hxxps://github[.]com/ChildrenOfYahweh/Powershell-Token-Grabber/releases/tag/AutoBuild

Analysis

max time kernel
779s
max time network
782s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
20/04/2024, 14:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/ChildrenOfYahweh/Powershell-Token-Grabber/releases/tag/AutoBuild

Score

8^/10

spyware stealer

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 3 IoCs

pid	Process
4780	grabber.exe
3176	grabber.exe
1900	grabber.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
79	camo.githubusercontent.com
86	raw.githubusercontent.com

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Kills process with taskkill 31 IoCs

evasion

pid	Process
4320	taskkill.exe
4676	taskkill.exe
2696	taskkill.exe
2640	taskkill.exe
4240	taskkill.exe
4808	taskkill.exe
2208	taskkill.exe
216	taskkill.exe
824	taskkill.exe
756	taskkill.exe
2092	taskkill.exe
64	taskkill.exe
4280	taskkill.exe
1640	taskkill.exe
1868	taskkill.exe
4924	taskkill.exe
3608	taskkill.exe
608	taskkill.exe
3696	taskkill.exe
1920	taskkill.exe
4404	taskkill.exe
836	taskkill.exe
1904	taskkill.exe
876	taskkill.exe
60	taskkill.exe
4676	taskkill.exe
4836	taskkill.exe
4552	taskkill.exe
5012	taskkill.exe
5084	taskkill.exe
4336	taskkill.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133580974819233004"	chrome.exe

Modifies registry class 12 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\json_auto_file\shell\edit\command	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\json_auto_file\shell\open	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\.json	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\.json\ = "json_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\json_auto_file\shell\edit	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\json_auto_file\shell	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\json_auto_file\shell\edit\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\json_auto_file\shell\open\command	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\json_auto_file\shell\open\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\json_auto_file	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings	chrome.exe

Opens file in notepad (likely ransom note) 3 IoCs

ransomware

pid	Process
4872	NOTEPAD.EXE
3696	NOTEPAD.EXE
2620	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4672	chrome.exe
4672	chrome.exe
4292	chrome.exe
4292	chrome.exe
2988	chrome.exe
2988	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2576	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4672	chrome.exe
4672	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4672	chrome.exe
Token: SeCreatePagefilePrivilege	4672	chrome.exe
Token: SeShutdownPrivilege	4672	chrome.exe
Token: SeCreatePagefilePrivilege	4672	chrome.exe
Token: SeShutdownPrivilege	4672	chrome.exe
Token: SeCreatePagefilePrivilege	4672	chrome.exe
Token: SeShutdownPrivilege	4672	chrome.exe
Token: SeCreatePagefilePrivilege	4672	chrome.exe
Token: SeShutdownPrivilege	4672	chrome.exe
Token: SeCreatePagefilePrivilege	4672	chrome.exe
Token: SeShutdownPrivilege	4672	chrome.exe
Token: SeCreatePagefilePrivilege	4672	chrome.exe
Token: SeShutdownPrivilege	4672	chrome.exe
Token: SeCreatePagefilePrivilege	4672	chrome.exe
Token: SeShutdownPrivilege	4672	chrome.exe
Token: SeCreatePagefilePrivilege	4672	chrome.exe
Token: SeShutdownPrivilege	4672	chrome.exe
Token: SeCreatePagefilePrivilege	4672	chrome.exe
Token: SeShutdownPrivilege	4672	chrome.exe
Token: SeCreatePagefilePrivilege	4672	chrome.exe
Token: SeShutdownPrivilege	4672	chrome.exe
Token: SeCreatePagefilePrivilege	4672	chrome.exe
Token: SeShutdownPrivilege	4672	chrome.exe
Token: SeCreatePagefilePrivilege	4672	chrome.exe
Token: SeShutdownPrivilege	4672	chrome.exe
Token: SeCreatePagefilePrivilege	4672	chrome.exe
Token: SeShutdownPrivilege	4672	chrome.exe
Token: SeCreatePagefilePrivilege	4672	chrome.exe
Token: SeShutdownPrivilege	4672	chrome.exe
Token: SeCreatePagefilePrivilege	4672	chrome.exe
Token: SeShutdownPrivilege	4672	chrome.exe
Token: SeCreatePagefilePrivilege	4672	chrome.exe
Token: SeShutdownPrivilege	4672	chrome.exe
Token: SeCreatePagefilePrivilege	4672	chrome.exe
Token: SeShutdownPrivilege	4672	chrome.exe
Token: SeCreatePagefilePrivilege	4672	chrome.exe
Token: SeShutdownPrivilege	4672	chrome.exe
Token: SeCreatePagefilePrivilege	4672	chrome.exe
Token: SeShutdownPrivilege	4672	chrome.exe
Token: SeCreatePagefilePrivilege	4672	chrome.exe
Token: SeShutdownPrivilege	4672	chrome.exe
Token: SeCreatePagefilePrivilege	4672	chrome.exe
Token: SeShutdownPrivilege	4672	chrome.exe
Token: SeCreatePagefilePrivilege	4672	chrome.exe
Token: SeShutdownPrivilege	4672	chrome.exe
Token: SeCreatePagefilePrivilege	4672	chrome.exe
Token: SeShutdownPrivilege	4672	chrome.exe
Token: SeCreatePagefilePrivilege	4672	chrome.exe
Token: SeShutdownPrivilege	4672	chrome.exe
Token: SeCreatePagefilePrivilege	4672	chrome.exe
Token: SeShutdownPrivilege	4672	chrome.exe
Token: SeCreatePagefilePrivilege	4672	chrome.exe
Token: SeShutdownPrivilege	4672	chrome.exe
Token: SeCreatePagefilePrivilege	4672	chrome.exe
Token: SeShutdownPrivilege	4672	chrome.exe
Token: SeCreatePagefilePrivilege	4672	chrome.exe
Token: SeShutdownPrivilege	4672	chrome.exe
Token: SeCreatePagefilePrivilege	4672	chrome.exe
Token: SeShutdownPrivilege	4672	chrome.exe
Token: SeCreatePagefilePrivilege	4672	chrome.exe
Token: SeShutdownPrivilege	4672	chrome.exe
Token: SeCreatePagefilePrivilege	4672	chrome.exe
Token: SeShutdownPrivilege	4672	chrome.exe
Token: SeCreatePagefilePrivilege	4672	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe

Suspicious use of SetWindowsHookEx 25 IoCs

pid	Process
2576	OpenWith.exe
2576	OpenWith.exe
2576	OpenWith.exe
2576	OpenWith.exe
2576	OpenWith.exe
2576	OpenWith.exe
2576	OpenWith.exe
2576	OpenWith.exe
2576	OpenWith.exe
2576	OpenWith.exe
2576	OpenWith.exe
2576	OpenWith.exe
2576	OpenWith.exe
2576	OpenWith.exe
2576	OpenWith.exe
2576	OpenWith.exe
2576	OpenWith.exe
2576	OpenWith.exe
2576	OpenWith.exe
2576	OpenWith.exe
2576	OpenWith.exe
2576	OpenWith.exe
2576	OpenWith.exe
2576	OpenWith.exe
2576	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4672 wrote to memory of 4092	4672	chrome.exe	72
PID 4672 wrote to memory of 4092	4672	chrome.exe	72
PID 4672 wrote to memory of 1528	4672	chrome.exe	74
PID 4672 wrote to memory of 1528	4672	chrome.exe	74
PID 4672 wrote to memory of 1528	4672	chrome.exe	74
PID 4672 wrote to memory of 1528	4672	chrome.exe	74
PID 4672 wrote to memory of 1528	4672	chrome.exe	74
PID 4672 wrote to memory of 1528	4672	chrome.exe	74
PID 4672 wrote to memory of 1528	4672	chrome.exe	74
PID 4672 wrote to memory of 1528	4672	chrome.exe	74
PID 4672 wrote to memory of 1528	4672	chrome.exe	74
PID 4672 wrote to memory of 1528	4672	chrome.exe	74
PID 4672 wrote to memory of 1528	4672	chrome.exe	74
PID 4672 wrote to memory of 1528	4672	chrome.exe	74
PID 4672 wrote to memory of 1528	4672	chrome.exe	74
PID 4672 wrote to memory of 1528	4672	chrome.exe	74
PID 4672 wrote to memory of 1528	4672	chrome.exe	74
PID 4672 wrote to memory of 1528	4672	chrome.exe	74
PID 4672 wrote to memory of 1528	4672	chrome.exe	74
PID 4672 wrote to memory of 1528	4672	chrome.exe	74
PID 4672 wrote to memory of 1528	4672	chrome.exe	74
PID 4672 wrote to memory of 1528	4672	chrome.exe	74
PID 4672 wrote to memory of 1528	4672	chrome.exe	74
PID 4672 wrote to memory of 1528	4672	chrome.exe	74
PID 4672 wrote to memory of 1528	4672	chrome.exe	74
PID 4672 wrote to memory of 1528	4672	chrome.exe	74
PID 4672 wrote to memory of 1528	4672	chrome.exe	74
PID 4672 wrote to memory of 1528	4672	chrome.exe	74
PID 4672 wrote to memory of 1528	4672	chrome.exe	74
PID 4672 wrote to memory of 1528	4672	chrome.exe	74
PID 4672 wrote to memory of 1528	4672	chrome.exe	74
PID 4672 wrote to memory of 1528	4672	chrome.exe	74
PID 4672 wrote to memory of 1528	4672	chrome.exe	74
PID 4672 wrote to memory of 1528	4672	chrome.exe	74
PID 4672 wrote to memory of 1528	4672	chrome.exe	74
PID 4672 wrote to memory of 1528	4672	chrome.exe	74
PID 4672 wrote to memory of 1528	4672	chrome.exe	74
PID 4672 wrote to memory of 1528	4672	chrome.exe	74
PID 4672 wrote to memory of 1528	4672	chrome.exe	74
PID 4672 wrote to memory of 1528	4672	chrome.exe	74
PID 4672 wrote to memory of 692	4672	chrome.exe	75
PID 4672 wrote to memory of 692	4672	chrome.exe	75
PID 4672 wrote to memory of 212	4672	chrome.exe	76
PID 4672 wrote to memory of 212	4672	chrome.exe	76
PID 4672 wrote to memory of 212	4672	chrome.exe	76
PID 4672 wrote to memory of 212	4672	chrome.exe	76
PID 4672 wrote to memory of 212	4672	chrome.exe	76
PID 4672 wrote to memory of 212	4672	chrome.exe	76
PID 4672 wrote to memory of 212	4672	chrome.exe	76
PID 4672 wrote to memory of 212	4672	chrome.exe	76
PID 4672 wrote to memory of 212	4672	chrome.exe	76
PID 4672 wrote to memory of 212	4672	chrome.exe	76
PID 4672 wrote to memory of 212	4672	chrome.exe	76
PID 4672 wrote to memory of 212	4672	chrome.exe	76
PID 4672 wrote to memory of 212	4672	chrome.exe	76
PID 4672 wrote to memory of 212	4672	chrome.exe	76
PID 4672 wrote to memory of 212	4672	chrome.exe	76
PID 4672 wrote to memory of 212	4672	chrome.exe	76
PID 4672 wrote to memory of 212	4672	chrome.exe	76
PID 4672 wrote to memory of 212	4672	chrome.exe	76
PID 4672 wrote to memory of 212	4672	chrome.exe	76
PID 4672 wrote to memory of 212	4672	chrome.exe	76
PID 4672 wrote to memory of 212	4672	chrome.exe	76
PID 4672 wrote to memory of 212	4672	chrome.exe	76

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/ChildrenOfYahweh/Powershell-Token-Grabber/releases/tag/AutoBuild
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0x5c,0xd8,0x7ffe3c0a9758,0x7ffe3c0a9768,0x7ffe3c0a9778
  2⤵
  PID:4092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1840,i,2331194196304085664,78294856816227062,131072 /prefetch:2
  2⤵
  PID:1528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1780 --field-trial-handle=1840,i,2331194196304085664,78294856816227062,131072 /prefetch:8
  2⤵
  PID:692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2068 --field-trial-handle=1840,i,2331194196304085664,78294856816227062,131072 /prefetch:8
  2⤵
  PID:212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2820 --field-trial-handle=1840,i,2331194196304085664,78294856816227062,131072 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2828 --field-trial-handle=1840,i,2331194196304085664,78294856816227062,131072 /prefetch:1
  2⤵
  PID:96
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5260 --field-trial-handle=1840,i,2331194196304085664,78294856816227062,131072 /prefetch:8
  2⤵
  PID:2480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5328 --field-trial-handle=1840,i,2331194196304085664,78294856816227062,131072 /prefetch:8
  2⤵
  PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3160 --field-trial-handle=1840,i,2331194196304085664,78294856816227062,131072 /prefetch:8
  2⤵
  PID:64
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4716 --field-trial-handle=1840,i,2331194196304085664,78294856816227062,131072 /prefetch:8
  2⤵
  PID:2700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 --field-trial-handle=1840,i,2331194196304085664,78294856816227062,131072 /prefetch:8
  2⤵
  PID:3788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5284 --field-trial-handle=1840,i,2331194196304085664,78294856816227062,131072 /prefetch:8
  2⤵
  PID:2116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4992 --field-trial-handle=1840,i,2331194196304085664,78294856816227062,131072 /prefetch:8
  2⤵
  PID:4548
- C:\Users\Admin\Downloads\grabber.exe
  "C:\Users\Admin\Downloads\grabber.exe"
  2⤵
  - Executes dropped EXE
  PID:4780
- - C:\Windows\system32\taskkill.exe
    taskkill /F /IM chrome.exe /T
    3⤵
    - Kills process with taskkill
    PID:4676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5624 --field-trial-handle=1840,i,2331194196304085664,78294856816227062,131072 /prefetch:8
  2⤵
  PID:3276

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1244

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5076

C:\Users\Admin\Downloads\grabber.exe
"C:\Users\Admin\Downloads\grabber.exe"
1⤵
- Executes dropped EXE
PID:3176
- C:\Windows\system32\taskkill.exe
  taskkill /F /IM chrome.exe /T
  2⤵
  - Kills process with taskkill
  PID:756
- C:\Windows\system32\taskkill.exe
  taskkill /F /IM firefox.exe /T
  2⤵
  - Kills process with taskkill
  PID:1904
- C:\Windows\system32\taskkill.exe
  taskkill /F /IM brave.exe /T
  2⤵
  - Kills process with taskkill
  PID:4836
- C:\Windows\system32\taskkill.exe
  taskkill /F /IM opera.exe /T
  2⤵
  - Kills process with taskkill
  PID:3696
- C:\Windows\system32\taskkill.exe
  taskkill /F /IM kometa.exe /T
  2⤵
  - Kills process with taskkill
  PID:2092
- C:\Windows\system32\taskkill.exe
  taskkill /F /IM orbitum.exe /T
  2⤵
  - Kills process with taskkill
  PID:1868
- C:\Windows\system32\taskkill.exe
  taskkill /F /IM centbrowser.exe /T
  2⤵
  - Kills process with taskkill
  PID:4320
- C:\Windows\system32\taskkill.exe
  taskkill /F /IM 7star.exe /T
  2⤵
  - Kills process with taskkill
  PID:4924
- C:\Windows\system32\taskkill.exe
  taskkill /F /IM sputnik.exe /T
  2⤵
  - Kills process with taskkill
  PID:4552
- C:\Windows\system32\taskkill.exe
  taskkill /F /IM vivaldi.exe /T
  2⤵
  - Kills process with taskkill
  PID:64
- C:\Windows\system32\taskkill.exe
  taskkill /F /IM epicprivacybrowser.exe /T
  2⤵
  - Kills process with taskkill
  PID:3608
- C:\Windows\system32\taskkill.exe
  taskkill /F /IM msedge.exe /T
  2⤵
  - Kills process with taskkill
  PID:4240
- C:\Windows\system32\taskkill.exe
  taskkill /F /IM uran.exe /T
  2⤵
  - Kills process with taskkill
  PID:1920
- C:\Windows\system32\taskkill.exe
  taskkill /F /IM yandex.exe /T
  2⤵
  - Kills process with taskkill
  PID:4404
- C:\Windows\system32\taskkill.exe
  taskkill /F /IM iridium.exe /T
  2⤵
  - Kills process with taskkill
  PID:608

C:\Users\Admin\Desktop\grabber.exe
"C:\Users\Admin\Desktop\grabber.exe"
1⤵
- Executes dropped EXE
PID:1900
- C:\Windows\system32\taskkill.exe
  taskkill /F /IM chrome.exe /T
  2⤵
  - Kills process with taskkill
  PID:4808
- C:\Windows\system32\taskkill.exe
  taskkill /F /IM firefox.exe /T
  2⤵
  - Kills process with taskkill
  PID:4676
- C:\Windows\system32\taskkill.exe
  taskkill /F /IM brave.exe /T
  2⤵
  - Kills process with taskkill
  PID:876
- C:\Windows\system32\taskkill.exe
  taskkill /F /IM opera.exe /T
  2⤵
  - Kills process with taskkill
  PID:836
- C:\Windows\system32\taskkill.exe
  taskkill /F /IM kometa.exe /T
  2⤵
  - Kills process with taskkill
  PID:4280
- C:\Windows\system32\taskkill.exe
  taskkill /F /IM orbitum.exe /T
  2⤵
  - Kills process with taskkill
  PID:2696
- C:\Windows\system32\taskkill.exe
  taskkill /F /IM centbrowser.exe /T
  2⤵
  - Kills process with taskkill
  PID:1640
- C:\Windows\system32\taskkill.exe
  taskkill /F /IM 7star.exe /T
  2⤵
  - Kills process with taskkill
  PID:2640
- C:\Windows\system32\taskkill.exe
  taskkill /F /IM sputnik.exe /T
  2⤵
  - Kills process with taskkill
  PID:2208
- C:\Windows\system32\taskkill.exe
  taskkill /F /IM vivaldi.exe /T
  2⤵
  - Kills process with taskkill
  PID:5012
- C:\Windows\system32\taskkill.exe
  taskkill /F /IM epicprivacybrowser.exe /T
  2⤵
  - Kills process with taskkill
  PID:60
- C:\Windows\system32\taskkill.exe
  taskkill /F /IM msedge.exe /T
  2⤵
  - Kills process with taskkill
  PID:5084
- C:\Windows\system32\taskkill.exe
  taskkill /F /IM uran.exe /T
  2⤵
  - Kills process with taskkill
  PID:4336
- C:\Windows\system32\taskkill.exe
  taskkill /F /IM yandex.exe /T
  2⤵
  - Kills process with taskkill
  PID:216
- C:\Windows\system32\taskkill.exe
  taskkill /F /IM iridium.exe /T
  2⤵
  - Kills process with taskkill
  PID:824

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\cookies_netscape.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:4872

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2576
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\downloads.json
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:3696

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\discord.json
1⤵
- Opens file in notepad (likely ransom note)
PID:2620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:4292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffe38cc9758,0x7ffe38cc9768,0x7ffe38cc9778
  2⤵
  PID:4132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=1828,i,8129233680111220014,3528735140152992137,131072 /prefetch:2
  2⤵
  PID:924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1956 --field-trial-handle=1828,i,8129233680111220014,3528735140152992137,131072 /prefetch:8
  2⤵
  PID:1212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1700 --field-trial-handle=1828,i,8129233680111220014,3528735140152992137,131072 /prefetch:8
  2⤵
  PID:4608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2908 --field-trial-handle=1828,i,8129233680111220014,3528735140152992137,131072 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3220 --field-trial-handle=1828,i,8129233680111220014,3528735140152992137,131072 /prefetch:1
  2⤵
  PID:236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3828 --field-trial-handle=1828,i,8129233680111220014,3528735140152992137,131072 /prefetch:1
  2⤵
  PID:2392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4664 --field-trial-handle=1828,i,8129233680111220014,3528735140152992137,131072 /prefetch:8
  2⤵
  PID:960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4808 --field-trial-handle=1828,i,8129233680111220014,3528735140152992137,131072 /prefetch:8
  2⤵
  PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4936 --field-trial-handle=1828,i,8129233680111220014,3528735140152992137,131072 /prefetch:8
  2⤵
  PID:1396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5072 --field-trial-handle=1828,i,8129233680111220014,3528735140152992137,131072 /prefetch:8
  2⤵
  PID:2824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3380 --field-trial-handle=1828,i,8129233680111220014,3528735140152992137,131072 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 --field-trial-handle=1828,i,8129233680111220014,3528735140152992137,131072 /prefetch:8
  2⤵
  PID:1404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3448 --field-trial-handle=1828,i,8129233680111220014,3528735140152992137,131072 /prefetch:8
  2⤵
  PID:2620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5392 --field-trial-handle=1828,i,8129233680111220014,3528735140152992137,131072 /prefetch:8
  2⤵
  PID:3748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4944 --field-trial-handle=1828,i,8129233680111220014,3528735140152992137,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 --field-trial-handle=1828,i,8129233680111220014,3528735140152992137,131072 /prefetch:8
  2⤵
  PID:5100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 --field-trial-handle=1828,i,8129233680111220014,3528735140152992137,131072 /prefetch:8
  2⤵
  PID:3336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4832 --field-trial-handle=1828,i,8129233680111220014,3528735140152992137,131072 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4796 --field-trial-handle=1828,i,8129233680111220014,3528735140152992137,131072 /prefetch:8
  2⤵
  PID:1900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4764 --field-trial-handle=1828,i,8129233680111220014,3528735140152992137,131072 /prefetch:8
  2⤵
  PID:3036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5512 --field-trial-handle=1828,i,8129233680111220014,3528735140152992137,131072 /prefetch:1
  2⤵
  PID:1736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5564 --field-trial-handle=1828,i,8129233680111220014,3528735140152992137,131072 /prefetch:8
  2⤵
  PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4764 --field-trial-handle=1828,i,8129233680111220014,3528735140152992137,131072 /prefetch:8
  2⤵
  PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5276 --field-trial-handle=1828,i,8129233680111220014,3528735140152992137,131072 /prefetch:1
  2⤵
  PID:1412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=3076 --field-trial-handle=1828,i,8129233680111220014,3528735140152992137,131072 /prefetch:1
  2⤵
  PID:1064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5776 --field-trial-handle=1828,i,8129233680111220014,3528735140152992137,131072 /prefetch:8
  2⤵
  PID:4084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4600 --field-trial-handle=1828,i,8129233680111220014,3528735140152992137,131072 /prefetch:8
  2⤵
  PID:3968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 --field-trial-handle=1828,i,8129233680111220014,3528735140152992137,131072 /prefetch:8
  2⤵
  PID:348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5656 --field-trial-handle=1828,i,8129233680111220014,3528735140152992137,131072 /prefetch:8
  2⤵
  PID:3832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5648 --field-trial-handle=1828,i,8129233680111220014,3528735140152992137,131072 /prefetch:8
  2⤵
  PID:4256

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2300

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\hazard-nuker-mirror-1.4.7\setup.bat" "
1⤵
PID:3048
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /K start.bat
  2⤵
  PID:1916

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\hazard-nuker-mirror-1.4.7\start.bat" "
1⤵
PID:3968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
675cb66bf44402292c9f513e881cfb31

SHA1
d386b8b985974dbcc333a5b4c4d6b249a7ba649a

SHA256
d34eda46ca4c4455ea9ab8434b3306eabebe0fe1eb4742d10d0d7e3294e31025

SHA512
9891cdfc97ffdb629392f22423daa9026265bf38db0728263a3ce41e2357a25e50577cf81ca79570915dd0fe4e43facdfd97b3165e3fdd80b4d6d3c910aa4c06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
93bddf268d8ebf4b238cbf604c83684e

SHA1
a35e371c46d52fa134ec088efb0ebac2cdb65a25

SHA256
6aa3fc735cc1a83a8e88e43c2f93f3f45b3213dbb153b19310556529e7bf1fa0

SHA512
7c7244a3289f48876c2599c017586b5a13165ee4a2fdffa59e731df3ba9bd101f5dc20103510e844e7d60693eafd07fb8162bb38568cad34015ac61a9f89069f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
33d1584b04ed7b4490bc172bccfd7b85

SHA1
f71fcd85c08620979f87064b13346f397761b035

SHA256
392822a8f5c7332cc62406e49bb01566ff9e7da1d9cdd27a8c7eced109b53554

SHA512
e14f96fad76b819d8ee0ea38085f3f1c94b2c89c3c9b2f849bfecb8525cfc0897ac740d2ab8fe61dcfb6c8bedcf2507565ec423e10dc3a8b725b22b64529fb10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
c3a105b49d7eccdd157868270b8976dc

SHA1
475eabca3cdd5f2a72c13fe3fb327fe8301c2945

SHA256
a7d27d4ee0c42f6e9502fb51413096b3bbf840ae0a60df306c64f7a50dbad82e

SHA512
f76837546b740d16421f284229784edc9c9edf6d6ae20d28d58f832a4863e1b80982febd6131d4e98f2f7ad7530a54e8b6d713b1ca7f9e7a599b08f24c59812c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
4e2bf2f68e05812e465aeda388af7380

SHA1
3c3c6569cfd0d3cd90f65608d87e5ab17b22deb2

SHA256
bea8811140c866f3eb220a2e9f4776879fcd22d17efb740f549d78126d4be851

SHA512
e04f4d074a0fb75cd9d7d03fd5189412dfaca2dfe0bbd742cead9c55cc2f0342f342415d98a13c41119c2fd6f297643fcdbe3f51f69b9768760ad12de97a3f35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003e

Filesize
25.5MB

MD5
c86949710e0471a065db970290819489

SHA1
b1207fba545a75841e2dbca2ad4f17b26414e0c1

SHA256
edfc6c84dc47eebd4fae9167e96ff5d9c27f8abaa779ee1deab9c3d964d0de3c

SHA512
0e19181bc121518b5ef154fecc57a837e73f36143b9cb51114bd3f54056bc09977abc1e4ef145a03344d9ad2b8e49faa483b4ef70e4176af2bc17a8e5a3cd4ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0d278e0af316590a811542095509f2c8

SHA1
1d706beea319bc131e783fb65c215179ffc61950

SHA256
000948ae00ae6a6ab4e06a119f902e3f8067bff8bdc08e6f87f11dd505e97f08

SHA512
01e8bb0c62abd2cb8b7e102278478d254e2d9cfd7e5a4922929e3199f2326a882b17d11547fe1174ad5ecd25fef6444b6325c6f328105da2fa63b540db91d30b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
c927c17d54658b0c2f2521fbec3c4963

SHA1
65cb24571e2989cf6bb1185a221c7cc0e9f19e5f

SHA256
983e705a611764ed530b340c9e9f9ddeb4afdff3edd32c127134513b54a2a064

SHA512
466ed9296e5901374cdb8dd7f261a39550db3bb59a3d915785c32df641ff5d2fc4e3501fac7a467bcf07afa65534c44c56df9a6be72a393886c4818fb9afe4d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ecaeb7701135a4473e54a82fb3be0bf1

SHA1
ec1716bd63cea9cec4484241647f4d28d3ee7032

SHA256
b9e8fe74f9fdce09ac1a795315f3b8ddd09ea27a6e1f7103fc10db2114c841e9

SHA512
1dd689437357a9cc4ea8417419fdc1e7ae4b55f809ff8f3490d7c7a57102cc063f004a4673a9b6ed43e2ff34f18c3d3d22b1d0d3d1cbb7b08559cfaeb4337652

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
6e4255d0b076c6f88ed2cc15ced3face

SHA1
bd3899da71b2d5b2678d1cd3d4d7d586d99b6975

SHA256
c08f513742ba9c0293aefdee9f078a622ce0e7e105b2d47d4b15822bdb97b75e

SHA512
434b8a71fce8ff953c1def469adac8a7c815a9715afe83c795ec54d6b8fb9d248b56afac032936ecc5913fd7ba34b278cc456398e3eb01a00967c6de4736046e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
317B

MD5
5d116c7662ecaaa5a0d0b95b3d079ac7

SHA1
76a100e101197b2ae86ff230b87e9d38bde51c38

SHA256
6dff0a155d7ec3bd0b13a7bd5fe3b120b218828bf5533f86add486db75fbf317

SHA512
496d14f4c8ee99e5a2828435f6692a9d13a3bc174015398a0bf5a2fd4fa568df7c036d9d4bfd522c82c528504f6a6078988c35af0c69a4bff79cc4b705f6458b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
148KB

MD5
489631fc59a3940c40ea2f5baff262d4

SHA1
e51e961531d415a496dc22f4f0755845a8595272

SHA256
0f8f304dd85612c96104d50be8092b328f4d4c00ae07cb14b2b5c29734c92958

SHA512
0dd5e51a1fa33d1a0fe997d2692f101102dc33fe6cc6cb90fda612f1626a344ee3ac90384ebcc76b7fcbdbe4b432609e0811f627e4867b0b8c04f124acb0f6e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
4204238339ef5949ba01556481516b05

SHA1
7b326a04dc468ce10fc7b377304336dcba534b7c

SHA256
b144219c9507d7fc5226b9fb62e693f4d01022251beb8db22dc58e251f386fac

SHA512
fc5b723e21da817f8dedfb62b6afae052b9dc97442d28d4c14c74530bdbacdf73cee90a899debd1e1ff49341dbc0705f5384d3496e0490ecb21957e70be28f9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
20KB

MD5
2a8c7d24ae326dd7113aa052268c125a

SHA1
d736ae59f0ce9cf2a1900b70a7a9044439a90c2b

SHA256
a7a8c6b08926683a874b797cddc6caad595eb8757af64dc6939a56485df5cfaa

SHA512
71633352bf7d6420eea2c2193357a82bb1ab8a63a7e790669969422c1d4fccffe545d6fb6ae723790e1c859f9aee878a662fae33759cb17b3beb7d2986743bf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
8e9296390bafbc91918034cc822b99b9

SHA1
f2c483815d3158f11cd09384c77c7c1f08dc414d

SHA256
719c04fa514db52f45e8d18d13270dfc56c144c051a51db88e8b7344bfcdf131

SHA512
97c62a11fd7885fc91efc2e23e17649621cb031cbca8a2de090b413f1aae3e939ed5d107d7223ed04d3c619b867347d6428296d2d63f0a0c80508541d4b5c699

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
fb6a0af40f75b80bc52c73a75dac23a6

SHA1
17e7cac21d1345804a46468a03c21848e2b82631

SHA256
e7c3ad2631c7d50e89bb532e8fe5893f159012fe7eac8a65c490b032c6d25e75

SHA512
a23b2a85b9183aedf3a0f5236f76b181d05756145ab6fbd87a87a4a3e4e694d4a9ab759232c973d85ec657fc89bfbb76c6216b12d611b48e4e56f799cd59b6ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
3a00a69bd742cd6a9d5fe4b0d44f697d

SHA1
906a41527f6e1ea9e27faca17c7dbdb87187f2a4

SHA256
5930a9b7164bddf428b7eab72b1aa0d304ede585ef73ae01beb6e967a13fc174

SHA512
42edfa3838935776f5219e45778caa0296244ec7b86e2d1091b3c534d4b9bbbb2647fb79dbcb306d466c69e262141c66a449a9921c6a9d29caac4d171bb29277

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1018B

MD5
45ac822cd4e0cd0a8fadea245d0fb450

SHA1
8b35988ad45b6c44eb5e9ceb6a1455e9ae383f54

SHA256
fa727e6018a0faa50911c260bbf83332ba5d539668377f4dc227b8368385591d

SHA512
7960a5bbedac5e2f2fe55ed6a411e33ed0a2b70cee29e6f53e9f450125a18d31364fedea4c397ec3f3a23323533aabd2a3b8c5e40c8a165cea64805282ac2887

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
c10acea658a4fa2f91e7a254e45f0f2c

SHA1
6fc2809b22d3f8daddadf0525b9f0923acb91d9c

SHA256
2029c1658733478f2f2089aa2148b7a238f7f618ebf07eb535446a147f246c39

SHA512
e383751905122511daddfd0e4dd0ed21c805e0af381f75b395c6d96193092066bfaff07f4a1f63617650769b80d8308f7f813439101011e0e8b6751b2fcaaf7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
1260bd381b279772b36cd007585607a8

SHA1
ec57435762b9197645f42c6e201adfcdce0875a2

SHA256
7609ab2106dc9af71821eed5f52578cf03be4c89d2232d94604f63461f442281

SHA512
67be517418c8f5f8af89265dd1d442e401cc5741d4a19c26d67847d0ebd87584122b86cbf67c656d12167ec3ae790b0995f5acec8a5acb7dd2f469f6f317fe01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
a62ac061ce23bddd7afd2e02021a6121

SHA1
48cfd1339d5ec5abb6eade8d3bb5c28335d4fd54

SHA256
589fa84448e0e8e08d8b0a6c48d83ae485d0c61258a953c6207305c0d7fcf768

SHA512
9ff9f48069a4baf32610c72794ce41fa56cac5de336faa163432c9047c10ec84a2577d9a73201eaef9b55495463e389470233e28e1cb0c8d97a4bd18d486cb14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
397cf9b6f90d70776686d300ea11ccfa

SHA1
1644850eff644edfef131a3725ddf06c56f8550c

SHA256
d0c92df1ee47021c1b8bf70b0b52db26c45bb3f548f46e4f6fdcabf0f8ba76ad

SHA512
8574897e41ca861ae799f5fc1f564448c3d03c6ff298ad8888324d2dd6af072e0585a342a4f9c20f329d3ba374cbafcede59541cacb45173fefbee204d02724f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
cbe10dd2f13bf1212e20054d733dee95

SHA1
b225bfe080eb3914af02748ab5db89fe4fd9280e

SHA256
047bd47ae9985f6c01860786a19e7429f795533c4b79fd0f2425644a9385e420

SHA512
5fe1290be026f1b6b73338d8927a0fb3eece3273b3858fe4c946862ec542b1679077a2695bd942101502bd63eb5cdba3cd7d496f4e58fbf1b5aed4cda91fe5af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
340e0bdc8bb5d62de349a938b770d4ea

SHA1
2da0973830abc6d9f9cdb5fbb8676272e03539ab

SHA256
4d52988982e9e4015936d433c560ac3b51f75a01a8078a1d919c330317fe07e6

SHA512
00765168876ca35a9311cb962ca913b476b2a8880f8002753f2fb8d7d5e5ad5c7c0888744dd832b0bec3f877939475e11bf60ccc7ff41b34cfd0780dcf454014

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3c0e69583b7f7e23f2efb551311eb58b

SHA1
29773b9a061374ded2b0d74c69a6b7a9cb5a93b7

SHA256
b0629855d94efb76f01557b882cd1a4920e57b140ece1b61ea3ef371c79d3e46

SHA512
f76299edc4c2fbf282ec2272f86bff2e959bc6c629bdc40b7e54695a60a297923121845723fb30a35c752bbf7c12d482803d65ddfc46a79ddd7b34f8e8fa229b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
dba9a4d51bcc0b049d79c03d6176d2f9

SHA1
2854c1a10177bc67a7e522ae6b8ff8814fecde52

SHA256
5f8ccaca8fdbfc2ac5d3441c360bc15635893ba238c2225ac32df2762813d891

SHA512
0faf816ee39d4b77f05318e576ba646f81c20b8d734c144252d9d6708256b0876741b66afea9ff2b8b31c4ee9b978feee55ff083b735178ca368c9ada8dae01d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
411c73703d7e074697bff43de362898f

SHA1
1a00384723c4ffb30753e66e9eda3d03d5ee0525

SHA256
0e8b95bbe78ef6fffe00674f4253ad8729c1ba2660f777b1efd35290c521f5df

SHA512
4c7f6ffc5d051bb4f5a79efb211ef2bf69ec161394d1739e6baa90354cbbc5f403f5134d9dc8ec1cd567ee8afcab1ce835db59bf092558e76e81e686cee41f06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
7d79ad64fb76a0e98603a1888d3ea5b9

SHA1
1705d88395146ecd4bd21a387171c4395c81f253

SHA256
beba012c4226f9c8a23adbb61acda1a4e1d21c2664e9250966e2300d26708deb

SHA512
76b2d4720de6786445e53635de110707601558ea6ab85605ba8961ef4c38d3ca56456cc7758be5206b2cb9fe65434b4d207d1240c50b23dffd6c49791ff1040c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e4ccd32ced2b7ac6034286a62cff318f

SHA1
8fe7c1cbab938f85dbdbf34366e496e335b2a880

SHA256
e555bb8e5970d0115942a125b810b3642c16ec7aff434ade9ac72ef53e9bc906

SHA512
5cc31293798c1bda525ccdd735ffeba8cbb2f52150bd3d71c47d5a155d036db92f03b807e2326d19c00a1c95bf524c1fe861f705e07b2cb0be61aa0559926fad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
95c6b545f3c764d8d23eeb8e4e0c0947

SHA1
1a69592c0d41c59e2ca50e4fcbd3ea3d5cce9b74

SHA256
0bdcf1c72cb2e439ad0e562a6c6f7a5da9c5d11652b1544cf9e2f335af914c91

SHA512
7134c8fe405977a57f88058923b1ed5bd3a2b2350100095d2e858535e5b3b2d51ddd0085e836c349a990a7f769930d48daa9430537a6442c5900a95739134ce2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
cfa8d1050918531e06a2eeb2d42485e5

SHA1
167e92c0a07ab0907f8a5cf9610dfd8eaac40b3c

SHA256
f0e34684bba6bc4aa6b501d5e638bae44a1b1238c44188325bd1fc18137ba5f1

SHA512
d7435d4f4a120501a74e68ffa15bb6b29e34ec7a93574309f2009b555423ebd274b5ad5156d796c1d34a57886a4a6850165864c57947414bd543c3fa89244936

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a150e3baaaa81ded377a15285ebbcbf1

SHA1
90ee0e34b89f5a51f0ad9d7b6cb58678ad1bd66c

SHA256
9e46727d68846cdb3206b8e8c8bfac6ba3cbe3f2b8563975cf6fdd8fb453ace2

SHA512
fc2f482e21e23e7b83bc6038e39f11393ad7377cde4d83bf052ad2948a5565f9e5d04791427820ad8edccb9624cc1a3cc524a70f57a96b43088b3917d6a16e70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
fd5b74d20a5a4fc748071b28fd426b9b

SHA1
c23106bd308c839843d468098877a881f2cfb362

SHA256
569e9a583daa52f0cbb09c51cce1d610675b473967c6bee8d6b117ef3986d05c

SHA512
e99279dde0d8765b458922a85b459146baaba87085e097576a704ab31aa5fa9e95c1cbf9182e95c42c582e8c9e64c64ac3c24bdb96cbbae6a702f32d0b799698

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
087b5fc040e6df266c57808a699d0f0f

SHA1
bc98b7c5972ca8356c3d0a90782d81f0e9da7299

SHA256
e91d0836cdd6b5b10afe11ec54209fe475997fca9841d36645c08b15f2f4be1b

SHA512
f0cc4416beb6a19ec2bbaabc08c83ba09ad03a3b9a533923dea24d3f40be1714210baa48b0b3f578aacb416b88c4a4f22ec5a536a0e62ab01321c0869b046cfb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5a505552e4f3980d2baa8d9340b4a0a8

SHA1
e109da05905ab9ad2f61e09240d9ad4f4668a3c4

SHA256
6cc1f3734a9040e3edeb3ae147f1e27a68c4199d0ca9a894739ae72f107e4df3

SHA512
a825e64d10d768d8a1b9e044f0c01c11c5ab877fd07cbf94f3fb7c735e3d05a9b326d568da5731821765ec71b6d0855d388d3aefda4924b920a2e980cc380c15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
30bce0a658eda80a3db225ef4df2c1d3

SHA1
763a31d2b83470f8ce941818d87b9cc321b32e3b

SHA256
6753d1c125c893d865b9a473f680ebae0a5615705406fd67ac7e0e0002219ef8

SHA512
a1fca9b44ef69cb2fdd7cf17f2c56a9265c3a0a3580e2136b5caf8091255072e8f61be5a082d78d04b5fc2985547342c6c86816ac0aa4343d9bda4158557a5c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
13bb27279d333550cab9fe0d5d7c5379

SHA1
78541b57908779816f9827bb6a20a72bfbdbfbca

SHA256
f5d2341855866d4b2312e20b9f9af7877cc4b0287057cc839482f1a2872acc59

SHA512
93b9b03207031e1e186e13f8818ff497190623b64350e5682b84e0e5e4fcebe7e993830b44fb46b2f9ce39fff901688a9f8d5b3f362b3fadac87640fc8afd10b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
91e7fc78bb6a029a8b7803cb2c66ab1d

SHA1
7981b85f7f656d18bdaea7ca1e58e8c57c288a44

SHA256
b983b7871f6983b68fe00e152225bc72b64544a1d0d28f3f95c5b9c36bd059ab

SHA512
b9e089e0d9c38c58e7fa764c2154f4b23d9b6c027f5ab375725a8bd63a6d0341141b3cff83c2dd491c5fcd8d38305c1c7dcf41e7cea93b678fb2788c9f83234d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3fa11121607e851b4573902261926f24

SHA1
c79dcbe39c95ed364f47fafcfb083b5e12961043

SHA256
9b926a8bd98f8b42d8b104042ba32f185ad173fcba0212e1a04fa9e0f6b4adc8

SHA512
f6da101e49c4cf7e4a2145bf9d471755ea3d6c108f3dd673ace6c843bae6d3d042fd2290066b93dab0ced9a44e4543f9f1b670448d83fffbf1ca16a48f1ffafc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
a05f7c39c271e181867c69422af7d791

SHA1
aced1599d3212b8144d5c1a99a352730f5a0fd48

SHA256
cd2d92e03ff95999ed868129b699aa3dee2c907049e6fd9277f1493460b6fe12

SHA512
442a9feb824344b1cacd63e0f88227e5970623e596d5f0bdcb5001114f558d0d9167ebb3291efdf464adcf3ebfe5c3a03ac1df2be8e4931136778f9989f1f433

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
317B

MD5
ab2bc55a6802ffa13ef13b7dd6711b93

SHA1
0d4d1c8942211d7ba4793e91368b793573c7e4fd

SHA256
ba8592a5f3987dc85f894151cfb6d5cd3416d079c0266231e2a1366433d05cd4

SHA512
640f56ee6c1ebd2e1e6c17dcf0371dc8fcd6fe20d5218dd026d920115fe0db0928a0f2194ca82871c0d511b66eb594bd213efb18ad3cc0f3a60327e34debd940

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13358097418129444

Filesize
6KB

MD5
c387e0bec66535b64f9d572e5f215382

SHA1
6c8079d57fad43f527ccb987b90f26184934952a

SHA256
127f7b6da1fbe7de800b08ab5a19c4d28406559661e91e64d81267f7d35c405f

SHA512
de9041bb83e159295ac9e90a5c9ff58ef52ad6b87f4ca2c1d7314fa92e9b6eb67594e5f40ebb06a29f4c57de363fe0724347478a165ed010f2897f7bf9bcaef5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
2060615866e9b4efa99b375d988e9b23

SHA1
3ab4627b19a270979473f283c92e6ebb1c1a3f8b

SHA256
26d8dc84ecbe1a7f391184b7ba75797c35c6465282bf3840a19d1a9ab1e8e7a6

SHA512
1e4b4e192fba66ba049deb4410216c5f4ad2a5a1a8275b4f6cd23586356f02b6c4872265b9f893667986bd0eee5e7b1e375a76d29855ab5f05b05a6222aa7742

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

Filesize
8KB

MD5
af3520adb8c7e6f67e7c7da194a32e24

SHA1
16ab88aae466c87481927d8e69706674dfb0e811

SHA256
5aab39176d2e4bd06372565ec4fe5c3eed4714317115790582198681ca9de8b7

SHA512
2a10475088d6732968592c66ff450ad9613513ad0334649c3177e842eecb95d6c4e69cab8fe0cff13bd4bf6a5d474a7d4df7705e00f778396a1ee09e7f7abfa8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
24f7f65493cc5265ca25c467c52eb6dd

SHA1
a643a931d7cf56670b2a363426732499d2da1102

SHA256
30c9c31385ce78af60a09372cebcb6e11820ebdff0cac44608e513090d134209

SHA512
322edc7ec0a92c9b2a4d7386963099c0367e764cef8c5ba920812244fecfcd3538e0a0ff8c8aaa4dfd741202445b6620af4f9c04e16ea4c224e9ca635b2ff75a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

Filesize
128KB

MD5
19a85333f33a537918de1721095972e7

SHA1
ec4881c24d3f3ff2870620f84040d404e5498fac

SHA256
65445646441254a98bc1ab52a64f3f33468fe56c0ea58b988eba77902ee5386b

SHA512
592b41ddc0d88a4863eb209f5f81d57d28d79755d796a1f15282917fdff10cc2c05c0ff97a7152a1fc22e776045e460494711e82f905e4ac440f2aca945d1c12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

Filesize
13KB

MD5
4a2c2524101464e86010ed0e98f8f56e

SHA1
204fcacca5588678b7ce6f792ffa2b4ab8135aa3

SHA256
048541bc285660d9e9b0f798286755f23b3a9c05f2005cb6ba91f95d0e487058

SHA512
e66efccd2cf35de1bed0e02a66cb37b87a244286508eda7bedaa8ea23c90ee62a3584e031a264a67d07bbb65178f43bfde5b4d4a9a87ced655259f549dd209d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
317B

MD5
6364805c839b4b34c505404de87536eb

SHA1
eeeec067c3618532bf91ce7ffc8c70e1e2e41eef

SHA256
29441408101b19a13cde58784ca01244f112f90f45d411d567cd4796b63e716e

SHA512
cc73b9bb50776006ed270b14bc896b2c58f3bb820bd88e257cd40afa64fc229f64bdb489cf9cdbf9d2c0019d5c7b441dc7fe3ae0ff2e7487a65ed7ddafa9e3e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
860B

MD5
eeb01e8810f464dfb58d3f992d455595

SHA1
51b6aa353f38d4220f19e2203fc7d41ef95f72a3

SHA256
a2233e8c6bd6df5ad16e6a927b81a95c0af709ac433aaeb18ceff5586506f4a0

SHA512
fc813974a7e2da64f258f021e8ce054877e26fb03c74a2ed6a8c0a027b64130648556d821004bc798e4365b0ec4ece0abe6e9ed225e2526cb210a3ac3479503d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
335B

MD5
1d35d85f25388ac976bf1f75b9bddc76

SHA1
4fcff664ea7e3314a2737c326ab8570a823d6c1e

SHA256
57cf78491cbd1c9d09a25938e83c378df63277c341070d5059e15a0b06f45e79

SHA512
d8eef955666fb7d4d99970af84501a7be4483bbc573b65efed9941ff36caeec81cd5a5dc51811daf29a5194db17efd8b635e3dd6fa7aefb97c8272b8e3028465

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
2f111a0fb4fa1ae5f45a673459cb327c

SHA1
5ce725df264fdbb149f6337cbd95257252c0ab69

SHA256
f99d2f6bac6831f048bce84f51d788faf57bb613f2136f219152c7b78328ea79

SHA512
ccd46b6b1b1d9c7040b9ff7207defdc37f24052ef10b6e2a427adc7880ca7f61fbf1f8c292865c4125d3f05f4734a89182ebf696750d9c59b4df5e0bb1b57f81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
678215576e4ba159ab0571159936fb07

SHA1
923a8dcb386346f9d787b3b6a1efe37a2f087e0d

SHA256
2f48ea3c1eae347d622c76167f577bc258f48c8804aa150549cf2c12be309584

SHA512
938e59d1982f86b5c6b66a9e6bb49b8ea1e9bfc18d960c89891404411a6c5b782b85d7f9a1dd129b49db34c91fe94d09a1c8a77c0d25503192d14c4aa686662e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
529fffc15b5ada3b0ac1ccb51c9f7f53

SHA1
4b798bb49d0871163af1415cb0ab0478753d8a47

SHA256
533cc9813f0718c4dfd9c7caaf1367dd244ddb262e5db92fd51f6f2b391c6724

SHA512
e0feb338b29c471f706364e7621770665a0bb5983e8b7e20817fe4b7359cadf678257db7d490f7d78df1d16805e4d1f345a91df1c9c96e9fdc275b1f69e6b19f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\f_000001

Filesize
19KB

MD5
9776cb5c65e3fe76b219b84b0f3b4bd4

SHA1
de3d833fe499f379ff0e1ce7cc88a97b9a68a3e7

SHA256
f474b99ab1a3c5165b5d0b2c491b2dabce5b97c17d2451c3e3a25091f2b3b39a

SHA512
ea412c5687ac0449a28bb95ceed7f463f1a072793df5a987c6c3d33d5ebe3e6e09486b79f7660184a760bc0febc0759a0749af988db0a9ef3223bd53c9652b83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\f_000002

Filesize
17KB

MD5
a64d32d35f08881fc241e1a54b1d9c62

SHA1
2543fc5865e2d7458fc24d55e0743b9276598bcd

SHA256
b22fa8fa318db9254464b589950eb3508cd35a798eea2588f03dfc13d663388a

SHA512
cdcef8619607fe1d776fe7f1810cde7119b1e1c601e30c0324884027ecb1f1c243f07d7ab973630a9bc17eee4328fa2853cac86fbf369cf00922220cc8279563

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
2d73e447df66485b74471834a9095fc6

SHA1
935f589cdfa08017326c361ac605edf02ec9daf1

SHA256
48e87d8b9679bd78ba58405dbf57f0baab3584c08578ac841632bf38482815bb

SHA512
8e866970a302ddd728e8af53e2c700e3cf8a57d2af64dd84301c6df46dd699682c058bbe2c35dfa5240bf9810c705837010e2dee2cc35fbc17c5359abd3e2751

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
272KB

MD5
150fd1f028cd76c20ae74e2afbf7108e

SHA1
04d7cc2e6fc875115615c1e297b2a2e2c9eab22f

SHA256
0bfda3ed0b75481c4f8cbf2e35163b7384c1897ddcb201df3c112ffd5e70c196

SHA512
57ee05fb260131909bcc92bdd1ab2ee7f32a5fb514cb9e6d09fc436dc0e2befda5378431058709f734c11864da3c5667d86600e046b05af70ef39d2e6619adfe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
272KB

MD5
68fec607dceac1ba899b42135f116c13

SHA1
58a90d1003ff279abbcec2beca8cbfa452bacee6

SHA256
b83979dbcd8b7926c418c69f68bd70b2635e5548c9e995cdc52af20e4cbe01ad

SHA512
91a0cc3cb6688c6bfa0286d2518ac870812fff355d23542b2583450c532a2f325fb49c3a3c2f3a7392a402eb3c4796f377eb12882f89b720bca8ab42c82e3425

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
108KB

MD5
57476ac5140f449e4e5afd7b86fa5aa5

SHA1
a54c9dfaf8c7d692756201c84cb3d1c97941217e

SHA256
da6ad6ce457654fe07120b8232b3df41f6b59e5c02de451acb895aa5547a0687

SHA512
cd36bbc3a8b0df4b060611db06e43233f82e48e7af102cc89d9638e7c4ce2d4c1aaa5704c03f31dddd0196c76e11fae88551a66bee09a108f59d763f0557e9af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\bf71e95d-73cb-4f53-b2ed-f7aa079d1d27.tmp

Filesize
112KB

MD5
a5b64c238584c81938650c98de8d8080

SHA1
a46d38c898ab4240e1ddbe1ef859a17b27beb5a7

SHA256
041acc259ba637a451d7628f0f49cd8123df34f7bdd0a72727f94b5f11739b53

SHA512
33969cc2ebc2385d3aec271e41d45b6141dc7856fdfee1e00e469efba6d9dfd6294bbad32d2bc97f1c0d83eef1c0eb7d4f2b86e5f20db7b7495b38e760b1207c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Desktop\cookies_netscape.txt

Filesize
607B

MD5
b7ba49dba0c5109a748da300bf91c0e8

SHA1
a95612b207ebf633f8e3a6d92f47f12ece4ba484

SHA256
dc923673fab875a86691ab517052ec60b68f673e8de0305b31875c0c6865a765

SHA512
35e07bea8f2ae15412d6639c81125b921e6aa9b966508dafcc7348a3e59e2fa180302deb85be5ed3140da4c470b2bdad06ff2d97d5e6b14ac269a60056fec469

Download Submit
C:\Users\Admin\Desktop\downloads.json

Filesize
187B

MD5
eb8c44a71541dd628434650a6c619314

SHA1
10b9eb96741351c1ade370fc57aa0d7cd8865f05

SHA256
1f6faff0c1106167554cf5175d0c7913e85679c659aee9b9e9139d2a46840253

SHA512
8df38c7963c450eaf086f8ab342b4c579e8d543321ebd9a98832655a6d1aa8bdfcd047a31d74c1560f8d36c7c32e09c175ba1b0ab0f9eb64c6bb823635ef4ce2

Download Submit
C:\Users\Admin\Downloads\discord.json

Filesize
4B

MD5
37a6259cc0c1dae299a7866489dff0bd

SHA1
2be88ca4242c76e8253ac62474851065032d6833

SHA256
74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b

SHA512
04f8ff2682604862e405bf88de102ed7710ac45c1205957625e4ee3e5f5a2241e453614acc451345b91bafc88f38804019c7492444595674e94e8cf4be53817f

Download Submit
C:\Users\Admin\Downloads\grabber.exe

Filesize
7.6MB

MD5
fb08e61e41c768e1496930ae02efdd0d

SHA1
321ae76e143335bb07168cf7ad7c8b3f160aff9d

SHA256
498ce65ac79c33fd3a622ac5b53bd5ee5c2dacea0a82347327c10ceb742af76f

SHA512
16ef5d62e217ac6ff0149cdbf99ce1f7bda7c280166cba08691edaf429ee55c9d81f7331606a7b5de43120b03a2953a85a5536252721e237c1116bd4dd0ac91f

Download Submit
C:\Users\Admin\Downloads\hazard-nuker-mirror-1.4.7.zip.crdownload

Filesize
168KB

MD5
dc54846d5faaad00f3d036b56c69915e

SHA1
cadbdc67df4ba3e08844c4271cc9c27ef693166a

SHA256
810adc0e7d917fce8aa7a1c5180156cbb909da018d067e765600bd4b03c15180

SHA512
eac0be03a0fe173ac25c23f8036e4ae325d8a01f1dfd59e25626ec06e26ddab01799b050f79afe558f3ebf495d0ff9d9d5440f0f068fb4ade7b4978d3274e615

Download Submit
memory/1900-216-0x00007FF7EF5E0000-0x00007FF7EFE13000-memory.dmp

Filesize
8.2MB

Download
memory/3176-206-0x00007FF7EF5E0000-0x00007FF7EFE13000-memory.dmp

Filesize
8.2MB

Download
memory/4780-186-0x00007FF7EF5E0000-0x00007FF7EFE13000-memory.dmp

Filesize
8.2MB

Download