hxxps://www[.]turkhackteam[.]org/konular/tamtampercusion-com-database-leak-3m[.]2046321

Analysis

max time kernel
853s
max time network
852s
platform
windows10-1703_x64
resource
win10-20230915-en
resource tags

arch:x64arch:x86image:win10-20230915-enlocale:en-usos:windows10-1703-x64system
submitted
06/10/2023, 10:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.turkhackteam.org/konular/tamtampercusion-com-database-leak-3m.2046321

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2884	DB Browser for SQLite.exe
3908	DB Browser for SQLite.exe

Loads dropped DLL 44 IoCs

pid	Process
2884	DB Browser for SQLite.exe
2884	DB Browser for SQLite.exe
2884	DB Browser for SQLite.exe
2884	DB Browser for SQLite.exe
2884	DB Browser for SQLite.exe
2884	DB Browser for SQLite.exe
2884	DB Browser for SQLite.exe
2884	DB Browser for SQLite.exe
2884	DB Browser for SQLite.exe
2884	DB Browser for SQLite.exe
2884	DB Browser for SQLite.exe
2884	DB Browser for SQLite.exe
2884	DB Browser for SQLite.exe
2884	DB Browser for SQLite.exe
2884	DB Browser for SQLite.exe
2884	DB Browser for SQLite.exe
2884	DB Browser for SQLite.exe
2884	DB Browser for SQLite.exe
2884	DB Browser for SQLite.exe
2884	DB Browser for SQLite.exe
2884	DB Browser for SQLite.exe
2884	DB Browser for SQLite.exe
2884	DB Browser for SQLite.exe
3908	DB Browser for SQLite.exe
3908	DB Browser for SQLite.exe
3908	DB Browser for SQLite.exe
3908	DB Browser for SQLite.exe
3908	DB Browser for SQLite.exe
3908	DB Browser for SQLite.exe
3908	DB Browser for SQLite.exe
3908	DB Browser for SQLite.exe
3908	DB Browser for SQLite.exe
3908	DB Browser for SQLite.exe
3908	DB Browser for SQLite.exe
3908	DB Browser for SQLite.exe
3908	DB Browser for SQLite.exe
3908	DB Browser for SQLite.exe
3908	DB Browser for SQLite.exe
3908	DB Browser for SQLite.exe
3908	DB Browser for SQLite.exe
3908	DB Browser for SQLite.exe
3908	DB Browser for SQLite.exe
3908	DB Browser for SQLite.exe
3908	DB Browser for SQLite.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\DB Browser for SQLite\translations\qt_ar.qm	msiexec.exe
File created	C:\Program Files (x86)\DB Browser for SQLite\translations\qt_uk.qm	msiexec.exe
File created	C:\Program Files (x86)\DB Browser for SQLite\translations\qtxmlpatterns_it.qm	msiexec.exe
File created	C:\Program Files (x86)\DB Browser for SQLite\translations\qtxmlpatterns_ja.qm	msiexec.exe
File created	C:\Program Files (x86)\DB Browser for SQLite\licenses\LICENSE	msiexec.exe
File created	C:\Program Files (x86)\DB Browser for SQLite\Qt5Concurrent.dll	msiexec.exe
File created	C:\Program Files (x86)\DB Browser for SQLite\translations\qtbase_ru.qm	msiexec.exe
File created	C:\Program Files (x86)\DB Browser for SQLite\translations\qtmultimedia_ko.qm	msiexec.exe
File created	C:\Program Files (x86)\DB Browser for SQLite\translations\qtscript_cs.qm	msiexec.exe
File created	C:\Program Files (x86)\DB Browser for SQLite\translations\qtxmlpatterns_ko.qm	msiexec.exe
File created	C:\Program Files (x86)\DB Browser for SQLite\extensions\fileio.dll	msiexec.exe
File created	C:\Program Files (x86)\DB Browser for SQLite\translations\qt_ko.qm	msiexec.exe
File created	C:\Program Files (x86)\DB Browser for SQLite\Qt5Core.dll	msiexec.exe
File created	C:\Program Files (x86)\DB Browser for SQLite\Qt5Gui.dll	msiexec.exe
File created	C:\Program Files (x86)\DB Browser for SQLite\translations\qtbase_ja.qm	msiexec.exe
File created	C:\Program Files (x86)\DB Browser for SQLite\translations\qtmultimedia_it.qm	msiexec.exe
File created	C:\Program Files (x86)\DB Browser for SQLite\translations\qtxmlpatterns_en.qm	msiexec.exe
File created	C:\Program Files (x86)\DB Browser for SQLite\printsupport\windowsprintersupport.dll	msiexec.exe
File created	C:\Program Files (x86)\DB Browser for SQLite\translations\qtbase_en.qm	msiexec.exe
File created	C:\Program Files (x86)\DB Browser for SQLite\translations\qtbase_uk.qm	msiexec.exe
File created	C:\Program Files (x86)\DB Browser for SQLite\translations\qtscript_ko.qm	msiexec.exe
File created	C:\Program Files (x86)\DB Browser for SQLite\extensions\math.dll	msiexec.exe
File created	C:\Program Files (x86)\DB Browser for SQLite\translations\qt_zh_TW.qm	msiexec.exe
File created	C:\Program Files (x86)\DB Browser for SQLite\imageformats\qtiff.dll	msiexec.exe
File created	C:\Program Files (x86)\DB Browser for SQLite\translations\qtscript_ar.qm	msiexec.exe
File created	C:\Program Files (x86)\DB Browser for SQLite\Qt5Widgets.dll	msiexec.exe
File created	C:\Program Files (x86)\DB Browser for SQLite\translations\qtbase_cs.qm	msiexec.exe
File created	C:\Program Files (x86)\DB Browser for SQLite\translations\qtbase_pl.qm	msiexec.exe
File created	C:\Program Files (x86)\DB Browser for SQLite\translations\qtxmlpatterns_fr.qm	msiexec.exe
File created	C:\Program Files (x86)\DB Browser for SQLite\styles\qwindowsvistastyle.dll	msiexec.exe
File created	C:\Program Files (x86)\DB Browser for SQLite\imageformats\qsvg.dll	msiexec.exe
File created	C:\Program Files (x86)\DB Browser for SQLite\Qt5Xml.dll	msiexec.exe
File created	C:\Program Files (x86)\DB Browser for SQLite\translations\qtbase_es.qm	msiexec.exe
File created	C:\Program Files (x86)\DB Browser for SQLite\translations\qtbase_it.qm	msiexec.exe
File created	C:\Program Files (x86)\DB Browser for SQLite\translations\qtmultimedia_de.qm	msiexec.exe
File created	C:\Program Files (x86)\DB Browser for SQLite\translations\qtxmlpatterns_de.qm	msiexec.exe
File created	C:\Program Files (x86)\DB Browser for SQLite\sqlite3.dll	msiexec.exe
File created	C:\Program Files (x86)\DB Browser for SQLite\translations\qt_es.qm	msiexec.exe
File created	C:\Program Files (x86)\DB Browser for SQLite\Qt5Network.dll	msiexec.exe
File created	C:\Program Files (x86)\DB Browser for SQLite\translations\qtbase_ar.qm	msiexec.exe
File created	C:\Program Files (x86)\DB Browser for SQLite\translations\qtxmlpatterns_pl.qm	msiexec.exe
File created	C:\Program Files (x86)\DB Browser for SQLite\imageformats\qwbmp.dll	msiexec.exe
File created	C:\Program Files (x86)\DB Browser for SQLite\DB Browser for SQLCipher.exe	msiexec.exe
File created	C:\Program Files (x86)\DB Browser for SQLite\imageformats\qjpeg.dll	msiexec.exe
File created	C:\Program Files (x86)\DB Browser for SQLite\translations\qtscript_it.qm	msiexec.exe
File created	C:\Program Files (x86)\DB Browser for SQLite\DB Browser for SQLite.exe	msiexec.exe
File created	C:\Program Files (x86)\DB Browser for SQLite\extensions\formats.dll	msiexec.exe
File created	C:\Program Files (x86)\DB Browser for SQLite\imageformats\qico.dll	msiexec.exe
File created	C:\Program Files (x86)\DB Browser for SQLite\translations\qt_pl.qm	msiexec.exe
File created	C:\Program Files (x86)\DB Browser for SQLite\translations\qt_pt.qm	msiexec.exe
File created	C:\Program Files (x86)\DB Browser for SQLite\translations\qt_ru.qm	msiexec.exe
File created	C:\Program Files (x86)\DB Browser for SQLite\Qt5PrintSupport.dll	msiexec.exe
File created	C:\Program Files (x86)\DB Browser for SQLite\imageformats\qwebp.dll	msiexec.exe
File created	C:\Program Files (x86)\DB Browser for SQLite\translations\qt_cs.qm	msiexec.exe
File created	C:\Program Files (x86)\DB Browser for SQLite\translations\qtbase_de.qm	msiexec.exe
File created	C:\Program Files (x86)\DB Browser for SQLite\translations\qtmultimedia_pl.qm	msiexec.exe
File created	C:\Program Files (x86)\DB Browser for SQLite\translations\qtscript_de.qm	msiexec.exe
File created	C:\Program Files (x86)\DB Browser for SQLite\translations\qtscript_en.qm	msiexec.exe
File created	C:\Program Files (x86)\DB Browser for SQLite\translations\qtscript_es.qm	msiexec.exe
File created	C:\Program Files (x86)\DB Browser for SQLite\translations\qtscript_ja.qm	msiexec.exe
File created	C:\Program Files (x86)\DB Browser for SQLite\translations\qtscript_ru.qm	msiexec.exe
File created	C:\Program Files (x86)\DB Browser for SQLite\translations\qtxmlpatterns_cs.qm	msiexec.exe
File created	C:\Program Files (x86)\DB Browser for SQLite\sqlcipher.dll	msiexec.exe
File created	C:\Program Files (x86)\DB Browser for SQLite\translations\qt_zh_CN.qm	msiexec.exe

Drops file in Windows directory 24 IoCs

description	ioc	Process
File created	C:\Windows\Installer\$PatchCache$\Managed\570BE0ED50F352A40857B5AB6E3DB8CE\3.12.2\vccorlib140.dll.F1670FCA_6780_3657_9C04_AF8005AC8143	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\570BE0ED50F352A40857B5AB6E3DB8CE\3.12.2	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\570BE0ED50F352A40857B5AB6E3DB8CE\3.12.2\concrt140.dll.F1670FCA_6780_3657_9C04_AF8005AC8143	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\570BE0ED50F352A40857B5AB6E3DB8CE\3.12.2\msvcp140_1.dll.F1670FCA_6780_3657_9C04_AF8005AC8143	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\570BE0ED50F352A40857B5AB6E3DB8CE\3.12.2\msvcp140_1.dll.F1670FCA_6780_3657_9C04_AF8005AC8143	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIDEC.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\570BE0ED50F352A40857B5AB6E3DB8CE	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\570BE0ED50F352A40857B5AB6E3DB8CE\3.12.2\msvcp140_2.dll.F1670FCA_6780_3657_9C04_AF8005AC8143	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\570BE0ED50F352A40857B5AB6E3DB8CE\3.12.2\vccorlib140.dll.F1670FCA_6780_3657_9C04_AF8005AC8143	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\570BE0ED50F352A40857B5AB6E3DB8CE\3.12.2\vcruntime140.dll.F1670FCA_6780_3657_9C04_AF8005AC8143	msiexec.exe
File created	C:\Windows\Installer\e5a0c07.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e5a0c07.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\570BE0ED50F352A40857B5AB6E3DB8CE\3.12.2\msvcp140.dll.F1670FCA_6780_3657_9C04_AF8005AC8143	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\570BE0ED50F352A40857B5AB6E3DB8CE\3.12.2\vcruntime140.dll.F1670FCA_6780_3657_9C04_AF8005AC8143	msiexec.exe
File created	C:\Windows\Installer\e5a0c09.msi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{DE0EB075-3F05-4A25-8075-5BBAE6D38BEC}	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\570BE0ED50F352A40857B5AB6E3DB8CE\3.12.2\concrt140.dll.F1670FCA_6780_3657_9C04_AF8005AC8143	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\570BE0ED50F352A40857B5AB6E3DB8CE\3.12.2\msvcp140.dll.F1670FCA_6780_3657_9C04_AF8005AC8143	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\570BE0ED50F352A40857B5AB6E3DB8CE\3.12.2\msvcp140_2.dll.F1670FCA_6780_3657_9C04_AF8005AC8143	msiexec.exe
File created	C:\Windows\Installer\{DE0EB075-3F05-4A25-8075-5BBAE6D38BEC}\app.ico	msiexec.exe
File opened for modification	C:\Windows\Installer\{DE0EB075-3F05-4A25-8075-5BBAE6D38BEC}\app.ico	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004D	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0064	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0051	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0004	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A\	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0016	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0038	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0055	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0054	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0058	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Mfg	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004E	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004D	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004E	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\300A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2006	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Mfg	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\300A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0018	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2006	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0054	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0004	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004D	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0052	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004C	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004C	svchost.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 7 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache	svchost.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1E\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1f	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133410603714820910"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\570BE0ED50F352A40857B5AB6E3DB8CE\AdvertiseFlags = "388"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	DB Browser for SQLite.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	DB Browser for SQLite.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\570BE0ED50F352A40857B5AB6E3DB8CE\MathExtension = "Extensions"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	DB Browser for SQLite.exe
Key created	\REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	DB Browser for SQLite.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	DB Browser for SQLite.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\MRUListEx = ffffffff	DB Browser for SQLite.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	DB Browser for SQLite.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	DB Browser for SQLite.exe
Key created	\REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	DB Browser for SQLite.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\9D3264216D53E2D44947A2ADCCB8BABB\570BE0ED50F352A40857B5AB6E3DB8CE	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\570BE0ED50F352A40857B5AB6E3DB8CE\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\Downloads\\"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	DB Browser for SQLite.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	DB Browser for SQLite.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	DB Browser for SQLite.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	DB Browser for SQLite.exe
Key created	\REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	DB Browser for SQLite.exe
Key created	\REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance	DB Browser for SQLite.exe
Key created	\REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	DB Browser for SQLite.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}"	DB Browser for SQLite.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 00000000ffffffff	DB Browser for SQLite.exe
Key created	\REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	DB Browser for SQLite.exe
Key created	\REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	DB Browser for SQLite.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	DB Browser for SQLite.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	DB Browser for SQLite.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	DB Browser for SQLite.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\570BE0ED50F352A40857B5AB6E3DB8CE\InstanceType = "0"	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	DB Browser for SQLite.exe
Key created	\REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance	DB Browser for SQLite.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	DB Browser for SQLite.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	DB Browser for SQLite.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	DB Browser for SQLite.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\NodeSlot = "4"	DB Browser for SQLite.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	DB Browser for SQLite.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\570BE0ED50F352A40857B5AB6E3DB8CE\ProductIcon = "C:\\Windows\\Installer\\{DE0EB075-3F05-4A25-8075-5BBAE6D38BEC}\\app.ico"	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	DB Browser for SQLite.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000ffffffff	DB Browser for SQLite.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000ffffffff	DB Browser for SQLite.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	DB Browser for SQLite.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	DB Browser for SQLite.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe11000000b8fede11b9e7d9014f2fb312b9e7d901666aae12b9e7d90114000000	DB Browser for SQLite.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 7400310000000000465718511000444242524f577e3100005c0009000400efbe46571851465718512e00000066b00100000006000000000000000000000000000000e7c37d00440042002000420072006f007700730065007200200066006f0072002000530051004c00690074006500000018000000	DB Browser for SQLite.exe
Key created	\REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	DB Browser for SQLite.exe
Key created	\REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	DB Browser for SQLite.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic"	DB Browser for SQLite.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	DB Browser for SQLite.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\570BE0ED50F352A40857B5AB6E3DB8CE\ProductName = "DB Browser for SQLite"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	DB Browser for SQLite.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 020000000000000001000000ffffffff	DB Browser for SQLite.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\570BE0ED50F352A40857B5AB6E3DB8CE\SourceList\PackageName = "DB.Browser.for.SQLite-3.12.2-win32.msi"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\570BE0ED50F352A40857B5AB6E3DB8CE\SourceList\Net	msiexec.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	DB Browser for SQLite.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	DB Browser for SQLite.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	DB Browser for SQLite.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	DB Browser for SQLite.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\570BE0ED50F352A40857B5AB6E3DB8CE\Clients = 3a0000000000	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = ffffffff	DB Browser for SQLite.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	DB Browser for SQLite.exe
Key created	\REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	DB Browser for SQLite.exe
Key created	\REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	DB Browser for SQLite.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\570BE0ED50F352A40857B5AB6E3DB8CE	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings	DB Browser for SQLite.exe

Opens file in notepad (likely ransom note) 2 IoCs

ransomware

pid	Process
4760	NOTEPAD.EXE
4568	NOTEPAD.EXE

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
2884	DB Browser for SQLite.exe
3908	DB Browser for SQLite.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1892	chrome.exe
1892	chrome.exe
4136	chrome.exe
4136	chrome.exe
2300	msiexec.exe
2300	msiexec.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
2884	DB Browser for SQLite.exe
2676	OpenWith.exe
3908	DB Browser for SQLite.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeCreatePagefilePrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeCreatePagefilePrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeCreatePagefilePrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeCreatePagefilePrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeCreatePagefilePrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeCreatePagefilePrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeCreatePagefilePrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeCreatePagefilePrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeCreatePagefilePrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeCreatePagefilePrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeCreatePagefilePrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeCreatePagefilePrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeCreatePagefilePrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeCreatePagefilePrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeCreatePagefilePrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeCreatePagefilePrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeCreatePagefilePrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeCreatePagefilePrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeCreatePagefilePrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeCreatePagefilePrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeCreatePagefilePrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeCreatePagefilePrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeCreatePagefilePrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeCreatePagefilePrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeCreatePagefilePrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeCreatePagefilePrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeCreatePagefilePrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeCreatePagefilePrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeCreatePagefilePrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeCreatePagefilePrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeCreatePagefilePrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeCreatePagefilePrivilege	1892	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe

Suspicious use of SendNotifyMessage 52 IoCs

pid	Process
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
3908	DB Browser for SQLite.exe
3908	DB Browser for SQLite.exe
3908	DB Browser for SQLite.exe
3908	DB Browser for SQLite.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2884	DB Browser for SQLite.exe
2884	DB Browser for SQLite.exe
2884	DB Browser for SQLite.exe
2884	DB Browser for SQLite.exe
2676	OpenWith.exe
2676	OpenWith.exe
2676	OpenWith.exe
2676	OpenWith.exe
2676	OpenWith.exe
2676	OpenWith.exe
2676	OpenWith.exe
2676	OpenWith.exe
2676	OpenWith.exe
2676	OpenWith.exe
2676	OpenWith.exe
2676	OpenWith.exe
2676	OpenWith.exe
2676	OpenWith.exe
2676	OpenWith.exe
2676	OpenWith.exe
2676	OpenWith.exe
2676	OpenWith.exe
2676	OpenWith.exe
2676	OpenWith.exe
2676	OpenWith.exe
2676	OpenWith.exe
2676	OpenWith.exe
2676	OpenWith.exe
2676	OpenWith.exe
2676	OpenWith.exe
2676	OpenWith.exe
2676	OpenWith.exe
2676	OpenWith.exe
2676	OpenWith.exe
2676	OpenWith.exe
2676	OpenWith.exe
2676	OpenWith.exe
2676	OpenWith.exe
2676	OpenWith.exe
2676	OpenWith.exe
2676	OpenWith.exe
2676	OpenWith.exe
2676	OpenWith.exe
2676	OpenWith.exe
2676	OpenWith.exe
2676	OpenWith.exe
2676	OpenWith.exe
2676	OpenWith.exe
2676	OpenWith.exe
2676	OpenWith.exe
2676	OpenWith.exe
2676	OpenWith.exe
2676	OpenWith.exe
2676	OpenWith.exe
2676	OpenWith.exe
2676	OpenWith.exe
2676	OpenWith.exe
2676	OpenWith.exe
2676	OpenWith.exe
2676	OpenWith.exe
2676	OpenWith.exe
2676	OpenWith.exe
2676	OpenWith.exe
2676	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1892 wrote to memory of 3112	1892	chrome.exe	69
PID 1892 wrote to memory of 3112	1892	chrome.exe	69
PID 1892 wrote to memory of 2296	1892	chrome.exe	71
PID 1892 wrote to memory of 2296	1892	chrome.exe	71
PID 1892 wrote to memory of 2296	1892	chrome.exe	71
PID 1892 wrote to memory of 2296	1892	chrome.exe	71
PID 1892 wrote to memory of 2296	1892	chrome.exe	71
PID 1892 wrote to memory of 2296	1892	chrome.exe	71
PID 1892 wrote to memory of 2296	1892	chrome.exe	71
PID 1892 wrote to memory of 2296	1892	chrome.exe	71
PID 1892 wrote to memory of 2296	1892	chrome.exe	71
PID 1892 wrote to memory of 2296	1892	chrome.exe	71
PID 1892 wrote to memory of 2296	1892	chrome.exe	71
PID 1892 wrote to memory of 2296	1892	chrome.exe	71
PID 1892 wrote to memory of 2296	1892	chrome.exe	71
PID 1892 wrote to memory of 2296	1892	chrome.exe	71
PID 1892 wrote to memory of 2296	1892	chrome.exe	71
PID 1892 wrote to memory of 2296	1892	chrome.exe	71
PID 1892 wrote to memory of 2296	1892	chrome.exe	71
PID 1892 wrote to memory of 2296	1892	chrome.exe	71
PID 1892 wrote to memory of 2296	1892	chrome.exe	71
PID 1892 wrote to memory of 2296	1892	chrome.exe	71
PID 1892 wrote to memory of 2296	1892	chrome.exe	71
PID 1892 wrote to memory of 2296	1892	chrome.exe	71
PID 1892 wrote to memory of 2296	1892	chrome.exe	71
PID 1892 wrote to memory of 2296	1892	chrome.exe	71
PID 1892 wrote to memory of 2296	1892	chrome.exe	71
PID 1892 wrote to memory of 2296	1892	chrome.exe	71
PID 1892 wrote to memory of 2296	1892	chrome.exe	71
PID 1892 wrote to memory of 2296	1892	chrome.exe	71
PID 1892 wrote to memory of 2296	1892	chrome.exe	71
PID 1892 wrote to memory of 2296	1892	chrome.exe	71
PID 1892 wrote to memory of 2296	1892	chrome.exe	71
PID 1892 wrote to memory of 2296	1892	chrome.exe	71
PID 1892 wrote to memory of 2296	1892	chrome.exe	71
PID 1892 wrote to memory of 2296	1892	chrome.exe	71
PID 1892 wrote to memory of 2296	1892	chrome.exe	71
PID 1892 wrote to memory of 2296	1892	chrome.exe	71
PID 1892 wrote to memory of 2296	1892	chrome.exe	71
PID 1892 wrote to memory of 2296	1892	chrome.exe	71
PID 1892 wrote to memory of 4560	1892	chrome.exe	72
PID 1892 wrote to memory of 4560	1892	chrome.exe	72
PID 1892 wrote to memory of 2844	1892	chrome.exe	73
PID 1892 wrote to memory of 2844	1892	chrome.exe	73
PID 1892 wrote to memory of 2844	1892	chrome.exe	73
PID 1892 wrote to memory of 2844	1892	chrome.exe	73
PID 1892 wrote to memory of 2844	1892	chrome.exe	73
PID 1892 wrote to memory of 2844	1892	chrome.exe	73
PID 1892 wrote to memory of 2844	1892	chrome.exe	73
PID 1892 wrote to memory of 2844	1892	chrome.exe	73
PID 1892 wrote to memory of 2844	1892	chrome.exe	73
PID 1892 wrote to memory of 2844	1892	chrome.exe	73
PID 1892 wrote to memory of 2844	1892	chrome.exe	73
PID 1892 wrote to memory of 2844	1892	chrome.exe	73
PID 1892 wrote to memory of 2844	1892	chrome.exe	73
PID 1892 wrote to memory of 2844	1892	chrome.exe	73
PID 1892 wrote to memory of 2844	1892	chrome.exe	73
PID 1892 wrote to memory of 2844	1892	chrome.exe	73
PID 1892 wrote to memory of 2844	1892	chrome.exe	73
PID 1892 wrote to memory of 2844	1892	chrome.exe	73
PID 1892 wrote to memory of 2844	1892	chrome.exe	73
PID 1892 wrote to memory of 2844	1892	chrome.exe	73
PID 1892 wrote to memory of 2844	1892	chrome.exe	73
PID 1892 wrote to memory of 2844	1892	chrome.exe	73

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.turkhackteam.org/konular/tamtampercusion-com-database-leak-3m.2046321
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffe13209758,0x7ffe13209768,0x7ffe13209778
  2⤵
  PID:3112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=228 --field-trial-handle=1768,i,10943303447894277643,3274650685769114293,131072 /prefetch:2
  2⤵
  PID:2296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=1768,i,10943303447894277643,3274650685769114293,131072 /prefetch:8
  2⤵
  PID:4560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2052 --field-trial-handle=1768,i,10943303447894277643,3274650685769114293,131072 /prefetch:8
  2⤵
  PID:2844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3020 --field-trial-handle=1768,i,10943303447894277643,3274650685769114293,131072 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3048 --field-trial-handle=1768,i,10943303447894277643,3274650685769114293,131072 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4516 --field-trial-handle=1768,i,10943303447894277643,3274650685769114293,131072 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5388 --field-trial-handle=1768,i,10943303447894277643,3274650685769114293,131072 /prefetch:1
  2⤵
  PID:644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5576 --field-trial-handle=1768,i,10943303447894277643,3274650685769114293,131072 /prefetch:1
  2⤵
  PID:1508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5740 --field-trial-handle=1768,i,10943303447894277643,3274650685769114293,131072 /prefetch:8
  2⤵
  PID:4368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 --field-trial-handle=1768,i,10943303447894277643,3274650685769114293,131072 /prefetch:8
  2⤵
  PID:2028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5840 --field-trial-handle=1768,i,10943303447894277643,3274650685769114293,131072 /prefetch:1
  2⤵
  PID:4196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4516 --field-trial-handle=1768,i,10943303447894277643,3274650685769114293,131072 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5936 --field-trial-handle=1768,i,10943303447894277643,3274650685769114293,131072 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 --field-trial-handle=1768,i,10943303447894277643,3274650685769114293,131072 /prefetch:8
  2⤵
  PID:504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4968 --field-trial-handle=1768,i,10943303447894277643,3274650685769114293,131072 /prefetch:1
  2⤵
  PID:4136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5924 --field-trial-handle=1768,i,10943303447894277643,3274650685769114293,131072 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4496 --field-trial-handle=1768,i,10943303447894277643,3274650685769114293,131072 /prefetch:1
  2⤵
  PID:4280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4700 --field-trial-handle=1768,i,10943303447894277643,3274650685769114293,131072 /prefetch:8
  2⤵
  PID:2604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6836 --field-trial-handle=1768,i,10943303447894277643,3274650685769114293,131072 /prefetch:8
  2⤵
  PID:4808
- C:\Windows\System32\msiexec.exe
  "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\DB.Browser.for.SQLite-3.12.2-win32.msi"
  2⤵
  - Enumerates connected drives
  PID:3248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=164 --field-trial-handle=1768,i,10943303447894277643,3274650685769114293,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 --field-trial-handle=1768,i,10943303447894277643,3274650685769114293,131072 /prefetch:8
  2⤵
  PID:2812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6080 --field-trial-handle=1768,i,10943303447894277643,3274650685769114293,131072 /prefetch:8
  2⤵
  PID:5088

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3576

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2300
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  PID:1836

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:2140

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -s DsmSvc
1⤵
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
PID:972

C:\Program Files (x86)\DB Browser for SQLite\DB Browser for SQLite.exe
"C:\Program Files (x86)\DB Browser for SQLite\DB Browser for SQLite.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2884

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4968

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Tamtampercusion.com.sql
1⤵
- Opens file in notepad (likely ransom note)
PID:4760

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2676

C:\Program Files (x86)\DB Browser for SQLite\DB Browser for SQLite.exe
"C:\Program Files (x86)\DB Browser for SQLite\DB Browser for SQLite.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
PID:3908

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:624

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2068

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Tamtampercusion.sql
1⤵
- Opens file in notepad (likely ransom note)
PID:4568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e5a0c08.rbs

Filesize
32KB

MD5
2485115836c00e383e5a6e85dfa55166

SHA1
af52aa5151a0684a77d4c8f4edbc1272e6667e55

SHA256
a1242d165882cf85b12d89f576e78416ea83df838a3d203fd4b3f50e1d74285f

SHA512
5c777fd95aeb1b6cb6cc2312cd35062727b23719451bc0e4b667ab38264c5544f042bfe4b410eab20f9e1feb8c1de7aa4705d1e10c9ff6abd0811a57c29d8182

Download Submit
C:\Program Files (x86)\DB Browser for SQLite\DB Browser for SQLCipher.exe

Filesize
4.8MB

MD5
1973ec1f27ad7c5123cf58dd9bbdaade

SHA1
f171c10ee02b883221307cc99e0fd006641e3379

SHA256
651cd92d595576448ac75218f18d92a7ae33c1d16d8f0c26f54c4c10301ffa74

SHA512
9bbf3c0b60cac8b53349031367e3332c1c86de4293bd4fa2b621a1a9a0e005e9b18eeebe6e133f75e2c95b7450905ee2c709af1c412101d0502d3bccd81ca608

Download Submit
C:\Program Files (x86)\DB Browser for SQLite\DB Browser for SQLite.exe

Filesize
4.8MB

MD5
db701b69358aa286ad596bbe7742a8b3

SHA1
05d191a433000e803a503bb642e849e9f4e12729

SHA256
03d2c4df2c9ac1007b68c84948d210c84a45c7072b1eab80e45a371c5784eee8

SHA512
7d825e6846732884da35d1ed4d269c01c12475c1bfa9027848e2ba4c03430b25ae8877f2b133f62b2676ef830f39f580ddcd7213a522f203d632834a19e432c5

Download Submit
C:\Program Files (x86)\DB Browser for SQLite\DB Browser for SQLite.exe

Filesize
4.8MB

MD5
db701b69358aa286ad596bbe7742a8b3

SHA1
05d191a433000e803a503bb642e849e9f4e12729

SHA256
03d2c4df2c9ac1007b68c84948d210c84a45c7072b1eab80e45a371c5784eee8

SHA512
7d825e6846732884da35d1ed4d269c01c12475c1bfa9027848e2ba4c03430b25ae8877f2b133f62b2676ef830f39f580ddcd7213a522f203d632834a19e432c5

Download Submit
C:\Program Files (x86)\DB Browser for SQLite\DB Browser for SQLite.exe

Filesize
4.8MB

MD5
db701b69358aa286ad596bbe7742a8b3

SHA1
05d191a433000e803a503bb642e849e9f4e12729

SHA256
03d2c4df2c9ac1007b68c84948d210c84a45c7072b1eab80e45a371c5784eee8

SHA512
7d825e6846732884da35d1ed4d269c01c12475c1bfa9027848e2ba4c03430b25ae8877f2b133f62b2676ef830f39f580ddcd7213a522f203d632834a19e432c5

Download Submit
C:\Program Files (x86)\DB Browser for SQLite\Qt5Core.dll

Filesize
4.9MB

MD5
d50b7a11fb54309cf915c088a9e74f22

SHA1
194cf34acd76596d8ab379893f2a918481bce975

SHA256
48fa57a76bd784008e9b3433e58e0d28005ea5f5e3304924764e391d2e4236a4

SHA512
d38b5980769fccd997fd727053e7dbe539bafc46b9a177ba95cdc99a69c4278fc905976a60e625116ef1e5b54d7f2870cc855103de6a00e90bcacc5a8963977e

Download Submit
C:\Program Files (x86)\DB Browser for SQLite\Qt5Gui.dll

Filesize
5.1MB

MD5
9af8844d2e5fa1b78ca5d5717750bf8e

SHA1
69768b6a935ad6aacf07576a3a34bb84464953f2

SHA256
7923ffadf87460d0ec4bfb55c1440657128d983d3f8b0577fb4eda5d504db1c6

SHA512
b2141fed59308a8ae46e0b820ce14a591777fc84a6dbbfd908f34445a1d34b62e3cb4c0ee1dfd500d18bd490337be84830926cd4a8a78959b5186a2703d942d2

Download Submit
C:\Program Files (x86)\DB Browser for SQLite\Qt5Network.dll

Filesize
1.0MB

MD5
f695b4ec06c6d164e71742dc52cf45bd

SHA1
91dad1f5e88e0acee59b06ae861d6231656f3b91

SHA256
672b9e404d20c94c137172deaffdbbb9be6b9922e10f6fc7f2d8d1d13d8a7ddd

SHA512
347a89435db11b92ed530ebb5fde97ca0fa70da5af33cf0a8687679a777ac8e6d19761a1085618b0f54804fff0c4b4c66cd20eae31a9544a9262db1f846b9028

Download Submit
C:\Program Files (x86)\DB Browser for SQLite\Qt5PrintSupport.dll

Filesize
267KB

MD5
b5eaabb429cce10382ce1f32cdbaad15

SHA1
9e418c0a5cd664cb2bd68804724944ee8aadf5e4

SHA256
7c022b2fdd24a36279b501af27031f4d656ddddd0e934dce71e383b20d5b143b

SHA512
e1ca74f3c6931cf6bbf837947ab16f3dfd16ab6fabb56d615ecb60a4cb468c5335cf12c182a6bbaf799a5a98308da3c95c09f680d3dc0790af5012b5748f1fdb

Download Submit
C:\Program Files (x86)\DB Browser for SQLite\Qt5Widgets.dll

Filesize
4.3MB

MD5
0437c572b8692fe4d9ab3227b935f6d0

SHA1
91a586716b48f790521fc40c3b0b80c0dd16f5d0

SHA256
4ce775b049018e12196fd710c6b5d390562fedcfb283433628a3f1079574b7c1

SHA512
cf5fd292455c57a6e92f0f98da526c1d911a1ee54cae2dec45fa75d1bd09490cde95933a26778c1ce45f0f59a54701ec0dd12e7b7867c30bdf37fc48784107fc

Download Submit
C:\Program Files (x86)\DB Browser for SQLite\Qt5Xml.dll

Filesize
149KB

MD5
f72e734ae779ded6bb1edeb2244803e9

SHA1
5c2fee1f4d961c9adeb4e3fde20adec270981ecd

SHA256
4997a38c2d595cbdbc97cf1af5924a14535bcb2d03b7126c148722852280faf3

SHA512
c57dfe3d88119be7a873b339a8e638b4da746af983dbbdfca7e4c33f888309082fd6079e4d415f67cb23b42af831e27bc7c2dffec408c906718ccd3e3266c1e7

Download Submit
C:\Program Files (x86)\DB Browser for SQLite\imageformats\qgif.dll

Filesize
30KB

MD5
ad90539a0cc5bea4ce30ccf45b22be95

SHA1
ef7c968e399f30b34da6a49adea6a891c8449d32

SHA256
2bfeabb11ce7f48b062c1044c54eb117408517c0e0c09641ea682bb3b35728ad

SHA512
cd5e564c72bc1ccbf642b437b85ef1760e692e178b6c5e40bf183fb3decfa3cd59c97bfa7ed620715837c33b2128493b5c7b07f48e6f6e83cdb3bd6675af9979

Download Submit
C:\Program Files (x86)\DB Browser for SQLite\imageformats\qicns.dll

Filesize
39KB

MD5
6e9ea212ede912e5adea6a724c942241

SHA1
2c3a3670fb1a443950e8c8aa1c4a6f80bd4b04d4

SHA256
02725fa085c4efeb9a380662a51e81c2483aada0b8632842b484cdd4f6066f75

SHA512
384308b876f149117895ecf98ed8df11c2ce1794301be60630b2a844c30e38eadca78823a50fc9a2dd5d1e79d17311bae213f0454270143e5a20ddd8b5e696d8

Download Submit
C:\Program Files (x86)\DB Browser for SQLite\imageformats\qico.dll

Filesize
30KB

MD5
10c535fcfca304afb59a8c491349426f

SHA1
7a53485cde15e7212814a49b1e8f84d90fc9573a

SHA256
a4a9d2dbb549b62c615e514d4aad75298e8342ab90b7f30ae163f064654a1299

SHA512
6c4fb8592a1f3cb6dbba02a23787d8d782aaf9c227db141aa846e908dccb0b584cd32d6daa0f8dbe12a6803eaf41b8e36c33a558461006d52abe512f51420bde

Download Submit
C:\Program Files (x86)\DB Browser for SQLite\imageformats\qjpeg.dll

Filesize
361KB

MD5
a411567f64e267460df090d795a8bb32

SHA1
f3762d6a199aac2824f418914069b5cff5914e05

SHA256
80e1b62b936b10cfae9610796b9e160615c0deffa82f0f8f27c2212baae9d7b8

SHA512
e123a351144f6ebcabaa89a7ee5c26b84b6938daa99a6e80e25cd2d65b955456d0cf7631f22ea3badbac21bcc58711e9588f3d4b4034305fe41faada318bf5c9

Download Submit
C:\Program Files (x86)\DB Browser for SQLite\imageformats\qsvg.dll

Filesize
26KB

MD5
ca2ea003c6fb8ee2b3f059dcd9338012

SHA1
7ad2a5bdba61f432d5a5cc655d6834a91e6fc2f3

SHA256
87905c987b8e6301d50ff691482c6cc262d0c96973a38e2d8a294cd720b37b4d

SHA512
6cc54d7e8308ddd5ed2c4eef113bacf87425e8cf6143466614549e25431b880eed663afae671eefa21eec2ef78635dd64e57df971bcaebf8ae33752815bcf249

Download Submit
C:\Program Files (x86)\DB Browser for SQLite\imageformats\qtga.dll

Filesize
25KB

MD5
01aeacef1cbba321ed07e3cf49b06d9b

SHA1
c8691fe75bce49bfff67e679605d5e858d445112

SHA256
87286169a36e11e5a540b65df67a6512ebc643169477a86bee23277b8c5c5ad7

SHA512
9e483d13aa3039366c18a360556caf9e43febd8a14304a69a56e58e229b33d644f152450785ce9b6921823ea8f21952c410b0e985ab506f7e67b439324cfc8e0

Download Submit
C:\Program Files (x86)\DB Browser for SQLite\imageformats\qtiff.dll

Filesize
334KB

MD5
4d3fb436895b4da422202fa604f3cb01

SHA1
174d424b645580e04d8964e054d26aaa0611ec83

SHA256
b59eb63c33109a0bf9522b90413722a9f55bbe2e078875a741e543801c9b8cc9

SHA512
c19f97da2948b2cac3810ea169355470eca16c77161ccc53794b2cf83a4500186ea0bbc3f5951b0120fad34b4b82dd288001835a5bc0bde184a5383a9b892542

Download Submit
C:\Program Files (x86)\DB Browser for SQLite\imageformats\qwbmp.dll

Filesize
24KB

MD5
3f7f7751e4d5012a4172defd85035a5b

SHA1
1a11a8e42fda38b3eb5c080f220dd9f251be321a

SHA256
4bf0f58498ca0bcbe5383606040a24ce40fdc6dfaadcaf9fc75aaaa8f169f8fd

SHA512
ba49a8be4ca8e01e0a607158e0a7e5c2c80a9d3d64d43d50e2297c4b3d064919b9f0235688bb9a069a48e2e945129ba73b9e084998ed7c221246bf8181ef8a78

Download Submit
C:\Program Files (x86)\DB Browser for SQLite\imageformats\qwebp.dll

Filesize
410KB

MD5
7819636368f29fe538d7f24cb629f2af

SHA1
cbd5efc3a027767f4949086ea9009afb1e199ebc

SHA256
b921a87d7cfbab306306e3c030b29a2777d0beae41e93bd596211c8f55281486

SHA512
e72f27d070e119ed1e895a09dd04b95b9726ab91f089529ae5083379dcafeb247129d7edb017a0ee823372035ea0de75b729d904612a735775678a32817ca3f8

Download Submit
C:\Program Files (x86)\DB Browser for SQLite\platforms\qwindows.dll

Filesize
1.2MB

MD5
c41b9d665cbfff0d51aeeb84b70dc978

SHA1
d95892dd39c8ab2d11ac4329233a1fe1e71dc479

SHA256
441b8371df3411361131e9ea2db0a091d26d699636932e695afb67f8adaac77b

SHA512
c89ab6e0710abe5c32a0471ff3b08538be0a9c6ed50833b82d12ebb19124a94161fb1748969ca5fe0d8aace10ff499b3317db9b07bdba370a9b0bf5707f6b7c1

Download Submit
C:\Program Files (x86)\DB Browser for SQLite\sqlite3.dll

Filesize
1.2MB

MD5
e0dc4703c92a7b2f3986e7ce90f6065d

SHA1
5ace893f85549ad737ca7f6529ff350ea5c2a501

SHA256
e9f3a0a85a22726f0f0501e6c1d730a9b39ba6a6d8e5de479b90f75d058b539c

SHA512
cb0246a7ad1bcf381786597bee88ea0df6a2a3a577d88ed5401777215f99a2ffaeaa86dc92b78c98b69045f4c3ef747acb4f28ea6a71bfe2d31ea7f56869e085

Download Submit
C:\Program Files (x86)\DB Browser for SQLite\styles\qwindowsvistastyle.dll

Filesize
125KB

MD5
4e611fb1077bfa73f24cc11fc9c9c871

SHA1
8e68093fd3d585b668705b9de21d9be104ae241f

SHA256
8ca284c960d744f35f8af783af791fd1ecfe02965e342b4c3220ee3d162ae3d0

SHA512
94e0083ef999908a5a624eedaef8ce24ebcee09abd1c38ae517747ef617d3ed4207d3ea0b1df47f1379caed5d7d397303f6e81ab24466724bf6273979ed85f09

Download Submit
C:\Program Files (x86)\DB Browser for SQLite\translations\qtxmlpatterns_en.qm

Filesize
16B

MD5
bcebcf42735c6849bdecbb77451021dd

SHA1
4884fd9af6890647b7af1aefa57f38cca49ad899

SHA256
9959b510b15d18937848ad13007e30459d2e993c67e564badbfc18f935695c85

SHA512
f951b511ffb1a6b94b1bcae9df26b41b2ff829560583d7c83e70279d1b5304bde299b3679d863cad6bb79d0beda524fc195b7f054ecf11d2090037526b451b78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
b0ebfc31df2a2e6cc65da716b4963fc1

SHA1
bd85df1a9047fa9a820dfcf151f30191be530773

SHA256
e2833521eebd0d4bfa4d28a6c659333b2d11a825615264c005c77d9df768e62a

SHA512
1a18105e302c5b4793c94946888de9da18fcda4091f04ec0040b5ecdd0d0d39e74ea659003bc5bd2fa0fde4075644074ff807890327d89b7d13826ba1f325ea5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
84ff90ea640f14e18f434fa370a3beae

SHA1
40efe44278f83e263d02b8ac9a97b54f9d521be1

SHA256
6954ac58d443927ff8b803d83581d62f8479b4683b53a7d7136e7244c3c4e93f

SHA512
225307918b248257c73cbf55224f872512ec54d8408cdf76aff82a1edd7f2cced66f5436f17ae3144a856cea55fcae7bf064787b0585368badc3893ba52545d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
79853d22b87a5d5e9c02103683588601

SHA1
db1f905a72b0af9d8a3a3e43398689d424fd4b89

SHA256
ab030b841973467b594e26fc022ea3dacdaee37680296fbd88c5d6a3c0013dda

SHA512
dd044a8c7b14db5b59e177da3a7be79013c1ea6e00e080571cd16e460ade7dd61f38e4d2aea1b957a6ff8bed6b9e9cbde8f828a497c0800263306165e6374620

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
f728f3c7fff96a3a63ddd69e7a0d8c71

SHA1
52d1abb016d2c2342116bbe3e042a3c15635c995

SHA256
80e80176f128c5ab2b6aaa0b173fd3b635e1c6d210294459f16fe90c032705bf

SHA512
b1828e0d39a61034262d49bdfc0bd2dce1d47446a663273fadcf721e121d57cf8e090ceb306f0dc3eca9fda9cded70f95948314142e3656f0e9d8bbf22249ef0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
7910224fb2503067ecf5feb5dfcbcc99

SHA1
b49442bdce1e39a1c477348bf636a4121410b46b

SHA256
9436cf70c19727733da8779495127efd274969cbbb586cf53b991deb48ace3fa

SHA512
824bdd9da9b93f91de088211000855a4073c43ec8514d9c3e6f1ec01944bebaae81b1619265934d16858584243f9fd7abafbd16464f9a5ea3de58fc284115dde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
4c7482d29819089cb42480471e0aaa01

SHA1
827bcdd51f3ba41b069c0ea8d46bb0dffad1cd4e

SHA256
70c41dbe9a61b849dfce8d2288bcc6e947eefa45d1f429d53f3a695aff423ce2

SHA512
861248e025d9a81ae2fcbe71c54fd3437eb3b11e70b71075cca7471a08fbe200e8893bc6d9da8dc08593b9b9bf7191afeeacc0613de0e98c6641c2b15ba11824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
603a044968b594243741faba3d35e0b8

SHA1
5286f6a2c6aa7f739955dee5c2ea6ab02b19e0f4

SHA256
07b3f49407fd5535fd468486a109195b8ad595db5a42e1ff85c70658bb6686d9

SHA512
5b1fff390886b8a23208fefe0c67d3adf99cb12a1dfe320b10de522ceccf70fa7ef830077b8d11d789cc90f4f57f82eb8d8ac45c211310f8bcccff73bf7102ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
2c14159f1c521ecaab99168bca180895

SHA1
41bb0b6ee56ca7368cb53b27b754ecb75f362fb2

SHA256
70a9e2c6760f8a3fa869b69e42bc8a80da1e817991c0b7f615d97aadff9cf66e

SHA512
a373c1d45a0b0a7ea9de5d651c822e9c9630c74207b6ccb59c9926ec704e31ff584e1636f8091f4eb328a043e7ea8a10d5990bfcc3bac7b3241de33178f0f717

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
13075fe455adb28c2b9f96f5b0a93bcd

SHA1
cc958e5627106f1ec2b564e95af2e5368687e422

SHA256
a3938de7b6554dff3d38b729b95dea8c581805992126fd1dfeb42261dda7e8c2

SHA512
0d7625d3f7324a56480abdbdcbde11b8fa4a57c9c4a6371bfbb52239eb3d7cb05268fb94e727bda6d9a4c7f76ca43ed58d4e1e3268d7ea6e853ce3464bd085d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\afc64f3d-2993-4c84-8ab8-7975923b7efe.tmp

Filesize
1KB

MD5
0c95116f3a58c5c2f814abc54b01bc12

SHA1
c9b8850f938de6241aaea7f8e8e6dd8570eeffb6

SHA256
1e3dd1ee9d7498e4091ceb5a286bfba5b8a979596f828a72b60f9f9d8f183ca2

SHA512
b18c17d0b3aee9c95c6cd34b93a67c1cff40b372639c8dbb2370142a84414672b7bb21c788093391e648b8ad4e6c046d99906d308ca98508b1629390689f72e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
378293de0922fc4d4f78d536ae7f8806

SHA1
ca85967412cc2712b7621014681ab3e6f1454fc9

SHA256
a0cfd5b818dd2358255dcb42b80bca4ec405c7a62c3b3aa7ab857b6db218d8f7

SHA512
3b08e956c55488675f51156352e7ecaccd5221b497e8c0bbb2c6ae4a295c2ff551f26b70e520d53da87eb29ee323ee5df1653088f7f028282a67768ff77b1f1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
485515f6ba39ea1f614742cb3f71d50b

SHA1
5b83bed00c1cfc649e52c9d6fb6ed24ec2caddab

SHA256
98be9f0e0e7cde9483c23417d2941176053bce5d3a973e2987d24f0e617877f6

SHA512
337225dbc975fa4e07e4ca035ad35f6009dbe92bc1702baad33a6989df82cec25bec0fb4cc5498f58f86eea5ab04a6d87eb8a94b1fd7690ba5abfb029cef024a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f7e00839cc66169c0dd97ccd26037298

SHA1
a70cabd6b76596656396462c6e8171a9f2173350

SHA256
69d6e1c27fbe0978c68b5278cf932ae86c1b94bc98b2f3fd676a9a56a1220423

SHA512
c412fe212f83e25e04502632788cc82980d8d6388b43414798a7cc4214a949ccb62b289bbb060ab6e340ddaf05776f69e480f57818a53f986a559464d0c0debc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
77b907322a75cd6f24836ae378872fe2

SHA1
3c1935d76c6cb7a2800d4dc677ff267aab22d5c7

SHA256
8ffc219643eb621ddc63355bea9150a62f4d99330a1eca80653e2f289beac78b

SHA512
8f4e6cd4e369f3c40fcfad57a00428f2d18063b9b5d2fc592493c1e9e39625e881b31768685488e73e209b4a00205505fae9098af53ea309c2a5079ee08e93a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
b8d7f0229cfda4b1a38cfe97d4559e07

SHA1
fb78074e1d7d445b024ddec7b87c9efe759e471c

SHA256
f0ea41a038ea03d1cfa56e0698d445bd8b610f5614558f99dd69c39632224e7c

SHA512
f00c4c3694f4621bf8e79d020d1be9bed9419fac634b502d98a2738cf69449433c41e96c6f28a9b0bae1bbc4929a7bceda64858afdacb5b0e77a63880c331ae6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f454ec154051e73560b971a3fe319c25

SHA1
b25369dec5d820271d48accda69e173abdc91f5f

SHA256
e143d2af5bbb1b583d9b59fc53ae57c445de21540402de720758e819a2614aab

SHA512
265f56d6dbde595c5efc3d1f7d00d709afe312babc2dcc2f38ef11391db5b0d2eb8c6829fa69fce218726499f84a13fdff7e55d95124523efd8d87e2a74cccfc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
6b9effe8d2788d46d4ef57e23432a972

SHA1
b7ba2a0d949d31ef772279375d01c09bf1ea8054

SHA256
3795b623df0e8d1ac01a08bee084ccc315e05649e638415a895dc3945866ffe0

SHA512
d8872aa2bcbbd50d08b389a8b950e56401f01465934b298327208481015876f3e4e23682df3edb1ea6b8f7df2f732418cab964959cac4abd3bfe890022dcc229

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
11219d5844882ffe5849b6d5fa41bd87

SHA1
563e2e6ec4343b23c0afe6015b6ea4dc08c55aac

SHA256
06a24be59da769c3909e0790554c28d3dcaab6df52fdc34ec1a846d468661aba

SHA512
78ccd445414aa7155b03e7388ca59c9129c16184c603d049d01c521cb8d73f0551c536ff8ab5d8693923959c4739d095f6877482a67bb64481797b6bd94c2326

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
2b66e3beb0ccbff5d819af3c66166cd7

SHA1
3396bd8d13905fd30377e85fbd7c9969a0058919

SHA256
911fcd33ded48805ad49e1a9832d2b73f5971123c11dbd6db9a3228c82c8d5da

SHA512
31812ef3633d3049d0e20013c14e8b4ce63eaf9ecfb82a40f9d9e11ed7a058c3452a585cbcf239374f242d88c9edc460377d162becac27c600d3b18b4de72666

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
36b85c41c81944e9849031803b4b03c3

SHA1
3438bcfe6e91d0b89c988e51d38141013b17d1cf

SHA256
15ce11f3862b305507c7ac5f9736e3822be016b8ae3ffff75013ff4d414830ba

SHA512
9fca9e295e87ae2caaf66e49ef8a0ae62fc8dfa182a7fbbaa0ea5f308439d0081c503b75a426e5915817edc3c5ac1688d19e2bc6100bd760e92b2e1164a58302

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\370eb5ed51869aff48cce06ff792edd50847abd2\b349946d-925c-4ee6-8ea2-6c9f2e5bd5b1\index-dir\the-real-index

Filesize
72B

MD5
77fd2cbffbaaf564e0ff1cb917e00638

SHA1
fe1f891cd39136d68f263d0e03ab56312f64a769

SHA256
0c13502b95574df9f0651b330605ff02e941b18304bdb67dc4d58ed7207f3aed

SHA512
74ea7972737277d959a16370adfe60347edab2d10b7ced6b02db1faa04db2145bbdfa4c0f4eb59da9fbb980044e6708ddc5bb2842843f777c0fa31ae911caa58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\370eb5ed51869aff48cce06ff792edd50847abd2\b349946d-925c-4ee6-8ea2-6c9f2e5bd5b1\index-dir\the-real-index~RFe57f3e5.TMP

Filesize
48B

MD5
ccb5d8fb40bdaa49d4c8ff2876157924

SHA1
fe705aeaccec8ce4a194a02b01314bb457c536fe

SHA256
da100a54984f98f1dd942e1c3494672e2827d027d0fbbd3dccfa610b1c97ff4b

SHA512
fa4691e2fa9d83346a0ac7d793cd42a86acbff4999edff32d7c171d031854e1c0e276d69b7b34ba85eef5ee301bf65c85124cb478112e2d37b2dc9f938d5d4d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\370eb5ed51869aff48cce06ff792edd50847abd2\index.txt

Filesize
125B

MD5
5f2c587a01479e5b85b1e42273432d99

SHA1
3441e15ba9f54b1bc0d17ef8e3c02da742e808fd

SHA256
d68db99402906c69085df17d509f7d972d3ca57df549435b739d8c8390c16551

SHA512
41509350efdb013c842f6925770b70b93dddf8a242e91bcda8c656bc774a049a414190e2ba4772e2ae31f37fee2baf08b2c6cd84a79992014dcd7aa5f2445b80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\370eb5ed51869aff48cce06ff792edd50847abd2\index.txt~RFe57f414.TMP

Filesize
131B

MD5
a560406efad13fbaaa953dd79f184276

SHA1
8937bbc703a7f5c758d4df49c3cb75e5ad2be322

SHA256
6e8f1a1ef49a7f79f292ab5e57b650f71a180b0b31332caac6cc07d347362148

SHA512
d36fb2e4a2d7dfaca94bda3d55b80269dc4737d99c164d1d3f62774875143fc0d4ecaedfb371878b6ffba4c044b6c2b33f7ff02b94952976885ce2254fd0d7c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
828031702f374180ab8e9e753c8cd241

SHA1
83773ef3cc3691f88e3d27cf117c19b1591b50b3

SHA256
0c25365d0f9d2e4600db68276cf689b848da7ddf6b671eca4dc34549a1bc2126

SHA512
6aed00ae20f13981970a4a873b8872a7f68cf85c3072b4e3548a8451404f7971b54c5f963b0cafb285e1cfb39eac64f4f9c231ebae3dee3a7fb99eb4d25ad99c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f32a.TMP

Filesize
48B

MD5
6c6be4ba6cf24fc75283f3b7a9bcbcb6

SHA1
564ea57818a210234655372be6c6338d140e9301

SHA256
95816646f62677c8828e33cc882024d2a2f2aa979a5ecc15c07775e82c6837c0

SHA512
ada9b5170ef0b36b92b0d1df414c1b6c72a072b11e1ffa79b5983b9ff5fa036c592b7d60a41f0d5822045ad3cec5b8ecb43638caef98cd8449d212878ac13eba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
4e4b3c1dc321377ac598a01a02d4801c

SHA1
8c4ed20013bc36eb9bbe3b9bbdc6763f0741acf2

SHA256
63929c4f7d8ed8142475ab06405cd1d28a18e33e6e16a9e763f39da14ef6636d

SHA512
24de5b754e928eece1c0c8d7f60eafba58113d2d49e9f47790bb8b66e482225d542e7b150ee00097af8b82fe7f86c76fc0b9019af9262e3896a0f089fa6e09aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
1870758e9f06fa42fdbe44812b63e2e9

SHA1
db7afad21c16f069b63177490547dd232403fe87

SHA256
cbf16a0692ce965a56bb030fee563948e14bceb2da32c051555a62ce503524d4

SHA512
6a0c3554b701d8b2d0f9a9ac0098d73aa6c5a14ddad1bf4c1085f90787a09f39b0d195fd4fc9aebb3dc347839777fefb068b9a783f6ccfc7b3ee14b3d4caad26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
afe2bf9032299809cf62dbbf9e28c4e4

SHA1
f32ea9695761a8c4cb67183acab61b9c36fe35bc

SHA256
e02bb8bdbf2df5afc917c6793cbaf6eb6e59999eb008c91c3ec088d2675e534c

SHA512
1f36f2da416ac3a71d3dac519482111e743ad8887eb5cad8fe4372fd753cd185f108af5dc6041f7a2a6cd44326a631899e10b08449a501765742e1ec04a05238

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
df8e74c96817053201819c497dda4b23

SHA1
bec26d7ac72de94533951dc1b0b9b5bb8400a740

SHA256
8ffcad7e86b933228d710353ed1942bd35e0a74aeb1e82d5715feec0b26c6043

SHA512
20156a33a343fe748f5ea6b8314dd675d08da2f7fc1fcb68e00cb5ea1f6dea2b469b2f65a28523f64f70f6525d883e7ee287d6c6b39ff3971cf053d9f3eab1b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
107KB

MD5
99def6a8a8d012202853d19eed8d96c4

SHA1
dfb9789afd0797168f06cc76089ea043c82ef9b8

SHA256
27a7180d03ddf0b845d45f66e484e736c7d0c215e1969cf176809653d1bfdc4c

SHA512
8f200e55002e4ace706e220dcd36412ef6d4cfd83cea5f527364604f86e698bf4271f42f2cb347309a0f4ac5c5c8678850116751f62343b01dfa993a7a30e6d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
113KB

MD5
fccb4ac0ec9086c99310f0f5445b5b7b

SHA1
468eb94d3c9b0c1fa8b340123369cb6c8f3cc0a2

SHA256
082fab7f10d6f12b669e9f1f83295ca69b35b0dc7ddbf040984f92c9132e0b11

SHA512
4d7eb2b45a8f13c51dffe60d6280a33867444cd3aeb179ccc308c2f92e3213f3eec542dc37c37e83377149e552e16fbf062b0111a8677f5c39972842fa41f565

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
114KB

MD5
059e24d5636964b27cf3495ae5c22d4a

SHA1
9b339c89b0ad465c7ba51da5b7a45786070f35b7

SHA256
89cfb68fff0edca7691c1e2628668006fd3d003a1006fdefb1a5f78291905fc4

SHA512
d8498ca4b18bba2e3450211b648358ac3ec5320d7d6de4bf09e9b71460f4288e7016ed939576db50d612e63953e4f4f5b6b0482a05b510ef2d040189c139920c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58c07c.TMP

Filesize
100KB

MD5
c044b9f25e8853d8bbe283d6feeee132

SHA1
6700e37e50ccbc56e8a18645763060fbe1f34613

SHA256
4f2f634999a5cf9228039e42c40bc72632afc57bb10d7923a6a53a2261e7d9a7

SHA512
55b2df81be379e03187c16ef70c50af4e2fcd9aae56f05a3a6fbee09f9d74f97552df21cc133a0a9488d5fccd4783dbfcbb0f9f9039db94538ff884808cc88e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI95a2c.LOG

Filesize
63KB

MD5
06e5962aaf4c0ef284943cda67a552c3

SHA1
308efce0d2b8e1d91e16f2eb99865dfb873a9a88

SHA256
15d605aadb1a13dccd9890cdc04dd21a4f17d9e026dbe9eb29814f40202d7574

SHA512
a8be9d64f52632ebf8c3bad03764a88beee77e73c0b52fbcc59d9338f7dc5b9fcaab19e20124e9c510ce5354ddd689a2aeb0fb99b5b3be97ab72f2ee57e16f99

Download Submit
C:\Users\Admin\Downloads\DB.Browser.for.SQLite-3.12.2-win32.msi

Filesize
15.0MB

MD5
ad4e586861c798fd5e8301490b5c6191

SHA1
e3d539be64237d513be0e667e2250d7b772a11f2

SHA256
2b87a0ca1b14f436f2dc2cbfaa380249e754c3c87c81b6648a513f75d3c73368

SHA512
c2fcef27f9adeee3b81b8d84c900688a7289f2f07f9b8e5dcc2ecec430f9c6c1863b86c84d02a7378291b80049ec2add72880d954aa7bb7895e060e9c139f268

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 560872.crdownload

Filesize
15.0MB

MD5
ad4e586861c798fd5e8301490b5c6191

SHA1
e3d539be64237d513be0e667e2250d7b772a11f2

SHA256
2b87a0ca1b14f436f2dc2cbfaa380249e754c3c87c81b6648a513f75d3c73368

SHA512
c2fcef27f9adeee3b81b8d84c900688a7289f2f07f9b8e5dcc2ecec430f9c6c1863b86c84d02a7378291b80049ec2add72880d954aa7bb7895e060e9c139f268

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

Filesize
25.0MB

MD5
d1738b3bbacb13fcf33454f739c67f9f

SHA1
48d76348e8d7d48542005580702f1cab07cb9f1a

SHA256
aafb3c8fe369d616821e84b6bc41c825446b3a8ac4226bb9813b579e02c22269

SHA512
4d1414e9f132edfdc4c18846a5e4178e704e077d30957c775feb981c98b109fcdf47b89785542f4dea8b4e347029e2732ecba0ba7294803b2dd1037dd7b10b8e

Download Submit
\??\Volume{90ce6553-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{849ccd0a-c648-43ab-a4b2-fa3b206d7f21}_OnDiskSnapshotProp

Filesize
5KB

MD5
de01cefa8341d097611b83300e212368

SHA1
fe81e91ea951104610a5dada9d76ffba4f08cd98

SHA256
261d31fac739df222d8a2c2d79031ab4c6a507565795d5a11346ca5972156b5c

SHA512
1c9f5f8b865465e8e21aeebd3ba5f79a51b3ab3aced88ae8d6705f128da3a577cc921ab9038166547364b3649e8893997c9dd8deeb3eb74d78c5effe02d2bd31

Download Submit
\Program Files (x86)\DB Browser for SQLite\Qt5Core.dll

Filesize
4.9MB

MD5
d50b7a11fb54309cf915c088a9e74f22

SHA1
194cf34acd76596d8ab379893f2a918481bce975

SHA256
48fa57a76bd784008e9b3433e58e0d28005ea5f5e3304924764e391d2e4236a4

SHA512
d38b5980769fccd997fd727053e7dbe539bafc46b9a177ba95cdc99a69c4278fc905976a60e625116ef1e5b54d7f2870cc855103de6a00e90bcacc5a8963977e

Download Submit
\Program Files (x86)\DB Browser for SQLite\Qt5Gui.dll

Filesize
5.1MB

MD5
9af8844d2e5fa1b78ca5d5717750bf8e

SHA1
69768b6a935ad6aacf07576a3a34bb84464953f2

SHA256
7923ffadf87460d0ec4bfb55c1440657128d983d3f8b0577fb4eda5d504db1c6

SHA512
b2141fed59308a8ae46e0b820ce14a591777fc84a6dbbfd908f34445a1d34b62e3cb4c0ee1dfd500d18bd490337be84830926cd4a8a78959b5186a2703d942d2

Download Submit
\Program Files (x86)\DB Browser for SQLite\Qt5Gui.dll

Filesize
5.1MB

MD5
9af8844d2e5fa1b78ca5d5717750bf8e

SHA1
69768b6a935ad6aacf07576a3a34bb84464953f2

SHA256
7923ffadf87460d0ec4bfb55c1440657128d983d3f8b0577fb4eda5d504db1c6

SHA512
b2141fed59308a8ae46e0b820ce14a591777fc84a6dbbfd908f34445a1d34b62e3cb4c0ee1dfd500d18bd490337be84830926cd4a8a78959b5186a2703d942d2

Download Submit
\Program Files (x86)\DB Browser for SQLite\Qt5Gui.dll

Filesize
5.1MB

MD5
9af8844d2e5fa1b78ca5d5717750bf8e

SHA1
69768b6a935ad6aacf07576a3a34bb84464953f2

SHA256
7923ffadf87460d0ec4bfb55c1440657128d983d3f8b0577fb4eda5d504db1c6

SHA512
b2141fed59308a8ae46e0b820ce14a591777fc84a6dbbfd908f34445a1d34b62e3cb4c0ee1dfd500d18bd490337be84830926cd4a8a78959b5186a2703d942d2

Download Submit
\Program Files (x86)\DB Browser for SQLite\Qt5Network.dll

Filesize
1.0MB

MD5
f695b4ec06c6d164e71742dc52cf45bd

SHA1
91dad1f5e88e0acee59b06ae861d6231656f3b91

SHA256
672b9e404d20c94c137172deaffdbbb9be6b9922e10f6fc7f2d8d1d13d8a7ddd

SHA512
347a89435db11b92ed530ebb5fde97ca0fa70da5af33cf0a8687679a777ac8e6d19761a1085618b0f54804fff0c4b4c66cd20eae31a9544a9262db1f846b9028

Download Submit
\Program Files (x86)\DB Browser for SQLite\Qt5PrintSupport.dll

Filesize
267KB

MD5
b5eaabb429cce10382ce1f32cdbaad15

SHA1
9e418c0a5cd664cb2bd68804724944ee8aadf5e4

SHA256
7c022b2fdd24a36279b501af27031f4d656ddddd0e934dce71e383b20d5b143b

SHA512
e1ca74f3c6931cf6bbf837947ab16f3dfd16ab6fabb56d615ecb60a4cb468c5335cf12c182a6bbaf799a5a98308da3c95c09f680d3dc0790af5012b5748f1fdb

Download Submit
\Program Files (x86)\DB Browser for SQLite\Qt5Widgets.dll

Filesize
4.3MB

MD5
0437c572b8692fe4d9ab3227b935f6d0

SHA1
91a586716b48f790521fc40c3b0b80c0dd16f5d0

SHA256
4ce775b049018e12196fd710c6b5d390562fedcfb283433628a3f1079574b7c1

SHA512
cf5fd292455c57a6e92f0f98da526c1d911a1ee54cae2dec45fa75d1bd09490cde95933a26778c1ce45f0f59a54701ec0dd12e7b7867c30bdf37fc48784107fc

Download Submit
\Program Files (x86)\DB Browser for SQLite\Qt5Xml.dll

Filesize
149KB

MD5
f72e734ae779ded6bb1edeb2244803e9

SHA1
5c2fee1f4d961c9adeb4e3fde20adec270981ecd

SHA256
4997a38c2d595cbdbc97cf1af5924a14535bcb2d03b7126c148722852280faf3

SHA512
c57dfe3d88119be7a873b339a8e638b4da746af983dbbdfca7e4c33f888309082fd6079e4d415f67cb23b42af831e27bc7c2dffec408c906718ccd3e3266c1e7

Download Submit
\Program Files (x86)\DB Browser for SQLite\imageformats\qgif.dll

Filesize
30KB

MD5
ad90539a0cc5bea4ce30ccf45b22be95

SHA1
ef7c968e399f30b34da6a49adea6a891c8449d32

SHA256
2bfeabb11ce7f48b062c1044c54eb117408517c0e0c09641ea682bb3b35728ad

SHA512
cd5e564c72bc1ccbf642b437b85ef1760e692e178b6c5e40bf183fb3decfa3cd59c97bfa7ed620715837c33b2128493b5c7b07f48e6f6e83cdb3bd6675af9979

Download Submit
\Program Files (x86)\DB Browser for SQLite\imageformats\qicns.dll

Filesize
39KB

MD5
6e9ea212ede912e5adea6a724c942241

SHA1
2c3a3670fb1a443950e8c8aa1c4a6f80bd4b04d4

SHA256
02725fa085c4efeb9a380662a51e81c2483aada0b8632842b484cdd4f6066f75

SHA512
384308b876f149117895ecf98ed8df11c2ce1794301be60630b2a844c30e38eadca78823a50fc9a2dd5d1e79d17311bae213f0454270143e5a20ddd8b5e696d8

Download Submit
\Program Files (x86)\DB Browser for SQLite\imageformats\qico.dll

Filesize
30KB

MD5
10c535fcfca304afb59a8c491349426f

SHA1
7a53485cde15e7212814a49b1e8f84d90fc9573a

SHA256
a4a9d2dbb549b62c615e514d4aad75298e8342ab90b7f30ae163f064654a1299

SHA512
6c4fb8592a1f3cb6dbba02a23787d8d782aaf9c227db141aa846e908dccb0b584cd32d6daa0f8dbe12a6803eaf41b8e36c33a558461006d52abe512f51420bde

Download Submit
\Program Files (x86)\DB Browser for SQLite\imageformats\qjpeg.dll

Filesize
361KB

MD5
a411567f64e267460df090d795a8bb32

SHA1
f3762d6a199aac2824f418914069b5cff5914e05

SHA256
80e1b62b936b10cfae9610796b9e160615c0deffa82f0f8f27c2212baae9d7b8

SHA512
e123a351144f6ebcabaa89a7ee5c26b84b6938daa99a6e80e25cd2d65b955456d0cf7631f22ea3badbac21bcc58711e9588f3d4b4034305fe41faada318bf5c9

Download Submit
\Program Files (x86)\DB Browser for SQLite\imageformats\qsvg.dll

Filesize
26KB

MD5
ca2ea003c6fb8ee2b3f059dcd9338012

SHA1
7ad2a5bdba61f432d5a5cc655d6834a91e6fc2f3

SHA256
87905c987b8e6301d50ff691482c6cc262d0c96973a38e2d8a294cd720b37b4d

SHA512
6cc54d7e8308ddd5ed2c4eef113bacf87425e8cf6143466614549e25431b880eed663afae671eefa21eec2ef78635dd64e57df971bcaebf8ae33752815bcf249

Download Submit
\Program Files (x86)\DB Browser for SQLite\imageformats\qtga.dll

Filesize
25KB

MD5
01aeacef1cbba321ed07e3cf49b06d9b

SHA1
c8691fe75bce49bfff67e679605d5e858d445112

SHA256
87286169a36e11e5a540b65df67a6512ebc643169477a86bee23277b8c5c5ad7

SHA512
9e483d13aa3039366c18a360556caf9e43febd8a14304a69a56e58e229b33d644f152450785ce9b6921823ea8f21952c410b0e985ab506f7e67b439324cfc8e0

Download Submit
\Program Files (x86)\DB Browser for SQLite\imageformats\qtiff.dll

Filesize
334KB

MD5
4d3fb436895b4da422202fa604f3cb01

SHA1
174d424b645580e04d8964e054d26aaa0611ec83

SHA256
b59eb63c33109a0bf9522b90413722a9f55bbe2e078875a741e543801c9b8cc9

SHA512
c19f97da2948b2cac3810ea169355470eca16c77161ccc53794b2cf83a4500186ea0bbc3f5951b0120fad34b4b82dd288001835a5bc0bde184a5383a9b892542

Download Submit
\Program Files (x86)\DB Browser for SQLite\imageformats\qwbmp.dll

Filesize
24KB

MD5
3f7f7751e4d5012a4172defd85035a5b

SHA1
1a11a8e42fda38b3eb5c080f220dd9f251be321a

SHA256
4bf0f58498ca0bcbe5383606040a24ce40fdc6dfaadcaf9fc75aaaa8f169f8fd

SHA512
ba49a8be4ca8e01e0a607158e0a7e5c2c80a9d3d64d43d50e2297c4b3d064919b9f0235688bb9a069a48e2e945129ba73b9e084998ed7c221246bf8181ef8a78

Download Submit
\Program Files (x86)\DB Browser for SQLite\platforms\qwindows.dll

Filesize
1.2MB

MD5
c41b9d665cbfff0d51aeeb84b70dc978

SHA1
d95892dd39c8ab2d11ac4329233a1fe1e71dc479

SHA256
441b8371df3411361131e9ea2db0a091d26d699636932e695afb67f8adaac77b

SHA512
c89ab6e0710abe5c32a0471ff3b08538be0a9c6ed50833b82d12ebb19124a94161fb1748969ca5fe0d8aace10ff499b3317db9b07bdba370a9b0bf5707f6b7c1

Download Submit
\Program Files (x86)\DB Browser for SQLite\sqlite3.dll

Filesize
1.2MB

MD5
e0dc4703c92a7b2f3986e7ce90f6065d

SHA1
5ace893f85549ad737ca7f6529ff350ea5c2a501

SHA256
e9f3a0a85a22726f0f0501e6c1d730a9b39ba6a6d8e5de479b90f75d058b539c

SHA512
cb0246a7ad1bcf381786597bee88ea0df6a2a3a577d88ed5401777215f99a2ffaeaa86dc92b78c98b69045f4c3ef747acb4f28ea6a71bfe2d31ea7f56869e085

Download Submit
\Program Files (x86)\DB Browser for SQLite\styles\qwindowsvistastyle.dll

Filesize
125KB

MD5
4e611fb1077bfa73f24cc11fc9c9c871

SHA1
8e68093fd3d585b668705b9de21d9be104ae241f

SHA256
8ca284c960d744f35f8af783af791fd1ecfe02965e342b4c3220ee3d162ae3d0

SHA512
94e0083ef999908a5a624eedaef8ce24ebcee09abd1c38ae517747ef617d3ed4207d3ea0b1df47f1379caed5d7d397303f6e81ab24466724bf6273979ed85f09

Download Submit
memory/2884-685-0x0000000003250000-0x0000000003260000-memory.dmp

Filesize
64KB

Download
memory/3908-735-0x0000000006580000-0x0000000006590000-memory.dmp

Filesize
64KB

Download