hxxps://go[.]dev/dl/

Analysis

max time kernel
743s
max time network
733s
platform
windows10-2004_x64
resource
win10v2004-20230915-es
resource tags

arch:x64arch:x86image:win10v2004-20230915-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
10-10-2023 19:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://go.dev/dl/

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
5000	MsiExec.exe
472	MsiExec.exe

Blocklisted process makes network request 1 IoCs

flow	pid	Process
100	2852	msiexec.exe

Enumerates connected drives 3 TTPs 64 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Go\src\cmd\asm\internal\asm\testdata\arm64.s	msiexec.exe
File created	C:\Program Files\Go\src\cmd\cgo\internal\test\sigprocmask.go	msiexec.exe
File created	C:\Program Files\Go\src\runtime\stubs.go	msiexec.exe
File created	C:\Program Files\Go\src\encoding\binary\varint_test.go	msiexec.exe
File created	C:\Program Files\Go\src\context\afterfunc_test.go	msiexec.exe
File created	C:\Program Files\Go\src\runtime\os_linux_loong64.go	msiexec.exe
File created	C:\Program Files\Go\src\crypto\tls\handshake_server.go	msiexec.exe
File created	C:\Program Files\Go\test\fixedbugs\bug203.go	msiexec.exe
File created	C:\Program Files\Go\src\runtime\cgo.go	msiexec.exe
File created	C:\Program Files\Go\src\syscall\js\export_test.go	msiexec.exe
File created	C:\Program Files\Go\src\crypto\internal\alias\alias_test.go	msiexec.exe
File created	C:\Program Files\Go\test\fixedbugs\issue24693.out	msiexec.exe
File created	C:\Program Files\Go\src\crypto\ed25519\ed25519.go	msiexec.exe
File created	C:\Program Files\Go\src\cmd\internal\obj\x86\ytab.go	msiexec.exe
File created	C:\Program Files\Go\src\reflect\float32reg_ppc64x.s	msiexec.exe
File created	C:\Program Files\Go\src\go\build\testdata\directives\c_test.go	msiexec.exe
File created	C:\Program Files\Go\src\syscall\asm_linux_386.s	msiexec.exe
File created	C:\Program Files\Go\test\fixedbugs\bug405.go	msiexec.exe
File created	C:\Program Files\Go\src\runtime\debug\testdata\fuzz\FuzzParseBuildInfoRoundTrip\5501685e611fa764	msiexec.exe
File created	C:\Program Files\Go\src\crypto\tls\testdata\Client-TLSv12-ClientCert-RSA-AES256-GCM-SHA384	msiexec.exe
File created	C:\Program Files\Go\src\runtime\internal\syscall\defs_linux_386.go	msiexec.exe
File created	C:\Program Files\Go\src\cmd\cover\testdata\pkgcfg\b\b.go	msiexec.exe
File created	C:\Program Files\Go\test\fixedbugs\bug176.go	msiexec.exe
File created	C:\Program Files\Go\src\cmd\vendor\golang.org\x\sys\unix\syscall_solaris_amd64.go	msiexec.exe
File created	C:\Program Files\Go\test\typeparam\issue48645a.out	msiexec.exe
File created	C:\Program Files\Go\src\cmd\go\testdata\mod\golang.org_toolchain_v0.0.1-go1.23.5.linux-amd64.txt	msiexec.exe
File created	C:\Program Files\Go\test\cmplxdivide.c	msiexec.exe
File created	C:\Program Files\Go\test\typeparam\mdempsky\15.go	msiexec.exe
File created	C:\Program Files\Go\src\go\internal\gccgoimporter\testdata\imports.gox	msiexec.exe
File created	C:\Program Files\Go\test\typeparam\issue51367.dir\a.go	msiexec.exe
File created	C:\Program Files\Go\src\internal\types\testdata\fixedbugs\issue48048.go	msiexec.exe
File created	C:\Program Files\Go\src\crypto\sha256\sha256block_386.s	msiexec.exe
File created	C:\Program Files\Go\src\net\lookup_windows_test.go	msiexec.exe
File created	C:\Program Files\Go\test\fixedbugs\bug486.go	msiexec.exe
File created	C:\Program Files\Go\src\database\sql\sql.go	msiexec.exe
File created	C:\Program Files\Go\src\internal\diff\testdata\same.txt	msiexec.exe
File created	C:\Program Files\Go\src\cmd\go\internal\base\env.go	msiexec.exe
File created	C:\Program Files\Go\src\debug\pe\testdata\gcc-386-mingw-obj	msiexec.exe
File created	C:\Program Files\Go\src\cmd\vendor\golang.org\x\sys\unix\asm_bsd_arm64.s	msiexec.exe
File created	C:\Program Files\Go\test\codegen\issue33580.go	msiexec.exe
File created	C:\Program Files\Go\src\cmd\go\testdata\script\install_move_not_stale.txt	msiexec.exe
File created	C:\Program Files\Go\src\cmd\vendor\golang.org\x\sys\unix\zerrors_openbsd_arm64.go	msiexec.exe
File created	C:\Program Files\Go\src\syscall\asm_netbsd_arm.s	msiexec.exe
File created	C:\Program Files\Go\src\errors\wrap.go	msiexec.exe
File created	C:\Program Files\Go\test\fixedbugs\issue47068.dir\main.go	msiexec.exe
File created	C:\Program Files\Go\src\cmd\cgo\internal\test\issue9400\asm_mipsx.s	msiexec.exe
File created	C:\Program Files\Go\src\archive\tar\testdata\star.tar	msiexec.exe
File created	C:\Program Files\Go\src\cmd\compile\internal\ssa\_gen\AMD64.rules	msiexec.exe
File created	C:\Program Files\Go\src\internal\types\testdata\spec\comparable1.19.go	msiexec.exe
File created	C:\Program Files\Go\src\runtime\sys_darwin_amd64.s	msiexec.exe
File created	C:\Program Files\Go\src\image\testdata\video-001.5bpp.gif	msiexec.exe
File created	C:\Program Files\Go\test\fixedbugs\issue8280.dir\a.go	msiexec.exe
File created	C:\Program Files\Go\src\crypto\boring\boring.go	msiexec.exe
File created	C:\Program Files\Go\src\cmd\gofmt\testdata\rewrite5.input	msiexec.exe
File created	C:\Program Files\Go\src\strings\search.go	msiexec.exe
File created	C:\Program Files\Go\src\cmd\go\testdata\script\mod_get_ambiguous_import.txt	msiexec.exe
File created	C:\Program Files\Go\test\typeparam\absdiffimp2.go	msiexec.exe
File created	C:\Program Files\Go\src\go\doc\testdata\bugpara.1.golden	msiexec.exe
File created	C:\Program Files\Go\src\crypto\x509\root_wasm.go	msiexec.exe
File created	C:\Program Files\Go\test\abi\struct_lower_1.go	msiexec.exe
File created	C:\Program Files\Go\src\cmd\vet\testdata\method\method.go	msiexec.exe
File created	C:\Program Files\Go\src\runtime\cgo_sigaction.go	msiexec.exe
File created	C:\Program Files\Go\test\typeparam\shape1.go	msiexec.exe
File created	C:\Program Files\Go\src\internal\testenv\testenv.go	msiexec.exe

Drops file in Windows directory 11 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\{3E88487C-6A96-42C5-A9B8-1819691E2E59}\gopher.ico	msiexec.exe
File created	C:\Windows\Installer\e59fa08.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI29FF.tmp	msiexec.exe
File created	C:\Windows\Installer\SourceHash{3E88487C-6A96-42C5-A9B8-1819691E2E59}	msiexec.exe
File created	C:\Windows\Installer\{3E88487C-6A96-42C5-A9B8-1819691E2E59}\gopher.ico	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI12A6.tmp	msiexec.exe
File created	C:\Windows\Installer\e59fa06.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e59fa06.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000002d5e0d994d17e0d40000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800002d5e0d990000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809002d5e0d99000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d2d5e0d99000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000002d5e0d9900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133414412313521458"	chrome.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1E\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1f	msiexec.exe

Modifies registry class 46 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C78488E369A65C249A8B819196E1E295\SourceList\Media\11 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C78488E369A65C249A8B819196E1E295\ProductName = "Go Programming Language amd64 go1.21.3"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C78488E369A65C249A8B819196E1E295\Language = "1033"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C78488E369A65C249A8B819196E1E295\InstanceType = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\0567AE226CA41004FB924F8B77D51B0C	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C78488E369A65C249A8B819196E1E295\SourceList\Net\1 = "C:\\Users\\Admin\\Downloads\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C78488E369A65C249A8B819196E1E295\SourceList\Media\4 = ";"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\C78488E369A65C249A8B819196E1E295	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C78488E369A65C249A8B819196E1E295	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C78488E369A65C249A8B819196E1E295\Version = "18153475"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C78488E369A65C249A8B819196E1E295\SourceList\PackageName = "go1.21.3.windows-amd64.msi"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C78488E369A65C249A8B819196E1E295\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C78488E369A65C249A8B819196E1E295\SourceList\Media\7 = ";"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C78488E369A65C249A8B819196E1E295\Assignment = "1"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C78488E369A65C249A8B819196E1E295\AuthorizedLUAApp = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C78488E369A65C249A8B819196E1E295\SourceList\Media\22 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C78488E369A65C249A8B819196E1E295\SourceList\Media\14 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C78488E369A65C249A8B819196E1E295\SourceList\Media\16 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C78488E369A65C249A8B819196E1E295\PackageCode = "8C14AF4123B61734B9D1F8CC44D130AB"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C78488E369A65C249A8B819196E1E295\SourceList\Media\6 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C78488E369A65C249A8B819196E1E295\SourceList\Media\8 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C78488E369A65C249A8B819196E1E295\SourceList\Media\9 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C78488E369A65C249A8B819196E1E295\SourceList\Media\12 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C78488E369A65C249A8B819196E1E295\SourceList\Media\13 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C78488E369A65C249A8B819196E1E295\SourceList\Media\19 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C78488E369A65C249A8B819196E1E295\SourceList\Media\10 = ";"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings	chrome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\C78488E369A65C249A8B819196E1E295\GoTools	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C78488E369A65C249A8B819196E1E295\SourceList	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C78488E369A65C249A8B819196E1E295\SourceList\Media	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C78488E369A65C249A8B819196E1E295\SourceList\Media\1 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C78488E369A65C249A8B819196E1E295\SourceList\Media\3 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C78488E369A65C249A8B819196E1E295\SourceList\Media\23 = ";"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C78488E369A65C249A8B819196E1E295\Clients = 3a0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C78488E369A65C249A8B819196E1E295\SourceList\Media\20 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C78488E369A65C249A8B819196E1E295\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\Downloads\\"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C78488E369A65C249A8B819196E1E295\AdvertiseFlags = "388"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C78488E369A65C249A8B819196E1E295\DeploymentFlags = "3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C78488E369A65C249A8B819196E1E295\SourceList\Media\5 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C78488E369A65C249A8B819196E1E295\SourceList\Media\15 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C78488E369A65C249A8B819196E1E295\SourceList\Media\17 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C78488E369A65C249A8B819196E1E295\SourceList\Media\18 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C78488E369A65C249A8B819196E1E295\ProductIcon = "C:\\Windows\\Installer\\{3E88487C-6A96-42C5-A9B8-1819691E2E59}\\gopher.ico"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\0567AE226CA41004FB924F8B77D51B0C\C78488E369A65C249A8B819196E1E295	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C78488E369A65C249A8B819196E1E295\SourceList\Media\2 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C78488E369A65C249A8B819196E1E295\SourceList\Media\21 = ";"	msiexec.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
1216	chrome.exe
1216	chrome.exe
1404	msiexec.exe
1404	msiexec.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2796	chrome.exe
2796	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe

Suspicious use of FindShellTrayWindow 44 IoCs

pid	Process
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2852	msiexec.exe
2852	msiexec.exe
3360	msiexec.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2796 wrote to memory of 3268	2796	chrome.exe	82
PID 2796 wrote to memory of 3268	2796	chrome.exe	82
PID 2796 wrote to memory of 4264	2796	chrome.exe	86
PID 2796 wrote to memory of 4264	2796	chrome.exe	86
PID 2796 wrote to memory of 4264	2796	chrome.exe	86
PID 2796 wrote to memory of 4264	2796	chrome.exe	86
PID 2796 wrote to memory of 4264	2796	chrome.exe	86
PID 2796 wrote to memory of 4264	2796	chrome.exe	86
PID 2796 wrote to memory of 4264	2796	chrome.exe	86
PID 2796 wrote to memory of 4264	2796	chrome.exe	86
PID 2796 wrote to memory of 4264	2796	chrome.exe	86
PID 2796 wrote to memory of 4264	2796	chrome.exe	86
PID 2796 wrote to memory of 4264	2796	chrome.exe	86
PID 2796 wrote to memory of 4264	2796	chrome.exe	86
PID 2796 wrote to memory of 4264	2796	chrome.exe	86
PID 2796 wrote to memory of 4264	2796	chrome.exe	86
PID 2796 wrote to memory of 4264	2796	chrome.exe	86
PID 2796 wrote to memory of 4264	2796	chrome.exe	86
PID 2796 wrote to memory of 4264	2796	chrome.exe	86
PID 2796 wrote to memory of 4264	2796	chrome.exe	86
PID 2796 wrote to memory of 4264	2796	chrome.exe	86
PID 2796 wrote to memory of 4264	2796	chrome.exe	86
PID 2796 wrote to memory of 4264	2796	chrome.exe	86
PID 2796 wrote to memory of 4264	2796	chrome.exe	86
PID 2796 wrote to memory of 4264	2796	chrome.exe	86
PID 2796 wrote to memory of 4264	2796	chrome.exe	86
PID 2796 wrote to memory of 4264	2796	chrome.exe	86
PID 2796 wrote to memory of 4264	2796	chrome.exe	86
PID 2796 wrote to memory of 4264	2796	chrome.exe	86
PID 2796 wrote to memory of 4264	2796	chrome.exe	86
PID 2796 wrote to memory of 4264	2796	chrome.exe	86
PID 2796 wrote to memory of 4264	2796	chrome.exe	86
PID 2796 wrote to memory of 4264	2796	chrome.exe	86
PID 2796 wrote to memory of 4264	2796	chrome.exe	86
PID 2796 wrote to memory of 4264	2796	chrome.exe	86
PID 2796 wrote to memory of 4264	2796	chrome.exe	86
PID 2796 wrote to memory of 4264	2796	chrome.exe	86
PID 2796 wrote to memory of 4264	2796	chrome.exe	86
PID 2796 wrote to memory of 4264	2796	chrome.exe	86
PID 2796 wrote to memory of 4264	2796	chrome.exe	86
PID 2796 wrote to memory of 4992	2796	chrome.exe	84
PID 2796 wrote to memory of 4992	2796	chrome.exe	84
PID 2796 wrote to memory of 4348	2796	chrome.exe	85
PID 2796 wrote to memory of 4348	2796	chrome.exe	85
PID 2796 wrote to memory of 4348	2796	chrome.exe	85
PID 2796 wrote to memory of 4348	2796	chrome.exe	85
PID 2796 wrote to memory of 4348	2796	chrome.exe	85
PID 2796 wrote to memory of 4348	2796	chrome.exe	85
PID 2796 wrote to memory of 4348	2796	chrome.exe	85
PID 2796 wrote to memory of 4348	2796	chrome.exe	85
PID 2796 wrote to memory of 4348	2796	chrome.exe	85
PID 2796 wrote to memory of 4348	2796	chrome.exe	85
PID 2796 wrote to memory of 4348	2796	chrome.exe	85
PID 2796 wrote to memory of 4348	2796	chrome.exe	85
PID 2796 wrote to memory of 4348	2796	chrome.exe	85
PID 2796 wrote to memory of 4348	2796	chrome.exe	85
PID 2796 wrote to memory of 4348	2796	chrome.exe	85
PID 2796 wrote to memory of 4348	2796	chrome.exe	85
PID 2796 wrote to memory of 4348	2796	chrome.exe	85
PID 2796 wrote to memory of 4348	2796	chrome.exe	85
PID 2796 wrote to memory of 4348	2796	chrome.exe	85
PID 2796 wrote to memory of 4348	2796	chrome.exe	85
PID 2796 wrote to memory of 4348	2796	chrome.exe	85
PID 2796 wrote to memory of 4348	2796	chrome.exe	85

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://go.dev/dl/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa79e99758,0x7ffa79e99768,0x7ffa79e99778
  2⤵
  PID:3268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=1924,i,14923013657487164559,809799226878361950,131072 /prefetch:8
  2⤵
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1924,i,14923013657487164559,809799226878361950,131072 /prefetch:8
  2⤵
  PID:4348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 --field-trial-handle=1924,i,14923013657487164559,809799226878361950,131072 /prefetch:2
  2⤵
  PID:4264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3068 --field-trial-handle=1924,i,14923013657487164559,809799226878361950,131072 /prefetch:1
  2⤵
  PID:644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1924,i,14923013657487164559,809799226878361950,131072 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 --field-trial-handle=1924,i,14923013657487164559,809799226878361950,131072 /prefetch:8
  2⤵
  PID:1396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 --field-trial-handle=1924,i,14923013657487164559,809799226878361950,131072 /prefetch:8
  2⤵
  PID:2596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 --field-trial-handle=1924,i,14923013657487164559,809799226878361950,131072 /prefetch:8
  2⤵
  PID:2680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 --field-trial-handle=1924,i,14923013657487164559,809799226878361950,131072 /prefetch:8
  2⤵
  PID:3968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4900 --field-trial-handle=1924,i,14923013657487164559,809799226878361950,131072 /prefetch:8
  2⤵
  PID:3412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 --field-trial-handle=1924,i,14923013657487164559,809799226878361950,131072 /prefetch:8
  2⤵
  PID:808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1624 --field-trial-handle=1924,i,14923013657487164559,809799226878361950,131072 /prefetch:8
  2⤵
  PID:1396
- C:\Windows\System32\msiexec.exe
  "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\go1.21.3.windows-amd64.msi"
  2⤵
  - Blocklisted process makes network request
  - Enumerates connected drives
  - Suspicious use of FindShellTrayWindow
  PID:2852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4604 --field-trial-handle=1924,i,14923013657487164559,809799226878361950,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1216

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2068

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:1404
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 470DFBF5F8940992E352A37F3B2FB4C6 C
  2⤵
  - Loads dropped DLL
  PID:5000
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  PID:4904
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 3BF3773530D9CC30229106721025B297
  2⤵
  - Loads dropped DLL
  PID:472

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
PID:3964

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4100

C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\go1.21.3.windows-amd64.msi"
1⤵
- Enumerates connected drives
- Suspicious use of FindShellTrayWindow
PID:3360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e59fa07.rbs

Filesize
2.6MB

MD5
db4d7c60f0cd176ee698e3a1f39ac49f

SHA1
6d3ee57124dd5619995c9dee26bd850b75501520

SHA256
1a9d9706d65d909c89048ec026bb2361323ea5ea59262ed3df7b3d997330d947

SHA512
8b975379f788740082ac36da520a48836a2ee79c81b3a9dd02facdf6fdc715b9cef9113594a0741e88f0cf3f9f3ac63536380a853b7d5a7adeae3a6ed7fb13a5

Download Submit
C:\Program Files\Go\src\cmd\vendor\golang.org\x\mod\LICENSE

Filesize
1KB

MD5
5d4950ecb7b26d2c5e4e7b4e0dd74707

SHA1
d6a5f1ecaedd723c325a2063375b3517e808a2b5

SHA256
2d36597f7117c38b006835ae7f537487207d8ec407aa9d9980794b2030cbc067

SHA512
5bbb2d94184f661d95ac3db758b72a9ce25d409b1179264634bf0612f797424b15a3f6e02069442a75561ca5054e4c4111b158b8dce4d545a7348f6392506a35

Download Submit
C:\Program Files\Go\src\cmd\vendor\golang.org\x\sync\PATENTS

Filesize
1KB

MD5
3a55d95595a6f9e37dee53826b4daff2

SHA1
4eca45b612f7d86f2f598f238074a0dac9b72bc9

SHA256
96f408bfae65bf137fc2525d3ecb030271c50c1e90799f87abf8846d8dd505cc

SHA512
c15bbad668d0cfbb752645504e15cc5a4d613dedb28be825f39769a9c06cba19180140d0d6d8087c0e8489dc1363d8bd99aefc1f6579e7f103e0e8f81f5262c2

Download Submit
C:\Program Files\Go\test\fixedbugs\issue32595.go

Filesize
187B

MD5
e6c3b20f5ea4b807599b7c9a0669315b

SHA1
6c126b5d6fdc23ab9b67fd77f1022a791ec5379b

SHA256
981d96ffeca48c0c85e4b8356b06256841f4ec0419c25c3c28226dd3f95742af

SHA512
9c017b6a69f2a6ffaa92b64063cbebeade67d55e19d24d470d57b6fe308f2e9afb3b119f47a1e3d47304f9af650ae2d67f7d929ef354654bd2fb717657516e84

Download Submit
C:\Program Files\Go\test\fixedbugs\issue52128.go

Filesize
191B

MD5
8e59a1ebfda51e2a1f403dc38fcabdeb

SHA1
238794947b687e46828baf6a328830d54b4e1dc7

SHA256
964e1853b653b9c6cf3f9f3cc32e98fb57066d0b1fed3e934976634aff087f2b

SHA512
6fd5c49d652e3955142133a9f954a7a3ef721daf82a0b71d184928f910c4d850ff78e1a9f4a0d2f0fbf39d2453ee9f48a926dbd7436f676a9bd6217d17945bea

Download Submit
C:\Program Files\Go\test\typeparam\issue47892b.go

Filesize
191B

MD5
ead61cbe89c838b7f30760dca7b1bad1

SHA1
0425279890c13b52f976ee11d95d587a9f0eca26

SHA256
47539505b1fa7ea4cfd08d3f136b171789b21b05948e41bb74f8184ce84a6219

SHA512
de9ece21abef46d021335ff5ef5b17c012723bedbc7e87268d8b4dc99fd790563e84809aa68b0ef814a3ea53ac5a793c4e324fe38df3695b712bc079482c3225

Download Submit
C:\Program Files\Go\test\typeparam\issue50121b.go

Filesize
187B

MD5
93f57cb9aafd5139173a8f94136f3d43

SHA1
e1e47ab5fd3d0158be7f51e4f502e43bd6ad5dd4

SHA256
a9479d7c22dbe82085d58f275f1d94aa1b9caab62b8d5507762a10a3696a4e4b

SHA512
b222a38f0012f81509706fc01f849a568d5c2073b7540186bacc0cb6396010dcfde54efceec9b72c717aef949b7086057e05fc30f50bd6e65e57f833345d72bc

Download Submit
C:\Program Files\Go\test\typeparam\issue51250a.go

Filesize
187B

MD5
39704e1b2c683c78bcf6ff3a4045f768

SHA1
ac0897b1c11bc7e92493b89c5e30ad5af08fce0f

SHA256
c367e24723070d9d4b38599e0b89ab697cd10cc4f07b3d5afacc0c182e789a89

SHA512
76a110116c5df8ccbc1e58f52b3e7517e31b69348cdc28445e0290a023256dc7510a5875637654e8ac499ffa9e9527b4a5b23a71463375c8789fffefe73fc1d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

Filesize
471B

MD5
bfca9d5c95c5e248cb955fa26b4777f3

SHA1
7a3c531e35d9bb1057d1662f0de43b828422dc3e

SHA256
194d990fdddfc28c7f1bc391192c2cb266f6fdc36127fc71a94afc63f9652a89

SHA512
1eedcac5496531fc4a39004386b1a898492b6499fac6ddee0f9161ced50b18a5133d8c0d8b7acfae49a3f1653995a15dbbf9c02d641d6cbe4aacbacbff5a3501

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_466BAFE78D4077069B6C3828315C7C8D

Filesize
727B

MD5
2ab1b0e01f20a8ff9148f6838fee20a6

SHA1
03da8a613fc94df0d9f48559dc39ddb0205023cc

SHA256
366f2c48a13d5237dcdbce954037aed5c38bcbe811ad2f6803a37282b7caa50f

SHA512
de399085d028ca447b67cb405ba810a97c95de20958116a6e8ae0746ebb9a04a1b35500bb8f00a4bfcf8400f2f0e7ec8ca4d1c6faca8a22147c1738ee85f8d8c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
727B

MD5
b78d54c876d4149ca70824223ed8c576

SHA1
145a937514a1df837e16ffb6430db72182335142

SHA256
b0efc9a4f1b3d9219622e95cef871f0024207041f219b70cc26b3830fd47c1dc

SHA512
648345332be81d2c6ff82c567eeb681858b0068839276ceca551e977349d87f1da6034c8beda79b9380dfd2f4241b935b4ba05b7e692d0a0441f7d4fb42f3b68

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

Filesize
400B

MD5
0f84b6ec1376a5effb028cab76f78509

SHA1
ce16ae641cfafb078dfc6cc054c1bc2c2df2c531

SHA256
a4f5ce3b491a6e823c7e005b6e39b0707633e74103b2e100f51868fb75fd4fb1

SHA512
9e887d5c4e2b003cb994b9a5c2e944b5d5fe03cd188e2fd11efec5dc370865d2119b0383a6d2b8aa2f23a1638845e5dc2505b70869e195126019062411495edd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_466BAFE78D4077069B6C3828315C7C8D

Filesize
404B

MD5
2744fb80bdee527566c140f43fe9c266

SHA1
43c396c140ccbace6379b3247e58f716055103d3

SHA256
db72cb2c8332add3029472a09206b6a3c37ab18f90099a82a9e4fcf126146e09

SHA512
8c3620f9c1d1846f90a7f989f6697982fadb84c4e4ccc427fc8a3e19738fe0b5f6e2fb3faba7db12d8869e170ebda4832a81659cb35279d13a790d18d9315ba5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
412B

MD5
2f8cac4ae9fee521fdfb901d59e71e20

SHA1
15b5c76f7e0ec21a49bcf452bdbd1cc10ad6bd7b

SHA256
e7dbe277ad6540f178aeb119d470858745b968bb3c99e7bccace3e30dbf75c0d

SHA512
333b27585793a2cf901f6b2aa68eb237b9dc43f510a90279915c7598b2908b565b86995d0d990a7bf7f965a2d5753a55d7a05af3060d6b8cfa22fb101d6f39f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
246fa38aa0bb39fa53dd13e00701a76f

SHA1
9ddbce190500dc81c7d94c093cdb4a3b6b9e7826

SHA256
81bab1a6c3073a9498a42ce01f0374fa18dd2fb932dbc84fc9fd1a1b78d259be

SHA512
cc59acee28f48c1da083552dcabc3377ce8fa822a8e781f47824188c64916e204fb69d06f2b9bb04037f7685f0ca1c60b842c5d3979112ce7a3af5c127c82860

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
ff0c9d930586d329bab23b87e6d75dae

SHA1
70218716ea83cbf2ba77dd12a6e74e356c48e2fe

SHA256
a567bebc45562aa71a6fce8c945777aa3674dae2353ac1b1f653eb39815fa32d

SHA512
ecd7d4e9fc9208ca012a74deec57fb2df35a0bd6bf2602465bff42e443ceb683edf0a78a0e218bd19016a4c64917405e2096c782c360aec15816389de8934b0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
d163e2d2aa879428c771016197d2c8fd

SHA1
ad3afd8ef659779deed9134c3f5980dd712c8d20

SHA256
1a7f82fd2a5a88ba57182c45d88d2812bea19e104113a1f50c66a57799946716

SHA512
6a4355b99319d3b52e818650a8d001aeebb35ea3fca8181e3d119754d96090310eee9dedebfc16a2b2f742d140b9544d64f26089321c10ad760ef476998da87a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
1937892e91170c4fc582c125b50a28c8

SHA1
a2fbc2758d7f326757bcdfc40032d1c4cf6ceeff

SHA256
2d4c4bf6e6052e7f3f64fb11809d25043211c4ebc6ea5e1e659e6a731bcab5e1

SHA512
8c0d166a7af752f07b53da12e9d9df959e1df3ddcc4db92de948e5ed928fd3b98321e5dfe72d5899aea6b47a33bb21ec9dcc8fcb64ec7ffa39192f709146443b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4274b6a2e66a1133e4ba918f0e21cf8d

SHA1
c45f7e712bcec0769d73b7fd70b350a21aef740a

SHA256
847b82cddb47ed524e7ed46cdb21a7ee5b71429378caf87f5eea7b00f61bd991

SHA512
f1d86f989be849ea81f797a7b0c30e3daef35143a3b30acace8fcfbc3edd4df3c0c557f5ede0ca6b2c483032c06db4b3a74f8e74a57b4d17232b5fa526afe5bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1afa2d09d5e9814cba699714d7fa739d

SHA1
89667c29183997199ae668b605479a1c70fe7991

SHA256
f7cba93d336ed22658a075e7c01bf2e190597b6b8c23472c0273f29ae6d97105

SHA512
2a43e49f1c7d1c0abaafc18a9560f769cc898f311333f6e1ac1921f4e5fed0019178c4c438d6682f56885bdcd73e2873e97bec951da3f54f2a9956378f3a9988

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0ec1636ce98804136efbd510e5fd3abf

SHA1
8b986d3a80883f4ebf5926d89714c38b87c9566a

SHA256
55dca49aeff4f4a01aa215f5986f98d60d66ac2fb76ba2a76ec3b1e0d92a5eb3

SHA512
f17fe7829001c15fcc930f5e90295fc978443bbb4fa8113daeaf6c742e164ff8c07d9e6991babe885b72a7ca2364694699a38fbaf85f21cc05592041b3717109

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
76f3fab9ed9f77d07332e9870c754e8b

SHA1
6acb92c280281f873244be552faab93b7a8fba36

SHA256
7eda206b547f3835674321b76dbaedcb20622bfd539ba7bfc56171b5a352319e

SHA512
a37657d51b4e405db7eafb64aaf45acaca0d4b67321dd3904f2da6e092a2ead54b38aae53aa2cd15a116bb422a9ce29d8cba24843108f60412b2e2834d91efd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
561067b58a14b309f275e14eec2fc3a3

SHA1
f3374eca0ca7b937da50409ffc222324fe048989

SHA256
1eaaded2da6a3bd63f993773cc5e84c91615e089d714c8921fd738a253e246f5

SHA512
7fc13e6bc61ca96168b6f257f5070264d4d8c4ebd8ea7769b854328560ce70ad45061039b501910a6cfd634023324c7bb9bb6764ab69434fa49ecab92a29c4ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
122KB

MD5
f11458332504facf1e851f4b3f781ee6

SHA1
5546ece5e20ffb7891c6a565dab0f1efb17a0c6a

SHA256
97ddcc5087fd03e04426997d8e411fe3ca2fbecf5ec2b7720b6be772fded6d93

SHA512
b54527b2162dc5e083bc2a4d1aafbe44eb6bc4b846a5e5d87d9d2cdeeeb5c511a9faa5ddb7a69c33daba3474fa01022f6b1694a617bbe078d4b6e00e92df5288

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
103KB

MD5
2cfad517cf3d84836561267eb7ef068d

SHA1
361685600fed23300e8cfd63b55b0658713f2440

SHA256
be232d4f52e68b44d896ea60f8fe96b0d9b68c0143b700bf1cdedfff0e070661

SHA512
4fe712d1ffd431450b2fb5730381d76f6caa3fc33da9ab2aa496a6ca72fdbb37fc402ddc1a6c070ba5ae8a3dee96b34350aaf720cb5d6611ca0fa0006ff49816

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
104KB

MD5
00671d5d8883b8566b53c2970319aafd

SHA1
e6e3d9d3550efcd6186edc89679e6779ea20aeed

SHA256
6b57490841ae9c99dd1d5367507ac861e22f153fc21107ceb5ad287a19a700c5

SHA512
018bf8bf29bd8b2776a95554141ed59b6f49fef1e01addc8c15ba92bcc2b70a58605a9edb409c98fe66c697ea2b057dbffe8c49473ab2891eb3287745e0fb92d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
121KB

MD5
d87b0e558545d62bb3f4fca0bbcd7448

SHA1
ce30c55ccea27fd3861bdababc42ff6d1d5f1aea

SHA256
189df9435e65adcc5db50056dbdf8dbde323f05ba6b708f83268a67d4379c519

SHA512
5fd8f8c3af414536d313321c70aa97a0095a0f486f23ef7ea9ffaa0c0916d2bff9697aa5fbb87c2fc90d40f498a5b2f2c4815a6031baf456180bf0364c4afb84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
103KB

MD5
9ad6282434ea76088fdce1a5e4399048

SHA1
8a1ab7da4e3efa6611e68b6d84736de9ee7c1477

SHA256
fb3a2c23a495eb7ac9eb8f69bf5d51c46c56720f22b15dac181234032b56ac63

SHA512
4491024251e57ba86cd472a18e06a548c8a2d0aeaacdc48464bf073bf6aafe13fc46c45e387b52fe21db1026c1b705c7c5f8bd890424ee932e466ba41c83be81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
104KB

MD5
3758d6a419f8e743440e3539941e1ba1

SHA1
099fec6ef1035a937e98d9f3e823d8984c970487

SHA256
7a336b4d49f224cac92eadf7099f91e866741fdf82ae2870c5860d94dfd54f10

SHA512
3f96165ab86cef89007c30e18d6682b169f19ceac0a95b4d2faacdf793fd537382112e1e4aaf42332ebc4e260821b338aaecf18cc6ee3a4de8864be03caf429b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
112KB

MD5
3a31d3806d06c68827709412a8db3a46

SHA1
8d5af16ccceee3e508c48ef3624708f09d28bd8d

SHA256
de0ec2be723b0b664fb280704e7b92c31a6f13868854e2c1526cbca4e6894eb8

SHA512
cb74170c63fe3139d3a46b74774de20d74097323aaf01a7cb07edab718f5fdc58ab3014cb11203b84a1abc962045911857b9fba2b64febf7c6b51c6cdc2376d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58534b.TMP

Filesize
99KB

MD5
2f7542b84cafc6474e63899835079cf0

SHA1
a02bab12d788988924511afae848c7a891914ed2

SHA256
93d3aeef4b3311106b9a971c6b9d91da4ef548b4f09c9e20c3d168233770a3aa

SHA512
8aec04b34ce754e2744bdc5c95124e610a36e3def28000ef3740bf0fdc411442f881c0b135b7b3b53131fe00c9cd92b33c485bc0d436395df3eef09cf52f55f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI52D9.tmp

Filesize
104KB

MD5
f54bffe4d54c0b794c5389bd2c7baac2

SHA1
c472c6a4bd6510b02244d53819ef07882bc101e0

SHA256
3c06f5beca24d0edaeb63bdd5e671386ffc66807e323ba6bcb893260eb52d433

SHA512
a722d4770d605d489c14fde532cacd031b11467041c5ff304c4c63a95efc21896996cc6eeef45bc462f7c72361763885f763ed732b75436e4bd191eeed829441

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI52D9.tmp

Filesize
104KB

MD5
f54bffe4d54c0b794c5389bd2c7baac2

SHA1
c472c6a4bd6510b02244d53819ef07882bc101e0

SHA256
3c06f5beca24d0edaeb63bdd5e671386ffc66807e323ba6bcb893260eb52d433

SHA512
a722d4770d605d489c14fde532cacd031b11467041c5ff304c4c63a95efc21896996cc6eeef45bc462f7c72361763885f763ed732b75436e4bd191eeed829441

Download Submit
C:\Users\Admin\Downloads\go1.21.3.windows-amd64.msi

Filesize
58.4MB

MD5
13e59c06a8c33c195fd41136888e40ff

SHA1
00a9feffd8f75c6500a3114eca0450ef0f6a6e74

SHA256
d80cfa66b76c417f717c8edbe9b992f53820fb41db6a0d955a115aa2c983fb64

SHA512
6eb966dada8a4929c4b8af193f9f160a33134fcf2d1296fcebe27c2346e5b20f7ad22e38bef0ffa8f6ee600ee532fac3a7f793fba08a7370d66a8fc82b885817

Download Submit
C:\Users\Admin\Downloads\go1.21.3.windows-amd64.msi

Filesize
58.4MB

MD5
13e59c06a8c33c195fd41136888e40ff

SHA1
00a9feffd8f75c6500a3114eca0450ef0f6a6e74

SHA256
d80cfa66b76c417f717c8edbe9b992f53820fb41db6a0d955a115aa2c983fb64

SHA512
6eb966dada8a4929c4b8af193f9f160a33134fcf2d1296fcebe27c2346e5b20f7ad22e38bef0ffa8f6ee600ee532fac3a7f793fba08a7370d66a8fc82b885817

Download Submit
C:\Windows\Installer\MSI12A6.tmp

Filesize
202KB

MD5
ba84dd4e0c1408828ccc1de09f585eda

SHA1
e8e10065d479f8f591b9885ea8487bc673301298

SHA256
3cff4ac91288a0ff0c13278e73b282a64e83d089c5a61a45d483194ab336b852

SHA512
7a38418f6ee8dbc66fab2cd5ad8e033e761912efc465daa484858d451da4b8576079fe90fd3b6640410edc8b3cac31c57719898134f246f4000d60a252d88290

Download Submit
C:\Windows\Installer\MSI12A6.tmp

Filesize
202KB

MD5
ba84dd4e0c1408828ccc1de09f585eda

SHA1
e8e10065d479f8f591b9885ea8487bc673301298

SHA256
3cff4ac91288a0ff0c13278e73b282a64e83d089c5a61a45d483194ab336b852

SHA512
7a38418f6ee8dbc66fab2cd5ad8e033e761912efc465daa484858d451da4b8576079fe90fd3b6640410edc8b3cac31c57719898134f246f4000d60a252d88290

Download Submit
C:\Windows\Installer\e59fa08.msi

Filesize
58.4MB

MD5
13e59c06a8c33c195fd41136888e40ff

SHA1
00a9feffd8f75c6500a3114eca0450ef0f6a6e74

SHA256
d80cfa66b76c417f717c8edbe9b992f53820fb41db6a0d955a115aa2c983fb64

SHA512
6eb966dada8a4929c4b8af193f9f160a33134fcf2d1296fcebe27c2346e5b20f7ad22e38bef0ffa8f6ee600ee532fac3a7f793fba08a7370d66a8fc82b885817

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

Filesize
23.0MB

MD5
4d9f178fea9a19a0bb342052901d80b5

SHA1
1a177a55d9b0445e07bde4c4de7ccffc0542440e

SHA256
4637677b02735e16ec8a4d9931d6d5bc696e9a27fb12ba817a4ec4a2043b6420

SHA512
2eb1faeaeb478aa8515e70628ebe906cf6ffda7f87d9f4384996ce07aa22cb9b4f0286ed9ad49402998f97c250d51333f9b7bc623ee635e91200c76c4f7a0437

Download Submit
\??\Volume{990d5e2d-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{1aa04ca9-4a32-4b9c-9d59-3b90b0fa9301}_OnDiskSnapshotProp

Filesize
5KB

MD5
2362a02222ac63c14a41eb3d78684ca9

SHA1
0eed7b4ff24f3b650dc49eba3315d9b7a178bbac

SHA256
f3e3538a6154039326c4e0469a59cf56db16815e69692f2f7695bab287fa887f

SHA512
01aa420b2a7ea49392310c40e0f26b01831a34301e4a784f5f27f9d5f3d4ffbd97fbc209e3235cba853482ad3b121b57df3fb37b583b73aab27ce7ba7e36de58

Download Submit