983e89912730266ef3d5d38029baa9d24f2c6b9b8

SHA512
6f39d6965258ee64891d3257c3478dca4002a3dca2c04f3e63949b00089c17bed708a6eedabd50f35017c80eca43d0c04da568b0578fc97dfe62e73439bac899

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
40KB

MD5
bbc2e9192365d85203febcd55a0fc816

SHA1
83b86cab8ef91c20f85e3f1f6980137cdc1c3276

SHA256
2b33438a79c55524d842f52a1c46ce816a425791db0c08e2ce71b8eb0cecdbef

SHA512
0157075e562bfbe6bc972e1a324e654be12d3271b971bb22d123d55f1929b1e154ccaaf53e902cba791371025178120aabc05359a0a24b665c9a46e091da49a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a39f41d8487fc85b47df6697ac2758a6

SHA1
8f7bafa34475eef8bf011ad51463ea7f5a75fb51

SHA256
0e72ef94a844a533795569425fc940bc6009b61cb7a200fdb2e672a1a759fd7b

SHA512
0eafc27821b3597b44c1e0efd7c9c44b296c5a7de0ef00a7a9bcd81f39ce06f70cc8306ae6f2875c132212eef8d88fff6a0ef0768ecd85db4d3f8164b7739ea2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
fa032c883aea3b2d832dcd98ac851f03

SHA1
05ba676ac87e612817fb700865f5455d80fcc705

SHA256
d050694b9e104012461c828d531e2c317d6777cc7d8c49522880cf98568d3460

SHA512
ae9ab280383bb6a54aaafb8e8bc00f0cc684ff913415ecf35f437cfa25af203e0239275e869f3281a0634ba0131a0e041ae24f886dc7adfa8d038921372c7d2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
4e1bbbfd8392c8bd2d362f543cb18fa1

SHA1
d94aaa86c213249ed70ffa10b303c569de608f2d

SHA256
053a2091c3b7b83e9b75ea57a24714f34367b526a1b6d2f82f504a30479b36be

SHA512
c3664ac52711a1477339b549e64555d6014f550435a392f9a23aa949f9dbba7d8ee1942880b3e2b46921074ceb097e8227c3ea155735e3ee4995001e3884dbed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

Filesize
28KB

MD5
1471cbe2348219d2addeabfe6787aa3f

SHA1
f5a9882473b2c12098de13e67609ff645dfafa2c

SHA256
c67ebbe2b4cacc56bc4aca4b2890634609c30c0233900a936166c9757735c8a5

SHA512
a1b24310a5c82860625b564cc2023e4ab42586722997a6a498e0a47106884d504c93b70c7d4e834ada3cb3e88b11bf726b637d3e8e43e09389482baa847e3f61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
160KB

MD5
c66a1c468b5a431ae9d70bb8c9feac0b

SHA1
53ffe843c376575525138f6d880d40ed523a8e33

SHA256
c46b705cf75e9cf0430a3a6392aea2c9758c103dee8705b4d95289078ee15d97

SHA512
57b297e338b7f0011a3b50b89c136fbd4fcb17524f8147060e8b5b16e7e689767854ff1856ce4fd0b992fbf8551547a14168cee008ad1ceb70a7804bbdbd50b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
1c5e80d73c6e0a034b902de437e897c9

SHA1
0b4891fc736c673cb369d83fe0e7f330e1f0762e

SHA256
5f3102e9970dbf3d3d7e89e9edd1095e3a16cc7656da2e9e7a96e921bd06f17a

SHA512
824f23ffe3478f32732ef060749b464852af893f46496a2b516e7cd3924954d96d5561e27caec77176e5a1ea1245603d099b0f8cf45d0dbf63be863eb6586cbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
564c414c54ea40bc979e8afa8933c356

SHA1
80de57aaba83357214bb1a406d55d8dc0590c85b

SHA256
2365f57bd62ecf7314da1700dead6948d7d9319946390ad1eff7a83789db54bc

SHA512
3aa19c60aa96ab05467428575cf9d10b386eb59d6edeff154ca0c8ea253337595e0ead0d31fa144244c3bacca3f1c079c0775ed88c3fcbbff22543460bf1bd35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
533209d6f7f8a92ca575a55026f4d769

SHA1
7ada8ac3a65bfafc9a9f5dcfb4ff9329ecd0fac8

SHA256
a4ba45a0982129176e3531bd8a55c97474e392e527a8fa7a26ff7d11a34ee760

SHA512
22b97e56d3af6c6e99fafe7d935395b053afa40b85a0f4c0dabc89248a6e0bdd804ed0cc8c5866f3a300942fe36a464a47ecd0aeed276813d62319ab354e0b1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
692B

MD5
aab973b065c5f59fbd67f5c8deb1d029

SHA1
1beffe14fa3ae3426e9e86803a3165564e11172f

SHA256
938c1a5e2c75d506bccc9af79976d91d299d79f89f91cf5dad094bbd8092aa92

SHA512
d3cc9104e3c3a968651d3e6fee557170a598d09c429aec60c6a588a1e7dca2c8ffa5f0270a85e60793465c91b27f9c4c1d738490084d5e8c222d20eed4f579c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
f5c6fe1e7a036d258755e4aebc5db084

SHA1
e59720a17c1963889836e5186c6304ff4605efd2

SHA256
b3b7c2a83eda53057082ee1b376aa88efe313714126d247f656d8330d0e2443e

SHA512
7d7aede414b32fd2277ce2d92ae007749b5763a9a418320c67a493906c169dd295250d997fed2f697a221efc389de1d43039e361c840002f00eaafcbe2e99871

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
28ecd712c607a07d611dfd260ae561bc

SHA1
b8dd17aa45afd12a62bf572acf59cd5b73311311

SHA256
1174945e6bce46e6b7b18515cd965c3411902bb38b6b010338776228c20f2330

SHA512
79845bfe29dc0b8a1a3dc95e23412e1b5965402cfa48abf4877359079b3c80aa84794b675627994a1199727c2b9908e9c49c6157fcc32393444eb362c70055d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ad861a70e81642c8b02b7b5237da6f05

SHA1
52adcf7f662aaa042a88a3c1c24d8f3844daca89

SHA256
e854f8d4b57beb819cf51f9f079ea978e7dd0aaff0caa948d2a61a70eef2b238

SHA512
2de79e3b4d4b03ae771f756a9d1ff2cf55c5aba75e96f617678249e8f23cdfeff58c8faf15be34f653b622df1132574de814331485d4f94eacfad19c1f880505

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
07744c8b3691401ba906623155d9e5c9

SHA1
8baecd5fd06d0a3dc524c807bed5a34703bebf23

SHA256
1cf9773b8c6794128aa26b5f6d222de8802854fe2cb31d799843be6c642858bd

SHA512
1b852229dd6f5d24071c6256aaeff5d453de3bc4a5d76333864299811175135c7bd6e5fb85d63790878a8fbdabd7f7754d3a12f0f1eb090622a1ced6a6cfc810

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
00201c32f90648377566469e23b4194b

SHA1
b72356afddc16cc3e21673320a85fdc45745534b

SHA256
a585d69d06dbe0bae3f1fed642b1184a54a2db7df14fa770d15e6f9e89a021ed

SHA512
92626a24155c81a86a143c57a3d245836ed7e58910d2f593e3df32963258b6ff53017ab3d0b0221875e92869a48d29ade3a9bf5a40def743062b70014b012998

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c00cc27c76a84b091bed69e45a6adf6e

SHA1
42c3eab1de3c0244d8c94febb411d40c6968712e

SHA256
8e671c7426890a70f3f68663688285cd1c3a6ff102946f30fae70b6e9e2ceb4d

SHA512
b1d2398044d968f713193afeabcb515a5f90400daf8697c571417ae79fa1e78f09f4c077cfb1cdb0b8baccd305732e3c3b7d1959c44bda3293bd57070e6a9376

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
664cc8b766038c66b2dd71a0e22a7c44

SHA1
81c6ad9306cbc636b68213c25e768f152306eee5

SHA256
2e0c65620123054b627ee9ab9d71179597b56b6ac59033aefb0d02aaada7d6d4

SHA512
8e75014aecc9721080aee52eb22d21e2678e2bb6f4bcbacdca624661ba1443bd13177b55b2600322a798bc3acaec9f3c2c8c85a93e9e8df40a299e4dbe0b1fba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
70e4507cfad2846bca590e242d8264de

SHA1
6f848f91d45cd9f8b1b256441455b3864155e536

SHA256
b994cbf3ec87edd19f91ec597c30dbf5014ed1e7f419f6eef903b8d779fa5664

SHA512
dcbaad3cd6f77b935906643ac233d0a581e82d30accf519ac6d3ec609cf0c61f366ae16b4c9f616eed7b0cbe6d460e06f193633ae72f346f6b7eaa12d778c968

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d958b43800b8a2df381c01d4e36643d0

SHA1
0eacbba58465fb3aa69513f0b131e07edb93a217

SHA256
1464b605a048dd15b572f174f0db1d0a7bf1d63acce1ea00a2f7299bdff563fc

SHA512
5899cdf42f07246c92a65b2a211710f589d7d54bc4cd21247e8118cc50657f7acda47b4a2c548375031ea456fb1f05b5dccd4631f797e6f97d89616badc7cd14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
16716a3f7b78d4d775a2943ca959acd1

SHA1
0b8743ebf821c4c04e3b1dcb7e2ca5ff4fca6960

SHA256
480f84a0090f674a0f0fa8dea570555033bb3930316b640acded22e849d91be5

SHA512
0009d931cf82c02434d1d527e9f6f7a11c8678635f469727e11c6b9315287d8161d122980c5eb342add946c57a97ec2f989c1b2e312d596440d3ebc6b4544e34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7478a1918db9499debc9f459897d20ef

SHA1
e2871adfbe17e764708fe36accb0eb6fa3be296e

SHA256
8121cc7b754db9738b8fc6e20ffad2299e81e4757f15b13a5dfc49a2d13b16b2

SHA512
f26ea9f8fe66427d5c1344d76268dbc8ee9b5c19760f3d71e8e2f00c755e80815ec60850425806f35ff433ab071fa57fccfedce6c8313447605fba18bb424c48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b9f6dd5334554a2123dee3acf991f850

SHA1
776f18e5ca4e06f6cb5653cc872394236e7979e6

SHA256
1abf0ac68f4f9e542adfacea587f8e83ef96516bf1cddff133b5513ab3a4337e

SHA512
f4274d83a4cd2613274a404d531babd7a9943768e89d57c8a1a1e460bbcb743a7e158e6f12301c9906a3617b0492ccfd9620170e05d0a371f971a267b79fa639

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
341b4e89f5e9b9b9287784baf9949047

SHA1
2d9d5249b4bfdab6b36ff2ca58dd126aded7ebf5

SHA256
4ed95e10d3fdf7858b6a027a3bcf9644570ab083d7cda6781490e99b7b71e26b

SHA512
6f832581136297d9f86ec4d432dea6683c5f3570a689ee66ecf7330e01626e59158729085681c855efdccd101ee8d943dc4cf8511f704499125d09bdca1d0c47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
29fda6bfed6753c693cd1633831bd7ac

SHA1
aeeab6bd0d7482c29c958f0b1b7485329df29ae5

SHA256
16c3666396bc3105950f951cf8358ec80f05fd5d8ad22b88d9ce36e94ba7c903

SHA512
3fb453073578a0e396694e0c3de27359ccdbd2c4ada0af8f71212cba489040765c12223a5d2837f7d037d016c3665e2726854fb32f1e95cf8cb584fd4856d2cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
8448e6ae5bd96db49170bbe108ccecbf

SHA1
c26d442a444570bb6f488248d324d66c0c6ab162

SHA256
1d68738b3269cee0231bbb40ac4727127a1e0b800ae3f9f01c10593dfcac617b

SHA512
0baef93e6b08a0716f9b07dc998d7ef41ab74da53c6fd41cca9bbf547f452b876766f5a59aea1188295ebdbb8151a8d98cc99e4c73c210aefa3793f9ff328b16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
5dd438cfe60e28f23d32cf75d92e6099

SHA1
d249c52cd76474519f6c56602cb6c594a2dd1eb6

SHA256
253da2bcea0bedbb9c529ce5c62bcd0789bc351f1886b657a82c0c8ee385b889

SHA512
b8bb864cfa62ac96902b67a3ba4b3b58c5fcefc1d2c2d9e20d8f86d5cd5b83f22c6ade3d5d2cf8587670eb037c54393825f501adb9b3600c983c046bd74ca047

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d8cc88a788e936e15f0dcb542b0f0f90

SHA1
930ac2d3535f5fc01ca9bc553d170a5f9f3daed2

SHA256
26244401e802f83bb7b6f417bec0d1d1bab65b0c68f85bbf33705bcb862e3b38

SHA512
638713224fa8588dcb34a49e0fcedbf2cc9a1a1ff94abf705887b6c3ea2c004b501775638717c11fdf7e6d7fcf53ec1db3905a7b9a345534a3fc1d4a12dc9ba0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ddb67645cdbfb9a6f3cf1df926332a4c

SHA1
7b161a578b64873d3ebe0d6dd588ee54adb7cf86

SHA256
698c2de895a7783b877970fcb7deebb9675a4a51c1158b15eec788a24d79021a

SHA512
328bc54794346ad73d43b02eee0346c683e7bb316fc5d1586b244f33c9af9e5d22b60d98e3eba8cebaafb1e0f39bc789e7dec9441ea642654cdb9571437ccd77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
66843e0d0807fe8ab5a108a3163a0213

SHA1
231ab2a42de2465dc3a2dee5464e8e4dbccaa659

SHA256
c04a0a1971513af16c73977487e508e5c5ed2d35f12dba862f28d816cf597f09

SHA512
ae8947765629a226b8485b22a3cdc567e82e3fc7860e204f4c74722de802339b1cef302246e0cf1117f109ef51cd7c92b9fcb8acb90f53ce12c539e5026cd18f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
8dd7a297d6db6c9f90344ec040e3d3ac

SHA1
f2a3cf6460f511606b9230f8a668526348845286

SHA256
ff979a65d54cc9883a6526e0b2c332be06016bcd11cc7795f2f73e42743996d5

SHA512
75253747b5d52f754e57395d3617cdad1009dc9367b9469e2163191dd9fff1c2ead8a954fded26c2a1fa7108ff4f1ff4d65d5ebe42f79f933c5572e4b13f886e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
2fa32bd043bdd5dec6a69db3016d11e4

SHA1
ca27875b4d0d12d358bf2548cb9990eab95b2ace

SHA256
d9b83bbb51ad9309b2067a58d3cadf35ceea22013b3317b1d24332f9cf49caea

SHA512
12c07e83724bb04e95e84001f57faab20730cadf1a1564019d178ee7cd5dfe4f6698f143bccff295f3c97413412a626a72f1a67392b70ac5379b5798a1781071

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
19bcc7b6439e255ced1334a0cbafbe8e

SHA1
3c49abf2c0a50b67b989b48f4a20ad3d729f9f1a

SHA256
162c6c35ec693435b560896e8cffc32df294132d18960b7adb67c49298c2f5fb

SHA512
e20d7027bc15c2c4ebe6aee72c74e4f6b4518afe8c9359163786e38e66f3c673e9af9f0e23b62421d3a9ef469168e1dcef1c54635dd6722fefcaa61c8170d372

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

Filesize
333B

MD5
33f33d548450ffeeddebeedcb257d615

SHA1
df316e71f191a7182a668052f20c7267a2091303

SHA256
6836759c404b73adb0751d932cb169ffa3c74ac7017d13bfeea9eeb94b5a129c

SHA512
7198057c1a4fb3eef31904424e4d0ec0f5e3be0bd6a47dd0c641d57690a9c5c2634c72eb765e1acf9c85a0d269ec94b8b6e4f8733710279bf2d17f3cee7cf8ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
bc5ca473192e88dce27e7d3b47d23018

SHA1
3d0e56ac9b6fc7e69935100df700a0e591424569

SHA256
01ff6334aa3529f7a2e65fc085e7cc20806fd8faafdfcb30a7c8f6c67483b80c

SHA512
d0e562e6399945498e34d7499ebe54d1696304d20a98c097d38c054bfa393ac10df4fca8313c0142ac88024a490d84664bb34bc48e62a5cd7abeda47923269ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
318B

MD5
dcd375c1e14b1d3ac372e3e5fcedd501

SHA1
48b3e6679499052513f111cbc50366d528d9b487

SHA256
c88a3c3c0c4b4368e10712ffce01825ddddb7f73b9af6a902f82f5e7739254dd

SHA512
e7b00dfc2e3793ecc7b4138e31073ee9c142fb41161393a793f8c45de1e449081f9a7d71776681865d780f299e7c68adb7b32d3911beb3d7ee3205a7216f7278

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

Filesize
128KB

MD5
8de388118c17aa6ca8c297c24507f4ea

SHA1
5ede20811375a7f62bc1a1dcf288a3ee2911d10d

SHA256
57bd9ad9f54c1431fcf13ce508c7d18d5b42bc8790449f5f63ea5e09000f80d8

SHA512
ca66998c0c5687bf9132b03c8e43a93e6f571b3a462c24db52dd8e617289fc61309f166cc3a3921b46f48271b6a0d985342c3587c7dd2f1bc0bd89b4326b3b4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data

Filesize
114KB

MD5
e8545855405e4dde74bd580336a6865b

SHA1
e929778e62f156b7b2e3edce2458db02cf993083

SHA256
772cead50baee49166d7996638613bb0b1b2bb8b7c0e7f33a175ceb29673ed3c

SHA512
501b9f4d99bd38501145228d66d0f433da1265b37bd293e4fe67bf80ea58b69d3dbf6f1c25e294cc7597671e305859f5a2fe8d0f85a8f06c050538939a95730b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a5daae27-2c59-4714-8445-96aa074ec623.tmp

Filesize
9KB

MD5
9e9aa952dce351e1a8bf31517fddeb5f

SHA1
8ea69a888439eca098c25fb911ba8cdb7789c9b6

SHA256
bd19e0c64ec469003283a242c6966b80bb50db0ef82c80537ee12b43a1b8af73

SHA512
3363eaa1bcd770eb0eb0eb27b79f8fcfcf5efda499cc103b6100a849d9b7c5e2cbcaf80cc4407e70117b3a1348d27d529378da5477b64107496c41381341050d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e5b5e74a-bf8e-422a-90d8-4a853d925ffa.tmp

Filesize
11KB

MD5
06cdbcbbdd8cb618c460ea5f5a0e473a

SHA1
e31225eead2738d5b8cead4c5bbe99fc782d0737

SHA256
3cdbc59fcd2f4f2ab2fe0fad3996c070c399b45d32f5bb438ede7f74421850ce

SHA512
a872fc18b39f724e5051e69f800c25682351d45ad59e4f12bdaf0d6925c041ec886a5af51f22938d253f895589594b54f4f3ce0d0d917a8ded1b706b1b0aaad4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
ef48733031b712ca7027624fff3ab208

SHA1
da4f3812e6afc4b90d2185f4709dfbb6b47714fa

SHA256
c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

SHA512
ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
489934ef6b189032ebd0016ca5f7032b

SHA1
c136491dcf640be780eb8e65799e9ee2b7a4a9dd

SHA256
ba7b2cccdf465b622417d0b06a9371aceaacbd5f211319caf092f864a8ade466

SHA512
a04216730774484c745e34a899c5d72fa8b9757ad7ef3f54f75644b140555c8d077edf59a3dadbc6e87fb73278ae545b8283396c596d33523383d7b9cfc0dfdb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
069497b669286106acd1652c9c8443c3

SHA1
d46b018fb635dd70de3b17b544b673d0644f14df

SHA256
db3307e8c9b3438489fb3725f288b781752acc2aec35944ffaf4450a5e1b74a4

SHA512
14bdaeaedf3774511befc996d5bbe8f7f4e3189bc563800c5bf96149a989e06354e5afaeff218631e401d49682190050982846a907e964d62ed82777ada51784

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
119KB

MD5
14eecd6994a2883d209dc22544981c5d

SHA1
3db89f00d2e489ba6eb8bb6ae01eeba2e672df74

SHA256
83b697e3820aa975ebe2120afeaea3d20ad8c3fd73daeb2d40a2f6a9f452eb80

SHA512
b7c46fcf942d81f9e7ead84285cbc57f5d73e9bb6ef2fd031938b39f5f8a11c582b0f5dd6d0643d4d9f9b272a26b84f0cf522be817fd636f9600c85614a0c119

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
119KB

MD5
10662a3d8c8a02b52cfb48d958bec6e8

SHA1
9d3290b4331eff2c08382b05c73c05fa98025d8c

SHA256
aa9492d4495c0f37c67b5d07c39ffc79308988fc13cad81b592ff9a521fa09a8

SHA512
39e21965e961f0b3420b8f681a8dcb708a2b5e61442d770d83727d0fa78dc9c1d61d26229450351162f630ee072e7cb8f7ee73763fe4d0bbe52dea5c7ebb7941

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
0fbc74a623b673da7d45c310db469bc5

SHA1
eeb85edb0388a548c1bc0d348e11ac5c707bfa11

SHA256
88c4cc9634ca976d18d070d5fd992b12f2baa460d8c49e0bdeb2e8d6b413aadc

SHA512
1402d1a50102c595351b25891a82c0b40f02be3abdad2bc3b088c8b56b5c7875140279bccacbd8b7d0c50edccb2f8c89760ee47cccf8fd38a7fc009319e3196b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
a6963c03333899ee61f8aa3e56ac6251

SHA1
0afd5550fc291336b1657635dfb15c55ae716a59

SHA256
39132a11acc2259698c7d1c64501f289f919de930bef75c382913b09d4e9b94b

SHA512
129a636e6eb03e65ed42bca14a4341941fdcdbd8bfa273077beb6ec13f053d0f9a5393f18a3b5fb3eb55acc1073fa6bd6e49b89aa9b1dbfad1cee2a9c78a408b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform\ukm_db

Filesize
28KB

MD5
d4df3850baeef4c8e1efc9ed8bdcc9dc

SHA1
de546f925b4ac506e149b3351c32f91ddf97d6c7

SHA256
56f6ed0f75af4bbabc653d6eb2a55525a1935e62e9421ff10e769ffa06a8aa26

SHA512
602f42d4bb1fbbe5578bcb6301318b2d312a29efc3bec7fe861b9b6b3db05003ce7ce8f982b5ed587a21d7306795d2c5c290bce64efde7de2d60673299cf760d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform\ukm_db-journal

Filesize
24KB

MD5
2fca68f1f3c0d47f3e10a61e69f7eccb

SHA1
36c97d2f86d024cf90ba623c7a7a3ec3ff801bf0

SHA256
319ae7c2a478ac21f5d3fe115583c02cd79007bb43e0d8f9bc9384c160d89a4c

SHA512
2c845f56d8742449c1feea0c782a93976729c8a166d2e4887f2adf011f084f24faaaae0a167fad036efd404ae62acaa8164df9090e8cdb778635edd4cbc7d0d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_vcredist_amd64_20250101174710_000_vcRuntimeMinimum_x64.log

Filesize
2KB

MD5
e1f0eb10aaf061a9398aaed3be1f96d9

SHA1
47ebde848db1995ca9eaee6b466df9e0972ace44

SHA256
14b839577c94d98e4def0dfb640f071c515b128958833aed7e2a6724ae8f2e08

SHA512
0b18c720ea9b7c755e5420271cdd4ce058884cf581cd35fe489f3de78395dbd1fdc22c24a18b2dd5fd89bd3775e31d92d777fd46f9291ca4e11dd4de33975fc6

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_vcredist_amd64_20250101174710_001_vcRuntimeAdditional_x64.log

Filesize
2KB

MD5
cf0abcd370ba4c9bc0824aba2716ecfd

SHA1
423f22c49ec6ec2a74955809e8cb2962de4250ab

SHA256
66cc42a47d5be1bbe8288523efee2952c7b8ed9f2701d347788ef2f9f54f6f06

SHA512
28b61a637fa4a68400ac9b4fab1f8065024052cdbf7bce5e40e9d6dd4d5434235867797777ec8ae0f8befb7f7282b184749244dc12f125509c1c7f248e3a2c6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3004_2025880492\7db438ef-056f-4951-be32-57f2850945b3.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3004_2025880492\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 248821.crdownload

Filesize
24.5MB

MD5
223a76cd5ab9e42a5c55731154b85627

SHA1
38b647d37b42378222856972a1e22fbd8cf4b404

SHA256
1821577409c35b2b9505ac833e246376cc68a8262972100444010b57226f0940

SHA512
20e2d7437367cb262ce45184eb4d809249fe654aa450d226e376d4057c00b58ecfd8834a8b5153eb148960ffc845bed1f0943d5ff9a6fc1355b1503138562d8d

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 423680.crdownload

Filesize
13.3MB

MD5
8a6f4f3282236325360a9ac4413b7bc3

SHA1
cb617803813e969be73f2e0e175a67620e53aa59

SHA256
dd1a8be03398367745a87a5e35bebdab00fdad080cf42af0c3f20802d08c25d4

SHA512
2c1facb8567a052b4fa65d173b0bda64fa5fded2cddb9073b7c28507ed95414c17d2839d06d5e961617c754cda54d6134964b1aff5c9e9cdfbace71f1de2ac3a

Download Submit
C:\Windows\Temp\{6701C908-4876-4A93-9738-5F617540CBC3}\.ba\license.rtf

Filesize
9KB

MD5
04b33f0a9081c10e85d0e495a1294f83

SHA1
1efe2fb2d014a731b752672745f9ffecdd716412

SHA256
8099dc3cf9502c335da829e5c755948a12e3e6de490eb492a99deb673d883d8b

SHA512
d1dbed00df921169dd61501e2a3e95e6d7807348b188be9dd8fc63423501e4d848ece19ac466c3cacfccc6084e0eb2f457dc957990f6f511df10fd426e432685

Download Submit
C:\Windows\Temp\{6701C908-4876-4A93-9738-5F617540CBC3}\.ba\thm.wxl

Filesize
2KB

MD5
fbfcbc4dacc566a3c426f43ce10907b6

SHA1
63c45f9a771161740e100faf710f30eed017d723

SHA256
70400f181d00e1769774ff36bcd8b1ab5fbc431418067d31b876d18cc04ef4ce

SHA512
063fb6685ee8d2fa57863a74d66a83c819fe848ba3072b6e7d1b4fe397a9b24a1037183bb2fda776033c0936be83888a6456aae947e240521e2ab75d984ee35e

Download Submit
C:\Windows\Temp\{6701C908-4876-4A93-9738-5F617540CBC3}\.ba\thm.xml

Filesize
8KB

MD5
f62729c6d2540015e072514226c121c7

SHA1
c1e189d693f41ac2eafcc363f7890fc0fea6979c

SHA256
f13bae0ec08c91b4a315bb2d86ee48fade597e7a5440dce6f751f98a3a4d6916

SHA512
cbbfbfa7e013a2b85b78d71d32fdf65323534816978e7544ca6cea5286a0f6e8e7e5ffc4c538200211f11b94373d5658732d5d8aa1d01f9ccfdbf20f154f1471

Download Submit
C:\Windows\Temp\{6701C908-4876-4A93-9738-5F617540CBC3}\.be\VC_redist.x86.exe

Filesize
669KB

MD5
f7aca1ef43beaa02107214482e6b51d6

SHA1
fb5cec36519b148119dec501cec92d894eb3b60a

SHA256
169b8f7025b301ffce5402c98c07f9e01bbadce52a2961175b777279f92624a7

SHA512
82cf5ebaa0a16e229b82e2dd550d7ab76409c89b4cfb7f163d1cce6d156db737ec5a09a3aa832b4076039665a6044aaeca3a6d311f8264492707ae281bbe7443

Download Submit
C:\Windows\Temp\{72718804-5B5E-4F2A-AB29-7AE8C27D5181}\.cr\VC_redist.x64.exe

Filesize
670KB

MD5
3f32f1a9bd60ae065b89c2223676592e

SHA1
9d386d394db87f1ee41252cac863c80f1c8d6b8b

SHA256
270fa05033b8b9455bd0d38924b1f1f3e4d3e32565da263209d1f9698effbc05

SHA512
bddfeab33a03b0f37cff9008815e2900cc96bddaf763007e5f7fdffd80e56719b81341029431bd9d25c8e74123c1d9cda0f2aefafdc4937095d595093db823df

Download Submit
C:\Windows\Temp\{7ECCB8E3-C467-49A2-A2A0-6792B73B36D0}\.ba\logo.png

Filesize
1KB

MD5
d6bd210f227442b3362493d046cea233

SHA1
ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

SHA256
335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

SHA512
464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

Download Submit
C:\Windows\Temp\{7ECCB8E3-C467-49A2-A2A0-6792B73B36D0}\.ba\wixstdba.dll

Filesize
215KB

MD5
f68f43f809840328f4e993a54b0d5e62

SHA1
01da48ce6c81df4835b4c2eca7e1d447be893d39

SHA256
e921f69b9fb4b5ad4691809d06896c5f1d655ab75e0ce94a372319c243c56d4e

SHA512
a7a799ecf1784fb5e8cd7191bf78b510ff5b07db07363388d7b32ed21f4fddc09e34d1160113395f728c0f4e57d13768a0350dbdb207d9224337d2153dc791e1

Download Submit
C:\Windows\Temp\{7ECCB8E3-C467-49A2-A2A0-6792B73B36D0}\cab2C04DDC374BD96EB5C8EB8208F2C7C92

Filesize
5.4MB

MD5
5866203168b27f18c1b47abfa6823e02

SHA1
3b696be0a4cf750965d74263e43b8e302cb1b318

SHA256
7d48e0905ebea9b14a07cff687705dfdc50d795cd4c32e5ed87a0e344884b430

SHA512
037f793f60be84f1da005d47e21783e719a85b5c12c4d20050ad9d3254ac99ba8eb30b4b1378bac69379dbc659427dc1ae4a19062ecd337d47d480d047afb669

Download Submit
C:\Windows\Temp\{7ECCB8E3-C467-49A2-A2A0-6792B73B36D0}\cab5046A8AB272BF37297BB7928664C9503

Filesize
969KB

MD5
8c302e40fbf614896ba36a75f3f8977e

SHA1
991af1495f7783173d0c5691be38ff8648f2df12

SHA256
b384b812dc59c2081cee080ea6bba748e02ecf3c0800d8dcaf9607a20a4f3290

SHA512
53b1d7d8ab495931f50b5d815afe04d52f9e0bbafa0a5f3e4f6605b6e4f2a85c583abf9014dec41481439827bb6bab23ac439d4fd7d0c3f191f21b2bf5afb11d

Download Submit
C:\Windows\Temp\{7ECCB8E3-C467-49A2-A2A0-6792B73B36D0}\vcRuntimeAdditional_x64

Filesize
208KB

MD5
351d8e8c804f6c6aab4c718977b1817d

SHA1
1b680e5e2ed548e5636f9d656c49c87cf9a70da8

SHA256
cf584e5132ef3766a088f824bd038494713a7168cdddd44e3f8c4ad581e2206e

SHA512
d0613c6b1a72c73013c0519619c557811a1d20fcddc8361d391a31fc4aa9c70173b907957babb049067111427a81e48a82e5467a15dae8bebb55b048993c93a4

Download Submit
C:\Windows\Temp\{7ECCB8E3-C467-49A2-A2A0-6792B73B36D0}\vcRuntimeMinimum_x64

Filesize
208KB

MD5
09042ba0af85f4873a68326ab0e704af

SHA1
f08c8f9cb63f89a88f5915e6a889b170ce98f515

SHA256
47cceb26dd7b78f0d3d09fddc419290907fe818979884b2192c834034180e83b

SHA512
1c9552a8bf478f9edde8ed67a8f40584a757c66aaf297609b4f577283469287992c1f84ebe15df4df05b0135e4d67c958a912738f4814440f6fd77804a2cfa7d

Download Submit
C:\Windows\Temp\{C18D9C56-9380-4FC5-B016-08646500F063}\.ba\wixstdba.dll

Filesize
191KB

MD5
eab9caf4277829abdf6223ec1efa0edd

SHA1
74862ecf349a9bedd32699f2a7a4e00b4727543d

SHA256
a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041

SHA512
45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

Download Submit
memory/740-1088-0x00000000005C0000-0x0000000000637000-memory.dmp

Filesize
476KB

Download
memory/2388-1835-0x00007FF62C760000-0x00007FF62C794000-memory.dmp

Filesize
208KB

Download
memory/3344-1167-0x00007FF62C760000-0x00007FF62C794000-memory.dmp

Filesize
208KB

Download
memory/3408-1757-0x0000000000290000-0x0000000000307000-memory.dmp

Filesize
476KB

Download
memory/3920-1166-0x00007FF62C760000-0x00007FF62C794000-memory.dmp

Filesize
208KB

Download
memory/4432-1794-0x0000000000290000-0x0000000000307000-memory.dmp

Filesize
476KB

Download
memory/4456-0-0x00007FF62C760000-0x00007FF62C794000-memory.dmp

Filesize
208KB

Download
memory/4776-1795-0x0000000000290000-0x0000000000307000-memory.dmp

Filesize
476KB

Download
memory/4780-1126-0x00000000005C0000-0x0000000000637000-memory.dmp

Filesize
476KB

Download
memory/5000-1125-0x00000000005C0000-0x0000000000637000-memory.dmp

Filesize
476KB

Download