Analysis Overview
SHA256
429cd5a05d36ca2339d2868a35154b5c5d402906ef0110cce91e9feb064a484f
Threat Level: Known bad
The file da.exe was found to be: Known bad.
Malicious Activity Summary
Async RAT payload
Asyncrat family
AsyncRat
Legitimate hosting services abused for malware hosting/C2
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Modifies registry class
Enumerates system info in registry
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies data under HKEY_USERS
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-16 21:33
Signatures
Async RAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Asyncrat family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-16 21:33
Reported
2024-04-16 21:36
Platform
win7-20240220-en
Max time kernel
117s
Max time network
118s
Command Line
Signatures
AsyncRat
Suspicious use of AdjustPrivilegeToken
Processes
C:\Users\Admin\AppData\Local\Temp\da.exe
"C:\Users\Admin\AppData\Local\Temp\da.exe"
Network
Files
memory/1684-3-0x000000001B080000-0x000000001B100000-memory.dmp
memory/1684-2-0x000007FEF5FA0000-0x000007FEF698C000-memory.dmp
memory/1684-0-0x0000000001260000-0x0000000001278000-memory.dmp
memory/1684-4-0x000007FEF5FA0000-0x000007FEF698C000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-16 21:33
Reported
2024-04-16 21:36
Platform
win10v2004-20240412-en
Max time kernel
150s
Max time network
156s
Command Line
Signatures
AsyncRat
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133577769152085776" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1826666146-2574340311-1877551059-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\da.exe
"C:\Users\Admin\AppData\Local\Temp\da.exe"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0x104,0x128,0x7ff8857aab58,0x7ff8857aab68,0x7ff8857aab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 --field-trial-handle=1700,i,685148326461182424,17017574187152532492,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1700,i,685148326461182424,17017574187152532492,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2304 --field-trial-handle=1700,i,685148326461182424,17017574187152532492,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2992 --field-trial-handle=1700,i,685148326461182424,17017574187152532492,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3000 --field-trial-handle=1700,i,685148326461182424,17017574187152532492,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4420 --field-trial-handle=1700,i,685148326461182424,17017574187152532492,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4128 --field-trial-handle=1700,i,685148326461182424,17017574187152532492,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4164 --field-trial-handle=1700,i,685148326461182424,17017574187152532492,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4784 --field-trial-handle=1700,i,685148326461182424,17017574187152532492,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4952 --field-trial-handle=1700,i,685148326461182424,17017574187152532492,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3640 --field-trial-handle=1700,i,685148326461182424,17017574187152532492,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4960 --field-trial-handle=1700,i,685148326461182424,17017574187152532492,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4328 --field-trial-handle=1700,i,685148326461182424,17017574187152532492,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3488 --field-trial-handle=1700,i,685148326461182424,17017574187152532492,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3060 --field-trial-handle=1700,i,685148326461182424,17017574187152532492,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 --field-trial-handle=1700,i,685148326461182424,17017574187152532492,131072 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 4.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 172.217.16.238:443 | clients2.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.180.22:443 | i.ytimg.com | tcp |
| GB | 142.250.180.22:443 | i.ytimg.com | tcp |
| GB | 142.250.180.22:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 172.217.169.74:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 22.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 216.58.213.14:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.200.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.180.22:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | 74.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| GB | 142.250.200.14:443 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.179.230:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 142.250.200.42:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.200.42:443 | jnn-pa.googleapis.com | udp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 98.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| GB | 142.250.180.3:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| GB | 172.217.169.74:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 22.114.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.114.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 192.178.49.163:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 18.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.49.178.192.in-addr.arpa | udp |
| US | 192.178.49.163:443 | beacons.gcp.gvt2.com | udp |
Files
memory/212-0-0x00000000006D0000-0x00000000006E8000-memory.dmp
memory/212-2-0x00007FF87BCE0000-0x00007FF87C7A1000-memory.dmp
memory/212-3-0x000000001B520000-0x000000001B530000-memory.dmp
memory/212-4-0x00007FF87BCE0000-0x00007FF87C7A1000-memory.dmp
\??\pipe\crashpad_3772_AVIOMLHFGSPVHEXW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 4d0eebb5f1990ba77aec566b2ec61bd5 |
| SHA1 | 5947ec0dfd772727b4d3bc633561c9b828351e6f |
| SHA256 | 8bd11ddadeb19ecd5ab080566e18ec6b8098af7d26b555bd1ca2c1b15971f625 |
| SHA512 | 2946ff82578894e641780ff95d0c4f29bdecd72c51c6a6791981167780a5a801a23df28dad3e1b5d5178d98e62a2b5afb50f0131bf4b38ab0e0289118ef5d540 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 71f43b9995dc556f040c03becfc4cfe0 |
| SHA1 | e91786141342f7d375bcf6db5bffb9c055dd5f8e |
| SHA256 | dc5ada1f749dadcd5d23159352341880c745af0054018bdf162dfa1e4944b5d8 |
| SHA512 | bafbc36cf0ccb390adf9a28661c357b26cddac697e499f86287577b9d6c88a81052b06b71f276d410830de7fd0276278691d39692a230ceb46035e618397e041 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c160463ca2297c2f82102e4cf7000d27 |
| SHA1 | 676da9774a42697b25938097404fa01a4e1b6989 |
| SHA256 | 0e103ae641f94e781a52b67bc3f434986677e52206de746305e4c1fb6021947b |
| SHA512 | dce2845c2b7fe0641ba2a4b15eb74b83d601595749a7892daf931fe178772c1ead564d1ead20340b1b473f2d78e91e1bf08e6f4ac4ec84769d0b70edf05bd3c4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | cfb743665f1317f1520838d7e5cfc4dc |
| SHA1 | 1cb5d71fec376e04718df50f5a98f693c9d56c8d |
| SHA256 | 50964b15f78a30e689d567d94f0bc49d1b3f67c39a08b440b0f82433e5904dcb |
| SHA512 | 8147aaa8e7af284a572006b1c8281abde2e9fa1d15a8fcf754cc322ed8d841339ae0c10e3691a925a12b8450ee55f1f9bd9e8db4a84cb91ca34d58a57532c359 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58b5de.TMP
| MD5 | e5a414dfb58ad487222303e097b6bb6d |
| SHA1 | 73f977d7e9e7c312e82e47001098b39fd7363064 |
| SHA256 | ce64b9378c327134ef118a49e6892f020af9d238850d4985988188977c8fadf9 |
| SHA512 | 0c487229826f1d8bb1b87df769f468acbd464c4bef27de683926830ce4317a61f08385da3f677f0e5e656ad3a84d00586e1219ad6a9613e0ce44925f3a4b7367 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | ae1bccd6831ebfe5ad03b482ee266e4f |
| SHA1 | 01f4179f48f1af383b275d7ee338dd160b6f558a |
| SHA256 | 1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649 |
| SHA512 | baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 490bb378a9ccfa33ff8bb7a412718e5d |
| SHA1 | b1a27066e6fcde084334b05e25d30e12dddc25fd |
| SHA256 | 7106f0423f5ba47aa6cdbcb7121680d500846f3b5074e75e36a1fdc871a22617 |
| SHA512 | da0ca763bae95459b0c084dce30e043e56bf901c872fb15068782f95f09df4a95a751acf3745cf001418bc08a1e6fd057667a09edf5bfd22812a45f51943f31e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2e18be2f5bbd95b1d1ed21cb5a92c57a |
| SHA1 | 12df6f03c2f260ec6ed83990e78f2bca36ed84e9 |
| SHA256 | 598932a1cbd513005c0f4094465df90aa87a82c570e5a8043f7a8e0846a06a4e |
| SHA512 | 939e6c87e01e2f5a7f88e22682d120b4064f966accd5f7171afca177d262a7f796329d96a6d9c0ac1d371b729c9c76d87935997196f9e0be7df90e9e05795e0c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 82fb0fb23acf757c8c86897dd737520a |
| SHA1 | 249f3261d4a4239db0dde3db67da26d132dd82d0 |
| SHA256 | 2cf46155a12c7715f57061257b278758ae5eb21c780eaebcb0288c55b7f93dd5 |
| SHA512 | 51a07a8958caa9e9b21c307e825603311af245cdef5b920fd5224c00b1e609bf8a6186f2b55a225b7276e5d6fd2231a0ceafab1004d353ebe7ddf738b0ce1ebc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 0fc2ab5e026737163dc2913d39edc630 |
| SHA1 | b28340d2a0832a75b9d1ddd79e34e57ffcb7c721 |
| SHA256 | 52b9a23d0b7d2dbfeb6cafdaab11b87fb95dcce2e7090c52548fe2c9cf9f8dc9 |
| SHA512 | 2225260db3a6d703832ae1eb95e2de4868d48898e17db683f84a31885b1898af3fe26ff7c88a4c005b57e0043110292360c39b2063ac4ba581c2957db6c26d7e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\a61b6b94-da13-490a-8bb7-f1a66956a5e6.tmp
| MD5 | 4a1b28c7099cf801b368530e2579c190 |
| SHA1 | 4b093ee7304a47208325c68644ed88a74f19125d |
| SHA256 | 834db4fc016530fbae27f02d2536feb16e240eb8d1579ea0e69446dbd159d461 |
| SHA512 | 698e4ace25aa2055f66a5a5e5aa525869cfa5e6e014c7b8184e41cb910ea8919af78011f048e9add2e5ad77a6e4f6645ef22fa222a4be81523fa686bd8d71a31 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 52a58bf3ac35d6a5f5355e7ae02ae2e5 |
| SHA1 | 3e413ce2e79b91087b4a728e27d945dcc74fc136 |
| SHA256 | 2e079405efa1aa6f359b67c8a3a7a647d79170b2da746372002506d756769fe4 |
| SHA512 | 660627b10d9af893ee9417bf1d577b1adcf5008b8710087a35acc4040a6b809bbbebb144b1cd683bb48f10f9bf3aa70e6ac6b85e278f662314ffd9487f3d2dc8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6ac488d29a52c048149b2868c2185160 |
| SHA1 | b33b01749230c6bcc1697c0ddee7e4d7654f4578 |
| SHA256 | 3cb3c4a93b35c7f2cb43861d6d87a103fc2cf9448b0409376a80376d3b1bfaab |
| SHA512 | e2fac5dc8b3f61c3d78066c31ea355d0bf9cabb5b8acbc058521d0bbfcabeb6116aa77a13fff6730191d4430ee10ff922127ac26915511509d17cf9d6e7f734c |
C:\Users\Admin\Downloads\Ransomware.WannaCry.zip
| MD5 | efe76bf09daba2c594d2bc173d9b5cf0 |
| SHA1 | ba5de52939cb809eae10fdbb7fac47095a9599a7 |
| SHA256 | 707a9f323556179571bc832e34fa592066b1d5f2cac4a7426fe163597e3e618a |
| SHA512 | 4a1df71925cf2eb49c38f07c6a95bea17752b025f0114c6fd81bc0841c1d1f2965b5dda1469e454b9e8207c2e0dfd3df0959e57166620ccff86eeeb5cf855029 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5827fa4489be87f9c4179b773e648c9e |
| SHA1 | 65ca4656dfe473a578c9c87bb917212b50b73941 |
| SHA256 | aa416c62e3fa64be59718c8a9d8038288abf654ea721116067a1f48ec5d40471 |
| SHA512 | 2164cdc93cc5e11c3b07f58299ba4992fb5891e8c63df05fdc06d1e69e295429abff1b986e0844e33e0e2768aff1c6e0a6593302110f4cabcebf9324d47a8f8e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2107311f0230afd23584c40ac25d3945 |
| SHA1 | f1da6bcbd0d17ca77e113b460c7c7cc4d4f0b47d |
| SHA256 | 37bb7404b4b54753c3022bfd577cda9314975957ed9ca748d43b93cd9dfe412e |
| SHA512 | fe704a223365b4e36265483dd0b07ed956034f178d61f2f40e2764e897e7f3be5d5bebe0373dd96830e993e0f8a09fdafebff51964664091c931ac0cbdef0bd7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 752f7c8b49740310a8fda3d085243ea2 |
| SHA1 | 26fdc51157c6b6f614c673741510adcf64e45aab |
| SHA256 | 8ab7afa825b31907811a95e8d4fd760e01f2bc451aed113598290081be8cbf38 |
| SHA512 | 08c4e71d1812c80938bbcd823698a84cbe0c7e84af0a35459ccc21da72dec12b32d867f6fbf3f5a4b54a4a59bf11c990679041f21e8f209c12837fa19ad1a270 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59912a.TMP
| MD5 | 7581aeb3935731ef761fedf7081aed58 |
| SHA1 | b2e3c0d4f49b6abea6c327ca8c785debcd0a13fb |
| SHA256 | 4d6ab2316de730b4d946845215e8b3b8eda33107d4f6d511fb74b60b947e203c |
| SHA512 | a2a039c6a6b0d39a57b862be203ab33c7801eac5727bc8812aff18a1a0bc7d2c3711ce5b4e386aa922ffc7362fc1d30e58105d82c237aad3171c2b6ecf7ccbed |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 23f7d12ddf941e816d13bea1642d1cff |
| SHA1 | 672f4bfa0cf85225b9604a76896cf8274cdbbc40 |
| SHA256 | c589ce499c68b7639e35f6203f4d9a93c8458d26969f52fa45eecbb4138c857c |
| SHA512 | c65b365afc5d0b04678bd980e98daf34f4159789a612adde9f88d6290879f8d063eeda2fdfce44a425d7e7395ed46066db365d88ba6178c9103ae8d3ed3b523e |