c60e8d31d641c7a37ff1e7c7d0b1bafdd5847495e6973b466356e40fe48154ee

Analysis

max time kernel
899s
max time network
650s
platform
windows10-ltsc_2021_x64
resource
win10ltsc2021-20250314-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250314-enlocale:en-usos:windows10-ltsc_2021-x64system
submitted
04/04/2025, 02:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ui_0.0.26_x64-setup.exe
Size

6.0MB
MD5

257e0184c3b29f7acfa018b11d23cef1
SHA1

4756b5466ab51b7a83a83cb0347a5fb24ee992b3
SHA256

e3e6c7ac473c963276dc3c1e4595658aebc9ed4ba4585b6600dccbd5b82e3d49
SHA512

f96c0259ea0ef194f0c7abc89797f60907395d9c85c0370e5ba8d79d5fda8954a88f30dd08ad62755034febe3741ddf5376a866eb969a4bcfdb5ecd33af8e248
SSDEEP

98304:xRL4iWaKZn3jYiZ71YDO+7v2GrWFZd8jHLZO8JUcEZ7ORxBIjMHlcuaLmyMGGuNP:xyHp3Z71Yq+72M2SLYa2kBIofhGFN2bm

Score

10^/10

defense_evasion discovery trojan

Malware Config

Signatures

Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

description	pid	Process	procid_target
PID 4228 created 3616	4228	ui_0.0.26_x64-setup.exe	57

Executes dropped EXE 1 IoCs

pid	Process
2240	ui.exe

Loads dropped DLL 5 IoCs

pid	Process
4228	ui_0.0.26_x64-setup.exe
4228	ui_0.0.26_x64-setup.exe
4228	ui_0.0.26_x64-setup.exe
4228	ui_0.0.26_x64-setup.exe
4228	ui_0.0.26_x64-setup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 1 IoCs

defense_evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	ui.exe

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	msedgewebview2.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ui_0.0.26_x64-setup.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedgewebview2.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133882057650871290"	msedgewebview2.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2067557190-3677960511-2209622391-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2067557190-3677960511-2209622391-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\DisplayName = "Chrome Sandbox"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2067557190-3677960511-2209622391-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Moniker = "cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2067557190-3677960511-2209622391-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4228	ui_0.0.26_x64-setup.exe
4228	ui_0.0.26_x64-setup.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4764	chrome.exe
4764	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
5248	msedgewebview2.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
2240	ui.exe
2240	ui.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4228 wrote to memory of 2240	4228	ui_0.0.26_x64-setup.exe	91
PID 4228 wrote to memory of 2240	4228	ui_0.0.26_x64-setup.exe	91
PID 2240 wrote to memory of 5248	2240	ui.exe	92
PID 2240 wrote to memory of 5248	2240	ui.exe	92
PID 5248 wrote to memory of 2788	5248	msedgewebview2.exe	93
PID 5248 wrote to memory of 2788	5248	msedgewebview2.exe	93
PID 5248 wrote to memory of 2480	5248	msedgewebview2.exe	95
PID 5248 wrote to memory of 2480	5248	msedgewebview2.exe	95
PID 5248 wrote to memory of 2480	5248	msedgewebview2.exe	95
PID 5248 wrote to memory of 2480	5248	msedgewebview2.exe	95
PID 5248 wrote to memory of 2480	5248	msedgewebview2.exe	95
PID 5248 wrote to memory of 2480	5248	msedgewebview2.exe	95
PID 5248 wrote to memory of 2480	5248	msedgewebview2.exe	95
PID 5248 wrote to memory of 2480	5248	msedgewebview2.exe	95
PID 5248 wrote to memory of 2480	5248	msedgewebview2.exe	95
PID 5248 wrote to memory of 2480	5248	msedgewebview2.exe	95
PID 5248 wrote to memory of 2480	5248	msedgewebview2.exe	95
PID 5248 wrote to memory of 2480	5248	msedgewebview2.exe	95
PID 5248 wrote to memory of 2480	5248	msedgewebview2.exe	95
PID 5248 wrote to memory of 2480	5248	msedgewebview2.exe	95
PID 5248 wrote to memory of 2480	5248	msedgewebview2.exe	95
PID 5248 wrote to memory of 2480	5248	msedgewebview2.exe	95
PID 5248 wrote to memory of 2480	5248	msedgewebview2.exe	95
PID 5248 wrote to memory of 2480	5248	msedgewebview2.exe	95
PID 5248 wrote to memory of 2480	5248	msedgewebview2.exe	95
PID 5248 wrote to memory of 2480	5248	msedgewebview2.exe	95
PID 5248 wrote to memory of 2480	5248	msedgewebview2.exe	95
PID 5248 wrote to memory of 2480	5248	msedgewebview2.exe	95
PID 5248 wrote to memory of 2480	5248	msedgewebview2.exe	95
PID 5248 wrote to memory of 2480	5248	msedgewebview2.exe	95
PID 5248 wrote to memory of 2480	5248	msedgewebview2.exe	95
PID 5248 wrote to memory of 2480	5248	msedgewebview2.exe	95
PID 5248 wrote to memory of 2480	5248	msedgewebview2.exe	95
PID 5248 wrote to memory of 2480	5248	msedgewebview2.exe	95
PID 5248 wrote to memory of 2480	5248	msedgewebview2.exe	95
PID 5248 wrote to memory of 2480	5248	msedgewebview2.exe	95
PID 5248 wrote to memory of 2480	5248	msedgewebview2.exe	95
PID 5248 wrote to memory of 2480	5248	msedgewebview2.exe	95
PID 5248 wrote to memory of 2480	5248	msedgewebview2.exe	95
PID 5248 wrote to memory of 2480	5248	msedgewebview2.exe	95
PID 5248 wrote to memory of 2480	5248	msedgewebview2.exe	95
PID 5248 wrote to memory of 2480	5248	msedgewebview2.exe	95
PID 5248 wrote to memory of 2480	5248	msedgewebview2.exe	95
PID 5248 wrote to memory of 2480	5248	msedgewebview2.exe	95
PID 5248 wrote to memory of 2480	5248	msedgewebview2.exe	95
PID 5248 wrote to memory of 2480	5248	msedgewebview2.exe	95
PID 5248 wrote to memory of 2480	5248	msedgewebview2.exe	95
PID 5248 wrote to memory of 2480	5248	msedgewebview2.exe	95
PID 5248 wrote to memory of 2480	5248	msedgewebview2.exe	95
PID 5248 wrote to memory of 2480	5248	msedgewebview2.exe	95
PID 5248 wrote to memory of 2480	5248	msedgewebview2.exe	95
PID 5248 wrote to memory of 2480	5248	msedgewebview2.exe	95
PID 5248 wrote to memory of 2480	5248	msedgewebview2.exe	95
PID 5248 wrote to memory of 2480	5248	msedgewebview2.exe	95
PID 5248 wrote to memory of 2480	5248	msedgewebview2.exe	95
PID 5248 wrote to memory of 2480	5248	msedgewebview2.exe	95
PID 5248 wrote to memory of 2480	5248	msedgewebview2.exe	95
PID 5248 wrote to memory of 1120	5248	msedgewebview2.exe	96
PID 5248 wrote to memory of 1120	5248	msedgewebview2.exe	96
PID 5248 wrote to memory of 5316	5248	msedgewebview2.exe	97
PID 5248 wrote to memory of 5316	5248	msedgewebview2.exe	97
PID 5248 wrote to memory of 5316	5248	msedgewebview2.exe	97
PID 5248 wrote to memory of 5316	5248	msedgewebview2.exe	97
PID 5248 wrote to memory of 5316	5248	msedgewebview2.exe	97

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3616
- C:\Users\Admin\AppData\Local\Temp\ui_0.0.26_x64-setup.exe
  "C:\Users\Admin\AppData\Local\Temp\ui_0.0.26_x64-setup.exe"
  2⤵
  - Suspicious use of NtCreateUserProcessOtherParentProcess
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4228
- C:\Users\Admin\AppData\Local\ui\ui.exe
  "C:\Users\Admin\AppData\Local\ui\ui.exe"
  2⤵
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2240
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=ui.exe --webview-exe-version=0.0.26 --user-data-dir="C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --lang=en-US --mojo-named-platform-channel-pipe=2240.5928.18124237447499944974
    3⤵
    - Drops file in Windows directory
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of WriteProcessMemory
    PID:5248
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=132.0.6834.160 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=132.0.2957.140 --initial-client-data=0x184,0x188,0x18c,0x160,0x194,0x7ffa84ddb078,0x7ffa84ddb084,0x7ffa84ddb090
      4⤵
      PID:2788
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=gpu-process --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView" --webview-exe-name=ui.exe --webview-exe-version=0.0.26 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=1824,i,17640035470938850737,14086338602505212744,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=1816 /prefetch:2
      4⤵
      PID:2480
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView" --webview-exe-name=ui.exe --webview-exe-version=0.0.26 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=1916,i,17640035470938850737,14086338602505212744,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2040 /prefetch:3
      4⤵
      PID:1120
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView" --webview-exe-name=ui.exe --webview-exe-version=0.0.26 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=1884,i,17640035470938850737,14086338602505212744,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2236 /prefetch:8
      4⤵
      PID:5316
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView" --webview-exe-name=ui.exe --webview-exe-version=0.0.26 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --always-read-main-dll --field-trial-handle=3624,i,17640035470938850737,14086338602505212744,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=3652 /prefetch:1
      4⤵
      PID:2296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe"
  2⤵
  - Drops file in Windows directory
  - Checks processor information in registry
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:4948
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ffa851edcf8,0x7ffa851edd04,0x7ffa851edd10
    3⤵
    PID:4972
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1656,i,11675589478616903664,1534665515096059714,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2140 /prefetch:3
    3⤵
    PID:1856
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2112,i,11675589478616903664,1534665515096059714,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2108 /prefetch:2
    3⤵
    PID:3140
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2408,i,11675589478616903664,1534665515096059714,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2580 /prefetch:8
    3⤵
    PID:6036
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3232,i,11675589478616903664,1534665515096059714,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3244 /prefetch:1
    3⤵
    PID:5996
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3252,i,11675589478616903664,1534665515096059714,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3300 /prefetch:1
    3⤵
    PID:2104
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4316,i,11675589478616903664,1534665515096059714,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4340 /prefetch:2
    3⤵
    PID:5648
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4688,i,11675589478616903664,1534665515096059714,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4756 /prefetch:1
    3⤵
    PID:5016
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5300,i,11675589478616903664,1534665515096059714,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5316 /prefetch:8
    3⤵
    PID:5116
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5488,i,11675589478616903664,1534665515096059714,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5544 /prefetch:8
    3⤵
    PID:6072
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5544,i,11675589478616903664,1534665515096059714,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5576 /prefetch:8
    3⤵
    PID:1532
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5540,i,11675589478616903664,1534665515096059714,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5788 /prefetch:8
    3⤵
    PID:5160
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5796,i,11675589478616903664,1534665515096059714,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5568 /prefetch:8
    3⤵
    PID:4628
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5876,i,11675589478616903664,1534665515096059714,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5884 /prefetch:8
    3⤵
    PID:4768
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5980,i,11675589478616903664,1534665515096059714,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5956 /prefetch:1
    3⤵
    PID:5508
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3396,i,11675589478616903664,1534665515096059714,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3376 /prefetch:8
    3⤵
    PID:5620
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3372,i,11675589478616903664,1534665515096059714,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3360 /prefetch:8
    3⤵
    PID:3828
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3260,i,11675589478616903664,1534665515096059714,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3924 /prefetch:8
    3⤵
    PID:3040
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3408,i,11675589478616903664,1534665515096059714,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4520 /prefetch:2
    3⤵
    PID:5628
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=5772,i,11675589478616903664,1534665515096059714,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3488 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4764
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4640,i,11675589478616903664,1534665515096059714,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6080 /prefetch:8
    3⤵
    PID:3656

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:4856

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
e7e7f8fb40c5e99d4a875973c7356a4a

SHA1
01fa194c386702e9a321850eb50d13d04de93ffa

SHA256
e963bfab80b97c214a0b0577c01c3e79ccc2cb906ad880aea804dfeb339ccff0

SHA512
d7baae3c8552b60b58b837f2c93d8ec0e666ff8b829affd085345362a1225b870a85c2a11cc24b2790865da9eab5b3fb490d025017a8e803ffe96492c949fda0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
216KB

MD5
50a7159ff34dea151d624f07e6cb1664

SHA1
e13fe30db96dcee328efda5cc78757b6e5b9339c

SHA256
e990d9d31c4c7d57dd4795e43baea05501fb6ea8b7760f89001be660425dd01b

SHA512
a7768dd7e315b07754a305080e0fc023765e5a224b2c3824e8e10f29286df63bbdefef379e069941fd8cd9c7c3befce976779ae2efdfb6e7da697b09d7f07250

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
db71a57790c548c546361be40f8f0b07

SHA1
6229a9e4c281d1cf9ee0e1b9fbfd1acbeb29ecfb

SHA256
b9814f8e51d4fe0c171707a176b53a7abd138114513da3de70cae9a63e293d6f

SHA512
91c8770b7e82e63e08770a117ebeee9e9abea3d8055ef31723e9ae493d5fb3fa0776a36277457057fe9bd97c7715e87803b315f9faeb173cea45f1667fd5efb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.90.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
659078e1af5dc9e49fd934cadf523eac

SHA1
536e6eda994907a1848a7ffdab9cb642ed6e2fc7

SHA256
ed8ec9ab16f2a4549f9b6ecd758a901167ed057c946f2438dcca0a4e9b524ab9

SHA512
4d0cc1ad15c026dc1fe390eec2ed729af1671d8fa7c744ea9d497b1bdbcf24c24fa14368ce1fb1caacb3534d01d137d0bbf1e65c04a388fa70e93abf553dd94c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
ac27e500c3a35f46586c245ee6118b79

SHA1
c7d74aca84fd251101f7a574ba76210ba98da7ad

SHA256
d964c253b1bbbfe9362beb1d0445c1de4303d2119df8d31c3dec39647e8c2ce7

SHA512
14880437ad116e20e0e988a3b10eba40a09322a8eb29e288a4202a3dc745601ffa3c93bdd7fcb7358d580f4c987daf767c4e8ebf22950b8f90cf9328803c3c43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
6bfee5518241af7588b6816dcad459b7

SHA1
ccce981eec957976cd1c572c3b442e72c3c5f768

SHA256
2f03f477656c1da6524da87b380ead9cfc42d01f3c217c5b56da8230b5e7c977

SHA512
99fdbfe15282ecbee29e66dfc6f206f9584a8020a714bebc73f2789a9f1e31f80ea633789251cbca5d421ad0d7a3b76315c33be3682565baf97e2d98dbe4918a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
3518ec0659e21a298c02b3c34d7b4a5b

SHA1
87c4aefd0d7bf94cc5527858da28e7d10411fc56

SHA256
1e8d14bde417d5f5d31a3fa1b6a6f96a2d545e01722349ad2c3d900e80001bbc

SHA512
ca006799bfa4eda82f2b9f0bf89d21f3d2dd37d275510fedda06722df69e88c7ef2d0b5b3618edefc3fea30bf347cf78d22a281d00370befa0bbe05534825cc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
5ec921735b64050aaadc15bb0139b92c

SHA1
5f2d299ad21cfdc0f524a4fffb358afeb128ac8c

SHA256
882c9c7d737ca7b96a644cb53e2b6123d7cced4270aa71c2e83f3c66a466a5fb

SHA512
58c3ea7d8f98b63f1d23b2c6d9ecf92f2b02ff14a19bfc171c9703692e7c8bdeac8e19644c8d79c1cfea8b897f6264f845db883b8cbf8f0b4d94c0126b584f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
6d20984d18ffd5a42b36414131152acd

SHA1
2e5b57a7601428a6844da059e6769e79868d0e73

SHA256
e23ab898089c4553fd3c736a54765659c31cfff297e8cb277e7f485db2f527c3

SHA512
20041df6521b8e04da5fefa0352c0370c9d7e3c7cc97cd2b387c4919b8e131cbef6c18fceb521284db7197df2c0c6fe2bd9b49caa3f08797a2ecc99f8accda36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
9e94236e630d07c47f8bf577c43d8ec3

SHA1
e0147a44a5b3207b671273a37a46ac5c2b6c2a80

SHA256
c45fbf326ce0ddd191f97ea1527fb7e31045f0dfc3d96e8d75c5051b72c3887f

SHA512
555b88ce610404fee7f8298f394333650f9060ffbcfbbe4147f4bc1f8ad2b01c81a186f8e4162ee0b4b79cb2093791e7515943fd32b87e2a0f275cc28f0bf0a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
610e0f685fcaa57f9df165f1732cfc6b

SHA1
f8f38fc7663bd6ca9f69974f26c8a5cef5320000

SHA256
89ba47f02bfe8abe438edb3eebbb722e44f06589f41567f77dd2c3a853fd3099

SHA512
4733836281082ffff024fe6fea1969aa42cf1f6e1bd41ec298dc6cb27d78fb2cd114b28d08443a0470055dc1165cfc5c7f76ffcb5d14aa5ac69b08cd0e7ee0ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
18KB

MD5
92b49f887af599d95ebd87605abb9892

SHA1
040ed083db7c8cc0d55b24808ce54ac53a0d360e

SHA256
6dffeaa48e92f41140f40fe2bedf6b08a2aa19d72da9ee5fe7e73cf609a69eaf

SHA512
98493af17b70a2fc0ebc649df8f55b8e5db954e2ce0a22fa87a56d9dfea7eb888393cb44fcd28a8b37bd781b72b182a31fa995ee9cca50b83e816ff36d4de319

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
00acf736c178d89e99a9b129eba49ce2

SHA1
2e5ad1560e3ff535addc211d882b9379f4f391b4

SHA256
b05641d6e1c4e2211cb92dee2f7a983805d7bce51c2874e6a9716ee0ca9737f7

SHA512
c4e97a7aeaa71b6aac6caeb1ff82c79f20744b2b78dcb21a3e864596a336d4a2d47ba015d7ee3c77c43f60fe7c4048b84405784a43ca851276720f4397c531b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
2e077e4abf4fb32b82e1e9ce497edac4

SHA1
02e80b9f5d40c624f306cc41218680364c29600b

SHA256
546e1a8269cc37770e6630d27e5d8b8217f92ab67550234c59ef5e90ac1db496

SHA512
5c021a099893b034cdb00468605d5c0d9dd6f042e234475994133567b2ef6c4d24eb9b022289afdc823e83228fa5ff88cf3277756f60e74f1b84be3271579dec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
577854c7dfb3e7341aea600a419ba187

SHA1
2c1e26896a612dc30f8abc7273f9afa906a7cbf1

SHA256
90d429fca16de1512971714920b257b11f1644be68288e5b60f2f81a2bc53dda

SHA512
55405344c8b82c6318e5321ec8febc5f39176375c85b30f4facca9aacf4e3df3983dab49e3d993f07d621cadce72e918094ba96ba86b9112fd1b7e475d34eb8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58b958.TMP

Filesize
48B

MD5
5cca2f55d6b4d6f26d436b461be7f894

SHA1
f41798b61ac57ede6e76aef3915b918b27dc80b0

SHA256
37ccd31a4b5b3ed70bd5b51abe00b39c1d454a57c23448380d189442e52c97a4

SHA512
61834efb914988ad137e22bc2df0a284daa627b1f98a8a3169169dfca9da28827493a1f6f44dc69f1220baf1398b509cecd53776a6c7d0dcc000bb120a17ae51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
152KB

MD5
21778b50a155f145bac274a551794864

SHA1
3531c3ec04c0d6b789f65b3f5953f911a05cc56a

SHA256
aa5ebed2412866ba4f8d8d192a40afe0163ed404cf73a204a6a3ff5ca594daed

SHA512
8832084eeacc6338b6e71c7c447e3589e96d4d0db045ba62ee95951f0a0479b6e6836b174a879a167b6efe4751791b65d90d8ea1db8709b9664987fa9b9f8b80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
afb02fb94d052bb3ee0d5ea4cf958ac7

SHA1
23ea73db40e197b16af1f69ef4d9b66723db53d2

SHA256
eb49e4debb2cf5dff9e80e276232c34b1ebc7ccebdf39b6752bf117be16679cb

SHA512
1954dd8a2797681b618b664a472ed41fcfed8b546c7d9293df08ddea5db138f118c37dd8605554a26d8d801182ee34250c2c9bd2de327f9f173e0b658e07f31a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
152KB

MD5
b37631f3e2d4ce571c9e9407c343ba52

SHA1
f386566d2e16b5be57dd60bea52904c2716a4902

SHA256
defda9b009ccf5f4c654d004999a7b292cef2c5988a0f7b1777b3482e956d25d

SHA512
37592ab64790d959eef736b879d590406c2ff35f6476d75f07a22f51deafeff6c0f8232af9a6145411a9c99ef396ee8ec09357a5abc0641a494c356e9576fee7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
153KB

MD5
e5aceb84093ef3c16755721ba17f7a60

SHA1
52043db458fb4e75d120ca6fa2739b78821f4b71

SHA256
172de5bbfcadbe406a464c63b895bfd89a441f40364acd40c032fc5e68b8c4ce

SHA512
ef93cda536b6bada1215cbf6d9c9d08fd74c3d1c6f287151821909f9f1d55e6f739894f6f4c885cae76e2f9be0f0e82958b2103754e01c845ee4496ebc13487e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn74F3.tmp\StartMenu.dll

Filesize
7KB

MD5
d070f3275df715bf3708beff2c6c307d

SHA1
93d3725801e07303e9727c4369e19fd139e69023

SHA256
42dd4dda3249a94e32e20f76eaffae784a5475ed00c60ef0197c8a2c1ccd2fb7

SHA512
fcaf625dac4684dad33d12e3a942b38489ecc90649eee885d823a932e70db63c1edb8614b9fa8904d1710e9b820e82c5a37aeb8403cf21cf1e3692f76438664d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn74F3.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn74F3.tmp\modern-wizard.bmp

Filesize
25KB

MD5
cbe40fd2b1ec96daedc65da172d90022

SHA1
366c216220aa4329dff6c485fd0e9b0f4f0a7944

SHA256
3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2

SHA512
62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn74F3.tmp\nsDialogs.dll

Filesize
9KB

MD5
6c3f8c94d0727894d706940a8a980543

SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd

SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn74F3.tmp\nsis_tauri_utils.dll

Filesize
29KB

MD5
c5bd51b72a0de24a183585da36a160c7

SHA1
f99a50209a345185a84d34d0e5f66d04c75ff52f

SHA256
5ef1f010f9a8be4ffe0913616f6c54acf403ee0b83d994821ae4b6716ec1d266

SHA512
1349027b08c7f82e17f572e035f224a46f33f0a410526cf471b22a74b7904b54d1befb5ea7f23c90079605d4663f1207b8c81a45e218801533d48b6602a93dbc

Download Submit
C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
30bf9356955d5bfdbac3fe940c233009

SHA1
4b431c85b452d7abdda90ef997b02929e0f185d8

SHA256
3c0a2898be4eb6791a295a77361ac984df1fc5af5bbbceebd0bb4fa587bd8ce0

SHA512
cbfa5afb6e8f2af281a2f01deae45936b5dfb5dc9a79399a2346c2cb423e787af3860841f1806afed213c7884908949b2194684dd890a99761eee87743a24f61

Download Submit
C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
10580dd6c61cd0600be6e8642bc1de24

SHA1
dfe89f85b455890327b52f890debaae7adf673c3

SHA256
2e24d26de488c34cc35c2971ca7efc552da412e385a942103d81dbfae3fc920b

SHA512
d32bf7e5654b4af33eb118ec8118f5115385fcf9318d61ede5ef8ffbfb75b670d1b0339c66f5472e4adbbdb872b79f7b1a6bdb580091b5c58fb7ad7d270bf7ed

Download Submit
C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
13447fb4c8ad786674a9465046241896

SHA1
aeaedf8a852b21df6c32874f9410fa1fcba42880

SHA256
11c5ff9f9509e36baad56a40f72b04f62d3ceb42d80a7190b89c4e89201464ca

SHA512
e41ff9525d05bd99d761040f93791c134f7bd2a7c3f1fcfc579367707d8bb0d4c814408282245e27391bb90cf13f1cb644f9c2c56d730deead386ee36bf02d62

Download Submit
C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\Default\Code Cache\js\index-dir\the-real-index~RFe5859b4.TMP

Filesize
48B

MD5
4472575f7d7b4bc60fc78beff7a1c07d

SHA1
8c6bd156c9b78cb44799577effdd7d2ba41faa1e

SHA256
bc1af90541b8cdb718e6cad0c7e2b3e3fbe47f142468b9377655d940672bd060

SHA512
58a408e4881a13b3e208836e06b61d547b52534e0c32e24cbaf0d6e5f620a3965a32e0bc7465ee170cc623bb0b76a53b90141da253c9bf0034e1feb259bd7947

Download Submit
C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\Default\Site Characteristics Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\Default\Sync Data\LevelDB\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\GrShaderCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\GrShaderCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\GrShaderCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\GrShaderCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\Local State

Filesize
1KB

MD5
6a035ce600b4be7ef90746dfa399e9cf

SHA1
794bd4d45f1896731b82363f65a699a716d59017

SHA256
49a0224c6ce5405362625b7b06a7329e8c90f22b0497d02e1a04e971a50f7dbc

SHA512
5454f7d48be3dfb8af5eed0eae5bba3f3a20522ebe8451477eabe56cd2eb6875f4b51deab774beff3eae6bdaa5eb12e0144fb9e1500b2d6d3288562afc55226b

Download Submit
C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\Local State

Filesize
2KB

MD5
30f0a7db9daf14aa339d44db8d55ce84

SHA1
946b3b859a38c7ed66ee9567b2cb6b81baf8d3f2

SHA256
674eb9fb45570550b5066549592533a268a1a20b8dd28609a846444d2a498d1b

SHA512
873a2ecf7f33d6e7aee427aa8118699a47d50778ea7f64cd578579eec76d083a5331276f7e9d5c86ab0ed8ba1ea16518c0d0e2c15704586bf0493d3562cd2458

Download Submit
C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\Local State

Filesize
3KB

MD5
e190c16af375bddfbb2556ccde2a140c

SHA1
b2a0dfce8b50c030b73718358059dfeacaf52704

SHA256
fda87512774ce3d2da787bfa89d4966b8d243143b8818ffc994b89e840c3ced1

SHA512
c55b5fcb147e2041be3dfec90087af66d7a98a158c6b277336e24c82cb5be268ddb26aaab948fd486d681435bee6fdfb230dc616c4aee67d323038eccfa55f41

Download Submit
C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\Local State

Filesize
16KB

MD5
b8fc818c0aa496d992238be64be55284

SHA1
9bf546d613644c7856342370052f35a54c4d761d

SHA256
120f2eb465dd8fb71f3c6f760ff35879b2a08a81d26a8df312bd0a4068cebbb0

SHA512
d459d1de007217fed1d1461da51bfc49fab46711b958e05c30a26d3e57e6c063c284c542ff92d1fa2224a5c861e18e715c30da25f1ff4f3614e60d60a0d3f901

Download Submit
C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\Local State~RFe5842c1.TMP

Filesize
1KB

MD5
d39c1851269d8076b9f89fdcf0c4ebc2

SHA1
d43c2b8b0a4c65cee958fad3de2bf666714b8b54

SHA256
31b0de1f85a8c01c1b6d5a8d41f75d6576cdd1574a07ddb3c1b2182d16a09029

SHA512
5baa3983e737e176294e41f1e375ab305e66e3d1e53c9f1b8eba47d91f9e6f6ad9b1058a1741301e919bc4b208293b8c0f1a6334d19db3ce12a46334dec37d80

Download Submit
C:\Users\Admin\AppData\Local\ui\ui.exe

Filesize
15.8MB

MD5
7821f6e1ae3239e1f8250fd2e2b2272d

SHA1
92d9aadd08d05b6c778b9f4ee628f315999b18e0

SHA256
495fa56ca85a4e68837f4d2b0628e903a254540b8cef14caeeb7500137e747a1

SHA512
4410fdd83d2ade40d9fd92d4b33a40c59b291f29fa7a2f4c0b1eb912261b10ecde541651bf7c83b41aed8b686e91aa5488ecfd8f2c23968167d02cf4abb6744d

Download Submit
memory/2296-159-0x00007FFAA2C40000-0x00007FFAA2C41000-memory.dmp

Filesize
4KB

Download
memory/2480-77-0x00007FFAA2C40000-0x00007FFAA2C41000-memory.dmp

Filesize
4KB

Download
memory/5316-144-0x00007FFAA3C50000-0x00007FFAA3C51000-memory.dmp

Filesize
4KB

Download
memory/5316-145-0x00007FFAA2300000-0x00007FFAA2301000-memory.dmp

Filesize
4KB

Download