Resubmissions

07/05/2024, 12:22

240507-pjxt9sab53 7

07/05/2024, 12:19

240507-phfvcsaa87 8

07/05/2024, 12:09

240507-pbhelshg42 6

07/05/2024, 11:59

240507-n59khshe59 7

07/05/2024, 11:59

240507-n5x7gshe53 1

07/05/2024, 11:56

240507-n386zaeg5x 5

07/05/2024, 11:40

240507-ntbjcaec5y 5

Analysis

  • max time kernel
    115s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/05/2024, 12:19

General

  • Target

    images (1).jpg

  • Size

    3KB

  • MD5

    6f62187dbc30d53e1d661e8914fa708d

  • SHA1

    99b0006f843c006156628767d71cbafd922804bd

  • SHA256

    bdd5ea18320c3fb29eece7ffff299152d11361659e8640f64de736affbe11e61

  • SHA512

    496f2919cf60ede364db5d5f6947e2a6f607bbe43876745a8443a4ea74068df8961f0629d6a4ae23bf2e4d18b59f40118f63e3c3a6d25c604955ac2eb7a993d8

Malware Config

Signatures

  • Disables Task Manager via registry modification
  • Adds Run key to start application 2 TTPs 1 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Kills process with taskkill 2 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\images (1).jpg"
    1⤵
      PID:2608
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe"
      1⤵
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:2100
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff764dcc40,0x7fff764dcc4c,0x7fff764dcc58
        2⤵
          PID:3644
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1688,i,17727786053816473683,5208500345042902012,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1948 /prefetch:2
          2⤵
            PID:1196
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1812,i,17727786053816473683,5208500345042902012,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2032 /prefetch:3
            2⤵
              PID:4176
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2216,i,17727786053816473683,5208500345042902012,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2324 /prefetch:8
              2⤵
                PID:2448
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,17727786053816473683,5208500345042902012,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3120 /prefetch:1
                2⤵
                  PID:1948
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,17727786053816473683,5208500345042902012,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3136 /prefetch:1
                  2⤵
                    PID:2644
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3700,i,17727786053816473683,5208500345042902012,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4572 /prefetch:1
                    2⤵
                      PID:1092
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3692,i,17727786053816473683,5208500345042902012,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4712 /prefetch:8
                      2⤵
                        PID:4272
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4736,i,17727786053816473683,5208500345042902012,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4804 /prefetch:8
                        2⤵
                          PID:4392
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4832,i,17727786053816473683,5208500345042902012,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4768 /prefetch:8
                          2⤵
                            PID:992
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4756,i,17727786053816473683,5208500345042902012,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4680 /prefetch:8
                            2⤵
                              PID:1784
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4436,i,17727786053816473683,5208500345042902012,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5080 /prefetch:1
                              2⤵
                                PID:3892
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5352,i,17727786053816473683,5208500345042902012,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5216 /prefetch:1
                                2⤵
                                  PID:1120
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5124,i,17727786053816473683,5208500345042902012,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5484 /prefetch:1
                                  2⤵
                                    PID:3136
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5128,i,17727786053816473683,5208500345042902012,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4664 /prefetch:1
                                    2⤵
                                      PID:3964
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3268,i,17727786053816473683,5208500345042902012,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5336 /prefetch:8
                                      2⤵
                                        PID:4480
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3364,i,17727786053816473683,5208500345042902012,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3372 /prefetch:8
                                        2⤵
                                        • Modifies registry class
                                        PID:4576
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3360,i,17727786053816473683,5208500345042902012,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5292 /prefetch:1
                                        2⤵
                                          PID:2136
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5104,i,17727786053816473683,5208500345042902012,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3176 /prefetch:8
                                          2⤵
                                            PID:5232
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5632,i,17727786053816473683,5208500345042902012,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5616 /prefetch:8
                                            2⤵
                                              PID:5772
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6068,i,17727786053816473683,5208500345042902012,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3300 /prefetch:8
                                              2⤵
                                                PID:6040
                                            • C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
                                              "C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
                                              1⤵
                                                PID:64
                                              • C:\Windows\system32\svchost.exe
                                                C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                                1⤵
                                                  PID:3200
                                                • C:\Windows\System32\rundll32.exe
                                                  C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                  1⤵
                                                    PID:532
                                                  • C:\Users\Admin\AppData\Local\Temp\Temp1_ColorBug.zip\[email protected]
                                                    "C:\Users\Admin\AppData\Local\Temp\Temp1_ColorBug.zip\[email protected]"
                                                    1⤵
                                                    • Adds Run key to start application
                                                    PID:5168
                                                  • C:\Users\Admin\AppData\Local\Temp\Temp1_000.zip\[email protected]
                                                    "C:\Users\Admin\AppData\Local\Temp\Temp1_000.zip\[email protected]"
                                                    1⤵
                                                    • Enumerates connected drives
                                                    • Sets desktop wallpaper using registry
                                                    • Modifies registry class
                                                    • Suspicious use of SetWindowsHookEx
                                                    PID:6124
                                                    • C:\Windows\SysWOW64\cmd.exe
                                                      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\windl.bat""
                                                      2⤵
                                                        PID:4008
                                                        • C:\Windows\SysWOW64\taskkill.exe
                                                          taskkill /f /im explorer.exe
                                                          3⤵
                                                          • Kills process with taskkill
                                                          PID:4848
                                                        • C:\Windows\SysWOW64\taskkill.exe
                                                          taskkill /f /im taskmgr.exe
                                                          3⤵
                                                          • Kills process with taskkill
                                                          PID:3212
                                                        • C:\Windows\SysWOW64\Wbem\WMIC.exe
                                                          wmic useraccount where name='Admin' set FullName='UR NEXT'
                                                          3⤵
                                                            PID:1704
                                                          • C:\Windows\SysWOW64\Wbem\WMIC.exe
                                                            wmic useraccount where name='Admin' rename 'UR NEXT'
                                                            3⤵
                                                              PID:5544
                                                            • C:\Windows\SysWOW64\shutdown.exe
                                                              shutdown /f /r /t 0
                                                              3⤵
                                                                PID:3404
                                                          • C:\Windows\system32\LogonUI.exe
                                                            "LogonUI.exe" /flags:0x4 /state0:0xa38d0855 /state1:0x41c64e6d
                                                            1⤵
                                                              PID:5724

                                                            Network

                                                                  MITRE ATT&CK Enterprise v15

                                                                  Replay Monitor

                                                                  Loading Replay Monitor...

                                                                  Downloads

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                                                                    Filesize

                                                                    649B

                                                                    MD5

                                                                    f9ced12d849356db80c920deab35f5d6

                                                                    SHA1

                                                                    bdc84cc0b92e4b024d1c0da6f4dc5a7740c48783

                                                                    SHA256

                                                                    d6de6c6592edecf7ad8485d7a1958e2c4b2c09ba27da7ccefe02e54d16046905

                                                                    SHA512

                                                                    8c14fc22798ad2350bdb624675f25d7e4d2eaadfe1af1be4820702c9bf3a88d4c8ab2d0d9962f16ad1942194e88ae08a570005c17126896ce33337236d404eb4

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

                                                                    Filesize

                                                                    472KB

                                                                    MD5

                                                                    e1f573dd1be4c28839166fad04f60176

                                                                    SHA1

                                                                    b051e6dee2cfd2ca171f6388fe7d4b336728cd52

                                                                    SHA256

                                                                    26c540b2a929190d0aeb27d41d456bd72e2dd7b6208b18c47725b18804332f3e

                                                                    SHA512

                                                                    18e88ea4f27de36560860f3e926885025c8ef791ba58227518b7bd3ce6929c826a3264d915de89f38d05589016aa39c0654008df5cf266085916539ba59ef6ba

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                    Filesize

                                                                    2KB

                                                                    MD5

                                                                    2fe6d02dcef8c4ebbfa907eebcf6f6dd

                                                                    SHA1

                                                                    19c9ccd764122405bf96d9535c9f35bbd62c465a

                                                                    SHA256

                                                                    67a59737399b42d471f5ea7f3b4f837fbacf8d512c52fcd4a4e8f38c75cb603f

                                                                    SHA512

                                                                    8f01caba694d9d535688d3615826d27dc264cd036d85b7d288f8333aa2e1c5b7f1b6fbf23c560f554ee00041881bf863e6a57318a5da66a6c179feb6fcbb0067

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                    Filesize

                                                                    8KB

                                                                    MD5

                                                                    a0a9043dd460f09808e0fbe087272ef4

                                                                    SHA1

                                                                    da2f20893e70600f579943052a5154565ec33d86

                                                                    SHA256

                                                                    c23ec554ae3028d8915667926452d30e6f5ecbe57ecd2cd54e6d92549e837283

                                                                    SHA512

                                                                    6d292a37504a1803cd6f4458cf66247b3370a2fabff3aed6c91868f463e4953ae2527bafb9f32eb51c71762d92f0a65cee4ba31d1b07d442cbe7ae9843780b6c

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                                                    Filesize

                                                                    2B

                                                                    MD5

                                                                    d751713988987e9331980363e24189ce

                                                                    SHA1

                                                                    97d170e1550eee4afc0af065b78cda302a97674c

                                                                    SHA256

                                                                    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                    SHA512

                                                                    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                    Filesize

                                                                    1KB

                                                                    MD5

                                                                    f4fc9f9c6c2e7f13e1341b5c8d95c88f

                                                                    SHA1

                                                                    1ce9ff2806666bf1eff76f2ab1cf61592ea753bf

                                                                    SHA256

                                                                    1d8d91409a9b602031a9ef961a3dc46a321008f9098551b77a541d93602b797c

                                                                    SHA512

                                                                    037239959b9a6aa2ed2d8dacf45fc90eb662580055689d2205c80dbfca235f43413b0b5ef3adcd52c7d2c14e289d4d144385d0e98c1310005e95086add677147

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                    Filesize

                                                                    356B

                                                                    MD5

                                                                    f6e0d23261c705c4867f8a641b1b9487

                                                                    SHA1

                                                                    55db9062810c82151e0074a244d11d0362972c7b

                                                                    SHA256

                                                                    14fb8c7c74d80547692d55fb046450efb59daa3904be2cbbb240676dd371dfa3

                                                                    SHA512

                                                                    53b932dabeb88de1dd1a00bc29e0f41b7f3e4964ffc6a707b9597dc60a8451f0e63571c950b4a95bc409246e936b2d4effde541384c1be49ebcf39da965ef78a

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                    Filesize

                                                                    356B

                                                                    MD5

                                                                    b4bd6c43bf90b7f84821fe8912909d3a

                                                                    SHA1

                                                                    88daf3c8f70a582252d8804ba55b2049476f018f

                                                                    SHA256

                                                                    92dbe9c83a1263107be6318d9a29e550343dc973f8d3e144fc832387b0e0c9cf

                                                                    SHA512

                                                                    be4055a83a224fb048a4dae949c17827b41c373ac124ed003f0f38ae0189a7f80b7cef1ba91120955488942cf17d72ce5e4d8fe49d3b3987f08b4a3a61d2cfed

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                    Filesize

                                                                    1KB

                                                                    MD5

                                                                    8b94593f22d6a1fe07729498016651f0

                                                                    SHA1

                                                                    bffeaff9074dca445e8de9b13bd2f06a8c3a791e

                                                                    SHA256

                                                                    b236dcbf142c25397263662446fc6f80b9567ba30d45afa4bd8f3a8d5b6c928f

                                                                    SHA512

                                                                    ddf2763c4c2e8e9550ff277c1ab0eb4084e070a9db91e46a3b5a714f212f94fbb6aef9732448f5c2ac89cc05a6fab79d87464fb31616a9af0fa6b5b4d38c8c59

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                    Filesize

                                                                    1KB

                                                                    MD5

                                                                    918a4ed480f9e29562d4e13099e6a980

                                                                    SHA1

                                                                    e04c8c1b8ff67f46332ad35a5ccc23a86a77d879

                                                                    SHA256

                                                                    30dd7a714b2cf09881db4ec4105eacb8f4b117c8c349e28557b04a6545a23575

                                                                    SHA512

                                                                    13c53bbb6895d0253a2035f3fc70ab01c25e0a511d6546b040a652839ed6083d2e7cde14d13ce4e4db2181edcd75b3e72b5e709d03f8e9231b7300774fd9e52e

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                    Filesize

                                                                    11KB

                                                                    MD5

                                                                    aca787cb008041b54f1c1b8c84bed948

                                                                    SHA1

                                                                    13dede05b628b4a95b869b35b166d4ceac020249

                                                                    SHA256

                                                                    a4532bdb16951579803f581c2218628a4c25f0d3d7d25743e5b8e14947202fb7

                                                                    SHA512

                                                                    3d44ca17631e5dd27ddccee1a5033a3afc61e019144ed9cafa6c1ed477135e252c6dd9f58f449a61a0f2002b6c50cd27699f6c4bf4284501aa02f72f0e90b931

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                    Filesize

                                                                    9KB

                                                                    MD5

                                                                    eb01c7f20ed7ac9826017ff8e31516b8

                                                                    SHA1

                                                                    5ed695ce395ebd2e33f2e4975a024f81072b41f9

                                                                    SHA256

                                                                    35fa3a1c2622312b6f5373c21d29932ec48c3c65372fc9ff22a6bb286e4b7894

                                                                    SHA512

                                                                    0687ac46b584c99c6d545d731ff75d74cd6f0add10e3dfc643ad501f411ec2dc438bf6df4834151443b4126b899b15bea43690d295fc70e6b52f6f3a4795b247

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                    Filesize

                                                                    11KB

                                                                    MD5

                                                                    ba538f4a8a4651ced8eae097ec5cc0a3

                                                                    SHA1

                                                                    fe8963dad79fd522ccfd4dae6a4e03e19e70e714

                                                                    SHA256

                                                                    f9dca89bd2a46640a0c4b57b24e7fa7447bc0202b903a2d9f3494193a99a070f

                                                                    SHA512

                                                                    ce2bada184e4729198f0678211fe3c5fe73b4e0bfb6bc9c9d3b3e1233ae64ff4bffcd36d3777872084c0f36a037e3eacfdab94baf934e41240a4a4e3c85c28f9

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                    Filesize

                                                                    10KB

                                                                    MD5

                                                                    339f5f27b694004ba5503613a88d90c3

                                                                    SHA1

                                                                    73c924c18399b21ade65e44ecf3ac59720cc259a

                                                                    SHA256

                                                                    a2ce1d1752c24f3bd2cfc012528d1245619e483bb520aad9c5beee6aea0a0f91

                                                                    SHA512

                                                                    8ad4273260d3b4cc8403d2ddea5e7fa5e41d3dcf4984d76dfd78f79babe54f0be3e7c99b96ef711059439292e4e4c59bd60a35df61ffdf1fe215b84deea2f0cb

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                    Filesize

                                                                    11KB

                                                                    MD5

                                                                    e02ca2c26f1822f2a8b9cd106c6922f6

                                                                    SHA1

                                                                    a12aaa2bd6d20438e57d53307f0db31dfa3ebaa4

                                                                    SHA256

                                                                    b6a14df28a90e1c5d42164426e4aca1fd1a49f4302455138e40db3fb29f216c9

                                                                    SHA512

                                                                    fa5fc7045454abfe8ed1ef1a17d4054e3d45bfd32aeb75b205013238bf1feb7e97d08f0e78aaf2008f73d9009143b4e5525b8add0a16ea191b7d967bc6b583a1

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                    Filesize

                                                                    9KB

                                                                    MD5

                                                                    d3f83ddafa0aee9bd50c2f363860d95d

                                                                    SHA1

                                                                    4bb2de0f7bfe89496739e8131fc8e9b4b228ac61

                                                                    SHA256

                                                                    35b7b4c747cd517fe66d4de22cfd45315e1aabd481a045c28ee24ab801c31807

                                                                    SHA512

                                                                    08086965c4ef607926e5dc33db1aac7ffd529040d4fad3015d1ca466b2854d345dee079bb1cb84f852ecdc007c694c8436985207b5878d063eafb6875a27b72d

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                    Filesize

                                                                    10KB

                                                                    MD5

                                                                    7bd76587fdd498b5877360ae3bb3738d

                                                                    SHA1

                                                                    21fedff6d0810578dce0c66c01d10495f4f5f96e

                                                                    SHA256

                                                                    f0769278a5e3c60f994d05ab79e23380ac7ea5e0e75a462333f32c5852038c49

                                                                    SHA512

                                                                    8fdbf474cf0ec209721ff9479c8f0cdfe041ebfd493971184d714af8e983e86f68653d02228c6aa2ede2080b1bced8900f46d0973399679f911afa7e48e36e1a

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                    Filesize

                                                                    11KB

                                                                    MD5

                                                                    7dba7a1a7f6fd4c640f0ff149a01b78b

                                                                    SHA1

                                                                    2e43e76c1f9cfdc8dbc950d05a0605464cd8bb92

                                                                    SHA256

                                                                    b60134674985394f5d2fdd76e4c2c61bf703ac209c452c31d30d9215c3fe5de6

                                                                    SHA512

                                                                    ebaeacd450099f2f781b28e280eadccd8cbc8fbddfdcc6fd8ae4d12a15f50e03bc5d56a17ace56e8750f4e359a7ef515fda4305b4ba46d662be005b9512cf381

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                    Filesize

                                                                    11KB

                                                                    MD5

                                                                    4c9ac9bc0717639a50a286930584daff

                                                                    SHA1

                                                                    431d0982eb47e23c781f9d6616c5c035b3754921

                                                                    SHA256

                                                                    833dec70e114db006f56c2374846868ec6b571754f8b133a4c4fba9220ca14f0

                                                                    SHA512

                                                                    5d81ccaaeb8490cd09235ce38200b92d21bd2d6e58bb421fc09d5ff4d66e6b1858117829aed3d2942b4048d121f9d3cbd93fe1ff26b021feafdbd1664d1bb844

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                                                    Filesize

                                                                    15KB

                                                                    MD5

                                                                    757e2944da0cc68c5919bc375801b450

                                                                    SHA1

                                                                    3f790b5529eca741545f3b13227005c6db6556b4

                                                                    SHA256

                                                                    6a4b9986075ae8d1453bd30f7255498b74d4a0d8be5e8eceb0b91f39911e8ea1

                                                                    SHA512

                                                                    041ca7552bd96b150507135940b1d0d663e4f59662b8ba9f475107e6b71e46499d14a2f593cbf84fd4943276412e26cf822466c79d02f1b9e70ffcf4a0ea7fba

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

                                                                    Filesize

                                                                    82B

                                                                    MD5

                                                                    9c12ec41b948e46a5108b7dbfaf1d16c

                                                                    SHA1

                                                                    860c5126809bae1950aa06800c5c1bcdf05f6c53

                                                                    SHA256

                                                                    34291f16a0ca09f3129132c388fbf0d909778432ae92059c6d85f77a622dc004

                                                                    SHA512

                                                                    a93099ce7e7896b91fe111c44df3beece4828d40705f08f403c63502cf778822f276a3d40f01bee3433b8b1de32cfeef9c8b445bfcfaf56befae6b3ec43f463c

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe57d273.TMP

                                                                    Filesize

                                                                    146B

                                                                    MD5

                                                                    a1d32b4581aa2b1ad1f4a52b99560a1b

                                                                    SHA1

                                                                    07914afc2793b80739d9a9dd655ddbe483aa4b1b

                                                                    SHA256

                                                                    a021288acb18fb9cf4fd8094bde7c9af31a54c5cd7e84aec53fce8db194a3930

                                                                    SHA512

                                                                    b5c9e5a99c197d6a4315b3c928c884e5d529221959f6c5eef58dd638d39d530912ce88eb9a13767143c3fc6f9ce9082807fc93bf1f4a7513b4810532703c528b

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                    Filesize

                                                                    152KB

                                                                    MD5

                                                                    fccd649ef80c4b8812b43469875e2505

                                                                    SHA1

                                                                    4aa8de2d99c6d2a8a1b27813c3045a170d4573c7

                                                                    SHA256

                                                                    722ff87ec647234222c4a1967cdb75e4de96a16e5b0f79e8ffe73813dd1fafa2

                                                                    SHA512

                                                                    758312ab85e6f5164fd722be046ed9e51dea7c21a650900c48f6b35723ec6315e464d8604bf0886abf6a3cf6ea084b47bc26c5fe5c5eb82251e76de415c60b0c

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                    Filesize

                                                                    152KB

                                                                    MD5

                                                                    b9159e83a4b067c4112533e81495ec44

                                                                    SHA1

                                                                    0cccefc4eaa93b8e425aa4f2ba21ec5bd1727eae

                                                                    SHA256

                                                                    0064d08607a42244b1539e30e7faff64f064251be1ad19b03d08836719d30bb3

                                                                    SHA512

                                                                    99d6176bb3fd7eff3df634af375bb89c3afa006f7408fa3d7795da7d189a0a781e42456ec1473b6b58a1838eb449ae5a8879054b71ae925df462a362478d440c

                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                    Filesize

                                                                    152KB

                                                                    MD5

                                                                    d8d83cdd3b7a66222c5666c2dac5a149

                                                                    SHA1

                                                                    7196a865a53bb469366359007441534b0fba76e2

                                                                    SHA256

                                                                    f58a0e9aef0c1efe7c94c200470706f7ba397cec5d4af3bb802529cdabf28268

                                                                    SHA512

                                                                    796f5a927443349bfa23cfc4ac4453a55f7571e4e463d658f0537f438469cdc104aa84be39d1facf86decbbddbfd6c808c6c0284f4672c7d8f340503dec55c10

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

                                                                    Filesize

                                                                    896KB

                                                                    MD5

                                                                    de708a6fced82eac2670ef85188abbbe

                                                                    SHA1

                                                                    6e3445aaec4c000a9371672d454a0ae5a35f7631

                                                                    SHA256

                                                                    a01ff1d989e2904396fb5f44488dcc4dff4cbb66a328c5c062f706e35be129ce

                                                                    SHA512

                                                                    0d27c9dcf78c04f5d43e8b198ace4d1c005691673f0d9d44f5fa10ebcea1812635ffe5f80dca4b3c37f387a7d7c6229a386c727a5bb07ba039c81618aa240464

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.2\WMSDKNS.XML

                                                                    Filesize

                                                                    9KB

                                                                    MD5

                                                                    7050d5ae8acfbe560fa11073fef8185d

                                                                    SHA1

                                                                    5bc38e77ff06785fe0aec5a345c4ccd15752560e

                                                                    SHA256

                                                                    cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

                                                                    SHA512

                                                                    a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

                                                                  • C:\Users\Admin\AppData\Local\Temp\one.rtf

                                                                    Filesize

                                                                    403B

                                                                    MD5

                                                                    6fbd6ce25307749d6e0a66ebbc0264e7

                                                                    SHA1

                                                                    faee71e2eac4c03b96aabecde91336a6510fff60

                                                                    SHA256

                                                                    e152b106733d9263d3cf175f0b6197880d70acb753f8bde8035a3e4865b31690

                                                                    SHA512

                                                                    35a0d6d91178ec10619cf4d2fd44d3e57aa0266e1779e15b1eef6e9c359c77c384e0ffe4edb2cde980a6847e53f47733e6eacb72d46762066b3541dee3d29064

                                                                  • C:\Users\Admin\AppData\Local\Temp\rniw.exe

                                                                    Filesize

                                                                    76KB

                                                                    MD5

                                                                    9232120b6ff11d48a90069b25aa30abc

                                                                    SHA1

                                                                    97bb45f4076083fca037eee15d001fd284e53e47

                                                                    SHA256

                                                                    70faa0e1498461731f873d3594f20cbf2beaa6f123a06b66f9df59a9cdf862be

                                                                    SHA512

                                                                    b06688a9fc0b853d2895f11e812c48d5871f2793183fda5e9638ded22fc5dc1e813f174baedc980a1f0b6a7b0a65cd61f29bb16acc6dd45da62988eb012d6877

                                                                  • C:\Users\Admin\AppData\Local\Temp\windl.bat

                                                                    Filesize

                                                                    771B

                                                                    MD5

                                                                    a9401e260d9856d1134692759d636e92

                                                                    SHA1

                                                                    4141d3c60173741e14f36dfe41588bb2716d2867

                                                                    SHA256

                                                                    b551fba71dfd526d4916ae277d8686d83fff36d22fcf6f18457924a070b30ef7

                                                                    SHA512

                                                                    5cbe38cdab0283b87d9a9875f7ba6fa4e8a7673d933ca05deddddbcf6cf793bd1bf34ac0add798b4ed59ab483e49f433ce4012f571a658bc0add28dd987a57b6

                                                                  • C:\Users\Admin\Desktop\UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR N1XT.txt

                                                                    Filesize

                                                                    396B

                                                                    MD5

                                                                    9037ebf0a18a1c17537832bc73739109

                                                                    SHA1

                                                                    1d951dedfa4c172a1aa1aae096cfb576c1fb1d60

                                                                    SHA256

                                                                    38c889b5d7bdcb79bbcb55554c520a9ce74b5bfc29c19d1e4cb1419176c99f48

                                                                    SHA512

                                                                    4fb5c06089524c6dcd48b6d165cedb488e9efe2d27613289ef8834dbb6c010632d2bd5e3ac75f83b1d8024477ebdf05b9e0809602bbe1780528947c36e4de32f

                                                                  • C:\Users\Admin\Downloads\000.zip

                                                                    Filesize

                                                                    119KB

                                                                    MD5

                                                                    d113bd83e59586dd8f1843bdb9b98ee0

                                                                    SHA1

                                                                    6c203d91d5184dade63dbab8aecbdfaa8a5402ab

                                                                    SHA256

                                                                    9d3fe04d88c401178165f7fbdf307ac0fb690cc5fef8b70ee7f380307d4748f8

                                                                    SHA512

                                                                    0e763ff972068d2d9946a2659968e0f78945e9bf9a73090ec81f2a6f96ac9b43a240544455068d41afa327035b20b0509bb1ad79a28147b6375ed0c0cf3efec5

                                                                  • C:\Users\Admin\Downloads\ColorBug.zip

                                                                    Filesize

                                                                    28KB

                                                                    MD5

                                                                    34071c621da9508f92696709d71bb30a

                                                                    SHA1

                                                                    5817a14b8da5da5aecd59f5016c2b02fbbe2f631

                                                                    SHA256

                                                                    ff2e6648e019087c2ec3c0f9eab548a761122b696caca171ab88e414ba5615cd

                                                                    SHA512

                                                                    eb4c3b5ce9a4d6e979565d44c1a1432272bd2b9d1b83ca6b03ddc9982a5a6c341126ba71bbfd0e8d443ffa93265b6d205c187f586ff0bcb708965d2db6c98b45

                                                                  • memory/2800-483-0x0000000000400000-0x0000000000414000-memory.dmp

                                                                    Filesize

                                                                    80KB

                                                                  • memory/3560-484-0x0000000000400000-0x0000000000414000-memory.dmp

                                                                    Filesize

                                                                    80KB

                                                                  • memory/5168-463-0x0000000000400000-0x0000000000414000-memory.dmp

                                                                    Filesize

                                                                    80KB

                                                                  • memory/6124-554-0x000000000BE30000-0x000000000BE40000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                  • memory/6124-545-0x000000000BE70000-0x000000000BE80000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                  • memory/6124-540-0x000000000BBD0000-0x000000000BBDE000-memory.dmp

                                                                    Filesize

                                                                    56KB

                                                                  • memory/6124-550-0x000000000BE30000-0x000000000BE40000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                  • memory/6124-543-0x000000000BE70000-0x000000000BE80000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                  • memory/6124-553-0x000000000BE70000-0x000000000BE80000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                  • memory/6124-552-0x000000000BE70000-0x000000000BE80000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                  • memory/6124-551-0x000000000BE30000-0x000000000BE40000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                  • memory/6124-539-0x000000000BC00000-0x000000000BC38000-memory.dmp

                                                                    Filesize

                                                                    224KB

                                                                  • memory/6124-521-0x0000000005840000-0x0000000005DE4000-memory.dmp

                                                                    Filesize

                                                                    5.6MB

                                                                  • memory/6124-520-0x00000000000C0000-0x000000000076E000-memory.dmp

                                                                    Filesize

                                                                    6.7MB

                                                                  • memory/6124-546-0x000000000BE70000-0x000000000BE80000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                  • memory/6124-544-0x000000000BE70000-0x000000000BE80000-memory.dmp

                                                                    Filesize

                                                                    64KB