hxxp://tassoinmobiliaria[.]com/56G0/01[.]gif

Resubmissions

03/03/2023, 20:06

230303-yvl2ksaf7t 1

03/03/2023, 20:03

230303-ysw4rsbc25 1

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
03/03/2023, 20:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://tassoinmobiliaria.com/56G0/01.gif

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133223474291873614"	chrome.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2012	chrome.exe
2012	chrome.exe
5164	powershell.exe
5164	powershell.exe
5164	powershell.exe
5632	powershell.exe
5632	powershell.exe
5632	powershell.exe
5992	chrome.exe
5992	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2012 wrote to memory of 2776	2012	chrome.exe	86
PID 2012 wrote to memory of 2776	2012	chrome.exe	86
PID 2012 wrote to memory of 112	2012	chrome.exe	88
PID 2012 wrote to memory of 112	2012	chrome.exe	88
PID 2012 wrote to memory of 112	2012	chrome.exe	88
PID 2012 wrote to memory of 112	2012	chrome.exe	88
PID 2012 wrote to memory of 112	2012	chrome.exe	88
PID 2012 wrote to memory of 112	2012	chrome.exe	88
PID 2012 wrote to memory of 112	2012	chrome.exe	88
PID 2012 wrote to memory of 112	2012	chrome.exe	88
PID 2012 wrote to memory of 112	2012	chrome.exe	88
PID 2012 wrote to memory of 112	2012	chrome.exe	88
PID 2012 wrote to memory of 112	2012	chrome.exe	88
PID 2012 wrote to memory of 112	2012	chrome.exe	88
PID 2012 wrote to memory of 112	2012	chrome.exe	88
PID 2012 wrote to memory of 112	2012	chrome.exe	88
PID 2012 wrote to memory of 112	2012	chrome.exe	88
PID 2012 wrote to memory of 112	2012	chrome.exe	88
PID 2012 wrote to memory of 112	2012	chrome.exe	88
PID 2012 wrote to memory of 112	2012	chrome.exe	88
PID 2012 wrote to memory of 112	2012	chrome.exe	88
PID 2012 wrote to memory of 112	2012	chrome.exe	88
PID 2012 wrote to memory of 112	2012	chrome.exe	88
PID 2012 wrote to memory of 112	2012	chrome.exe	88
PID 2012 wrote to memory of 112	2012	chrome.exe	88
PID 2012 wrote to memory of 112	2012	chrome.exe	88
PID 2012 wrote to memory of 112	2012	chrome.exe	88
PID 2012 wrote to memory of 112	2012	chrome.exe	88
PID 2012 wrote to memory of 112	2012	chrome.exe	88
PID 2012 wrote to memory of 112	2012	chrome.exe	88
PID 2012 wrote to memory of 112	2012	chrome.exe	88
PID 2012 wrote to memory of 112	2012	chrome.exe	88
PID 2012 wrote to memory of 112	2012	chrome.exe	88
PID 2012 wrote to memory of 112	2012	chrome.exe	88
PID 2012 wrote to memory of 112	2012	chrome.exe	88
PID 2012 wrote to memory of 112	2012	chrome.exe	88
PID 2012 wrote to memory of 112	2012	chrome.exe	88
PID 2012 wrote to memory of 112	2012	chrome.exe	88
PID 2012 wrote to memory of 112	2012	chrome.exe	88
PID 2012 wrote to memory of 112	2012	chrome.exe	88
PID 2012 wrote to memory of 3224	2012	chrome.exe	89
PID 2012 wrote to memory of 3224	2012	chrome.exe	89
PID 2012 wrote to memory of 3712	2012	chrome.exe	90
PID 2012 wrote to memory of 3712	2012	chrome.exe	90
PID 2012 wrote to memory of 3712	2012	chrome.exe	90
PID 2012 wrote to memory of 3712	2012	chrome.exe	90
PID 2012 wrote to memory of 3712	2012	chrome.exe	90
PID 2012 wrote to memory of 3712	2012	chrome.exe	90
PID 2012 wrote to memory of 3712	2012	chrome.exe	90
PID 2012 wrote to memory of 3712	2012	chrome.exe	90
PID 2012 wrote to memory of 3712	2012	chrome.exe	90
PID 2012 wrote to memory of 3712	2012	chrome.exe	90
PID 2012 wrote to memory of 3712	2012	chrome.exe	90
PID 2012 wrote to memory of 3712	2012	chrome.exe	90
PID 2012 wrote to memory of 3712	2012	chrome.exe	90
PID 2012 wrote to memory of 3712	2012	chrome.exe	90
PID 2012 wrote to memory of 3712	2012	chrome.exe	90
PID 2012 wrote to memory of 3712	2012	chrome.exe	90
PID 2012 wrote to memory of 3712	2012	chrome.exe	90
PID 2012 wrote to memory of 3712	2012	chrome.exe	90
PID 2012 wrote to memory of 3712	2012	chrome.exe	90
PID 2012 wrote to memory of 3712	2012	chrome.exe	90
PID 2012 wrote to memory of 3712	2012	chrome.exe	90
PID 2012 wrote to memory of 3712	2012	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://tassoinmobiliaria.com/56G0/01.gif
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc1ff29758,0x7ffc1ff29768,0x7ffc1ff29778
  2⤵
  PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 --field-trial-handle=1812,i,12257632470754071749,12006056366271903391,131072 /prefetch:2
  2⤵
  PID:112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1812,i,12257632470754071749,12006056366271903391,131072 /prefetch:8
  2⤵
  PID:3224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1812,i,12257632470754071749,12006056366271903391,131072 /prefetch:8
  2⤵
  PID:3712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3104 --field-trial-handle=1812,i,12257632470754071749,12006056366271903391,131072 /prefetch:1
  2⤵
  PID:3364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3120 --field-trial-handle=1812,i,12257632470754071749,12006056366271903391,131072 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4776 --field-trial-handle=1812,i,12257632470754071749,12006056366271903391,131072 /prefetch:8
  2⤵
  PID:4624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 --field-trial-handle=1812,i,12257632470754071749,12006056366271903391,131072 /prefetch:8
  2⤵
  PID:3100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4892 --field-trial-handle=1812,i,12257632470754071749,12006056366271903391,131072 /prefetch:1
  2⤵
  PID:344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3976 --field-trial-handle=1812,i,12257632470754071749,12006056366271903391,131072 /prefetch:1
  2⤵
  PID:2204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=744 --field-trial-handle=1812,i,12257632470754071749,12006056366271903391,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1756 --field-trial-handle=1812,i,12257632470754071749,12006056366271903391,131072 /prefetch:1
  2⤵
  PID:3424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=212 --field-trial-handle=1812,i,12257632470754071749,12006056366271903391,131072 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=848 --field-trial-handle=1812,i,12257632470754071749,12006056366271903391,131072 /prefetch:1
  2⤵
  PID:5436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1784 --field-trial-handle=1812,i,12257632470754071749,12006056366271903391,131072 /prefetch:1
  2⤵
  PID:4116

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3348

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:5164
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5632

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\92609e41-af6a-4cfe-8c15-d39cea4f6dab.tmp

Filesize
143KB

MD5
c34b26fa5f378b21a4764a639a241628

SHA1
021f8657f2a45930b2826be3e3754a24c56e455c

SHA256
31de82ef2915a53eb3cdea46cb2a94db607200336eff8609ac90c42c3a0f3526

SHA512
670f289b7d846371e925501f6c503b674c840469b3ec5f58ee1f213f0562f4b769a712b1cdca644eef9b062cd2214c8debca485bcfd85c7f0f8b3076b9f29564

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\676598c4-b062-4a6a-971e-94ae55a8f26a.tmp

Filesize
5KB

MD5
ca0da0fd05925c039f11b412106486c3

SHA1
a1f336d1a75ead6292d858adcfd43647f684ebd9

SHA256
ac703f289d26a5d50d5a212e3b6fcf1996d55553595d41ac6150973d90feb411

SHA512
11f3b3de8d1a2c89b87a1b67d5d63225048abb48ed545f992eecbd76b63372f2dc295b82cabc017d0f8318be841f3788f0eebb3c4e8e905f9915d8fa33f8f00c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
a65b3167cf9e0ed5f7b4d6fbd0642c8d

SHA1
3f2e7e32bdd9a280c220512c1b3c72e560e4b476

SHA256
d9a0059cec9d74edffaec2101c257b39cb29c838e1df67b40fe9cb7c13fe1422

SHA512
877f6c9437c2de151fc540b282062e8a732c5ce5c48ca607a8e800fc09e572c8e24f5d7e6d8b6df025acb87b28953cf30abe027d846a92e41e8711ae51c2f402

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
c035e3b5bac2dc812cf50af9a6b427b4

SHA1
0f9b0c700dd3131c77f732efd69c45c490da292e

SHA256
a1bc73e668b00be032e11b49e17eea226b05fb43916d02b28dffb42698239358

SHA512
f7b3bf7c45788700e0a3b2dea2bc4667b53e56e6a3b08933d70a57ec6dca4c941ecd0aa968f7084fc2f50a11059cdbdd557f2d126ba858135b9dc7b4a1a98be2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
caa2014f9e25b6778adf34d1f388eccb

SHA1
65b8611dcd6db7d839019beab03bac459d6a5f23

SHA256
97407c12c7ec250aebd1f571a54da95af4ff88a44185935cabb64cac7243492b

SHA512
8db785778f2c63dca6febbe511a8da493af414f4fa553e3089ed015fdb48cf29d6a0e3c42ab2ad46a0512b76ef0fea0fc7dc0950ff844cc4ab4c34f7e31a9155

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
c7706d3fe9e5eba7d8257e58a0e0d405

SHA1
76e9476c9b3dd0d56b34f7f1fb1aa5d52e1aebc6

SHA256
94d6cb9e3603847cd68ed7c07eea83a6f09c52c7865d54fe68cee2133587cd6b

SHA512
074f589f713d7f8cea1f6605010ca5de22511739bbc16fd569a3a797cac35d87ae8b46b1016d707e4bae22cab336a4a383661a49c2db0ebaaa5e35da008b970b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
143KB

MD5
febe98f591d7311aee1a6f5181249217

SHA1
0a64fa318dd90b05295247be704edddef3901034

SHA256
132d8ed9c8cb564a56eb8fd5baf38d5764d92c629a4b633a77ae1be09a2448cc

SHA512
935a1300373ba084996568740ee516c895177227b32a916bda458e2308dc578082d11340654e165d4aeeb4264a123c5d2eafa1cd8d72980f544eca3fc89c16b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
3KB

MD5
3f01549ee3e4c18244797530b588dad9

SHA1
3e87863fc06995fe4b741357c68931221d6cc0b9

SHA256
36b51e575810b6af6fc5e778ce0f228bc7797cd3224839b00829ca166fa13f9a

SHA512
73843215228865a4186ac3709bf2896f0f68da0ba3601cc20226203dd429a2ad9817b904a45f6b0456b8be68deebf3b011742a923ce4a77c0c6f3a155522ab50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Filesize
53KB

MD5
a26df49623eff12a70a93f649776dab7

SHA1
efb53bd0df3ac34bd119adf8788127ad57e53803

SHA256
4ebde1c12625cb55034d47e5169f709b0bd02a8caa76b5b9854efad7f4710245

SHA512
e5f9b8645fb2a50763fcbffe877ca03e9cadf099fe2d510b74bfa9ff18d0a6563d11160e00f495eeefebde63450d0ade8d6b6a824e68bd8a59e1971dc842709c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
3KB

MD5
8cf1f68b51574b44e5a5e745034e26c8

SHA1
ee3c72b22d8ca46b11cba7ac098d457f0e2f8413

SHA256
8f8af5f886f992a77eb93e7f99efd585f13d4796d53364aa7201472dd638ad94

SHA512
ca8cd9613eef051739051f6d328eba1c78583f985cbd125e63c6cf081228d59c763370d5d91601ecc47620c505b6da2b03b94965063c8a8733c3a170440e8d8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_3vkkt5zn.u1t.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt

Filesize
13B

MD5
d13f24a041ed359f7f25a032c7f230e5

SHA1
c70d0aaa98e3f64aa288f0807b487f4bc0dadcd3

SHA256
1bad7c2a5cd438c1e85be808887f51ea3231644c43c8a5dea6c6e2982d20f8ee

SHA512
9fe7fdb48e30d129aafcc1698da5784aadaab37d79e91063d13d195b7f750adf298b8a060bfdd21466a2c945e31e6580cb5e89e93a1fe5802b5acd8b837a4712

Download Submit
memory/112-136-0x00007FFC3CC70000-0x00007FFC3CC71000-memory.dmp

Filesize
4KB

Download
memory/5164-223-0x000001C3CE6D0000-0x000001C3CE6E0000-memory.dmp

Filesize
64KB

Download
memory/5164-225-0x000001C3CE6D0000-0x000001C3CE6E0000-memory.dmp

Filesize
64KB

Download
memory/5164-224-0x000001C3CE6D0000-0x000001C3CE6E0000-memory.dmp

Filesize
64KB

Download
memory/5164-235-0x000001C3CE6D0000-0x000001C3CE6E0000-memory.dmp

Filesize
64KB

Download
memory/5164-236-0x000001C3CE6D0000-0x000001C3CE6E0000-memory.dmp

Filesize
64KB

Download
memory/5164-237-0x000001C3CE6D0000-0x000001C3CE6E0000-memory.dmp

Filesize
64KB

Download
memory/5164-222-0x000001C3CEBA0000-0x000001C3CEC16000-memory.dmp

Filesize
472KB

Download
memory/5164-216-0x000001C3CE5E0000-0x000001C3CE602000-memory.dmp

Filesize
136KB

Download
memory/5164-221-0x000001C3CE680000-0x000001C3CE6C4000-memory.dmp

Filesize
272KB

Download
memory/5632-265-0x00000248F0A80000-0x00000248F0A90000-memory.dmp

Filesize
64KB

Download
memory/5632-266-0x00000248F0A80000-0x00000248F0A90000-memory.dmp

Filesize
64KB

Download
memory/5632-261-0x00000248F0A80000-0x00000248F0A90000-memory.dmp

Filesize
64KB

Download
memory/5632-260-0x00000248F0A80000-0x00000248F0A90000-memory.dmp

Filesize
64KB

Download
memory/5632-264-0x00000248F0A80000-0x00000248F0A90000-memory.dmp

Filesize
64KB

Download
memory/5992-275-0x0000026902720000-0x0000026902721000-memory.dmp

Filesize
4KB

Download
memory/5992-273-0x0000026902720000-0x0000026902721000-memory.dmp

Filesize
4KB

Download
memory/5992-274-0x0000026902720000-0x0000026902721000-memory.dmp

Filesize
4KB

Download
memory/5992-277-0x0000026902720000-0x0000026902721000-memory.dmp

Filesize
4KB

Download
memory/5992-276-0x0000026902720000-0x0000026902721000-memory.dmp

Filesize
4KB

Download
memory/5992-279-0x0000026902720000-0x0000026902721000-memory.dmp

Filesize
4KB

Download
memory/5992-278-0x0000026902720000-0x0000026902721000-memory.dmp

Filesize
4KB

Download
memory/5992-269-0x0000026902720000-0x0000026902721000-memory.dmp

Filesize
4KB

Download
memory/5992-267-0x0000026902720000-0x0000026902721000-memory.dmp

Filesize
4KB

Download
memory/5992-268-0x0000026902720000-0x0000026902721000-memory.dmp

Filesize
4KB

Download