hxxps://github[.]com/Endermanch/MalwareDatabase

Resubmissions

23/02/2023, 03:18

230223-dtzaasee76 6

23/02/2023, 03:06

230223-dl9fasee57 10

23/02/2023, 03:00

230223-dhndnaee52 10

Analysis

max time kernel
68s
max time network
83s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
23/02/2023, 03:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Endermanch/MalwareDatabase

Score

6^/10

bootkit persistence

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1067

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	[email protected]

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133215995443495372"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4448	chrome.exe
4448	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1804	[email protected]

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4448 wrote to memory of 4264	4448	chrome.exe	81
PID 4448 wrote to memory of 4264	4448	chrome.exe	81
PID 4448 wrote to memory of 672	4448	chrome.exe	82
PID 4448 wrote to memory of 672	4448	chrome.exe	82
PID 4448 wrote to memory of 672	4448	chrome.exe	82
PID 4448 wrote to memory of 672	4448	chrome.exe	82
PID 4448 wrote to memory of 672	4448	chrome.exe	82
PID 4448 wrote to memory of 672	4448	chrome.exe	82
PID 4448 wrote to memory of 672	4448	chrome.exe	82
PID 4448 wrote to memory of 672	4448	chrome.exe	82
PID 4448 wrote to memory of 672	4448	chrome.exe	82
PID 4448 wrote to memory of 672	4448	chrome.exe	82
PID 4448 wrote to memory of 672	4448	chrome.exe	82
PID 4448 wrote to memory of 672	4448	chrome.exe	82
PID 4448 wrote to memory of 672	4448	chrome.exe	82
PID 4448 wrote to memory of 672	4448	chrome.exe	82
PID 4448 wrote to memory of 672	4448	chrome.exe	82
PID 4448 wrote to memory of 672	4448	chrome.exe	82
PID 4448 wrote to memory of 672	4448	chrome.exe	82
PID 4448 wrote to memory of 672	4448	chrome.exe	82
PID 4448 wrote to memory of 672	4448	chrome.exe	82
PID 4448 wrote to memory of 672	4448	chrome.exe	82
PID 4448 wrote to memory of 672	4448	chrome.exe	82
PID 4448 wrote to memory of 672	4448	chrome.exe	82
PID 4448 wrote to memory of 672	4448	chrome.exe	82
PID 4448 wrote to memory of 672	4448	chrome.exe	82
PID 4448 wrote to memory of 672	4448	chrome.exe	82
PID 4448 wrote to memory of 672	4448	chrome.exe	82
PID 4448 wrote to memory of 672	4448	chrome.exe	82
PID 4448 wrote to memory of 672	4448	chrome.exe	82
PID 4448 wrote to memory of 672	4448	chrome.exe	82
PID 4448 wrote to memory of 672	4448	chrome.exe	82
PID 4448 wrote to memory of 672	4448	chrome.exe	82
PID 4448 wrote to memory of 672	4448	chrome.exe	82
PID 4448 wrote to memory of 672	4448	chrome.exe	82
PID 4448 wrote to memory of 672	4448	chrome.exe	82
PID 4448 wrote to memory of 672	4448	chrome.exe	82
PID 4448 wrote to memory of 672	4448	chrome.exe	82
PID 4448 wrote to memory of 672	4448	chrome.exe	82
PID 4448 wrote to memory of 672	4448	chrome.exe	82
PID 4448 wrote to memory of 4732	4448	chrome.exe	83
PID 4448 wrote to memory of 4732	4448	chrome.exe	83
PID 4448 wrote to memory of 2136	4448	chrome.exe	84
PID 4448 wrote to memory of 2136	4448	chrome.exe	84
PID 4448 wrote to memory of 2136	4448	chrome.exe	84
PID 4448 wrote to memory of 2136	4448	chrome.exe	84
PID 4448 wrote to memory of 2136	4448	chrome.exe	84
PID 4448 wrote to memory of 2136	4448	chrome.exe	84
PID 4448 wrote to memory of 2136	4448	chrome.exe	84
PID 4448 wrote to memory of 2136	4448	chrome.exe	84
PID 4448 wrote to memory of 2136	4448	chrome.exe	84
PID 4448 wrote to memory of 2136	4448	chrome.exe	84
PID 4448 wrote to memory of 2136	4448	chrome.exe	84
PID 4448 wrote to memory of 2136	4448	chrome.exe	84
PID 4448 wrote to memory of 2136	4448	chrome.exe	84
PID 4448 wrote to memory of 2136	4448	chrome.exe	84
PID 4448 wrote to memory of 2136	4448	chrome.exe	84
PID 4448 wrote to memory of 2136	4448	chrome.exe	84
PID 4448 wrote to memory of 2136	4448	chrome.exe	84
PID 4448 wrote to memory of 2136	4448	chrome.exe	84
PID 4448 wrote to memory of 2136	4448	chrome.exe	84
PID 4448 wrote to memory of 2136	4448	chrome.exe	84
PID 4448 wrote to memory of 2136	4448	chrome.exe	84
PID 4448 wrote to memory of 2136	4448	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://github.com/Endermanch/MalwareDatabase
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ffb36c49758,0x7ffb36c49768,0x7ffb36c49778
  2⤵
  PID:4264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1840 --field-trial-handle=1856,i,17525296906795845901,6877619268852260752,131072 /prefetch:2
  2⤵
  PID:672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1856,i,17525296906795845901,6877619268852260752,131072 /prefetch:8
  2⤵
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2248 --field-trial-handle=1856,i,17525296906795845901,6877619268852260752,131072 /prefetch:8
  2⤵
  PID:2136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3168 --field-trial-handle=1856,i,17525296906795845901,6877619268852260752,131072 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3196 --field-trial-handle=1856,i,17525296906795845901,6877619268852260752,131072 /prefetch:1
  2⤵
  PID:3484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4892 --field-trial-handle=1856,i,17525296906795845901,6877619268852260752,131072 /prefetch:8
  2⤵
  PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 --field-trial-handle=1856,i,17525296906795845901,6877619268852260752,131072 /prefetch:8
  2⤵
  PID:2460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5044 --field-trial-handle=1856,i,17525296906795845901,6877619268852260752,131072 /prefetch:8
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5056 --field-trial-handle=1856,i,17525296906795845901,6877619268852260752,131072 /prefetch:8
  2⤵
  PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4916 --field-trial-handle=1856,i,17525296906795845901,6877619268852260752,131072 /prefetch:8
  2⤵
  PID:4960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4900 --field-trial-handle=1856,i,17525296906795845901,6877619268852260752,131072 /prefetch:8
  2⤵
  PID:1472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 --field-trial-handle=1856,i,17525296906795845901,6877619268852260752,131072 /prefetch:8
  2⤵
  PID:2392

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:320

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4648

C:\Users\Admin\AppData\Local\Temp\Temp1_Petya.A.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_Petya.A.zip\[email protected]"
1⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
PID:1804

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Web Service

T1102

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
3c224f4e2b285bb5afd7658570751ee4

SHA1
96e0e6bd56dd3141ea886336a11c4ec572f18161

SHA256
15b1ac1fe08ab256163dba307083619fd2a4eaa5f6a06b0c8dabebb30e56af8c

SHA512
269e92cc3988fd9327a7c9c317b7578cee1f749e3c592dbae3be22530daf5b69c034fb8e4d35726867edab7153816e63c58b393acce61c50fab73451d48d66a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
de4fcb810985cf64e3989eeca56ab74f

SHA1
96113f3087984d996824607bc13262a94d2dbe58

SHA256
874bfe182d4158d63c0c47c7c59648e026cf9d950e125ddc0c2b31372cac201c

SHA512
95be6e939fe4f0ffd1b2100615f101d43c23ff9cec3a3423af6e5784fbe116bd3d5f2ada0b3d76df9b473c832344c74fcfbb8cc9d2f43bbc220d73cd095f27ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
cea7af3e18dd069788f9a398b5e63abc

SHA1
e479c266256c222f900a8750f8ce7325cf2feaad

SHA256
f6ab90b0ff95bd3209a8a1cfc1028993aff296281cd0801e81c061d93117b031

SHA512
eef1d6a0f30db68fa765ad62d1dcd1dae855414e7def3275dd98dd67597da60afbbdf9d8d50af4c36480033c0886d6c00cd9b4b4ad32b03c93b5247aaf605122

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0763cc7df2b6bccc2952febc189c4019

SHA1
1f260031a6cacffe8547f78e7f5a9a4c8ffd258e

SHA256
10ff861b90dea428bfc058fdf64e9429bc3dbc91039b1ddfd7d02f38f04f1652

SHA512
75f142c94a80447b7f109fb3458614129708e043f58f5a7c8a2c9bc035e03504fe8fecdc372740a8d1ea79347e53a98f0bf3fb819bc4634c9de8e6c2a3ff8f76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
cd97481f12f8a72c8b1daa3112160729

SHA1
89d18b9f22ebfa441789bedf37a506fdbb2a8ea1

SHA256
e125014380ae7faafa72141fc1753ebdeed06c0f11309396884dfa4d455a9842

SHA512
a46ff906010765222b73cdbd69a2f9b09358a0135996db0ddd4fd2ee052627ab9963d2b4a1a6e69b8e5997ce76e34fbd05f62c13cef0ea5921519c95d5534661

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
309d6f21e377cc1b9a441569526fef94

SHA1
f7815d6fee53246645fe3776274e75b872e323a9

SHA256
0f0d05f30f2fe4e56f40dd660684f0ea4ee54baee8f8bb5207d1f4603f7131d6

SHA512
67f594cf6542327865e3a781200a2fc4c127a7b3f44b72d1cdcfce39a5bceaf8cf96223d2048192f4ac3d544b18f7e4b99412073dc4ba93ef243d366f7544f52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
142KB

MD5
563d9d2bc4ff47aa750c0300abc52790

SHA1
b3ce73e481614f92357a2e3a6a49e2c7c7e90db6

SHA256
f8b65e035f3d5b3bf8296c0bbdfe04fb2a21432361c0bb8b51fca92ded07d39b

SHA512
093246ac517ced6f369ff5e7cbb745f031298d9a69f3b4845bfb889a68b79ca33834547e61a748282471d767eeb2d81c79d21def2307b56e854217f4570f7754

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
143KB

MD5
3eca79e60be07537304e0e6afb117134

SHA1
c86feed46178ceb428acd0e6c43cfc83d217961c

SHA256
6aaa95a126d3a83f885b2378a7f5dca0f90baf1f7c878d8e9c61b47b011f3df7

SHA512
d8a1fb8f380de3d7000cd22baf9923a6f9ecc26a96507ea593bc4dafdc4f9fedccf3ace16d828662c60b8c74ff43096bd0129583c2c79b19920339068ee21695

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
72KB

MD5
e0b9a9045fd22b1591316c559a70d8cc

SHA1
12488c239b0f8c9e97bc9fb808fcda7685db5ce2

SHA256
df092dc3d30c8bd2e41b4cbe0716e1341bc436fa8e2ff3c91ceec8a23669c581

SHA512
35dd6842e9fe6b1e050a393c184eb93e089720f34a68e255593fb3078bfe7d578e5b6a8cba6a65a04495e65dcec28804ebfe080e0e6df3a4408152c868e2b745

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
105KB

MD5
949d0ddf0022d25e405285ef7a16664e

SHA1
da93fb51ffa191d474dc2bb72ccea18ff13d92a8

SHA256
e51010567140803f98b90858e785a2d51bb5f6ac14043b82f832e4b2dde61055

SHA512
39931d54747fc7ac353c109fbdc1cb43f1ce54003297dc33327708581a5068dab7a435a4fd57f9f8020bd6f06b54fd789d344b7bdd0cd15fec618426253aafaf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57103c.TMP

Filesize
96KB

MD5
9e6a0543b45fed5ae97d672713eccb65

SHA1
18f9faefc2c9a751189fc0f67b6f31e1ddaa229a

SHA256
17c443ab38760925ff407ebe53d5cc672b1d115c0f4305f166a778a7a944c292

SHA512
ded6773493baa26d3781e1fb11f90a1ba9e32f4853d648eff7bfa71ff1ce549144d18865bddd974c9ff10b26dd763e7d690fc4be632ab014be702d6f77876dd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\Petya.A.zip.crdownload

Filesize
128KB

MD5
1559522c34054e5144fe68ee98c29e61

SHA1
ff80eeb6bcf4498c9ff38c252be2726e65c10c34

SHA256
e99651aa5c5dcf9128adc8da685f1295b959f640a173098d07018b030d529509

SHA512
6dab1f391ab1bea12b799fcfb56d70cfbdbde05ad350b53fcb782418495fad1c275fe1a40f9edd238473c3d532b4d87948bddd140e5912f14aff4293be6e4b4c

Download Submit
memory/672-141-0x00007FFB540F0000-0x00007FFB540F1000-memory.dmp

Filesize
4KB

Download
memory/1804-323-0x0000000000590000-0x00000000005A2000-memory.dmp

Filesize
72KB

Download
memory/4444-221-0x00007FFB52D30000-0x00007FFB52D31000-memory.dmp

Filesize
4KB

Download
memory/4444-220-0x00007FFB539C0000-0x00007FFB539C1000-memory.dmp

Filesize
4KB

Download