hxxps://github[.]com/Netaa33/KRNL-Executor

Resubmissions

06/04/2024, 03:27

240406-dzvt3ahg7t 8

06/04/2024, 03:23

06/04/2024, 02:55

06/04/2024, 02:53

06/04/2024, 02:31

06/04/2024, 02:28

Analysis

max time kernel
282s
max time network
283s
platform
windows11-21h2_x64
resource
win11-20240214-en
resource tags

arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
submitted
06/04/2024, 02:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Netaa33/KRNL-Executor

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
2	camo.githubusercontent.com
17	camo.githubusercontent.com
18	camo.githubusercontent.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133568443303378792"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings	OpenWith.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Installer.zip:Zone.Identifier	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
3520	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2232	chrome.exe
2232	chrome.exe
3564	chrome.exe
3564	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe

Suspicious use of SendNotifyMessage 14 IoCs

pid	Process
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe

Suspicious use of SetWindowsHookEx 9 IoCs

pid	Process
1824	OpenWith.exe
1824	OpenWith.exe
1824	OpenWith.exe
1824	OpenWith.exe
1824	OpenWith.exe
1824	OpenWith.exe
1824	OpenWith.exe
1824	OpenWith.exe
1824	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 4420	2232	chrome.exe	78
PID 2232 wrote to memory of 4420	2232	chrome.exe	78
PID 2232 wrote to memory of 4576	2232	chrome.exe	80
PID 2232 wrote to memory of 4576	2232	chrome.exe	80
PID 2232 wrote to memory of 4576	2232	chrome.exe	80
PID 2232 wrote to memory of 4576	2232	chrome.exe	80
PID 2232 wrote to memory of 4576	2232	chrome.exe	80
PID 2232 wrote to memory of 4576	2232	chrome.exe	80
PID 2232 wrote to memory of 4576	2232	chrome.exe	80
PID 2232 wrote to memory of 4576	2232	chrome.exe	80
PID 2232 wrote to memory of 4576	2232	chrome.exe	80
PID 2232 wrote to memory of 4576	2232	chrome.exe	80
PID 2232 wrote to memory of 4576	2232	chrome.exe	80
PID 2232 wrote to memory of 4576	2232	chrome.exe	80
PID 2232 wrote to memory of 4576	2232	chrome.exe	80
PID 2232 wrote to memory of 4576	2232	chrome.exe	80
PID 2232 wrote to memory of 4576	2232	chrome.exe	80
PID 2232 wrote to memory of 4576	2232	chrome.exe	80
PID 2232 wrote to memory of 4576	2232	chrome.exe	80
PID 2232 wrote to memory of 4576	2232	chrome.exe	80
PID 2232 wrote to memory of 4576	2232	chrome.exe	80
PID 2232 wrote to memory of 4576	2232	chrome.exe	80
PID 2232 wrote to memory of 4576	2232	chrome.exe	80
PID 2232 wrote to memory of 4576	2232	chrome.exe	80
PID 2232 wrote to memory of 4576	2232	chrome.exe	80
PID 2232 wrote to memory of 4576	2232	chrome.exe	80
PID 2232 wrote to memory of 4576	2232	chrome.exe	80
PID 2232 wrote to memory of 4576	2232	chrome.exe	80
PID 2232 wrote to memory of 4576	2232	chrome.exe	80
PID 2232 wrote to memory of 4576	2232	chrome.exe	80
PID 2232 wrote to memory of 4576	2232	chrome.exe	80
PID 2232 wrote to memory of 4576	2232	chrome.exe	80
PID 2232 wrote to memory of 4576	2232	chrome.exe	80
PID 2232 wrote to memory of 4576	2232	chrome.exe	80
PID 2232 wrote to memory of 4576	2232	chrome.exe	80
PID 2232 wrote to memory of 4576	2232	chrome.exe	80
PID 2232 wrote to memory of 4576	2232	chrome.exe	80
PID 2232 wrote to memory of 4576	2232	chrome.exe	80
PID 2232 wrote to memory of 4576	2232	chrome.exe	80
PID 2232 wrote to memory of 4576	2232	chrome.exe	80
PID 2232 wrote to memory of 1740	2232	chrome.exe	81
PID 2232 wrote to memory of 1740	2232	chrome.exe	81
PID 2232 wrote to memory of 1636	2232	chrome.exe	82
PID 2232 wrote to memory of 1636	2232	chrome.exe	82
PID 2232 wrote to memory of 1636	2232	chrome.exe	82
PID 2232 wrote to memory of 1636	2232	chrome.exe	82
PID 2232 wrote to memory of 1636	2232	chrome.exe	82
PID 2232 wrote to memory of 1636	2232	chrome.exe	82
PID 2232 wrote to memory of 1636	2232	chrome.exe	82
PID 2232 wrote to memory of 1636	2232	chrome.exe	82
PID 2232 wrote to memory of 1636	2232	chrome.exe	82
PID 2232 wrote to memory of 1636	2232	chrome.exe	82
PID 2232 wrote to memory of 1636	2232	chrome.exe	82
PID 2232 wrote to memory of 1636	2232	chrome.exe	82
PID 2232 wrote to memory of 1636	2232	chrome.exe	82
PID 2232 wrote to memory of 1636	2232	chrome.exe	82
PID 2232 wrote to memory of 1636	2232	chrome.exe	82
PID 2232 wrote to memory of 1636	2232	chrome.exe	82
PID 2232 wrote to memory of 1636	2232	chrome.exe	82
PID 2232 wrote to memory of 1636	2232	chrome.exe	82
PID 2232 wrote to memory of 1636	2232	chrome.exe	82
PID 2232 wrote to memory of 1636	2232	chrome.exe	82
PID 2232 wrote to memory of 1636	2232	chrome.exe	82
PID 2232 wrote to memory of 1636	2232	chrome.exe	82

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Netaa33/KRNL-Executor
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffaa90f9758,0x7ffaa90f9768,0x7ffaa90f9778
  2⤵
  PID:4420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=312 --field-trial-handle=1828,i,4600920595347253255,4129884530412672970,131072 /prefetch:2
  2⤵
  PID:4576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1828,i,4600920595347253255,4129884530412672970,131072 /prefetch:8
  2⤵
  PID:1740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2168 --field-trial-handle=1828,i,4600920595347253255,4129884530412672970,131072 /prefetch:8
  2⤵
  PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3032 --field-trial-handle=1828,i,4600920595347253255,4129884530412672970,131072 /prefetch:1
  2⤵
  PID:4056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3040 --field-trial-handle=1828,i,4600920595347253255,4129884530412672970,131072 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 --field-trial-handle=1828,i,4600920595347253255,4129884530412672970,131072 /prefetch:8
  2⤵
  PID:2000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 --field-trial-handle=1828,i,4600920595347253255,4129884530412672970,131072 /prefetch:8
  2⤵
  PID:3124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 --field-trial-handle=1828,i,4600920595347253255,4129884530412672970,131072 /prefetch:8
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 --field-trial-handle=1828,i,4600920595347253255,4129884530412672970,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:4704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 --field-trial-handle=1828,i,4600920595347253255,4129884530412672970,131072 /prefetch:8
  2⤵
  PID:5108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3476 --field-trial-handle=1828,i,4600920595347253255,4129884530412672970,131072 /prefetch:1
  2⤵
  PID:3316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1756 --field-trial-handle=1828,i,4600920595347253255,4129884530412672970,131072 /prefetch:1
  2⤵
  PID:4088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5660 --field-trial-handle=1828,i,4600920595347253255,4129884530412672970,131072 /prefetch:8
  2⤵
  PID:276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5648 --field-trial-handle=1828,i,4600920595347253255,4129884530412672970,131072 /prefetch:8
  2⤵
  PID:4848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1516 --field-trial-handle=1828,i,4600920595347253255,4129884530412672970,131072 /prefetch:1
  2⤵
  PID:948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2276 --field-trial-handle=1828,i,4600920595347253255,4129884530412672970,131072 /prefetch:1
  2⤵
  PID:2508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6092 --field-trial-handle=1828,i,4600920595347253255,4129884530412672970,131072 /prefetch:1
  2⤵
  PID:3540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6072 --field-trial-handle=1828,i,4600920595347253255,4129884530412672970,131072 /prefetch:1
  2⤵
  PID:2704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5588 --field-trial-handle=1828,i,4600920595347253255,4129884530412672970,131072 /prefetch:1
  2⤵
  PID:72
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3172 --field-trial-handle=1828,i,4600920595347253255,4129884530412672970,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4532 --field-trial-handle=1828,i,4600920595347253255,4129884530412672970,131072 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5932 --field-trial-handle=1828,i,4600920595347253255,4129884530412672970,131072 /prefetch:1
  2⤵
  PID:2696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=2796 --field-trial-handle=1828,i,4600920595347253255,4129884530412672970,131072 /prefetch:1
  2⤵
  PID:1792

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2720

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2580

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1824

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Installer\config.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:3520

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Installer\Installer.bat" "
1⤵
PID:1828
- C:\Windows\system32\cacls.exe
  "C:\Windows\system32\cacls.exe" "C:\Windows\system32\config\system"
  2⤵
  PID:2416
- C:\Users\Admin\Downloads\Installer\compiler.exe
  compiler.exe config
  2⤵
  PID:2428

C:\Users\Admin\Downloads\Installer\compiler.exe
"C:\Users\Admin\Downloads\Installer\compiler.exe"
1⤵
PID:1876

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Installer\Installer.bat" "
1⤵
PID:1404
- C:\Windows\system32\cacls.exe
  "C:\Windows\system32\cacls.exe" "C:\Windows\system32\config\system"
  2⤵
  PID:1736
- C:\Users\Admin\Downloads\Installer\compiler.exe
  compiler.exe config
  2⤵
  PID:2988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\7c6afe28-34c4-4b78-a312-8d64768ff378.tmp

Filesize
8KB

MD5
8ea20e8e7955936dbf3ec98858df34ed

SHA1
c12b3bbf08a5267b465b8f116365dd0764c4fc41

SHA256
6fce92cee437e4705714e2c90b3392094f959d75951c940f4a750bf6778fe23e

SHA512
c1dfb4d54fb9a2b8fca1f894341cffffd2a9900945bb726e9e9077bc862f543e2f710b37a1301a87158db0212ecc92fe1cc5e6675c44c3341c16b80ea147466e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
24KB

MD5
87c2b09a983584b04a63f3ff44064d64

SHA1
8796d5ef1ad1196309ef582cecef3ab95db27043

SHA256
d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0

SHA512
df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
323KB

MD5
1df631f74a31512b20a46bccd4c388c5

SHA1
81cff9da38f3c8270f5c010b106ff8db7643d48d

SHA256
49368fc87f7973b2aae38440be8d67421cdcca3a9dbd79c80a73fddf8a41750a

SHA512
ee7728c1befab47c887c495cb72c2cd0f2edd43e6177ef9aa1fa17428eaf656c7651b96ecd3f6f78125b40aa38a9825008c31bbe52571d08e211b0bf37b231e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
67KB

MD5
520b71d5c5119b5f443a628ed0ef4a20

SHA1
d7a497675efb2a2322d8c74d81b368ecf9b803ae

SHA256
819b9183939febe99986e661207ea0d7c4f39bf0b33c6834ec374ac638ea2f76

SHA512
10e5b5ece9b4c306ddb578b76a827a011a51dc830bd03b8f0b80f9b86ba0ea396669b77dd52552f4eee5de7b7668ec85b2424cde11f1d040e9c940278db5ceae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
135KB

MD5
8f78ad8592efc392a9dd8b012f91b52e

SHA1
660cb0f8f2c81e2a398adc2574124485a0dd9ef0

SHA256
a16e8e3d07401e7c14187f8e9f9fdffc4ca32b91ed8cad5f452c287669073bc5

SHA512
d873bfd6223c2d7dc0774dd468fe6aee93e16b9ea7a2c17a7446fb2259f1a26c6b720f1aaa951d584868f8c7f902eebad2e9b9cab749bfbd11c925b56f3d0ca3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000038

Filesize
16KB

MD5
e6b16413d55b60e0fa06e9bed2936094

SHA1
a0a3296b922c2e1418ec4acffd647ffd5bbafc1a

SHA256
576c3266e9054ef1261852cdd3c1e020a0516160719a94075b44ec836c83ec5b

SHA512
bfb112419999c9d56153099ecde0e2a78274f383957dc1f111dc56e12093d4fb36abad1556a6b3279c0249e018f1542bcf30786eb4e01960b2359eece4d7e639

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
46bd0a2526c4a2499b8c9fec904dd567

SHA1
a11d0a79a869b2c9c944d28c1328378c165cae32

SHA256
b705484624c2291e183b7bb9a9242832eab82feee6c0893dd1c7e8a56677d42c

SHA512
d672a86e4fc579e57193655ef48c386f1aace874e5f0045eee88bc49c2ff5317411aea6f34aafc93e9bd4ac964dd46da3334b659d5f5b6549ef98ee5c3c6e835

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
8103c835a528da57cdf127ea36b181c0

SHA1
52d557bc3a9526a273ed9ca0ab21b05d30ed0f85

SHA256
4d54bbb2804daed61e2465b760befa3ea018d64dbc6182e5be02720f01d43277

SHA512
e75609b3f93893b15d2796cb1662fbddfa6890a66f81e992f74176328ccda52b97262c11829d0bcb1e47653ef0b4c1116954a12dae366d23a414b5cc144cbbd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
5e56466fc97125477fb3a2071e4f7165

SHA1
49614e86b09ca72f30bdc1687961a01b20bde4d3

SHA256
18e57aa36b1ac8c0192a15b73d156d9255630b0736c787935adabc2e2ddb818e

SHA512
aef4f903ddde84b0597779345ab7d9307997c805ac77982845cbbc8397ea330b8389814f0d5e289a3bc46c3dc655a6351fcd0be603ffffd748c25f0ea44824a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
550ef21bda462b1f4171f4a2974cc5c0

SHA1
223fb7a968093db811590e537e77d1a9c626dc6d

SHA256
32936419ff14ed3d7924ae4637266c443a2ef1de731f481b4a6e28296e908586

SHA512
052666ff4eafaf5b170fdc47fcbcd5ed751523128b730f6dc8a0ded522f0cb2544f3314a10cb93910574c282f67458d0c398a5543d5732bf0c28be2ed7f3f126

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
10c5f3626eddc1ef770e567835e9a18e

SHA1
89a1aff2951aad2ae91f881106bd5f4b1b034dcc

SHA256
7165e9c8a16c4845b1bb9c14176c122e5d2ba007d3ea888cf3ca2bdca9ffc1a4

SHA512
41b3cc5a6e3bc6fd054f5fbbf80c1e4172202d24cfa973cba2933f931e3adaaf22a22d8e6c6eef48e345c85aba52562295ab9e646c83c8338d3ae8fcc1a55de0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
7521b6a5bd4234b2ad2178930e8b2a8c

SHA1
ce386b1b0e879952d1480725281cb471811747f7

SHA256
38d035038ed2354eed45ec49b7cbf3d2c12971c5a110548fef64f6f3d710bac8

SHA512
1f85e045f0558be5f088964d97390fb219ecbfa0c88d9a457b19412a293f2645b26d004f961c19d4d5bbc25ccf991477646be2793d2dda887adce4a39a5b45e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
f03af9c662fa83f50ed7094a6f343f27

SHA1
8d7de71e1d0701a87cecea0ca1e0c732faea5727

SHA256
e769b98b39658cbab4f4b8eab724313d44527feaef7c23c95ff4b9e713ee47d1

SHA512
f2043bd89bc320e33832d7f68d96e5016f39bc01596639c1606d16015a7cedc2d6e828ab509343adef9aee7260f4c8aea5234ee66c8e94c22a84177cd08d0a95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
0255c3cf31c2f68aa0345a3b90ad36d8

SHA1
807b6c68aaec79885183ddad18838f1330389597

SHA256
d6f98ed8e7753e2d182561fc57a37e1092224ea952a14525be84b89235f3083c

SHA512
6b183ec2fe534b2a1f865b9f462d910dbd5fbfeb6b07de87372fc29c4f7c27cda513e3e1334077eba82404c7601fc8cfd941ffca46ddcf77e48125ef0737eef3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
a32e476432a1e5c96971c5f76b147096

SHA1
779db89d1094d7babb4dac85db9644be22f50f29

SHA256
cbeef283064afb986918adeae9f39b7143a67b6725db1d617ab674a43edf7e0e

SHA512
26fdec2b59882e01862c93908c8623e6036306478df526b1c7800a9cd98d276637c5af04040c2d4a388d91aaa404c9e79cc1ff53effdb0192a7d765f7aa993e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1168753b11bd570246115be9e951bc65

SHA1
aac63cf6329236d07631a77771b3a6bff78ba52e

SHA256
f04f2ae0efce5e6b12c343098c96f099bbfb439f724b97e772d29205598c2e55

SHA512
ef2e471024da59688c7fb91d89a71a9a34c54fdea77200811af18d0aab95778a7b933ef038220e8b7b1dd2d62d432e972044aeaad3833f54e21d675582d76bbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
77fe9d5fcb4b577ea051a53c66301716

SHA1
43ff18370bc486ccf1b8911ac596df687188cda6

SHA256
81c004c81bd485ed6a9ffca3311ea28f4a3596e6718b7ccc6e7b9ec906f47105

SHA512
4a7033dc7321745afc95b54ae47f0ed40e0aee1a32710f41989f67e9f8a7a4dd65336c47670ffd483aea2203552ad9ab99244a22b9ad4476b387c4c7a19e6831

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1975c48d1c7ea522abc9186a2f196349

SHA1
a5f890ccd536c88111d05200f352bf5f52aa0ab9

SHA256
c9e98d98affd0101e8424967c661525c63c4320dc6d7b09fe756ed8dce19e793

SHA512
c6c0e681b5c96ddba57492aff93d0c7f6df0a3ab80d7fa2a475e56dfa5d934d793b35bf8f1964d84d3cd204f6e7f0f6bd007e0884e520451383314c5cb374ee6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b5c575e2cfefe2194e8bb462c4130c1a

SHA1
079a986f011b79f8b13e901616f7e2d8ffb89b0e

SHA256
58073bd8ebb4570f5bc692b35c497b80b1ac95315063d476b942d836788d28fe

SHA512
4b639ff2348d06932d2091994a5f99813c5c77b7f7c63ba620dc114ba2ede9101de619f0b9edff739589d796278adc35092ace461f03c986a0e97b1703649661

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
6a8ddd9919c7cc9c1855ae07cf17d349

SHA1
a7dddf16150e97ca35fc476cad325a5c86b3c3e9

SHA256
e7c1828b61ed787a364055eb8d887fbc1749f27253e54ee7150320375a4afabc

SHA512
d936cf812dd7c99f7863ae26359fe7a3d554941c4a6ad5a87333a19141041e3e3e3790e72672ee009227b84c36d079765cf637a1daae263c57983c98f2c8c4bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
f3804c57fc568d508c722e65ce5d756c

SHA1
bcb237c6be9f622d3b0330236cbe4d2be7122dc3

SHA256
0566e9a1ce26fe10c5019f808282bb9a1837227cbd120a191e22f9726ec3884f

SHA512
2bc0fc68a031f74efce3882d0e423a70f43990208b6535ddf1ad5107f0171c65983159c2236085e57dc21b32be465a817f465e8f518b5a760eac4f8be46ac136

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
4b9e359d3d07f08398c8b5842aaa6eec

SHA1
67df8fbbfda2c3fe0b1963a7b9ae47cf5fb091df

SHA256
f51fddb61961d951dd3dddf1dfef06d816089dac8ff6ea8d57936b0e27c2bc6e

SHA512
7fb315cc21daa3b9d2389dc356f96233fbe5ef84d14762a73990774a395ddb276d1e0c8a58e0cca12e1181936172412102f310dc721a545c3235181d58ed9cc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8adee65ad677d99c5f7c8fa933af8e3b

SHA1
d7e64a04406a33875c30b6d9a1157f5e9cf05cd1

SHA256
ac904dc8e0c1d52d81779d3514c480fdb2e2321280385ec34d19239f1950ff25

SHA512
56e0f5f5bdf05a6c10f020d217334d96fcc753800abf55ef3119c9c70a318563e5a5666cf982bdeb9dee1a32f7749d5551997d7b0d1eb29b896f483f597b8997

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c4cf841a803a92b6ede12bd248027432

SHA1
0ecfcc61111225e7c9890c4368cf140fbdffb3e8

SHA256
963a32584c1e3d77cc9c6968e376dc629b3b9bd0fe754141f85fba5384cba72b

SHA512
eabba9ea64d3fcf6c457ce5cb0404256f0d20cbf492b3807dca8b16b1087cad780743bb011ca4f213e17c0513a0b68ca58d939eba74bc77a6a1815647e11d77f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
b3a5bbb994834e6aaee119720094ea6e

SHA1
7841277fc5ad3b5b848c239d2268ce62650ccaf2

SHA256
3754fa7f337a6342a409e1a9e574e1f97ee0409e1603065ef25f4e5eef5160ca

SHA512
943e7984b0c2ba26e5673048a3a5c7ab97c6a90e53bc3697cf9ac0c8710d1c8f5da1a326c6c3252feb015907f25f493d465b10048a7f7aca6eb647144a488cc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5916ba.TMP

Filesize
120B

MD5
05dbe706d71e3ac70245df85436e294f

SHA1
e239baa973c97035e1915812e0b87924e172869a

SHA256
4ee3fafa83a108fdb9528ad3f5298fb52143151b5669151a9709bab7c19252a6

SHA512
e394e155b7c3b6f98ce754b55411a14ce5835daf05ee6a19cdf64a64e3ed8931919dc2abe2d5993c60ee902b12b6387d9ed046531734a884ddf51fc3a43635fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
e7cce1053d4f7c3779074e42ac2da589

SHA1
8519c220ff744b2e0ba8ccc6fceb5d866a159a1a

SHA256
3d9f2cb9d32c9d0d824c91350bfde6f3751dbc3e58dfd599d4d8e4f30e3f44a9

SHA512
c8a21a64beac9c57605052f31dd714197c68eff27824d069944c9ae17ac17a389c00e557d2f17d6a34c902def8a2c96b1ac5cfadddb8a0243a8edb37c049f6fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
9f98c9d557dd08f2f2628fe8856365d8

SHA1
16119718de79f06f5802d9eaa978d852abdc340b

SHA256
e4f05102a49044fcd4dab292016ea7e892abf2c63dce798522f46ca61a22d211

SHA512
09eeda1f89738a77cfaa2b6b2c089c9454bc1265e0eeeee063ae99113a98b81d6c0c9cb9a4a218ec7c1daa33ec95b736aee076f4c468d9e5335f19da95c78ee9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
44be906a7707034e9419e1476701bd3d

SHA1
323f1813deaf4d379cdcf1463e5f8d9f81f93e1b

SHA256
843f94c5cede77279d6bfc11a2583a86634083d7862bb15f43456688d13760cb

SHA512
ccceb1fbc69e3cb19120a9974d3c55a3641d606581bef237a5c9af8bbc86a32eeca494c8de9f2efe6f7d02e04623f850fcf6a7ae4263ecdd50ca5bce413ef198

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
68251a7eb1494662b4df2793069eb4d5

SHA1
372b1e1ca91f292048d4189b14598ab2dcf99487

SHA256
a92888b5d06a17aaffff4897c33a57ffa2016ee8180130c00b4f9ea4f7bc393e

SHA512
f7c4e23852b0787552222e982e8da3e5c248c449a67f82071fb7e4361aff57139c98b8447c67913caea5139693fd3e019fb372740004214e9023ae90c9f969fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57ec92.TMP

Filesize
93KB

MD5
87d7989eda6380e5223c19d00e543a14

SHA1
509f6ba38a20378ee641c9a79bcefa6dcb3d6286

SHA256
5e43dffbc3ab1329f08f16dbbba5cc28f6ac8c02921941dd8bad8ee7440c029c

SHA512
59c9a75fca6bc38f0668d0b01047686a9dad927279e783d2b6779e7a1219aa6837b750dbe91a70eb0d4d30f76c1a3bac41368901642d62ccbad780a3c9873ad9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\Installer.zip:Zone.Identifier

Filesize
624B

MD5
be82f0380957aa35bfd24df71ca8f95f

SHA1
819ad810d599a08bd5626123bbfa576f05bf342b

SHA256
a0ca2154c715ebd8f3da31ede31aabb55fc16e162b290aa123cbd4a2b72b60fb

SHA512
1a4ab5188b31dedbfcade74ce7e23ddf18db099b57177169a8c9e069b3371b1b1532992875bbd104cdbc921c913b6b1ad037dbb24b779cc3cf436ecef541aaa0

Download Submit
C:\Users\Admin\Downloads\Installer\config.txt

Filesize
188KB

MD5
1f1279dad6d8cf0f40129c9853f96182

SHA1
7ce9e5a1d07a3c7f99f2cb022bfcd225e388f37e

SHA256
70ac2222ce84ed684c8b4db6cee6b9ae70a900c095b5c39442b8489e938d3ab8

SHA512
7f9f32647ab43ab500281364fbe3acc228b5f1b4cb04b6a90e0749d437fcd804925916ef40c897df87530be8e3baa3c73bd53b9440ee0e1ee58712ff6aa2d1bf

Download Submit