e8e9a39e3a87b6d069a2cb949878b0e50806430673ef273d59dd7a450a41523e

Analysis

max time kernel
540s
max time network
558s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
08/10/2023, 05:04

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

perfil.jpg
Size

25KB
MD5

beac4445d6bc979180dcc6d8e3fb2ec3
SHA1

f86a82c9dcd27135a9fed8d360dd357a5da3483f
SHA256

e8e9a39e3a87b6d069a2cb949878b0e50806430673ef273d59dd7a450a41523e
SHA512

9586184bdcfb10e7bf2835614bb866ade80838653075616ec197cb00e96c8f4543e9a5aa9f21ec637e03214c692873dad54c1380c433e6b0769230baa6a67ed7
SSDEEP

384:JM4DV072v7/eYZIzd8rCOnfIIusEsseCxnJ2CrYbNK:JMOw2v7/RznA6dmgCrt

Score

8^/10

evasion ransomware

Malware Config

Signatures

Disables Task Manager via registry modification
evasion

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\E:	000.exe
File opened (read-only)	\??\M:	000.exe
File opened (read-only)	\??\N:	000.exe
File opened (read-only)	\??\P:	000.exe
File opened (read-only)	\??\U:	000.exe
File opened (read-only)	\??\Y:	000.exe
File opened (read-only)	\??\H:	000.exe
File opened (read-only)	\??\Q:	000.exe
File opened (read-only)	\??\R:	000.exe
File opened (read-only)	\??\T:	000.exe
File opened (read-only)	\??\W:	000.exe
File opened (read-only)	\??\A:	000.exe
File opened (read-only)	\??\I:	000.exe
File opened (read-only)	\??\K:	000.exe
File opened (read-only)	\??\L:	000.exe
File opened (read-only)	\??\O:	000.exe
File opened (read-only)	\??\S:	000.exe
File opened (read-only)	\??\B:	000.exe
File opened (read-only)	\??\G:	000.exe
File opened (read-only)	\??\J:	000.exe
File opened (read-only)	\??\V:	000.exe
File opened (read-only)	\??\X:	000.exe
File opened (read-only)	\??\Z:	000.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Control Panel\Desktop\Wallpaper	000.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 2 IoCs

evasion

pid	Process
1972	taskkill.exe
2828	taskkill.exe

Modifies data under HKEY_USERS 17 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "229"	LogonUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133412151220214602"	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3027552071-446050021-1254071215-1000\{4BA71536-6685-4D48-B13B-661A74B19748}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings	chrome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\icon.ico"	000.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3027552071-446050021-1254071215-1000\{4E568191-C7E0-445A-A43E-7560096E4A0B}	000.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1444	chrome.exe
1444	chrome.exe
5640	chrome.exe
5640	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe

Suspicious use of FindShellTrayWindow 40 IoCs

pid	Process
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1264	000.exe
1264	000.exe
3500	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1444 wrote to memory of 1040	1444	chrome.exe	99
PID 1444 wrote to memory of 1040	1444	chrome.exe	99
PID 1444 wrote to memory of 4948	1444	chrome.exe	102
PID 1444 wrote to memory of 4948	1444	chrome.exe	102
PID 1444 wrote to memory of 4948	1444	chrome.exe	102
PID 1444 wrote to memory of 4948	1444	chrome.exe	102
PID 1444 wrote to memory of 4948	1444	chrome.exe	102
PID 1444 wrote to memory of 4948	1444	chrome.exe	102
PID 1444 wrote to memory of 4948	1444	chrome.exe	102
PID 1444 wrote to memory of 4948	1444	chrome.exe	102
PID 1444 wrote to memory of 4948	1444	chrome.exe	102
PID 1444 wrote to memory of 4948	1444	chrome.exe	102
PID 1444 wrote to memory of 4948	1444	chrome.exe	102
PID 1444 wrote to memory of 4948	1444	chrome.exe	102
PID 1444 wrote to memory of 4948	1444	chrome.exe	102
PID 1444 wrote to memory of 4948	1444	chrome.exe	102
PID 1444 wrote to memory of 4948	1444	chrome.exe	102
PID 1444 wrote to memory of 4948	1444	chrome.exe	102
PID 1444 wrote to memory of 4948	1444	chrome.exe	102
PID 1444 wrote to memory of 4948	1444	chrome.exe	102
PID 1444 wrote to memory of 4948	1444	chrome.exe	102
PID 1444 wrote to memory of 4948	1444	chrome.exe	102
PID 1444 wrote to memory of 4948	1444	chrome.exe	102
PID 1444 wrote to memory of 4948	1444	chrome.exe	102
PID 1444 wrote to memory of 4948	1444	chrome.exe	102
PID 1444 wrote to memory of 4948	1444	chrome.exe	102
PID 1444 wrote to memory of 4948	1444	chrome.exe	102
PID 1444 wrote to memory of 4948	1444	chrome.exe	102
PID 1444 wrote to memory of 4948	1444	chrome.exe	102
PID 1444 wrote to memory of 4948	1444	chrome.exe	102
PID 1444 wrote to memory of 4948	1444	chrome.exe	102
PID 1444 wrote to memory of 4948	1444	chrome.exe	102
PID 1444 wrote to memory of 4948	1444	chrome.exe	102
PID 1444 wrote to memory of 4948	1444	chrome.exe	102
PID 1444 wrote to memory of 4948	1444	chrome.exe	102
PID 1444 wrote to memory of 4948	1444	chrome.exe	102
PID 1444 wrote to memory of 4948	1444	chrome.exe	102
PID 1444 wrote to memory of 4948	1444	chrome.exe	102
PID 1444 wrote to memory of 4948	1444	chrome.exe	102
PID 1444 wrote to memory of 4948	1444	chrome.exe	102
PID 1444 wrote to memory of 1280	1444	chrome.exe	101
PID 1444 wrote to memory of 1280	1444	chrome.exe	101
PID 1444 wrote to memory of 5324	1444	chrome.exe	105
PID 1444 wrote to memory of 5324	1444	chrome.exe	105
PID 1444 wrote to memory of 5324	1444	chrome.exe	105
PID 1444 wrote to memory of 5324	1444	chrome.exe	105
PID 1444 wrote to memory of 5324	1444	chrome.exe	105
PID 1444 wrote to memory of 5324	1444	chrome.exe	105
PID 1444 wrote to memory of 5324	1444	chrome.exe	105
PID 1444 wrote to memory of 5324	1444	chrome.exe	105
PID 1444 wrote to memory of 5324	1444	chrome.exe	105
PID 1444 wrote to memory of 5324	1444	chrome.exe	105
PID 1444 wrote to memory of 5324	1444	chrome.exe	105
PID 1444 wrote to memory of 5324	1444	chrome.exe	105
PID 1444 wrote to memory of 5324	1444	chrome.exe	105
PID 1444 wrote to memory of 5324	1444	chrome.exe	105
PID 1444 wrote to memory of 5324	1444	chrome.exe	105
PID 1444 wrote to memory of 5324	1444	chrome.exe	105
PID 1444 wrote to memory of 5324	1444	chrome.exe	105
PID 1444 wrote to memory of 5324	1444	chrome.exe	105
PID 1444 wrote to memory of 5324	1444	chrome.exe	105
PID 1444 wrote to memory of 5324	1444	chrome.exe	105
PID 1444 wrote to memory of 5324	1444	chrome.exe	105
PID 1444 wrote to memory of 5324	1444	chrome.exe	105

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\perfil.jpg
1⤵
PID:1628

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3920.3.1949447517\195119552" -childID 2 -isForBrowser -prefsHandle 2444 -prefMapHandle 1276 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9af55eeb-7a64-4d73-8524-5b6a8502d4c5} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" 1524 2a73a1dff58 tab
1⤵
PID:4796

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3920.4.637243989\2074365229" -childID 3 -isForBrowser -prefsHandle 3716 -prefMapHandle 3712 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c59e3185-bbc3-4089-b225-87dae6f3f0e3} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" 3904 2a74b4df958 tab
1⤵
PID:2272

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3920.5.726079597\192096074" -childID 4 -isForBrowser -prefsHandle 5032 -prefMapHandle 5028 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cce5e4b4-b984-4b2b-9401-b93ee0515642} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" 5044 2a74c826858 tab
1⤵
PID:1468

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3920.6.56408283\349844408" -childID 5 -isForBrowser -prefsHandle 4692 -prefMapHandle 4680 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc067f00-3e9b-4b4f-a89d-ef5ef0b255d8} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" 4912 2a749cf3858 tab
1⤵
PID:1728

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3920.7.2039476725\1171900738" -childID 6 -isForBrowser -prefsHandle 5264 -prefMapHandle 5268 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {97ab7d9d-f6f5-46de-9409-0f57907c1fed} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" 5344 2a749cf5658 tab
1⤵
PID:604

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffbe47b9758,0x7ffbe47b9768,0x7ffbe47b9778
  2⤵
  PID:1040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1944 --field-trial-handle=1996,i,18254078416342979431,2822612920219624337,131072 /prefetch:8
  2⤵
  PID:1280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 --field-trial-handle=1996,i,18254078416342979431,2822612920219624337,131072 /prefetch:2
  2⤵
  PID:4948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1996,i,18254078416342979431,2822612920219624337,131072 /prefetch:8
  2⤵
  PID:5324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3236 --field-trial-handle=1996,i,18254078416342979431,2822612920219624337,131072 /prefetch:1
  2⤵
  PID:5404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3100 --field-trial-handle=1996,i,18254078416342979431,2822612920219624337,131072 /prefetch:1
  2⤵
  PID:5392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4084 --field-trial-handle=1996,i,18254078416342979431,2822612920219624337,131072 /prefetch:1
  2⤵
  PID:5720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5056 --field-trial-handle=1996,i,18254078416342979431,2822612920219624337,131072 /prefetch:8
  2⤵
  PID:5772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5068 --field-trial-handle=1996,i,18254078416342979431,2822612920219624337,131072 /prefetch:8
  2⤵
  PID:5780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4064 --field-trial-handle=1996,i,18254078416342979431,2822612920219624337,131072 /prefetch:8
  2⤵
  PID:5924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5584 --field-trial-handle=1996,i,18254078416342979431,2822612920219624337,131072 /prefetch:8
  2⤵
  PID:5992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4796 --field-trial-handle=1996,i,18254078416342979431,2822612920219624337,131072 /prefetch:8
  2⤵
  PID:2988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3776 --field-trial-handle=1996,i,18254078416342979431,2822612920219624337,131072 /prefetch:1
  2⤵
  PID:5796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5708 --field-trial-handle=1996,i,18254078416342979431,2822612920219624337,131072 /prefetch:1
  2⤵
  PID:5188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=6132 --field-trial-handle=1996,i,18254078416342979431,2822612920219624337,131072 /prefetch:1
  2⤵
  PID:5668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6076 --field-trial-handle=1996,i,18254078416342979431,2822612920219624337,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5948 --field-trial-handle=1996,i,18254078416342979431,2822612920219624337,131072 /prefetch:8
  2⤵
  PID:5616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3960 --field-trial-handle=1996,i,18254078416342979431,2822612920219624337,131072 /prefetch:8
  2⤵
  PID:5756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3344 --field-trial-handle=1996,i,18254078416342979431,2822612920219624337,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:5592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5776 --field-trial-handle=1996,i,18254078416342979431,2822612920219624337,131072 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 --field-trial-handle=1996,i,18254078416342979431,2822612920219624337,131072 /prefetch:8
  2⤵
  PID:6000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3344 --field-trial-handle=1996,i,18254078416342979431,2822612920219624337,131072 /prefetch:8
  2⤵
  PID:5632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1648 --field-trial-handle=1996,i,18254078416342979431,2822612920219624337,131072 /prefetch:8
  2⤵
  PID:5836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=992 --field-trial-handle=1996,i,18254078416342979431,2822612920219624337,131072 /prefetch:1
  2⤵
  PID:2656

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5472

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x528 0x324
1⤵
PID:1016

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2660

C:\Users\Admin\AppData\Local\Temp\Temp1_000 (1).zip\000.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_000 (1).zip\000.exe"
1⤵
- Enumerates connected drives
- Sets desktop wallpaper using registry
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1264
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\windl.bat""
  2⤵
  PID:5860
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    - Kills process with taskkill
    PID:1972
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im taskmgr.exe
    3⤵
    - Kills process with taskkill
    PID:2828
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic useraccount where name='Admin' set FullName='UR NEXT'
    3⤵
    PID:5552
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic useraccount where name='Admin' rename 'UR NEXT'
    3⤵
    PID:5348
- - C:\Windows\SysWOW64\shutdown.exe
    shutdown /f /r /t 0
    3⤵
    PID:2816

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3919055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:3500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\190b5e47-461f-4ad8-a2a7-7d6a60870e7f.tmp

Filesize
15KB

MD5
919a2e621fbd3ef4dcff95aeec7b4300

SHA1
30dded182d8e8fb03f5d9493c572bf1d891b12b7

SHA256
6c89f3a5b89330a08d3ceacb420ef25bd70b693789cd3cd10d574c624df65eea

SHA512
4f085d7fc961d678491f435f6e23c86d0e81b009f0d0547e23a52c33ab587b43a66a88fd549d3b1e254e74de95c4ceb284bd92b0dea494d9c60d89736df56fa0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
47KB

MD5
3d734bae1570b8a68dd6b098b8b5cfd7

SHA1
3836b232a3d2691e84d5925cd78acb52253afd89

SHA256
2c9172ec95e9199468e46a16c3f42435e90882744af3cd098fe332edc476c74c

SHA512
9b2b50e142618849e0ee1c57269cf137d30bbf8f31459f2e78dd2479a6ded531385b015e51cd6b29a872b53fc78af627f513da33814eb5b597602aa90adc8335

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
0a506ddc8ad66896fddf55e2b1a13433

SHA1
fdc16dda0380db96c6847eafccadb9a553ae653d

SHA256
fdb8c789f41f70df07a3727d9b08364eaec45ac71aeb10cc860a83ea33c874d1

SHA512
363863ce8a8c3f638bd5dacdb7c212d1d570a8539dab325d7022b6a58ed3b2ba52e77052f5d59a9c890be73dec23069d6abefaa1a723da4d1a06119a39c8333f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
088f4fa165a6484e16036b01c75dadc5

SHA1
35f388b62b403108f8640e863a4c9a7145f58304

SHA256
0f92e0a426c3b542b21da036b7acf445dc10cf971271b17452996b54e4e1503c

SHA512
a1ce8b69151cd93104fc45be5ab235dcd63f6e3a76e35bfdc2525d0175bfd2295fb338da46099f573ea240eaf2fedce0eb942ea3f78eb402252bda0ee0e09d3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
4810643c39441c0bf682c5357912bc1c

SHA1
7f0b7cc1b0bdbc254e986f8063c376b73ce542a8

SHA256
ba917d12517ad9f92b1f20ca25ea1e92c7168ba8b23d06f2ceb5c3cc4bd2e673

SHA512
dda274b6ecf9f8b9e81931c54e4ebba563511ffa87e9e3f622512e01e8bd4af925e501036abfd8ec4e839e829df69ac56d38b7210383a78ea1776a0887c81f3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
2555ef4e5619b9b96c69dabbc71facca

SHA1
6a24c79ffa2dbe7d34f7ab9cb30b46ce2f628b70

SHA256
f75953e5959d7e555cc72346f84fa5950c476c70d984fb650bfe4d301082bef2

SHA512
1af27a6db7333a02ccb5c82ed2dc39355f53f2a82479c1dbeaa5990809a7b6f37e39d77a9897c21e7a32507c262e7f0e5f7365682207058bc6f84c5c04ffcd37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
38230b21a92c4df71c289aa7e27617b1

SHA1
9d2f75e81718ed1ed52b30e9cc84185bec381c1e

SHA256
5dd3430cc5b82abeef9a2c46d888329af98c330946b62c894e8c58b90eb82bfa

SHA512
885696c88a5e832a05689feda3225cf4e2f3dfeac76564e0f7f6ff4ca7a0d11dfbd66e9e5fb646c5a6b42f95246ca641b2e28d138d31dac0ba16c163818a7978

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\7128cf1d-cd73-4d20-85d7-661235616fe5.tmp

Filesize
1KB

MD5
a5042e71d40a1e8d4d196bbe0aae0a4e

SHA1
1463f665afc719ab70db5338233c3e0874f4c98a

SHA256
ba2c8539d19cfa07274d3e49fb44234df7f9c111afe320da44c98f3015360930

SHA512
d91e912716766c1ac75b563616cd7e321392ef464397b93f50b03fa80756e23ad5109ca5756d9f559760d58d990dbe916e83785bee6763f230b21249e0a57da8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
0274cb1d7fdba6de2f26744283109009

SHA1
fa04f33ec3efe1d5a3294ea4027160daa7fe370f

SHA256
9e1ad1c8bbb981696392e9424bd53968caf9663ecbb9376f7bff39c2ade3e2d8

SHA512
d26d91b80b2a548c87f39fdc69d903cda03980b7b9c1e76ff9c232f4fd30c0d5e93c5bc74a717aeb046df258288445775f4d322c4065ab62701f896569456b0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
37215ad9faded4fc32f22f3d63f32a09

SHA1
e97a54d4b3c3bf5a73b61fabf4554d1ea8d6ddf3

SHA256
79e50de463235ddee357a51e562fa2edfb5c30d9edad5861f57b59ea0ae53751

SHA512
1c26cf7db0590f669ebe775ab5eb436c081184e14e0c628416586eb783bd0500424652b4f923053d02b5aa789e26e53ac7cc79c10392435ab5aa22f947c79387

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
b4d5178b1ce026379a6a011a34a26a60

SHA1
fc5867af3f8152f2d76f81b335d131aae47d8ca5

SHA256
d2d32d83acc83cf98c1db40badaf609592365f286257634110b8ca7a8ad91bb0

SHA512
922299a75c1d5a6a8e7be7149ce8c1f427a822df6f5090dd6c44c0136a7b3091029ee70448d282a05ac0ba7e3a2a75b3ce474c16e405aed953314515591ac1dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
471f1ce5a25316b27e6e6b12d65df578

SHA1
1077be4b9d99516010a624d9098292d7aec18f7c

SHA256
95f88b85010887a457e01289949adddf7d7e1b665f2c001cd225ebd63c473d86

SHA512
269bc3fccd37b97a7fd97e7f0b869a7e84d22489044222669e73aedfab3831ccf509dbbe8c7f4914004f7adb2498896b3ec9eee1dce1b36ab784bf633698573f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
072f588cc900c7a2ad53aa83dd46b69b

SHA1
b61dfdb11671face2bbe7b732132fbd03ee3ba97

SHA256
b20bafe41f5f030460131d850fbcc1cd77ac0e5aa1d6d55580ec58eb89162594

SHA512
52079e97e358e16d5eb7ae71bb8b25e93fa98511b19c6dea997414afd034f879caabb7e02496805f59b027ef9a9e082332ae1d0625b13663ba2eab5d92f44d2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
ee8abbccee41779004bae08a87fa3a2f

SHA1
185e22bee1137f5fb0c136e2f6c637feaaacbf61

SHA256
ee4d4b2d649dd0cf122a11420f5c49d1f71de67bda343b8025a41a2b3c2f45e2

SHA512
abe5149dd3560675860c582d76d667e992390800492b34f046d2d55eaa051e5f05f63937b8c04e75e66183603a7fdf52ff53f4178fff6cd396b8ed97cb682512

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f4326ebc5132fef61d17c58fb6d0647e

SHA1
5ebfca62d9d274449c915bbda8655b73143087b6

SHA256
301c713bc8d37b6e4528c683e9e34e1af16c8f02d0191c4caf4bfef6a184edc1

SHA512
93e1dde2631c531d9c85252732af01d0ef15d00e1d0530f53527bbd491c2b62bbd72183d81ba93caa6a5ac91e54b3e0fa4295c0c537107d8d26f4f544c15694b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
a66ae72230e0d047af92645893ebec67

SHA1
d43268eb785d752d2b0cc879d2233332260f45c3

SHA256
40716df40a50a2e913822ef492517a8b27e4102971d9042adb96c80539bb910b

SHA512
3f3cd58468b794e28187084f5d17336ecdbcf7bf8b70f43e817ff5be6e4862196c4971fa3a8f4fddb7376251690f4ef9113d179c7d7a235652016d60ee3e6c14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
b51ae090c6459cc37075f5cf856f6cc8

SHA1
412c1d5653e63cf0c49e4ac981c6687422673735

SHA256
1950e770cd9e97d3125ab1463e6142cb69a1b2502056aef45fc6c3ef944ee18d

SHA512
4772cf46dc97accfa3f68c92e877b1b431cbf543f51049ea2be89be41c49fb903f6bb9380c3486091071aa22727e7521a09e7ee4199f6c33d5ff9452a971bbf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
875B

MD5
5a66e838f90220af118d957b78e5d873

SHA1
bf09e4c8e1feb9ac693f88d1678a6d8c69d28dc0

SHA256
d859fc570f8d2d4e4cc1fba8ace54511e6db925ad0cbb7bfeb2c961c460b3e1f

SHA512
bccb9324fb549c38b3a4be34cf1bc5a44531389006d4019a40108557cfefe15d496c72ba4a1bb0cc9052d1df1c82385158f3961a0a0a8151d47b51fbd70b3b18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
875B

MD5
4c5eab38224aadb929ba05468600e48a

SHA1
cbfc60b62dfe53170307fb28d9cb595619c1337b

SHA256
eadd578e93f02b55509a6ce87824c74962b87f92a777c058d1b8040f7afa6d81

SHA512
4c2dda76671354db85508b6847fce0910b8991456230866300e104d9e81d0b0480c71141ee9fd6aa369a1020b6ff5fb5f31dcc175ecbba1f7be785df79319c37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6f95685ca1fe5c155c0465ce3b88505e

SHA1
63de6944b7f2e5aebcc4d4ddba08259b17d18573

SHA256
ebcba648044fc090b5c145c4222f22b5f9837278616a3dffebee4c1ddc0a224e

SHA512
3253b1043a05c7c8382c6b917f94ff0bf252b80cab9b033d79384a0f8a5f3f5e845ad76df3b97367c4d41bec0af22971e508db613755e387c9da5acb53d294ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6e7c60aa01b5caf61750a92d43d374af

SHA1
e35c5009a13fa8bb2970859abee23b77105074ee

SHA256
40248da681f9de4cb652183d5d511d321592239da0d3e81f2bcd2b4eca6d53ff

SHA512
b9e4644b50b367110f07e137389322079ada05526dde07575bcdb82256edbd5009a3980d956a8c9f2a95aff72ddb37b47b4d0f6300b64119398dea7a477ec648

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
607b9a1153c8c0942334fd46738ea1f1

SHA1
2b993be979d0c7b4772ef7bd05b96ebdaeeaa8b8

SHA256
c6b6fb42588f9d3dc9cbcf7a7b745acac6d96f68fff108aaa58c7b73c751d9e2

SHA512
de0da3709913a6ce444dd9a0b75c580f531548d81b23914d0fc1b8c46b1774732ccd6845c49f4fd766d3dbea01fc73455629a66fc6bd095fa42f113c345837f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
3fc4558965700e8c7d127cbeaa2ebbc4

SHA1
9581594871f501330bf795da15be4e9eb65a8c16

SHA256
c879e5c3375fa8785f05d09d90b46b961b71e282ebf8f46d7fd9bfacf872bf0c

SHA512
0041dedf44efa6998a20d6588e4e164ebc20c7997b661c288f23347177ebd92b66ac242e8267f62c6e8efffaabecf1dd177d3524a0706ede499f8059f3f6acd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4196eb9a83d4aa6c3cf629eb65b92db3

SHA1
8f9fb202aba65b1bd7ff0bb434eb4f14cb932f39

SHA256
c12e16df18fdd70f12d356ba9fa4ba1f5e4cac05c4ead541ec87889e4ac7ce47

SHA512
0106f938033fda4aadf660726ae8f9f7cad37bde28eaf478849e38a27c57cbe645f8c1d49669d73a4f2c39e6cdca9745b23e49c9c5081abb9223e93278b20277

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
6a1148cdf772344e3d3f6db42ccd176c

SHA1
ca6859f563f537a67303174b9a8160049b160b1a

SHA256
f7f553d40a916704f03f66e53ee4965d4e1a0c0f508f12db07b7f0d8a4b2a9bc

SHA512
ccacf2dcbeb8c9bf5d7c31b89b8780780bde1d0fa770c3b39d1d0762d2ba073def4939ad3f66d3e2609fcb509498432a6de251b0eba315baa6356e985dcf6c72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\af01aed5-59a0-40b8-91ee-abd333412d99.tmp

Filesize
539B

MD5
3cff4f47e7a22d36583639682c77b886

SHA1
754a45645d804fdaa133b838d78f8ada96023e5a

SHA256
a219042be4da69f147ab6182dec2f730d88f8eded3b0834b4f0b4b90d7f0faab

SHA512
d426bbe4dbc32cbc04c27eb86777292ef25c8a63e5a63dbdb3607bb923c93e9e667a99fab24438cf74834a77becc1dd854cc109a9d1606f8237bba995cea7735

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5d7564b2bfc597f4daf5d3ac155157dd

SHA1
639f4a2d08ed7f5a0f6c292f68ba7fb23d32068b

SHA256
b227af5f2b802a24c9cb3769b7f34098ed54888d189c2c230809495b21d619d6

SHA512
4fcfad217e9282563a68685d66b466eac7c07dbd7bd3f015da189bd0c0b50f98e925c8fabbfa71b4b965733129d741914d1be335e5dd552927fff10edbaac110

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a54bf04b9a10e6b28c8183624ca186ca

SHA1
13065e6ee179aff624e7e492ed88862d3f348c43

SHA256
90dbe2ab18271e236abe31d648fff27d365ad80c0d9e56c859868363d9bd9ba0

SHA512
00310e37374e447742d368b9a70584faed01b8d579ffd12ff857bae2697dfb17b240cc159d5ad1b8ec87cdc79f394fe54eb4d9602bb4275062544581616a727f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9fb7b3303f69ca0cf132bb07fce2588b

SHA1
c8d02b02c3e2c5f9a757531f8ff5b2340e0b9f2d

SHA256
1e43110d912ed606d8bce4b29480db79011ae42a070dd4e3f31df97243cf9bec

SHA512
4099de9897fea54463dcdcde433aad678ceb079edfc5f7eef7c1bb5c760f3c82ca2eac92a4f351fc0d3fde1c9141f2713f31d7f3f59fb80a63f41644f5af5f54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
37a7f124dda790803cef530f7d58792e

SHA1
53e87eef9ec5ba6bfdff86271c7c4ee1245789c2

SHA256
e23caf7f09b5455caa5c77735965667365ff385ff68fc6dc6544434f6d25819b

SHA512
d36495f246595d8f6311299455bd11c0d7987796eb17311ad8a173408c744e9b6accba8cd371d65e45b5be0394ba22ffb19b0f6a8ed895c2975db2633ee5c025

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
7e79c8440c3e8fa7d04cfb929ea07593

SHA1
f2210b70da2511fd4453530a7511b5ac458bfe7f

SHA256
bf77d5ca11175f31e636dd37971d1d9a4f04bb1d73f61f7c7816c4ae6524962b

SHA512
8e75235284996447690743966ae058c9e345bad8d12dca653cd7c13a0e5af785f3821219ee4894d9bccb2d5d77854d55220240ee0b18367a6859bf8e360fd399

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
195d86f38c2da9b7a9c04622efaf7507

SHA1
640e2743089f678c00985fce4d47c8995927b9b5

SHA256
0e5fb26ebe368fb49dc4e73184ba5a0a2a7ecf1a19ba90d6b1fd88e615f7fafd

SHA512
a2f0cdd2f2d3233f9da85dc5d5e782115310e2d33431449c9db63b1085a66f80279dff834d9cb8f05a5ba88bfa1b47b0b2f841a9355e9d38968e9b690bfba6df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\051b290d-b942-49c6-b9df-6276f44ca7b5\index-dir\the-real-index

Filesize
2KB

MD5
f0028dd907d3ad5406b4669358eb9cde

SHA1
4120620663f4a2b94d0a7e0bef7eb04c090c71da

SHA256
cc512f1510a07af7a3047ea61e98a73521f65619faa67b568c1834b7dc1f2150

SHA512
0af2465e66511f833dff8286a82f2f6d3fa94407f9127b369f047f18c846c7b0ff0106b4c9b984b14d2d6e9a678c94ee362334f999eb5dd0bbb60e4c3e435014

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\051b290d-b942-49c6-b9df-6276f44ca7b5\index-dir\the-real-index~RFe5bfcac.TMP

Filesize
48B

MD5
ae761dcf2a32b7dd04fdd260e4eb03ee

SHA1
d4e8e397bc88fec821297b4d957d292122803839

SHA256
235c22e307cb533eb5510ce117af2fb82388d69e305fc36754195507cafbc273

SHA512
447b564c89dac791162372bc200d052509128c099cceb470aff1c2b7222dc7e6752ce79c6044fc08113da477694886583b47e6dd8a87eec8aee40b7945aad568

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\4d434b5b-46a1-4e1a-a048-f6c00d1d40fe\index-dir\the-real-index

Filesize
624B

MD5
bbf878b0f6e1ce47b2d3abf47d4b0e21

SHA1
c22c89000bd527923c1dfec6def9932ceb49af45

SHA256
33d6a6653d304e41111f299f11111885e2d19feae1e25abb2600b58e5aea1c8f

SHA512
eec9964afc6acc2c33bd49a674dcfd2ee2066944e6d77a122e906594631837858315cbd3a6350f475ad0e7ecf622da3551b076193fc53326f44396301cc8498d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\4d434b5b-46a1-4e1a-a048-f6c00d1d40fe\index-dir\the-real-index~RFe5b750d.TMP

Filesize
48B

MD5
393cc0265b48426f49faabbf6dbc14e7

SHA1
126a9926e27c7f9d436eebca0968d875704410ff

SHA256
e4d33fa82872daa2c6e8887c422fb0d78d6b55f5e975991c1791f4708fbdb17a

SHA512
9769ad001495cd4bde40aff79fc0d50673f24f9f756f5beb48d99293f8a3ff0ffb99ab5743690dbfb560ec62574e187ff429fd25dfd1283448c6e17bf571d78a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
113B

MD5
e78254cce36882e739a683531b5bd2c7

SHA1
33e90a42038978a99ff8b18c1a029b5b2f87d97b

SHA256
1322eec4f63cd0e53a6db51be8c5a9e9986437183bc0442272f0d694cfe835de

SHA512
5fe42fa6db03afa31be7f89414f77fe57022559934c5b4de1dac21ab74cdc408f9f4337e57a2e051328f2a77a3041ed945c90df53de574c73d85d081536825ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
186B

MD5
b666321cb90e4a7b08ec8d3445da373c

SHA1
269ef5513b3291d4fd820905792f31ef669f71bf

SHA256
148d1a5f8ca4c94ec3099f91fb27ce36f34786e2d07de9fa4355b3be905b9b99

SHA512
acc73aeb2b3eba14448076a0ae12b692f52b82b30c9d5882bc5106b4adad8727aaa37f1aac3737af49c4fea063fc5c8e89c72b1ea767784faa583a28971740c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
121bb7085e0be23f9be66a60dbc88b39

SHA1
15b80f741be6fe9e61aa4b5eb8e3f21060c0e894

SHA256
36133518d3d1eeafc7315d6b839da0501b4e19ce83e8d9e6ba9f63249dfe59c1

SHA512
84817887ffbad02bc52ad15108f16720bb1577dbb72da47eaa371a19d70cf00bb9cbfb68ed64446b37fecd4b80220cd7ec100584f36af508dbaa5fdb0e64255b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
cc192518d5b8ee5fc8c524e1b484dab9

SHA1
c242c0ad8f4c5ca1f60bb19e77dff453f498c478

SHA256
ae77b42e2136eb3786c33e964b7e04a820715560581c6f682cd16a8482c4fef7

SHA512
89eaf82e8de1e23b70b2e770150e6ceecc5af5c071c0a0d989ee02a96ffa2d8db2722820b365009bb284448ff51fe56f30b51638b5ba6d5f26bfdc1a7191db26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
183B

MD5
85e494f8127100867bec540b76b33f81

SHA1
4a52655e5313888bb2990c8a8ff508a94ef2b17f

SHA256
689e0a3f63b65b7c69131db475f75a77876ab981cb565fb63c07dc67c4b5fc6e

SHA512
3e7dbea8fd5e6a63d9b7ff71e82510eca3db8e69bf379d7fa78511ee84aa8ffbdad3554125dbf694d44310375e07654bff0613dba36f1a7aaef13cdfed115171

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5a1752.TMP

Filesize
119B

MD5
c0d60dd66cc853df679f45689c40695a

SHA1
ce5ee94a96e378f0315818c63c26fa9d4c8500b1

SHA256
be9818d9a9226c03f392d59f442bd6625cd254717bae20cf472b42c7df0b7336

SHA512
29ba01fb44801dcd5f21edbe7a24a6b0fdddb99cbaa147432a59a71dd1b23ede35bcb20b06e3dc3d71d7f76b4c6601a2efd3aa26203af156d9e0cfe7a53d1f44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
ad6157482cc97fb72388bdc2623be540

SHA1
5b411c5e66a20ea5666fdcfd8a39fe3f28cd9413

SHA256
09ddf2276e9fe961ad8e960c98abdec54ab60d0df1e34a8b82405e939e4d1f52

SHA512
ead5b0053e20710cccbd35fff068492b912f1e25e2b6f58fe5cbcc1f1d69d9eb3994b43df425faaf86969e22f1d7c5d97b85a43289d8ef0025e48dd2fcab398c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a75cd.TMP

Filesize
48B

MD5
ab0a279119fb79adce1abc3da5cc49ef

SHA1
838213ea9f43c325c9559f3d8104d41ba8a0afc1

SHA256
7fe769b14735b1ff572b439fd8103a48bae0b1dbe09ae4249fb554c1c43602d8

SHA512
3c4cd0acee3bb717ed1ab3f6bdb69351b940c44385fb618d458ea563d191941d700019873404d36c51fd7e3fb428e775419ade12ee38297d2a060c95a9553527

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
203KB

MD5
fbd947c7eb744abc786b2ff05c5d33b4

SHA1
5fa7e078a2338bd4def93fbb034137cfcf3420a4

SHA256
006c28e622f43456aaf40d67035e7b1a44db49b2c5c1187f716fb81af71a77e1

SHA512
e2efffc00d14664c527624bf01a70e44f1a1fa67b1db9dfbc20678cdcdf266078fe4bb4b8c7449796b5d1dc2d7c6e7e9a15c0f035d6b05d4f629b4d652cfd7b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
203KB

MD5
3245c8649dcdcca7fed1a23136109870

SHA1
5a0ff0e7b7a11fee3b393e728fb827723efdadd7

SHA256
ddd109ede1b3a95152060d3521f9b032b8d1fb8bd2737fa72520861cdec29d7a

SHA512
70aa23933ab55209702ba8cf548033ffcd2df835a6ecd8e85c3792ed20429813c2582898788097f8b4dc3334d29ab9d4682f923859ea117a8c9f5d5f2b84a43d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
9f7b241552495a035efbf79bfdd0fce8

SHA1
2ebc6620ac7781b87773fe17d5f8cc59dda51820

SHA256
cbf78ed04d153d51346b92c5571944fd2dc9b72486e668bb5be0cae2346477e2

SHA512
1bb88821b0a1a0743c214af0350c3db2d583963aae9d057fb05a757fe57cd753462b89107cdc3a7e90d0eca7e3c72431895416f347c0b4108c0ca15e7face63f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
106KB

MD5
3cba7217a1a46ddd1d1c2a691a4254dc

SHA1
4a45102f6beac2f1253da89a6c30d16d8ce444d9

SHA256
f4f750f2ebd6b230f0672f6a302b657361be049228cc76f484d9255a6996a2a9

SHA512
345ef758a4234b6bb67b8426794fc0ca7f9c71a412fcd6f298ee052a914a2d3a3a945a43157337b6299dca01cba5da40160c40b7b064b0f7153c8014122bbd3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5ab75b.TMP

Filesize
96KB

MD5
55aeb2a4a13b2758a2eab0e94cbce0b0

SHA1
6bb0dc1591540d27557dceee6cde4aace05d1d3b

SHA256
01056a53cbb92a8d264def4aaae1d4e95b350a50500bde56f7b8070d9ba4f2ae

SHA512
b583b8f85b3682dd8bc86df946512ab59851d4c5741db6b2c8585c6197715226922a5a93f9e3daaf751bb257e50c1782e598dcb5596db92b75dc248cc41dab79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
64KB

MD5
20af584ede6f8a78b14fd38a323dc20f

SHA1
5d621fab3dc929919c5eac4bf4e9960d82ea3d15

SHA256
d37ba6cac09299ce1f7d4efd6eb0207ceb7e0f6d1baed880e924a84453f83116

SHA512
1d395b4237c90400f72eda36a010bbc2f65f102518a91d3ef2d00c31060fbacc4c1f7dbc031fa6ad031698a791c3a23dfa7c90b0a75bb07d54ba4bd963dee672

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.2\WMSDKNS.XML

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Temp\one.rtf

Filesize
403B

MD5
6fbd6ce25307749d6e0a66ebbc0264e7

SHA1
faee71e2eac4c03b96aabecde91336a6510fff60

SHA256
e152b106733d9263d3cf175f0b6197880d70acb753f8bde8035a3e4865b31690

SHA512
35a0d6d91178ec10619cf4d2fd44d3e57aa0266e1779e15b1eef6e9c359c77c384e0ffe4edb2cde980a6847e53f47733e6eacb72d46762066b3541dee3d29064

Download Submit
C:\Users\Admin\AppData\Local\Temp\rniw.exe

Filesize
76KB

MD5
9232120b6ff11d48a90069b25aa30abc

SHA1
97bb45f4076083fca037eee15d001fd284e53e47

SHA256
70faa0e1498461731f873d3594f20cbf2beaa6f123a06b66f9df59a9cdf862be

SHA512
b06688a9fc0b853d2895f11e812c48d5871f2793183fda5e9638ded22fc5dc1e813f174baedc980a1f0b6a7b0a65cd61f29bb16acc6dd45da62988eb012d6877

Download Submit
C:\Users\Admin\AppData\Local\Temp\text.txt

Filesize
396B

MD5
9037ebf0a18a1c17537832bc73739109

SHA1
1d951dedfa4c172a1aa1aae096cfb576c1fb1d60

SHA256
38c889b5d7bdcb79bbcb55554c520a9ce74b5bfc29c19d1e4cb1419176c99f48

SHA512
4fb5c06089524c6dcd48b6d165cedb488e9efe2d27613289ef8834dbb6c010632d2bd5e3ac75f83b1d8024477ebdf05b9e0809602bbe1780528947c36e4de32f

Download Submit
C:\Users\Admin\AppData\Local\Temp\v.mp4

Filesize
81KB

MD5
d2774b188ab5dde3e2df5033a676a0b4

SHA1
6e8f668cba211f1c3303e4947676f2fc9e4a1bcc

SHA256
95374cf300097872a546d89306374e7cf2676f7a8b4c70274245d2dccfc79443

SHA512
3047a831ed9c8690b00763061807e98e15e9534ebc9499e3e5abb938199f9716c0e24a83a13291a8fd5b91a6598aeeef377d6793f6461fc0247ec4bbd901a131

Download Submit
C:\Users\Admin\AppData\Local\Temp\windl.bat

Filesize
771B

MD5
a9401e260d9856d1134692759d636e92

SHA1
4141d3c60173741e14f36dfe41588bb2716d2867

SHA256
b551fba71dfd526d4916ae277d8686d83fff36d22fcf6f18457924a070b30ef7

SHA512
5cbe38cdab0283b87d9a9875f7ba6fa4e8a7673d933ca05deddddbcf6cf793bd1bf34ac0add798b4ed59ab483e49f433ce4012f571a658bc0add28dd987a57b6

Download Submit
C:\Users\Admin\Desktop\UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR N1XT.txt

Filesize
396B

MD5
9037ebf0a18a1c17537832bc73739109

SHA1
1d951dedfa4c172a1aa1aae096cfb576c1fb1d60

SHA256
38c889b5d7bdcb79bbcb55554c520a9ce74b5bfc29c19d1e4cb1419176c99f48

SHA512
4fb5c06089524c6dcd48b6d165cedb488e9efe2d27613289ef8834dbb6c010632d2bd5e3ac75f83b1d8024477ebdf05b9e0809602bbe1780528947c36e4de32f

Download Submit
C:\Users\Admin\Downloads\000.zip.crdownload

Filesize
119KB

MD5
f5d73448dbe1ec4f9a8ec187f216d9e5

SHA1
6f76561bd09833c75ae8f0035dcb2bc87709e2e5

SHA256
d66c4c08833f9e8af486af44f879a0a5fb3113110874cc04bd53ee6351c92064

SHA512
edbdc1d3df9094c4e7c962f479bb06cdc23555641eeb816b17a8a5d3f4d98f4d1d10299fd2f9152d30e3fa9e5b12c881fd524e75612e934b287109492ee1520b

Download Submit
memory/1264-863-0x0000000005BD0000-0x0000000006174000-memory.dmp

Filesize
5.6MB

Download
memory/1264-891-0x0000000005510000-0x0000000005520000-memory.dmp

Filesize
64KB

Download
memory/1264-890-0x0000000005510000-0x0000000005520000-memory.dmp

Filesize
64KB

Download
memory/1264-889-0x0000000074AC0000-0x0000000075270000-memory.dmp

Filesize
7.7MB

Download
memory/1264-886-0x000000000B230000-0x000000000B23E000-memory.dmp

Filesize
56KB

Download
memory/1264-1012-0x000000000B750000-0x000000000B760000-memory.dmp

Filesize
64KB

Download
memory/1264-1020-0x000000000B750000-0x000000000B760000-memory.dmp

Filesize
64KB

Download
memory/1264-1024-0x000000000B750000-0x000000000B760000-memory.dmp

Filesize
64KB

Download
memory/1264-1022-0x000000000B750000-0x000000000B760000-memory.dmp

Filesize
64KB

Download
memory/1264-1025-0x000000000B750000-0x000000000B760000-memory.dmp

Filesize
64KB

Download
memory/1264-1021-0x000000000B750000-0x000000000B760000-memory.dmp

Filesize
64KB

Download
memory/1264-1048-0x000000000C700000-0x000000000C710000-memory.dmp

Filesize
64KB

Download
memory/1264-1051-0x000000000C700000-0x000000000C710000-memory.dmp

Filesize
64KB

Download
memory/1264-1052-0x000000000C700000-0x000000000C710000-memory.dmp

Filesize
64KB

Download
memory/1264-1054-0x000000000B750000-0x000000000B760000-memory.dmp

Filesize
64KB

Download
memory/1264-1058-0x000000000B750000-0x000000000B760000-memory.dmp

Filesize
64KB

Download
memory/1264-1059-0x000000000B750000-0x000000000B760000-memory.dmp

Filesize
64KB

Download
memory/1264-1053-0x000000000C700000-0x000000000C710000-memory.dmp

Filesize
64KB

Download
memory/1264-1065-0x000000000C700000-0x000000000C710000-memory.dmp

Filesize
64KB

Download
memory/1264-1062-0x000000000C700000-0x000000000C710000-memory.dmp

Filesize
64KB

Download
memory/1264-885-0x000000000B5C0000-0x000000000B5F8000-memory.dmp

Filesize
224KB

Download
memory/1264-871-0x0000000005510000-0x0000000005520000-memory.dmp

Filesize
64KB

Download
memory/1264-862-0x0000000005510000-0x0000000005520000-memory.dmp

Filesize
64KB

Download
memory/1264-861-0x00000000004E0000-0x0000000000B8E000-memory.dmp

Filesize
6.7MB

Download
memory/1264-860-0x0000000074AC0000-0x0000000075270000-memory.dmp

Filesize
7.7MB

Download
memory/1264-1875-0x0000000074AC0000-0x0000000075270000-memory.dmp

Filesize
7.7MB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads