271319b95a4992827b8aa1aef16e9d4bf3074e7e3444c7947881fd2ba4cdb8a0

Resubmissions

04-06-2023 23:32

230604-3jsr7seb32 8

04-06-2023 23:15

04-06-2023 23:14

04-06-2023 23:14

04-06-2023 23:11

Analysis

max time kernel
1210s
max time network
1213s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
04-06-2023 23:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Morpheus Crypter.exe
Size

1.4MB
MD5

1aa43e7d7e2e812792f06312db0757d8
SHA1

606a3060aac710287dd02b36b2999fecb9e67932
SHA256

894041eeb6bf1a9b30e3492c7effef36c7e7fe4c6369f52893ccf12cd01362ff
SHA512

8c148a5627e57e89209c17c96377d74130f3f780008830e0ecf75cff4666701d0521c8f3bcefd44148d564fc26f56ff39e794863d54af899fdcf935dea713121
SSDEEP

24576:ovtzecScg7UdHaebuoXlXNPiCXaRt1CGgJs3bO0Yts0POvlNQFfokUolc8VB/w/c:6tUEaSsf1LgJue0l8/w/c

Score

8^/10

discovery persistence

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Control Panel\International\Geo\Nation	winrar-x64-622.exe
Key value queried	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Control Panel\International\Geo\Nation	Morpheus Crypter.exe

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\S-1-5-21-144354903-2550862337-1367551827-1000.lnk	WScript.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\S-1-5-21-144354903-2550862337-1367551827-1000.lnk	WScript.exe

Executes dropped EXE 5 IoCs

pid	Process
4816	0.exe
4476	0.exe
1820	winrar-x64-622.exe
400	uninstall.exe
4548	WinRAR.exe

Loads dropped DLL 1 IoCs

pid	Process
3132	Process not Found

Modifies system executable filetype association 2 TTPs 8 IoCs

persistence

Modify Registry

T1112

Change Default File Association

T1042

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\	uninstall.exe

Registers COM server for autorun 1 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32\ = "C:\\Program Files\\WinRAR\\rarext.dll"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32\ThreadingModel = "Apartment"	uninstall.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 60 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\WinRAR\ReadMe.txt	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\License.txt	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\Default.SFX	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\WhatsNew.txt	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\Rar.exe	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\Resources.pri	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-32.png	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\Rar.txt	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\Rar.txt	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\WhatsNew.txt	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\7zxa.dll	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-48.png	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-64.png	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\Order.htm	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\7zxa.dll	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\Zip.SFX	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\Zip.SFX	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\RarFiles.lst	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\Uninstall.exe	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\RarExt32.dll	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\Uninstall.lst	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\RarExtInstaller.exe	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\RarExtInstaller.exe	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\WinRAR.exe	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\RarExtPackage.msix	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\Zip64.SFX	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\Rar.exe	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\Descript.ion	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\WinCon64.SFX	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\__tmp_rar_sfx_access_check_241654031	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\License.txt	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\UnRAR.exe	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\RarExtPackage.msix	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\WinCon64.SFX	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\ReadMe.txt	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\Uninstall.exe	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\UnRAR.exe	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\Default64.SFX	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\Default64.SFX	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\RarFiles.lst	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\Default.SFX	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\rarnew.dat	uninstall.exe
File opened for modification	C:\Program Files\WinRAR\Uninstall.lst	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\RarExt.dll	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-32.png	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-64.png	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\Resources.pri	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\Zip64.SFX	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-48.png	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\WinRAR.chm	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\Descript.ion	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\Order.htm	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\WinRAR.exe	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\WinCon.SFX	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\WinRAR.chm	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\zipnew.dat	uninstall.exe
File created	C:\Program Files\WinRAR\RarExt.dll	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\RarExt32.dll	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\WinCon.SFX	winrar-x64-622.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 2 IoCs

pid	pid_target	Process	procid_target
4056	1940	WerFault.exe	96
4232	1284	WerFault.exe	128

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133303957005040520"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	chrome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r19\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.uu	uninstall.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings	uninstall.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	7zG.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\ = "RAR recovery volume"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\shell\open\command\ = "\"C:\\Program Files\\WinRAR\\WinRAR.exe\" \"%1\""	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r14\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.lha	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.7z\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.tbz2\ = "WinRAR"	uninstall.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0 = 5a00310000000000c4562ebc100053797374656d33320000420009000400efbe874f7748c4562ebc2e000000b90c0000000001000000000000000000000000000000230e7600530079007300740065006d0033003200000018000000	7zG.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	7zG.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32\ThreadingModel = "Apartment"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinRAR	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.r22	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.z	uninstall.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	7zG.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.uu\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.zst\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\ContextMenuHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r05\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r28\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.rar\ShellNew	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.r15	uninstall.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic"	7zG.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	7zG.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.r05	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r13\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r21\ = "WinRAR"	uninstall.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0 = 560031000000000054567aa2100057696e646f777300400009000400efbe874f7748c45654bc2e00000000060000000001000000000000000000000000000000e82d8900570069006e0064006f0077007300000016000000	7zG.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	7zG.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.r06	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\ContextMenuHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.gz	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\DefaultIcon	uninstall.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 020000000100000000000000ffffffff	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.r08	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.r28	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.lz	uninstall.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	7zG.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\ = "WinRAR ZIP archive"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shell	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.rev\ = "WinRAR.REV"	uninstall.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	7zG.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}	uninstall.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2196	Morpheus Crypter.exe
2196	Morpheus Crypter.exe
2196	Morpheus Crypter.exe
2196	Morpheus Crypter.exe
2196	Morpheus Crypter.exe
2196	Morpheus Crypter.exe
2196	Morpheus Crypter.exe
2196	Morpheus Crypter.exe
2196	Morpheus Crypter.exe
2196	Morpheus Crypter.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5040	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4816	0.exe
Token: SeDebugPrivilege	5040	taskmgr.exe
Token: SeSystemProfilePrivilege	5040	taskmgr.exe
Token: SeCreateGlobalPrivilege	5040	taskmgr.exe
Token: SeDebugPrivilege	1940	0.exe
Token: SeDebugPrivilege	4476	0.exe
Token: SeDebugPrivilege	1408	0.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe
5040	taskmgr.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2904	7zG.exe
3264	chrome.exe
3264	chrome.exe
3264	chrome.exe
1820	winrar-x64-622.exe
1820	winrar-x64-622.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2196 wrote to memory of 4904	2196	Morpheus Crypter.exe	90
PID 2196 wrote to memory of 4904	2196	Morpheus Crypter.exe	90
PID 2196 wrote to memory of 4904	2196	Morpheus Crypter.exe	90
PID 2196 wrote to memory of 4816	2196	Morpheus Crypter.exe	91
PID 2196 wrote to memory of 4816	2196	Morpheus Crypter.exe	91
PID 2652 wrote to memory of 3276	2652	chrome.exe	108
PID 2652 wrote to memory of 3276	2652	chrome.exe	108
PID 2652 wrote to memory of 540	2652	chrome.exe	110
PID 2652 wrote to memory of 540	2652	chrome.exe	110
PID 2652 wrote to memory of 540	2652	chrome.exe	110
PID 2652 wrote to memory of 540	2652	chrome.exe	110
PID 2652 wrote to memory of 540	2652	chrome.exe	110
PID 2652 wrote to memory of 540	2652	chrome.exe	110
PID 2652 wrote to memory of 540	2652	chrome.exe	110
PID 2652 wrote to memory of 540	2652	chrome.exe	110
PID 2652 wrote to memory of 540	2652	chrome.exe	110
PID 2652 wrote to memory of 540	2652	chrome.exe	110
PID 2652 wrote to memory of 540	2652	chrome.exe	110
PID 2652 wrote to memory of 540	2652	chrome.exe	110
PID 2652 wrote to memory of 540	2652	chrome.exe	110
PID 2652 wrote to memory of 540	2652	chrome.exe	110
PID 2652 wrote to memory of 540	2652	chrome.exe	110
PID 2652 wrote to memory of 540	2652	chrome.exe	110
PID 2652 wrote to memory of 540	2652	chrome.exe	110
PID 2652 wrote to memory of 540	2652	chrome.exe	110
PID 2652 wrote to memory of 540	2652	chrome.exe	110
PID 2652 wrote to memory of 540	2652	chrome.exe	110
PID 2652 wrote to memory of 540	2652	chrome.exe	110
PID 2652 wrote to memory of 540	2652	chrome.exe	110
PID 2652 wrote to memory of 540	2652	chrome.exe	110
PID 2652 wrote to memory of 540	2652	chrome.exe	110
PID 2652 wrote to memory of 540	2652	chrome.exe	110
PID 2652 wrote to memory of 540	2652	chrome.exe	110
PID 2652 wrote to memory of 540	2652	chrome.exe	110
PID 2652 wrote to memory of 540	2652	chrome.exe	110
PID 2652 wrote to memory of 540	2652	chrome.exe	110
PID 2652 wrote to memory of 540	2652	chrome.exe	110
PID 2652 wrote to memory of 540	2652	chrome.exe	110
PID 2652 wrote to memory of 540	2652	chrome.exe	110
PID 2652 wrote to memory of 540	2652	chrome.exe	110
PID 2652 wrote to memory of 540	2652	chrome.exe	110
PID 2652 wrote to memory of 540	2652	chrome.exe	110
PID 2652 wrote to memory of 540	2652	chrome.exe	110
PID 2652 wrote to memory of 540	2652	chrome.exe	110
PID 2652 wrote to memory of 540	2652	chrome.exe	110
PID 2652 wrote to memory of 388	2652	chrome.exe	111
PID 2652 wrote to memory of 388	2652	chrome.exe	111
PID 2652 wrote to memory of 2604	2652	chrome.exe	112
PID 2652 wrote to memory of 2604	2652	chrome.exe	112
PID 2652 wrote to memory of 2604	2652	chrome.exe	112
PID 2652 wrote to memory of 2604	2652	chrome.exe	112
PID 2652 wrote to memory of 2604	2652	chrome.exe	112
PID 2652 wrote to memory of 2604	2652	chrome.exe	112
PID 2652 wrote to memory of 2604	2652	chrome.exe	112
PID 2652 wrote to memory of 2604	2652	chrome.exe	112
PID 2652 wrote to memory of 2604	2652	chrome.exe	112
PID 2652 wrote to memory of 2604	2652	chrome.exe	112
PID 2652 wrote to memory of 2604	2652	chrome.exe	112
PID 2652 wrote to memory of 2604	2652	chrome.exe	112
PID 2652 wrote to memory of 2604	2652	chrome.exe	112
PID 2652 wrote to memory of 2604	2652	chrome.exe	112
PID 2652 wrote to memory of 2604	2652	chrome.exe	112
PID 2652 wrote to memory of 2604	2652	chrome.exe	112
PID 2652 wrote to memory of 2604	2652	chrome.exe	112

C:\Users\Admin\AppData\Local\Temp\Morpheus Crypter.exe
"C:\Users\Admin\AppData\Local\Temp\Morpheus Crypter.exe"
1⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2196
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\test.vbs"
  2⤵
  - Drops startup file
  PID:4904
- C:\Users\Admin\AppData\Local\Temp\0.exe
  C:\Users\Admin\AppData\Local\Temp\0.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:4816

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5040

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1084

C:\Users\Admin\Desktop\0.exe
"C:\Users\Admin\Desktop\0.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1940
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1940 -s 804
  2⤵
  - Program crash
  PID:4056

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 432 -p 1940 -ip 1940
1⤵
PID:2508

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost
1⤵
PID:4992

C:\Users\Admin\AppData\Local\Temp\0.exe
"C:\Users\Admin\AppData\Local\Temp\0.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4476

C:\Users\Admin\Desktop\0.exe
"C:\Users\Admin\Desktop\0.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x120,0x124,0x128,0x11c,0x12c,0x7ffd8b6e9758,0x7ffd8b6e9768,0x7ffd8b6e9778
  2⤵
  PID:3276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 --field-trial-handle=1836,i,6196864766713182315,18253144043361190513,131072 /prefetch:2
  2⤵
  PID:540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1836,i,6196864766713182315,18253144043361190513,131072 /prefetch:8
  2⤵
  PID:388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1792 --field-trial-handle=1836,i,6196864766713182315,18253144043361190513,131072 /prefetch:8
  2⤵
  PID:2604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3240 --field-trial-handle=1836,i,6196864766713182315,18253144043361190513,131072 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3252 --field-trial-handle=1836,i,6196864766713182315,18253144043361190513,131072 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4604 --field-trial-handle=1836,i,6196864766713182315,18253144043361190513,131072 /prefetch:1
  2⤵
  PID:3808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4720 --field-trial-handle=1836,i,6196864766713182315,18253144043361190513,131072 /prefetch:8
  2⤵
  PID:1676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4868 --field-trial-handle=1836,i,6196864766713182315,18253144043361190513,131072 /prefetch:8
  2⤵
  PID:3876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5052 --field-trial-handle=1836,i,6196864766713182315,18253144043361190513,131072 /prefetch:8
  2⤵
  PID:4332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 --field-trial-handle=1836,i,6196864766713182315,18253144043361190513,131072 /prefetch:8
  2⤵
  PID:3892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4016 --field-trial-handle=1836,i,6196864766713182315,18253144043361190513,131072 /prefetch:1
  2⤵
  PID:976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5460 --field-trial-handle=1836,i,6196864766713182315,18253144043361190513,131072 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1048 --field-trial-handle=1836,i,6196864766713182315,18253144043361190513,131072 /prefetch:8
  2⤵
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5524 --field-trial-handle=1836,i,6196864766713182315,18253144043361190513,131072 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3948 --field-trial-handle=1836,i,6196864766713182315,18253144043361190513,131072 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5668 --field-trial-handle=1836,i,6196864766713182315,18253144043361190513,131072 /prefetch:2
  2⤵
  PID:2372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4764 --field-trial-handle=1836,i,6196864766713182315,18253144043361190513,131072 /prefetch:1
  2⤵
  PID:3340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=892 --field-trial-handle=1836,i,6196864766713182315,18253144043361190513,131072 /prefetch:1
  2⤵
  PID:3320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3416 --field-trial-handle=1836,i,6196864766713182315,18253144043361190513,131072 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4616 --field-trial-handle=1836,i,6196864766713182315,18253144043361190513,131072 /prefetch:1
  2⤵
  PID:1216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1048 --field-trial-handle=1836,i,6196864766713182315,18253144043361190513,131072 /prefetch:8
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5628 --field-trial-handle=1836,i,6196864766713182315,18253144043361190513,131072 /prefetch:8
  2⤵
  PID:1004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4600 --field-trial-handle=1836,i,6196864766713182315,18253144043361190513,131072 /prefetch:8
  2⤵
  PID:3124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 --field-trial-handle=1836,i,6196864766713182315,18253144043361190513,131072 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:3264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5240 --field-trial-handle=1836,i,6196864766713182315,18253144043361190513,131072 /prefetch:1
  2⤵
  PID:3556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5840 --field-trial-handle=1836,i,6196864766713182315,18253144043361190513,131072 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=4664 --field-trial-handle=1836,i,6196864766713182315,18253144043361190513,131072 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5068 --field-trial-handle=1836,i,6196864766713182315,18253144043361190513,131072 /prefetch:8
  2⤵
  PID:3156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=5524 --field-trial-handle=1836,i,6196864766713182315,18253144043361190513,131072 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5712 --field-trial-handle=1836,i,6196864766713182315,18253144043361190513,131072 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3352 --field-trial-handle=1836,i,6196864766713182315,18253144043361190513,131072 /prefetch:8
  2⤵
  PID:3008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4704 --field-trial-handle=1836,i,6196864766713182315,18253144043361190513,131072 /prefetch:8
  2⤵
  PID:4044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4592 --field-trial-handle=1836,i,6196864766713182315,18253144043361190513,131072 /prefetch:8
  2⤵
  PID:1244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3304 --field-trial-handle=1836,i,6196864766713182315,18253144043361190513,131072 /prefetch:8
  2⤵
  PID:680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5564 --field-trial-handle=1836,i,6196864766713182315,18253144043361190513,131072 /prefetch:8
  2⤵
  PID:3736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1784 --field-trial-handle=1836,i,6196864766713182315,18253144043361190513,131072 /prefetch:8
  2⤵
  PID:4872
- C:\Users\Admin\Downloads\winrar-x64-622.exe
  "C:\Users\Admin\Downloads\winrar-x64-622.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Suspicious use of SetWindowsHookEx
  PID:1820
- - C:\Program Files\WinRAR\uninstall.exe
    "C:\Program Files\WinRAR\uninstall.exe" /setup
    3⤵
    - Executes dropped EXE
    - Modifies system executable filetype association
    - Registers COM server for autorun
    - Drops file in Program Files directory
    - Modifies registry class
    PID:400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=3304 --field-trial-handle=1836,i,6196864766713182315,18253144043361190513,131072 /prefetch:1
  2⤵
  PID:3980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=5256 --field-trial-handle=1836,i,6196864766713182315,18253144043361190513,131072 /prefetch:1
  2⤵
  PID:4884

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1768

C:\Users\Admin\Desktop\0.exe
"C:\Users\Admin\Desktop\0.exe"
1⤵
PID:1284
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1284 -s 776
  2⤵
  - Program crash
  PID:4232

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 404 -p 1284 -ip 1284
1⤵
PID:3752

C:\Users\Admin\Desktop\0.exe
"C:\Users\Admin\Desktop\0.exe"
1⤵
PID:4656

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" a -i#7zMap1963:120:7zEvent4701 -seml. -ad -saa -- "Desktop"
1⤵
PID:4208

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" a -i#7zMap19280:120:7zEvent27993 -seml. -ad -saa -- "Desktop"
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2904

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" a -i#7zMap26382:120:7zEvent794 -t7z -seml. -sae -- "Desktop.7z"
1⤵
PID:4004

C:\Program Files\WinRAR\WinRAR.exe
"C:\Program Files\WinRAR\WinRAR.exe" a -ieml. -ep1 -scul -r0 -iext -imon1 -- . C:\Users\Admin\Desktop\0.exe C:\Users\Admin\Desktop\RunNet
1⤵
- Executes dropped EXE
PID:4548

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

T1042

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\552-309453441-12-5-1-S\S-1-5-21-144354903-255.exe

Filesize
1.4MB

MD5
1aa43e7d7e2e812792f06312db0757d8

SHA1
606a3060aac710287dd02b36b2999fecb9e67932

SHA256
894041eeb6bf1a9b30e3492c7effef36c7e7fe4c6369f52893ccf12cd01362ff

SHA512
8c148a5627e57e89209c17c96377d74130f3f780008830e0ecf75cff4666701d0521c8f3bcefd44148d564fc26f56ff39e794863d54af899fdcf935dea713121

Download Submit
C:\Program Files\WinRAR\Rar.txt

Filesize
109KB

MD5
18eeb70635ccbe518da5598ff203db53

SHA1
f0be58b64f84eac86b5e05685e55ebaef380b538

SHA256
27b85e1a4ff7df5235d05b41f9d60d054516b16779803d8649a86a1e815b105b

SHA512
0b2a295b069722d75a15369b15bb88f13fbda56269d2db92c612b19578fc8dadf4f142ebb7ee94a83f87b2ddd6b715972df88b6bb0281853d40b1ce61957d3bd

Download Submit
C:\Program Files\WinRAR\RarExt.dll

Filesize
664KB

MD5
608f972a89e2d43b4c55e4e72483cfd5

SHA1
1b58762a3ae9ba9647d879819d1364e787cb3730

SHA256
dd989631b1b4f5450766ad42aec9a0e16718a0d23bc694fa238a4d54b02be417

SHA512
3c410d19aaa780e4fe25b331f85bdd8ccd0a9f585d538afdf216dfcd5c3a6ee911924bcca9078af689c4610f23a31e5a89c7c84144356e8dedceac7fb020960a

Download Submit
C:\Program Files\WinRAR\Uninstall.exe

Filesize
437KB

MD5
36297a3a577f3dcc095c11e5d76ede24

SHA1
ace587f83fb852d3cc9509386d7682f11235b797

SHA256
f7070f4bb071cd497bf3067291657a9a23aab1ca9d0ab3f94721ef13139ce11b

SHA512
f7a3937f9ffb5ebaac95bddc4163436decdd6512f33675e3709227a1a7762588a071143140ed6bb2a143b006931e5c8b49486647800f0de2e5c355e480f57631

Download Submit
C:\Program Files\WinRAR\Uninstall.exe

Filesize
437KB

MD5
36297a3a577f3dcc095c11e5d76ede24

SHA1
ace587f83fb852d3cc9509386d7682f11235b797

SHA256
f7070f4bb071cd497bf3067291657a9a23aab1ca9d0ab3f94721ef13139ce11b

SHA512
f7a3937f9ffb5ebaac95bddc4163436decdd6512f33675e3709227a1a7762588a071143140ed6bb2a143b006931e5c8b49486647800f0de2e5c355e480f57631

Download Submit
C:\Program Files\WinRAR\WhatsNew.txt

Filesize
103KB

MD5
eaeee5f6ee0a3f0fe6f471a75aca13b8

SHA1
58cd77ef76371e349e4bf9891d98120074bd850c

SHA256
f723976575d08f1001b564532b0a849888135059e7c9343c453eead387d7ae4c

SHA512
3fc5994eefce000722679cf03b3e8f6d4a5e5ebfd9d0cc8f362e98b929d1c71e35313a183bfe3ab5adbd9ce52188ade167b8695a58ebd6476189b41627512604

Download Submit
C:\Program Files\WinRAR\WinRAR.chm

Filesize
317KB

MD5
11d4425b6fc8eb1a37066220cac1887a

SHA1
7d1ee2a5594073f906d49b61431267d29d41300e

SHA256
326d091a39ced3317d9665ed647686462203b42f23b787a3ed4b4ad3e028cc1e

SHA512
236f7b514560d01656ffdee317d39e58a29f260acfd62f6b6659e7e2f2fca2ac8e6becac5067bab5a6ceaeaece6f942633548baeae26655d04ac3143a752be98

Download Submit
C:\Program Files\WinRAR\WinRAR.exe

Filesize
2.5MB

MD5
04fbad3541e29251a425003b772726e1

SHA1
f6916b7b7a42d1de8ef5fa16e16409e6d55ace97

SHA256
0244b889e1928a51b8552ab394f28b6419c00542a1bbc2366e661526790ec0a7

SHA512
3e85cf46dd5a7cadc300488e6dadea7f271404fb571e46f07698b3e4eaac6225f52823371d33d41b6bbd7e6668cd60f29a13e6c94b9e9cb7e66090af6383d8b2

Download Submit
C:\Program Files\WinRAR\WinRAR.exe

Filesize
2.5MB

MD5
04fbad3541e29251a425003b772726e1

SHA1
f6916b7b7a42d1de8ef5fa16e16409e6d55ace97

SHA256
0244b889e1928a51b8552ab394f28b6419c00542a1bbc2366e661526790ec0a7

SHA512
3e85cf46dd5a7cadc300488e6dadea7f271404fb571e46f07698b3e4eaac6225f52823371d33d41b6bbd7e6668cd60f29a13e6c94b9e9cb7e66090af6383d8b2

Download Submit
C:\Program Files\WinRAR\uninstall.exe

Filesize
437KB

MD5
36297a3a577f3dcc095c11e5d76ede24

SHA1
ace587f83fb852d3cc9509386d7682f11235b797

SHA256
f7070f4bb071cd497bf3067291657a9a23aab1ca9d0ab3f94721ef13139ce11b

SHA512
f7a3937f9ffb5ebaac95bddc4163436decdd6512f33675e3709227a1a7762588a071143140ed6bb2a143b006931e5c8b49486647800f0de2e5c355e480f57631

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
65KB

MD5
11d02a19f74371252b8eae2e999cb7df

SHA1
f874ba3fff48d2d66993fc7273600157b45ad3c6

SHA256
938e7a13f211e8841b9c3964ca3d56a8c84aca79536f04d8045383197e7ac685

SHA512
b4ed9fd4b11938ceb9fcd43759f1fe3a0ee81d4aab53477db9d958086370dc78a132701bca34f2eac5fb55599106f27adb267ebb8a39e1ad810e92ef815f2036

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
37KB

MD5
5b0c0d429185ff30e04c93f67116d98f

SHA1
8eb3286fe16a5bee5a0164b131bc534fd131f250

SHA256
f1a0b957050b529afc0e94c436976326124ed8968183859c413986487623294d

SHA512
6295bcd662325172b15c476d26f23c8794c4f1454e0e8cfd43bca79b45aa03e1ae721ebdada1c52fe7699027fa97699156280ff259ce3cc476e322ccc0337902

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

Filesize
30KB

MD5
14714a5bc8bbcc1bfa05219e80a410b9

SHA1
692d05a0ccb9f98590f68a66f57b8f751291d44c

SHA256
05a43f3e84b7439b3d5e193079c665dd46ba639a69f4ba8c5819c89294e5e6a5

SHA512
9b493790caa175fe72b477f7cb4fbdaea0c4eaf03f41abe6498ee54fd0368e66a454703918d84bfccc2eca2f40182d7440eba7ca8b018695a6c4e1d110dc361b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
24KB

MD5
10a8c8280a511a73bfba05ecb46d1c76

SHA1
5021d62934ce6c0eccd43a1f2d2fdde542a119ec

SHA256
4a67b59ab2d434801e34391f0f8c046ac0d7ac2f0e6860bc3fe1ef89e2de318d

SHA512
9b4e11a6032d86e45d4d9fdd4c2c38af26281e883014aaebe1bc9b3fb78b92689863108c7632f5f6950181ae772728fea2712b036840c16f8880ab6b02eefb12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

Filesize
33KB

MD5
1c781c7b2ab0369c2efac1067b59b993

SHA1
3dfb2529308d9e0141eee078537493ef68bec141

SHA256
6821f43ec06d9e7a642507b96fc3c195cecc48972055ef0e9c9a3b3b039a86ec

SHA512
e810bcf1485a4f1f516f331991955e42a83120e576fb542f45c316f3fac238e467174b7a55b74b48d86f0afe0b1cd093fe0e2dd97ca16713411d0fd1db8060ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

Filesize
34KB

MD5
34acb8661ddd067bcd6f107d0f8d34dc

SHA1
7ac24b328710e92349204368b746e5b2f10cd905

SHA256
f1dcba471fc89bb741c70833553891898bd008ccd388f848ff196cba85632a4a

SHA512
c4e0079afd3894ccf66b1cf60eb365e4a1d7c9e6c5508e52765a8e02376eead8180c2d165701fd3bca051ef671f169998666dac2cc69bb61726a99cf82b00e19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

Filesize
70KB

MD5
11efcf9245cd2f9eb699c2f32e8a7954

SHA1
93bfdb902fe735b0e8ca9b44ae7e99922932fe9e

SHA256
b85cf2c9f2fc972bc4868511a0696eb63dfcc7aef0ba962491d4a2bb7185bd61

SHA512
ccfca261a41351d86343b2b9e1b3381f95de6b0b5243384d392a0c7770b4761658cc3da99f9816572b8610994fff09b9973f749549d5291ca2cb027494ee1a72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

Filesize
118KB

MD5
627dfb62aeafdc8c6883e7f6e34c0cfc

SHA1
d80ce41efecd757eb594e1be9fd1b4bfdd185865

SHA256
af6da2e2700712ffb0d6c7d2b830a956f1ad464458d6d1b8cfeb52f4cf217310

SHA512
1582465b24d378271d361b026e8e48a35b20af8861ae8d88f34f8017969d9f4b37ed08c5c14d47cae9aae9093665d7e5e278f179ac6924e8c5b03228f9c81620

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
9b2d94ca51068a5df22dd70ed555e17d

SHA1
9f5b82863da8a737a876b1e05735340ca0777e9e

SHA256
5fbb8269006fcec0f55b1963077f7ad362970c2da6f2867af567feb254ac40f7

SHA512
fed55f4591c7f7e50d46e41bd44ffc8ece69a92dc70dabe48e0e1a8047de1ba0e03cc405379472e74cba62d7808889a7523a7a4a53dd679566af434cf59959b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
59b172b377c7c007e417ccfb55e17e90

SHA1
6912706aa3cf3870ca5ca9260144050f64311efb

SHA256
7603dd9f8b2241f68ef451b5eed7f3f48f417bccc2c6559464383deba023d98d

SHA512
840a0e68af1c8b3a1abc17d3931b5cbf9e612f06c8d1b79b93405ef00bbefa10b905d09fddbb4cd53a5c5326d8a278fb6ce6a43e90cc4367f523b7ffecd498fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
c4ce29441e9d3eb604538987b6d80836

SHA1
2dbe3251508dd4ef9f16fe80df16ec5ef0d16552

SHA256
920f936d0216d5a4631a484c8c52a5ae3cceb18610f3a00ebdb52d9635f8528d

SHA512
17d4de3235f47231add96d08ab3e0d5c032e3984bed211bdb2c13aa60a90d5df77f5ae62194278fdd7b4b5239744dcd67f9dc52703068f7803ba1188455a9a46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
754a6672258896b59a56df154f8849fe

SHA1
0389d5feea9a9c9fe1f0080a3f0982d3b31b2f56

SHA256
fffe7bc06b1b70e650cee261fe1ead01edb13a90870fa7c1da33a476b96ade3c

SHA512
58fa42c066ccf842b3ab5107aba66a786d3450521ec149e5298a5c5eda6e82e3dfd7cec12edd9f0b7497d773af9ce293ab1e5c032e8bedd1324597a97df2d50d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
fe5342360cd0f5a7d6590f212de12d85

SHA1
2b358e87c074489dc2d14f0a4e5a5c162bb450c7

SHA256
06f03f22b0b64e0fa25ab7042777a7d20af378b1358d1ba438f4784adc81abbc

SHA512
029d7d3d672cf69cdfbc3d77d1ffeda4cc44224aa040688261022604edcfc272bf9784842f9e3370a8046d51b53082e1961e8e628142aeaf07aaba5842812202

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
39837af1ea4d8ccebffb9bee9e458bb8

SHA1
7c3fa9ca507f0e940ba87a24a8da217f00b1b1be

SHA256
53f55e13d8b9a14be9fd7ef07ec841697050dbe0fd871ee6318374c24626b903

SHA512
3d65b8e11693e9e38cef16be1120bbc52e7bed22d7c9d7e9f92aade3cc6ec50357c57b647546a456ff61ca673fccbb72a0158108e29c4a67a2157a3d85f45563

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
d0426ad42e07759ed225a427927b1ab3

SHA1
3c6801fde818e1ac14e895147099ea420fedec4b

SHA256
677928d76deeb04c33322c5c65bd73fc7c7c80484235aeb6b1991b6cfc958269

SHA512
b687c6875bd941e8fe441b36a0618ed2e181245e3f583be5ac78bd07f650d5974d05051195ac8f3ddb5a6091a31a4c0e18d7dae9422a34ce83764d4965449d70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
c0d94906cd672ba93f9121af9a699718

SHA1
c2613c9e518f3b8d17d9cc8e05cb844e60a48979

SHA256
1984cea74dcdbeb81b190200047fd07e47713e336fd82904b0328feb235f1954

SHA512
a7c8a89ad2050c0ebec540e3f164d5147046a36961306288e7300d40ff955dd4eb7b016565a58f49949fa7d1c3c2d1308b0ef6eff18896a2332ef7fb49c62a77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
3bac1e26c4dcf23b90bc166696a24a3b

SHA1
ba9518b240282ca009cef950af6648275cc763d9

SHA256
42ee1a9103eb1cb67a000c590abfdc012d63226ffb00d7cb34820220eb78c3e7

SHA512
520c7bb0c7fbd150399a689f8c52fdf8490b76f205d9fea61dd15846a53e93afe15c91cfc1b0287f674060eb4d134f8bfe504469f59cd5dbf6f46188a48fc944

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
02a0dec2b908eca41f13f427f2cdde07

SHA1
c8fd774a7dc300ea7aefc1dfa00b7f24766fb4e6

SHA256
ba58ab267a830da76c17390fd513f8c2a890e1710511ff638aa610e65d3a2b16

SHA512
4f41fde7a3133eb6ac824f97ecf6b919b1d41ae5a9295ae93f1c8e7f504173258e49590d7b54bd68128557d40d53da6528653e79f53c112347e66fdd606f67b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
4101dcde555e157b201a0cd3e06a4fb5

SHA1
62f30d3014f7853d98d008d799bbf17bba850b39

SHA256
95888222cfd10618db6664b908bef1f0a11ed580ef5397c1737b3ef634d200bf

SHA512
ade37ad813e3579afbd3714f06bbfd8dcb2f838aab13f2ac19c31b9c005dcabc30aeeaed52365e30976f0c0fa7b00b54a13b5589af1e6b37ce0d01e40a856f95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
e14ccc0f9686458c565494b845602d4b

SHA1
47eb7db5ec9693c6ea401d9820a73c2985006c18

SHA256
1beb62406ec4b55f1da366f751eb93434a4195684d2120097a0032f2a2233cc2

SHA512
6c1261f7d429165f39128b6b452ab59cd8a394eeb795fee1fdea20c43089743f02cee72dbcf6fb909cdde4686bed2db45137d5b5ef78e629a3630fe5694ed873

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
46074e4da9cf6b18ceade27bde309a17

SHA1
0c9e64b35c211d058e17a4659045ed3edb28c6b7

SHA256
b44d27e032b1eb76a24e2e8571d4bbf26e6ce5f80b483eb23095758df3cc3d0f

SHA512
ffde7761f4ee33ba394764548e1970d0b800cbc81e3a0d58caaccf98f43e0ae0e2b4a6bbc931ee9ccda21128bac82d87b7c974ceccd1eecc9aff8764b0563e47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
a4e6a359257d1a5896d3628f3da6b716

SHA1
ebf9a2aebee99af3cfe70fac8f838d2e0c279457

SHA256
dac29913319d0b84efd2ada1bbb3fb280b6c0e65d8b06bdb8b41e83b73da5b7c

SHA512
56d3220a70822d30d6d739edd8e2972cb5ec69235462805d7e94e18c32df5081f7f9276178931b3b47d7de15477524e6f6eeb140462a034e19c87743174653f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9250be95b236198b493835f4a42dc48f

SHA1
cb3b72ac18837db78c1c8795c22ce040a37cba84

SHA256
6af953c9c1efbe2d8ca94a9991cf62acd74b190be5fedb23f060d2c92a7a3462

SHA512
1f8a691fea49029105ae5aeeb2c8f1508dada0a7708962dec67692429a4b22efed5df087ddc5c89f04ecf43a872e9c5e4e404fcf063c830b18fa7244512e0132

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a39d343109075232cdfe8ef5ea488a57

SHA1
aac1e316bf35e4678bc503ae649b23c625c36c9a

SHA256
13d4a4bbdcd2a997f5b5fb9ecf15d37d30875e0710453dd5a0367fae968f0198

SHA512
31a923faff7f747c5ed2b48b4e72ae971c52e272973c1e9959cf89306c4d772e2db1119412a77c11c2e9c91e9cafe892a1c0755f6528c2fa0e783d55e5b5d31e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
6b363c76667d45c57dedcd95b77874d3

SHA1
8848142125e7350ef854705492aeef4ea3b0335d

SHA256
8b4ea8ad10860b1311017b3ffd1456d32cb1f0987225146a77b03d3c2829e7ae

SHA512
f6eb29c5a1a564ca412b3400e97e95869cbdae6d2166857fad2f69ecabbaf4ba45d9413d3bff8335a4278ff6308fd65216e9b2861abdbbfc0a7166ac92460d17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
a2a3e7115db414b44bb174cab994e031

SHA1
c309a8c03e03dadc0f24f6e4ed117471a83793c6

SHA256
915460d9db916baa17fbe77b321c75a4edc6e05600890226c0225963cfb7ba28

SHA512
d216d3a9199fd73255d99230130961f5ba337469e82f97ed1622a7c452d323954d722d619b2f60ee31e6f16e0277f51015114a4e939ea957c0afd3ab369f0d49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6b0b94d7f99f10316289d27c5ffebf46

SHA1
c0deb27061abb4ed46bc58859a527908de98eaeb

SHA256
a3e97b1a0959226d8c3146a02c7f1cb0badb2cbc675ca85640e308294b7e4598

SHA512
279191e5c372dd21d9cfb8a005ee79a4028cc2a0eba3956869f33c2ff54dab5940c7289958a5e39f69c911e0830d6d365ee2ea3ce99a0382c02952c2710f79d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
660e076fa83f407c558e39a4ebf47830

SHA1
49f86097920ee8b1f7179d3e6d373354ed8a1e4b

SHA256
21e17a09d8f8c22e1460dbc429dcc75ef5325762b8f3bcf3a6c2b82726b7ed85

SHA512
6c432a354de36aa730fcd3453a8dcf74f82104efa0c36fc4ca2a80d5168231fda6ea4623730d082f462cd2c3d54cff54d1a14e757b9cfff88d51dcc10a00c47a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a21e3b7071d99509af1bd8293ac6af27

SHA1
64ed834f7fab8ad4579c3495bd0e4c711ea74716

SHA256
51fd41b42d4634c789ba703ed40ee429e378c5d270a371af35ded1a4441eb1b6

SHA512
9000e355049a9fe71a3820f768cdac3a807ad8351b7210825b8a444319613f566c8f3a9ca3049edaaade91f35c6b3d776c3b58284e49d125e65455a8b5f1c47d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
682a38c5fb037abc90d0f573f0a0da7d

SHA1
5cd59b31a0c678b76fa35f29420feee4d503b004

SHA256
6640fa8ef806e0acd83dee80b86ffb4c7f173d5cdae35387a1720ac01407123c

SHA512
bb0fe54938ffed54d0fc0cce99484b6a9460cd9ee1a72f252d3cbad1743c373260942122c00e62d1195665ea3aea1d834456eecc7281e6fb7be3c0de7ccc85f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b926d0d1e6899fcfd307cf58c0f16385

SHA1
3b50e4ffc10cbe7cc2e060b0876edfa2e0a49e4a

SHA256
4282d43708bc35bb6410cc33e1d1ab46841273f6397f7b0842c432db525af545

SHA512
5bc34b08fb1cdf9f46fe735bae08ba3d5209b5c3eb2824eee57a0885490d9714a5ffa7283d19e95947190295df15a1f16e0b91eb19dd4b8549df993641845e6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2a26603ada0cebe31176f5d63017c582

SHA1
985c003ce79c28a000b25501abdb9db0aa97b3a0

SHA256
5c5c231e6f52f778db73ad3b29a118116258c62ab5ed332caef5a9519c1385a1

SHA512
1e208fa2c3c2bb6a5f48e4baf4b506d45b5dc5d7ff8a62239ad03ad1aa999a69b1cf64cc0bc0ff17ab5ccbf81d879b053c0b931e2af7da39ee58136ccc31a56f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
870B

MD5
9dfbf024438c96ac163a7fd9febd15fd

SHA1
87ebbed46f8f557f66eb40c56dece66e786957cf

SHA256
e58c21c7706abf30faadff477c2cb1e9223a8a3bbfcb038043159075c0851979

SHA512
592593ecfaf74639a0d451013ed59821268934013b6a77778193842219d71208c61ed41f8530655e5cc7aa39bf1bc50729ef298c47fabd5f1768f6563b932629

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
474a1f41b2e68c45f2df4043e6f18b1b

SHA1
9483ccd1ee44c890ad8bd9b895d6c94f70e09ec2

SHA256
ae4c3c308e28621070d5581ddb974653ac9d0a6422f059ad76859169ba9f68d7

SHA512
fdb825b72d1e439f1dfb1e8428fe73b0991ec50d828f0222806d5355c7495abc54074a3c95c60a707b0148282bdf0a7a3b11960345d3c4cd143224cace307cda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
d524c45ef33fe14349d05ccd2401e860

SHA1
3ff8d931cfd19337f8abd907472263eec04a4d95

SHA256
6eebc5464e27375c7f2b912e2743a602ad6186e8ca0a00aceb6ba8e346a13b22

SHA512
cebe1592d215c2ce780b3bbb3587bfe770a77a5231ad3d8905da28abb65978eb26d8556971a852ae0d251f344c737b767e596fa044041b664784431c7bb35da1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
4146713eab4c94aee877d9108bd3daac

SHA1
d3f3fcb93488e6ec8f3bf8368e0bc53e7b693b87

SHA256
2c17fdacc2602843cb289db5fd13a098016d3f72576dc9b6828afce931c609af

SHA512
1ea4800c0c9e426ffb6e000eeecf77b5fee379dbc0ef63e776a9604fb24f3a245d7f9cafbee8e05755cb48ce0e6c8aef6c9b09ca112534e1e820d6a90285fe0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a505dda7e0676fa18741695606e72eff

SHA1
05e4dc2212b085aea17cec13405f390c21aa7587

SHA256
c20f1e41781467b91b095ea54fd3d543280201c9f15d1a14aa790cf5b8d9aac9

SHA512
6470fa32aeab48ad965ad3017add1af5e27abba3380108308ae14cf9a58f01a2da596a7d50873677119e610328013b4a7110d772c7bf42a1552f4e77bbf6f3f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
8b513de3d90023045afe143e92a9cd41

SHA1
9567d91b7a21110a1f8d4f07505d8b97a8173ebb

SHA256
29e90085045321432e264e7d8f5c0af4fe2d44d4322f9ee8140a816809105934

SHA512
49bbe611510d0023e292dbead1d6b6bc8d31492fc611deb6770bda9e07f41f9d0ae540878bbcf50e472efe3cb6e3563f7516f9a25e38648cf2e6b1a30f86f830

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
79eb38d9fd7ebb764dc8ae9a23d8922a

SHA1
7bed9c43b691f53da31b140834c4022efae64e19

SHA256
be88b0f00b44082ff4c6acc7c46397634ab17468b9062e6fdaf5d2136946e565

SHA512
19e69e1e70bfb1527f1df7e359f655c91bba42a872f281eb4c4402aaf60ec69916119f5b0a50c60a10b535edaafd92142d6f86fb0d77b5e789c16e914cd6cea0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
fcecc22f322cf104d82652c2ba0af0f5

SHA1
8a8a6a40fbf70e651c5140a686164a42c7475ccb

SHA256
421215ced33b3913a887c200ae54e5e2ccb51f94995f31c0399e015dd4b02eef

SHA512
aed22c379c0fbaf588799dae5dcfb154c1a0c07ffa8fc785607b9ff96a85314b0f9daa7a809d83722bcca1db53c903a573aa5683e901bf30498cc0cf96d4a346

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
67f35c3f1fcbb177626a0b0d98839f1f

SHA1
0447347d32e9613052f3cdb2d3d5a26eeed7a1e0

SHA256
137fa69386a26bbd1719324684a091d93434c75541bd76b905e154c4440ec83b

SHA512
d90bb3ccdbf29bfc1930fd62973bfb53d8c7bda21791a8342a20e97bcb9aa9010ac04ae2c369fc378bf3b30946e2b077547d66bac40478987c9efb9297a054ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
5dc371cc7956c7a2aa31d48d84c7570e

SHA1
1c88c39d680e8d3d076bba66af81d017afc33445

SHA256
024964a263835f528c04420f49edffff51bcf3a77a2689bbd30698db2f8be22b

SHA512
06f74a577788364dc22658451888fe3b2e4584260420a3c48b07427f5a5b679711e69bef90a602317609f6ae9b65a0e8caf7be8203343ba5b20d7b182a5041cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
3cb100ad19d0385ce57d58af80d91472

SHA1
77260bc644ef55c925741f76b1b422526a54b54c

SHA256
04cc377c4d2b1c41428b3ac10242cb2ed211fe08354f897b85b5108a1dfceb4b

SHA512
b624e7251489fcd9354116719d8ebe6a7d01121210c5c80312e2dd491d3e171dabd24c5920f5ce8eac7be3ce2f9acc4cabe1ad3fea6815dfec03c390ae418f56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
53503c64b94fa78cb1f3d929f18ca7c0

SHA1
053877657c36fe5659e5481a84d8462ad251620e

SHA256
cc546cf169a5bd88574cd17ddead4dbaf9ecc6c9c35d92edee920916f96a6023

SHA512
2fd92b29234e5bada42488b82e869acee74a32889a788353e20f4fed393cb090524023b4d084842accc77d333a4fc11d3456a07ff1fa3412302e382fa8548d88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6951e814022e012a8a81dbdd7b089fc1

SHA1
6eeb2f4bfad72f3d8bc42dac018a3ff5cb8e1510

SHA256
4cca959e16b7b7a518ad6a28a7a5a9c4caf5d7c29aeaa34fd51dea4635663270

SHA512
22b6308021ca671f65fc8e09d0fba0032b1eb8383f2b3c91cdc92a01867d5b5cace394179f6b01e1ca7ecf15c1c75002528ad6ad802eca94305ccdf3b176e9c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
fd31b69cd3446b445ffdaa4f0aa79bb8

SHA1
78276b56a3af58b82ce424202896394282760882

SHA256
81e9a42d994a6a7d16d093dfaeac9a780deb2120d41f2df184dd5fd59620c3b6

SHA512
78daf059f6bae2d6c9ee6946b70e94ba59b162df1ca1b74a8dad90d5d3315785b15212e9b693007f228563573be723573097a1c40cb4fc7cc826392fb9f75bae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
81aa5b0c2c73886e04861a595f74f22c

SHA1
f2ffbefe227640a63e6ca5e5a1588a04443497a2

SHA256
c31a780d34a1e2d48fbe8880d9f5a1fc1bd2ab0b2df23251bbcf6e79572c9e8c

SHA512
548d55f06192eef2ca6cf8586aa7a9b8bea99d498724615aabfbbe31d150b74b2722163c7df6df9e071d0d50ca8a30c101e775109f2113237260ea93d9b27e99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
3c7f52d3afaf745e4cbddc73ee8dc1c5

SHA1
a8d9ea1adf78480c25d47a5eea33bb81238bd97e

SHA256
196294521b5c844c5ef520c6799eed04a094e2df9e8b63861f619a2b1dff875c

SHA512
25ec6bc1165392aa73d6021c0bd4df0dd4013b6b3b36b7f8e9ba95f563ee7cffce47031370f8abf565844bd26f2dcf7dc0190a8c61608a52fb968b9623d50550

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
409147ce0ab62f1d4bb2bceb4e057a2a

SHA1
03a00fe651f04a193cc112a24659e923961e1f48

SHA256
2d10a94104b1e537bb8dcf5cf42fbdf2e4f4e18092a02fd1210c13f7917b6fe0

SHA512
c2c4ccd92312eeb94778fae945ef1442fd5b389ff301a8bb3639d48b7ab3914902101c0d89415e7297836eec534a16f491ae41d9dbd5bc342799eacdf2a409df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
d30bbd141905726a5c002008a5982de3

SHA1
d050a7bbe515e8d9758b9c5d802286102a38db7e

SHA256
74e49bb3893d76fa4e3d1425d4e259cf528b7113922eabe4a7b3393764d72d8f

SHA512
db39d1014d630d7c3523fabda57a24609016f544d79d2e499af9a0c6b8ca19435201ead65863d81c7d489e8378ccce755b4ba2e37d7385e09dfe53fd354355a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe61ba18.TMP

Filesize
48B

MD5
3c0ee6b8806f6c0b4977848596a97539

SHA1
3861929b611e5e937ae5987a0939ef3a15e17eb2

SHA256
f2fabe90d085941b1f4cfc083ae828743b40c559d509832f65a687e4d0343c95

SHA512
6fb0894cb6f3a3fd0a0388496e14fae64c0f1c5dcb89f797d065575ee716f7f4f9e831be0ec38c95ccee74e712b51ef68afae69275895ad0b278641029bcf6c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b9ed109f-5a5e-4dee-a014-6f3009be8b75.tmp

Filesize
6KB

MD5
7416debc3081b2f8b8ee167aa414b982

SHA1
9052fefdab871a9786f95b426d7a9e29ec8f71c4

SHA256
c0dceee0b5e99bac15216e2f115f35bce283ed735d4f378e1c82ba2454410dc8

SHA512
f0c024c0477a2baf47d68b108124739c975e629feb765e1433d92de8327c3f7b4a5b85ed58fef0c15aca7f5051bf5b812c4cf7f12b8b765425a6df74543069c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\f3b8f4ff-7c7a-450b-842c-783b8d407d72.tmp

Filesize
7KB

MD5
5aa02e8321e3e425bd536463be669f9d

SHA1
4731a9a29eeec1ca7ed4b95aeb36674aae96592d

SHA256
fa2b58602783c36161b0098aa93c83bb447fd426cb0525652bbad5551328269a

SHA512
0bb6deed2a3d4d7af0efbcacb59d810e4c95d2f64306d657075dd51785ff464df5339c9485e4315a3d4d98b2affeafc7cb096b29f18ee6d9fffe7d411824156b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
158KB

MD5
1f075ba36fa2370bc5b79366e8f20d45

SHA1
764e2e2419bdeefc7a243b5a4524bdcdadda2acb

SHA256
afdd75a13961c7e884d48bbd048b193191d1a0f415379a16c0dcb0a968b02a30

SHA512
d7d2bb3e43d8f9bed70fcd68afc76996ab9db1cc5bad80a705ee29237777e3f67f7cd4b9e0c35f342e2f2ce2b1102664b52280b5775df9a5e9028763e7ef9e16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
158KB

MD5
d7c4c0931f10b67f8228c2c7f1b0a8d0

SHA1
1374f5f259e5418c34b9a6a98eaf21dde7679827

SHA256
cfe915e92caceee2c9ef55d5e32fe8472565ec1dbad0749e4382f82fb578ff5a

SHA512
cceeea6149c1b5aca320a944759f46a6d13383aa6a0c1b86f52f077e4cd10dd51cdfed7c74d7174393dd03c70617eda1e2ab3d3a5f455f6160f8946deecac0b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
158KB

MD5
8ae2cb0b525fe9c40fa9f444646e0053

SHA1
d9dcefdb87dc69754e320adc546ad342cb2b5acd

SHA256
ba739de29e34a6200b7261d75931c01c98d19944e9c6486638765b35d4f7fea5

SHA512
fac88691c759972968bbf2019f0de3945c8f186852081cfaca06c9a39d1c10ed4181e86343f0dad5700decbb9fce8eefa2624a78ecb55e57f878b63ca094be8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
107KB

MD5
884ff0dcf11d37445b87ea92ffc33e9f

SHA1
447ccfd9802bac0d42d1f9cb85c8fcb7fdb956ec

SHA256
6218ed64812014b50dec64097975ded7b069d45b3b7c10b0e346276ec04505ad

SHA512
ce75f80896480c6b2b4bdf4340b6f95e53c15199bac6a4f1d895acec4b5b40e1ec48ca9cf717d8f2b3cdd8256472a2b0f6132b85ab4fbaf04f21de6724e3f335

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
114KB

MD5
c652bf916958994a3f2e4722d813fd47

SHA1
870fd70a8bf0851a66f88c870b1f1122e8f8f95c

SHA256
1fca69ee56e9744370890c60944fefc82cd3a7522381dbf77a750c519eecd0a4

SHA512
76be6939b0d5618b0eb46cc01b18e96bba7c7266e903011a5138476e1e282da8e8c642c3bfa61934bd98d87dcedd3d9a272e1bf67320f92047b306bcd052c700

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
102KB

MD5
b54beb7c2578b2de6b72cdb8aced703c

SHA1
8cb8f8e365c602da79c501bbad072bd51a960107

SHA256
ca17334619ffdbddb09ff84b70fcb1d766cfe93201c5bbc83f65321d5533f7f5

SHA512
7883af812974e451d6438c466e38f83f3acb895a1f9fbac9a16182001e86d4e346eb99318ba027ff74fee9f95c0e1a856e6eeb295a1b39b821b08c7687f55272

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5ebd14.TMP

Filesize
101KB

MD5
54d763124c5d7a65db75c7d09d46c6e5

SHA1
c7bfd8590815b42ac60a9f196cc5df6dd257458c

SHA256
687d61518349f1b31b97275e1bd187dbfb00b349f7d0ce446d05394686faeb29

SHA512
128b71aabde01271c878e38adcb710d7d5df33cd4297f82a832f85a30257c573690b33a89da8223ec9e2b416b670e987dde63bc9ad24ae9d3a7cb6cd5b3d71ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\0.exe.log

Filesize
1KB

MD5
baf55b95da4a601229647f25dad12878

SHA1
abc16954ebfd213733c4493fc1910164d825cac8

SHA256
ee954c5d8156fd8890e582c716e5758ed9b33721258f10e758bdc31ccbcb1924

SHA512
24f502fedb1a305d0d7b08857ffc1db9b2359ff34e06d5748ecc84e35c985f29a20d9f0a533bea32d234ab37097ec0481620c63b14ac89b280e75e14d19fd545

Download Submit
C:\Users\Admin\AppData\Local\Temp\0.exe

Filesize
336KB

MD5
8c9cecc003fd20db07692b1420169263

SHA1
304bc1e3b76369a2aa0fbe2925efcf57fd38e637

SHA256
e76823193642772db1a03757088624cfe059c047f0f064792c873876d75ba99c

SHA512
99cd19d27f8ea9681834d4d7bb74f3b09ae0d505006daed2c7788b91df5f1a50c020271625754d698413dfa2bece470775953bd58c5e9fdda1d1269ddd71c70a

Download Submit
C:\Users\Admin\AppData\Local\Temp\0.exe

Filesize
336KB

MD5
8c9cecc003fd20db07692b1420169263

SHA1
304bc1e3b76369a2aa0fbe2925efcf57fd38e637

SHA256
e76823193642772db1a03757088624cfe059c047f0f064792c873876d75ba99c

SHA512
99cd19d27f8ea9681834d4d7bb74f3b09ae0d505006daed2c7788b91df5f1a50c020271625754d698413dfa2bece470775953bd58c5e9fdda1d1269ddd71c70a

Download Submit
C:\Users\Admin\AppData\Local\Temp\0.exe

Filesize
336KB

MD5
8c9cecc003fd20db07692b1420169263

SHA1
304bc1e3b76369a2aa0fbe2925efcf57fd38e637

SHA256
e76823193642772db1a03757088624cfe059c047f0f064792c873876d75ba99c

SHA512
99cd19d27f8ea9681834d4d7bb74f3b09ae0d505006daed2c7788b91df5f1a50c020271625754d698413dfa2bece470775953bd58c5e9fdda1d1269ddd71c70a

Download Submit
C:\Users\Admin\AppData\Local\Temp\S-1-5-21-144354903-2550862337-1367551827-1000.lnk

Filesize
1KB

MD5
1638e84f5d56b958860c43902b95c585

SHA1
1bae3a7e3c3390a6ce3053e9c0362c1582fac35d

SHA256
5d4eecfb26d5a7def3a73d9a1919425eaa6e218c02dbfcb15d4149161cc4d5c8

SHA512
d48be9dc585cd387202fc4cf997ddf98f42e0b6620241bac1954db2f9efd3d7a9fd27a4fa3dde7d8fbfe9bd057338fe6ba2a1062362e88317e9790e9a23c0236

Download Submit
C:\Users\Admin\AppData\Local\Temp\test.vbs

Filesize
293B

MD5
1a9b49afc137fc8a72c3a3031294bafc

SHA1
e53f9c8bb77719fc805aa3386946e4471a718225

SHA256
5528aa3e48c7c24f40dc33f8080700239c5fa6291435a22cb3a8eb31d7336389

SHA512
3d23a12a871633fda59bd0c22b760d52e7be1fb3f34c83f0e65065bed970843644bccd3dafe464fc0c1c1b6e6663386e29542b6897a8d40ea5fd940ab6c660b4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\S-1-5-21-144354903-2550862337-1367551827-1000.lnk

Filesize
1KB

MD5
1638e84f5d56b958860c43902b95c585

SHA1
1bae3a7e3c3390a6ce3053e9c0362c1582fac35d

SHA256
5d4eecfb26d5a7def3a73d9a1919425eaa6e218c02dbfcb15d4149161cc4d5c8

SHA512
d48be9dc585cd387202fc4cf997ddf98f42e0b6620241bac1954db2f9efd3d7a9fd27a4fa3dde7d8fbfe9bd057338fe6ba2a1062362e88317e9790e9a23c0236

Download Submit
C:\Users\Admin\Desktop\Desktop.zip

Filesize
281KB

MD5
3f6c14a391dd192b87b097bf8f8405c9

SHA1
98ff5f53633715f856211f12f89ce4709363d20a

SHA256
37132da996be4d52e423e436d7bd877bb2e80f924b566c3ac098bb673d26c477

SHA512
7354aa4168128f9ba8cee5a6de004163b438f7ab6a31a6a8737d1f5ccc5eec13b8a70bcecacfe08f73b8bbe72bfed05422ea564f18230c5ceaa6ed1eb390173b

Download Submit
C:\Users\Admin\Desktop\RunNet

Filesize
23KB

MD5
340eb5a11f918efbc0a41766802a2561

SHA1
7e8aa70c95bea6073f0c428daa356223c33ea999

SHA256
fbb8a42c1a9f92a784ec5fee7c74817b5cf6d084d93da0c3654231f30d436b7b

SHA512
609b10587c8b23dd0eb18ee9adec9d98645700896c8ab45bab5cb5588aadf2c63b4e1b26cb94d98d306132a2061ba0df96b969ed003f060fe163d917c62d5d80

Download Submit
C:\Users\Admin\Downloads\winrar-x64-622.exe

Filesize
3.4MB

MD5
8a3faa499854ea7ff1a7ea5dbfdfccfb

SHA1
e0c4e5f7e08207319637c963c439e60735939dec

SHA256
e5e9f54a55ad4b936adaed4cca5b4d29bd6f308f1a0136a7e3c0f5fb234e7fff

SHA512
4c7474353dd64e1a1568b93e17be3f2f0eaf24b7d520339c033f46a517b0e048e88bda1b5d5bcfe62353930d8d76a7037ec6200882df8afc310322a5d5fceb25

Download Submit
C:\Users\Admin\Downloads\winrar-x64-622.exe

Filesize
3.4MB

MD5
8a3faa499854ea7ff1a7ea5dbfdfccfb

SHA1
e0c4e5f7e08207319637c963c439e60735939dec

SHA256
e5e9f54a55ad4b936adaed4cca5b4d29bd6f308f1a0136a7e3c0f5fb234e7fff

SHA512
4c7474353dd64e1a1568b93e17be3f2f0eaf24b7d520339c033f46a517b0e048e88bda1b5d5bcfe62353930d8d76a7037ec6200882df8afc310322a5d5fceb25

Download Submit
C:\Users\Admin\Downloads\winrar-x64-622.exe

Filesize
3.4MB

MD5
8a3faa499854ea7ff1a7ea5dbfdfccfb

SHA1
e0c4e5f7e08207319637c963c439e60735939dec

SHA256
e5e9f54a55ad4b936adaed4cca5b4d29bd6f308f1a0136a7e3c0f5fb234e7fff

SHA512
4c7474353dd64e1a1568b93e17be3f2f0eaf24b7d520339c033f46a517b0e048e88bda1b5d5bcfe62353930d8d76a7037ec6200882df8afc310322a5d5fceb25

Download Submit
memory/1284-345-0x000000001BC00000-0x000000001BC10000-memory.dmp

Filesize
64KB

Download
memory/1284-346-0x0000000001360000-0x0000000001361000-memory.dmp

Filesize
4KB

Download
memory/1408-190-0x0000000000C40000-0x0000000000C41000-memory.dmp

Filesize
4KB

Download
memory/1408-189-0x000000001B550000-0x000000001B560000-memory.dmp

Filesize
64KB

Download
memory/1408-191-0x000000001B550000-0x000000001B560000-memory.dmp

Filesize
64KB

Download
memory/1408-194-0x000000001B550000-0x000000001B560000-memory.dmp

Filesize
64KB

Download
memory/1408-192-0x000000001B550000-0x000000001B560000-memory.dmp

Filesize
64KB

Download
memory/1408-193-0x000000001B550000-0x000000001B560000-memory.dmp

Filesize
64KB

Download
memory/1940-180-0x0000000002260000-0x0000000002261000-memory.dmp

Filesize
4KB

Download
memory/1940-179-0x000000001AF90000-0x000000001AFA0000-memory.dmp

Filesize
64KB

Download
memory/2196-133-0x0000000000670000-0x0000000000671000-memory.dmp

Filesize
4KB

Download
memory/2196-137-0x0000000000400000-0x0000000000499000-memory.dmp

Filesize
612KB

Download
memory/2196-134-0x0000000000400000-0x0000000000499000-memory.dmp

Filesize
612KB

Download
memory/2196-145-0x0000000002F40000-0x0000000003035000-memory.dmp

Filesize
980KB

Download
memory/2196-135-0x0000000002490000-0x0000000002585000-memory.dmp

Filesize
980KB

Download
memory/2196-153-0x0000000002F40000-0x0000000003035000-memory.dmp

Filesize
980KB

Download
memory/2196-136-0x0000000002F40000-0x0000000003035000-memory.dmp

Filesize
980KB

Download
memory/4476-182-0x000000001B4F0000-0x000000001B500000-memory.dmp

Filesize
64KB

Download
memory/4476-183-0x0000000000D40000-0x0000000000D41000-memory.dmp

Filesize
4KB

Download
memory/4476-187-0x000000001B4F0000-0x000000001B500000-memory.dmp

Filesize
64KB

Download
memory/4476-186-0x000000001B4F0000-0x000000001B500000-memory.dmp

Filesize
64KB

Download
memory/4476-185-0x000000001B4F0000-0x000000001B500000-memory.dmp

Filesize
64KB

Download
memory/4476-188-0x000000001B4F0000-0x000000001B500000-memory.dmp

Filesize
64KB

Download
memory/4476-184-0x000000001B4F0000-0x000000001B500000-memory.dmp

Filesize
64KB

Download
memory/4656-415-0x000000001B690000-0x000000001B6A0000-memory.dmp

Filesize
64KB

Download
memory/4656-416-0x0000000000E40000-0x0000000000E41000-memory.dmp

Filesize
4KB

Download
memory/4656-421-0x000000001B690000-0x000000001B6A0000-memory.dmp

Filesize
64KB

Download
memory/4656-420-0x000000001B690000-0x000000001B6A0000-memory.dmp

Filesize
64KB

Download
memory/4656-419-0x000000001B690000-0x000000001B6A0000-memory.dmp

Filesize
64KB

Download
memory/4656-418-0x000000001B690000-0x000000001B6A0000-memory.dmp

Filesize
64KB

Download
memory/4656-417-0x000000001B690000-0x000000001B6A0000-memory.dmp

Filesize
64KB

Download
memory/4816-157-0x000000001B9C0000-0x000000001B9D0000-memory.dmp

Filesize
64KB

Download
memory/4816-156-0x000000001B9C0000-0x000000001B9D0000-memory.dmp

Filesize
64KB

Download
memory/4816-155-0x0000000001310000-0x0000000001311000-memory.dmp

Filesize
4KB

Download
memory/4816-154-0x000000001B9C0000-0x000000001B9D0000-memory.dmp

Filesize
64KB

Download
memory/4816-152-0x0000000000B80000-0x0000000000BDC000-memory.dmp

Filesize
368KB

Download
memory/4816-158-0x000000001B9C0000-0x000000001B9D0000-memory.dmp

Filesize
64KB

Download
memory/4816-160-0x000000001B9C0000-0x000000001B9D0000-memory.dmp

Filesize
64KB

Download
memory/4816-159-0x000000001B9C0000-0x000000001B9D0000-memory.dmp

Filesize
64KB

Download
memory/5040-163-0x0000021459660000-0x0000021459661000-memory.dmp

Filesize
4KB

Download
memory/5040-173-0x0000021459660000-0x0000021459661000-memory.dmp

Filesize
4KB

Download
memory/5040-162-0x0000021459660000-0x0000021459661000-memory.dmp

Filesize
4KB

Download
memory/5040-161-0x0000021459660000-0x0000021459661000-memory.dmp

Filesize
4KB

Download
memory/5040-167-0x0000021459660000-0x0000021459661000-memory.dmp

Filesize
4KB

Download
memory/5040-168-0x0000021459660000-0x0000021459661000-memory.dmp

Filesize
4KB

Download
memory/5040-169-0x0000021459660000-0x0000021459661000-memory.dmp

Filesize
4KB

Download
memory/5040-170-0x0000021459660000-0x0000021459661000-memory.dmp

Filesize
4KB

Download
memory/5040-171-0x0000021459660000-0x0000021459661000-memory.dmp

Filesize
4KB

Download
memory/5040-172-0x0000021459660000-0x0000021459661000-memory.dmp

Filesize
4KB

Download