Analysis
-
max time kernel
1190s -
max time network
1687s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
-
submitted
27-04-2024 19:45
General
-
Target
https://github.com/Da2dalus/The-MALWARE-Repo/tree/master/Trojan
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 2 IoCs
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
-
Downloads MZ/PE file
-
Manipulates Digital Signatures 1 TTPs 64 IoCs
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
Modifies AppInit DLL entries 2 TTPs
-
Modifies Installed Components in the registry 2 TTPs 64 IoCs
-
Registers new Print Monitor 2 TTPs 10 IoCs
-
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 1 IoCs
-
UPX packed file 61 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Drops desktop.ini file(s) 2 IoCs
-
Installs/modifies Browser Helper Object 2 TTPs 3 IoCs
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Maps connected drives based on registry 3 TTPs 1 IoCs
Disk information is often read in order to detect sandboxing environments.
-
Modifies WinLogon 2 TTPs 64 IoCs
-
AutoIT Executable 47 IoCs
AutoIT scripts compiled to PE executables.
-
Drops file in System32 directory 16 IoCs
-
Sets desktop wallpaper using registry 2 TTPs 2 IoCs
-
Suspicious use of SetThreadContext 7 IoCs
-
Drops file in Program Files directory 7 IoCs
-
Drops file in Windows directory 18 IoCs
-
Checks SCSI registry key(s) 3 TTPs 64 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies Control Panel 64 IoCs
-
Modifies Internet Explorer Protected Mode 1 TTPs 1 IoCs
-
Modifies Internet Explorer settings 1 TTPs 64 IoCs
-
Modifies Internet Explorer start page 1 TTPs 2 IoCs
-
Modifies data under HKEY_USERS 8 IoCs
-
Modifies registry class 16 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 5 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of SetWindowsHookEx 8 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 5 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\System32\spoolsv.exeC:\Windows\System32\spoolsv.exe1⤵
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Da2dalus/The-MALWARE-Repo/tree/master/Trojan2⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff941909758,0x7ff941909768,0x7ff9419097783⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=1788,i,15966119334963349254,2795884517376594923,131072 /prefetch:23⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1816 --field-trial-handle=1788,i,15966119334963349254,2795884517376594923,131072 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2052 --field-trial-handle=1788,i,15966119334963349254,2795884517376594923,131072 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2856 --field-trial-handle=1788,i,15966119334963349254,2795884517376594923,131072 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2864 --field-trial-handle=1788,i,15966119334963349254,2795884517376594923,131072 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 --field-trial-handle=1788,i,15966119334963349254,2795884517376594923,131072 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 --field-trial-handle=1788,i,15966119334963349254,2795884517376594923,131072 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1512 --field-trial-handle=1788,i,15966119334963349254,2795884517376594923,131072 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3824 --field-trial-handle=1788,i,15966119334963349254,2795884517376594923,131072 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4728 --field-trial-handle=1788,i,15966119334963349254,2795884517376594923,131072 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5048 --field-trial-handle=1788,i,15966119334963349254,2795884517376594923,131072 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1588 --field-trial-handle=1788,i,15966119334963349254,2795884517376594923,131072 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1504 --field-trial-handle=1788,i,15966119334963349254,2795884517376594923,131072 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5728 --field-trial-handle=1788,i,15966119334963349254,2795884517376594923,131072 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5764 --field-trial-handle=1788,i,15966119334963349254,2795884517376594923,131072 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5048 --field-trial-handle=1788,i,15966119334963349254,2795884517376594923,131072 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5576 --field-trial-handle=1788,i,15966119334963349254,2795884517376594923,131072 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3776 --field-trial-handle=1788,i,15966119334963349254,2795884517376594923,131072 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4520 --field-trial-handle=1788,i,15966119334963349254,2795884517376594923,131072 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 --field-trial-handle=1788,i,15966119334963349254,2795884517376594923,131072 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2944 --field-trial-handle=1788,i,15966119334963349254,2795884517376594923,131072 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1452 --field-trial-handle=1788,i,15966119334963349254,2795884517376594923,131072 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\Downloads\VeryFun.exe"C:\Users\Admin\Downloads\VeryFun.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe"4⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe"4⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies WinLogon for persistence
- Manipulates Digital Signatures
- Modifies Installed Components in the registry
- Checks computer location settings
- Checks whether UAC is enabled
- Installs/modifies Browser Helper Object
- Maps connected drives based on registry
- Modifies WinLogon
- Sets desktop wallpaper using registry
- Checks SCSI registry key(s)
- Modifies Control Panel
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe"4⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe"4⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe"4⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe"4⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe"4⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4508 --field-trial-handle=1788,i,15966119334963349254,2795884517376594923,131072 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x2bc1⤵
-
C:\Windows\Explorer.EXE"C:\Windows\Explorer.EXE" /LOADSAVEDWINDOWS1⤵
- Modifies Installed Components in the registry
- Drops desktop.ini file(s)
- Sets desktop wallpaper using registry
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies registry class
-
C:\Windows\System32\ie4uinit.exe"C:\Windows\System32\ie4uinit.exe" -UserConfig2⤵
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies Internet Explorer Protected Mode
- Modifies Internet Explorer settings
-
C:\Windows\System32\ie4uinit.exeC:\Windows\System32\ie4uinit.exe -ClearIconCache3⤵
-
C:\Windows\system32\RunDll32.exeC:\Windows\system32\RunDll32.exe C:\Windows\system32\migration\WininetPlugin.dll,MigrateCacheForUser /m /04⤵
-
C:\Windows\system32\RunDll32.exeC:\Windows\system32\RunDll32.exe C:\Windows\system32\migration\WininetPlugin.dll,MigrateCacheForUser /m /04⤵
-
C:\Windows\System32\unregmp2.exe"C:\Windows\System32\unregmp2.exe" /FirstLogon2⤵
- Drops file in Windows directory
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level2⤵
- Drops file in Windows directory
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x250,0x254,0x258,0x22c,0x25c,0x7ff74f8d7688,0x7ff74f8d7698,0x7ff74f8d76a83⤵
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\Google\Chrome\Application\master_preferences" --create-shortcuts=2 --install-level=03⤵
- Drops file in Windows directory
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x264,0x268,0x26c,0x240,0x270,0x7ff74f8d7688,0x7ff74f8d7698,0x7ff74f8d76a84⤵
-
C:\Windows\System32\spoolsv.exeC:\Windows\System32\spoolsv.exe1⤵
- Registers new Print Monitor
- Drops file in System32 directory
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
-
C:\Windows\Explorer.EXE"C:\Windows\Explorer.EXE" /LOADSAVEDWINDOWS1⤵
- Modifies Installed Components in the registry
- Drops desktop.ini file(s)
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies registry class
Network
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
6Registry Run Keys / Startup Folder
4Winlogon Helper DLL
2Browser Extensions
1Privilege Escalation
Boot or Logon Autostart Execution
6Registry Run Keys / Startup Folder
4Winlogon Helper DLL
2Defense Evasion
Modify Registry
12Subvert Trust Controls
1SIP and Trust Provider Hijacking
1Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files\Google\Chrome\Application\SetupMetrics\7471075a-5c63-4015-9dd9-06f8c2d871e1.tmpFilesize
488B
MD56d971ce11af4a6a93a4311841da1a178
SHA1cbfdbc9b184f340cbad764abc4d8a31b9c250176
SHA256338ddefb963d5042cae01de7b87ac40f4d78d1bfa2014ff774036f4bc7486783
SHA512c58b59b9677f70a5bb5efd0ecbf59d2ac21cbc52e661980241d3be33663825e2a7a77adafbcec195e1d9d89d05b9ccb5e5be1a201f92cb1c1f54c258af16e29f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
2KB
MD5f012da25e4efa785944d6b15a99b00de
SHA17cff26f8dc98a9d646a944989e2ad0752b2647a5
SHA25645320a715cd1e4a12c9078cdaebf2486ae057c3c5c44e7e8016408720959f799
SHA512d02bf6fea556948f78f31b2fc50612296072fb2262be5e777af12c59763d5dbf3ba557e362d95f9abf65e86da99b774e8f64d4fc24972e322b6340602501e035
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
2KB
MD52ba3e180120387f4849e8a5acf421ba3
SHA148ddbcbaa7107a28b8d1b8899947cf1872161de6
SHA2563c5625ec2516c323a6f81ab0c48e707ced90774fb0256bb5b909e639914f0618
SHA512a64bd323f26e496124ef4eab16e2c7428322822398099331b2e0848f8453b93c19caad8bf6371ca8868fa1b5e5641c3fb40ad40298d2eb00a440d2bf7be58b61
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\402758e8-1f67-48bc-a689-0290b0748cee.tmpFilesize
1KB
MD5f322799722e29d398256357ac0e7e971
SHA1c4ed88095a283bc353eea2a2ae24bddc0f259db1
SHA25623545155945d56e58653d30de523693f9657d59408112893659519a83e005d15
SHA512823956aa2f64164fe2db4cc4ab1d296edebd6347ec28d909522c11937f0820211914adc328a99577363d32b7e55a7614cad3a7ee636c5e3cce1e95172e6e0038
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\85246e5b-89cf-402f-a192-1ed5592cb0c9.tmpFilesize
1KB
MD5683f4cfe92c22f5dafd161fe5eb7059c
SHA13db21c4e5d3d2714e922c38c6fe13b0295793845
SHA256c6573d9d1ccc72d416b9075fbf8ba578b2c48cf5bdf39799d4f92d6f559428b2
SHA5120289b1a3308cbcbb02670dca8e6d2165268c0e06fbb484e1a182f31efc14cc0e538cb4b1d4846bc4d0f6de3f149ead377e37625526bc8d5d5265372f7e04f7b1
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
2KB
MD58c573f558c7f2ae27d708143eafcc491
SHA13b4f86525b26aa3868fa8774b537df7011c36800
SHA256b4c2072ce7cc8379437c81742e31f26725f1f7ab3eca8ceb0ba94e24b7c71a88
SHA512016ff28c4d45ed45fdc50c48e84782719ff7f6dd80cda5346e71c66d01dc7d998d5f0af0c1d79d30486308083604b29a975c2386be683ab6dc7d28645f15926e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
3KB
MD5d4426885b4a5f3283a118ca4b56ce88c
SHA1bbfe3914e2e55e68f11479f1f2ee8611738da104
SHA256f541d07df063689aeb84035ef5e9b549441a5649312f46b28768a08e3567dc63
SHA51253a5d1fbdeecad974e158487689639682d699db6064dd03e3b3b1cfb808ad9a581ff897bf11bb8e5a97b2eb68a9b82b3668194ec8d5b409606d15c30a41ba993
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
3KB
MD5c591e7528cef5816a4f55c6378a50edf
SHA1e351d76329ea29b5a2ae9b29b5d7542603459b7a
SHA25656d99a26ab78bb777a9770f220eab437001d523b9f9bd320428620cd0a33aeef
SHA512bca1cb4782401f98027905ba8f2e7dd217ba802b24dfa3ccb468381e0ce147bc441e6725e59dd87ac64f67408ade4de5fe95711173dce3190dae7db14e7cdab0
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
3KB
MD5e613fcb07704c73fc2d487ffe00015a2
SHA138c4b00cba439d3576cc7e8f9400f2c7ab696cdd
SHA256ad04cb2789f8a030619327c77e8ab721e010fe051eca4a7120650b69a6d4a736
SHA512cfd912e92c75c1ca73df0bf7228e4ea161bfae860daa036a42234eb05fa81b7e8b6458a308e1532144fcb046f8ccd0c2df2f35033053a9d86f705fff1ea16836
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD5c1daf59ef1a7617d127a95db37cd80ea
SHA16f46d89b309902e7f3f4f1132da0645c187a6503
SHA256e68793e0a9c338db742c1acb848329857d860f9ef9228e0fb09041b5fa593bd5
SHA5127306fce68dc6ec986005eaf3e248e088a1fc8dcb485468d85271b76877572491fdbe5200e830d6b6a78a5517e6d768d49ba25daf69a607fd458e56f045922ede
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD5b1efa134492ce359cd0cae76016cfafa
SHA172dc2740a5eeb2860ed5379915316be6f00310ab
SHA256e640067460691c7b96c8d9271dbc24dbb54b2141dcac9740d70f467c2cfe3c30
SHA51217e710679246d594233f8833ce1f59e7a4f7b32b0c379d45bb3065eb3865cb4d85ad256f2323b80ced39e4da79c71bfa111b154ad615ecfe2b03866569d52bb4
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD570382121603e1a67ca1fbcaa7b6603fe
SHA1d14c5b938820b2428f9ac822db8201584bd3afea
SHA256deda000de22673c86e3e26d45d62a5718f336d1b7814c37ef20b13d32d4a4a8a
SHA5124e1410d46b2a9c86034208003af853821573ec358a5661e3e26d08a539d5048a9e7bfe9827811c8fefe62a58836e832e5e277e7414d88646cb2d81e70b0234c8
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD5fae400a97f1565ccfe3c2b90a7679954
SHA1f526a9a3a8c2c7cdf1dc1772dea415bc4a6565ee
SHA256f4b61bd4b35cc8ce89bf60b2f1073e969b48b84490a0e0cc5fb1ac45763e31c9
SHA512341db9d4ff864cbaf0d1db671b2255185c4f4ee69d0c66159c3a67160f0f92abedd226fc90066dad43fe166877cc7a7ae3e389f4d45e20e26e6043601cdb9025
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD547168dc288100d334e9d24ec21b443ee
SHA1fd89034a676236f3ef86d95f42f7157919216c1c
SHA25686e3c3d533e2e34aa925b8ca583730be617b79e5434759a2a0add447a5cdab19
SHA5123bf8931f9545691eddaaf57fdce047baf09809b7edff735c9bd274f630d1abfe3f1d355831bd31199f2bb0b4cffbbeb3908d69b713ce1b7569a556ece56e4838
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
5KB
MD54ce0029d110bfd4d1def0f01508e45ba
SHA1c64eb3ea008ec5d5748f2fc69378ea2bf3176e75
SHA25658c1c0ab350ea78ff3abfb54339046d32a2eb7f79cef5f16fa8cfdaa59ab19cf
SHA512f15b7417b3317c731c76c1565ae61d897b7faabe6b1ad50d08358cd599fea07c67db2bb82c62f7bd21f17fbb6309ca9a0cc4a40c54bfd53b84423f9b7a23acb1
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD5e229edf2218b612063de9598b1bb1980
SHA14315e392cf7836f0a27f53e2a3a15027046db080
SHA256e1d73047a5122ca0a7949832932195d0d60a388b14f6facbd92501ca0a755571
SHA512bc289f0f81c0f7cdcd4925275f0fa4b9834be9e1e8b7bd6ffe462706bed2cdc0c13692bbebf6168f82a36c9575da0c1abbd6f1d11ba990515e875c890bc83eb8
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD5feaffaf23df72a2d9b7ef37d64cc4c57
SHA1d1ea1fc40280caf05483ef60cc2951a1df16f372
SHA256903e4cf2740a1c66b4ea558286dbf1fd593718725b9702360d1cd46763f9e4d9
SHA512bdf4a000da1662e0061c26a44e0532a4ce9818d2c5a7e34989a1b843dce97ca407dda672b4a47fd924d39d6f443745078a0f9f062db5c28406a19c839f47bf4e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD51790f737f309a86ef2e44d6bac5c14f2
SHA1e004e0dc08374ace420179979551f7e9b3f99fca
SHA25672ce71c75082a03757cd671b660cfce9a2cff4ffa11d080020e175adfd6b8fdf
SHA512f6a7eed12afa3da2e29383905be31d1632f0348106505c89e25b23d3f80d6ad08d47fea6cfd9be0e927a94a7cf498ceabed6774eaffc92af971db68b9bc8f1b8
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD59f9aaa6848774cc0193d388f1a9d0764
SHA1696cebb764b6acb70462fe3d8466af439feb4650
SHA256f569961759fac1d092131e1fd558733191cf3d69971ae5ad82cc6af0cbec0de8
SHA5122a2eb086b8949794c32582f59f6a826f6a8551dad60cefb0396849afabe603aec856b03dc7e2c182fbb269cf2300cc9715452c147a673b0f84f79469c82995c4
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
136KB
MD59981835c8ed0ebd8ffafb83e6703f25a
SHA1dddae951b2e293388032fbbec4394c9ee034dc2a
SHA25684fd7e38f1eab0054d9921e98719da4ca43e6b714c57530b0a8abac10df4f85f
SHA5121ccb6395e92a52b774417ee357917de6c7496c1ee016c0552cf1dc62ef5c83c0f7e23558fce2397bde7533b50231cac7acfb00af2a56fc358eba87aec678beaa
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info CacheFilesize
105KB
MD5ae2e860a9951e1690a194af9ec8243f0
SHA10c1d0c4281671196e6e65afcccf6639184f8beb4
SHA256517456fc61f5a0502a523bae00fab37ef7a85b993a806ed0ba5c512305e0cd47
SHA5122845b1dad11d8f8b569e54ec44e61f92e26d3d828e9dff42674ad2a81c9d909932fd16167bcd28003a88338ce6651ae585acf556388c8ab6faa1bdcda89a0017
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info CacheFilesize
114KB
MD55a185737e5169b98c61a3fe23a0f8781
SHA1b050caceed1b51715b558037475d91c01b1af2f0
SHA2565b606ac175cf8d17b32e847b470023b7e61ef7e50c5ab5c84b5c4f6fd26e7630
SHA5124d2fbe49db24ef410d6418fbd95494eb80b567ddb79b2a72a6c1977b1e7af24744fd36a852f2059524faf9c8ac16f12f9ff3ef6edbdcfa08bef0fabe841f050f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info CacheFilesize
107KB
MD5d8cd3618b043a51d279e848cb3a2e684
SHA1aa7aa21c0cf5bb4d51186d7d0b6da2a158e59382
SHA256b1c6dedce50bf88a11be7d2b257bd9f77afca5e95a5db15b74b1d371d8296f2b
SHA512678c297f4a80d09bb25964dd3e84adabacf91a8773ce4898a0685759762edc2fd6c1c921ecb6a640badc62ea51a93e5e43f9075ed3c65de131ab21df5c55b999
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe582342.TMPFilesize
98KB
MD531c73be158838d4cf149617ef8f5f13c
SHA14e03e89cd3aad60d34f67bc421042e5ffb28b4aa
SHA25647d9c7bfc375fae693cd3ee12a514b22d37159ac9cf01adec61d5942e4267274
SHA512bdb6355bd0980f9810e9e2647f3f1382d1368797813f5ded7263411f54147a145eb5e742126a33188f1f79ba3afdc9b034417def2dd3352c4f1513290634b896
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ebb5d242-38f5-4878-9a0c-56769e57336b.tmpFilesize
136KB
MD5b596810745e349a3208b158cdf6ac5fb
SHA1ed62e9475c59748a10f4f16f8ca0bb161438de67
SHA2569baa993f77ab98c7086d65d3e951576063c9c1ff0045046f9f7034beffff355d
SHA512aa221f54c3271045e2f989e315b2ef9f342bb69f35be009628c45d74e3c06bd27bd0a03906036b01ab94906f21bc6d2f6dce665873a0254ba5d024dab77cf18a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.jsonFilesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
C:\Users\Admin\Downloads\VeryFun.exeFilesize
3.0MB
MD5ef7b3c31bc127e64627edd8b89b2ae54
SHA1310d606ec2f130013cc9d2f38a9cc13a2a34794a
SHA2568b04fda4bee1806587657da6c6147d3e949aa7d11be1eefb8cd6ef0dba76d387
SHA512a11eadf40024faeb2cc111b8feee1b855701b3b3f3c828d2da0ae93880897c70c15a0ee3aeb91874e5829b1100e0abafec020e0bf1e82f2b8235e9cc3d289be5
-
C:\Windows\RGIBD9D.tmpFilesize
24KB
MD5dd4f5026aa316d4aec4a9d789e63e67b
SHA1fe41b70acbcba7aa0b8a606fe82bcfde9a7bf153
SHA2568d7e6cee70d6035c066b93143461d5f636e144373f5c46bc10a8935d306e0737
SHA5123f18e86d8d5119df6df0d914ebf43c1a6dadb3fdeff8002940a02d0a3d763e779068a682ee6bafe650b6c371d4be2e51e01759ec5b950eef99db5499e3a6c568
-
C:\Windows\RGIBDC1.tmpFilesize
3KB
MD5a828b8c496779bdb61fce06ba0d57c39
SHA12c0c1f9bc98e29bf7df8117be2acaf9fd6640eda
SHA256c952f470a428d5d61ed52fb05c0143258687081e1ad13cfe6ff58037b375364d
SHA512effc846e66548bd914ad530e9074afbd104fea885237e9b0f0f566bd535996041ec49fb97f4c326d12d9c896390b0e76c019b3ace5ffeb29d71d1b48e83cbaea
-
C:\Windows\TEMP\Crashpad\settings.datFilesize
40B
MD5b9a83fa3b5da8f332d5124d46cd8dc51
SHA1ba591e42a682668729ba65d12ce5d6fe4600a19a
SHA256e5a5728c138e29a910eeaddea58aba0b8d3a5bdb325226c9c07089a27268c831
SHA51203f91d457fa5df6f68fb45315eeba66828870e8a51b62b80b87cc6d5aae0cdbb1a8d8c910c92c2e05a1d17dbc650beb4b4a9b96d095e9e0182fae2307bb90d98
-
C:\Windows\debug.logFilesize
1KB
MD509d31ddcdc89d569d9626e3af6481ee7
SHA1d93934fea120410fb8f4016e6e7faf7e46d7c222
SHA25673d8f21b69a86be23dfb1bba467fef718cb2c86be6a819bc2ed222d010038a72
SHA51202fa8bed8bd3b56f7968fd9579e738039d9673af4cea233ce890e7a72724b4190dc5dfb30f4e3f99341ef340406a6afa3655b65e25ad59f15edceb2c0095debe
-
\??\pipe\crashpad_2916_JEBXDDHHIKDNGYRBMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/308-673-0x0000000000B90000-0x00000000011CD000-memory.dmpFilesize
6.2MB
-
memory/308-691-0x0000000000B90000-0x00000000011CD000-memory.dmpFilesize
6.2MB
-
memory/308-556-0x0000000000B90000-0x00000000011CD000-memory.dmpFilesize
6.2MB
-
memory/308-558-0x0000000000AC0000-0x0000000000ACB000-memory.dmpFilesize
44KB
-
memory/308-557-0x0000000000AB0000-0x0000000000AB1000-memory.dmpFilesize
4KB
-
memory/308-701-0x0000000000B90000-0x00000000011CD000-memory.dmpFilesize
6.2MB
-
memory/308-700-0x0000000000B90000-0x00000000011CD000-memory.dmpFilesize
6.2MB
-
memory/308-593-0x0000000000B90000-0x00000000011CD000-memory.dmpFilesize
6.2MB
-
memory/308-699-0x0000000000B90000-0x00000000011CD000-memory.dmpFilesize
6.2MB
-
memory/308-605-0x0000000000B90000-0x00000000011CD000-memory.dmpFilesize
6.2MB
-
memory/308-698-0x0000000000B90000-0x00000000011CD000-memory.dmpFilesize
6.2MB
-
memory/308-697-0x0000000000B90000-0x00000000011CD000-memory.dmpFilesize
6.2MB
-
memory/308-696-0x0000000000B90000-0x00000000011CD000-memory.dmpFilesize
6.2MB
-
memory/308-695-0x0000000000B90000-0x00000000011CD000-memory.dmpFilesize
6.2MB
-
memory/308-694-0x0000000000B90000-0x00000000011CD000-memory.dmpFilesize
6.2MB
-
memory/308-626-0x0000000000B90000-0x00000000011CD000-memory.dmpFilesize
6.2MB
-
memory/308-693-0x0000000000B90000-0x00000000011CD000-memory.dmpFilesize
6.2MB
-
memory/308-692-0x0000000000B90000-0x00000000011CD000-memory.dmpFilesize
6.2MB
-
memory/308-690-0x0000000000B90000-0x00000000011CD000-memory.dmpFilesize
6.2MB
-
memory/308-689-0x0000000000B90000-0x00000000011CD000-memory.dmpFilesize
6.2MB
-
memory/308-688-0x0000000000B90000-0x00000000011CD000-memory.dmpFilesize
6.2MB
-
memory/308-687-0x0000000000B90000-0x00000000011CD000-memory.dmpFilesize
6.2MB
-
memory/308-646-0x0000000000B90000-0x00000000011CD000-memory.dmpFilesize
6.2MB
-
memory/308-647-0x0000000000B90000-0x00000000011CD000-memory.dmpFilesize
6.2MB
-
memory/308-648-0x0000000000B90000-0x00000000011CD000-memory.dmpFilesize
6.2MB
-
memory/308-649-0x0000000000B90000-0x00000000011CD000-memory.dmpFilesize
6.2MB
-
memory/308-650-0x0000000000B90000-0x00000000011CD000-memory.dmpFilesize
6.2MB
-
memory/308-651-0x0000000000B90000-0x00000000011CD000-memory.dmpFilesize
6.2MB
-
memory/308-686-0x0000000000B90000-0x00000000011CD000-memory.dmpFilesize
6.2MB
-
memory/308-661-0x0000000000B90000-0x00000000011CD000-memory.dmpFilesize
6.2MB
-
memory/308-662-0x0000000000B90000-0x00000000011CD000-memory.dmpFilesize
6.2MB
-
memory/308-663-0x0000000000B90000-0x00000000011CD000-memory.dmpFilesize
6.2MB
-
memory/308-664-0x0000000000B90000-0x00000000011CD000-memory.dmpFilesize
6.2MB
-
memory/308-665-0x0000000000B90000-0x00000000011CD000-memory.dmpFilesize
6.2MB
-
memory/308-666-0x0000000000B90000-0x00000000011CD000-memory.dmpFilesize
6.2MB
-
memory/308-669-0x0000000000B90000-0x00000000011CD000-memory.dmpFilesize
6.2MB
-
memory/308-670-0x0000000000B90000-0x00000000011CD000-memory.dmpFilesize
6.2MB
-
memory/308-671-0x0000000000B90000-0x00000000011CD000-memory.dmpFilesize
6.2MB
-
memory/308-672-0x0000000000B90000-0x00000000011CD000-memory.dmpFilesize
6.2MB
-
memory/308-685-0x0000000000B90000-0x00000000011CD000-memory.dmpFilesize
6.2MB
-
memory/308-674-0x0000000000B90000-0x00000000011CD000-memory.dmpFilesize
6.2MB
-
memory/308-684-0x0000000000B90000-0x00000000011CD000-memory.dmpFilesize
6.2MB
-
memory/396-582-0x0000000002600000-0x00000000026F4000-memory.dmpFilesize
976KB
-
memory/396-579-0x0000000002600000-0x00000000026F4000-memory.dmpFilesize
976KB
-
memory/396-583-0x0000000002600000-0x00000000026F4000-memory.dmpFilesize
976KB
-
memory/1516-588-0x0000000002730000-0x000000000283C000-memory.dmpFilesize
1.0MB
-
memory/1516-591-0x0000000002730000-0x000000000283C000-memory.dmpFilesize
1.0MB
-
memory/1516-592-0x0000000002730000-0x000000000283C000-memory.dmpFilesize
1.0MB
-
memory/2228-619-0x0000000002B00000-0x0000000002C0C000-memory.dmpFilesize
1.0MB
-
memory/2228-615-0x0000000002B00000-0x0000000002C0C000-memory.dmpFilesize
1.0MB
-
memory/2228-618-0x0000000002B00000-0x0000000002C0C000-memory.dmpFilesize
1.0MB
-
memory/2592-641-0x0000000002D00000-0x0000000002E0C000-memory.dmpFilesize
1.0MB
-
memory/2592-644-0x0000000002D00000-0x0000000002E0C000-memory.dmpFilesize
1.0MB
-
memory/2592-645-0x0000000002D00000-0x0000000002E0C000-memory.dmpFilesize
1.0MB
-
memory/3432-640-0x0000000002620000-0x000000000272C000-memory.dmpFilesize
1.0MB
-
memory/3432-639-0x0000000002620000-0x000000000272C000-memory.dmpFilesize
1.0MB
-
memory/3432-636-0x0000000002620000-0x000000000272C000-memory.dmpFilesize
1.0MB
-
memory/4392-620-0x0000000003300000-0x000000000349C000-memory.dmpFilesize
1.6MB
-
memory/4392-565-0x0000000003300000-0x000000000349C000-memory.dmpFilesize
1.6MB
-
memory/4392-569-0x0000000010000000-0x0000000010013000-memory.dmpFilesize
76KB
-
memory/4392-563-0x0000000003300000-0x000000000349C000-memory.dmpFilesize
1.6MB
-
memory/4392-559-0x0000000003300000-0x000000000349C000-memory.dmpFilesize
1.6MB
-
memory/4392-564-0x0000000003300000-0x000000000349C000-memory.dmpFilesize
1.6MB
-
memory/4392-566-0x0000000010000000-0x0000000010013000-memory.dmpFilesize
76KB
-
memory/4392-568-0x0000000010000000-0x0000000010013000-memory.dmpFilesize
76KB