Analysis

  • max time kernel
    626s
  • max time network
    637s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-10-2023 03:46

General

  • Target

    https://filebin.ca/7daZAsXNH927/SHIPPINGBILL.PDF.zip

Score
10/10

Malware Config

Extracted

Family

strrat

C2

giveandtake.mefound.com:8082

Attributes
  • license_id

    khonsari

  • plugins_url

    http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5

  • scheduled_task

    true

  • secondary_startup

    true

  • startup

    true

Signatures

  • STRRAT

    STRRAT is a remote access tool than can steal credentials and log keystrokes.

  • Drops file in Program Files directory 12 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 1 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 44 IoCs
  • Suspicious use of SendNotifyMessage 34 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://filebin.ca/7daZAsXNH927/SHIPPINGBILL.PDF.zip
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2896
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd3dd9758,0x7ffcd3dd9768,0x7ffcd3dd9778
      2⤵
        PID:1460
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 --field-trial-handle=1876,i,5147849643716627213,18116380090183969184,131072 /prefetch:2
        2⤵
          PID:3852
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1876,i,5147849643716627213,18116380090183969184,131072 /prefetch:8
          2⤵
            PID:1624
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1876,i,5147849643716627213,18116380090183969184,131072 /prefetch:8
            2⤵
              PID:4512
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3320 --field-trial-handle=1876,i,5147849643716627213,18116380090183969184,131072 /prefetch:1
              2⤵
                PID:208
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2900 --field-trial-handle=1876,i,5147849643716627213,18116380090183969184,131072 /prefetch:1
                2⤵
                  PID:1816
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4636 --field-trial-handle=1876,i,5147849643716627213,18116380090183969184,131072 /prefetch:1
                  2⤵
                    PID:2584
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3780 --field-trial-handle=1876,i,5147849643716627213,18116380090183969184,131072 /prefetch:1
                    2⤵
                      PID:4948
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4044 --field-trial-handle=1876,i,5147849643716627213,18116380090183969184,131072 /prefetch:1
                      2⤵
                        PID:2376
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 --field-trial-handle=1876,i,5147849643716627213,18116380090183969184,131072 /prefetch:8
                        2⤵
                          PID:1744
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4896 --field-trial-handle=1876,i,5147849643716627213,18116380090183969184,131072 /prefetch:1
                          2⤵
                            PID:4108
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 --field-trial-handle=1876,i,5147849643716627213,18116380090183969184,131072 /prefetch:8
                            2⤵
                              PID:1612
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5740 --field-trial-handle=1876,i,5147849643716627213,18116380090183969184,131072 /prefetch:8
                              2⤵
                                PID:3992
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 --field-trial-handle=1876,i,5147849643716627213,18116380090183969184,131072 /prefetch:8
                                2⤵
                                  PID:3640
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2432 --field-trial-handle=1876,i,5147849643716627213,18116380090183969184,131072 /prefetch:1
                                  2⤵
                                    PID:1080
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5700 --field-trial-handle=1876,i,5147849643716627213,18116380090183969184,131072 /prefetch:1
                                    2⤵
                                      PID:1612
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 --field-trial-handle=1876,i,5147849643716627213,18116380090183969184,131072 /prefetch:8
                                      2⤵
                                        PID:3884
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5416 --field-trial-handle=1876,i,5147849643716627213,18116380090183969184,131072 /prefetch:2
                                        2⤵
                                        • Suspicious behavior: EnumeratesProcesses
                                        PID:3880
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2328 --field-trial-handle=1876,i,5147849643716627213,18116380090183969184,131072 /prefetch:1
                                        2⤵
                                          PID:1580
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2380 --field-trial-handle=1876,i,5147849643716627213,18116380090183969184,131072 /prefetch:1
                                          2⤵
                                            PID:184
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5684 --field-trial-handle=1876,i,5147849643716627213,18116380090183969184,131072 /prefetch:8
                                            2⤵
                                              PID:3116
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6048 --field-trial-handle=1876,i,5147849643716627213,18116380090183969184,131072 /prefetch:8
                                              2⤵
                                                PID:880
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3288 --field-trial-handle=1876,i,5147849643716627213,18116380090183969184,131072 /prefetch:1
                                                2⤵
                                                  PID:4276
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5696 --field-trial-handle=1876,i,5147849643716627213,18116380090183969184,131072 /prefetch:1
                                                  2⤵
                                                    PID:3776
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6484 --field-trial-handle=1876,i,5147849643716627213,18116380090183969184,131072 /prefetch:8
                                                    2⤵
                                                      PID:4328
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6772 --field-trial-handle=1876,i,5147849643716627213,18116380090183969184,131072 /prefetch:8
                                                      2⤵
                                                        PID:1700
                                                    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                                      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                                      1⤵
                                                        PID:3068
                                                      • C:\Windows\System32\rundll32.exe
                                                        C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                        1⤵
                                                          PID:1264
                                                        • C:\Program Files\7-Zip\7zG.exe
                                                          "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\SHIPPINGBILL.PDF\" -spe -an -ai#7zMap16145:94:7zEvent16970
                                                          1⤵
                                                          • Suspicious use of FindShellTrayWindow
                                                          PID:2124
                                                        • C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
                                                          "C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\SHIPPINGBILL.PDF\SHIPPING BILL.PDF.jar"
                                                          1⤵
                                                          • Drops file in Program Files directory
                                                          PID:4400
                                                        • C:\Windows\system32\NOTEPAD.EXE
                                                          "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\SHIPPINGBILL.PDF\hs_err_pid4400.log
                                                          1⤵
                                                          • Opens file in notepad (likely ransom note)
                                                          PID:3704

                                                        Network

                                                        MITRE ATT&CK Enterprise v15

                                                        Replay Monitor

                                                        Loading Replay Monitor...

                                                        Downloads

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\49a39f4c-028b-48d8-aad8-f722a25f7ba3.tmp

                                                          Filesize

                                                          6KB

                                                          MD5

                                                          55068acc06fe11c7b94688d0639e321f

                                                          SHA1

                                                          0d49ff4c8242f7fca4e3d4bb83fd3a87139d9d7c

                                                          SHA256

                                                          61bec06418ce1b7823e6eb3078b226ad9a716e1ec1e54838fa44df4897a9c59c

                                                          SHA512

                                                          9f944bbdba45427d30444d7b3ca4ecfb34f409049c8db3dc2004d7f1e990ba2f6745ad6078490e0a5597be40fa10d753768886fbdc8cc20c125a0855cc9e477b

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

                                                          Filesize

                                                          183KB

                                                          MD5

                                                          7f529c2ef4e90c2fe7b09ada4f85f4f1

                                                          SHA1

                                                          58b9e4de7b4a1e549a17cb471541ed330a61781b

                                                          SHA256

                                                          2ebaeac31ed41fbe24fc07bc3b0fb4043422a790e356a5f38c82b125e3451827

                                                          SHA512

                                                          bcf6ee7711e5dbf1943dcd133e675006d574e3959761cb1007e69b8299c5d3a8435324427b402f65b0feb3374b625e2959fcb321b67ddbaae36c5ffcb74dcd0e

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                          Filesize

                                                          312B

                                                          MD5

                                                          7550d692bb19415f35ad15b7f0121b53

                                                          SHA1

                                                          afec26f2e2b3239c7c5e107bc85f671300173157

                                                          SHA256

                                                          5dafdd58719743d1b3e35eead533dfb9cfb68805d38466a52be1983165f42ab3

                                                          SHA512

                                                          2b76cc3b628fed31adbc50fa082e75c1cf94f496a36038263e7012f4872c23a07fbc03042db47a3400b98ac3016f20b563d8ba253a62b36ac4f2caecd9047456

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                          Filesize

                                                          1KB

                                                          MD5

                                                          ce3decd63bef83441b2be6d40179cbb0

                                                          SHA1

                                                          b790f37547316d319988e7a6ab1091a787d8b33b

                                                          SHA256

                                                          82f5ac70d849cac25caf96c5c187477292f6242ce554f9d51df5231ea4298abe

                                                          SHA512

                                                          19d583782269c6b4cb9f92fd8b2a1052f8fa5d953a2fffe8d2745aad6941df38891a8d383b4a393c6a06c7a8a595519ccf6ca8c65e99cd3bbde55dc267a120ac

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                          Filesize

                                                          192B

                                                          MD5

                                                          9d6abbaaa08adb8924479efb7c70fa2d

                                                          SHA1

                                                          72551722d6e6e200168f0675ac9fe7b24ec2cf2c

                                                          SHA256

                                                          d0485e5ab74c22eb6d3859b249fd5a7c0f3dd3354635d7e2dee716b7ecd21cd6

                                                          SHA512

                                                          42dfd9e1c50a83799af2ab95556c6b80237d638ff1e866dc4351c2fd9895ef4a4190b483e157b2308171078f34c3533e6d1d18ae6258efc29a1eec93759a8fbd

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                          Filesize

                                                          2KB

                                                          MD5

                                                          26cb095d659fea8ce2d99f6c22ecccc9

                                                          SHA1

                                                          42a18c390df858f5fe80e253a960264650d1b9d9

                                                          SHA256

                                                          1bc0b58ea7ce22928ed010deb620715e054db603735508cc64e95fe10c08ec70

                                                          SHA512

                                                          2882f468aa67d385cff7e6861e01908f482e263da4eed026a83009c180e643b944c8bab06bd6e97bc76e44b742dd007787231de9df014e0b43a699eaf332a5c1

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                          Filesize

                                                          2KB

                                                          MD5

                                                          fd8836e228488b1c20885b1a349610b6

                                                          SHA1

                                                          a8f823785465c830b30156efb4de45b17b8b3d8e

                                                          SHA256

                                                          1a1d8d83c53093a3ae91d8e2081f33586c71aea49f25be2acc426b340c14be24

                                                          SHA512

                                                          3f09040945966a6af3dde11fef25bfaba1de45d6ea705f437b1adde40f505ff69cb55174453509088284c340d491687892beb9632370bbecfd4fc54c7fbacda4

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                          Filesize

                                                          2KB

                                                          MD5

                                                          ed8d54851ca5841754ab56b32c2ddad5

                                                          SHA1

                                                          aa757157abe6fd4dbc59c182174f408a49fee0c5

                                                          SHA256

                                                          d30d2ac80fa24f82949c90868bc962e4cf350c261450b7844f59f1d1a80cc632

                                                          SHA512

                                                          ac8037731e712b83dfee63b2116dbaba78ce3ebb792377edee483d6f83c7e0d83852aff406204ea72257017c3531e4bd6fa22d5696659989051b638d396b57e2

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                          Filesize

                                                          4KB

                                                          MD5

                                                          1b84ea2df293eaf09e2c546837cc5d7f

                                                          SHA1

                                                          a917563a096ac39938546f87953a259c886fdd75

                                                          SHA256

                                                          8ac78fc7162354e7b25670d62a1dcb4354ff33d9dc2b4e846da7b5a0137d920b

                                                          SHA512

                                                          0e22747e109b94a211c20069e4850090d133da77ab371e5cb0386239b89738e972cbcc0096932ad7a7caa03caa3142fb7bb61d0280115b0d84f2e16f2e97d98d

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                          Filesize

                                                          705B

                                                          MD5

                                                          608f5b86ba653376422bd56ffda271bb

                                                          SHA1

                                                          b89ec21cbe9f37f25f933646ef5604165d376df7

                                                          SHA256

                                                          50f29ae613063c27f52391a5bd1b7ebf4080d43d60225398cb09aed9fb8f3483

                                                          SHA512

                                                          7cdc21182c04217372205b09776def3bb3225b89be3ced1b0e3b0ae9a1aa9368bbb11c6d42974e4f99f23245aa894c852bf7e89846bdfb0d778b5f59daabf4d7

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                          Filesize

                                                          538B

                                                          MD5

                                                          69a6109148ea8e27ed2c0e348d0865dc

                                                          SHA1

                                                          69180db850065267b314071e8e995e014d6a2b07

                                                          SHA256

                                                          ae3fb2c1bd6022c8e508f29ca07c7094a7d533cb6e315ac8c5a182c037df708d

                                                          SHA512

                                                          d3b4b8cdc33b8676c250dce9500897b22d78383fa7cff7f2781431745f20c57858f62eda62873ce30237165e1f3d13fc0a214b1682ae2208b6145e4fb181c098

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                          Filesize

                                                          6KB

                                                          MD5

                                                          323332043cbe244518a73da72d4795e0

                                                          SHA1

                                                          10c256afbe7bcf0ff69ab4661ce1f9894de3161b

                                                          SHA256

                                                          04282d7ba57ab62cbb553d4bab2ab69f9b63cf0af8dd98190e0400ce345a2ec0

                                                          SHA512

                                                          595b61acfe492bb6bf994368cfc5484057ba6b201e80b5311039524baddfa59417193dd5d2ecdcdaf5a0a8f6c4789ee63126f1f85459d1f616bbdbaba90358fa

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                          Filesize

                                                          6KB

                                                          MD5

                                                          b7210685b84be9518f93a3bc7c15af94

                                                          SHA1

                                                          45e13bcc99ecc63abe3c7575e08aa44c64c2e9e6

                                                          SHA256

                                                          d95e2cd62c77cefdcbd53f99efe2a50a95a9e029000bfdc3a6e2417a24ff9a6a

                                                          SHA512

                                                          fabd13390af18922055a4f14807400e529e2b1eb65eae81253e983f0823c1781b0a858386119075e95834807fcdf102e87214068b316cbb70f0394d19f6b45ad

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                          Filesize

                                                          6KB

                                                          MD5

                                                          a3ac7bee8f6a573e60bb55e84b809137

                                                          SHA1

                                                          cabcf7c2f4aeebf0f567bbc8d5460fca83f82d3c

                                                          SHA256

                                                          480cd07e96a50c5d4a490807fbc216059769af9987e3b310f80b2e12fdee6afd

                                                          SHA512

                                                          8d28af3d23a85d662430f2d86ecd8290dca4a85cf5a759acc9eca311efb6f9e49369a1a9d76b4e3337378f979580c3f90f9d0359863c791a9ea2c12d5c270ae6

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                          Filesize

                                                          7KB

                                                          MD5

                                                          ee2f921c1035cf9cbb40c223b2427f80

                                                          SHA1

                                                          8268e92b20f6f39c60e1e8b282858351a1395444

                                                          SHA256

                                                          cad1e836ee8b8fedb3c3c9df6e88371300127d34458f665b26aad1a7f1ae7528

                                                          SHA512

                                                          da52fe08d43c0a5b776afbb69690a1ff858ad887a5ee1f85f8fe888bc9d9c5232f0c2792ee7c554c88d8cf5280da6115094d289a29aec03bad07dd81ca04a01e

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                          Filesize

                                                          6KB

                                                          MD5

                                                          b6719ffb72580eb6039b4a3b24ad4735

                                                          SHA1

                                                          8c09eade1ed715ece64c74435926ef44435b558e

                                                          SHA256

                                                          f446eb9c55e11d6941466855d90eef728cb20caff368e43ea89f71caf49a5497

                                                          SHA512

                                                          5829169aaf60b080e511c10a659c0aace89f268a6e24f4fe2a3281b3a4ca98de28fe45b3b5d06d5e1c4db98ec3f54e8b2115fb1506bb87344f2d0261c4cf259b

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                                          Filesize

                                                          72B

                                                          MD5

                                                          0c87866f90ba9526d30a583af79f3d6e

                                                          SHA1

                                                          9fbfb652b0be9397c7605974869bba9e58d5d001

                                                          SHA256

                                                          7d08c7a8f351fbc28dfb5e4f930d85a71bb1ca1576d056773e27ef1de0ed52c7

                                                          SHA512

                                                          ed849c85681593818b6b86fd1734133e3898bd25e0c3373603ef494932c7a6aaebf2dbaeddb094661ccf38d3f5aad8e29303703245d4b71ba7e2d58bf8f83c57

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5f9d04.TMP

                                                          Filesize

                                                          48B

                                                          MD5

                                                          cebf0f3a8940d3491fe9a4a5da109018

                                                          SHA1

                                                          ddf064c84246d2d0e1c6100f3a90b4bd30b1a910

                                                          SHA256

                                                          83c02f694654d36157b330945e00c296ec17e1e06f79075202a36510120a0319

                                                          SHA512

                                                          9777edcdc40d7ed42106efabb3240b3ea66aa3f01e1dcdbe8611a80ffa068025c983d53e9d6a149b8c42f460e1dd88f29a5ba721200ceceb70642a524d2434cc

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                          Filesize

                                                          101KB

                                                          MD5

                                                          d90d5d5dc496c7f53d00e358a19de80e

                                                          SHA1

                                                          f06a7a439b5e9e6ff0ef425ff3b995d019f05aff

                                                          SHA256

                                                          3efa045f1a280951d814922357b68c94de63a3fa0669ff33d94e341c096dd429

                                                          SHA512

                                                          d5c4a4478a8ca2ba3130f4ca0428bfe98fe200d64b451781c0e2cf7045856b7a8637a9deaf6c51f7203fa21e035324e1b0f26738788595a0936c41ec54e29fd0

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                          Filesize

                                                          101KB

                                                          MD5

                                                          3f3fdd3cd9cc51d65100dd9452fdda78

                                                          SHA1

                                                          f654283242455316e505f9dd446ca1315a40a2de

                                                          SHA256

                                                          a0ec08484be99d6c3e8b031d0e313d3908023f34cf9b7fc6a0572c71a8c9b292

                                                          SHA512

                                                          8458417b7899d8484f4d87aea1740ebf87ab3d91964cf068c5b28448d13e32aa374418fb1d96822799a0d155fab3470ddafe29bbc96d9bb8decab9c83bc31d22

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                          Filesize

                                                          101KB

                                                          MD5

                                                          35b87e8f0140187f2bc86801822e9f42

                                                          SHA1

                                                          ebafcb3f539c4e8bf819af955c348b986dad2397

                                                          SHA256

                                                          5e857c131477dfa08f1ec2ee975c5a6eb8baef0c1aeb3b936c2234518b992f5b

                                                          SHA512

                                                          842e1ec25e49c79efefab9209c7c93f118de14638df23196c11d4076621e9902636daaf300ab36e5acd276ddede0d5997f4582deb72348ce13e57ad8bcdbe7f0

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                          Filesize

                                                          114KB

                                                          MD5

                                                          ad9fe0c2dd46592c8cfd27708b4efc70

                                                          SHA1

                                                          665dc25e8b02daa8f9621763f4580607a0bc6708

                                                          SHA256

                                                          0b468b55aed0903615fd5ff53717e9ee4ff269d9763482ce80998a0307222118

                                                          SHA512

                                                          c852fe84aa8b051380dc5a2e0ebec3b61cd2e9cf3cce5623c894007a4d826be37a42c1a05a5647323e925103bcc618a3d488d90ae85697bf8036b37b557eec6b

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                          Filesize

                                                          114KB

                                                          MD5

                                                          08ee85dde5831e6663d5df615e93e436

                                                          SHA1

                                                          8121109e9b2ef1164b6faad82d7e2e7d5ac6f50d

                                                          SHA256

                                                          e03e1e4440c05c1800416a7e8b1d38cbabf097b6c3e38fdd5bec67d22e51118d

                                                          SHA512

                                                          367852b7518b91b171d37c4cc043dee8bafd312acd3e530e4f66acb2e7d71a8ea794a587591d38b37e9ad993f64346a02c5f8f36434158b2fda4a4ba7c55c219

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59d94f.TMP

                                                          Filesize

                                                          113KB

                                                          MD5

                                                          4d33e04b24312c7c00ad2176d3c9993a

                                                          SHA1

                                                          2c39cff65504137360dabbb19a2393e9d664e0b3

                                                          SHA256

                                                          ad9ca8fd3dfe28ca08ef17be0d6f944ab0dfe6d5156de5936e195156b30badd0

                                                          SHA512

                                                          a062818afebf58810812b38a7292346d5910661b278a959f9048f2613d830840b4b7745bc3de2f0541263ac585f77badb64b936266ee7086ac787419dd91c755

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                                                          Filesize

                                                          2B

                                                          MD5

                                                          99914b932bd37a50b983c5e7c90ae93b

                                                          SHA1

                                                          bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                                          SHA256

                                                          44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                                          SHA512

                                                          27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                                        • C:\Users\Admin\Downloads\SHIPPINGBILL.PDF.zip

                                                          Filesize

                                                          202KB

                                                          MD5

                                                          73fa8a40c71f0f63666091ccf380c4c7

                                                          SHA1

                                                          c0fe14133cebc149f92e3ec6a562627b95350b93

                                                          SHA256

                                                          65c7a9781457f7fadb81eac625dffa8ba1c90ef46bbcc0a6a01e1638cb8495ee

                                                          SHA512

                                                          07f1d6b26aea0b006169d42c806658683450697838db51499ab39fcf9bee0b06f292531055b55fb0a722fb82a43d0637e060fe97b2aa0a1977729b35b94bee31

                                                        • C:\Users\Admin\Downloads\SHIPPINGBILL.PDF.zip

                                                          Filesize

                                                          202KB

                                                          MD5

                                                          73fa8a40c71f0f63666091ccf380c4c7

                                                          SHA1

                                                          c0fe14133cebc149f92e3ec6a562627b95350b93

                                                          SHA256

                                                          65c7a9781457f7fadb81eac625dffa8ba1c90ef46bbcc0a6a01e1638cb8495ee

                                                          SHA512

                                                          07f1d6b26aea0b006169d42c806658683450697838db51499ab39fcf9bee0b06f292531055b55fb0a722fb82a43d0637e060fe97b2aa0a1977729b35b94bee31

                                                        • C:\Users\Admin\Downloads\SHIPPINGBILL.PDF\SHIPPING BILL.PDF.jar

                                                          Filesize

                                                          209KB

                                                          MD5

                                                          d3ff400fe2e20f494e39a5a5a8e5c1c5

                                                          SHA1

                                                          66c40bff1bf77749b887f93de72043ecf09cda16

                                                          SHA256

                                                          0c3a1b79b6e8d372c0e29eeb56ae8814c630d2575e5bdf0d9d1ec10fc9a8385d

                                                          SHA512

                                                          89922923f0593a9733931fe7d715b2cd8762dd6b40f476e31cab4fd51f04bed814f3276a923278ebafb6fdb8e684d27aeee3b1492ee8ab4239c188e1a6f4420c

                                                        • C:\Users\Admin\Downloads\SHIPPINGBILL.PDF\hs_err_pid4400.log

                                                          Filesize

                                                          17KB

                                                          MD5

                                                          e1a9edcc6a78003272b353e04946f476

                                                          SHA1

                                                          a2678c0bb039a8c4564a298324605af53526ebe2

                                                          SHA256

                                                          d04bf609de17476b81383645969206244f0686be96de03ac3a94ee0d56cc0e69

                                                          SHA512

                                                          56e3799a743e27524044146a46148b2616a55aa6cb3c5a0b80047acf13740cbd173d87d00f7fc6ca26bf766013890e656212ec328cbff53685e0ab87a62bd69f

                                                        • \??\pipe\crashpad_2896_BVWLVRLHOJPLRIQX

                                                          MD5

                                                          d41d8cd98f00b204e9800998ecf8427e

                                                          SHA1

                                                          da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                          SHA256

                                                          e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                          SHA512

                                                          cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                        • memory/4400-238-0x0000000003400000-0x0000000003410000-memory.dmp

                                                          Filesize

                                                          64KB

                                                        • memory/4400-216-0x00000000015C0000-0x00000000015C1000-memory.dmp

                                                          Filesize

                                                          4KB

                                                        • memory/4400-209-0x0000000003170000-0x0000000004170000-memory.dmp

                                                          Filesize

                                                          16.0MB

                                                        • memory/4400-217-0x0000000003170000-0x0000000004170000-memory.dmp

                                                          Filesize

                                                          16.0MB

                                                        • memory/4400-218-0x00000000015C0000-0x00000000015C1000-memory.dmp

                                                          Filesize

                                                          4KB

                                                        • memory/4400-239-0x0000000003170000-0x0000000004170000-memory.dmp

                                                          Filesize

                                                          16.0MB

                                                        • memory/4400-226-0x00000000015C0000-0x00000000015C1000-memory.dmp

                                                          Filesize

                                                          4KB

                                                        • memory/4400-237-0x0000000003170000-0x0000000004170000-memory.dmp

                                                          Filesize

                                                          16.0MB

                                                        • memory/4400-227-0x00000000015C0000-0x00000000015C1000-memory.dmp

                                                          Filesize

                                                          4KB

                                                        • memory/4400-228-0x0000000003170000-0x0000000004170000-memory.dmp

                                                          Filesize

                                                          16.0MB