673eea44f74f5cae3ee0585bc23211a46f797cfeb46072781d4018199b78665b

Analysis

max time kernel
126s
max time network
643s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
30/03/2023, 21:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Caratulas.pdf
Size

743KB
MD5

d831d182e1fac9b8cc9e6528a46d8aa3
SHA1

7116b180cd881fc00c0f5f0b76af8dda99a6dece
SHA256

673eea44f74f5cae3ee0585bc23211a46f797cfeb46072781d4018199b78665b
SHA512

89cd8063da15b9e2c63c48c65d2eee4ae89189d4737f8ef84c3bc96c82749fd30d441a7456deda182002bb97299da0ed9c170265bcbdfd833940cba7956434e0
SSDEEP

12288:AfKTfXLN6GPH89sG3Y6Z079dzj1+Jc/fhXqkaQNri92IoToE96Ey8:IKTfJ6m89sGok07LjH/fFqkvc2ICoEw8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
468	chrome.exe
468	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe

Suspicious use of FindShellTrayWindow 42 IoCs

pid	Process
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2000	AcroRd32.exe
2000	AcroRd32.exe
2000	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 468 wrote to memory of 916	468	chrome.exe	29
PID 468 wrote to memory of 916	468	chrome.exe	29
PID 468 wrote to memory of 916	468	chrome.exe	29
PID 468 wrote to memory of 1800	468	chrome.exe	31
PID 468 wrote to memory of 1800	468	chrome.exe	31
PID 468 wrote to memory of 1800	468	chrome.exe	31
PID 468 wrote to memory of 1800	468	chrome.exe	31
PID 468 wrote to memory of 1800	468	chrome.exe	31
PID 468 wrote to memory of 1800	468	chrome.exe	31
PID 468 wrote to memory of 1800	468	chrome.exe	31
PID 468 wrote to memory of 1800	468	chrome.exe	31
PID 468 wrote to memory of 1800	468	chrome.exe	31
PID 468 wrote to memory of 1800	468	chrome.exe	31
PID 468 wrote to memory of 1800	468	chrome.exe	31
PID 468 wrote to memory of 1800	468	chrome.exe	31
PID 468 wrote to memory of 1800	468	chrome.exe	31
PID 468 wrote to memory of 1800	468	chrome.exe	31
PID 468 wrote to memory of 1800	468	chrome.exe	31
PID 468 wrote to memory of 1800	468	chrome.exe	31
PID 468 wrote to memory of 1800	468	chrome.exe	31
PID 468 wrote to memory of 1800	468	chrome.exe	31
PID 468 wrote to memory of 1800	468	chrome.exe	31
PID 468 wrote to memory of 1800	468	chrome.exe	31
PID 468 wrote to memory of 1800	468	chrome.exe	31
PID 468 wrote to memory of 1800	468	chrome.exe	31
PID 468 wrote to memory of 1800	468	chrome.exe	31
PID 468 wrote to memory of 1800	468	chrome.exe	31
PID 468 wrote to memory of 1800	468	chrome.exe	31
PID 468 wrote to memory of 1800	468	chrome.exe	31
PID 468 wrote to memory of 1800	468	chrome.exe	31
PID 468 wrote to memory of 1800	468	chrome.exe	31
PID 468 wrote to memory of 1800	468	chrome.exe	31
PID 468 wrote to memory of 1800	468	chrome.exe	31
PID 468 wrote to memory of 1800	468	chrome.exe	31
PID 468 wrote to memory of 1800	468	chrome.exe	31
PID 468 wrote to memory of 1800	468	chrome.exe	31
PID 468 wrote to memory of 1800	468	chrome.exe	31
PID 468 wrote to memory of 1800	468	chrome.exe	31
PID 468 wrote to memory of 1800	468	chrome.exe	31
PID 468 wrote to memory of 1800	468	chrome.exe	31
PID 468 wrote to memory of 1800	468	chrome.exe	31
PID 468 wrote to memory of 1800	468	chrome.exe	31
PID 468 wrote to memory of 1840	468	chrome.exe	32
PID 468 wrote to memory of 1840	468	chrome.exe	32
PID 468 wrote to memory of 1840	468	chrome.exe	32
PID 468 wrote to memory of 1696	468	chrome.exe	33
PID 468 wrote to memory of 1696	468	chrome.exe	33
PID 468 wrote to memory of 1696	468	chrome.exe	33
PID 468 wrote to memory of 1696	468	chrome.exe	33
PID 468 wrote to memory of 1696	468	chrome.exe	33
PID 468 wrote to memory of 1696	468	chrome.exe	33
PID 468 wrote to memory of 1696	468	chrome.exe	33
PID 468 wrote to memory of 1696	468	chrome.exe	33
PID 468 wrote to memory of 1696	468	chrome.exe	33
PID 468 wrote to memory of 1696	468	chrome.exe	33
PID 468 wrote to memory of 1696	468	chrome.exe	33
PID 468 wrote to memory of 1696	468	chrome.exe	33
PID 468 wrote to memory of 1696	468	chrome.exe	33
PID 468 wrote to memory of 1696	468	chrome.exe	33
PID 468 wrote to memory of 1696	468	chrome.exe	33
PID 468 wrote to memory of 1696	468	chrome.exe	33
PID 468 wrote to memory of 1696	468	chrome.exe	33
PID 468 wrote to memory of 1696	468	chrome.exe	33
PID 468 wrote to memory of 1696	468	chrome.exe	33

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Caratulas.pdf"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef65a9758,0x7fef65a9768,0x7fef65a9778
  2⤵
  PID:916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1100 --field-trial-handle=1372,i,5514196130911568912,8316961966992531655,131072 /prefetch:2
  2⤵
  PID:1800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1376 --field-trial-handle=1372,i,5514196130911568912,8316961966992531655,131072 /prefetch:8
  2⤵
  PID:1840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1620 --field-trial-handle=1372,i,5514196130911568912,8316961966992531655,131072 /prefetch:8
  2⤵
  PID:1696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2316 --field-trial-handle=1372,i,5514196130911568912,8316961966992531655,131072 /prefetch:1
  2⤵
  PID:1600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2124 --field-trial-handle=1372,i,5514196130911568912,8316961966992531655,131072 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1400 --field-trial-handle=1372,i,5514196130911568912,8316961966992531655,131072 /prefetch:2
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2240 --field-trial-handle=1372,i,5514196130911568912,8316961966992531655,131072 /prefetch:1
  2⤵
  PID:2332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3756 --field-trial-handle=1372,i,5514196130911568912,8316961966992531655,131072 /prefetch:8
  2⤵
  PID:2364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3780 --field-trial-handle=1372,i,5514196130911568912,8316961966992531655,131072 /prefetch:8
  2⤵
  PID:2372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4132 --field-trial-handle=1372,i,5514196130911568912,8316961966992531655,131072 /prefetch:1
  2⤵
  PID:2576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2768 --field-trial-handle=1372,i,5514196130911568912,8316961966992531655,131072 /prefetch:8
  2⤵
  PID:2932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3464 --field-trial-handle=1372,i,5514196130911568912,8316961966992531655,131072 /prefetch:8
  2⤵
  PID:2884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1732 --field-trial-handle=1372,i,5514196130911568912,8316961966992531655,131072 /prefetch:8
  2⤵
  PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1892 --field-trial-handle=1372,i,5514196130911568912,8316961966992531655,131072 /prefetch:8
  2⤵
  PID:1608

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1836

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2972

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x5ac
1⤵
PID:3052

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\Desktop\T0xicVirus-main\T0xicVirus-main\LauncherofThisVirus\T0xicVirusLauncher.Designer.cs"
1⤵
PID:2532

C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\Desktop\TrojanWormVirus-master\TrojanWormVirus-master\Trojan Dangerous.bat" "
1⤵
PID:2908

C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\Desktop\TrojanWormVirus-master\TrojanWormVirus-master\Weak Trojan.bat" "
1⤵
PID:2776

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:1296

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:2148

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:2356
- C:\Windows\system32\taskmgr.exe
  "C:\Windows\system32\taskmgr.exe" /4
  2⤵
  PID:2848

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:992
- C:\Windows\explorer.exe
  "C:\Windows\explorer.exe"
  2⤵
  PID:2776

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
984B

MD5
4bf51b588c5d8678156475b9f2ddf2a6

SHA1
13a94965cdfc41b9c71b2903db67f9bcc93a90b1

SHA256
13505e9e2428ab636d83f339364a8bf64e96ba836aa538b1aa001ad79e26c6a8

SHA512
74bb27c9eea0c8c84f006508eb3a81b5645ae7145120c38712aa47ae859077ad463ef3b4b6c88be2dcbd514455e49f5b9bc199064000e234ac7c09c349c5c30f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\CURRENT~RF6eebb7.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
d5f26899119a3ee85b2e05c6e9f53289

SHA1
765dd2bc624e9fdab9a9879e0d2e3c91958ea7ed

SHA256
1a4d03fedc07886d8b44a50fe7c8064626e657cc288e27c290a33e210462fd1b

SHA512
fa2e28d5e23575a0c61e649da42d11aaf9172c3402658c3bbbf63fbcaf0cd7ae4d63420674b34cdac53ce4ced88c316d2ac0a27d6c07d4a2255a89ff62887d37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
154d925867d1bbd21a59b9597511006e

SHA1
4714378ceb8f31d7cfe804d1053b2f775122a5f1

SHA256
286deb071ae566a283468fbba583ab1b24189aedaeca0c1b1a4eefa1b5284dbc

SHA512
46bdc88e71c1d29fb60e873620a2a153ed94a62ff772204aca6f6f43a329796f32537f5922e613526aef0aae2a2d0a5a94e3a9047f00e622fdb1aff48122bb64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1009B

MD5
903193a81f350d7797b5bbf6e6b4b677

SHA1
9b889b5e2543a748ae8d99d3ae4630cb7d84b681

SHA256
c3e035aa51d979024af8c042681a9a2fc429f016954aaea737e1666ddc4460af

SHA512
71d2d865f0eb67a04ed9e06263f78e5199c3146031bff8eb8f9d18459cbfa2ac955ebc85c348ea895e260a589cf6a63017bbc58f530efbf678b16c8f41f5b564

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
290557761de433f1c23df33fca438298

SHA1
f73bd630eb654f827d7442d19c651654697eba97

SHA256
f6232ad2baf0caa75f0f3cc5082a6b5ac47e71bbb0fb45b39fa778bf970a5d29

SHA512
2cf2f4a846615b12a8d5588cdff3b067093e3793b1da728cad23071d85a904e153da14c92404735eda8d90fb1fa1b25785302ee002aa0f7c72531c13942b6a02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
09c3475fd1c0d990d43d7a43ae412e1b

SHA1
7ecc34518491fda26dcef67226d7f41666f1b99d

SHA256
b33518a2c2b068f9c6628ee4ea6802acf4dcc8a340f7da8d3b802961a8f868b1

SHA512
d980a30d73745a4aff0b2c8f95e85d0df4243d0c60ee8a4f2ad511bbbe4beaa4c7106bc24779603ab8639cc9ffc789ea9c48f58388af935c6dd9e052c0cfd100

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
132f36a2fd8ffef222b970ddabafff52

SHA1
a664df0cd691d00e590496ba01b59e530198f309

SHA256
b58dfe1a60e531ec2c3ec85681b69df60648d44622558ac8e1ce206f59626b68

SHA512
9a6f51ca953b7ddf888108dcd7b998db347868f5d75e4336c07634793c2b1fcb92561c8948672e7c254fce7c78c05fbc31ba2c2a88d3a401f6398dbdcf467355

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1017B

MD5
f7ec2e75429fd2eebff302041d8c6edd

SHA1
71326b5cf2a7a59ed2d5e536861a52a08655aa35

SHA256
58c68207b6740f34c2e955a8f0317d31854c16529e2c6e5b2f3184a43a3e6fbc

SHA512
d65489b4acc129c64c0f94848437a8ceefd6f223493573f470012542a2a95f18c08734e71da608caf10cd7a98a8f2463979dc0f0023e4fb263200574567e39f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6e0317957bcd84574eb515d9783eadd5

SHA1
695cc954c88e744177ac024dcc7028bc3ba1cfdd

SHA256
800f0bdbe826c61abba079363ecd146f99152176c132ad8eb9e54020e4213882

SHA512
f3280d3266f709717e2ade547e68e7d174af566038b4f77dfea542609f356a6bedda874b0319cef5355a89b30fac5c64dec5ebbae2cda80766a0452f4ab0dc4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1017B

MD5
d6c75bbf2864ca8ca48bec0ab496f538

SHA1
eb6701a5c01ca29ed65d30221862c38c639db8fd

SHA256
07059ebec61d882fee7a6fb187f46a2b3abc867849879694b714b5ab6fc52400

SHA512
9bf242c91194d57d0e82f59f6c6fcb70bc392bf0a59c385465fa45a99fb64c49e8692e0cfb23b28c24af71ed125e946d468a8beba6d9770dd9f03c262bd4754e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
057232081eedaa7099a57749f23ffe40

SHA1
791cb1a5c2c397f1c08780fb841135c330163445

SHA256
f84fa39a0c4c1b4c0ebdb01692be95c71932187fd7ae07e956f17bdf197d9794

SHA512
7eb5787cb90e52c7a7998f2ce7803d3f1c90025a12cb37bf84941b864bdeffd974a5915cb0d2c81040488ac74339c0babcc923415143d728f040f69eca388353

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
b2ca1590405ee7708d213205785afe49

SHA1
b8c8def6cb61876221bd93d270278199fac0681c

SHA256
16d0751d83d6909e731e82416d8a684e75fcbf9153075017bc13506c8fd3955c

SHA512
9f1f33443490b75f8a3ba6c31941f3518fafeaae09790405a84065a7a3e5b4e979625aad58b21c7fa597b0e1a0154d16190e08ee17f06a1ec0db4a8bd4b59424

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
f210d7159efae6fb10ab507e917d5607

SHA1
3f0d4de628376ad7215fafd2c6106332ab8dbdce

SHA256
d7c4c44565ad7ebbe438c76b8523eccd30a3707630cfb8c442fef38bb88578c4

SHA512
2628799ee46df8b2730ad78851ac08a7bafac336f15210eeb947cedf7a966c7b341ac5117bf07b53177e9fa3873ce0f9926faf841b4f83f2a982b199f7781449

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
59ee09a07c66a221a59ebaa28239dc09

SHA1
e3a09f5b9b70da8885a390b4b10595b75c034eb4

SHA256
e9be2cb0f32e83da99d8964bb623b340e0fc65a14fc46e338d581b6eefe4afef

SHA512
232059c428f80380264db8da0a13b2c54fbaeaf3f97047c01e5a1815f1ff0f638ec4203b21aab9e3b81515664c4c684470cb2adcc51aa5421166f62aff6fcc7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
594508e457fdf073930e99a93f0b6c3e

SHA1
2ab815d2189654e275bcc5da619fe4af17627bd7

SHA256
3fd3d33f8ac1ae1c1296be17d0711144a62b772297c618238bbf43adec29f2d3

SHA512
d1d2ffda1690acc2f25d2d1cac482e06ed41db2ab8d4be1c2688e4d6a377174b80cde0ff62d5d250c335bc792e6232f499249d3527a03c4542634a4fb129fc79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000004.dbtmp

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ac846650-97d7-4647-bf69-86dc61a07738.tmp

Filesize
4KB

MD5
bf7972ca764bca73085d6d502de5bb7a

SHA1
091483cf2093f3a54f50ce2573c372caa78957e8

SHA256
ab690a1589fa279e6e9218a59cd0452303391cae2257bb4ab25b0fac403ad4f0

SHA512
6f0c9e5f5c819d2931088c1bde63ac76651f738fe7ce588b9048d7d44d38ab114740f0ca58894026eda736557f4f194bd84bea198d108755755b847e25c067d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\c6cdac78-6605-4b01-abdc-366d00b7c0f3.tmp

Filesize
4KB

MD5
4c5d0dd23e0a5bcd42e548dff1792d82

SHA1
869d0f1fa0b6c1abca87a433380ba6a7a4029ad2

SHA256
2461aa3d191ec99e8a6bfb175cad7e1003715ce443eb818d48b7f32490e3d2f5

SHA512
bd927e12d86fbe99dee4a6f409a671517ee18bc53f34db51f281904974f363972b4fe70293d0e1ee1c474422004b6ec0a99e01633b984385dc6ce71c64ab843f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\cf830da5-743f-48b3-897b-5e4aeb5e98c2.tmp

Filesize
4KB

MD5
e6b14f0cb4eac5f787a64c1f1f6a8f75

SHA1
c6932b43e2be6794be91b908a6aa43269fececf7

SHA256
af3e05197a97a707c5feae08a3ff3e81789145c55ce61e3fb912484a1e8e2446

SHA512
22de36f7ee4205098caba8780587b92e4bfcaa84018cddeafc6f7ee52f8552038368ab9dfcf50100d9f2bca5c84327e9fba2d8ab2fac3d5269e24eee88529ca4

Download Submit
C:\Users\Admin\Downloads\T0xicVirus-main.zip.crdownload

Filesize
556KB

MD5
46111f0e4a683d84d38f9316cd4bee11

SHA1
3c80e8cd96d849764c7d85f9a0ce83b1dff73feb

SHA256
b1680fe67be359968f2e8f9103cbe392416c9c9cabc27fcddde18d24744dc1aa

SHA512
b0e380207751ea5e898f3edd5309e08690b09497dcb1f88e5a0223f830d82a81a8111661f44d9bd99ff9eaf5b76db44544067fe6b136d1e04a0e793a3129ffb9

Download Submit
memory/992-496-0x0000000004050000-0x0000000004051000-memory.dmp

Filesize
4KB

Download
memory/992-497-0x0000000004050000-0x0000000004051000-memory.dmp

Filesize
4KB

Download
memory/1296-459-0x0000000003C70000-0x0000000003C71000-memory.dmp

Filesize
4KB

Download
memory/1296-467-0x0000000003C70000-0x0000000003C71000-memory.dmp

Filesize
4KB

Download
memory/2356-488-0x0000000003F60000-0x0000000003F61000-memory.dmp

Filesize
4KB

Download
memory/2356-478-0x0000000003F60000-0x0000000003F61000-memory.dmp

Filesize
4KB

Download
memory/2848-486-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2848-487-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download