hxxps://goo[.]su/5WBEji

Resubmissions

10/03/2024, 06:47

240310-hkqc9aef53 9

10/03/2024, 06:41

10/03/2024, 06:40

10/03/2024, 06:37

10/03/2024, 06:31

Analysis

max time kernel
97s
max time network
249s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
10/03/2024, 06:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://goo.su/5WBEji

Score

7^/10

upx

Malware Config

Signatures

Executes dropped EXE 44 IoCs

pid	Process
1584	ОСНОВА 2.exe
5988	extd.exe
5856	extd.exe
6088	extd.exe
2600	load.exe
2252	tool.exe
5972	tool.exe
6016	tool.exe
5952	tool.exe
5180	tool.exe
5196	tool.exe
5232	tool.exe
5260	tool.exe
5284	tool.exe
5388	tool.exe
5440	tool.exe
5464	tool.exe
5532	tool.exe
5552	tool.exe
3696	tool.exe
5584	tool.exe
5608	mac.exe
1584	ОСНОВА 2.exe
5988	extd.exe
5856	extd.exe
6088	extd.exe
2600	load.exe
2252	tool.exe
5972	tool.exe
6016	tool.exe
5952	tool.exe
5180	tool.exe
5196	tool.exe
5232	tool.exe
5260	tool.exe
5284	tool.exe
5388	tool.exe
5440	tool.exe
5464	tool.exe
5532	tool.exe
5552	tool.exe
3696	tool.exe
5584	tool.exe
5608	mac.exe

UPX packed file 12 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/5988-562-0x0000000140000000-0x00000001400D8000-memory.dmp	upx
behavioral1/memory/5988-563-0x0000000140000000-0x00000001400D8000-memory.dmp	upx
behavioral1/memory/5856-568-0x0000000140000000-0x00000001400D8000-memory.dmp	upx
behavioral1/memory/5856-569-0x0000000140000000-0x00000001400D8000-memory.dmp	upx
behavioral1/memory/6088-571-0x0000000140000000-0x00000001400D8000-memory.dmp	upx
behavioral1/memory/6088-572-0x0000000140000000-0x00000001400D8000-memory.dmp	upx
behavioral1/memory/5988-562-0x0000000140000000-0x00000001400D8000-memory.dmp	upx
behavioral1/memory/5988-563-0x0000000140000000-0x00000001400D8000-memory.dmp	upx
behavioral1/memory/5856-568-0x0000000140000000-0x00000001400D8000-memory.dmp	upx
behavioral1/memory/5856-569-0x0000000140000000-0x00000001400D8000-memory.dmp	upx
behavioral1/memory/6088-571-0x0000000140000000-0x00000001400D8000-memory.dmp	upx
behavioral1/memory/6088-572-0x0000000140000000-0x00000001400D8000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133545265029637060"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe

Suspicious behavior: LoadsDriver 32 IoCs

pid	Process
648	Process not Found
648	Process not Found
648	Process not Found
648	Process not Found
648	Process not Found
648	Process not Found
648	Process not Found
648	Process not Found
648	Process not Found
648	Process not Found
648	Process not Found
648	Process not Found
648	Process not Found
648	Process not Found
648	Process not Found
648	Process not Found
648	Process not Found
648	Process not Found
648	Process not Found
648	Process not Found
648	Process not Found
648	Process not Found
648	Process not Found
648	Process not Found
648	Process not Found
648	Process not Found
648	Process not Found
648	Process not Found
648	Process not Found
648	Process not Found
648	Process not Found
648	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 34 IoCs

pid	Process
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe

Suspicious use of SetWindowsHookEx 44 IoCs

pid	Process
1584	ОСНОВА 2.exe
5988	extd.exe
5856	extd.exe
6088	extd.exe
2600	load.exe
2252	tool.exe
5972	tool.exe
6016	tool.exe
5952	tool.exe
5180	tool.exe
5196	tool.exe
5232	tool.exe
5260	tool.exe
5284	tool.exe
5388	tool.exe
5440	tool.exe
5464	tool.exe
5532	tool.exe
5552	tool.exe
3696	tool.exe
5584	tool.exe
5608	mac.exe
1584	ОСНОВА 2.exe
5988	extd.exe
5856	extd.exe
6088	extd.exe
2600	load.exe
2252	tool.exe
5972	tool.exe
6016	tool.exe
5952	tool.exe
5180	tool.exe
5196	tool.exe
5232	tool.exe
5260	tool.exe
5284	tool.exe
5388	tool.exe
5440	tool.exe
5464	tool.exe
5532	tool.exe
5552	tool.exe
3696	tool.exe
5584	tool.exe
5608	mac.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2280 wrote to memory of 1620	2280	chrome.exe	85
PID 2280 wrote to memory of 1620	2280	chrome.exe	85
PID 2280 wrote to memory of 2532	2280	chrome.exe	87
PID 2280 wrote to memory of 2532	2280	chrome.exe	87
PID 2280 wrote to memory of 2532	2280	chrome.exe	87
PID 2280 wrote to memory of 2532	2280	chrome.exe	87
PID 2280 wrote to memory of 2532	2280	chrome.exe	87
PID 2280 wrote to memory of 2532	2280	chrome.exe	87
PID 2280 wrote to memory of 2532	2280	chrome.exe	87
PID 2280 wrote to memory of 2532	2280	chrome.exe	87
PID 2280 wrote to memory of 2532	2280	chrome.exe	87
PID 2280 wrote to memory of 2532	2280	chrome.exe	87
PID 2280 wrote to memory of 2532	2280	chrome.exe	87
PID 2280 wrote to memory of 2532	2280	chrome.exe	87
PID 2280 wrote to memory of 2532	2280	chrome.exe	87
PID 2280 wrote to memory of 2532	2280	chrome.exe	87
PID 2280 wrote to memory of 2532	2280	chrome.exe	87
PID 2280 wrote to memory of 2532	2280	chrome.exe	87
PID 2280 wrote to memory of 2532	2280	chrome.exe	87
PID 2280 wrote to memory of 2532	2280	chrome.exe	87
PID 2280 wrote to memory of 2532	2280	chrome.exe	87
PID 2280 wrote to memory of 2532	2280	chrome.exe	87
PID 2280 wrote to memory of 2532	2280	chrome.exe	87
PID 2280 wrote to memory of 2532	2280	chrome.exe	87
PID 2280 wrote to memory of 2532	2280	chrome.exe	87
PID 2280 wrote to memory of 2532	2280	chrome.exe	87
PID 2280 wrote to memory of 2532	2280	chrome.exe	87
PID 2280 wrote to memory of 2532	2280	chrome.exe	87
PID 2280 wrote to memory of 2532	2280	chrome.exe	87
PID 2280 wrote to memory of 2532	2280	chrome.exe	87
PID 2280 wrote to memory of 2532	2280	chrome.exe	87
PID 2280 wrote to memory of 2532	2280	chrome.exe	87
PID 2280 wrote to memory of 2532	2280	chrome.exe	87
PID 2280 wrote to memory of 2532	2280	chrome.exe	87
PID 2280 wrote to memory of 2532	2280	chrome.exe	87
PID 2280 wrote to memory of 2532	2280	chrome.exe	87
PID 2280 wrote to memory of 2532	2280	chrome.exe	87
PID 2280 wrote to memory of 2532	2280	chrome.exe	87
PID 2280 wrote to memory of 2532	2280	chrome.exe	87
PID 2280 wrote to memory of 2532	2280	chrome.exe	87
PID 2280 wrote to memory of 4752	2280	chrome.exe	88
PID 2280 wrote to memory of 4752	2280	chrome.exe	88
PID 2280 wrote to memory of 1464	2280	chrome.exe	89
PID 2280 wrote to memory of 1464	2280	chrome.exe	89
PID 2280 wrote to memory of 1464	2280	chrome.exe	89
PID 2280 wrote to memory of 1464	2280	chrome.exe	89
PID 2280 wrote to memory of 1464	2280	chrome.exe	89
PID 2280 wrote to memory of 1464	2280	chrome.exe	89
PID 2280 wrote to memory of 1464	2280	chrome.exe	89
PID 2280 wrote to memory of 1464	2280	chrome.exe	89
PID 2280 wrote to memory of 1464	2280	chrome.exe	89
PID 2280 wrote to memory of 1464	2280	chrome.exe	89
PID 2280 wrote to memory of 1464	2280	chrome.exe	89
PID 2280 wrote to memory of 1464	2280	chrome.exe	89
PID 2280 wrote to memory of 1464	2280	chrome.exe	89
PID 2280 wrote to memory of 1464	2280	chrome.exe	89
PID 2280 wrote to memory of 1464	2280	chrome.exe	89
PID 2280 wrote to memory of 1464	2280	chrome.exe	89
PID 2280 wrote to memory of 1464	2280	chrome.exe	89
PID 2280 wrote to memory of 1464	2280	chrome.exe	89
PID 2280 wrote to memory of 1464	2280	chrome.exe	89
PID 2280 wrote to memory of 1464	2280	chrome.exe	89
PID 2280 wrote to memory of 1464	2280	chrome.exe	89
PID 2280 wrote to memory of 1464	2280	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://goo.su/5WBEji
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9dcaa9758,0x7ff9dcaa9768,0x7ff9dcaa9778
  2⤵
  PID:1620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1884,i,18080106111871486642,2365723556977783314,131072 /prefetch:2
  2⤵
  PID:2532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1884,i,18080106111871486642,2365723556977783314,131072 /prefetch:8
  2⤵
  PID:4752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2208 --field-trial-handle=1884,i,18080106111871486642,2365723556977783314,131072 /prefetch:8
  2⤵
  PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2876 --field-trial-handle=1884,i,18080106111871486642,2365723556977783314,131072 /prefetch:1
  2⤵
  PID:836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2884 --field-trial-handle=1884,i,18080106111871486642,2365723556977783314,131072 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=5292 --field-trial-handle=1884,i,18080106111871486642,2365723556977783314,131072 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5540 --field-trial-handle=1884,i,18080106111871486642,2365723556977783314,131072 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 --field-trial-handle=1884,i,18080106111871486642,2365723556977783314,131072 /prefetch:8
  2⤵
  PID:2312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5848 --field-trial-handle=1884,i,18080106111871486642,2365723556977783314,131072 /prefetch:8
  2⤵
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5828 --field-trial-handle=1884,i,18080106111871486642,2365723556977783314,131072 /prefetch:1
  2⤵
  PID:4056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3736 --field-trial-handle=1884,i,18080106111871486642,2365723556977783314,131072 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3860 --field-trial-handle=1884,i,18080106111871486642,2365723556977783314,131072 /prefetch:1
  2⤵
  PID:4188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6112 --field-trial-handle=1884,i,18080106111871486642,2365723556977783314,131072 /prefetch:8
  2⤵
  PID:4420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5848 --field-trial-handle=1884,i,18080106111871486642,2365723556977783314,131072 /prefetch:1
  2⤵
  PID:3840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5176 --field-trial-handle=1884,i,18080106111871486642,2365723556977783314,131072 /prefetch:1
  2⤵
  PID:1176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6304 --field-trial-handle=1884,i,18080106111871486642,2365723556977783314,131072 /prefetch:1
  2⤵
  PID:3860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2964 --field-trial-handle=1884,i,18080106111871486642,2365723556977783314,131072 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5032 --field-trial-handle=1884,i,18080106111871486642,2365723556977783314,131072 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3328 --field-trial-handle=1884,i,18080106111871486642,2365723556977783314,131072 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6116 --field-trial-handle=1884,i,18080106111871486642,2365723556977783314,131072 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=1700 --field-trial-handle=1884,i,18080106111871486642,2365723556977783314,131072 /prefetch:1
  2⤵
  PID:3076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6940 --field-trial-handle=1884,i,18080106111871486642,2365723556977783314,131072 /prefetch:1
  2⤵
  PID:2884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7136 --field-trial-handle=1884,i,18080106111871486642,2365723556977783314,131072 /prefetch:8
  2⤵
  PID:5296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=7292 --field-trial-handle=1884,i,18080106111871486642,2365723556977783314,131072 /prefetch:1
  2⤵
  PID:5408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 --field-trial-handle=1884,i,18080106111871486642,2365723556977783314,131072 /prefetch:8
  2⤵
  PID:5852
- C:\Program Files\7-Zip\7zFM.exe
  "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\ZelenkaBannedBoys.rar"
  2⤵
  PID:5944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7280 --field-trial-handle=1884,i,18080106111871486642,2365723556977783314,131072 /prefetch:8
  2⤵
  PID:5952

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:368

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4ec 0x2ec
1⤵
PID:5340

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4636

C:\Users\Admin\Desktop\ZelenkaBannedBoys\Мануал 2\ОСНОВА 2.exe
"C:\Users\Admin\Desktop\ZelenkaBannedBoys\Мануал 2\ОСНОВА 2.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1584
- C:\Windows\system32\cmd.exe
  "C:\Windows\system32\cmd" /c "C:\Users\Admin\AppData\Local\Temp\C59D.tmp\C59E.tmp\C59F.bat "C:\Users\Admin\Desktop\ZelenkaBannedBoys\Мануал 2\ОСНОВА 2.exe""
  2⤵
  PID:5884
- - C:\Users\Admin\AppData\Local\Temp\C59D.tmp\C59E.tmp\extd.exe
    C:\Users\Admin\AppData\Local\Temp\C59D.tmp\C59E.tmp\extd.exe "/getconsoletitle" "" "" "" "" "" "" "" ""
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5988
- - C:\Users\Admin\AppData\Local\Temp\C59D.tmp\C59E.tmp\extd.exe
    C:\Users\Admin\AppData\Local\Temp\C59D.tmp\C59E.tmp\extd.exe "/resizewindow" "C:\Users\Admin\Desktop\ZelenkaBannedBoys\?????? 2\?????? 2.exe" "0" "0" "1129" "520" "" "" ""
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5856
- - C:\Users\Admin\AppData\Local\Temp\C59D.tmp\C59E.tmp\extd.exe
    C:\Users\Admin\AppData\Local\Temp\C59D.tmp\C59E.tmp\extd.exe "/center" "" "" "" "" "" "" "" ""
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:6088
- - C:\Users\Admin\AppData\Roaming\dump\load.exe
    "load.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2600
  - - C:\Windows\system32\cmd.exe
      "C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\C7A0.tmp\C7A1.tmp\C7A2.bat C:\Users\Admin\AppData\Roaming\dump\load.exe"
      4⤵
      PID:1880
    - - C:\Users\Admin\AppData\Roaming\dump\tool.exe
        
        tool.exe /SM "System manufacturer"
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2252
    - - C:\Users\Admin\AppData\Roaming\dump\tool.exe
        
        tool.exe /SP "System Product Name"
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5972
    - - C:\Users\Admin\AppData\Roaming\dump\tool.exe
        
        tool.exe /SV "System Version"
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:6016
    - - C:\Users\Admin\AppData\Roaming\dump\tool.exe
        
        tool.exe /SS "System Serial Number"
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5952
    - - C:\Users\Admin\AppData\Roaming\dump\tool.exe
        
        tool.exe /SU "AUTO"
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5180
    - - C:\Users\Admin\AppData\Roaming\dump\tool.exe
        
        tool.exe /SK "SKU"
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5196
    - - C:\Users\Admin\AppData\Roaming\dump\tool.exe
        
        tool.exe /SF "To be filled by O.E.M."
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5232
    - - C:\Users\Admin\AppData\Roaming\dump\tool.exe
        
        tool.exe /BS 23752293655347
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5260
    - - C:\Users\Admin\AppData\Roaming\dump\tool.exe
        
        tool.exe /BT "Default string"
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5284
    - - C:\Users\Admin\AppData\Roaming\dump\tool.exe
        
        tool.exe /BLC "Default string"
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5388
    - - C:\Users\Admin\AppData\Roaming\dump\tool.exe
        
        tool.exe /CM "Default string"
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5440
    - - C:\Users\Admin\AppData\Roaming\dump\tool.exe
        
        tool.exe /CV "Default string"
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5464
    - - C:\Users\Admin\AppData\Roaming\dump\tool.exe
        
        tool.exe /CS "Default string"
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5532
    - - C:\Users\Admin\AppData\Roaming\dump\tool.exe
        
        tool.exe /CA "Default string"
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5552
    - - C:\Users\Admin\AppData\Roaming\dump\tool.exe
        
        tool.exe /CSK "Default string"
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3696
    - - C:\Users\Admin\AppData\Roaming\dump\tool.exe
        
        tool.exe /PSN 184722044318283
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5584
- - C:\Users\Admin\AppData\Roaming\dump\mac.exe
    "mac.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5608
  - - C:\Windows\system32\cmd.exe
      "C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\CADD.tmp\CADE.tmp\CADF.bat C:\Users\Admin\AppData\Roaming\dump\mac.exe"
      4⤵
      PID:4896
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c wmic nic where physicaladapter=true get deviceid | findstr [0-9]
        5⤵
        
        PID:6068
      - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic nic where physicaladapter=true get deviceid
        6⤵
        
        PID:5620
      - C:\Windows\system32\findstr.exe
        
        findstr [0-9]
        6⤵
        
        PID:2256
    - - C:\Windows\system32\reg.exe
        
        REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\01
        5⤵
        
        PID:4860
    - - C:\Windows\system32\reg.exe
        
        REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\001
        5⤵
        
        PID:2148
    - - C:\Windows\system32\reg.exe
        
        REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0001
        5⤵
        
        PID:1736
    - - C:\Windows\system32\reg.exe
        
        REG ADD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0001 /v NetworkAddress /t REG_SZ /d 5652FB9A6754 /f
        5⤵
        
        PID:2728
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c wmic nic where physicaladapter=true get deviceid | findstr [0-9]
        5⤵
        
        PID:984
      - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic nic where physicaladapter=true get deviceid
        6⤵
        
        PID:1188
      - C:\Windows\system32\findstr.exe
        
        findstr [0-9]
        6⤵
        
        PID:4320
    - - C:\Windows\system32\reg.exe
        
        REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\01
        5⤵
        
        PID:2848
    - - C:\Windows\system32\reg.exe
        
        REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\001
        5⤵
        
        PID:4036
    - - C:\Windows\system32\reg.exe
        
        REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0001
        5⤵
        
        PID:5736
    - - C:\Windows\system32\reg.exe
        
        REG ADD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0001 /v PnPCapabilities /t REG_DWORD /d 24 /f
        5⤵
        
        PID:1236
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "wmic nic where (netconnectionid like '%') get netconnectionid,netconnectionstatus /format:csv"
        5⤵
        
        PID:5748
      - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic nic where (netconnectionid like '%') get netconnectionid,netconnectionstatus /format:csv
        6⤵
        
        PID:4912
    - - C:\Windows\system32\netsh.exe
        
        netsh interface set interface name="Ethernet" disable
        5⤵
        
        PID:3248

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s Netman
1⤵
PID:3700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
bc16ebe41a9fc2938c4060992a92b0af

SHA1
1719af3e339b187d984a76437eb80cae5dc50e6f

SHA256
5874dbe9583546eb24cfb2b237d58f97ef186cd72866dd224df82e62817744ae

SHA512
c78d4be86a3f35ae07375b37fd39f869d317a6ec6699d7673731e6f9b255d7bcbfacf58ca71c3f51baac1e2b2bbee7da58603efa5bd51a31162c481aab7a912c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000033

Filesize
62KB

MD5
daa01cc5a9b8b3a7730d8c940015554c

SHA1
6d3091870737fffb408000a4664c8a6f088b5cf7

SHA256
60dfc7c4f1adc5282ff9d3a0bd9445b59874ce5e123226d3d6f5339d1b998a6d

SHA512
7de57bc1ef544432cd0cf5e27b87fd19af248d2adde11b9b0b7f1cd5e762fe8ab08954344027b7fe32a62c142ba8411e3db42df87ed47a009437aaa511d6246e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003b

Filesize
905KB

MD5
fade3cb812d3f4dcad84349e569704ea

SHA1
cd6fa305d795f624eac2dbcc1e0a1ba92a66ce36

SHA256
bf2bdcc51ef9683b392e1441951d2d8ab4818bc1f105feb99cbe066b9e145f10

SHA512
2420946288d39e429e7ed4327373f78c6c54d83aa2cae6dd3ab1b163ae5eb5cafb3ca9738972c5d1ea5368046b4fe9d5a6875c530c464b32cb7a46fe7e7cc0eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
c00087c89411d46c41710c3c05717754

SHA1
df27e38c56b08d227aa21d84347b57834ac249ff

SHA256
66d76ac595b95beeb1c781ff2809978cbdeee9cbc291afa6b289b15c99b05f50

SHA512
da8f52d29d5e925a58d8d6c9be7db6c593daf12acf7ffb778301453b83aca49c53fe3ad844216e8593fa7b1e2a5b21ffd3f45e7f597cadfb783bc125cf7d2c2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
13KB

MD5
4d6583532da379388b53be1c46f6d841

SHA1
ca75b71de4bb0339af9726fc22902fba9073a8e8

SHA256
5fe4e97915a242f46e1032a3a3097df322b1f610d2f5e04b772ab724ae76ad1f

SHA512
42c42db169bdd9bb7834e42d2bd653ff338f77bdaedb4f9708a53fa9eb5dd6d7b2ca1fcbcb3e70bd4940b0e78d71ec3ce114aacf47e566b782424df51cf3d277

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
d2e758e1a505cb2a7eef682babb81ec2

SHA1
7fb4f531b16774328eee995edbe536c591bc4384

SHA256
c452d5eebf371634de91fd51afbc4df589a5dab4ae7e18e4c3fd5b4e058268bb

SHA512
b5f6b179402a79455392267062a4013c5446ce16c58bbf7406082f64c8147c9981722163d764396a589092c49cdd3d3e1a2162e2a0b44e9d3732af0aa946adb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
265d147d653b9f2d63cd2b88af2ce2e5

SHA1
7973224916bdab4a0cf461854035e45ea1647dc3

SHA256
30b1939a1993680bc31be29bd589cdedf7cc2387593ddb1d9a7b51e4d7528b15

SHA512
f3a392cd30607ddb5025822c630502a1c491fbdbddc2cd32d1431f27bdb63a21dd274b88729813652f0e643603bbe617b54faaa3ee74a27a42ec8b4d65875a77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
6f6d79fbd62a41d2a4fd77c6e0f4737e

SHA1
289ee85075966661e91fedbdcb335439a73c31ea

SHA256
c76b4ddd9c79a62edb321ce835c17af63bf181b92ced79d1a6a5ead9d62f1589

SHA512
9278ddd021c422ee75c4c96666545a300f4c82d83d134440d8f77f108be815715d2a28ac3ca9142f1adce34c0ff1a1e760e439929c702998f662565ec55d025b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
14b5a121cda50d0759b474435a9aaca8

SHA1
b414d61e94fd95c21ee300c4e27565381a26b71c

SHA256
002f9c50452f5c481365ef1840bb190c8be2ab0c5bc431628fccc3fbef291e55

SHA512
2920c3e7576e2e411246ae97e9c5443d79f76341bf8f328d76e4f4b4485ab2fbddd94db5cfc48ec716b0a77cac75ff68f13c74bdb10200bdd30b1151f2097621

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
58c8232681c327fd1f4c1413c575becf

SHA1
64180fea8d02529e556c7f5150f6edfc1f435b9c

SHA256
c97d0050a5436b3209db22873eae004575c59a16d5fe6ca7a2cc8458f375be3d

SHA512
65d2f7aed49230149bc982275e81162a047bc45956211fcaeb94d1c4508f7c8ad2dfbf71ee46329d8b0be25af0313c0f5bbcce30567bc441d5c49e43247ca54a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
fbd2b99b00b3dfb3e67c151366f20d53

SHA1
a457c4a707d83bb5051fa36c4eebc4bc63ea6d7c

SHA256
87005213a3f64732fd82e549c9e24d38e79a140a61c0d5d1ea3036b682b7f7cb

SHA512
036baccc8e9efd75ec0d95c60242f1f64202dbf978974d4de60016d51856570aec2150631c3ee32b160b460205eaef3a9e2f09eae50bb0d229393d1f37c4b5a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c54528b63efb74976ae7466eba5bc63f

SHA1
635656771214c09753f5a21a4b6f61bfb2ce60ee

SHA256
dbbb125dd19b142d33d76b72e2d352cb9810b06dac9c145610bfb2b01e565f3c

SHA512
0d63bc832a083bda4072f53d07e328606703792c07db972302a72bbad0197654ec084a30bc6c771f7042a4a2ffd0751d73b99690f09c43f621a8af7e80541f77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
94c95cd88fe0f445492a48873313f326

SHA1
e371348ba90a65b0674f3ca91b204a92d583435e

SHA256
c76675600a0ec1e71056f8e0c9db48e99b15e7d843f38a65927308147fa71d3d

SHA512
cfdddf70d17c31ddef5efa1b01fe404dcc3b3e074d5bde492f73a4892b317d1d5b69b0d7b0d3b641d87caab6de3b1ee876841c593524a6a02a30ae49f4bd5679

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
5b46bfa361642cfbfb7bf2927c03afa2

SHA1
aa7aad5a21b4ba5e909468acd414cd1eb5103027

SHA256
cfc852bd864103277df2d059cdbc3004c6d5f68f987708009fa20ed1719a8fe4

SHA512
002ea4ef9094a859b5c333fdea1eda06800f77165ff060a510d8f07ade883168fd549e5f0a9395a0c09ae41086c4ef8cfd300d070efa874e227f80db1ba2cf2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
117KB

MD5
b8898fdca3bd35a112dd6b53b1a8d89b

SHA1
abc4804a16e86b137a19f7f9711af2bdd26a4273

SHA256
17ac059322fc24afed40062cd1bfa8ca0340e918defea0948424c44edaa086f1

SHA512
2b6ca0dc0562e1122062d342bf556ff64d38128e357353fd0f85a962874fab0e191b64e7987f1ecd9593d78ea116419c2684dc4be7ecc8b14b9dca6095484400

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
110KB

MD5
06fe9dd66e1078af188fe5d127d39475

SHA1
1740d9efa9301283151d6cf1e85f16930cdc4525

SHA256
8a0b3a96522fb4833bf5346dce69f7dbba51f97dd0761bb517e6f4c087843439

SHA512
3801e176f684099924da4e377c719df54dd2112241b0018ea7854064ab060a014b5f83f64f24ad97ea2586d1bb7c811e990e669181f7e3f49f4192c8fb78f2a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57d5fd.TMP

Filesize
104KB

MD5
ecdc72f18550adfac3b1a7aee8567aaf

SHA1
f2716d42231d8748bd69777a1b92a86787d41c5e

SHA256
31db2ac2e2c060e17c2e86cc63b8b72a6ad0f55d58544d286c52edb4d21d66f5

SHA512
2fbe68ab4dc2d32ab524e1f4f3c96c6d18f7a3dd22264bbedf46ccf94dd94164ca33ea2a43728c230f91e74e5411bb20346c830111c4d23153285ebb16ed1b86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\C59D.tmp\C59E.tmp\C59F.bat

Filesize
764B

MD5
f9d397a2b328828ae85858bb7c4e8123

SHA1
d547c9e5267d870c3928f352e5d5f27ff4fd9a34

SHA256
27642a2cfbb1b7d6fc5e88500de1dc7f9aca69f462a31fefae4e53705517f5a9

SHA512
e964035450a9372779a9116953891afbc9a1ef523f764aeb0ed0fcb460dfa12f51786e37b38fd83f492841746da0943973efbb0c3a88e4b41a002f93354b5c10

Download Submit
C:\Users\Admin\AppData\Local\Temp\C59D.tmp\C59E.tmp\extd.exe

Filesize
326KB

MD5
c14ce13ab09b4829f67a879d735a10a1

SHA1
537e1ce843f07ce629699ef5742c42ee2f06e9b6

SHA256
ef2699ba677fcdb8a3b70a711a59a5892d8439e108e3ac4d27a7f946c4d01a4a

SHA512
c1cf8eb4a5ca6539e5d2608c2085e7804ca77b7244aa7bfa7e1dde30cb88b9a4e6bb9e3d80304b7d8825355eab63d05e6425fa8267a9d20ac5f1998bed05fa38

Download Submit
C:\Users\Admin\AppData\Local\Temp\C7A0.tmp\C7A1.tmp\C7A2.bat

Filesize
545B

MD5
a8d805349e3718d67fb16fea2e860186

SHA1
394704bef9cf3580aae4ea83f7e698d38ccd5a53

SHA256
f5662df0ec4b20f0503ca6a1ffb0180f36e28127e00e565546360550585c76b6

SHA512
37546bd2430906c1bb7096f1d67ce0b9e71bd69e902a028f590df8637af9c57aa4b77a517f2670b8c8000177872251efb3782502b8cb8c5efe8cb2f89c6cba69

Download Submit
C:\Users\Admin\AppData\Local\Temp\CADD.tmp\CADE.tmp\CADF.bat

Filesize
2KB

MD5
520fc11aec0a3ad2f983d0feb45663ea

SHA1
04407e7e1a79276d0f553ae0a33233cbd3d7abd3

SHA256
c090406b49faa48c87c724cf3984873fd5f19f8df49f6e760c4f2cea36c82f8d

SHA512
aacf6d53d825f77a08ea9e427bd095b9d8c7d3f48f113dba9d73b4d06e7e4e4c849f4d0c887bc88971711934fc13457b802366be6bfd809cb88fd3fe43a9a82d

Download Submit
C:\Users\Admin\AppData\Roaming\dump\amifldrv64.sys

Filesize
18KB

MD5
785045f8b25cd2e937ddc6b09debe01a

SHA1
029c678674f482ababe8bbfdb93152392457109d

SHA256
37073e42ffa0322500f90cd7e3c8d02c4cdd695d31c77e81560abec20bfb68ba

SHA512
40bbeb41816146c7172aa3cf27dace538908b7955171968e1cddcd84403b2588e0d8437a3596c2714ccdf4476eefa3d4e61d90ea118982b729f50b03df1104a9

Download Submit
C:\Users\Admin\AppData\Roaming\dump\load.exe

Filesize
89KB

MD5
5700cabc6bf4e6aea2f3535fe34f14e2

SHA1
9b0bd296120b99060c88fb5f870f8da1e046d640

SHA256
18c0da701463f2f99e5b8c91d2aa6315b4538960fe883a6bfb519f623fc2696b

SHA512
8db7bcf3e6babbcd2d122d55b6eb17136392ce7951cfbec550b1e8ea2d08348ffdaea37666be0e9df3889867907180c3bfa95ffbe8a307a94b147cc397bead5b

Download Submit
C:\Users\Admin\AppData\Roaming\dump\mac.exe

Filesize
91KB

MD5
bbf53988addf18f5aa2da913415023f3

SHA1
ebcda9e77718046f948e0ba9c995a641d7273607

SHA256
0ac0e1b4b036533afaf256e2d7acbb5ce3ce74848f46aa9aa5aac1126571b7e3

SHA512
ee6ac0607301d29761e2b1c684163361c89070f575899e6ad8f70795051672232da174c8e8aa3a70c6ff0a0d50a30cf7815585da7378cb366623072eb88f2322

Download Submit
C:\Users\Admin\AppData\Roaming\dump\tool.exe

Filesize
453KB

MD5
b696823b80d01a67c1e25355fdaa8bab

SHA1
932d2cd264daa771e93b094de870feb4ec0e1d93

SHA256
4ef86ce5877adc7f861b79da511ca2cbc7b454d6acc33e4a3ccbf21092fe6d94

SHA512
7eadf67c666152002a8d168e6beea36f3f7a7b2c57c313461dea1ba8cb0590fe0d6f6c2c0b4cd147e3ff2429fb99de8e84f3a036c8c7dbf5012d1346e4aff65f

Download Submit
C:\Users\Admin\Desktop\ZelenkaBannedBoys\Мануал 2\ОСНОВА 2.exe

Filesize
1.1MB

MD5
baeda6764fed08565b33884ed46554e1

SHA1
233fb2ea212223c71814ceae3a824fd990368708

SHA256
740e3a0b38ab5ce8df57734ddff1f45737af248be8f431795c0244f1574bdc70

SHA512
91e1870eb4ee6018271fccf448d73951a099e2508e1523ac943227ee0dad8a95a01390b18aa786bcfe451fbd96f09845a4e188bbf189ec6eb913939400f95228

Download Submit
C:\Users\Admin\Downloads\ZelenkaBannedBoys.rar

Filesize
7.5MB

MD5
058aa472434397ff5e009d7df8fa584f

SHA1
5916fb8a25898edc900d2a7ec0c4121acb17d9a3

SHA256
ff560ce25404e1ac515cee26d1a4bee1484fc40ac89f34cc5ac9b61b328051b4

SHA512
4b5ac0dda9bb8174e00bd99834acc858766ce73213e39c7911a6c07a9310ca7d5eba2c510a4576c6a95accc84037fdfb58433c4342d9b2d41b36370a1739422d

Download Submit
memory/5856-569-0x0000000140000000-0x00000001400D8000-memory.dmp

Filesize
864KB

Download
memory/5856-568-0x0000000140000000-0x00000001400D8000-memory.dmp

Filesize
864KB

Download
memory/5856-568-0x0000000140000000-0x00000001400D8000-memory.dmp

Filesize
864KB

Download
memory/5856-569-0x0000000140000000-0x00000001400D8000-memory.dmp

Filesize
864KB

Download
memory/5988-563-0x0000000140000000-0x00000001400D8000-memory.dmp

Filesize
864KB

Download
memory/5988-562-0x0000000140000000-0x00000001400D8000-memory.dmp

Filesize
864KB

Download
memory/5988-562-0x0000000140000000-0x00000001400D8000-memory.dmp

Filesize
864KB

Download
memory/5988-563-0x0000000140000000-0x00000001400D8000-memory.dmp

Filesize
864KB

Download
memory/6088-572-0x0000000140000000-0x00000001400D8000-memory.dmp

Filesize
864KB

Download
memory/6088-571-0x0000000140000000-0x00000001400D8000-memory.dmp

Filesize
864KB

Download
memory/6088-571-0x0000000140000000-0x00000001400D8000-memory.dmp

Filesize
864KB

Download
memory/6088-572-0x0000000140000000-0x00000001400D8000-memory.dmp

Filesize
864KB

Download