085b6dbdaac8d0ef9ab76dfa2e958b730f39db18a71219215c54867037badc60

Analysis

max time kernel
161s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
29-04-2024 20:46

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

virus_scan_logo.png
Size

41KB
MD5

c011777c94a1cb4bae85a4d523e2c252
SHA1

41ccd278bab038873102738c638102ee71baddfb
SHA256

085b6dbdaac8d0ef9ab76dfa2e958b730f39db18a71219215c54867037badc60
SHA512

37d940cfb5990b0a51308a796b898bc35d06d0120abf66fe0f283b3214520d02d6a5d5d72ead5c81a297e83343899eba1a4f502135bd96f5d32c4a600302846c
SSDEEP

768:7TLsVAwQONOwHKsfQ52U/UThrZsTC47s/zXQtX8bFiubeVjPdlPnXoFzi/:7GAwNNOOQ5chGn7MbWX89eL7nwC

Score

10^/10

evasion persistence ransomware trojan

Malware Config

Signatures

UAC bypass 3 TTPs 1 IoCs

evasion trojan

Bypass User Account Control

T1548.002

Disable or Modify Tools

T1562.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe

Disables Task Manager via registry modification
evasion
Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	Baldi.exe

Executes dropped EXE 5 IoCs

pid	Process
2252	HorrorTrojan123.exe
4080	HorrorTrojan123.exe
2528	BaldiTrojan-x64.exe
924	Baldi.exe
2004	DisableUAC.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\GG.exe = "C:\\Baldi\\Baldi.exe"	Baldi.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
103	raw.githubusercontent.com
104	raw.githubusercontent.com
163	raw.githubusercontent.com
164	raw.githubusercontent.com

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\Desktop\Wallpaper = "C:\\Baldi\\lol.png"	Baldi.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 1 IoCs

installer

resource	yara_rule
behavioral1/files/0x0009000000023546-760.dat	nsis_installer_2

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
408	taskkill.exe

Modifies Control Panel 2 IoCs

evasion

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\desktop	Baldi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\Desktop\TileWallpaper = "0"	Baldi.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133588971970941316"	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "154"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2712	chrome.exe
2712	chrome.exe
2964	chrome.exe
2964	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2252	HorrorTrojan123.exe
2252	HorrorTrojan123.exe
4080	HorrorTrojan123.exe
4080	HorrorTrojan123.exe
4992	OpenWith.exe
3908	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2712 wrote to memory of 1096	2712	chrome.exe	89
PID 2712 wrote to memory of 1096	2712	chrome.exe	89
PID 2712 wrote to memory of 4568	2712	chrome.exe	90
PID 2712 wrote to memory of 4568	2712	chrome.exe	90
PID 2712 wrote to memory of 4568	2712	chrome.exe	90
PID 2712 wrote to memory of 4568	2712	chrome.exe	90
PID 2712 wrote to memory of 4568	2712	chrome.exe	90
PID 2712 wrote to memory of 4568	2712	chrome.exe	90
PID 2712 wrote to memory of 4568	2712	chrome.exe	90
PID 2712 wrote to memory of 4568	2712	chrome.exe	90
PID 2712 wrote to memory of 4568	2712	chrome.exe	90
PID 2712 wrote to memory of 4568	2712	chrome.exe	90
PID 2712 wrote to memory of 4568	2712	chrome.exe	90
PID 2712 wrote to memory of 4568	2712	chrome.exe	90
PID 2712 wrote to memory of 4568	2712	chrome.exe	90
PID 2712 wrote to memory of 4568	2712	chrome.exe	90
PID 2712 wrote to memory of 4568	2712	chrome.exe	90
PID 2712 wrote to memory of 4568	2712	chrome.exe	90
PID 2712 wrote to memory of 4568	2712	chrome.exe	90
PID 2712 wrote to memory of 4568	2712	chrome.exe	90
PID 2712 wrote to memory of 4568	2712	chrome.exe	90
PID 2712 wrote to memory of 4568	2712	chrome.exe	90
PID 2712 wrote to memory of 4568	2712	chrome.exe	90
PID 2712 wrote to memory of 4568	2712	chrome.exe	90
PID 2712 wrote to memory of 4568	2712	chrome.exe	90
PID 2712 wrote to memory of 4568	2712	chrome.exe	90
PID 2712 wrote to memory of 4568	2712	chrome.exe	90
PID 2712 wrote to memory of 4568	2712	chrome.exe	90
PID 2712 wrote to memory of 4568	2712	chrome.exe	90
PID 2712 wrote to memory of 4568	2712	chrome.exe	90
PID 2712 wrote to memory of 4568	2712	chrome.exe	90
PID 2712 wrote to memory of 4568	2712	chrome.exe	90
PID 2712 wrote to memory of 4568	2712	chrome.exe	90
PID 2712 wrote to memory of 3676	2712	chrome.exe	91
PID 2712 wrote to memory of 3676	2712	chrome.exe	91
PID 2712 wrote to memory of 3824	2712	chrome.exe	92
PID 2712 wrote to memory of 3824	2712	chrome.exe	92
PID 2712 wrote to memory of 3824	2712	chrome.exe	92
PID 2712 wrote to memory of 3824	2712	chrome.exe	92
PID 2712 wrote to memory of 3824	2712	chrome.exe	92
PID 2712 wrote to memory of 3824	2712	chrome.exe	92
PID 2712 wrote to memory of 3824	2712	chrome.exe	92
PID 2712 wrote to memory of 3824	2712	chrome.exe	92
PID 2712 wrote to memory of 3824	2712	chrome.exe	92
PID 2712 wrote to memory of 3824	2712	chrome.exe	92
PID 2712 wrote to memory of 3824	2712	chrome.exe	92
PID 2712 wrote to memory of 3824	2712	chrome.exe	92
PID 2712 wrote to memory of 3824	2712	chrome.exe	92
PID 2712 wrote to memory of 3824	2712	chrome.exe	92
PID 2712 wrote to memory of 3824	2712	chrome.exe	92
PID 2712 wrote to memory of 3824	2712	chrome.exe	92
PID 2712 wrote to memory of 3824	2712	chrome.exe	92
PID 2712 wrote to memory of 3824	2712	chrome.exe	92
PID 2712 wrote to memory of 3824	2712	chrome.exe	92
PID 2712 wrote to memory of 3824	2712	chrome.exe	92
PID 2712 wrote to memory of 3824	2712	chrome.exe	92
PID 2712 wrote to memory of 3824	2712	chrome.exe	92
PID 2712 wrote to memory of 3824	2712	chrome.exe	92
PID 2712 wrote to memory of 3824	2712	chrome.exe	92
PID 2712 wrote to memory of 3824	2712	chrome.exe	92
PID 2712 wrote to memory of 3824	2712	chrome.exe	92
PID 2712 wrote to memory of 3824	2712	chrome.exe	92
PID 2712 wrote to memory of 3824	2712	chrome.exe	92
PID 2712 wrote to memory of 3824	2712	chrome.exe	92

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\virus_scan_logo.png
1⤵
PID:1252

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7fff27dbab58,0x7fff27dbab68,0x7fff27dbab78
  2⤵
  PID:1096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=1916,i,5225145385934056225,18364117712002145848,131072 /prefetch:2
  2⤵
  PID:4568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1916,i,5225145385934056225,18364117712002145848,131072 /prefetch:8
  2⤵
  PID:3676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2244 --field-trial-handle=1916,i,5225145385934056225,18364117712002145848,131072 /prefetch:8
  2⤵
  PID:3824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3000 --field-trial-handle=1916,i,5225145385934056225,18364117712002145848,131072 /prefetch:1
  2⤵
  PID:1676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3016 --field-trial-handle=1916,i,5225145385934056225,18364117712002145848,131072 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3644 --field-trial-handle=1916,i,5225145385934056225,18364117712002145848,131072 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4584 --field-trial-handle=1916,i,5225145385934056225,18364117712002145848,131072 /prefetch:8
  2⤵
  PID:1400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4552 --field-trial-handle=1916,i,5225145385934056225,18364117712002145848,131072 /prefetch:8
  2⤵
  PID:2716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4724 --field-trial-handle=1916,i,5225145385934056225,18364117712002145848,131072 /prefetch:8
  2⤵
  PID:3432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4856 --field-trial-handle=1916,i,5225145385934056225,18364117712002145848,131072 /prefetch:8
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4840 --field-trial-handle=1916,i,5225145385934056225,18364117712002145848,131072 /prefetch:8
  2⤵
  PID:1184
- C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:4348
- - C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff61be1ae48,0x7ff61be1ae58,0x7ff61be1ae68
    3⤵
    PID:3664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4848 --field-trial-handle=1916,i,5225145385934056225,18364117712002145848,131072 /prefetch:1
  2⤵
  PID:3060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3272 --field-trial-handle=1916,i,5225145385934056225,18364117712002145848,131072 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3364 --field-trial-handle=1916,i,5225145385934056225,18364117712002145848,131072 /prefetch:1
  2⤵
  PID:764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3492 --field-trial-handle=1916,i,5225145385934056225,18364117712002145848,131072 /prefetch:1
  2⤵
  PID:3628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 --field-trial-handle=1916,i,5225145385934056225,18364117712002145848,131072 /prefetch:8
  2⤵
  PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3004 --field-trial-handle=1916,i,5225145385934056225,18364117712002145848,131072 /prefetch:8
  2⤵
  PID:3936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4480 --field-trial-handle=1916,i,5225145385934056225,18364117712002145848,131072 /prefetch:8
  2⤵
  PID:1916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4836 --field-trial-handle=1916,i,5225145385934056225,18364117712002145848,131072 /prefetch:8
  2⤵
  PID:1784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 --field-trial-handle=1916,i,5225145385934056225,18364117712002145848,131072 /prefetch:8
  2⤵
  PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5292 --field-trial-handle=1916,i,5225145385934056225,18364117712002145848,131072 /prefetch:8
  2⤵
  PID:2372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5308 --field-trial-handle=1916,i,5225145385934056225,18364117712002145848,131072 /prefetch:8
  2⤵
  PID:4032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 --field-trial-handle=1916,i,5225145385934056225,18364117712002145848,131072 /prefetch:8
  2⤵
  PID:728
- C:\Users\Admin\Downloads\HorrorTrojan123.exe
  "C:\Users\Admin\Downloads\HorrorTrojan123.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2252

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:624

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\985642726f1c45508a6cb7a9372504ec /t 4384 /p 2252
1⤵
PID:3248

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:728

C:\Users\Admin\Downloads\HorrorTrojan123.exe
"C:\Users\Admin\Downloads\HorrorTrojan123.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4080

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\432df7bee62b487cb8b49f22cc63c67b /t 1180 /p 4080
1⤵
PID:2028

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff27dbab58,0x7fff27dbab68,0x7fff27dbab78
  2⤵
  PID:3756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1612 --field-trial-handle=1908,i,18277671794497424896,15893181104545670890,131072 /prefetch:2
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1908,i,18277671794497424896,15893181104545670890,131072 /prefetch:8
  2⤵
  PID:2512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2208 --field-trial-handle=1908,i,18277671794497424896,15893181104545670890,131072 /prefetch:8
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3056 --field-trial-handle=1908,i,18277671794497424896,15893181104545670890,131072 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3064 --field-trial-handle=1908,i,18277671794497424896,15893181104545670890,131072 /prefetch:1
  2⤵
  PID:3416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4380 --field-trial-handle=1908,i,18277671794497424896,15893181104545670890,131072 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4500 --field-trial-handle=1908,i,18277671794497424896,15893181104545670890,131072 /prefetch:8
  2⤵
  PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4648 --field-trial-handle=1908,i,18277671794497424896,15893181104545670890,131072 /prefetch:8
  2⤵
  PID:3612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4684 --field-trial-handle=1908,i,18277671794497424896,15893181104545670890,131072 /prefetch:8
  2⤵
  PID:3600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4856 --field-trial-handle=1908,i,18277671794497424896,15893181104545670890,131072 /prefetch:8
  2⤵
  PID:1044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4868 --field-trial-handle=1908,i,18277671794497424896,15893181104545670890,131072 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4560 --field-trial-handle=1908,i,18277671794497424896,15893181104545670890,131072 /prefetch:1
  2⤵
  PID:552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3360 --field-trial-handle=1908,i,18277671794497424896,15893181104545670890,131072 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4780 --field-trial-handle=1908,i,18277671794497424896,15893181104545670890,131072 /prefetch:8
  2⤵
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4432 --field-trial-handle=1908,i,18277671794497424896,15893181104545670890,131072 /prefetch:8
  2⤵
  PID:1560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4444 --field-trial-handle=1908,i,18277671794497424896,15893181104545670890,131072 /prefetch:8
  2⤵
  PID:3224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5244 --field-trial-handle=1908,i,18277671794497424896,15893181104545670890,131072 /prefetch:8
  2⤵
  PID:4108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5084 --field-trial-handle=1908,i,18277671794497424896,15893181104545670890,131072 /prefetch:8
  2⤵
  PID:2660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3288 --field-trial-handle=1908,i,18277671794497424896,15893181104545670890,131072 /prefetch:8
  2⤵
  PID:1140
- C:\Users\Admin\Downloads\BaldiTrojan-x64.exe
  "C:\Users\Admin\Downloads\BaldiTrojan-x64.exe"
  2⤵
  - Executes dropped EXE
  PID:2528
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c CleanZUpdater.bat
    3⤵
    PID:4556
  - - C:\Baldi\Baldi.exe
      C:\Baldi\Baldi.exe
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Adds Run key to start application
      Sets desktop wallpaper using registry
      Modifies Control Panel
      PID:924
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\System32\taskkill.exe" /f /im explorer.exe
        5⤵
        Kills process with taskkill
        
        PID:408
  - - C:\Baldi\DisableUAC.exe
      C:\Baldi\DisableUAC.exe
      4⤵
      Executes dropped EXE
      PID:2004
    - - C:\Windows\system32\cmd.exe
        
        "C:\Windows\system32\cmd" /c "C:\Users\Admin\AppData\Local\Temp\B433.tmp\B434.bat C:\Baldi\DisableUAC.exe"
        5⤵
        
        PID:1200
      - C:\Windows\system32\reg.exe
        
        reg ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v EnableLUA /t REG_DWORD /d 0 /f
        6⤵
        UAC bypass
        
        PID:4812
      - C:\Windows\system32\shutdown.exe
        
        shutdown -r -t 1 -c "BALDI EVIL..."
        6⤵
        
        PID:620

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4568

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3914855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:3908

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
d0df793c4e281659228b2837846ace2d

SHA1
ece0a5b1581f86b175ccbc7822483448ec728077

SHA256
4e5ceefae11a45c397cde5c6b725c18d8c63d80d2ce851fa94df1644169eafc9

SHA512
400a81d676e5c1e8e64655536b23dbae0a0dd47dc1e87e202e065903396e6a106770cec238093d748b9c71b5859edf097ffff2e088b5b79d6a449754140a52ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
f8efddb58274a5cb2ceffe967decf2b4

SHA1
fe29c5cbf2439a63bf831bc1a37a21b913e718cd

SHA256
fc39cccb137355d67a593f41f766a0565fb5fae626e2aad1c1b5a1f5e4bb6d67

SHA512
dcf7e227d13e885a69d87096f3b43fb45b56bbccb8910401ccb6ffb1576203cfbcf22bb87c8857e60c269f6aeadf3dc6ad37a92a73633a876fe7af03ea29d1a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
56e04d24b27d0f9e90f334391e290a83

SHA1
3086510b02fd450e3f995e4db0fd16e1d3177c25

SHA256
0d2f76ba79d9bd499c04b2e3fb63a4bdf8545713e94d4f7b1cee313b75fc21a8

SHA512
c72325b3c6219ad21302d0be923c8d5d605701fa3561acea7d8f4a19d16625108578b5661b39c9b680d69359ca92d43287c48402893370bccbd232111229659d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
4e728d3b92453c69520e4944a108dc98

SHA1
68cb9e108a24e55cb09702bdbf968334cb968fcf

SHA256
e6a1674e076d5d80c43119e50c604d01694ffad1ec48408a8f69cf26da65266c

SHA512
92d0034c183f7536b1f4717b3bbd29e13e1e420e12637631cc259415c51ebd9a3b05496a5135d34fe7653d122d7284976d60b841d66dce27580497e9bcf73f84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
e54e564efbca62006bd5b161a0d06e44

SHA1
2a9edf40cb0cdc8dd1368bab629634e0f75fbeb5

SHA256
19676bb282d8eed8c2f6271cd94f13a567cb2ba9e499120bc8f112b158cdeb7c

SHA512
ef9d7a038dcfe48b87c7aa828ed0cefca9d573eca6a4def58c69861042b95eaa5fef5d9cc635399be466155ae9f9b74ec4b1db676a276e45cea9fa11fc58300f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
34KB

MD5
7ad2988bf267d4f09bc85284c3b79227

SHA1
b5e68683e42281c51050eca45af5c80e83a4c67e

SHA256
d1fcfd38524d9ad97c724c9f1fceee6d911a32b7cc75cc05a1b1afb068c0e8a4

SHA512
a1e6f1d7c4d0d63395c6a3adf47934c21b43b8cead1fce1252aaceb67cc4c8a5889afc39d8651d90937ec48082c93dd8970e363aad00d9f1d036a0c27e0d58a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
115KB

MD5
018b3f6aed9cd4ae0d54711912ed7c88

SHA1
07258bd9798d06d7a9f97fc21d1348087bf83b1b

SHA256
ce201a8761c80efb89b4450aac7c97dc3cd1ab04a6bb933f30a3acd526ce39af

SHA512
9d72eb63d16ae3f5e7b8e5e14e0acd5cfc0b00d115464a3784408f65d2a1603df47d6d7eadfeff166feb99dcc29c96e7198b829b59e4dce7a5ab662710a58afb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
20KB

MD5
923a543cc619ea568f91b723d9fb1ef0

SHA1
6f4ade25559645c741d7327c6e16521e43d7e1f9

SHA256
bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd

SHA512
a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
69KB

MD5
86862d3b5609f6ca70783528d7962690

SHA1
886d4b35290775ceadf576b3bb5654f3a481baf3

SHA256
19e1a1ad6c54fc29a402c10c551fa6e70022cefca6162a10640ee7d9b85783ed

SHA512
f0746c23a06effd14e1e31b0ea7d12156ff92b1f80445aa46e1a4c65cf5df4bc94f6dabe7aead01f1bd6a6c7b851b577a11697a186426a2c8dca897c48515ef0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
323KB

MD5
0c6791868fc47d2da7490647de4506aa

SHA1
a738dd3130d18da9b91722b6dcd2713a63086f29

SHA256
a0b325cda25039f7acdf4d4fff6d15e580ec34c5952693a4829906e334deefb4

SHA512
40619b2e1e38314023b8edca03298d73758a67615b0289d5b776d691f0fec98666ca19f98061c51a2090b6f13025b60d5f024b7ddb3d096385139f018d1971fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
138KB

MD5
704eab216a8942565f5cef164a6cffee

SHA1
10a72643e16eef9d02c8cfc21f1f461fa1eec8ca

SHA256
ee963ac9027fe5cda1442e3667376234581cb0b67a8a733a325fd1a9c8c235e9

SHA512
1ecc932e4c286683deaece6423ed78db8dd60c59a0deda6b74684c0b5dd424783ce6b5012d2af1fe0eff6b37d91f7c8a3ad5397c1ee9db244f3fe690fe9eb283

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
150KB

MD5
686ef6f5d7966aeaf036ebf419e84867

SHA1
99ffbc6308fe041bc5504ac8b98cb49b1e138ec1

SHA256
6f1bfaa888f221d752dff655fd565c5a3fb76e84a0a84d94fbcb20aea56627e0

SHA512
ccef9f464ac09d486d3eb293a0498d6ffe5261bfa11950812d329e4de03a3ea094e445654bd8a42403caa42c5ba239b3d5973a0f2e5cc1c6d6d361927153afd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
17KB

MD5
9d84de927bed4694d006ccfa601a21e3

SHA1
a48e734d3163559f86d674a1da8b7f12ae4e5a34

SHA256
071295cc77a3bc01095ef9c31f21216c08787c1bfaa272689b846dba5556cfa2

SHA512
77e66c08cafe772367e7a7598ca44a336080932667ac1930b18f13f4b7342430cd8261667e2d3b847ea471bf51c696d212423641065a2906a6afea604f079bae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
148KB

MD5
8ff15cd96b8ef0c0d0eacfc5c52f6175

SHA1
59e6471afaaf17f8f5b63986d3107fbcd34966d9

SHA256
b9b5854ca0d26f42c70f57986c8058fd885f034f07dca33acfde756b515a19d7

SHA512
7814a62a5a9489a219a9d00f785ac2d1223514e92d4c84ee86742038cb81e4380d474db50b0e1f852cd75c0d1d50c1f01a386e5417b38c98b4cbf9f72974bbd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
19KB

MD5
ced321ba898290fc6ae8764d909026aa

SHA1
4674e03767243a342472b669194d9c448f2dd05a

SHA256
e508f3226f8fd964a31a18b865d876e5ebf3c3bc37c005c43b650c455e9d1808

SHA512
d743518f6394440b2851e451a7f2fd40fefd7aafb5de73f19764bfe85df332f5eea142a931a54ee8c40b6b9301f3b8423cee41aa538afb527aa395ac8c416997

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
39KB

MD5
9b22e129cf7ac32fda0a9bae75b958f9

SHA1
a426bc2e4ce3ec03e33ef87aa0340faa22846668

SHA256
e41ad8e592d70ec464b8e4515f7ea5f2a6d9430e3d5cde8ed6f7c4c3eb939c88

SHA512
515406a9518a19d79a87b5952b3959f9ce0070624c3cb5874dd3bb825c85d04a9ca59da706221692efe391a32ece6eaf65ae05d163022b445d7a15a6271bb503

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
40KB

MD5
56e6be029d77f578e709c24b614846c9

SHA1
489c375c9f3497c386174d83cad05129e537ba2f

SHA256
25f1d7fee2bd9cf97933b907f627a6ff47534b2ad58fb99676f17b472fb1cbba

SHA512
efe69b930590d01364af98e68539d8bda4538ca7becb19b8b38f6ad6838c3f42778bd5625afb6f76c12aa360b6d3a13d42419bc0a198cd4c043852130a90e8bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
67KB

MD5
6e52a644708109836adae5b691622755

SHA1
fa6729b150828dba23c6cadd92c6b524529ccb9e

SHA256
9584d23dd0aed936a7ebb26fa2c9683d6f2290978cd080768924ec4a9202db9e

SHA512
6f8dfb1240cc28056181eaaccb156801493867a919f7c9ae386dd971eb08525d82876fedcdedb387bc7b42bae5896d0868c4ff813bb0e8db9f8fb98811d5dbbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
344KB

MD5
22f0500eb7cfa30496697e2ba6b61bfd

SHA1
b65a444d6ddb770bafa2f1871df996828679efd2

SHA256
f0db0715fdf7a4e3133d8c3eec64f2d4e34d820dcbb1db462b1e484793c90bb8

SHA512
c0a0685b112263787fea762847099e266b946b65ca1ab006ab53b1454a9e7552933a4a7ea827bf43914faae9c43c47ca627903be2a353c055acddf9f6afc704c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
27KB

MD5
158a0cc3b8390b268676b3fc3644dbe3

SHA1
bf06cf6e7d96d7808b0c245be28d79c6b963a5e0

SHA256
544c11dc585731e0fb13a885e55fe671f69b9d1adb7d7f9ab3b63d5cd1886b48

SHA512
d41616ba3fd2bafd80926c890621b0bb2b0e50e7625badc6e25d86b26eefa7526451b9f0d3777c54c4cf383cb87e5e2361294b79edf19e9f514d72c4cc0d100b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
16KB

MD5
8deed4c1b8ff705efe7f51ac94eea67e

SHA1
318dbd6a1ee401f990fd756f95cbe50ec970aefc

SHA256
9546527dc327a4a8706d87a373d15e348a9af74e1fc8dc036e4476d5b0328eb4

SHA512
e854c4d21640011107a20062bc83ac68d7f2a47490e5592519d571e3ec9be7ea453fa285a96403e2cdc9367f86366a8cb7349270462f2bd57e1fa1f8e0a944f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
32KB

MD5
6b3ee32d65fba97f2c04ade027c8aecf

SHA1
862de4164357ca19da37593a7a4cba7afea31fac

SHA256
c4a9ccf8c6a46d8a3952bb7de6d3887c0ab4d160f2e6da7bee1d98c89c7b663f

SHA512
7aee87d0c0f42f367e6398af5ea8cd79971a3c651fdd2b3585434b828854438903f02239f38b9dc842cc1c41fb2f23c42c242f3930f1bed17439a4faa72bad2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
259KB

MD5
75d4894e73142594a20c54ae40a631c2

SHA1
2755f29460f628a6645fa6458a7577e5c8c8c592

SHA256
7451ed77d2fc71d467ee4b8f1941cddbfc72435ac7ebe642316e4b37e4cce51b

SHA512
c4bee7cb357c72e934576e75fc9516834274df655c84fae74071a2db0cd44d692d9fc56d55cd45ea8c1ed5b459859bb798a3b70a23c304f8d27c920a13946cae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
33KB

MD5
23a4134f6765a1a595a338b30c378275

SHA1
cd3f7f9577569d70ad49909426a780c48b51e4b9

SHA256
fec09f382c4b04089f66ef2717f27dcad4eac353b6e320090461ab2c734a60a3

SHA512
327c9d05c6ce02a691984923e05eea523a13ba8905b5e7340ab899587369d82f12db9d87da4ba4012e1ad297087cc7d4a8d4cffd9ba4cb9f4e45d88e5d08712e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
48KB

MD5
0c2234caae44ab13c90c9d322d937077

SHA1
94b497520fcfb38d9fc900cad88cd636e9476f87

SHA256
d8e6f62282e12c18c930a147325de25aef1633a034eaf7a3ce8de1fb8de09912

SHA512
66709f74b19499df1e06700e1c257e14a82ca4287194e4b177b3f333748d927f413c8c459a35e7e5a2f92d28410b0129f106d94e3dd85bc0dd0b986add83b18f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
24KB

MD5
e1831f8fadccd3ffa076214089522cea

SHA1
10acd26c218ff1bbbe6ac785eab5485045f61881

SHA256
9b9a4a9191b023df1aa66258eb19fc64ae5356cfc97a9dda258c6cc8ba1059ac

SHA512
372c486ac381358cc301f32cd89b7a05da7380c03fa524147c2ddf3f5e23f9b57c17485aaedc85b413461a879afc42e729547b0c96c26c49bbdb7301cd064298

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
44KB

MD5
2b312fee4bff7fb9b399aa619ae1811d

SHA1
cf5e3270ef62ea6ce023f9475dbf7ed67e10527c

SHA256
fd5fb41882dfe849ea47547bf38b9abc435683d7473703b4cb37e8c28b1de4cb

SHA512
3a42c3a12da46656d8dca9b54651027873f42d2ec2e6e706a41b4b520d387f0c3c0388e3d117bd49174d7074079f3404c00b6141c8dd22d38ef1a257f52a9791

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
24KB

MD5
8278023fac368f67d8b83512b48cf0f9

SHA1
cfbb90dea9e8a9df721806c7d49eff44166b2197

SHA256
1e62f0399a3c5a499b3c93622608d15d3948c3c335359bc695bf3522b03fd48d

SHA512
e04ba7a9402379c064bf5707a5fbe3e5ea6de978b1ad50d38f9b30bef47dbb761f0f8461de8cfaf7c33779dbb47fcf4df7fe387d12fbbf899f7530f6f63a340d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
20KB

MD5
8b2813296f6e3577e9ac2eb518ac437e

SHA1
6c8066353b4d463018aa1e4e9bb9bf2e9a7d9a86

SHA256
befb3b0471067ac66b93fcdba75c11d743f70a02bb9f5eef7501fa874686319d

SHA512
a1ed4d23dfbe981bf749c2008ab55a3d76e8f41801a09475e7e0109600f288aa20036273940e8ba70a172dec57eec56fe7c567cb941ba71edae080f2fdcc1e0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
65KB

MD5
c82fbaa7e5113d3ed2902a3500ec8631

SHA1
c9b4889980899c0f2aea9ac8d0bae28b59e6add3

SHA256
4f4e25ef0961b656039ed8628951b5ff6c0a197f8866374b5937e182b12ff278

SHA512
fc3227c51b9bdcf0917b040aeaa925795e153c7a78469b7e1c87717c1664f46208e5fc3e413f93724ef0fa94aea655db55f04c5a61dda0df737c25b75393136d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
59KB

MD5
063fe934b18300c766e7279114db4b67

SHA1
d7e71855cf6e8d1e7fbaa763223857f50cd1d4bd

SHA256
8745914e0214bcd9d2e6a841f0679a81084ef3fc3d99125876bee26653f4253e

SHA512
9d0dfc21306b3a56c2ecdf1265392271969e3765e161e117c8765125b34793e24458217cf6514b364f351f47e65baaaf5856be0d13406a789f844d6ba8c7075f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
86514f0eb5a3ba124fdeb2b9276006e0

SHA1
fb54796b1dd34c6a119009048313ae3b56492e44

SHA256
37c9847d02c755a450167faba1e7b0c3e08cd5b8b8a30db464e028dd14fd5f05

SHA512
1cd9b40a40d368842ec338b1db1f0a350c03797c4abe860cc7dc3c0b3c1fa1dc062259ef7c8745fef21412f331ee1b42c0f2e2fe0ffb67e0f2c897e72a7cbb91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
34792aeed66f2037a7673e6372c828e4

SHA1
7bf8cfab814beed8e070815a821934b139fdef6b

SHA256
197fe521c2994f6336d8d869d1c38cfaee64dc41a3dd4c1b64d72e0dcb5369d3

SHA512
b13098c22726c674af9c945ee8c4edf5d81cf854991878cbed58190d2f83e6a65a3326306a1e12cfb820b776355ce685f8df2f19320d0c00b95be1b40ca3342c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
351820c2eadb80d7d4c4dc085f829dcd

SHA1
d70c72241f98d9fd528c9f20db0d071b5be42edc

SHA256
9a04bd8c0063509a3c6cd027e17618a41d8c003fc50125811b0fce8c2ecd3c2e

SHA512
3220a738d271d130b31a1e87637dd9684cc8d7d76f152b5d2e947d02c54ec294fa3f072a571d68d0cccdb3f9ed6c0bd493753a232d889e81c29cca74c53467aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
2d2d583106f15b110d3ddc52aa66129c

SHA1
bc3254b6dc5039e690624b34e9127dd1d76d87c0

SHA256
d64155e06afc40988be2b32ceaa4de4956641bebea8c96bce74426b821515cf7

SHA512
aac3a363f75ff754ddbc9db20e0e02f40edaa37d1ef9aa9868605d68a22472377646a96e028b908798c8538e6df1126edd32b74ce08cd5104075948da35e8f59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c0b2de25a167d086590c0f5bcd4adeb3

SHA1
fe960c726d6870dcb8f4a6954d14244aae12bf00

SHA256
3a0dc13735ade707bc99c09b20fa8c1b89b308089143ef92f7ee6f2735a31964

SHA512
1ee929a64b811bd7029c5fa99f5ac48e8591c28e37db1509308bbd2b450c60c68df95a0a7db802ea38d5521a4e987318db89448cce00191b0f3d78b9ab73551c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
bd41c8265ba1fc2aad714e67af6c0a50

SHA1
f435a582880d4476df7ea32ca77d525b134af1e4

SHA256
67f18b6c425c4591e7f2ddff3225e95887917a6879c38a41c1f35a5db394cb55

SHA512
bdce1876020c8f1813d6e3b2883b0f34511daca9a90536b68f83bf26548a7bf7583893bea5f36197c56ff308cf720a0588538d0e7fd3d52104a4ca3202261e32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
e13a16122a3c23457aa0ba27179ef08a

SHA1
f3e9ab8933b9bf6fc2dd527b4d833e3cd91b3e41

SHA256
07cfb7bd596ac159572fea8487188c20dbbc6c99402f1fee701ba50a0f51e6f4

SHA512
3afa2028e151ba4de0a553102a7ff8d0b131e634067e7d61d12f90adda3099ff142841e7d58e9d1f935134bb687ea56a1852cc33d91e489196a70d3f07c302ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d3445d2b60eed39dc1add38028789fac

SHA1
31257f5efd59b4ca9a3e94f639456cf251c6c521

SHA256
42a6d7733d62d6aff4ef32efdd8c01abe2647810875e924ab18a63288d294fbd

SHA512
ceb0b4175812df22cf0536308a2dddc96bfc53980baf5bdfc61363b0536ee63a4d9283811236a0b2b9f870496de3fa88aad5558849cbbd2aa37527cd866f2890

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
28439cbca519a6f2143221c050f15994

SHA1
6df080d1022d5eba84be5cd8976cb70cb4688b4b

SHA256
26eb5a02da59d7d75350533fc6397c1fac81bb42af904a22921d8a952709ee6a

SHA512
d4c5faf3b090d83e401c96a1e19fdf00585c113ba8aed28a5526ff79bfd6c24d2b45baa8b6e05c8ed3f4897439493bdecaa85942220de8299e04dac2ca817b83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c9e8ed4ec1393c301ecad3cfe119e86f

SHA1
5393d926df8c904dd79bb6fb23b45bdef6ac3bfc

SHA256
05636b97558f1c6c40be6c1e7b97d9a215df6f8d4dfcfb0dd6f0ee0cca092e27

SHA512
b9c04e322b9fcb236216d055003c0baa25a2018e6d4fee3e0b6cbde86519f5cc5c5eb397d37208573297ad34fba7e8995eb8781427b3b6696d6362b4b94e8cb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
cf750a638a8c753433d8fe5cc29c9ea1

SHA1
02ace39aae0a70e509dc7ffc45a05b94f7412599

SHA256
a92e4e8d2c9acc6e537607cbb8546a4b5e258b3c6110d13590fe939229cbb5f8

SHA512
2c6702d31c2cb6f85d16b3f3a5a95e187d51c9589abebaec129a1c99f4c8b4d956e0a942e9f397ae50108b65890d5eee96a528ea7c25f0522a524ae57342485e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
85acbfba164b8f86847a83a44b98a3b4

SHA1
af7f64fdf495d644cb1b800c3f30075655e7b019

SHA256
d438fdef9e9823c8d9ef7ff501ad4db0ba0ac5735d10ab107b3c9ceac5b89e9f

SHA512
a78f71764059f05fee1948d90f30401cfee1a998f8fa74398f24baed97cdef0c8b99504581b4174387ae2c690b8522f9084a950f65dc95f6569acf4b539681f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f8afcc618e7599d9d3342e1fdc5ec4fa

SHA1
2a39e9cb9f157e78185a2cf2d3f55472a6a92174

SHA256
ee6fd1f2c681595c3dc788ce2863b55059ae55b9450d3af659d8825d5acc5c7e

SHA512
00561658bb2e919d3d381912df127a4b7d2257c801b4adc9f8252fb8bf5c8eb8a1a5db436da579d46ab55ad6f3422609c73bc52049ccec9960823576dcded2c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1a1450b1d7297f2e739d633360d9e815

SHA1
20af7442913310a2f7e7a0d2f9f95394c4cf8f5e

SHA256
1ab0124ffb52519f5c229e8f95c19d6883327ed665d590f51f1f0243741b8941

SHA512
aa557716e94bfbe64e234833176696348856d16879fd4fb95909088aea64460b2ddd8a115b53b454d642feae3e5f392757b448a3d3016ee751ff49b13d593ebe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
3973c5c0e14f38b7cef94b5abe7088d1

SHA1
6053b5130a4b543071fa48c4dd9492f58f5205da

SHA256
047b0aba57231c78c07e72449ffb7950f495b34c5167cb7fd8ebb04caccec68f

SHA512
adc4f571fe71e42575d0d6afeb112fe117eb25526437b8c3f321473be3db6f5b616e2d30bec475c56cffb1d66f29a8334ca008b3b3c5ab487e3bcde8432595fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
495106a29c3f1496f894bb7da17c4bad

SHA1
012508d24e5c38fb23ae3140cf239e929d5fd872

SHA256
d1e46c6fd4d397edc1c5fb1d1d9c463fdb29608165a76ea0968f0d43ecf0acf7

SHA512
6263f02ecfa1500f14e7d6585fb499ba2d55e1a5efee53ca586990a6ad639d2ee5387ac422585b6193da15c798c46a5c3dd81128166ba1bbd71c02aa42b12e0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
4733e457b1163c1fc54279744a504449

SHA1
ca82d8740942d84864e2e87600cbdcb9ce2783e7

SHA256
612cd08d504f2d28ebcf514b8dcb6370d637d5191c067eefa46e93440cc58054

SHA512
3ce7e3361991aa4dd8fe192f6ce46994dd97ba9688536cf13319f421575dd934f2fc2f129838d97b97237002b943322f6fc7a9a57a240cd43e2419d7ecb9de3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
94275bde03760c160b707ba8806ef545

SHA1
aad8d87b0796de7baca00ab000b2b12a26427859

SHA256
c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968

SHA512
2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe595d49.TMP

Filesize
120B

MD5
9fcd74db45848a59207ee8c4ef425e93

SHA1
370e774bbcf820fd014ec88884e30ac9c61061c5

SHA256
255816bb7f29dfae1eb3d2808c9207e14204b1359afc25ead9c32ca515d572ae

SHA512
e07b7241f8a198bda85f784d1c88cdfc17a2ca67fd21de2dad357b10feb2a7784a38b4fae07bf0a623fad4880eece1d391b34dd19ebe5e395b2ee6ae7b819d15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage\945ee185-e7be-48e9-8cdb-84cc9e3b761d\0

Filesize
19.0MB

MD5
a97a84f0a7dcdd5ac12389f444e00366

SHA1
4e32298915a4461a71ac4571487a27d96e0e78ba

SHA256
e74c977ee368ec683d52febe676b26c11085e072c5e3f608d5c45bacd0d4a877

SHA512
a6ea7cbc4324140c6d34d417268efa725e34e82b88146418fca8f6c281489bdf01ad22b73ed4ce1580b87c7fb2a05b7d2340ca6d7a621e0d267736d21f1c564d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
009b9a2ee7afbf6dd0b9617fc8f8ecba

SHA1
c97ed0652e731fc412e3b7bdfca2994b7cc206a7

SHA256
de607a2c68f52e15a104ead9ecbaa3e6862fdb11eac080e408ba4d69f1f7a915

SHA512
6161dd952ae140a8fb8aa5e33f06bc65fdc15ce3fbfe4c576dc2668c86bce4a1d5c1112caee014e5efa3698547faad3bc80ec253eedb43148e36e1a02ce89910

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
9f16a1eb338cdc42aa2b2f82d718d2b9

SHA1
c105f96016a431b2f117101143483a534b52a608

SHA256
85549418b8781a5896f3287fbb8c120054627fb4a8748e6beddd30ccf29be707

SHA512
a02ad2c0aeec44a6cc80ba4b621e43dd4911978d67be26a2484a5d41419ebf9e712d41a748edb3a75c0ef7d9bb466fbed786a6b84b77d96e5399597fc297c6cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
fa87336bebae7d426894f8d29ec89ac0

SHA1
d7d6e1744e6d06e49189a298529ce600c42085f2

SHA256
b87e1da5cd7b439ac88c5b5c63be14310ad39fb29553e3df38c334e827b393e4

SHA512
6bdc190029d98a71fed050dbfc0bfafe2673ae93bb003afe706e0db9e81166388b7c956173ecba24b9f77c4ec7f45b6f258fad28dae6a8839cc79c7fbd67fcbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
b4b659f58fb053fadb378645fc1fbbcf

SHA1
492608ceac572399283a33027c63fcfc1d1a2d2c

SHA256
190f4f7af5bfda5ee423e6c91b27e02d990a3a72bcd07521603db9a082167c50

SHA512
bb6b802a18127ffbb134f07445cc344564c9fab0ece2cebe02541599625b4e3bba24be614f2d8724ca12dc085925119cad0cee49a4f62b195dab34878a3726e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
2eead922d89c67b86bf86147809d3f69

SHA1
749d8619f90df13acabaf5d6170dfe41fa0888c0

SHA256
0a714ab515cbad2faa288504144730abf54e009daf2fc88e0490713465aa6a18

SHA512
656310689f8416d010909a6a64b72c9fdb6d377544be8695a81bb85f8f09d3e32d3a7cab51a62ac7810ccbcde0e04a732e7bb5946efe4a492a8b0cc52e805dfa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
12fbde756dc821ac49ad2987b0ffb1d7

SHA1
749a683d58cae56087f64dd464749e4999f702ee

SHA256
66ef45a055ac0b51522ea275d016d18d0ee1f9bb2091517a455294a955f6ee40

SHA512
1975d0fe4a9ed56cee6a379f4679226f746c9c4cec002f35627c4b20640eb68e4726e20a191f1898b04dde684edf957d21b5de4cfadeb6cdb8437fcfbb8cbb8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
94KB

MD5
d15a1389714144aa6bb052ac24652b38

SHA1
d91831a9fcaea7a8387a2a253f0ad2cde6f2453c

SHA256
f8114a19a19a108c57a90b0a5377ea9a24be25b680acb275840ffa7c3a3d78e2

SHA512
2d96c7e4c0ffe25fa000b5c697cf48593d19ac33a38668ef2721a58f3dbbca7fcff2ee5189cdec0bd67b3456c257af0e20d329631f5605e7d95a1cddfa1f29a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5821cb.TMP

Filesize
89KB

MD5
4b34b64aedb5b7eca3ea139a3f170fe4

SHA1
c20e5d624a00fc21f5706fff935a4ab399d6a8ca

SHA256
6d9aedafa5f506617848a871e040db3c87a23abf0af1b25eff527af97f83de32

SHA512
bfa91a4039add1cdeeae9aad7af521b7bb323321be890679a93aa33c078f431ca4f41b4b98ba7084918d01ee80d73200d6658f75948baa351f56385c3a6fe294

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f668a6d36c39a7cb79937bef73530a95

SHA1
a2186ba59d48ad2175aabd0c07f5355039268406

SHA256
8abba51c64465cbed578c3270dc52313bc14a0241d12bd5f7fad3c38fc39e36f

SHA512
952c99556c32468d529e9966562c6f0c3c463103f19bbb35c50ec43227453efb6c1602998d4717bc891e851b8adf689569949db94a7ac879e96072632cab30d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
28KB

MD5
2b9f3a1fa096135ae912ee41694b9afc

SHA1
69274b5de7f3b21d898a7c695b4a5b97c9d7c690

SHA256
e1199df35c74521fe258460b35a98131e9de5fa186d0eb1b6c535be7eee58d4d

SHA512
d0d4ffdcf76b6703afbdc75e73b91d2f747adbdd4d3547ce028ea42abb148bbeb070f79f28fa7aad7f0269f232620447d99178ae53b2c977c7a261e45c80621f

Download Submit
C:\Users\Admin\Downloads\Solaris 2.0.z01.crdownload

Filesize
24.0MB

MD5
785e18d17f4e2134d93c51fe3d5ee6b1

SHA1
aa00b501547ce619b158d7ea6bdad104b3db00a4

SHA256
9579c6d8e98d60688af84034100c1fb1e242f5c1b7a3ab44544200d600b85154

SHA512
9c4f1b0d3f654fe72c461b0eb248866882ec45c1bcdb2cdd9851a1996246e528d475a2b9730cc893d2ccb2b1b1961864225e5dc4e6db20cbd828547d3a178eae

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 428766.crdownload

Filesize
8.4MB

MD5
2b71cc65cc949cfce47107383f9bce29

SHA1
a57d725a4cb391d4ea02a3c4b5680935f72669cf

SHA256
a513325690cf5bf2302ccc34e2264a8a48270de49a1863c018afed246472e37a

SHA512
158d6e92839b4d83827832e870b4e3d2c8d388894dd5a194abbfcf4ad228fea7e83543b6278cedd6fb2b92801ba102178a962c4d4f0868e1aac62f50d668a824

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 603802.crdownload

Filesize
4.2MB

MD5
e2c4c4dd8c6a357eca164955a8fe040c

SHA1
f4114815bce62efbc78c79f9a83ccf74a4ea075c

SHA256
f3efe3b57a0f5cc46963dbd8832ceecd5768117685b4cee684b1235d9e74ebe5

SHA512
389bf398f9f9f6ae7e6dfca835f5877befa4ebfee5938d4b50728d77fb0450b2eb2cb67e3f4d9abaaad77231754968b27c69a510448dfd7f52c63b1ce3a1c3e1

Download Submit
memory/924-818-0x0000000000400000-0x0000000001080000-memory.dmp

Filesize
12.5MB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads