cobaltstrike | hxxp://valhalla[.]nextron-systems[.]com

Analysis

max time kernel
1800s
max time network
1692s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
29-03-2023 04:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://valhalla.nextron-systems.com

Score

10^/10

cobaltstrike industroyer backdoor ics trojan

Malware Config

Signatures

Cobalt Strike reflective loader 2 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
C:\Users\Admin\Downloads\valhalla-rules.yar.crdownload	cobalt_reflective_dll
C:\Users\Admin\Downloads\valhalla-rules.yar	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Industroyer
Also known as CrashOverride. Malware framework which targets Industrial Control Systems (ICS) related to power transmission.
ics industroyer

Industroyer IEC-104 Module 2 IoCs

Contains strings related to Industroyer module used to communicate with power transmission grids over IEC-104 protocol.

Processes:

resource	yara_rule
C:\Users\Admin\Downloads\valhalla-rules.yar.crdownload	win_industroyer_w3
C:\Users\Admin\Downloads\valhalla-rules.yar	win_industroyer_w3

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133245448549061281"	chrome.exe

Modifies registry class 2 IoCs

Processes:

chrome.exeOpenWith.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

2544 chrome.exe
2544 chrome.exe
3444 chrome.exe
3444 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid process

2544 chrome.exe
2544 chrome.exe
2544 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeCreatePagefilePrivilege	2544	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

Processes:

chrome.exe

pid	process
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe

Suspicious use of SetWindowsHookEx 23 IoCs

Processes:

OpenWith.exe

pid	process
1580	OpenWith.exe
1580	OpenWith.exe
1580	OpenWith.exe
1580	OpenWith.exe
1580	OpenWith.exe
1580	OpenWith.exe
1580	OpenWith.exe
1580	OpenWith.exe
1580	OpenWith.exe
1580	OpenWith.exe
1580	OpenWith.exe
1580	OpenWith.exe
1580	OpenWith.exe
1580	OpenWith.exe
1580	OpenWith.exe
1580	OpenWith.exe
1580	OpenWith.exe
1580	OpenWith.exe
1580	OpenWith.exe
1580	OpenWith.exe
1580	OpenWith.exe
1580	OpenWith.exe
1580	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2544 wrote to memory of 1524	2544	chrome.exe	chrome.exe
PID 2544 wrote to memory of 1524	2544	chrome.exe	chrome.exe
PID 2544 wrote to memory of 100	2544	chrome.exe	chrome.exe
PID 2544 wrote to memory of 100	2544	chrome.exe	chrome.exe
PID 2544 wrote to memory of 100	2544	chrome.exe	chrome.exe
PID 2544 wrote to memory of 100	2544	chrome.exe	chrome.exe
PID 2544 wrote to memory of 100	2544	chrome.exe	chrome.exe
PID 2544 wrote to memory of 100	2544	chrome.exe	chrome.exe
PID 2544 wrote to memory of 100	2544	chrome.exe	chrome.exe
PID 2544 wrote to memory of 100	2544	chrome.exe	chrome.exe
PID 2544 wrote to memory of 100	2544	chrome.exe	chrome.exe
PID 2544 wrote to memory of 100	2544	chrome.exe	chrome.exe
PID 2544 wrote to memory of 100	2544	chrome.exe	chrome.exe
PID 2544 wrote to memory of 100	2544	chrome.exe	chrome.exe
PID 2544 wrote to memory of 100	2544	chrome.exe	chrome.exe
PID 2544 wrote to memory of 100	2544	chrome.exe	chrome.exe
PID 2544 wrote to memory of 100	2544	chrome.exe	chrome.exe
PID 2544 wrote to memory of 100	2544	chrome.exe	chrome.exe
PID 2544 wrote to memory of 100	2544	chrome.exe	chrome.exe
PID 2544 wrote to memory of 100	2544	chrome.exe	chrome.exe
PID 2544 wrote to memory of 100	2544	chrome.exe	chrome.exe
PID 2544 wrote to memory of 100	2544	chrome.exe	chrome.exe
PID 2544 wrote to memory of 100	2544	chrome.exe	chrome.exe
PID 2544 wrote to memory of 100	2544	chrome.exe	chrome.exe
PID 2544 wrote to memory of 100	2544	chrome.exe	chrome.exe
PID 2544 wrote to memory of 100	2544	chrome.exe	chrome.exe
PID 2544 wrote to memory of 100	2544	chrome.exe	chrome.exe
PID 2544 wrote to memory of 100	2544	chrome.exe	chrome.exe
PID 2544 wrote to memory of 100	2544	chrome.exe	chrome.exe
PID 2544 wrote to memory of 100	2544	chrome.exe	chrome.exe
PID 2544 wrote to memory of 100	2544	chrome.exe	chrome.exe
PID 2544 wrote to memory of 100	2544	chrome.exe	chrome.exe
PID 2544 wrote to memory of 100	2544	chrome.exe	chrome.exe
PID 2544 wrote to memory of 100	2544	chrome.exe	chrome.exe
PID 2544 wrote to memory of 100	2544	chrome.exe	chrome.exe
PID 2544 wrote to memory of 100	2544	chrome.exe	chrome.exe
PID 2544 wrote to memory of 100	2544	chrome.exe	chrome.exe
PID 2544 wrote to memory of 100	2544	chrome.exe	chrome.exe
PID 2544 wrote to memory of 100	2544	chrome.exe	chrome.exe
PID 2544 wrote to memory of 100	2544	chrome.exe	chrome.exe
PID 2544 wrote to memory of 1864	2544	chrome.exe	chrome.exe
PID 2544 wrote to memory of 1864	2544	chrome.exe	chrome.exe
PID 2544 wrote to memory of 1192	2544	chrome.exe	chrome.exe
PID 2544 wrote to memory of 1192	2544	chrome.exe	chrome.exe
PID 2544 wrote to memory of 1192	2544	chrome.exe	chrome.exe
PID 2544 wrote to memory of 1192	2544	chrome.exe	chrome.exe
PID 2544 wrote to memory of 1192	2544	chrome.exe	chrome.exe
PID 2544 wrote to memory of 1192	2544	chrome.exe	chrome.exe
PID 2544 wrote to memory of 1192	2544	chrome.exe	chrome.exe
PID 2544 wrote to memory of 1192	2544	chrome.exe	chrome.exe
PID 2544 wrote to memory of 1192	2544	chrome.exe	chrome.exe
PID 2544 wrote to memory of 1192	2544	chrome.exe	chrome.exe
PID 2544 wrote to memory of 1192	2544	chrome.exe	chrome.exe
PID 2544 wrote to memory of 1192	2544	chrome.exe	chrome.exe
PID 2544 wrote to memory of 1192	2544	chrome.exe	chrome.exe
PID 2544 wrote to memory of 1192	2544	chrome.exe	chrome.exe
PID 2544 wrote to memory of 1192	2544	chrome.exe	chrome.exe
PID 2544 wrote to memory of 1192	2544	chrome.exe	chrome.exe
PID 2544 wrote to memory of 1192	2544	chrome.exe	chrome.exe
PID 2544 wrote to memory of 1192	2544	chrome.exe	chrome.exe
PID 2544 wrote to memory of 1192	2544	chrome.exe	chrome.exe
PID 2544 wrote to memory of 1192	2544	chrome.exe	chrome.exe
PID 2544 wrote to memory of 1192	2544	chrome.exe	chrome.exe
PID 2544 wrote to memory of 1192	2544	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://valhalla.nextron-systems.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff99adc9758,0x7ff99adc9768,0x7ff99adc9778
2⤵
PID:1524

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 --field-trial-handle=1856,i,16058636223366492972,6606689871662581698,131072 /prefetch:2
2⤵
PID:100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1856,i,16058636223366492972,6606689871662581698,131072 /prefetch:8
2⤵
PID:1864

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1856,i,16058636223366492972,6606689871662581698,131072 /prefetch:8
2⤵
PID:1192

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3000 --field-trial-handle=1856,i,16058636223366492972,6606689871662581698,131072 /prefetch:1
2⤵
PID:2700

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3016 --field-trial-handle=1856,i,16058636223366492972,6606689871662581698,131072 /prefetch:1
2⤵
PID:1064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4480 --field-trial-handle=1856,i,16058636223366492972,6606689871662581698,131072 /prefetch:1
2⤵
PID:4384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3864 --field-trial-handle=1856,i,16058636223366492972,6606689871662581698,131072 /prefetch:8
2⤵
PID:2236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 --field-trial-handle=1856,i,16058636223366492972,6606689871662581698,131072 /prefetch:8
2⤵
PID:2016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4316 --field-trial-handle=1856,i,16058636223366492972,6606689871662581698,131072 /prefetch:8
2⤵
PID:4256

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=912 --field-trial-handle=1856,i,16058636223366492972,6606689871662581698,131072 /prefetch:8
2⤵
PID:1968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1856,i,16058636223366492972,6606689871662581698,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3444

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4604

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1580

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\valhalla-rules.yar
2⤵
PID:4412

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
96B

MD5
8a8637deebb6e28656999a999df2a351

SHA1
6b5ef9e1dfd857de89c4639f68d8a946b0f3c89f

SHA256
ce4e2682c33d50479f30b1ca57383c704504eccc7c709397540217693ddcd17f

SHA512
27f2b75e43e11d565f796ecc0268faffe21f22685bc15610b8f3de1af99d6ac04fe3aca3106470340dd46d2d0efb4a960b5e965d42899c66a858b9b8ad5a287c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
3cc47617314c40f1240731aca2ee29c5

SHA1
c7d20bd257b1d237a46ac717826c595233e248f0

SHA256
9812f42a261fe0c853764574c6a89edb42fcd4040868c21d424c12a28791526b

SHA512
c24f2b899fa927ccddb6a15aa94640d64e0e5c7cb3ed0130fd8942d7d2ecac9b79ced79ca8fe5b0a00ac11485005221b5fee96802a60f3d04f7cac0d2a98e98b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
539B

MD5
61e85615d3348d97f988d2acb83a9c45

SHA1
13002259476dd75240e7ab77b6ca239836396212

SHA256
8286c13cec5bbe538495ab0cfbb33045e2fbd95781cc98e8a42e990eae2fde15

SHA512
79b574a312fd3b493f90f2d069a50103df9ef865c12cd0df8881f3677c4cdfb44079eb3b6daecd971789bc1e6a0ee67d06274068168ee05852a2e2ee39471444

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
4KB

MD5
c735d02f02925facebb6d5fe074bbfe6

SHA1
f228495f00025523b7e83d36441975d8d523b6a5

SHA256
e05268f696fa61b742c7d430fa7b969133968dc588f682bcb12a6591d58c2050

SHA512
3dbb1674fe2494ebff8f7d0b147158a6ede206e658fd9f8f15874124a5e371a449cb2cab722b65e3fd73f56a8f504659af2b28207b6ef48d56d8adb64eed71d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
4KB

MD5
6ae241bd964bfd07260940c7870e8add

SHA1
12e7e1deb196dea34b2307e16dedb221e2d8d4b5

SHA256
afccf11ee6cccee99727a047d9c3b1ef5562b9f7623f7ba87b01d8cbb30a72e2

SHA512
1a1ccc45177931b3a5bbf163ccb12677c648ed692a17050e4831bf642ea0889e80ca7e86c39e2472ec8b46278b0cc87eaa431e531da5db651acc0da4ed4dd450

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
4KB

MD5
7d41c5426aeab5d0884634acd0d41233

SHA1
e8865765f72708abc9b6845912f6cfbdc86cb382

SHA256
be6d18ee36704e582a3039c73acdbc76796fa8c56c7b7e935c7fc3b6a8002e50

SHA512
119f44671706381110072a4f362581e48c1a6821b3647b33833b7c14d15ac7add895f2bf70bff4b586e76b06c853669a8fb9cb10306b41c1c5b4f1ef3ee442bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
4KB

MD5
f16c3daa8cb29e67c2a78acbac855613

SHA1
37a8fb03a8ff5c5ce424ece5d228ee5513d0083c

SHA256
7af10c878bcbc707c02649e9e4feee3e5d44d9cf6f5f24d1e7726a910b6d4b27

SHA512
0961cbc8017720d9594ea7be054f61746332f9ff7b13149fee71e1730e393c27067a7a54464a57894a3f7864ccb32aca0d044b88f6a7814f906944ac7b8067c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
144KB

MD5
009ebae68dca7c7ce4773c0eeae53baa

SHA1
da04cada9d252bd47f416d8dfb36eda463a87d30

SHA256
2cc96f256ccc5cd4eb9b1e4e79f9911711b4638382338d73e9c1eb1e0581d5ac

SHA512
b033a34b4d6d121159246ad1de2454bf3247898383f9bdb511929df48b52a0fb564a1ab43fd78a1b39315042328d90fbf65e038de2b95e07465cf37c187ec43c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
110KB

MD5
674d25aefe7e7561e2ed2790ec2517ea

SHA1
1396fe0c1849f6bbfab9d6bb375cb014eca1c4ce

SHA256
e0ecc4c1083987163e58320750f283f7edc7d45ca8447e340aee17358ae59be4

SHA512
41380dd95e15939d6d3e6a404dbff270dfccee82f586740c55ed58eb9cfd93222ab8addbc5593fe162bd58829cbba4eb9d0d4b37211c63463b7303a0700e62c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57eafc.TMP
Filesize
100KB

MD5
30faaf0f4d9a7406da14bbe15853cbba

SHA1
568de821f31137ec783ecb69a9328df1bd3b4128

SHA256
df1fa68ed15b2412db604701dddbde17d360584d5f09ba8d7fcb2fc620ff7aa2

SHA512
db499543af14484d03abf65e1810ea10f0685c63ea8ef880ebd5f6903f352f48035c82aa084b2beb22d4c28ab3355fa7a78931616defce24487b3ceec4f19ecc

Download Submit
C:\Users\Admin\Downloads\valhalla-rules.yar
Filesize
2.2MB

MD5
1a4ac1b1bad9a801c4520808a313fcac

SHA1
de4f68d1c6a12ff8e79b6e53bfee0c865f91ce65

SHA256
c50c2a54faac977abdb1d73ad864e1cc30e4ca5ca8fd634390c0356d5671367f

SHA512
b0396950ed2aba7982944652f3f0ae442a28750058f2dda5538302e8dcf3782e3e90a2fd15fa1d3ee799c79e292d70f4453bc05b05f8aa8973d97d0796c2dd54

Download Submit
C:\Users\Admin\Downloads\valhalla-rules.yar.crdownload
Filesize
2.2MB

MD5
1a4ac1b1bad9a801c4520808a313fcac

SHA1
de4f68d1c6a12ff8e79b6e53bfee0c865f91ce65

SHA256
c50c2a54faac977abdb1d73ad864e1cc30e4ca5ca8fd634390c0356d5671367f

SHA512
b0396950ed2aba7982944652f3f0ae442a28750058f2dda5538302e8dcf3782e3e90a2fd15fa1d3ee799c79e292d70f4453bc05b05f8aa8973d97d0796c2dd54

Download Submit
\??\pipe\crashpad_2544_MFBFCBBAIXTIVRPE
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit