hxxps://github[.]com/Endermanch/MalwareDatabase

Resubmissions

20-04-2023 17:33

230420-v498zsbd47 6

20-04-2023 17:21

230420-vxf2kabc95 7

07-04-2023 17:38

230407-v7xr3ahh73 10

07-04-2023 15:18

230407-spn14abd8v 10

Analysis

max time kernel
190s
max time network
206s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
07-04-2023 17:38

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://github.com/Endermanch/MalwareDatabase

Score

10^/10

evasion persistence ransomware

Malware Config

Signatures

Suspicious use of NtCreateProcessExOtherParentProcess 2 IoCs

Processes:

taskmgr.exe

description	pid	process	target process
PID 3796 created 4464	3796	taskmgr.exe	Free YouTube Downloader.exe
PID 3796 created 4464	3796	taskmgr.exe	Free YouTube Downloader.exe

Disables Task Manager via registry modification
evasion
Executes dropped EXE 1 IoCs

Processes:

Free YouTube Downloader.exe

pid process

4464 Free YouTube Downloader.exe

pid	process
4464	Free YouTube Downloader.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

[email protected]

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run	[email protected]
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Free Youtube Downloader = "C:\\Windows\\Free Youtube Downloader\\Free Youtube Downloader\\Free YouTube Downloader.exe"	[email protected]

Enumerates connected drives 3 TTPs 24 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

[email protected]

description	ioc	process
File opened (read-only)	\??\G:	[email protected]
File opened (read-only)	\??\R:	[email protected]
File opened (read-only)	\??\T:	[email protected]
File opened (read-only)	\??\W:	[email protected]
File opened (read-only)	\??\Y:	[email protected]
File opened (read-only)	\??\F:	[email protected]
File opened (read-only)	\??\I:	[email protected]
File opened (read-only)	\??\L:	[email protected]
File opened (read-only)	\??\O:	[email protected]
File opened (read-only)	\??\U:	[email protected]
File opened (read-only)	\??\A:	[email protected]
File opened (read-only)	\??\E:	[email protected]
File opened (read-only)	\??\H:	[email protected]
File opened (read-only)	\??\J:	[email protected]
File opened (read-only)	\??\M:	[email protected]
File opened (read-only)	\??\P:	[email protected]
File opened (read-only)	\??\Q:	[email protected]
File opened (read-only)	\??\V:	[email protected]
File opened (read-only)	\??\B:	[email protected]
File opened (read-only)	\??\K:	[email protected]
File opened (read-only)	\??\N:	[email protected]
File opened (read-only)	\??\S:	[email protected]
File opened (read-only)	\??\X:	[email protected]
File opened (read-only)	\??\Z:	[email protected]

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
ransomware

Defacement
T1491

Modify Registry
T1112

Processes:

[email protected]

description ioc process

Set value (str) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\Desktop\Wallpaper [email protected]

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\Desktop\Wallpaper	[email protected]

Drops file in Windows directory 4 IoCs

Processes:

[email protected]

description	ioc	process
File created	C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.ini	[email protected]
File opened for modification	C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe	[email protected]
File opened for modification	C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe	[email protected]
File opened for modification	C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.exe	[email protected]

Program crash 2 IoCs

Processes:

WerFault.exeWerFault.exe

pid pid_target process target process

2036 4752 WerFault.exe YouAreAnIdiot.exe
3764 2308 WerFault.exe YouAreAnIdiot.exe

pid	pid_target	process	target process
2036	4752	WerFault.exe	YouAreAnIdiot.exe
3764	2308	WerFault.exe	YouAreAnIdiot.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exetaskmgr.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 2 IoCs
evasion

Processes:

taskkill.exetaskkill.exe

pid process

1332 taskkill.exe
3692 taskkill.exe

pid	process
1332	taskkill.exe
3692	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133253699258436456"	chrome.exe

Modifies registry class 3 IoCs

Processes:

chrome.exe[email protected]

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings	chrome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\icon.ico"	[email protected]
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2275444769-3691835758-4097679484-1000\{8934355B-6522-4D45-A85D-036D5895CBFD}	[email protected]

Suspicious behavior: EnumeratesProcesses 30 IoCs

Processes:

chrome.exetaskmgr.exechrome.exetaskmgr.exe

pid	process
4596	chrome.exe
4596	chrome.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3544	chrome.exe
3544	chrome.exe
3508	taskmgr.exe
3508	taskmgr.exe
3508	taskmgr.exe
3508	taskmgr.exe
3508	taskmgr.exe
3508	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

chrome.exe

pid process

4596 chrome.exe
4596 chrome.exe
4596 chrome.exe
4596 chrome.exe
4596 chrome.exe
4596 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exeFree YouTube Downloader.exetaskmgr.exe

pid	process
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4464	Free YouTube Downloader.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

chrome.exeFree YouTube Downloader.exetaskmgr.exe

pid	process
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4464	Free YouTube Downloader.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe
3796	taskmgr.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

[email protected][email protected]

pid process

4088 [email protected]
4476 [email protected]
4476 [email protected]

pid	process
4088	[email protected]
4476	[email protected]
4476	[email protected]

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4596 wrote to memory of 4280	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 4280	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 2168	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 2168	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 2168	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 2168	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 2168	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 2168	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 2168	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 2168	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 2168	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 2168	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 2168	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 2168	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 2168	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 2168	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 2168	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 2168	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 2168	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 2168	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 2168	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 2168	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 2168	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 2168	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 2168	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 2168	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 2168	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 2168	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 2168	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 2168	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 2168	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 2168	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 2168	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 2168	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 2168	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 2168	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 2168	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 2168	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 2168	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 2168	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 2712	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 2712	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3864	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3864	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3864	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3864	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3864	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3864	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3864	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3864	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3864	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3864	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3864	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3864	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3864	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3864	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3864	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3864	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3864	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3864	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3864	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3864	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3864	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3864	4596	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://github.com/Endermanch/MalwareDatabase
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff865929758,0x7ff865929768,0x7ff865929778
2⤵
PID:4280

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=1804,i,4642143410636686400,14037213786690734402,131072 /prefetch:2
2⤵
PID:2168

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1804,i,4642143410636686400,14037213786690734402,131072 /prefetch:8
2⤵
PID:2712

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1804,i,4642143410636686400,14037213786690734402,131072 /prefetch:8
2⤵
PID:3864

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3232 --field-trial-handle=1804,i,4642143410636686400,14037213786690734402,131072 /prefetch:1
2⤵
PID:1084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3220 --field-trial-handle=1804,i,4642143410636686400,14037213786690734402,131072 /prefetch:1
2⤵
PID:1148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 --field-trial-handle=1804,i,4642143410636686400,14037213786690734402,131072 /prefetch:8
2⤵
PID:4936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5192 --field-trial-handle=1804,i,4642143410636686400,14037213786690734402,131072 /prefetch:8
2⤵
PID:1580

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 --field-trial-handle=1804,i,4642143410636686400,14037213786690734402,131072 /prefetch:8
2⤵
PID:3324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2816 --field-trial-handle=1804,i,4642143410636686400,14037213786690734402,131072 /prefetch:1
2⤵
PID:672

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3212 --field-trial-handle=1804,i,4642143410636686400,14037213786690734402,131072 /prefetch:1
2⤵
PID:4996

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3380 --field-trial-handle=1804,i,4642143410636686400,14037213786690734402,131072 /prefetch:8
2⤵
PID:2444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 --field-trial-handle=1804,i,4642143410636686400,14037213786690734402,131072 /prefetch:8
2⤵
PID:4908

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2768 --field-trial-handle=1804,i,4642143410636686400,14037213786690734402,131072 /prefetch:1
2⤵
PID:2536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 --field-trial-handle=1804,i,4642143410636686400,14037213786690734402,131072 /prefetch:8
2⤵
PID:4472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5628 --field-trial-handle=1804,i,4642143410636686400,14037213786690734402,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3296 --field-trial-handle=1804,i,4642143410636686400,14037213786690734402,131072 /prefetch:8
2⤵
PID:1680

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3308 --field-trial-handle=1804,i,4642143410636686400,14037213786690734402,131072 /prefetch:1
2⤵
PID:1588

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3756 --field-trial-handle=1804,i,4642143410636686400,14037213786690734402,131072 /prefetch:8
2⤵
PID:3228

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3904

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1384

C:\Users\Admin\AppData\Local\Temp\Temp1_FakeActivation.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_FakeActivation.zip\[email protected]"
1⤵
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:4088

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"
2⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4464

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3796

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\3ccb193c55c14c85ac6a2776f15c3b17 /t 4504 /p 4464
1⤵
PID:4052

C:\Users\Admin\AppData\Local\Temp\Temp1_YouAreAnIdiot.zip\YouAreAnIdiot.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_YouAreAnIdiot.zip\YouAreAnIdiot.exe"
1⤵
PID:4752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4752 -s 1200
2⤵
- Program crash
PID:2036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4752 -ip 4752
1⤵
PID:2224

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
PID:3508

C:\Users\Admin\Downloads\YouAreAnIdiot\YouAreAnIdiot.exe
"C:\Users\Admin\Downloads\YouAreAnIdiot\YouAreAnIdiot.exe"
1⤵
PID:2308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 1560
2⤵
- Program crash
PID:3764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 2308 -ip 2308
1⤵
PID:1992

C:\Users\Admin\AppData\Local\Temp\Temp1_000.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_000.zip\[email protected]"
1⤵
- Enumerates connected drives
- Sets desktop wallpaper using registry
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4476

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\windl.bat""
2⤵
PID:2616

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im explorer.exe
3⤵
- Kills process with taskkill
PID:1332

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
3⤵
- Kills process with taskkill
PID:3692

C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic useraccount where name='Admin' set FullName='UR NEXT'
3⤵
PID:4368

C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic useraccount where name='Admin' rename 'UR NEXT'
3⤵
PID:2728

C:\Windows\SysWOW64\shutdown.exe
shutdown /f /r /t 0
3⤵
PID:3392

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa39bf055 /state1:0x41c64e6d
1⤵
PID:2244

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Web Service

T1102

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
d2fb266b97caff2086bf0fa74eddb6b2

SHA1
2f0061ce9c51b5b4fbab76b37fc6a540be7f805d

SHA256
b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a

SHA512
c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
944B

MD5
6bd369f7c74a28194c991ed1404da30f

SHA1
0f8e3f8ab822c9374409fe399b6bfe5d68cbd643

SHA256
878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d

SHA512
8fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
39KB

MD5
e9bb1892979ff9c4045c72d4e2e4310c

SHA1
a04b08d745106556bc54fe3865e4b23a5279c317

SHA256
315e9e4947a9e7e76b814c74c65eebe921c403bab92bdaf2ee4b9b25dde53e3c

SHA512
562ad1e7dd1bc6f16646338e92213a26c2c99d92508abc584390afb9c1a3ee95f78a8300296fb949256fc38d84c1b07aeafa58b1d5c4a11c166b04051b2447e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
41KB

MD5
016bb18f40f76996ba8025dd77fdddac

SHA1
d6f714e5a8d97fc6e97b7c8133e68c703c9bd876

SHA256
7c45e962bd395befcb49b2b0b78bb5a131335681edd2c24d1184d6f5b97ae215

SHA512
eabedbd917edbbc75cf48f6fd3fc080444acdc37952b5545e79b4eacd245caa80a52df714fda4a71c613f96f50410b3fcc5809f54b62d4b401d8690977a5a69a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
31KB

MD5
b1de6a1b0e55bf48e8423ef4f232f506

SHA1
ae7dbb2e80dd5d0da0feaa10ce0457facc6ba598

SHA256
f403191c2289f94c90cb23fac47e731f9fe050629d772988736f7b8c84e50b24

SHA512
8268b68a1bcfa27bbdfb86de5d6df2ac45d6cf46e33282f73bedcaa80852e9125ebe1432dcc8c83826191002ceeaa49b9b1c7447dd8931b971d80a67e86eef1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
16KB

MD5
23607149ede688319bed9d4b4a519ec2

SHA1
d5760abf4b46395b9aabef6b316467770169ef69

SHA256
359bc28f70f359efd5f3358800d379ad74ca8d59a334a11fb35408178544d356

SHA512
52d096e2e75256de6335e18b448cca7f4dcedb568daea70dec57df9c7ebe7049578c3dde5553265d9f962bd5a79cbb8ba55631f9f8367381bc92aa3af9ae7f7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
19KB

MD5
39b3153aec1389748d7aea7b1ecbffd4

SHA1
f9840264c67a5d7db64b4beb7f3adab18bf4171f

SHA256
dcfe833b312be0b1af66e043b3e165f399a70c435200d0bca4f7cd95d7999531

SHA512
72aa2325b03f7f0ceab345cb300b672382cfeb6b10d1cacaf98d8c9704ce4993d14538fef5d0691e10e95562246d6de6d82c73781a120f7d19e9a1ff201c867e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
17KB

MD5
ea7400c1a953a4f5fc7b56ea1121bc8d

SHA1
75ec8f4bfcedbf27b87eb468181ac784cd4b7973

SHA256
6d3163967a8d73de7a090695fa96dc5854098982b0a9499c5132b0dc0f25d65b

SHA512
9813ec1eba0634316d1d47392ae60dbd2575952ed9879631045417dd96f38e52a9f63a2ee4d3753938cfa5287c8c95f75432e2ed8f074cb1c49b57017106614b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
27KB

MD5
be669d8cab649d89ea0f7f8d07157e58

SHA1
caeae1b1c97ea9ee709630bd791e8058072b2e47

SHA256
f65d1928cf157ac4aafc5ba993e85f999f6bcf0897424e49a95126f8589cfc9c

SHA512
10d496f85403db20fd40e76ee092768df65d503285654b7e975555a1d4858a058e177cc8f3de197238f0a75e53cf116efedc276a129dcf2e4620365b656e3127

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
58KB

MD5
4cc0516441a4e8f5ccbdf2bbf9eccc89

SHA1
f122279816a1ce710f81287fc74e3a4661f3d5ee

SHA256
8312e56d9d48b117fb599c1887f4c18323d0580458ba5c88adf3f58f5029d33f

SHA512
2147631e18913d1f04d35e8f21a70a65edce779c02d8f31a840a359984e421ddf624e5d2e6b9c78916c42c16366336d69073324d84805871cb369d90590cd7dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
19KB

MD5
9197216dcf9309b3c87624101c55cdcc

SHA1
93abea4d8c1104997f298f4526f48cd033ad49ff

SHA256
99e4073234ccaf467540a7ecb200f307435b5e2067d3fa06e0aac40f4b50d168

SHA512
5fefef09cc9dbcbce1c34888c91cc1a6e1982a149f72188344bc49a4dc9bdbe681270b0ebce9964da7441f19f6550345621fa28f93c7a84b336a2fb3279d1522

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
8c21dfa2b77134a17fdb33f8db3588cf

SHA1
193041c52e352c6474dcb373c392a1c9168c785f

SHA256
1464dd8b6901a2b8b6d490948713aed3ea1a32c10269f1e1ec8004904baf31dc

SHA512
7285a7eb1be5733c188f35b982823f4d93935f658181347e6cf02d29c5587b2d7215f1f4c0125a8ef02f187ce22717718964e10ea27a9806e5b8ca37fbbe9aff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
2e7457b8327ef79673735b6ef50358eb

SHA1
69dd18a9a6581c5dbc496a2b4824b4c52f7f94ea

SHA256
7355c0c66646cbcbe691001a41e2f60af8b070588ee34252a704d2ae3dd02d5a

SHA512
503b9f64309664a0b0bdae43efe74c0107cfb56ff648fe3e79d15a20f541d39b383d4b019e453f09a7d2ffedf0f267c36a0dd21faddc11c128322cd43169b4ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c87337e0b559ec23d58f0719f5420ce0

SHA1
418755b0bd131c04a5b0cc4782ee48e11e89fe6f

SHA256
f9a5ccc337e2a4a1f3eea536fd1089bae39ead4341007152d1ed10eb66dda809

SHA512
036892377f249da80f9698d5fad1674b6051cc8ca5e9a504e853c58ab70f5f54c3b6756c6b6b5c5e72c600e28a968e8edfa57101e4d38f736dc4a21e6c68557b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f047ab47b6e0032744fc0a3f1c3b392b

SHA1
4d9738e341fa64e6210467d12ec2a039e3e404cb

SHA256
2171b7bad1a889eb75ab957197412a9b3c95050b73c8a2f81c6689fcf7a20732

SHA512
f76bc70d84a7c3b53be2bdf80ff93cf465e1965c90f0467f22a4eee8e31afc50f22c19d0d41ae0153c60b187e23658134e5ad95efef50860bcc3747557471552

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
cff995f95cd90590c0f46b84ed62bcb4

SHA1
6f238f213e115e8365abe22b899eed27ff3a7eda

SHA256
a310e5649fa5c1b9a6b8ae5b906bfd26d9dd2759323571e150a991d2e38c3304

SHA512
a4f3a3d8bedf7708b9fcd7c97c52074339d9ceb51dee442f097a801e81d59797df2938c48d5f66d78768399ac509a4bedd71f1a674d1c877eaad2d596f34593b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
d07507f063095e9f11727fc1299c0db6

SHA1
6251aa0588535ecc206d2fc1eb5ced2288adbde1

SHA256
869ff523d0e18b7c1d2624a701c449c1206ed7396ecdfe267b6ccf8bc2fbc290

SHA512
4b5dfc8f5a8fecccb2da71029d79e748aab65d2cd4806bea977a6a741c7477a41a87f8933b8b6e49295a3ce8536c451b9c9be73d0a46d1ad730975c7331efa74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e6e93cf45de9e72b42214553a80c82f8

SHA1
465a09c00a6c336b5d19edbf0dc41e7ecb9a02fa

SHA256
799cfbb796cc6833a9847f15740bc6f1bbc8c8f71486677bbd72fdf442a057b2

SHA512
6d43f92f061d2824e75dbc5b89338584c464d6e1cf0cbe2943f5095805c4d2bf7913cfc892165b8cef1588ce2710fb808f6117a42ce7178acfbd63ef9b139b6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
042a65f81941bd2ca3e4cf8fb2e031fc

SHA1
cf679b7dd8d8c47c37685ac7ac66ef0ceb1927bf

SHA256
5320f723f302c85d90f7b9d7fefcf311ce03b639ee04015ba9efad095209f37e

SHA512
9c0f38e7f196705f3d22e53e085b69e75e1a2a61fca6bf3a0061af56f1fe871e2b2183e757c7281fecdbc7ae27b1836d61e51b30ecdb88fa98a9c1708374de35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
836513c1a5e10ef77fd23a2b8f619d44

SHA1
43be6e1f5c847f95cd22fbd94aaa454cbb4015e0

SHA256
4566e3938de3001f01f6f4c9f4c34d913113e52364e47696aca44061508df356

SHA512
c12bc82cd9157ced29d553ad88d2e55ca45b43a44d6576f1cc3a80610f174e4371c147d8ad82812ae1dc6019a9978ef9ec9015fa0bdb4ae4f50e2b39b9619a14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6401730b7921178c9a51f3bcb8cbbeae

SHA1
bf45fa63ade4f176754ea7daee81e7d2d2c61b79

SHA256
e249834e90fa77299cc6dba5b48018a6c097d46e989558ec8b9e19853f5bc7a6

SHA512
fbbe2524105040d796861961a8ec82dc0dadb22fd28866ebdd4685fd6af0b29597b47541bac0569afd4b2cf7b36bb5b77bdd195848418f01e76b39603c07eb02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a0e386a391c6b3d435e05595a320ca54

SHA1
54d555dd96744ab96eaa997369295f76f744566b

SHA256
ac3a9a4351bc1ccab75802bdfa704ee40455698cc93135130cd01e893d50a6e6

SHA512
33081c6a0c7c7293a8a589e3d56a1c744e5fa5d858394a0562e2a4c38629e9c3a1efa2227d369e3022b81ad6cd2a5a3ebcc55e9ce781532f9a7cc9ee86cf842f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8996dc2970b296793414a6616f03474c

SHA1
8af7c36243faff87f464dfd2c63cf442c1ceac7d

SHA256
fd855c3cc577b7338a3d82dc13af360af8ab7cf22a0ded083363802064080686

SHA512
8125fe750816357f5daa3f290a6dbb3acaae8678b32a0c6dece8f8f38a61b1ca6993d3aec0c87114494246f2095642dcd629fbcd8ddf0cb6a298c5515da4b251

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2fd0464cdc59c30d793d950654bd0d56

SHA1
41fd86e550d83b298e8cf63612ecaa987f390411

SHA256
ea887e0303ef56c17a0653d37fcf5aa6b75cfcfafd83b4b40360282071262bde

SHA512
8cca1eafc675022d49ae52c3771911af9d83e374f4f74046eaec3d0a108ee13eec0fcf281b44f42e691f3bc60a80b5e5d7deda60dbc9b9e56130bd097f512c51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
75b1f33d0bbd3c18d3544cff70ac339e

SHA1
2a2b6a3382be030b045b4c026057c2ea9e7a8f00

SHA256
1c25efb188ebc1a38ce17925d2c42704bf6a249af28d189dfccb87875deb1a47

SHA512
1c613ee34726e0c1513c9ebf3f0840021bfa712816dbf1b777fdedc0f37cf3d7390b1925a74cfa304fcfc38ddad502d85d4699c6460bb5911f69a8f257f5f5bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f5b5690aff4217f3a8f23124c8b34309

SHA1
0ea8d4bee59b0875601e2f1b1c4bf1b3f00c53d6

SHA256
a57eedbc96dbdb277f123598fdc7faa305d969b4faa7e852a56acc3a9a7685da

SHA512
4b5b1b394658c9969c4c35d2f4fc4a25775547d62fdad9c403603fe4e41ccfd8a21c32a2dac03b1aec42d3b16b181ed196a2be96e6d4af21685a9c10329aa45c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c6561f182545b17db5a5e47e665f6b68

SHA1
bc164cd9bb43b7f11d0fe62ff0eb1e007f8be286

SHA256
f04dfb2dd9c2db5d9c667b7c246126a474c24f107f4c560bfbecdf8dad1f333e

SHA512
fa049b4fb82d64564e52927ff99dcfcc49875277ac575df87b65d5f6e03003305aff58c2a37c62a63c318fbe99e813ffe8286b1082965d156caec91d7265da1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
515cfc613a7ce3b5e60ef2e1eca8528e

SHA1
c1dd8fe5ed2975961b554ee7be1032560d77ae14

SHA256
34a0849d08c49df493937bc5f138b127446a6a50946749f7c490acbd561a764c

SHA512
b47ce348060bf727c89885c81b7ad32a0c9206d7f64b18572a00e49c1f3ffd9b786dd94f1b01e8dd34f942429e238555c1f0870fd11bcb5d52dee416f894a0bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9c1f4e5a4da352622f74232df6dd8f81

SHA1
de684d7cb1417f9123ace715f63af8c232ff16ea

SHA256
4dd3824df7643573352992360bfa74c37d9bd6acd63d3aa050cece4f77c6ad74

SHA512
db280866aedfd46d70f5ead55ae7fde6cabefba8e6d8c03b79d0ea1508c400e6dac93f8346ce4675ce836b5e9ed7acf5bc3d10ddb78016f6a5773b180edd8a6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
243c9c58846243055c00e9d87134efe8

SHA1
fde31f27aec8eeb7932fe783fd160cb76e372331

SHA256
c968fb1c84d976386714c0abc8ce790438ef68fbd8c87fc5cc63a64fa2f26698

SHA512
f078a2fd6552dc90f5f1a5a6ac50efc441a592b1011853af8e7c8fe5d27f2bb993de2fff55d9579a3a6fd949ccf37e21d14031a5ea2d020d1a3b793ec8b74a8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
c636016262a61235a9139972664d7f0e

SHA1
be691a5f37f58c71f3da7ed38366bad1ee655cff

SHA256
fa595b114d5fb768a0237aaa37f9cbb12912f64bdfdbd197f6276e1d4fd285cb

SHA512
a5a0303bc50e3d3c42d7daf816ef30b33f74594877b97e233872f74ea9bb6f95a4c93c4571b0e9d60a562729fe048ae29d11a5372609bde8d55421bf887cf5a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
7baf773c3181f2984e927bca70f561b8

SHA1
a6e6c595da4a7bf771eff13069fe10a26d9acc64

SHA256
a1c3b15f529ff0db8fc5e56666adbb8fa79c054861aa57902f78dd85ce0cb273

SHA512
1792ee576a832df0f83e929a23be8e9202ca8aa547988a9b9059cd11ec78f531b073cde96603c74fe359ccdd10f8e0413c553b2f9e699012fcf94ec5c87218e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
4a9f9c1e1dad15614b58bb6cb61e773b

SHA1
59faad763966fd6bc1470cc8dd88a6f7c52035da

SHA256
378650aad7c9c9f33887ad02eb0c84bf52f89db33c4afce28d1fc426cad1b86f

SHA512
bf179da4c76077a68960a42ec28b728c596cbd11993757bbf73c450323e22ffe818ff4b9f1dc94232fe2c26cea67b72b549c866f2a449fe5e0716861b850a4c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
6c49aa8b00e044495cf6862c9fd719e0

SHA1
d3b88900ea99e9c8a41ddd1216713f84b5b636b8

SHA256
df5ba1ffe661f8787b6ebb46ef4452f493bdc8507d00a30c984b5a9fcf5cad7d

SHA512
57813571d907c18f4a6d2d0874c031147a962950f29d9b7db9b3d99b734d93798aedc1d7159c203903732765e6157ad65ecdc5af6520dbd84d0bdebbf5ab809c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
404a6244ae4d6195b29fa6e38f094c63

SHA1
f1a00c311c347a09f53c2743680e2385eb215eed

SHA256
d515a6939b931e1d4c07dd77483aa8c6919f5274fe1d00e690501e92e1bf9260

SHA512
fa2a92800f445be9508278994403e78be47f4e3b63c378cf85a56d65c4bb8a5f16e4bf7b2ec59c355b94fe2f31d38f797f91a63ca9c3a9d4acd920c6442efde2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
0870837c97307f65e1b7feb2cbaa17d1

SHA1
d65abd90828d71bad8ecad118ef1b62c59d53400

SHA256
f4bc2419a41cb5431c2be716fc85a779d5c318a72e18b57663bbf5e15b4b65a0

SHA512
08874402bf4856d4478c4763f13066a44b7c72f0ad1d941b3130447550cc22706000881e19bd45ca4866ea3502a10dc45ec9a921d18acec7759baba4e7dca0f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
f42789284d3cf2674f8a73ac5aedce4f

SHA1
40c56fec80e62b2efd6a1df52301ac6ef6935ddf

SHA256
422d869f1f7f4444f0d170cd4703306e3a0ee61c2491ca3d5d4bfb5ea3c517dd

SHA512
c0e93e7ad89a6b7050d40333db5c5c6583c4e073a2efa5e20f81322a25073b7f39705fe06f562bd031f9c614df81f464d34b8b2646f1d68d780b7002ecc1e819

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
105KB

MD5
4fe0dfa0038ee528e6cd761684c728e2

SHA1
15ff0e2543e847cb60ec38ea6d79587618804b70

SHA256
851e43c93ad98a8df40f6101b369d2ea554e5e902a1965dd57e57a9aa0eec289

SHA512
c0b5ba2a49448e1a81c651701646f6855f2bafcca4c4327581ee47526cc718b662b0009d76cf485cf59b6f939b60c55b60341488d56a650134d23afdbded767e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
110KB

MD5
435a38fbcd35c2df44d945b3d889d147

SHA1
ff77c301b6fa7a0507d3d284f78b238d7db7eed1

SHA256
65bbb9585e9824847bc69cf2c0e3cd1cce6202cb90f1f1551ad7c0e87def1d9f

SHA512
c396a1cc5d267f88814dc4e080989bf203354220de67180e57314cef4ad0fbad985b6ec4e0505f6a0eee5f3666858067465aa48d85743a84c76741b3c7cee8a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57c2b4.TMP

Filesize
96KB

MD5
bcbdce4b7b018995743b339e554c8a33

SHA1
1041ebb83d0ac6f1496772cbe909b766d9ccc0d3

SHA256
30ce1b961e1890f65466a37a8248a09041050da776352d99449de415e1cc652f

SHA512
3786f199c168b231f2581a31e6ad4da1d49497ca9d5afbce8cba31eb7a7e9403bd356d8f659cf8c35ff9c9987c436009c53fcfe0703d718c5bd1a43d477d98d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
64KB

MD5
b17223e59994f60c5833030795f2bcac

SHA1
66f5f5caf68849cfe574cbef7f8278dacdafdd5f

SHA256
49fdaa4ee215c3a142144184d0e82964efb4c11c7d8ce726c5806bfca13888ca

SHA512
c7aea16c9327e9c19860c4a1487a94cb7edc8953d57aef9617a6d9accd645eb3fecf5e81f0eca6348f9dea86077d55d00546fc270bcd5d5cb9d8c864d9bf0003

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.2\WMSDKNS.XML.bak

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Temp\one.rtf

Filesize
403B

MD5
6fbd6ce25307749d6e0a66ebbc0264e7

SHA1
faee71e2eac4c03b96aabecde91336a6510fff60

SHA256
e152b106733d9263d3cf175f0b6197880d70acb753f8bde8035a3e4865b31690

SHA512
35a0d6d91178ec10619cf4d2fd44d3e57aa0266e1779e15b1eef6e9c359c77c384e0ffe4edb2cde980a6847e53f47733e6eacb72d46762066b3541dee3d29064

Download Submit
C:\Users\Admin\AppData\Local\Temp\rniw.exe

Filesize
76KB

MD5
9232120b6ff11d48a90069b25aa30abc

SHA1
97bb45f4076083fca037eee15d001fd284e53e47

SHA256
70faa0e1498461731f873d3594f20cbf2beaa6f123a06b66f9df59a9cdf862be

SHA512
b06688a9fc0b853d2895f11e812c48d5871f2793183fda5e9638ded22fc5dc1e813f174baedc980a1f0b6a7b0a65cd61f29bb16acc6dd45da62988eb012d6877

Download Submit
C:\Users\Admin\AppData\Local\Temp\text.txt

Filesize
396B

MD5
9037ebf0a18a1c17537832bc73739109

SHA1
1d951dedfa4c172a1aa1aae096cfb576c1fb1d60

SHA256
38c889b5d7bdcb79bbcb55554c520a9ce74b5bfc29c19d1e4cb1419176c99f48

SHA512
4fb5c06089524c6dcd48b6d165cedb488e9efe2d27613289ef8834dbb6c010632d2bd5e3ac75f83b1d8024477ebdf05b9e0809602bbe1780528947c36e4de32f

Download Submit
C:\Users\Admin\AppData\Local\Temp\v.mp4

Filesize
81KB

MD5
d2774b188ab5dde3e2df5033a676a0b4

SHA1
6e8f668cba211f1c3303e4947676f2fc9e4a1bcc

SHA256
95374cf300097872a546d89306374e7cf2676f7a8b4c70274245d2dccfc79443

SHA512
3047a831ed9c8690b00763061807e98e15e9534ebc9499e3e5abb938199f9716c0e24a83a13291a8fd5b91a6598aeeef377d6793f6461fc0247ec4bbd901a131

Download Submit
C:\Users\Admin\AppData\Local\Temp\windl.bat

Filesize
771B

MD5
a9401e260d9856d1134692759d636e92

SHA1
4141d3c60173741e14f36dfe41588bb2716d2867

SHA256
b551fba71dfd526d4916ae277d8686d83fff36d22fcf6f18457924a070b30ef7

SHA512
5cbe38cdab0283b87d9a9875f7ba6fa4e8a7673d933ca05deddddbcf6cf793bd1bf34ac0add798b4ed59ab483e49f433ce4012f571a658bc0add28dd987a57b6

Download Submit
C:\Users\Admin\Desktop\Free Youtube Downloader.lnk

Filesize
2KB

MD5
3c583057f694f6285d5789983eeb417f

SHA1
6483699c86db196ecf87ff1304b563d5b0febbe8

SHA256
4925aed77089ee5e1bed37a506260b503ce58bcf325dd7a75aab51b7e12b3e29

SHA512
dd5fd5cc94bbfa1bfe1ff7e16d032ddc299ddbbb3163ec837aa3be008684937f3c85dcd1de05664336140a46bc9220948c93cc342c1fa115ecbd0f2599568c25

Download Submit
C:\Users\Admin\Desktop\UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR N1XT.txt

Filesize
396B

MD5
9037ebf0a18a1c17537832bc73739109

SHA1
1d951dedfa4c172a1aa1aae096cfb576c1fb1d60

SHA256
38c889b5d7bdcb79bbcb55554c520a9ce74b5bfc29c19d1e4cb1419176c99f48

SHA512
4fb5c06089524c6dcd48b6d165cedb488e9efe2d27613289ef8834dbb6c010632d2bd5e3ac75f83b1d8024477ebdf05b9e0809602bbe1780528947c36e4de32f

Download Submit
C:\Users\Admin\Downloads\000.zip

Filesize
119KB

MD5
d113bd83e59586dd8f1843bdb9b98ee0

SHA1
6c203d91d5184dade63dbab8aecbdfaa8a5402ab

SHA256
9d3fe04d88c401178165f7fbdf307ac0fb690cc5fef8b70ee7f380307d4748f8

SHA512
0e763ff972068d2d9946a2659968e0f78945e9bf9a73090ec81f2a6f96ac9b43a240544455068d41afa327035b20b0509bb1ad79a28147b6375ed0c0cf3efec5

Download Submit
C:\Users\Admin\Downloads\FakeActivation.zip.crdownload

Filesize
275KB

MD5
6db8a7da4e8dc527d445b7a37d02d5d6

SHA1
4fcc7cff8b49a834858d8c6016c3c6f109c9c794

SHA256
7cc43d4259f9dbe6806e1c067ebd1784eaaf56a026047d9380be944b71e5b984

SHA512
b1b4269da8a0648747c4eee7a26619b29d8d1182fe12446c780091fef205a7b5e6fb93c9b74c710cca5d2e69600579b9d470e31a32689ecc570d0c4bbe4fe718

Download Submit
C:\Users\Admin\Downloads\YouAreAnIdiot.zip

Filesize
223KB

MD5
a7a51358ab9cdf1773b76bc2e25812d9

SHA1
9f3befe37f5fbe58bbb9476a811869c5410ee919

SHA256
817ae49d7329ea507f0a01bb8009b9698bbd2fbe5055c942536f73f4d1d2b612

SHA512
3adc88eec7f646e50be24d2322b146438350aad358b3939d6ec0cd700fa3e3c07f2b75c5cd5e0018721af8e2391b0f32138ab66369869aaaa055d9188b4aa38d

Download Submit
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe

Filesize
153KB

MD5
f33a4e991a11baf336a2324f700d874d

SHA1
9da1891a164f2fc0a88d0de1ba397585b455b0f4

SHA256
a87524035509ff7aa277788e1a9485618665b7da35044d70c41ec0f118f3dfd7

SHA512
edf066968f31451e21c7c21d3f54b03fd5827a8526940c1e449aad7f99624577cbc6432deba49bb86e96ac275f5900dcef8d7623855eb3c808e084601ee1df20

Download Submit
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe

Filesize
153KB

MD5
f33a4e991a11baf336a2324f700d874d

SHA1
9da1891a164f2fc0a88d0de1ba397585b455b0f4

SHA256
a87524035509ff7aa277788e1a9485618665b7da35044d70c41ec0f118f3dfd7

SHA512
edf066968f31451e21c7c21d3f54b03fd5827a8526940c1e449aad7f99624577cbc6432deba49bb86e96ac275f5900dcef8d7623855eb3c808e084601ee1df20

Download Submit
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe

Filesize
153KB

MD5
f33a4e991a11baf336a2324f700d874d

SHA1
9da1891a164f2fc0a88d0de1ba397585b455b0f4

SHA256
a87524035509ff7aa277788e1a9485618665b7da35044d70c41ec0f118f3dfd7

SHA512
edf066968f31451e21c7c21d3f54b03fd5827a8526940c1e449aad7f99624577cbc6432deba49bb86e96ac275f5900dcef8d7623855eb3c808e084601ee1df20

Download Submit
\??\pipe\crashpad_4596_GSHCMPHYVTKVMPAD

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2308-750-0x0000000004F20000-0x0000000004F2A000-memory.dmp

Filesize
40KB

Download
memory/2308-751-0x0000000004F10000-0x0000000004F20000-memory.dmp

Filesize
64KB

Download
memory/3796-580-0x0000018B07DF0000-0x0000018B07DF1000-memory.dmp

Filesize
4KB

Download
memory/3796-578-0x0000018B07DF0000-0x0000018B07DF1000-memory.dmp

Filesize
4KB

Download
memory/3796-585-0x0000018B07DF0000-0x0000018B07DF1000-memory.dmp

Filesize
4KB

Download
memory/3796-584-0x0000018B07DF0000-0x0000018B07DF1000-memory.dmp

Filesize
4KB

Download
memory/3796-579-0x0000018B07DF0000-0x0000018B07DF1000-memory.dmp

Filesize
4KB

Download
memory/3796-586-0x0000018B07DF0000-0x0000018B07DF1000-memory.dmp

Filesize
4KB

Download
memory/3796-590-0x0000018B07DF0000-0x0000018B07DF1000-memory.dmp

Filesize
4KB

Download
memory/3796-589-0x0000018B07DF0000-0x0000018B07DF1000-memory.dmp

Filesize
4KB

Download
memory/3796-588-0x0000018B07DF0000-0x0000018B07DF1000-memory.dmp

Filesize
4KB

Download
memory/3796-587-0x0000018B07DF0000-0x0000018B07DF1000-memory.dmp

Filesize
4KB

Download
memory/4088-545-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/4464-577-0x0000020DC3450000-0x0000020DC3460000-memory.dmp

Filesize
64KB

Download
memory/4464-576-0x0000020DC3450000-0x0000020DC3460000-memory.dmp

Filesize
64KB

Download
memory/4464-548-0x0000020DC3450000-0x0000020DC3460000-memory.dmp

Filesize
64KB

Download
memory/4464-547-0x0000020DA8DC0000-0x0000020DA8DEE000-memory.dmp

Filesize
184KB

Download
memory/4476-880-0x0000000000250000-0x00000000008FE000-memory.dmp

Filesize
6.7MB

Download
memory/4476-915-0x000000000AE60000-0x000000000AE70000-memory.dmp

Filesize
64KB

Download
memory/4476-904-0x000000000AE90000-0x000000000AEA0000-memory.dmp

Filesize
64KB

Download
memory/4476-900-0x000000000AD50000-0x000000000AD88000-memory.dmp

Filesize
224KB

Download
memory/4476-906-0x000000000AE90000-0x000000000AEA0000-memory.dmp

Filesize
64KB

Download
memory/4476-914-0x000000000AE90000-0x000000000AEA0000-memory.dmp

Filesize
64KB

Download
memory/4476-889-0x0000000005350000-0x0000000005360000-memory.dmp

Filesize
64KB

Download
memory/4476-911-0x000000000AE60000-0x000000000AE70000-memory.dmp

Filesize
64KB

Download
memory/4476-912-0x000000000AE60000-0x000000000AE70000-memory.dmp

Filesize
64KB

Download
memory/4476-913-0x000000000AE90000-0x000000000AEA0000-memory.dmp

Filesize
64KB

Download
memory/4476-907-0x000000000AE90000-0x000000000AEA0000-memory.dmp

Filesize
64KB

Download
memory/4476-901-0x000000000A2B0000-0x000000000A2BE000-memory.dmp

Filesize
56KB

Download
memory/4476-1745-0x0000000005350000-0x0000000005360000-memory.dmp

Filesize
64KB

Download
memory/4476-888-0x0000000005350000-0x0000000005360000-memory.dmp

Filesize
64KB

Download
memory/4476-1744-0x0000000005350000-0x0000000005360000-memory.dmp

Filesize
64KB

Download
memory/4476-905-0x000000000AE90000-0x000000000AEA0000-memory.dmp

Filesize
64KB

Download
memory/4752-711-0x0000000000E40000-0x0000000000EB2000-memory.dmp

Filesize
456KB

Download
memory/4752-712-0x0000000005830000-0x00000000058CC000-memory.dmp

Filesize
624KB

Download
memory/4752-713-0x0000000005E80000-0x0000000006424000-memory.dmp

Filesize
5.6MB

Download
memory/4752-717-0x0000000005B50000-0x0000000005B60000-memory.dmp

Filesize
64KB

Download
memory/4752-715-0x0000000005910000-0x000000000591A000-memory.dmp

Filesize
40KB

Download
memory/4752-716-0x0000000005BC0000-0x0000000005C16000-memory.dmp

Filesize
344KB

Download
memory/4752-714-0x0000000005970000-0x0000000005A02000-memory.dmp

Filesize
584KB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads