hxxps://github[.]com/Endermanch/MalwareDatabase/raw/master/jokes/ChilledWindows[.]zip

Analysis

max time kernel
602s
max time network
424s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19-10-2022 22:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Endermanch/MalwareDatabase/raw/master/jokes/ChilledWindows.zip

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2604	ChilledWindows.exe

Enumerates connected drives 3 TTPs 24 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\K:	ChilledWindows.exe
File opened (read-only)	\??\N:	ChilledWindows.exe
File opened (read-only)	\??\V:	ChilledWindows.exe
File opened (read-only)	\??\I:	ChilledWindows.exe
File opened (read-only)	\??\J:	ChilledWindows.exe
File opened (read-only)	\??\L:	ChilledWindows.exe
File opened (read-only)	\??\R:	ChilledWindows.exe
File opened (read-only)	\??\S:	ChilledWindows.exe
File opened (read-only)	\??\B:	ChilledWindows.exe
File opened (read-only)	\??\E:	ChilledWindows.exe
File opened (read-only)	\??\F:	ChilledWindows.exe
File opened (read-only)	\??\T:	ChilledWindows.exe
File opened (read-only)	\??\W:	ChilledWindows.exe
File opened (read-only)	\??\Y:	ChilledWindows.exe
File opened (read-only)	\??\P:	ChilledWindows.exe
File opened (read-only)	\??\Q:	ChilledWindows.exe
File opened (read-only)	\??\U:	ChilledWindows.exe
File opened (read-only)	\??\G:	ChilledWindows.exe
File opened (read-only)	\??\H:	ChilledWindows.exe
File opened (read-only)	\??\M:	ChilledWindows.exe
File opened (read-only)	\??\Z:	ChilledWindows.exe
File opened (read-only)	\??\A:	ChilledWindows.exe
File opened (read-only)	\??\O:	ChilledWindows.exe
File opened (read-only)	\??\X:	ChilledWindows.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2828	2604	WerFault.exe	67

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
1172	chrome.exe
1504	chrome.exe
1504	chrome.exe
1056	chrome.exe
1736	chrome.exe
1736	chrome.exe
2500	chrome.exe
2492	chrome.exe
2720	chrome.exe
1736	chrome.exe
1736	chrome.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

description	pid	Process
Token: 33	1464	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1464	AUDIODG.EXE
Token: 33	1464	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1464	AUDIODG.EXE
Token: SeRestorePrivilege	2100	7zFM.exe
Token: 35	2100	7zFM.exe
Token: SeSecurityPrivilege	2100	7zFM.exe
Token: 33	2604	ChilledWindows.exe
Token: SeIncBasePriorityPrivilege	2604	ChilledWindows.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1504 wrote to memory of 1536	1504	chrome.exe	26
PID 1504 wrote to memory of 1536	1504	chrome.exe	26
PID 1504 wrote to memory of 1536	1504	chrome.exe	26
PID 1504 wrote to memory of 1700	1504	chrome.exe	27
PID 1504 wrote to memory of 1700	1504	chrome.exe	27
PID 1504 wrote to memory of 1700	1504	chrome.exe	27
PID 1504 wrote to memory of 1700	1504	chrome.exe	27
PID 1504 wrote to memory of 1700	1504	chrome.exe	27
PID 1504 wrote to memory of 1700	1504	chrome.exe	27
PID 1504 wrote to memory of 1700	1504	chrome.exe	27
PID 1504 wrote to memory of 1700	1504	chrome.exe	27
PID 1504 wrote to memory of 1700	1504	chrome.exe	27
PID 1504 wrote to memory of 1700	1504	chrome.exe	27
PID 1504 wrote to memory of 1700	1504	chrome.exe	27
PID 1504 wrote to memory of 1700	1504	chrome.exe	27
PID 1504 wrote to memory of 1700	1504	chrome.exe	27
PID 1504 wrote to memory of 1700	1504	chrome.exe	27
PID 1504 wrote to memory of 1700	1504	chrome.exe	27
PID 1504 wrote to memory of 1700	1504	chrome.exe	27
PID 1504 wrote to memory of 1700	1504	chrome.exe	27
PID 1504 wrote to memory of 1700	1504	chrome.exe	27
PID 1504 wrote to memory of 1700	1504	chrome.exe	27
PID 1504 wrote to memory of 1700	1504	chrome.exe	27
PID 1504 wrote to memory of 1700	1504	chrome.exe	27
PID 1504 wrote to memory of 1700	1504	chrome.exe	27
PID 1504 wrote to memory of 1700	1504	chrome.exe	27
PID 1504 wrote to memory of 1700	1504	chrome.exe	27
PID 1504 wrote to memory of 1700	1504	chrome.exe	27
PID 1504 wrote to memory of 1700	1504	chrome.exe	27
PID 1504 wrote to memory of 1700	1504	chrome.exe	27
PID 1504 wrote to memory of 1700	1504	chrome.exe	27
PID 1504 wrote to memory of 1700	1504	chrome.exe	27
PID 1504 wrote to memory of 1700	1504	chrome.exe	27
PID 1504 wrote to memory of 1700	1504	chrome.exe	27
PID 1504 wrote to memory of 1700	1504	chrome.exe	27
PID 1504 wrote to memory of 1700	1504	chrome.exe	27
PID 1504 wrote to memory of 1700	1504	chrome.exe	27
PID 1504 wrote to memory of 1700	1504	chrome.exe	27
PID 1504 wrote to memory of 1700	1504	chrome.exe	27
PID 1504 wrote to memory of 1700	1504	chrome.exe	27
PID 1504 wrote to memory of 1700	1504	chrome.exe	27
PID 1504 wrote to memory of 1700	1504	chrome.exe	27
PID 1504 wrote to memory of 1700	1504	chrome.exe	27
PID 1504 wrote to memory of 1700	1504	chrome.exe	27
PID 1504 wrote to memory of 1172	1504	chrome.exe	28
PID 1504 wrote to memory of 1172	1504	chrome.exe	28
PID 1504 wrote to memory of 1172	1504	chrome.exe	28
PID 1504 wrote to memory of 380	1504	chrome.exe	29
PID 1504 wrote to memory of 380	1504	chrome.exe	29
PID 1504 wrote to memory of 380	1504	chrome.exe	29
PID 1504 wrote to memory of 380	1504	chrome.exe	29
PID 1504 wrote to memory of 380	1504	chrome.exe	29
PID 1504 wrote to memory of 380	1504	chrome.exe	29
PID 1504 wrote to memory of 380	1504	chrome.exe	29
PID 1504 wrote to memory of 380	1504	chrome.exe	29
PID 1504 wrote to memory of 380	1504	chrome.exe	29
PID 1504 wrote to memory of 380	1504	chrome.exe	29
PID 1504 wrote to memory of 380	1504	chrome.exe	29
PID 1504 wrote to memory of 380	1504	chrome.exe	29
PID 1504 wrote to memory of 380	1504	chrome.exe	29
PID 1504 wrote to memory of 380	1504	chrome.exe	29
PID 1504 wrote to memory of 380	1504	chrome.exe	29
PID 1504 wrote to memory of 380	1504	chrome.exe	29
PID 1504 wrote to memory of 380	1504	chrome.exe	29

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://github.com/Endermanch/MalwareDatabase/raw/master/jokes/ChilledWindows.zip
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7034f50,0x7fef7034f60,0x7fef7034f70
  2⤵
  PID:1536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1016,13533294670247218268,11290951775107753630,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1036 /prefetch:2
  2⤵
  PID:1700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1016,13533294670247218268,11290951775107753630,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1236 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1016,13533294670247218268,11290951775107753630,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1696 /prefetch:8
  2⤵
  PID:380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1016,13533294670247218268,11290951775107753630,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2044 /prefetch:1
  2⤵
  PID:900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1016,13533294670247218268,11290951775107753630,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2032 /prefetch:1
  2⤵
  PID:908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1016,13533294670247218268,11290951775107753630,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
  2⤵
  PID:1832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1016,13533294670247218268,11290951775107753630,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3528 /prefetch:8
  2⤵
  PID:1128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1016,13533294670247218268,11290951775107753630,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3712 /prefetch:2
  2⤵
  PID:272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1016,13533294670247218268,11290951775107753630,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=772 /prefetch:1
  2⤵
  PID:1152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1016,13533294670247218268,11290951775107753630,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3972 /prefetch:8
  2⤵
  PID:1364

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x520
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1464

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7034f50,0x7fef7034f60,0x7fef7034f70
  2⤵
  PID:576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1008,4099521514918729007,9375802848318634700,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1404 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1008,4099521514918729007,9375802848318634700,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1012 /prefetch:2
  2⤵
  PID:1152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1008,4099521514918729007,9375802848318634700,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1832 /prefetch:8
  2⤵
  PID:764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1008,4099521514918729007,9375802848318634700,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2064 /prefetch:1
  2⤵
  PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1008,4099521514918729007,9375802848318634700,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2052 /prefetch:1
  2⤵
  PID:1004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1008,4099521514918729007,9375802848318634700,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2952 /prefetch:8
  2⤵
  PID:1216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1008,4099521514918729007,9375802848318634700,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3340 /prefetch:2
  2⤵
  PID:1752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1008,4099521514918729007,9375802848318634700,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:1564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1008,4099521514918729007,9375802848318634700,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3560 /prefetch:8
  2⤵
  PID:2096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1008,4099521514918729007,9375802848318634700,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3672 /prefetch:8
  2⤵
  PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1008,4099521514918729007,9375802848318634700,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3660 /prefetch:1
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1008,4099521514918729007,9375802848318634700,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4196 /prefetch:8
  2⤵
  PID:2272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1008,4099521514918729007,9375802848318634700,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3648 /prefetch:8
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1008,4099521514918729007,9375802848318634700,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=500 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1008,4099521514918729007,9375802848318634700,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4148 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1008,4099521514918729007,9375802848318634700,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4136 /prefetch:8
  2⤵
  PID:2508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1008,4099521514918729007,9375802848318634700,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3956 /prefetch:8
  2⤵
  PID:2620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1008,4099521514918729007,9375802848318634700,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=544 /prefetch:8
  2⤵
  PID:2668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1008,4099521514918729007,9375802848318634700,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3568 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1008,4099521514918729007,9375802848318634700,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1640 /prefetch:1
  2⤵
  PID:2948

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Desktop\ChilledWindows.zip"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2100

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:1744

C:\Users\Admin\Desktop\ChilledWindows.exe
"C:\Users\Admin\Desktop\ChilledWindows.exe"
1⤵
- Executes dropped EXE
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
PID:2604
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2604 -s 2148
  2⤵
  - Program crash
  PID:2828

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

T1102

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
ed6ee0ccef27e8eaaa207e84d4c0cfbb

SHA1
a64fb92322975f57bab45209fa6d62ddd48c00b3

SHA256
9b304751bccc46470a1ed655964e711da694ea06f8044da017b61a67121ca676

SHA512
203becd67b55d13d2f60ccf74f09ec428d48258c1079a2ea16049a2e9a9aed6d97780457f9b8abd99b8b8a860cfcad1e81e32b74bad5cea0ad47810766f5648c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0

Filesize
44KB

MD5
0402c79c854989295fac8edc93083900

SHA1
65c153cea14237240e64b8c7a77bf8e5761bfc81

SHA256
8794d1fd27c21d9a8edcd95f46d7e65ffa1e2d6195bd18bb1aeed33f4c619b28

SHA512
829435616b0931cbdc69e624c5d8e57be2767368920bb2577bc32df68ac893eea348d989b012da5c9a01bfda75fd17a3f59eaf5bb741ee65aa79731645aae617

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
42cbcfb379bc3472160008b4fd7dfbe9

SHA1
519d248934d0d9cb4d328fe9a235cfc791903cf4

SHA256
186578625ef65a7eb05d08daab10475c4967dc59c5239ef58f9613a68a569df3

SHA512
6b07d74836c0124a9d60bd419870af1492dc1ee880fab8aa5cbbe6d7f1b10168b1995ca3f8bf2335a6be87cea9b47fff0e5b4573217648daf6347360092a2514

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
116KB

MD5
8df280be5ce56aff5f71e8eec6de4799

SHA1
78c2a042d5be0d3fb1807e575bf6c95a7ca4d685

SHA256
f4d281bcfc292b85ab3311fac1c895848fbf143aa968b2a1ce52833639d29a30

SHA512
9ae975e8db27843de83632d5cc6907e9810b0cefdfe902718b375649726d900aebe4864c9eee3e914c8f1f8e92697020f67fd490e5104d9b735a067a472397e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
62a54fb268999bcc90ea8a69d350a35f

SHA1
f5fb4086bb157e171bfca0973287f92dd7b4c699

SHA256
b3f13970f1a4a14874d7f82e1abbc41e05cc996b98fd6ddf14dcc0f7ca2d3bbf

SHA512
60a22f534e092944315bd79105cfcfc970335b715091003681382bd4de0b8a74ab7905dafabf0f30f5bc263f37a8bc574c2df2da0eb1c82b53ee2ff81b5eef76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG

Filesize
331B

MD5
bd4c03c14d7a0e0b53f43df7bdb91e46

SHA1
53f0efe7a01d53a0528014a5061bd3799c88c3b0

SHA256
fc0f02158d45fb88918f220e3ede9cf5955856dcb81cbd591a8fcd65e06b6816

SHA512
4dc9489ed2fd007057f8c2c81e51379a8418f4f5a3aac19edac705a1a75546ffd990c47fc12796cd5956c279755d36e7678d34ea7203727a52439c026cbd9643

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
0acaf9522e2232541adbe167c6943334

SHA1
0d29cea26629ebd890723bf4e28d9c4c93a7f26b

SHA256
ef209868ed2ba84d0f92794adda3c0b8424bde6c8a2222886e85853eccad2381

SHA512
aaac5a937975747666b262e631624b67031a4c53d8fbab668619446882bd54c28546b2390c3052bb274445ad23d807f9f31979f42e7d4631b9ed638c749fcbd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
cc454a35ed7d8346f9408d0b3be9f833

SHA1
8380599b3b7beccaa4ba2a0198e4901c54a5631b

SHA256
2e38e2f2c6021285b93b3231383a11a630116f054e421c355d9d995fe9c0b7e3

SHA512
9d221d532c221da31bd48e2842bb01dbccb77818d28c3c932664202a3e60260a0cf628528b722ba85c9a903f6afb8627956e1f0ed51c2f069ca443755fa1fc09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

Filesize
156B

MD5
fa1af62bdaf3c63591454d2631d5dd6d

SHA1
14fc1fc51a9b7ccab8f04c45d84442ed02eb9466

SHA256
00dd3c8077c2cca17ea9b94804490326ae6f43e6070d06b1516dfd5c4736d94d

SHA512
2c3184f563b9a9bff088114f0547f204ee1e0b864115366c86506215f42d7dbf161bc2534ccaee783e62cc01105edffc5f5dabf229da5ebd839c96af1d45de77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
317B

MD5
912d587882ad65b7c4cf279aab002b0d

SHA1
81bfd5061481d2712e1cc347b4dfb49695d93ea3

SHA256
73042143804d07990adec01b30d44d6507b50a170cd403da8478dd796aedae61

SHA512
69573f5f39fe82dc9c0c2d0edcb6c481fa1f986f8b646581b5894674e0445369656f253b7d7ef742968b2fb847534a905e19a46c29a692667a023edbc1f46710

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13310700086901000

Filesize
1KB

MD5
20f53c542d71032b7d011829a65a5a7a

SHA1
4e84d82c262b0fee828ea85a88c08d1c7ca5c1ce

SHA256
fcc07e64d456be852b73f3d564f4550e62b7fa5f249600d774cc24d3e4436ff7

SHA512
da3a7271be15704701de295f312d649a6a8990acc45352976ffc2030a05d84715307b19ca39d9317aa629ee0877c83d882a2f2f317baad972e8fe94e88fbace4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
2f7d9d4e63d6892b5bdb0ddd78851d64

SHA1
927c424e8c174991c03cac4ea22dea483da634d0

SHA256
a30e4b19e5512da9a3c8a207f660915f82e32f91f4c92752eacab01c0eca503b

SHA512
8cfd20984ccbb19e23f6b5e1677e5a264735d69fda75ddf065a3e5dcaa4b53e178b0a54026ceb73f9841ac8a2f9df069161bac1cee2f385a3a759dd861cf2239

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

Filesize
160B

MD5
de92ad90be6d3364745b2f73f4c3cf73

SHA1
9158681463bd30e5af4dda4baac81f93cedbda77

SHA256
0025a3e0d3b834401b3b5f820e1991ef7e810d9a4b8b6b579e6301c94e7031a0

SHA512
9e81cefc195439439f4b23ee7696309d7bc3c08e5b444d2abde26d2f12b2d3bcfd124fb9a2d40c6389e9f787741676fad366a2e9982674e7b931028c014d8a79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
7e17eab626d3060361c3fb31a1912e14

SHA1
969f2cf5825cdc3a4abebd81471ee21445478730

SHA256
8376cd9016a86fe1f4622c9d7ea49f9838d4bcc2e2773a2b594a0c3838263230

SHA512
22cabd4dbcaa43e91e5e3587a982dda51e8e28916894a18de28a01a12d0be20b39d6916cf227e1d146b0d086a776a35c166601d90e7ac9c4501c7b6ebccbf8d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity

Filesize
689B

MD5
6ab72237488844524c5850d7b58f2482

SHA1
24a04fd574eeb46fffa2bd3eb79f9f175a817dad

SHA256
fbdba21fa2730fd46ef4190e16616431571af9a401c6eef22082edb9a0818be8

SHA512
c5589a7e8668d3e30d002e8c303536ee746a1c572fa2ef7d19bf42e66d7c0fa6cbe3aff542e60c211def021de7dd094a16c8df92a6d5e28f4b6d6509986c0e35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
13B

MD5
b63048c4e7e52c52053d25da30d9c5ab

SHA1
679a44d402f5ec24605719e06459f5a707989187

SHA256
389caa40ea458e84bc624a9af1e0dec60fa652b2db2b81c09b1dfe22822cc3d1

SHA512
e86c58c5a25e24f21ad79ed526a90c120a09c115f4820663bd2ebbc59e7bb1c4c418267eb77645522aa20b2c1b53fba8e31690db7bae9b21e4eff3db06316359

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
fffe36c6be255b62d84d462307e4e566

SHA1
1cb9cfab39e7dbcbbb6f18e719bc75503dd961ba

SHA256
2977dcc97d4eff2c80199a5e9130d1a9e34e63ad2f00c28206201b797de659c7

SHA512
ae1afa690855edfaf468e120631f3257c01ff1685999efcb4fbfd17021506ba07285c51871444aa49f2f3663a087d895bef67ed0a3c062c410e171882cd8cc46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
d52e6122b6c88929a5ec07895d3853f0

SHA1
91db41fbe3fc0a8f409907f4720a5ab297f26f48

SHA256
22403a9951fea86546fd96e085134cd41786bef597fb4eaae613232691a26556

SHA512
81ef8157412439679849837ac483faf8b54ce11c5e0908ff97a64428cf0fbe9c7526f38e2ce66200a200d878ff9091108a7210df7645c0d15552155c0587f108

Download Submit
C:\Users\Admin\Desktop\CompleteProtect.M2T

Filesize
219KB

MD5
852a3c6cf43ae1a20f435d312a618f76

SHA1
737acebe145569c50508b8397371d703056fbae3

SHA256
285c5dc4ead3695f5ab76b21c2e5d7ec26291704b22c9568d10b72f89bad660e

SHA512
ed65b4e4a215555ce0f6de6cad6ab114993735e838bc54fc81053e6c29fc78057d13243bb3820e7bbee7d72264e129df30fb1891c98cbf5e3b3d9bfcfb430f12

Download Submit
C:\Users\Admin\Desktop\ConvertFromMount.jpeg

Filesize
376KB

MD5
47ea982fc81bbee177fef68859629774

SHA1
d177d05b6df7e233976971e8c61e91da105b05eb

SHA256
f944ab9949dd7b8ac8d2af7e1a6c25ed7070f6dc5723796358e7e53d93b546e0

SHA512
ed5048f1c861ed1658e5cf30210964940fc4e012c275cc3c1b863c1747d099cd88748c0d2030c498f0642af8d3d7caf6a4ac0f8beaa32ba82233560e5dbca941

Download Submit
C:\Users\Admin\Desktop\DisableBackup.ods

Filesize
391KB

MD5
1e347892f9f84495454291b57075e027

SHA1
1aed515d703a06a236b0c11b60c2199dd9a51d1a

SHA256
f7939d81be83bb5f4d775142d5763d3ee44b3da3e98998ebb10f664e46832d41

SHA512
4cd77374f103aee24bc9f92d7d20dade446934e08a64e19a13c364aa2f56c7eba99ae6f9ee67ab25fe092677241b35767dea4c540bd7b24bb7d151512992ce99

Download Submit
C:\Users\Admin\Desktop\EditWatch.mid

Filesize
517KB

MD5
7daf4ca33946b73f12f9ead53e57eb12

SHA1
b9f55663abac6ad77f14581682461b5252a4697c

SHA256
96008b89016430bb391cb05b6f67d0a2111851cf1f77283fd425867f2ffff219

SHA512
cd57a5f1eabd14ade818436748bbdb5fe755b2ff69e8b65ac41926dc3a45137f185577649118b649ce1b2e1ecdcc2d49f414214cfb940f89caa1225ecff221c6

Download Submit
C:\Users\Admin\Desktop\GrantEdit.jfif

Filesize
266KB

MD5
1a348af97f38c92cfbc23bb8f61fd029

SHA1
9dc8a81e9e8b54132858e98d75e42ad2eec73556

SHA256
c3709f99188b657344ea8466f1638ee37287f7446f88aa8eed25ef2ef02b5cfc

SHA512
d8fdf34d5b80e998a7f741a91287b718d9e6e1b9e78d285110e27100cfce2c96999cbd38275c9d91c4f97dac6b272b1d6cfde2c44dc486d4b58c555461ec9c3d

Download Submit
C:\Users\Admin\Desktop\HideOut.tiff

Filesize
501KB

MD5
8223b1aab57ab8dc0f367a3400a0dc81

SHA1
2b7545ee32d48a4239a75a4948416006ff32b84d

SHA256
64e2f8148ecab6ccd8f53368d6b4ff188592291dc7386c23fe62f5f0e66d8f95

SHA512
830a4ef0fc85494732d1b0a5b83d1c49c5c21864d412a19931622c5aff60b69bd04b23fd42111919be7db21085678d79bf141bdaa992e6d3f3d567d9ccbb5d3f

Download Submit
C:\Users\Admin\Desktop\InvokeSearch.exe

Filesize
313KB

MD5
ec94367886317582984deecd66f9bf96

SHA1
90848783fcc6e09f74052e3da5304c5c0c46213a

SHA256
9f3117f56c54fbd2e08dd18f7fa125217b67b6096deeaaf902f9664b09dcc923

SHA512
06679462e5bf38324efef0dc8608db5db7c31f16270b5f5983c59435eb2fdbfa1e182c306ad82f33f8fc5a5ee69f8dbd79fac302a2a6df55b7bd33bcadf28de3

Download Submit
C:\Users\Admin\Desktop\MeasureGet.mov

Filesize
360KB

MD5
3dc5e79e21dd45ace4637c15e233e2c0

SHA1
3c73ceaf639a30a6e3f5346a24b72b2f839c4078

SHA256
938820f3cb63d44e978540dd2efc0bd8c231bc518f3213b7c651249c768d06b2

SHA512
56b71f029404a513b43afd82fe1a4e1853ad7b30dce54053625389607ed3a8e3efe437d6adbb076557e160b27d95cbda06c225744f8843d17c8e022fa1e28c2d

Download Submit
C:\Users\Admin\Desktop\MergeWrite.easmx

Filesize
344KB

MD5
fd7fed9da77e01eaeab735e1bedb209a

SHA1
c901dda70474834aa02c7a4005a9a40e022a66a1

SHA256
94571f2eec1147f4b5cfed491649122c6263aa08a009bd53c3b3b072ddf56de5

SHA512
137b6b1b85edc6f9fe63c9ff14a473eb480897c491787f80042c3bf5be4444e8ba647c06c58afa4a36aa9644d5e99bd500b4b55dc5982da61be3a5de28310158

Download Submit
C:\Users\Admin\Desktop\OutUndo.mpeg3

Filesize
485KB

MD5
0a2887c31801fa2fd86d04bf4263a6ad

SHA1
b88b584047784ea90e6217e41a631e2b4596ab79

SHA256
540a64f176f23fdb56b7795e9e0c189bdc7adbe519efe59545f999722c7ee0d8

SHA512
862cc436b0b2ceff2e2b3b144896ad5b48db23a25bef4513072bfe4e0ab4d2f48d61ec2af3b7b56bf63fa10887d6a4abc54d18e76fdca7182425c670fae4c93e

Download Submit
C:\Users\Admin\Desktop\PingResume.m1v

Filesize
595KB

MD5
96b2e5a77838ed4852d573464cbe75ca

SHA1
090320e370502a1d3358e69d50643954f9ca0379

SHA256
10811f2681b0128c2f7ca24a049eda319fb97b650c27f2c5a4b7f95038c32251

SHA512
624da5278423f33d593b53262629fa54065569c5aa7a2052b3cfd0f9c32147af269f64821186dc5e9ee6b2303ce33dd7db4a1ee2c4748dc3f9880668afad0c58

Download Submit
C:\Users\Admin\Desktop\ProtectLock.emz

Filesize
282KB

MD5
f4a8ce5c45ca524647d0db98c80e5ed7

SHA1
719b2072668309acdf3ae7bb17a24cabd58315b9

SHA256
a3ff22d49dac6543cd6ce02d42406389f38425e7aaa9acc1c997448f453987d0

SHA512
808309f9e2fd81affca60a0460a30191be6e8d45780bc6ac54b3a6badf949662804604612fa00e814b0e36d4a85bb4d00d9ffe3b874a73451bf60021e332f452

Download Submit
C:\Users\Admin\Desktop\PublishOpen.ocx

Filesize
470KB

MD5
f4f58990ddd9ffd24891bcd2515baf28

SHA1
3345e459bdc5a337bf6fe57246cf5aa966e56ba5

SHA256
5fcb4391bb2c85730b0c2b336d4b9e3fd72ceefdb9c81b4931fecbc4ffbb1295

SHA512
9af5f3d8a3b7773bbdf2eb35ed10b32eadd9171f038d84876f901554ab8b4961562b06ae67c37bc822c1ee6a6d3401c64fa32461b97289b6a74b5a97bf38e9a1

Download Submit
C:\Users\Admin\Desktop\PublishPing.pptx

Filesize
532KB

MD5
f644c3faa29b699b7367a20d61e76591

SHA1
08328829de7fa410154bfe7241a5a6ac5b94bf22

SHA256
bef66bfecd349337f7381ba394de8f3956372acf41b8428ec1aa5c0a92d35b6b

SHA512
6f54b34aea59e7223ee309df933beff7992b5f0e7487ebd7c794b1b2198f2af2da2699583db92fe32427bf47f2e6848e6abef23b51b8744cfb4cd3a9f8966c06

Download Submit
C:\Users\Admin\Desktop\RequestDeny.asf

Filesize
250KB

MD5
9960fec233540b7d98a5089467c788ed

SHA1
7856a656993403a7d397fe65ba0f96fa8a55fd9f

SHA256
8b7544cae5a80bc819ebb25e0598b96b54cc66ed82666818a3e9dbb766694932

SHA512
7f0ece4616c706246c34456f988db7990c40b328f704708545e7dff90ce487a67bbd3cbcd0023e7938a5e04e7581f0cc957886f53d781820b612bd36cc0e2125

Download Submit
C:\Users\Admin\Desktop\ResolveSplit.mht

Filesize
611KB

MD5
04d329a5dc5565c373fa2fb39499db99

SHA1
ad53f8e07cd0960341481bdf2d847990dbada1be

SHA256
62dac7ff3a8c734e0364fd6d1c7532a545d3f35f3c83f8615392afca4fed9e94

SHA512
b66911ee5471984978cfbe1c165c38590e8a12e3a9aad1d4b4194176fed509e1f31b7e4dcbf5efa4315f9abcbaf297bfe238428d5d61657864983ea26458d56c

Download Submit
C:\Users\Admin\Desktop\ResolveWrite.css

Filesize
297KB

MD5
52ec75b82c94e9345f498fbb1cbd5430

SHA1
fcd4f4591eda0cfb099fdd4dee6c425e799bcb88

SHA256
97a238b1872b6cd97a5340d527d86178976ff69e2fcab43dc5975bf4e41560be

SHA512
c82ef2421318109b2114a8c1458212b82636da13ebaa61a5b1070bf1835f81782bd652175e11a480a43b8471451516db800ee3751bb67a0a0bb6b14048a8e6fb

Download Submit
C:\Users\Admin\Desktop\ResumeExport.bmp

Filesize
548KB

MD5
d1cb555f61bd540cd35b113ec4b9b29b

SHA1
2d1c89a7837986ba7b38bacba740fae251ab68ea

SHA256
24dc7bf7fa7c03d3c066a6b0f18614b4ecfd1dbe4aeb39f324dc7e63435dd16c

SHA512
9f28e71a08a87b98b7545f9131c5a01a65d20080c00a812a26faa7982a3b3490960418dc3f976240fe791ab7722f47301b803f7ae1738942b36d5340587a027e

Download Submit
C:\Users\Admin\Desktop\SkipRegister.ods

Filesize
579KB

MD5
5f23b6dedf2cfa00df4a626f03f464f1

SHA1
0e783c6726171921f39c468dcbd872334228a3b6

SHA256
103e16c82fd5c7ab1aa1a28dc89cbbebf96291e541603781a18be8f34a8562dc

SHA512
841d386f28acbf0b4d04b4a905826bacaeae13c8d25f76a75a52e238057556b9d618998eea74868661954fdfa1c4c8eda2012ed435e59d2661e47ba76246a1e6

Download Submit
C:\Users\Admin\Desktop\StepMount.ADTS

Filesize
861KB

MD5
92f8f88bb8596c36ed26634908a2a3c1

SHA1
09a0aba252499d38b6b10c84c3ee5106f886d6d5

SHA256
b9e99a612fc23072943141bc6737843d3c709eef762d3a57cca5a613b0d6e8c5

SHA512
521ec55bc2be1009d13a218fadc94cf1d70a67b9eaaa3da48cefda620d0b1122ae75a18c90b233b18089c878451fb45d06d4064ff7ad5acff647d90a106d3a9e

Download Submit
C:\Users\Admin\Desktop\SuspendOut.xps

Filesize
626KB

MD5
e93ca4862137e37a9c781b791565dea7

SHA1
0af1ffa7ba03131862f8c2f7520c10b26b3f5672

SHA256
76b09c8300d7e74b854a292f22def79b258c2f1885c0ae8a7365266c28d040a8

SHA512
6f627ac41feabb75be79db73a9821f023edd0782e5e6cacbec9b7c5acc12bf51bb0c1937f0f0eb5221539778b4f26417775c62a1961ad67cac85b4bf949568a6

Download Submit
C:\Users\Admin\Desktop\TraceMerge.wmv

Filesize
438KB

MD5
3cd99f502b1a02addeeea9f374e778ca

SHA1
8354ef4359bfb31b68e69e5fc010bb58c40f88e7

SHA256
0def37baf7458ec7b2d9ca1db784960f5a8a9103b776be17f6c90e25bad2b0a9

SHA512
5bcc8bccf93105bc2bc7f9bc6eb8fa4ec5d30a78b477c2c04d680adfe920f58883751cb2c9c6098f88a1c4092d1c8c2880fcba2b9bc50ebc4ed99de45e69d4a0

Download Submit
C:\Users\Admin\Desktop\UnblockUnprotect.ram

Filesize
407KB

MD5
c528b17f18dd3e298ea6da93edb98f6e

SHA1
7a162222ebce1d730cc23235764d3271fb013e1f

SHA256
ae6c7271203ff249634eac187db688613486b6bca6fb1a2b13a72a4ca79a5567

SHA512
d728b07bd90b187629c1bb577700a9181692a12fc7a0b59ec4f1b23a8a99ce9ec84f7eca7be0d0aef72211f83408c851322db5c8133ae4235dfe7a7f3a43b36a

Download Submit
C:\Users\Admin\Desktop\UnpublishMount.wvx

Filesize
423KB

MD5
5cf18a40e3931893d1b2b2d4daad6ddc

SHA1
e8195c30df96ba825073d4568479b0c0758bcb61

SHA256
1a180fde83c4116effdc59be8915a042fe3fd33e9d53bcebe0ef95310b49c33a

SHA512
c7b9a44a17156209e1b7e515fcfedd5d4bdf4a1b8e738f0a18e78e5ec1d7eebc99760496ad050aa3bfdf601980b48fdf4cd9233d4391b273a4ac39bb0766c1ac

Download Submit
C:\Users\Admin\Desktop\UseUninstall.mpeg

Filesize
454KB

MD5
2c38a4c22c8970feb34d88666d69fc88

SHA1
f4e0a962007322651e9e02afa8a51de6c7424749

SHA256
e8eb5ec9f65bff555488367cd21539377cf150e93ac513fd2e30d4c92dbed17e

SHA512
2e905b9a7c76a9a12ef73272e4e9145b7ed446011d84e31e0c3fceced126aa06ef5012470a04498e586520120569c36aa1b4c062af62c7946265ae6717116808

Download Submit
C:\Users\Admin\Desktop\WaitApprove.lock

Filesize
235KB

MD5
5b694257d05ffeff7f6910a8b73af1f9

SHA1
22cd52c80268861cab074ba482444897186bd6fd

SHA256
2c3c95e12c3de0c15e16c08b5a6087e991a896ac4e9280e00b16447913e1311a

SHA512
9cac641d71c6e04b39e4f7dfe5a62399b03f6296ee2c04d807604db340db7833ef506393045fdf0d12810044724ba8f654424975409231d93444fa108b814ca6

Download Submit
C:\Users\Admin\Desktop\WaitLock.ico

Filesize
329KB

MD5
8571a02de2a722229febeca6f96b3faf

SHA1
26130a99bdcce4ea8bd8dad2bdb2c889e1304460

SHA256
dba499387bb67ad440ed763ae2f708467da79ebc186c77fcdc3e33aa05c227e1

SHA512
173866f6a9d893957c0a4fce9794019ebbaecfdabfdb70a2a3af6cd5f84e3846e84fdc732d08b34d7b98658d902e1594568e08039d318349419f4c74177f95c0

Download Submit
C:\Users\Admin\Desktop\WatchImport.mpeg3

Filesize
564KB

MD5
6c8af32c1c64a31022a50fc7a3821418

SHA1
c69a9ec76453d0909397e0641521b33dc372a1e9

SHA256
c8387c828de7c011f4d0ee69994b9ac3850d66551b7aa03bed871f0f34911b7f

SHA512
a9810278ac22dbac3a4745921d3e026d5dc7fcde1693fd03babe3484e92ef3bdfaf8831c0d672a9e338ce8ec661478f8fb0468d65b2dae0315e82d163431b809

Download Submit
C:\Users\Public\Desktop\Adobe Reader 9.lnk

Filesize
1KB

MD5
b7464a87fbd26d81dfb6c31a0f0dd551

SHA1
a9a60bd2751236ff383134559f00c8dc52a3f589

SHA256
cb01378e51a269b70e76573ddc9bb35b5eeb7253002ff0d15f3433c5a74e34b7

SHA512
2666b28fdc3ad83abe92935821fddd3aa4289fc5c696dec862de08b636a0ee793aa7e98f37095ac413059838f3a038836bad7146037b46e191410ac89098b4ae

Download Submit
C:\Users\Public\Desktop\Firefox.lnk

Filesize
931B

MD5
de204ac57776fd24e0396db6d0efcb3a

SHA1
b21c3cd7429bb57731cf05f9755e9bba7e5ab0a6

SHA256
5836a4263bf62003ed4f2439ac39392638960fa2bdcc063a78f148a5e32a74c6

SHA512
75845de6be07d82b0c74ff123d1429a5585f6d303915541a80dcfa728512a5d5943b80691fd21d2b0e7c901e3207202ad82e1b669ffc9d27a82f8c6c5aca40c6

Download Submit
C:\Users\Public\Desktop\Google Chrome.lnk

Filesize
2KB

MD5
4c0d81259f99bbd3802fa0b56d6e58f0

SHA1
0e493689316eb10351f96fa740b510fad47d68ec

SHA256
f11f69ee1217b906c10c7232936903c67e074a1c139e3af8f8396f04e8fc4ee2

SHA512
fbac26b62ff74db438144a2b140c0644c35e436ea2c252e1d492b0cd8a4efcff50049623028a50e3943d8908ccd689594010c02de6afb79a9eb93f6dd3e2d27a

Download Submit
C:\Users\Public\Desktop\VLC media player.lnk

Filesize
878B

MD5
2869642b73b53aa4f0035beaff47f2ef

SHA1
3c839057672e53a0ced2f786d23debf714c9bb3f

SHA256
1b49ca902c333b501f1bae88362879d54a124606a942961f21c3bbf5203d7541

SHA512
ee78d7c4a5466f4216cc5b740a10f84dd35ca59793822e2d420cd4bbeba79e808f52f5ead09aa70960c87f9fa3aff27249882874919863118d2ef68f797b6513

Download Submit
memory/1744-107-0x00000000768A1000-0x00000000768A3000-memory.dmp

Filesize
8KB

Download
memory/1744-108-0x0000000072CD1000-0x0000000072CD3000-memory.dmp

Filesize
8KB

Download
memory/2100-106-0x000007FEFC141000-0x000007FEFC143000-memory.dmp

Filesize
8KB

Download
memory/2604-113-0x000000001B450000-0x000000001B45A000-memory.dmp

Filesize
40KB

Download
memory/2604-121-0x000007FF72460000-0x000007FF7246A000-memory.dmp

Filesize
40KB

Download
memory/2604-111-0x0000000000A50000-0x0000000000A5A000-memory.dmp

Filesize
40KB

Download
memory/2604-112-0x000007FEF6610000-0x000007FEF6A01000-memory.dmp

Filesize
3.9MB

Download
memory/2604-109-0x00000000012F0000-0x0000000001754000-memory.dmp

Filesize
4.4MB

Download
memory/2604-114-0x000000001B450000-0x000000001B45A000-memory.dmp

Filesize
40KB

Download
memory/2604-115-0x000000001B450000-0x000000001B45A000-memory.dmp

Filesize
40KB

Download
memory/2604-116-0x000000001B450000-0x000000001B45A000-memory.dmp

Filesize
40KB

Download
memory/2604-117-0x000000001B450000-0x000000001B45A000-memory.dmp

Filesize
40KB

Download
memory/2604-119-0x000000001B580000-0x000000001B58A000-memory.dmp

Filesize
40KB

Download
memory/2604-118-0x000000001B580000-0x000000001B58A000-memory.dmp

Filesize
40KB

Download
memory/2604-120-0x000007FEF5FC0000-0x000007FEF6103000-memory.dmp

Filesize
1.3MB

Download
memory/2604-122-0x000000001B580000-0x000000001B58A000-memory.dmp

Filesize
40KB

Download
memory/2604-110-0x000000001B5A6000-0x000000001B5C5000-memory.dmp

Filesize
124KB

Download
memory/2604-123-0x000000001B5A6000-0x000000001B5C5000-memory.dmp

Filesize
124KB

Download
memory/2604-124-0x000007FEF6610000-0x000007FEF6A01000-memory.dmp

Filesize
3.9MB

Download
memory/2604-125-0x000000001B450000-0x000000001B45A000-memory.dmp

Filesize
40KB

Download
memory/2604-126-0x000000001B450000-0x000000001B45A000-memory.dmp

Filesize
40KB

Download
memory/2604-127-0x000000001B450000-0x000000001B45A000-memory.dmp

Filesize
40KB

Download
memory/2604-128-0x000000001B450000-0x000000001B45A000-memory.dmp

Filesize
40KB

Download
memory/2604-129-0x000000001B450000-0x000000001B45A000-memory.dmp

Filesize
40KB

Download
memory/2604-130-0x000000001B450000-0x000000001B45A000-memory.dmp

Filesize
40KB

Download
memory/2604-131-0x000000001B580000-0x000000001B58A000-memory.dmp

Filesize
40KB

Download
memory/2604-132-0x000007FEF5FC0000-0x000007FEF6103000-memory.dmp

Filesize
1.3MB

Download
memory/2828-133-0x0000000000000000-mapping.dmp

Download