5961d0a8ebdc116b674d3231b5c8b01b35d3c7a191b0bb8ab5bb7b14352cc065

Resubmissions

24/02/2024, 23:32

240224-3jlc5agg36 10

19/02/2024, 20:03

240219-ys4tlscg37 10

19/02/2024, 20:01

240219-yrrsnacb2z 10

Analysis

max time kernel
63s
max time network
150s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24/02/2024, 23:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

License/Driver Booster 11 PRO License.exe
Size

770KB
MD5

27cf0c7d37e5ffbab9b1a163544f3321
SHA1

3ed7493f213a01f7c99a4d11f56cfa7f79f90d0a
SHA256

4f6eba5f100a37005509d15782ca2991de72d027be766ba779f20e956555c29b
SHA512

f9ac54ee39c7192406a51a6e506b420387b2314facc31656b1acd3a69fdcb3060553b42122c5a6f5092083d71c20d4304b1ed067e9b1e481951c1a4798e0fa2d
SSDEEP

12288:HtLqu6mmCXykkkkkkkBgEgEQJrQXSmsw71AfyffvnZYyGPlWHiCXIEwc+4iAxtz+:HtLWjQXDsw+fAXnZWWHLfwcvxzF7di

Score

10^/10

Malware Config

Signatures

Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

description	pid	Process	procid_target
PID 2408 created 1216	2408	Rosa.pif	12

Executes dropped EXE 2 IoCs

pid	Process
2408	Rosa.pif
692	Rosa.pif

Loads dropped DLL 2 IoCs

pid	Process
2984	cmd.exe
2408	Rosa.pif

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2408 set thread context of 692	2408	Rosa.pif	41

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates processes with tasklist 1 TTPs 2 IoCs

Process Discovery

T1057

pid	Process
3052	tasklist.exe
2520	tasklist.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
2428	PING.EXE

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2408	Rosa.pif
2408	Rosa.pif
2408	Rosa.pif
2408	Rosa.pif
1748	chrome.exe
1748	chrome.exe

Suspicious use of AdjustPrivilegeToken 58 IoCs

description	pid	Process
Token: SeDebugPrivilege	3052	tasklist.exe
Token: SeDebugPrivilege	2520	tasklist.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe
Token: SeShutdownPrivilege	1748	chrome.exe

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
2408	Rosa.pif
2408	Rosa.pif
2408	Rosa.pif
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe

Suspicious use of SendNotifyMessage 51 IoCs

pid	Process
2408	Rosa.pif
2408	Rosa.pif
2408	Rosa.pif
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1244 wrote to memory of 2984	1244	Driver Booster 11 PRO License.exe	29
PID 1244 wrote to memory of 2984	1244	Driver Booster 11 PRO License.exe	29
PID 1244 wrote to memory of 2984	1244	Driver Booster 11 PRO License.exe	29
PID 1244 wrote to memory of 2984	1244	Driver Booster 11 PRO License.exe	29
PID 2984 wrote to memory of 3052	2984	cmd.exe	31
PID 2984 wrote to memory of 3052	2984	cmd.exe	31
PID 2984 wrote to memory of 3052	2984	cmd.exe	31
PID 2984 wrote to memory of 3052	2984	cmd.exe	31
PID 2984 wrote to memory of 2556	2984	cmd.exe	32
PID 2984 wrote to memory of 2556	2984	cmd.exe	32
PID 2984 wrote to memory of 2556	2984	cmd.exe	32
PID 2984 wrote to memory of 2556	2984	cmd.exe	32
PID 2984 wrote to memory of 2520	2984	cmd.exe	34
PID 2984 wrote to memory of 2520	2984	cmd.exe	34
PID 2984 wrote to memory of 2520	2984	cmd.exe	34
PID 2984 wrote to memory of 2520	2984	cmd.exe	34
PID 2984 wrote to memory of 2656	2984	cmd.exe	35
PID 2984 wrote to memory of 2656	2984	cmd.exe	35
PID 2984 wrote to memory of 2656	2984	cmd.exe	35
PID 2984 wrote to memory of 2656	2984	cmd.exe	35
PID 2984 wrote to memory of 3068	2984	cmd.exe	36
PID 2984 wrote to memory of 3068	2984	cmd.exe	36
PID 2984 wrote to memory of 3068	2984	cmd.exe	36
PID 2984 wrote to memory of 3068	2984	cmd.exe	36
PID 2984 wrote to memory of 2004	2984	cmd.exe	37
PID 2984 wrote to memory of 2004	2984	cmd.exe	37
PID 2984 wrote to memory of 2004	2984	cmd.exe	37
PID 2984 wrote to memory of 2004	2984	cmd.exe	37
PID 2984 wrote to memory of 2456	2984	cmd.exe	38
PID 2984 wrote to memory of 2456	2984	cmd.exe	38
PID 2984 wrote to memory of 2456	2984	cmd.exe	38
PID 2984 wrote to memory of 2456	2984	cmd.exe	38
PID 2984 wrote to memory of 2408	2984	cmd.exe	39
PID 2984 wrote to memory of 2408	2984	cmd.exe	39
PID 2984 wrote to memory of 2408	2984	cmd.exe	39
PID 2984 wrote to memory of 2408	2984	cmd.exe	39
PID 2984 wrote to memory of 2428	2984	cmd.exe	40
PID 2984 wrote to memory of 2428	2984	cmd.exe	40
PID 2984 wrote to memory of 2428	2984	cmd.exe	40
PID 2984 wrote to memory of 2428	2984	cmd.exe	40
PID 2408 wrote to memory of 692	2408	Rosa.pif	41
PID 2408 wrote to memory of 692	2408	Rosa.pif	41
PID 2408 wrote to memory of 692	2408	Rosa.pif	41
PID 2408 wrote to memory of 692	2408	Rosa.pif	41
PID 2408 wrote to memory of 692	2408	Rosa.pif	41
PID 2408 wrote to memory of 692	2408	Rosa.pif	41
PID 1748 wrote to memory of 2508	1748	chrome.exe	43
PID 1748 wrote to memory of 2508	1748	chrome.exe	43
PID 1748 wrote to memory of 2508	1748	chrome.exe	43
PID 1748 wrote to memory of 1520	1748	chrome.exe	44
PID 1748 wrote to memory of 1520	1748	chrome.exe	44
PID 1748 wrote to memory of 1520	1748	chrome.exe	44
PID 1748 wrote to memory of 1520	1748	chrome.exe	44
PID 1748 wrote to memory of 1520	1748	chrome.exe	44
PID 1748 wrote to memory of 1520	1748	chrome.exe	44
PID 1748 wrote to memory of 1520	1748	chrome.exe	44
PID 1748 wrote to memory of 1520	1748	chrome.exe	44
PID 1748 wrote to memory of 1520	1748	chrome.exe	44
PID 1748 wrote to memory of 1520	1748	chrome.exe	44
PID 1748 wrote to memory of 1520	1748	chrome.exe	44
PID 1748 wrote to memory of 1520	1748	chrome.exe	44
PID 1748 wrote to memory of 1520	1748	chrome.exe	44
PID 1748 wrote to memory of 1520	1748	chrome.exe	44
PID 1748 wrote to memory of 1520	1748	chrome.exe	44

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1216
- C:\Users\Admin\AppData\Local\Temp\License\Driver Booster 11 PRO License.exe
  "C:\Users\Admin\AppData\Local\Temp\License\Driver Booster 11 PRO License.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1244
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /k move Assume Assume.bat & Assume.bat & exit
    3⤵
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2984
  - - C:\Windows\SysWOW64\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      Suspicious use of AdjustPrivilegeToken
      PID:3052
  - - C:\Windows\SysWOW64\findstr.exe
      findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"
      4⤵
      PID:2556
  - - C:\Windows\SysWOW64\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      Suspicious use of AdjustPrivilegeToken
      PID:2520
  - - C:\Windows\SysWOW64\findstr.exe
      findstr /I "wrsa.exe opssvc.exe"
      4⤵
      PID:2656
  - - C:\Windows\SysWOW64\cmd.exe
      cmd /c md 19854
      4⤵
      PID:3068
  - - C:\Windows\SysWOW64\cmd.exe
      cmd /c copy /b Fields + Bronze + Pressing + Extending + Administrator 19854\Rosa.pif
      4⤵
      PID:2004
  - - C:\Windows\SysWOW64\cmd.exe
      cmd /c copy /b Processing 19854\e
      4⤵
      PID:2456
  - - C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\19854\Rosa.pif
      19854\Rosa.pif 19854\e
      4⤵
      Suspicious use of NtCreateUserProcessOtherParentProcess
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetThreadContext
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:2408
  - - C:\Windows\SysWOW64\PING.EXE
      ping -n 5 localhost
      4⤵
      Runs ping.exe
      PID:2428
- C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\19854\Rosa.pif
  C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\19854\Rosa.pif
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe"
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1748
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5939758,0x7fef5939768,0x7fef5939778
    3⤵
    PID:2508
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1168 --field-trial-handle=1380,i,12126949964507488079,5318531501546083852,131072 /prefetch:2
    3⤵
    PID:1520
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1460 --field-trial-handle=1380,i,12126949964507488079,5318531501546083852,131072 /prefetch:8
    3⤵
    PID:2836
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1580 --field-trial-handle=1380,i,12126949964507488079,5318531501546083852,131072 /prefetch:8
    3⤵
    PID:2804
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2300 --field-trial-handle=1380,i,12126949964507488079,5318531501546083852,131072 /prefetch:1
    3⤵
    PID:1704
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2292 --field-trial-handle=1380,i,12126949964507488079,5318531501546083852,131072 /prefetch:1
    3⤵
    PID:2504
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1700 --field-trial-handle=1380,i,12126949964507488079,5318531501546083852,131072 /prefetch:2
    3⤵
    PID:2324
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1528 --field-trial-handle=1380,i,12126949964507488079,5318531501546083852,131072 /prefetch:1
    3⤵
    PID:2176
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3872 --field-trial-handle=1380,i,12126949964507488079,5318531501546083852,131072 /prefetch:8
    3⤵
    PID:2620
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3876 --field-trial-handle=1380,i,12126949964507488079,5318531501546083852,131072 /prefetch:1
    3⤵
    PID:2984

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
195KB

MD5
873734b55d4c7d35a177c8318b0caec7

SHA1
469b913b09ea5b55e60098c95120cc9b935ddb28

SHA256
4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d

SHA512
24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
e16c1a10c1b72691ce123ff6fccd78df

SHA1
dd5d00267a5ff240fa38f8592e9f710c2223cfc0

SHA256
b4f6950c7320f0d3dd71ea3226281446d1bf4c72f53545a8a879f957a6c2fcc2

SHA512
d578618330b6729ec0b2b00c782a0cf892ecb73acce6e87a411a6da665a6aadac5332b5a009372e75eefc62b62a73d835cb96819c14e8f057f3000f97c7efc40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
3c5704db6cfb5b1e0a07c8bba78d1bbf

SHA1
d83544e29de125b17672f615b1e7e6cb89d9b58a

SHA256
fe39b38b94e71fc4487710859efa9cbf32d12529daadd8aa14da90fc13598bcf

SHA512
713298ad867b292ac7b4ec16f877c5de5ff4393155ffaea44b1eef50f62e339a19d392f89a2530ac6b7cc8795a85586f50c7dfdff226261192248cb4ee67d221

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
6fa5e42eab47c2b477981dd0a7bdd980

SHA1
99d95adbc9fc42481cfc3aace01819696b60bb12

SHA256
5064be7eec65d120d80e8c2bf313aea6d6d22b28d0480c44872fbb16181a45c7

SHA512
5c04f79f57f7c4b30e14229f064efe347ae901cfc01a42b9e5e0f8a17ebd202f67ece697ca731ca6688a9b2127f352146e9e48d0dc2dfee162433cfe50176067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Administrator

Filesize
178KB

MD5
d8f9dd4003de34471d0797f274ebe7bc

SHA1
393aceab75a29520961e52cd0756e8971f02f72a

SHA256
db576bf9cae0e2ec38f1efbcaad5e7941b3456bc7b9ab5d3570d281937ef007c

SHA512
bc34e3ee19055353eab85ef420a8ccbba81bc8ade7f745c7e7ca6fab6ebded5ffbce01bd2fec78bc8db661e89c62f021ff375d547670eb08050ac49e07ea657e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Assume

Filesize
10KB

MD5
8c4c658f59e7e8626cf7f8a382cbe005

SHA1
7ca0681bab8878b032d2f084275a487fea690bcc

SHA256
462506a044d309cde8677030483e35b4ad323f7f93b4f82c667aa0426017bb1a

SHA512
d2077ef00c1f8753d7cd27b56aa2bcd266b046c3fe25eca58265ff0cc0e990234889eafb38cf55c16c98105cbaa785f66c4575b977958a26a0a1919069413f27

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Bronze

Filesize
115KB

MD5
7dea798d8550a7eb8c0dac613d328119

SHA1
3c2a6577e063b7371c52108393c8637f338c70cc

SHA256
7c418482ec85689387802871cc2bc4a031b68328a60b90122d4e3d84cea306cf

SHA512
7750be47bcdd5225dd73eb7e06c500d50b43fe961424cc6f4c09f78648848e10175b137d032d73fecd7b9cc5e6469889d98ab39735c183c3b05447e7237ca7f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Extending

Filesize
118KB

MD5
f2a6a75f93068cb427350af64f2b98a7

SHA1
e11e41958a8a3b68ff6a8a4bd126b9aff9849d0c

SHA256
28f253d9592bc6badf74dd1dbadda2d65a47e812cb2d75435b25f650cf06a9e5

SHA512
584bdb2eb53eaf86b85eff99c5f8253783421964e9ccc1d9226394b2135d75ef13d8d35369ebf569d5955fab5ba6acb98e6bf68a82a7b51a287470ac3816eefd

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Fields

Filesize
293KB

MD5
b38a37e518db3dd0646287e647da2791

SHA1
80ec5fed671f51a07cc6f30a411bf91056e0e4e3

SHA256
f938df0350470599eda1c3359637627f8cc261038eb6d7438b883ce4c0722580

SHA512
5aaacfe5a3a033b9b07601b1ec1be3079d3244a2a42238cd498ff32f165bcb128a2442a84954fa92dfa3ef7bb32fd4f1013e51ff13deb222d97759c09af332db

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Pressing

Filesize
220KB

MD5
96b80b99cf941e0851f2d4c6c739563f

SHA1
7cb29861f9e3c81241558eb558f7b6766b9601c2

SHA256
348fcc34733289fb855961990e9c8a7fd0d0b6841fa915b11fea3f354666cbde

SHA512
7d64d6ddfb54beb647f56dc4bcd8f71b8477046c325e5bb35d88149c55a998f69822a6572945e12a4416ea2985d73da7235cc754beddb007c36fbc96a977c35b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Processing

Filesize
401KB

MD5
f8a1fc75b3bb6e1cac4cfaa82e25b698

SHA1
ebd7573bdcbfc9ac51742d198cc3287689417cb2

SHA256
07760b8ddfaa45d173d7565e35147019b204cfa4d9009d90755f33062c8b4741

SHA512
cae5ea4f51058cb6bbb4aa70e50eec87be028a607f824ac80ee13b94dbc67489dad831900c4b45f45b79891aa9ab7b78e92748385547ebe7ac44c92f07c1013b

Download Submit
\Users\Admin\AppData\Local\Temp\7ZipSfx.000\19854\Rosa.pif

Filesize
924KB

MD5
848164d084384c49937f99d5b894253e

SHA1
3055ef803eeec4f175ebf120f94125717ee12444

SHA256
f58d3a4b2f3f7f10815c24586fae91964eeed830369e7e0701b43895b0cefbd3

SHA512
aabe1cf076f48f32542f49a92e4ca9f054b31d5a9949119991b897b9489fe775d8009896408ba49ac43ec431c87c0d385daead9dbbde7ef6309b0c97bbaf852a

Download Submit
memory/2408-30-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2408-28-0x00000000779A0000-0x0000000077A76000-memory.dmp

Filesize
856KB

Download