9f30928da3935effb34958309bde750c2033d654e83ea7d5f3ce0744c93d3457

Resubmissions

01/05/2024, 13:54

240501-q7rhtsgc6w 1

01/05/2024, 13:51

240501-q53hbagc31 10

01/05/2024, 13:38

240501-qxqtjsab54 8

Analysis

max time kernel
716s
max time network
706s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
01/05/2024, 13:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

20KB
MD5

ac97af0819965dbbaaf75920356f702a
SHA1

8637b8be2516e18d7e6be8b3984a9ae339e88dde
SHA256

9f30928da3935effb34958309bde750c2033d654e83ea7d5f3ce0744c93d3457
SHA512

f1898c86a9f5d62e5b29977c00d5ae43854531f81b85df021fe61601753524ab95912631e128a84ab49af5e6da5c9cc4388a48b56662470b150285da294dceda
SSDEEP

384:rGfdCkDpmReVoOs4si9ylKeGMkUxOHhhbYhS7+S2LjMrSG+0IJCgMmVn:rGfxBVoOs4smyI1MbOBhbw0yMrSBJ2mV

Score

8^/10

bootkit persistence upx

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
2520	winrar-x64-700.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3228-985-0x0000000000ED0000-0x000000000103B000-memory.dmp	upx
behavioral1/memory/3228-996-0x0000000000ED0000-0x000000000103B000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
63	raw.githubusercontent.com
64	raw.githubusercontent.com
39	camo.githubusercontent.com
40	camo.githubusercontent.com

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	Ethylenediaminetetraacetatex86.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
4460	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133590443437815837"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings	Ethylenediaminetetraacetatex86.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1128	vlc.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1980	chrome.exe
1980	chrome.exe
4984	chrome.exe
4984	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
1128	OpenWith.exe
1128	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1128	vlc.exe
1128	vlc.exe
1128	vlc.exe
1128	vlc.exe
1128	vlc.exe
1128	vlc.exe
1128	vlc.exe
1128	vlc.exe
1128	vlc.exe
1128	vlc.exe
1128	vlc.exe
1128	vlc.exe
1128	vlc.exe
1128	vlc.exe
1128	vlc.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1128	vlc.exe
1128	vlc.exe
1128	vlc.exe
1128	vlc.exe
1128	vlc.exe
1128	vlc.exe
1128	vlc.exe
1128	vlc.exe

Suspicious use of SetWindowsHookEx 24 IoCs

pid	Process
1128	OpenWith.exe
1128	OpenWith.exe
1128	OpenWith.exe
1128	OpenWith.exe
1128	OpenWith.exe
1128	OpenWith.exe
1128	OpenWith.exe
1128	OpenWith.exe
1128	OpenWith.exe
1128	OpenWith.exe
1128	OpenWith.exe
1128	OpenWith.exe
1128	OpenWith.exe
1128	OpenWith.exe
1128	OpenWith.exe
1128	OpenWith.exe
1128	OpenWith.exe
1128	OpenWith.exe
1128	OpenWith.exe
2520	winrar-x64-700.exe
2520	winrar-x64-700.exe
2520	winrar-x64-700.exe
1128	vlc.exe
1128	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1980 wrote to memory of 4596	1980	chrome.exe	73
PID 1980 wrote to memory of 4596	1980	chrome.exe	73
PID 1980 wrote to memory of 3548	1980	chrome.exe	75
PID 1980 wrote to memory of 3548	1980	chrome.exe	75
PID 1980 wrote to memory of 3548	1980	chrome.exe	75
PID 1980 wrote to memory of 3548	1980	chrome.exe	75
PID 1980 wrote to memory of 3548	1980	chrome.exe	75
PID 1980 wrote to memory of 3548	1980	chrome.exe	75
PID 1980 wrote to memory of 3548	1980	chrome.exe	75
PID 1980 wrote to memory of 3548	1980	chrome.exe	75
PID 1980 wrote to memory of 3548	1980	chrome.exe	75
PID 1980 wrote to memory of 3548	1980	chrome.exe	75
PID 1980 wrote to memory of 3548	1980	chrome.exe	75
PID 1980 wrote to memory of 3548	1980	chrome.exe	75
PID 1980 wrote to memory of 3548	1980	chrome.exe	75
PID 1980 wrote to memory of 3548	1980	chrome.exe	75
PID 1980 wrote to memory of 3548	1980	chrome.exe	75
PID 1980 wrote to memory of 3548	1980	chrome.exe	75
PID 1980 wrote to memory of 3548	1980	chrome.exe	75
PID 1980 wrote to memory of 3548	1980	chrome.exe	75
PID 1980 wrote to memory of 3548	1980	chrome.exe	75
PID 1980 wrote to memory of 3548	1980	chrome.exe	75
PID 1980 wrote to memory of 3548	1980	chrome.exe	75
PID 1980 wrote to memory of 3548	1980	chrome.exe	75
PID 1980 wrote to memory of 3548	1980	chrome.exe	75
PID 1980 wrote to memory of 3548	1980	chrome.exe	75
PID 1980 wrote to memory of 3548	1980	chrome.exe	75
PID 1980 wrote to memory of 3548	1980	chrome.exe	75
PID 1980 wrote to memory of 3548	1980	chrome.exe	75
PID 1980 wrote to memory of 3548	1980	chrome.exe	75
PID 1980 wrote to memory of 3548	1980	chrome.exe	75
PID 1980 wrote to memory of 3548	1980	chrome.exe	75
PID 1980 wrote to memory of 3548	1980	chrome.exe	75
PID 1980 wrote to memory of 3548	1980	chrome.exe	75
PID 1980 wrote to memory of 3548	1980	chrome.exe	75
PID 1980 wrote to memory of 3548	1980	chrome.exe	75
PID 1980 wrote to memory of 3548	1980	chrome.exe	75
PID 1980 wrote to memory of 3548	1980	chrome.exe	75
PID 1980 wrote to memory of 3548	1980	chrome.exe	75
PID 1980 wrote to memory of 3548	1980	chrome.exe	75
PID 1980 wrote to memory of 3572	1980	chrome.exe	76
PID 1980 wrote to memory of 3572	1980	chrome.exe	76
PID 1980 wrote to memory of 4488	1980	chrome.exe	77
PID 1980 wrote to memory of 4488	1980	chrome.exe	77
PID 1980 wrote to memory of 4488	1980	chrome.exe	77
PID 1980 wrote to memory of 4488	1980	chrome.exe	77
PID 1980 wrote to memory of 4488	1980	chrome.exe	77
PID 1980 wrote to memory of 4488	1980	chrome.exe	77
PID 1980 wrote to memory of 4488	1980	chrome.exe	77
PID 1980 wrote to memory of 4488	1980	chrome.exe	77
PID 1980 wrote to memory of 4488	1980	chrome.exe	77
PID 1980 wrote to memory of 4488	1980	chrome.exe	77
PID 1980 wrote to memory of 4488	1980	chrome.exe	77
PID 1980 wrote to memory of 4488	1980	chrome.exe	77
PID 1980 wrote to memory of 4488	1980	chrome.exe	77
PID 1980 wrote to memory of 4488	1980	chrome.exe	77
PID 1980 wrote to memory of 4488	1980	chrome.exe	77
PID 1980 wrote to memory of 4488	1980	chrome.exe	77
PID 1980 wrote to memory of 4488	1980	chrome.exe	77
PID 1980 wrote to memory of 4488	1980	chrome.exe	77
PID 1980 wrote to memory of 4488	1980	chrome.exe	77
PID 1980 wrote to memory of 4488	1980	chrome.exe	77
PID 1980 wrote to memory of 4488	1980	chrome.exe	77
PID 1980 wrote to memory of 4488	1980	chrome.exe	77

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fffce349758,0x7fffce349768,0x7fffce349778
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1516 --field-trial-handle=1724,i,16284948031915745252,4502088977488351945,131072 /prefetch:2
  2⤵
  PID:3548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1760 --field-trial-handle=1724,i,16284948031915745252,4502088977488351945,131072 /prefetch:8
  2⤵
  PID:3572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2056 --field-trial-handle=1724,i,16284948031915745252,4502088977488351945,131072 /prefetch:8
  2⤵
  PID:4488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2840 --field-trial-handle=1724,i,16284948031915745252,4502088977488351945,131072 /prefetch:1
  2⤵
  PID:1740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2848 --field-trial-handle=1724,i,16284948031915745252,4502088977488351945,131072 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4180 --field-trial-handle=1724,i,16284948031915745252,4502088977488351945,131072 /prefetch:8
  2⤵
  PID:1056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4272 --field-trial-handle=1724,i,16284948031915745252,4502088977488351945,131072 /prefetch:8
  2⤵
  PID:3408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4076 --field-trial-handle=1724,i,16284948031915745252,4502088977488351945,131072 /prefetch:1
  2⤵
  PID:1284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4508 --field-trial-handle=1724,i,16284948031915745252,4502088977488351945,131072 /prefetch:8
  2⤵
  PID:1128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2148 --field-trial-handle=1724,i,16284948031915745252,4502088977488351945,131072 /prefetch:1
  2⤵
  PID:4112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3156 --field-trial-handle=1724,i,16284948031915745252,4502088977488351945,131072 /prefetch:8
  2⤵
  PID:4728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5256 --field-trial-handle=1724,i,16284948031915745252,4502088977488351945,131072 /prefetch:1
  2⤵
  PID:368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5500 --field-trial-handle=1724,i,16284948031915745252,4502088977488351945,131072 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5768 --field-trial-handle=1724,i,16284948031915745252,4502088977488351945,131072 /prefetch:8
  2⤵
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5936 --field-trial-handle=1724,i,16284948031915745252,4502088977488351945,131072 /prefetch:8
  2⤵
  PID:1168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2996 --field-trial-handle=1724,i,16284948031915745252,4502088977488351945,131072 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5104 --field-trial-handle=1724,i,16284948031915745252,4502088977488351945,131072 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2992 --field-trial-handle=1724,i,16284948031915745252,4502088977488351945,131072 /prefetch:8
  2⤵
  PID:1508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6128 --field-trial-handle=1724,i,16284948031915745252,4502088977488351945,131072 /prefetch:8
  2⤵
  PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5160 --field-trial-handle=1724,i,16284948031915745252,4502088977488351945,131072 /prefetch:1
  2⤵
  PID:656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3872 --field-trial-handle=1724,i,16284948031915745252,4502088977488351945,131072 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5208 --field-trial-handle=1724,i,16284948031915745252,4502088977488351945,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5464 --field-trial-handle=1724,i,16284948031915745252,4502088977488351945,131072 /prefetch:8
  2⤵
  PID:836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5548 --field-trial-handle=1724,i,16284948031915745252,4502088977488351945,131072 /prefetch:8
  2⤵
  PID:2000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3460 --field-trial-handle=1724,i,16284948031915745252,4502088977488351945,131072 /prefetch:8
  2⤵
  PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3496 --field-trial-handle=1724,i,16284948031915745252,4502088977488351945,131072 /prefetch:8
  2⤵
  PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5424 --field-trial-handle=1724,i,16284948031915745252,4502088977488351945,131072 /prefetch:8
  2⤵
  PID:4808
- C:\Users\Admin\Downloads\winrar-x64-700.exe
  "C:\Users\Admin\Downloads\winrar-x64-700.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3020 --field-trial-handle=1724,i,16284948031915745252,4502088977488351945,131072 /prefetch:8
  2⤵
  PID:4664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 --field-trial-handle=1724,i,16284948031915745252,4502088977488351945,131072 /prefetch:8
  2⤵
  PID:3232

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1716

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1128

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\51e549f2312345c590c417e433195ff6 /t 5040 /p 2520
1⤵
PID:4556

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3188

C:\Users\Admin\AppData\Local\Temp\Temp1_Ethylenediaminetetraacetate.exe.zip\Ethylenediaminetetraacetatex86.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Ethylenediaminetetraacetate.exe.zip\Ethylenediaminetetraacetatex86.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- Modifies registry class
PID:3228
- C:\Program Files\VideoLAN\VLC\vlc.exe
  "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Ethylenediaminetetraacetate\horse.wmv"
  2⤵
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:1128
- C:\Windows\SysWOW64\taskkill.exe
  "C:\Windows\System32\taskkill.exe" /f /im explorer.exe
  2⤵
  - Kills process with taskkill
  PID:4460

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3fc
1⤵
PID:5080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Ethylenediaminetetraacetate\horse.wmv

Filesize
763KB

MD5
8156051564f566676e3e020ae38d86ac

SHA1
d664d3358bc6fb1d8356048da95d50bf64e3084c

SHA256
92c577b50f523fcfe5ffdebba8d46fc20c42caa96d1c35a43f75ac00d2cb6d1a

SHA512
8c19ff4a8ccc39a5480fa91e4ee2c07d59985be7180cd237876dd10570e10416253e2c5f5245fadf1d8606e3340d74d20c68849a0b47aaf71c1dab395770abc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
20KB

MD5
923a543cc619ea568f91b723d9fb1ef0

SHA1
6f4ade25559645c741d7327c6e16521e43d7e1f9

SHA256
bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd

SHA512
a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
69KB

MD5
86862d3b5609f6ca70783528d7962690

SHA1
886d4b35290775ceadf576b3bb5654f3a481baf3

SHA256
19e1a1ad6c54fc29a402c10c551fa6e70022cefca6162a10640ee7d9b85783ed

SHA512
f0746c23a06effd14e1e31b0ea7d12156ff92b1f80445aa46e1a4c65cf5df4bc94f6dabe7aead01f1bd6a6c7b851b577a11697a186426a2c8dca897c48515ef0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
324KB

MD5
29fe72160cf81f9f86cc71596723c31b

SHA1
2c3b9fe00c516e75c63d11ce15ff4a41549914fd

SHA256
30f5fbdd417b8d5079cd35dabf852c7f47744d5e45fa86c1612ff3109cf8079c

SHA512
243951712d1db940977f4026d2f0a6b34249d7878f296ce7a906afd6c22cb00ba6dc33ee62b9f720ed1209013e369938c96203406155920610680d62baa37054

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
138KB

MD5
7e0fda8e9edb7a6f64e164150b1ddc6e

SHA1
24fd08e0216e64b27926b4b72f9cde365259246d

SHA256
9f71a74789eb768e73aecaa7847648256531679896407bd80efe47aecdd1d959

SHA512
a726402d46f25815d9cb8589faa75725f7a47fbf4b9a4a5acead22dcb1a98611122477c76a14c83a0126157d252eab557769ab3fc24c4a5b01d8e3a3378d1c98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
44KB

MD5
a4b04ba2b9a56f5911fee0c29629e53e

SHA1
939e8e65e22ae978a6b63dd1400fc6f58c5015eb

SHA256
523d8983d24e050e6e7e1f43d0caca6bd77bef38ec046d181b13bf32702fc025

SHA512
1c3357e9ecd3ac0de53d14f5d4c8d8d0aeafd30cb2e0dd6cfd1be68cca4fd4e178e79938a5ffe9a17b43e4f60f6e8e08c1054fa44160377fea740da70761c80f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
48KB

MD5
0c2234caae44ab13c90c9d322d937077

SHA1
94b497520fcfb38d9fc900cad88cd636e9476f87

SHA256
d8e6f62282e12c18c930a147325de25aef1633a034eaf7a3ce8de1fb8de09912

SHA512
66709f74b19499df1e06700e1c257e14a82ca4287194e4b177b3f333748d927f413c8c459a35e7e5a2f92d28410b0129f106d94e3dd85bc0dd0b986add83b18f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
24KB

MD5
e1831f8fadccd3ffa076214089522cea

SHA1
10acd26c218ff1bbbe6ac785eab5485045f61881

SHA256
9b9a4a9191b023df1aa66258eb19fc64ae5356cfc97a9dda258c6cc8ba1059ac

SHA512
372c486ac381358cc301f32cd89b7a05da7380c03fa524147c2ddf3f5e23f9b57c17485aaedc85b413461a879afc42e729547b0c96c26c49bbdb7301cd064298

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
21KB

MD5
9ccb3e387ecf1d1c32d33a33b61db8f3

SHA1
9d6625afcaa4d6bfe223268ccf82ff32ea9532a3

SHA256
3d34b64d0099f608de0e555d46338252a99d36f2a25af7180702c9966621fa0b

SHA512
05c3d41fd4115bd66c1a938ad644424f8df93f96ae27004c800e43acbc4b23568456574ceba605ea696fb594585811fedd0f9ec547a697344479e4d7516f65f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
76KB

MD5
b4f8ab9d9555c37e049ba9405cba8275

SHA1
523280d8afb9c582a2f7f8d2229e059f8ceddabb

SHA256
8d8884b7d6702301ae65aab1255a42a377130cacd1c3f23f26e2404be1407f51

SHA512
7a1cac6bfcf617a2e3f18380dfaa415e3a2890fae62377b35bf8b49121414f3d4977ab04af14eaab4bd73838db4800fc39edd9cc0755b81313f3583a21e47900

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b88f65c875df9e5a_0

Filesize
332B

MD5
ca43edfd14a9f956afd23b7f77019075

SHA1
9dbe5d1e871ff5595541cd360a6403cec2288497

SHA256
7b4d3333c55f928ebb6d5774a42a5059f51df71e806921331d9fad97f25e1905

SHA512
d311ac1bd86f699b49ede137c0ae0eb6e28770cb968a43378b1c4d76b64ad40de316ff93c8f478e52e43162061613707f37c087c2b4ca61668635f77402b7e4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\bc9e1fd4409420f7_0

Filesize
7KB

MD5
d97c995d37793737a770684f3afc66a7

SHA1
b526ca1b8b5ae7139034012403d95f6cb45d3f78

SHA256
5ee307e8a7fe26f81bdd2ff7baa1935ca1c3f88b995806db75ceab66d8c039c7

SHA512
1e0b8776003d04e75d3cfcac1a418a9eae0e6be4d5035ca8127b40ac35487215314b39b357ef5aa8b99aa165280cae869e335df780f65c31e5630f383c1372ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\fd0eac7a41508803_0

Filesize
19KB

MD5
6de45d7e64571ec180dd2946a137654a

SHA1
ba61c944302ca98487a82151a0f73cce208977ce

SHA256
ba1dd6aeb7cc583d77f045b2d0b50845d23d6bd3a1f65de517de16c5e446609e

SHA512
914b345c2e2aa4bb964b25291a36ff4419d0bdf4e709d4a4593259e61e1884182815d1c00cb127a663f6d0b45725f15f90b3c0180ae0974a05921d836a4bed60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
68d852c660bb316ebd1c1dd865df1732

SHA1
42f3040337def5b18c6779da9503b139492ce2f8

SHA256
b26c01f445548cdb8aa0d691e3160b26a0004c7d19ced1372a11180550599c11

SHA512
76b8597282d09a60b057886a7bf84a4097ec80b5971b4340a0e727b649464dffc0cb2bf5c2cd20cc8b7ec9c4495145e54f6c56e94d546cbfcc7700a476e7235c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
9a0915a2280595598a1966b75a64da5c

SHA1
37af764b22d035d9a4eb45b27802f4d70774361c

SHA256
585b8ac73ce558513b0af3dc87daff8f84b394f4e170c7fc89e90153ae34032b

SHA512
bec1e806d0e07ab42e9d39af7a14e5e0ad822bf9b6a7cc2c772aeea3a706cc27423ade384f5a7127c61f218457d0eb3ad24d7eb3e1fe76ed2d55e9c22521b10e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
23364c1bfbc97980231be9d8e69d7b1a

SHA1
a7da1feb9208eb6be31e9dabbdcdcedf26257891

SHA256
08dc7d4485ec4b23f5f8e7e44591616aafd6ed988078370f07e7b09bf0ca4d15

SHA512
930c7dcb0de02ae5d7fe1451b06055e6a654be2a24cf7404e99ed5fe98ab5dea7dc12ff4f613be0919f32c0a7be4fd793b8bc810f67c141e87deb07de767b785

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
db5fb106de681f17780eeb440bdbd764

SHA1
3d81ee05865c3a2eff8795f5da613dc2e2a8cf0b

SHA256
e0801cf96388802450c3a54bc3c673012a2c785ff651bb16d1be97b2b223ec55

SHA512
9d8b8c154629c33d74a7bf3dc1ba537a2092a5bcdfdf4434ea95d9d455346aec4c2a8a2e549aa00bf268004c73974981d4796781a71b98711bedd612fdd54719

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
01e7f7df94bf876203c42ec22bb4bf60

SHA1
5f0888789dbb1a77432d61facfab9d1fd44fca34

SHA256
fb4dee17ffa40895a9dc06e57821bcde52afa8f13d68feb44ce3cbed34dccd27

SHA512
2c7384813ed9c679d645ef92a8c331da87c3eaf28882851f8c7e104567e955f7038f8a7de0800e65ab486beab1cf7cb2f2f251fd51ab3241ae45ecded753dd06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
726e26f44d1994e48769500ccb39b7dc

SHA1
8deeced31049488175f7e017b854692ac5992031

SHA256
b189a95cd72ff0caa5b954ea2a5444c88376af1fe8ac14a18636ae371e52b0be

SHA512
9d51f358ec96d3aeb5b6870449e8750d1e616f0108e59c93dc02ef804a4a3d15d014c8e4ffcf4b0b1e301c280558f529eeb1bdd8a401037c01903b082e8f07fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
d96b0a72ec66ce2a24bef6866f3dd620

SHA1
55efecb6ef9f5e03179246756a6999a71373751c

SHA256
1d1734fe3096e77c7c646faf2f84fe7362690817d71ba78053662274d6c67351

SHA512
7e1df5ae6613926e779df523fb9f164d7b0fd193a405e741801ba412df4ed5eb43ee04523ebf114b4d4dfceafe6d938fe23fc4df0ddcab61a1c58b16c0eff93b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
edb66e665ceb9ca52ad310cf87e6c66f

SHA1
aaeeedfe7c56bb383a5f11a187f5719c4024f9a1

SHA256
973ec92eb4418daf2989ce73a7b2c2c5c1ddf8ae348b84293fad448d164609c8

SHA512
e32f9cd0293f16400e15f1db7bb18f3c41385d288c20a54388eed299e8a1472ffd5312f7238c1e1fb120b6365cbacbba0840ed6b8fe5302ca9d3703a3fadc5a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
24480e2d9a63121bded5b892e503cd64

SHA1
1bbf49b18ed4464a51de8f97198849aa1f8b5d64

SHA256
9dd6934f7781ba406e08bbc8db931e26545dc786d2a03080cff51dea0fd201c0

SHA512
a7791f4c4903d8bc96492c398311e9f3196ab6a8b454656a7eac24987acef807470992e44926f1b7485fee227bbeea967d8bbe65a64c0cbb4bfcdd97dd3f14d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
cd5d7a22275aff265a5797f87784fc09

SHA1
b9d053abac65fb05df0f303f5dedb7bf86ba417b

SHA256
3d547ad6276dd17b472c645fc7f5ea480221b747c4fdb93f58fd739500074934

SHA512
66f76a899e81c6ecbaeb53c88cb98c50199db636cd37f8042453a32c89a58b962a3f13509f99a7cdc413cbbce845db8d764f545d22dce3d0f32f55a33758ff21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b90431f4531885562c55757d573d0be4

SHA1
961c465c137d243b6ccbdee1eb9af462f4ba76c8

SHA256
e66765350dea9dd725c7baac337f7ab5ebe2cfb146ddb24208e0bbe06b8abd10

SHA512
557344529f31d131c5e4e4c347a5466dfaf77011743793ba872d69184488f8e62400a560f01d7a716731ac1c073ec355a463843079b227558aaa901ad962b63c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
d0858a0fe140dd609df5fed523c67c5e

SHA1
c95607e5b990e9b3c2c717da4ab895df9c33e12f

SHA256
4b7c523d78ad0ac5cef88a709863bcb4b1b8ec899cb284f9a88bc952d3767755

SHA512
0beab5b577f8ae7e094f6bcbc7d6e5ed1d4a5b84a0e530016911acd7702f5d628973120baa00dc39b0f0a4af659e2285bb547ef768ba2dbbacb711b997be4b0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5eb6f52bebf6e76df2c71ece7d2098eb

SHA1
68590155cb6971f5a5b01661c6e39b93aba7c7b8

SHA256
2af3dd04bf64a01189c2a05c760d31dbadd867401987226601836cef92eecbb2

SHA512
8220f727e0fbd9cf91de06c1e43c0d8841a0ae6f280ed679885c3580ace3b2b3387a4bfa86889bdde0b9bbf4aa96a1d5c233efcbcf97a49681160d7b80e4bc9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9ce59264664cdc9149b032ee1ef6270f

SHA1
160a8bc97759f7381ab78203dbd8e05b5e381448

SHA256
ed271941391337165ea99ca023a712103918252ba31b3ef0e3158ae7cd0c11b9

SHA512
cdc460d477920c6bef63a386cbe5c2ed3ab782a540c4fd9dd410058f674b6e00935f1c06806c2e91508899551e04a3d3867ee7e9ec6b3d2bf0b0590f48aaf609

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0efe10c4f4197b89381f948780fbe3c3

SHA1
3c5059149e20564e888535e3c6f73fbb38c1376e

SHA256
d791c4f48bc0ad3398468eb7b0b379f727b938d1649f0cd72ab9aac9680ab5be

SHA512
4077efc5029fbb9c0c8887600e9a82f3cf231b3324eee7a339313f176558d7a1d3a7ce8f21bc0cdd299639db4362c57900f09ecc3c3d54876638f365d15d4666

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
788651079de841ecf0760acabe5c9e98

SHA1
95d4b8cd2fddd88a6be208a9cb0a3583069d7300

SHA256
dd0d6f1e5f68e64f079c6acdd1bfba565d9d91f5cdbf33951c16474bb101a6fb

SHA512
b6b21758c7221c6c62422cec9ac33c7c410161aef11ffdc7a5232ca096d81072a7e7dafdbbd164bad0ad8c1179b084537f4b7b7c5032cce1fb69aabd3c433a39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d028046241e64d21eb5fc5b396ee251a

SHA1
588d6dd64519d3cd17c3ed3a837aed91c2ff9370

SHA256
0955bb70d2773e932988877ce3f3618f3dc11228700f007675829e98e86e5203

SHA512
52586b8431621dfc1d1ea823b096a7bbd4e5b656e46542334f34fda8aff95301861da5bae2e385375a9131d194ddcc2515f85f25dc3dca8052bdcbc7b2ff0d56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
65f95cbd7ed983b65b408d1146d6af2a

SHA1
6a113c310a7075651f47fd131da71f944d5c5a0c

SHA256
4d2d221c3151e7bfdd9d4133ec2c1113b374e932471f4703671b4b8fca450228

SHA512
40b199ead8c10a81192399066a2823b76eca987dc694f2602f24103683d9d656235d50336b135dace410e9dfd7a6f20ba31b77d0e782bdbea964fe533e92a757

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
dee46d37e670376bc93afea397ef8d88

SHA1
264cba65dcf33fdda970420da0b4e57ba5e5cd10

SHA256
9a24729ac7e6d18508bc6d707cb56fc2b2e8cae2886723a0d038534c6a225876

SHA512
4edc907897f4eb0453278a89efd5d6e583854b441f58f97fae1060c72c9c7f1e4f641f43435abf2a47647766226b923f764016333eb6fbedabb7a51431cb6841

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
89a643b8ed5a25a083b67db192ccf084

SHA1
403699fbbf66bc589e549265a4a06a3adad26939

SHA256
9321536f7ac5fe31cb4fd904f74bbf512b5ce92bcf3cf13fd152fb7fc934d0b7

SHA512
32f0749dcffed8dffec7c215ca7d484e64829d7dc6db2aedc1415eccd7988dc31ac727160a1d6051b9cd47231b65888064628ff8b818bbbdbc83912acd02d854

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
96b83607313dfaeced8b21eba2724b8c

SHA1
8c9983af391ef43d0efc76a6c3f8d100bac97e9d

SHA256
8d2a2cad88c197b3bf0e87451998a7c2debbe4a7ece3f9dacf13c6756e808561

SHA512
5604b1350588e9550184460e01727b9ae88d028b7d59e40dc07d9a782aedd7cc2b286c03ee4a68e5b0287bb6f69fedde1199ffbe903479aad962f0adfaff91ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
bf5abbb73edfe4fb280c989f33c52e49

SHA1
551e0298d84b26222b813ef9a41bc1c7270dc307

SHA256
55bf754b05f744b6c39840015f7dc15e95bded9b255c1d61770fc608541ee3dc

SHA512
0cffc9de5455c8b92fda79bb3bc54e0bf9df9dc39a5e36b7218cdff26775a1f0cb8dba3611265ab8a049fae3514aec467b9ab3ab23116573a7d87c522a22d378

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6313bb7fdafe9bd472588f715dbb7fdc

SHA1
6cafffa653058c4d600c1b146c219df98dec389b

SHA256
09d0ced262fcf66437931998a8548ab639893f5294b2f01e88568e8a4bc75214

SHA512
de5ca8072f2b5dca035aaf62164f506ad9a3550be64d4736864da702a24a907db0051da9577eeb9206c58d945df4624f7d3c4a805fb42779c3e4521f45e6448d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f01d1f3967e30fb4a0d1cbcae374c76c

SHA1
249d812bb6fa22f61844e4f9630fd7dd075d09ed

SHA256
d8f0a919dd569044fa1537254c986efedd2b62900832dd009ce8711339530fab

SHA512
86933ef08050239c425fa8076e5985032ba2af793dbb8681b91d2f34233e4538c342c33d207918392626d90a1e0af7bafcc9c43cb774c44c979739f0bb073b6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
eb3fba52d152c8cca7b3daf18b8a4aff

SHA1
ea66d42070bbba03d9e2ea0f4efb8d3f60936180

SHA256
3d1351956d4fc65762318dfcc81cc2135ab33e500be0ea164d3aec4ccac52f91

SHA512
169b4e609fed9558444cfd0be57343687926e5f28f70c30d1d1f507d43c1aec1d7df13765a6f6dc377d3c476d126c02969c3f141539a1312f2e3b29763792511

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4f33c44e965921badd9c30599cf08f2d

SHA1
467d1504b6c41354c0132e50f7fb8e3aba757f0c

SHA256
8b75b226f5ba33ad5a6a305637a675c5f0f34e8a49555b677cb2986ae18b8196

SHA512
735d29f7c4762583af601860931951dfeac32b9418097e54a40e94e9ae17c93472e292067185e5b9eb297d71b62bdee1925dcb75db8ea29c945101f9f784fef3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
93b82e24d9d9a3ec736cf8ee6010eccf

SHA1
388690fcf65584993fefddca88cef2299acccbd9

SHA256
349ab6d7ae17494528a4a5ec27351c5dc42b729f22e0d74592ff9e426b6fa436

SHA512
c4d2b050d23be8693142283e5c033f1d34e94db57798e4f82a39244d49a82778d05f50778c1e064c726a5f260b07d052f2e21ed92f1b93eafb64d70b662e5566

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b2a2e6044902d336778dd414995121ee

SHA1
6e77b50492fcd22c9a4d3a48a1c3ad49fd7ea5e1

SHA256
8b7f23b7398b04814fa401cb05598954283be57d1b925da7591e99a6358f9815

SHA512
e7ffe4acb8b24a2f3ebf934333e290de1f87fff814ae3950258e971db786abcbdf1bfd4d46e83e8c4f65c5df37cede0b794da822bc5da5ac7139bb126fd9523d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2d59eab1b9b893c09c854fbc0175d9aa

SHA1
05b2d41e845c2490a299e446b43243cdca83fda0

SHA256
19fe4dc618184f3abf539bfcc11bed50a7fdb72d89adc68d45b1e864d4ff62cb

SHA512
afd1ffb8dac5d1e08258f6632daa3825b7859dbd78ea5c0badb3caa3ed93c10f812c6fca778defb0987249ad4f0e80ee59d92ea3c12e2dc9095a35b5cb621aa5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c6e17a1fe68c10a4469b4db93801f7d3

SHA1
926535eeb5fa00deca37b9f6b6c5c66d5c4dc3d0

SHA256
37370eb8fea795bd466ffe6eede129082019917baec84715ef604756dec8e924

SHA512
8a7838dba4e5f3dd4ad085286c7c8546d523865750ff7957ea3003d366fb73d3f654b51390a552b6742f67997c7892c8b1f488482d334d3e0a78ceb0182068fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c94fb7b544b7751ee15967d2fb6930f7

SHA1
06fdd097edcc21431507844aa13b2ca9fe172fc9

SHA256
e693e3919eb0b6b7a861a1763246539cc57187af1d243ebfa22cddaf12927810

SHA512
579eb3361201ab751cb7d3628cd50d3e4bf5d6aef4ad18c081461a7f08715d77a1f46a212608c9934caef5298db4455385ece4873150e43ef7a4c712780701aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
7975dfa0cc622bac87426edadaa422f9

SHA1
bfb0cbf7f66506a5d7ccc5329acb3f52b24904bd

SHA256
6cbea7a42fc20933442cde9a58ad08dd6abef407dff01c3a3ead8a57f33d5124

SHA512
f8d9fafc04177d038f63f0823bf81605fe1c06e25d533ece10e04e172935effac1dc2b8d249ac7d1492f50b2404ef31809963245a14dac6e9bc83cd980870113

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
1e42533fced1443446f99a6670d1a7ae

SHA1
e70992b7e9f0324399a167d9f54bab08438bbe1c

SHA256
9506411ffa76961fe85798bf4a5043cc5b4a0926c6db1b35be12901fce67f3ff

SHA512
d2a6f03b552121d1d0c72f4b482b7cb49882110221ce47714e246ed9a4529697492904267af06914876f2515acdb43b9257d2ac89b433c16941a1be2081d08f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
cda29cc56639de6c233db82c17c0ef16

SHA1
36d9d34e158778b7c29b76459f160e1baa4f890c

SHA256
0be8e821ecad353d0764531f30fda10f8202b235ea7b5cace8817030d6a66c6c

SHA512
46a708e989ebe12040d1133c696a169e9d826da62b3a0fc64e9d845665543d3f098d3fdf565a0d319cf88dc869d5f1dd9a5a9ce1ac919e5bd1abda99741ab44d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
8da53d51ce7deaf963ec063f655a6931

SHA1
b974defc6dfcbb696760aaf3eecb227c7a938c56

SHA256
9bcc3468e8b529cd69be9ffab0d4af9205de5235ac46822f2967fb31b8c2ea54

SHA512
f177f53ad19b41d5b871d9cc940ac8b6a9054f83678bca93f317bf0079f1059ea13835003d30db6ab6246307d13dc22ede8d3082da845875c64ca9acf49b0a28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
b4ca8b7d55ab2d8f079c078ce64a2d7e

SHA1
6d64ca12997d7faea178ece1982230be31227a9f

SHA256
22579f649a8b3825a436958ce4751706e9fab5ffb2841e40342a6e4336a3718d

SHA512
a093b4b00a88124e2cd0356f2195fda0b47a792247df5e28a3d51f83a93dee240ce6051a0eec4246775fdcccc5bfffefe009d41ec2a1b8eb714054c36d9d48ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
93KB

MD5
c97445a272ca27c4f7e56a33bb8779e2

SHA1
8c83b304046c3e7f49b795b12f1b64cb5399cdb9

SHA256
60688804a5d5978b82089f75f0b1d0a277c029f4dbc7987c40ce99161e9a9b0f

SHA512
ca3cd5ec7ee21eb36aa490dab80868021edbd8dd571fd5a652c54988aecc323df55c5b5455e58d006d1820658b388975b4f9be2d600ff6700cd69b10f56be936

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
112KB

MD5
7341934bc1a2447a678ebd8e41a67321

SHA1
4d4f17e4ca7c2a9ef708218ad6be311f1b30ef79

SHA256
ca3bc1b7fe146a1d5267d3c05912ea23bd8d76fbab4a940d185918ecea679e86

SHA512
a2d3820ed6d3a2f91ec46689414a524e62a301d63c86ae16c5627d53f37ace0eb22128124556ac6aa34d6d678d5c53f2f59e324d2ebc5d9dee6053acae70e500

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
110KB

MD5
8597067e9a1bd3e2e299c73c81e1d95a

SHA1
5350b5b4dec5a445da3fc892a4c9b3c5331bcf08

SHA256
df76c3a85a165c23329c69dcef138efeca279aef290e5e58e92f004f54f5fa54

SHA512
54f6cd46494e704d5e94f3d3e62fd096c0befc9a58efee73de0afbce39017f32a0dcf005b37d126034222d979e08974eeb5a26d5dac0dc1eec065f00783f7b57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58269e.TMP

Filesize
91KB

MD5
a4b081a07b0ba943c8cfeb898122e6ae

SHA1
5e3b4ab976695c83aa5c67b32237bf54c4f47fe6

SHA256
b29d0669ab0878ac857f485f981f91396fa0024e43dc0125ab78e30bdc2a978a

SHA512
6fe7342a8a7f0e0c79032d63f59c161185d7486a8e604b466d50fc20098c6245711f3c23461d7016f99a63fc2b882f11e3d6eae6b4cfeec9d111441514ba9935

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\Ethylenediaminetetraacetate.exe.zip.crdownload

Filesize
3.5MB

MD5
c10a252445cbbc732f25a266e8c00535

SHA1
36ed73ee2f749cfe077b28ebb4954fc3553f546d

SHA256
e58bd17d46b930d14c8a9184f41b2b53624d02316bec6c67597dfba4c8a0cbfe

SHA512
c6ef28ae4c3c24586f625de4fd665cafe389742449dfa6f0d75a60bcb96b33278f9daf382fb8238872d1210a80b16ebb93d9f4103f42f87b462a2def99f3e681

Download Submit
C:\Users\Admin\Downloads\Fake Nvidia installer (pass 1234).rar.crdownload

Filesize
3.5MB

MD5
294ecd0652df2f3eeab38dec90c0b1b1

SHA1
f4a588257e422994821302136513f51e04cb74d0

SHA256
42ae555c1f9357f22efa16f56dc0c6df92b0ad981a5bce17dbf8aeac2089bfc2

SHA512
3df2c26a8ab8796f55be81c471751d33a7ba91ee287631f428d458bf1e0b02ec10e9be0a8c79272f8a049ef9a2269d2e6396c9061b49a486a240015d62c78581

Download Submit
C:\Users\Admin\Downloads\winrar-x64-700.exe

Filesize
3.8MB

MD5
48deabfacb5c8e88b81c7165ed4e3b0b

SHA1
de3dab0e9258f9ff3c93ab6738818c6ec399e6a4

SHA256
ff309d1430fc97fccaa9cb82ddf3d23ce9afdf62dcf8c69512de40820df15e24

SHA512
d1d30f6267349bb23334f72376fe3384ac14d202bc8e12c16773231f5f4a3f02b76563f05b11d89d5ef6c05d4acaacc79f72f1d617ee6d1b6eddab2b866426af

Download Submit
memory/1128-1004-0x00007FFFCDE90000-0x00007FFFCDEA1000-memory.dmp

Filesize
68KB

Download
memory/1128-1013-0x00007FFFCCF80000-0x00007FFFCCF91000-memory.dmp

Filesize
68KB

Download
memory/1128-1001-0x00007FFFCDEF0000-0x00007FFFCDF07000-memory.dmp

Filesize
92KB

Download
memory/1128-1003-0x00007FFFCDEB0000-0x00007FFFCDEC7000-memory.dmp

Filesize
92KB

Download
memory/1128-1007-0x00007FFFBA960000-0x00007FFFBAB6B000-memory.dmp

Filesize
2.0MB

Download
memory/1128-1002-0x00007FFFCDED0000-0x00007FFFCDEE1000-memory.dmp

Filesize
68KB

Download
memory/1128-999-0x00007FFFBAB70000-0x00007FFFBAE26000-memory.dmp

Filesize
2.7MB

Download
memory/1128-1000-0x00007FFFCDF10000-0x00007FFFCDF28000-memory.dmp

Filesize
96KB

Download
memory/1128-1006-0x00007FFFCD410000-0x00007FFFCD421000-memory.dmp

Filesize
68KB

Download
memory/1128-1015-0x00007FFFCCAF0000-0x00007FFFCCB0B000-memory.dmp

Filesize
108KB

Download
memory/1128-1014-0x00007FFFCCB10000-0x00007FFFCCB21000-memory.dmp

Filesize
68KB

Download
memory/1128-1005-0x00007FFFCD430000-0x00007FFFCD44D000-memory.dmp

Filesize
116KB

Download
memory/1128-1012-0x00007FFFCCFA0000-0x00007FFFCCFB1000-memory.dmp

Filesize
68KB

Download
memory/1128-1011-0x00007FFFCD3A0000-0x00007FFFCD3B8000-memory.dmp

Filesize
96KB

Download
memory/1128-1010-0x00007FFFCD3E0000-0x00007FFFCD401000-memory.dmp

Filesize
132KB

Download
memory/1128-1009-0x00007FFFCCC20000-0x00007FFFCCC61000-memory.dmp

Filesize
260KB

Download
memory/1128-1008-0x00007FFFB98B0000-0x00007FFFBA960000-memory.dmp

Filesize
16.7MB

Download
memory/1128-997-0x00007FF661A50000-0x00007FF661B48000-memory.dmp

Filesize
992KB

Download
memory/1128-998-0x00007FFFD0710000-0x00007FFFD0744000-memory.dmp

Filesize
208KB

Download
memory/1128-1046-0x00007FFFB98B0000-0x00007FFFBA960000-memory.dmp

Filesize
16.7MB

Download
memory/3228-996-0x0000000000ED0000-0x000000000103B000-memory.dmp

Filesize
1.4MB

Download
memory/3228-985-0x0000000000ED0000-0x000000000103B000-memory.dmp

Filesize
1.4MB

Download