hxxps://github[.]com/pankoza2-pl/malwaredatabase-old

Analysis

max time kernel
108s
max time network
106s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
10/06/2024, 23:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/pankoza2-pl/malwaredatabase-old

Score

8^/10

bootkit persistence spyware stealer upx

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 48 IoCs

pid	Process
3532	A employee has shared Covid-19 report with You.doc.exe
4256	GuideLauncher.exe
700	rundll86.exe
1560	rundll86.exe
4612	rundll86.exe
2880	rundll86.exe
4760	MBRDemon.exe
4276	rundll86.exe
3976	rundll86.exe
4280	rundll86.exe
4272	rundll86.exe
4840	rundll86.exe
772	rundll86.exe
4724	rundll86.exe
4072	rundll86.exe
4744	rundll86.exe
804	rundll86.exe
1524	rundll86.exe
5036	rundll86.exe
3824	rundll86.exe
2340	rundll86.exe
876	rundll86.exe
240	rundll86.exe
4300	rundll86.exe
4068	rundll86.exe
5104	rundll86.exe
1328	rundll86.exe
1792	rundll86.exe
364	rundll86.exe
1380	rundll86.exe
4712	rundll86.exe
1888	rundll86.exe
3388	rundll86.exe
1800	rundll86.exe
3332	rundll86.exe
752	rundll86.exe
1048	rundll86.exe
4340	rundll86.exe
4484	rundll86.exe
820	rundll86.exe
1884	rundll86.exe
4104	rundll86.exe
3252	rundll86.exe
708	rundll86.exe
3168	rundll86.exe
1180	rundll86.exe
2868	rundll86.exe
2680	rundll86.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000700000001acbf-218.dat	upx
behavioral1/memory/3532-231-0x0000000000400000-0x000000000046E000-memory.dmp	upx
behavioral1/memory/3532-258-0x0000000000400000-0x000000000046E000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
37	raw.githubusercontent.com
38	raw.githubusercontent.com

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	MBRDemon.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\server\classes.jsa	cmd.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\server\classes.jsa	cmd.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\4183903823\2290032291.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\1601268389\715946058.pri	taskmgr.exe
File opened for modification	C:\Windows\Globalization\ICU\icudtl.dat	cmd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Delays execution with timeout.exe 46 IoCs

evasion

pid	Process
620	timeout.exe
4576	timeout.exe
2496	timeout.exe
3988	timeout.exe
2860	timeout.exe
4876	timeout.exe
1252	timeout.exe
4284	timeout.exe
1888	timeout.exe
880	timeout.exe
2576	timeout.exe
3932	timeout.exe
4424	timeout.exe
2476	timeout.exe
3812	timeout.exe
1420	timeout.exe
2276	timeout.exe
4400	timeout.exe
4268	timeout.exe
4200	timeout.exe
4212	timeout.exe
4236	timeout.exe
1432	timeout.exe
1952	timeout.exe
2928	timeout.exe
3532	timeout.exe
60	timeout.exe
4296	timeout.exe
1348	timeout.exe
4328	timeout.exe
592	timeout.exe
2364	timeout.exe
4252	timeout.exe
1564	timeout.exe
5084	timeout.exe
824	timeout.exe
596	timeout.exe
5044	timeout.exe
2424	timeout.exe
3668	timeout.exe
2476	timeout.exe
1900	timeout.exe
1768	timeout.exe
4344	timeout.exe
2808	timeout.exe
4388	timeout.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133625352017481667"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings	cmd.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
3928	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 29 IoCs

pid	Process
3336	chrome.exe
3336	chrome.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3336	chrome.exe
3336	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3336 wrote to memory of 2892	3336	chrome.exe	73
PID 3336 wrote to memory of 2892	3336	chrome.exe	73
PID 3336 wrote to memory of 2904	3336	chrome.exe	75
PID 3336 wrote to memory of 2904	3336	chrome.exe	75
PID 3336 wrote to memory of 2904	3336	chrome.exe	75
PID 3336 wrote to memory of 2904	3336	chrome.exe	75
PID 3336 wrote to memory of 2904	3336	chrome.exe	75
PID 3336 wrote to memory of 2904	3336	chrome.exe	75
PID 3336 wrote to memory of 2904	3336	chrome.exe	75
PID 3336 wrote to memory of 2904	3336	chrome.exe	75
PID 3336 wrote to memory of 2904	3336	chrome.exe	75
PID 3336 wrote to memory of 2904	3336	chrome.exe	75
PID 3336 wrote to memory of 2904	3336	chrome.exe	75
PID 3336 wrote to memory of 2904	3336	chrome.exe	75
PID 3336 wrote to memory of 2904	3336	chrome.exe	75
PID 3336 wrote to memory of 2904	3336	chrome.exe	75
PID 3336 wrote to memory of 2904	3336	chrome.exe	75
PID 3336 wrote to memory of 2904	3336	chrome.exe	75
PID 3336 wrote to memory of 2904	3336	chrome.exe	75
PID 3336 wrote to memory of 2904	3336	chrome.exe	75
PID 3336 wrote to memory of 2904	3336	chrome.exe	75
PID 3336 wrote to memory of 2904	3336	chrome.exe	75
PID 3336 wrote to memory of 2904	3336	chrome.exe	75
PID 3336 wrote to memory of 2904	3336	chrome.exe	75
PID 3336 wrote to memory of 2904	3336	chrome.exe	75
PID 3336 wrote to memory of 2904	3336	chrome.exe	75
PID 3336 wrote to memory of 2904	3336	chrome.exe	75
PID 3336 wrote to memory of 2904	3336	chrome.exe	75
PID 3336 wrote to memory of 2904	3336	chrome.exe	75
PID 3336 wrote to memory of 2904	3336	chrome.exe	75
PID 3336 wrote to memory of 2904	3336	chrome.exe	75
PID 3336 wrote to memory of 2904	3336	chrome.exe	75
PID 3336 wrote to memory of 2904	3336	chrome.exe	75
PID 3336 wrote to memory of 2904	3336	chrome.exe	75
PID 3336 wrote to memory of 2904	3336	chrome.exe	75
PID 3336 wrote to memory of 2904	3336	chrome.exe	75
PID 3336 wrote to memory of 2904	3336	chrome.exe	75
PID 3336 wrote to memory of 2904	3336	chrome.exe	75
PID 3336 wrote to memory of 2904	3336	chrome.exe	75
PID 3336 wrote to memory of 2904	3336	chrome.exe	75
PID 3336 wrote to memory of 3820	3336	chrome.exe	76
PID 3336 wrote to memory of 3820	3336	chrome.exe	76
PID 3336 wrote to memory of 1804	3336	chrome.exe	77
PID 3336 wrote to memory of 1804	3336	chrome.exe	77
PID 3336 wrote to memory of 1804	3336	chrome.exe	77
PID 3336 wrote to memory of 1804	3336	chrome.exe	77
PID 3336 wrote to memory of 1804	3336	chrome.exe	77
PID 3336 wrote to memory of 1804	3336	chrome.exe	77
PID 3336 wrote to memory of 1804	3336	chrome.exe	77
PID 3336 wrote to memory of 1804	3336	chrome.exe	77
PID 3336 wrote to memory of 1804	3336	chrome.exe	77
PID 3336 wrote to memory of 1804	3336	chrome.exe	77
PID 3336 wrote to memory of 1804	3336	chrome.exe	77
PID 3336 wrote to memory of 1804	3336	chrome.exe	77
PID 3336 wrote to memory of 1804	3336	chrome.exe	77
PID 3336 wrote to memory of 1804	3336	chrome.exe	77
PID 3336 wrote to memory of 1804	3336	chrome.exe	77
PID 3336 wrote to memory of 1804	3336	chrome.exe	77
PID 3336 wrote to memory of 1804	3336	chrome.exe	77
PID 3336 wrote to memory of 1804	3336	chrome.exe	77
PID 3336 wrote to memory of 1804	3336	chrome.exe	77
PID 3336 wrote to memory of 1804	3336	chrome.exe	77
PID 3336 wrote to memory of 1804	3336	chrome.exe	77
PID 3336 wrote to memory of 1804	3336	chrome.exe	77

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/pankoza2-pl/malwaredatabase-old
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff9f08d9758,0x7ff9f08d9768,0x7ff9f08d9778
  2⤵
  PID:2892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=2140,i,4806655862899882606,14153411994718382620,131072 /prefetch:2
  2⤵
  PID:2904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1716 --field-trial-handle=2140,i,4806655862899882606,14153411994718382620,131072 /prefetch:8
  2⤵
  PID:3820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1840 --field-trial-handle=2140,i,4806655862899882606,14153411994718382620,131072 /prefetch:8
  2⤵
  PID:1804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2924 --field-trial-handle=2140,i,4806655862899882606,14153411994718382620,131072 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2932 --field-trial-handle=2140,i,4806655862899882606,14153411994718382620,131072 /prefetch:1
  2⤵
  PID:508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 --field-trial-handle=2140,i,4806655862899882606,14153411994718382620,131072 /prefetch:8
  2⤵
  PID:1432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4804 --field-trial-handle=2140,i,4806655862899882606,14153411994718382620,131072 /prefetch:8
  2⤵
  PID:2928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 --field-trial-handle=2140,i,4806655862899882606,14153411994718382620,131072 /prefetch:8
  2⤵
  PID:3516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5420 --field-trial-handle=2140,i,4806655862899882606,14153411994718382620,131072 /prefetch:8
  2⤵
  PID:876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5432 --field-trial-handle=2140,i,4806655862899882606,14153411994718382620,131072 /prefetch:8
  2⤵
  PID:2280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 --field-trial-handle=2140,i,4806655862899882606,14153411994718382620,131072 /prefetch:8
  2⤵
  PID:800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5788 --field-trial-handle=2140,i,4806655862899882606,14153411994718382620,131072 /prefetch:8
  2⤵
  PID:2008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5812 --field-trial-handle=2140,i,4806655862899882606,14153411994718382620,131072 /prefetch:8
  2⤵
  PID:2588
- C:\Users\Admin\Downloads\A employee has shared Covid-19 report with You.doc.exe
  "C:\Users\Admin\Downloads\A employee has shared Covid-19 report with You.doc.exe"
  2⤵
  - Executes dropped EXE
  PID:3532
- - C:\Windows\System32\cmd.exe
    "C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\ECF0.tmp\ECF1.tmp\ECF2.bat "C:\Users\Admin\Downloads\A employee has shared Covid-19 report with You.doc.exe""
    3⤵
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Modifies registry class
    PID:4736
  - - C:\Windows\system32\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Covid19.txt
      4⤵
      Opens file in notepad (likely ransom note)
      PID:3928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4516 --field-trial-handle=2140,i,4806655862899882606,14153411994718382620,131072 /prefetch:8
  2⤵
  PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1556 --field-trial-handle=2140,i,4806655862899882606,14153411994718382620,131072 /prefetch:8
  2⤵
  PID:3996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4840 --field-trial-handle=2140,i,4806655862899882606,14153411994718382620,131072 /prefetch:8
  2⤵
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4528 --field-trial-handle=2140,i,4806655862899882606,14153411994718382620,131072 /prefetch:8
  2⤵
  PID:1432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4916 --field-trial-handle=2140,i,4806655862899882606,14153411994718382620,131072 /prefetch:8
  2⤵
  PID:2888
- C:\Users\Admin\Downloads\GuideLauncher.exe
  "C:\Users\Admin\Downloads\GuideLauncher.exe"
  2⤵
  - Executes dropped EXE
  PID:4256
- - C:\Windows\System32\cmd.exe
    "C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\A92C.tmp\A92D.tmp\A92E.bat C:\Users\Admin\Downloads\GuideLauncher.exe"
    3⤵
    PID:2192
  - - C:\Windows\system32\timeout.exe
      timeout 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:4284
  - - C:\Users\Admin\AppData\Local\Temp\A92C.tmp\rundll86.exe
      rundll86.exe
      4⤵
      Executes dropped EXE
      PID:700
  - - C:\Windows\system32\timeout.exe
      timeout 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:2476
  - - C:\Users\Admin\AppData\Local\Temp\A92C.tmp\rundll86.exe
      rundll86.exe
      4⤵
      Executes dropped EXE
      PID:1560
  - - C:\Windows\system32\timeout.exe
      timeout 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:1888
  - - C:\Users\Admin\AppData\Local\Temp\A92C.tmp\rundll86.exe
      rundll86.exe
      4⤵
      Executes dropped EXE
      PID:4612
  - - C:\Windows\system32\timeout.exe
      timeout 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:1348
  - - C:\Users\Admin\AppData\Local\Temp\A92C.tmp\rundll86.exe
      rundll86.exe
      4⤵
      Executes dropped EXE
      PID:2880
  - - C:\Windows\system32\timeout.exe
      timeout 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:824
  - - C:\Users\Admin\AppData\Local\Temp\A92C.tmp\rundll86.exe
      rundll86.exe
      4⤵
      Executes dropped EXE
      PID:4276
  - - C:\Windows\system32\timeout.exe
      timeout 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:3988
  - - C:\Users\Admin\AppData\Local\Temp\A92C.tmp\rundll86.exe
      rundll86.exe
      4⤵
      Executes dropped EXE
      PID:3976
  - - C:\Windows\system32\timeout.exe
      timeout 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:4236
  - - C:\Users\Admin\AppData\Local\Temp\A92C.tmp\rundll86.exe
      rundll86.exe
      4⤵
      Executes dropped EXE
      PID:4280
  - - C:\Windows\system32\timeout.exe
      timeout 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:4344
  - - C:\Users\Admin\AppData\Local\Temp\A92C.tmp\rundll86.exe
      rundll86.exe
      4⤵
      Executes dropped EXE
      PID:4272
  - - C:\Windows\system32\timeout.exe
      timeout 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:596
  - - C:\Users\Admin\AppData\Local\Temp\A92C.tmp\rundll86.exe
      rundll86.exe
      4⤵
      Executes dropped EXE
      PID:4840
  - - C:\Windows\system32\timeout.exe
      timeout 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:4212
  - - C:\Users\Admin\AppData\Local\Temp\A92C.tmp\rundll86.exe
      rundll86.exe
      4⤵
      Executes dropped EXE
      PID:772
  - - C:\Windows\system32\timeout.exe
      timeout 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:5044
  - - C:\Users\Admin\AppData\Local\Temp\A92C.tmp\rundll86.exe
      rundll86.exe
      4⤵
      Executes dropped EXE
      PID:4724
  - - C:\Windows\system32\timeout.exe
      timeout 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:1432
  - - C:\Users\Admin\AppData\Local\Temp\A92C.tmp\rundll86.exe
      rundll86.exe
      4⤵
      Executes dropped EXE
      PID:4072
  - - C:\Windows\system32\timeout.exe
      timeout 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:620
  - - C:\Users\Admin\AppData\Local\Temp\A92C.tmp\rundll86.exe
      rundll86.exe
      4⤵
      Executes dropped EXE
      PID:4744
  - - C:\Windows\system32\timeout.exe
      timeout 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:2860
  - - C:\Users\Admin\AppData\Local\Temp\A92C.tmp\rundll86.exe
      rundll86.exe
      4⤵
      Executes dropped EXE
      PID:804
  - - C:\Windows\system32\timeout.exe
      timeout 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:1952
  - - C:\Users\Admin\AppData\Local\Temp\A92C.tmp\rundll86.exe
      rundll86.exe
      4⤵
      Executes dropped EXE
      PID:1524
  - - C:\Windows\system32\timeout.exe
      timeout 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:4328
  - - C:\Users\Admin\AppData\Local\Temp\A92C.tmp\rundll86.exe
      rundll86.exe
      4⤵
      Executes dropped EXE
      PID:5036
  - - C:\Windows\system32\timeout.exe
      timeout 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:2928
  - - C:\Users\Admin\AppData\Local\Temp\A92C.tmp\rundll86.exe
      rundll86.exe
      4⤵
      Executes dropped EXE
      PID:3824
  - - C:\Windows\system32\timeout.exe
      timeout 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:2424
  - - C:\Users\Admin\AppData\Local\Temp\A92C.tmp\rundll86.exe
      rundll86.exe
      4⤵
      Executes dropped EXE
      PID:2340
  - - C:\Windows\system32\timeout.exe
      timeout 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:4576
  - - C:\Users\Admin\AppData\Local\Temp\A92C.tmp\rundll86.exe
      rundll86.exe
      4⤵
      Executes dropped EXE
      PID:876
  - - C:\Windows\system32\timeout.exe
      timeout 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:3812
  - - C:\Users\Admin\AppData\Local\Temp\A92C.tmp\rundll86.exe
      rundll86.exe
      4⤵
      Executes dropped EXE
      PID:240
  - - C:\Windows\system32\timeout.exe
      timeout 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:3668
  - - C:\Users\Admin\AppData\Local\Temp\A92C.tmp\rundll86.exe
      rundll86.exe
      4⤵
      Executes dropped EXE
      PID:4300
  - - C:\Windows\system32\timeout.exe
      timeout 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:880
  - - C:\Users\Admin\AppData\Local\Temp\A92C.tmp\rundll86.exe
      rundll86.exe
      4⤵
      Executes dropped EXE
      PID:4068
  - - C:\Windows\system32\timeout.exe
      timeout 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:4876
  - - C:\Users\Admin\AppData\Local\Temp\A92C.tmp\rundll86.exe
      rundll86.exe
      4⤵
      Executes dropped EXE
      PID:5104
  - - C:\Windows\system32\timeout.exe
      timeout 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:1420
  - - C:\Users\Admin\AppData\Local\Temp\A92C.tmp\rundll86.exe
      rundll86.exe
      4⤵
      Executes dropped EXE
      PID:1328
  - - C:\Windows\system32\timeout.exe
      timeout 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:2476
  - - C:\Users\Admin\AppData\Local\Temp\A92C.tmp\rundll86.exe
      rundll86.exe
      4⤵
      Executes dropped EXE
      PID:1792
  - - C:\Windows\system32\timeout.exe
      timeout 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:592
  - - C:\Users\Admin\AppData\Local\Temp\A92C.tmp\rundll86.exe
      rundll86.exe
      4⤵
      Executes dropped EXE
      PID:364
  - - C:\Windows\system32\timeout.exe
      timeout 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:1900
  - - C:\Users\Admin\AppData\Local\Temp\A92C.tmp\rundll86.exe
      rundll86.exe
      4⤵
      Executes dropped EXE
      PID:1380
  - - C:\Windows\system32\timeout.exe
      timeout 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:1252
  - - C:\Users\Admin\AppData\Local\Temp\A92C.tmp\rundll86.exe
      rundll86.exe
      4⤵
      Executes dropped EXE
      PID:4712
  - - C:\Windows\system32\timeout.exe
      timeout 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:2364
  - - C:\Users\Admin\AppData\Local\Temp\A92C.tmp\rundll86.exe
      rundll86.exe
      4⤵
      Executes dropped EXE
      PID:1888
  - - C:\Windows\system32\timeout.exe
      timeout 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:2276
  - - C:\Users\Admin\AppData\Local\Temp\A92C.tmp\rundll86.exe
      rundll86.exe
      4⤵
      Executes dropped EXE
      PID:3388
  - - C:\Windows\system32\timeout.exe
      timeout 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:3532
  - - C:\Users\Admin\AppData\Local\Temp\A92C.tmp\rundll86.exe
      rundll86.exe
      4⤵
      Executes dropped EXE
      PID:1800
  - - C:\Windows\system32\timeout.exe
      timeout 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:60
  - - C:\Users\Admin\AppData\Local\Temp\A92C.tmp\rundll86.exe
      rundll86.exe
      4⤵
      Executes dropped EXE
      PID:3332
  - - C:\Windows\system32\timeout.exe
      timeout 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:4400
  - - C:\Users\Admin\AppData\Local\Temp\A92C.tmp\rundll86.exe
      rundll86.exe
      4⤵
      Executes dropped EXE
      PID:752
  - - C:\Windows\system32\timeout.exe
      timeout 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:1768
  - - C:\Users\Admin\AppData\Local\Temp\A92C.tmp\rundll86.exe
      rundll86.exe
      4⤵
      Executes dropped EXE
      PID:1048
  - - C:\Windows\system32\timeout.exe
      timeout 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:2576
  - - C:\Users\Admin\AppData\Local\Temp\A92C.tmp\rundll86.exe
      rundll86.exe
      4⤵
      Executes dropped EXE
      PID:4340
  - - C:\Windows\system32\timeout.exe
      timeout 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:4296
  - - C:\Users\Admin\AppData\Local\Temp\A92C.tmp\rundll86.exe
      rundll86.exe
      4⤵
      Executes dropped EXE
      PID:4484
  - - C:\Windows\system32\timeout.exe
      timeout 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:3932
  - - C:\Users\Admin\AppData\Local\Temp\A92C.tmp\rundll86.exe
      rundll86.exe
      4⤵
      Executes dropped EXE
      PID:820
  - - C:\Windows\system32\timeout.exe
      timeout 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:4388
  - - C:\Users\Admin\AppData\Local\Temp\A92C.tmp\rundll86.exe
      rundll86.exe
      4⤵
      Executes dropped EXE
      PID:1884
  - - C:\Windows\system32\timeout.exe
      timeout 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:4252
  - - C:\Users\Admin\AppData\Local\Temp\A92C.tmp\rundll86.exe
      rundll86.exe
      4⤵
      Executes dropped EXE
      PID:4104
  - - C:\Windows\system32\timeout.exe
      timeout 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:2808
  - - C:\Users\Admin\AppData\Local\Temp\A92C.tmp\rundll86.exe
      rundll86.exe
      4⤵
      Executes dropped EXE
      PID:3252
  - - C:\Windows\system32\timeout.exe
      timeout 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:4424
  - - C:\Users\Admin\AppData\Local\Temp\A92C.tmp\rundll86.exe
      rundll86.exe
      4⤵
      Executes dropped EXE
      PID:708
  - - C:\Windows\system32\timeout.exe
      timeout 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:4268
  - - C:\Users\Admin\AppData\Local\Temp\A92C.tmp\rundll86.exe
      rundll86.exe
      4⤵
      Executes dropped EXE
      PID:3168
  - - C:\Windows\system32\timeout.exe
      timeout 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:2496
  - - C:\Users\Admin\AppData\Local\Temp\A92C.tmp\rundll86.exe
      rundll86.exe
      4⤵
      Executes dropped EXE
      PID:1180
  - - C:\Windows\system32\timeout.exe
      timeout 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:1564
  - - C:\Users\Admin\AppData\Local\Temp\A92C.tmp\rundll86.exe
      rundll86.exe
      4⤵
      Executes dropped EXE
      PID:2868
  - - C:\Windows\system32\timeout.exe
      timeout 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:4200
  - - C:\Users\Admin\AppData\Local\Temp\A92C.tmp\rundll86.exe
      rundll86.exe
      4⤵
      Executes dropped EXE
      PID:2680
  - - C:\Windows\system32\timeout.exe
      timeout 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2524 --field-trial-handle=2140,i,4806655862899882606,14153411994718382620,131072 /prefetch:8
  2⤵
  PID:3368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4820 --field-trial-handle=2140,i,4806655862899882606,14153411994718382620,131072 /prefetch:8
  2⤵
  PID:3924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 --field-trial-handle=2140,i,4806655862899882606,14153411994718382620,131072 /prefetch:8
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5808 --field-trial-handle=2140,i,4806655862899882606,14153411994718382620,131072 /prefetch:8
  2⤵
  PID:624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4560 --field-trial-handle=2140,i,4806655862899882606,14153411994718382620,131072 /prefetch:8
  2⤵
  PID:1968
- C:\Users\Admin\Downloads\MBRDemon.exe
  "C:\Users\Admin\Downloads\MBRDemon.exe"
  2⤵
  - Executes dropped EXE
  - Writes to the Master Boot Record (MBR)
  PID:4760

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4044

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2336

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
c86640aaa33658aa24db5a9e946108b5

SHA1
42a8819c961a6db7e165a84bab0781ef72e71d81

SHA256
bad1ea3662cf7bbc1c20e838088b1b20eb1cdc6060eff54f7513c67a6bfd0717

SHA512
5fea5255ffee9a38d99ff112b0ccadccc5c08458ba90d91655a92bbfdb83d921188bd1952893c934467d211b10e6b9f89ae8b4a5fe1a3db1124641f86897fc83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
671df2f0b5cda8b998d839fb56b65048

SHA1
e49357152ee4c5e6135b622e4d477bece5787ec7

SHA256
fafcacb0068d2e91107a6e4861511f99d32d10de575fec6b7aaa04a50b505e74

SHA512
014d99a99c9c1553e72b7341394199e70e32687c2d016b6f211d3b094f30b1cebe40aa499da2decadb361ccc9facd6c800421960cc6baadf8e8d204a2e274d07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
c58ca0895b6816fb89765c696fa8b510

SHA1
625206b0d4b48865c6a062ebed37448167dad03b

SHA256
71e2feac0007735a16305cb49a08323800907600d8f6dd670c7d7294eaa3e480

SHA512
fba1a13bf69f79cd5681d81fa8598e59b8674475db29962743e8606b7070762f099b3a3f068220804f59f085cb22bf7d03aac07034831cbc73fb0c1977d41d23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
3396d59697002ce4e434a3546bc75d0e

SHA1
1e2f5a27a449c8d8e1357cf9aab66229f18dc973

SHA256
ebb1c97ae693f6091dbca8496fdfa87a938f1bfc4d0c20301985745ac5f288d2

SHA512
9a35d49b57d4714ed33634bbf8498a562c9b2bca5f47ba826c97c2cd37b6c703cda892494acb2fe406eef6b0fb9573aed8209e3255538ee1b4b86e49d52a6b98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
ebb2f25e68b8b22f2cec6fdd6bc05951

SHA1
0e8f4d4c059360290248f935103c0d7c3382a240

SHA256
a5959c95e14c9df42071918a0ca83ec1b1d361aca317efc43b188f002c0e83b8

SHA512
b3c4fb3b5fc0c5b1ac988ee07f5d7a44c7e83bee31a0ff2a8c5614f993b08bb7721483738018b16702620493343ff247dfb0c1f4a2393cc09eb7afd889966828

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
53KB

MD5
d2cf86df1be354f07ea155d1ad2de500

SHA1
d023083d81d0fb76ac3060799ff44bd4851d833e

SHA256
2736ba2fcd33afa7a3304282747997abc2c80a844d5a773bcf7f6a6832b4d6d5

SHA512
bf46044623119e8d789738dff1ba554c4228b0c9dd2247b249f25505da7c43d39beb34d2331ac67b73e7414b04489456cbc69a4416e3a51c1aaccf5dee5d61d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
48KB

MD5
47b6e3b9a667b9dbc766575634849645

SHA1
54c7e7189111bf33c933817d0a97cefe61fe9a6d

SHA256
302ed4f6c8ac4312d71205603c4c28dd2976fafe4c05533c0a08ab3bdb531aa3

SHA512
a12b74ff45f6f9e6abf459863c299e1fafe61dcf2bea8a7331ed9547de14ed29e2deba69b104c6960db93b458f83ba6a4ba454c5514105e7ffb96da96e26e612

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
20KB

MD5
357b4145c3264fe69f8c412e823adeed

SHA1
5fcaf1043bb72dbc719ce56a173b3da59db7ebc9

SHA256
4bf695f9d9be4d4e815594d2b7443042ec14e4dcbaa6d35031cc0420b8009410

SHA512
974c8b0220e6490324f5eda5590d4a895d7d67b87414ca1124dd01ac92e3bec033623bec67b4441fd6b69bb9034d4ee8210ee0f92fdf0a8efb6546e62ef8f7fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
44KB

MD5
387ffb4940d5cea54966cda07a2b82a5

SHA1
7d1a337be8558a8eb66ac5a9cce8c9d88ef6569d

SHA256
772b7c4a3c0100538ebc796f22138a55853ea0bfb4c97edec54fe777c6990060

SHA512
b5d0fba043bdb3b3ad63d1c6f9d18c00bbf91351df5dc62595bd87602d120032d8ecee65b2e91b6b6c1624bfa0a46d8c5e8ee5c8eedc3f445748b433457fb360

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
21KB

MD5
7bd7558c173e95c0c5b265a10a26e801

SHA1
d2a3b46c9a43282a05af4704fefea1ae21dc3f8f

SHA256
48b9e792b3ddbf8ca6fce8f019ed63eca7c11f8bb5f91eb03a7bb9e79298d789

SHA512
721bf98cab1ff2206046c79de74bd7da001353213550ba35dd3bb683855fdcd0bb3808b4e7ec0e198743bf25ae7ab1bf3aa555b3003bccfac3d1ea6c7d240c27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
20KB

MD5
0f3de113dc536643a187f641efae47f4

SHA1
729e48891d13fb7581697f5fee8175f60519615e

SHA256
9bef33945e76bc0012cdbd9941eab34f9472aca8e0ddbbaea52658423dc579f8

SHA512
8332bf7bd97ec1ebfc8e7fcf75132ca3f6dfd820863f2559ab22ac867aa882921f2b208ab76a6deb2e6fa2907bb0244851023af6c9960a77d3ad4101b314797f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
19KB

MD5
1ec8fb7f6fd9050ab7c803cab2b0b48f

SHA1
6b831a02f8daed957b82c310cf867aa3e77b9816

SHA256
4345ede1557a49c9322e84fcfe2a20821e47003c2b3c214de6ba6d5d42bac73f

SHA512
d4ef769640f071121d07f8942533c7cfbaf4e4a29476d8977fb31d462e986246278fd599b2cb4344713f5ade2b89faed5c728093e31848c9e428601f0ea2f871

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
20KB

MD5
32940154aacfd6a789ba920303a6f9d2

SHA1
fc3d11ee786fce81af7a67e7665281df198413cb

SHA256
3ba01080382954095923d8a2c5fa4e9d743d9d9b57a2b39ae0906072892b0a0e

SHA512
5abe00a74b577eeb3daa3537fd6a68e230220fd90613036be343d5220589e0fc861475b450c58d37abcf4061a0ec264f3a7ec1115c8926bc52f88a6167df9d8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
58KB

MD5
4b9d6adcec4cd72d94fa6875394d8167

SHA1
ea5ed417b6b5c61bf4181b28c0e2298039447adc

SHA256
1478f3842dec33cdf82627e9d06d468cbcd33d9af6c9309715012387a35cc606

SHA512
2be25e8df010b409ba6ec223530169b6502e95057da674e1456b870e5b42b63ad402def45c96bb982c9acc7202547cb3602f68920ee096db93e9f535efd53a03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
18KB

MD5
277fdee241a520433873c520e31bbc7c

SHA1
28ddf5b9f1353a3acc38a50d8461a791fdbabc4a

SHA256
743027653f691df64995ab146b00c862b25f3c0d97e90b25e0ba0060ead8df9a

SHA512
f2770681a541ee93d159c663a03f2421b5280f736256f44fb834fd165db9d8e0e1bee5eb484dbfedf4e324862322f0c462af0ab5b4389e366f3d716e2b1273d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
59KB

MD5
4bc7fdb1eed64d29f27a427feea007b5

SHA1
62b5f0e1731484517796e3d512c5529d0af2666b

SHA256
05282cd78e71a5d9d14cc9676e20900a1d802016b721a48febec7b64e63775f6

SHA512
9900aecac98f2ca3d642a153dd5a53131b23ceec71dd9d3c59e83db24796a0db854f49629449a5c9fe4b7ca3afcdd294086f6b1ba724955551b622bc50e3ba1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
130KB

MD5
b61b5eac4fb168036c99caf0190ec8d3

SHA1
8440a8168362eb742ea3f700bb2b79f7b0b17719

SHA256
3c495df6db16ed46f0f8a9aff100fa9b26e1434016c41b319f0c1009b7ab2e1f

SHA512
cbccd3aa5a1bdfddba5cc38956b5523a422a1151cdd0680336ab94f07aabecd1695062a0953c32c8209949ea6a4859c625c6deffe5108e8d5e48290017e51874

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
22KB

MD5
9537ee99e702f4b498f7db1752c2bef1

SHA1
c8b74e2a05e98cb1dbd8aa2dad8d8ac9e65b85c9

SHA256
9b776ee3779dcae09f41fa4101b440d3ca3c9ecf8c439fb0d059f8abb7e006d8

SHA512
a29dbb72aed004652c5162278fbb320a4d62d399878a3bebc2b9d456bc2799a599ea2e956362cbde56f4365b93b275315d67dda3c43d06265c030c9208e068ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
46KB

MD5
438ad5289e629eccde7bcd592cba5666

SHA1
bb5ecde1e147f1f5a097e529f23693c096cb0244

SHA256
18a96b8b5ab325a9361ed98aa189ca20c9babf3df1ae310f53d5d388b619cf8e

SHA512
45eb54b4d094e72f7a0c556fcfda1cbcaecff42fdbdd246c59f327f39eff30ea2f28120a9b856c5e4cadf18d13b5f60df837b218dee0346ddfec4cc8272063cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
88KB

MD5
c9905f1f3e2f9d29f23922673c51f0fe

SHA1
d95c778d81ddd3333c6400f602f9c779007bf4e8

SHA256
74401b272988861de795b7bba626b38fd2f7d29e21f4b9786733d616a637923c

SHA512
e0b007e0aeabd475d31ab532f4a3757c170eb950151ad8982caf311b23b49db50d35ada484a3af63b42f9cfd40a56eec52d59963bd09c6e5446c7ce1e41d3bc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\00237b8e0e6ffdc1_0

Filesize
264B

MD5
e0eabe1d60cb8f679bd5afa124140a52

SHA1
82bdb565a2749555872c449562fe70ea793e94f0

SHA256
7eff551a22760e6381c0d36f52f6d8a1f277028e2a42bd4a4291b7e25539d310

SHA512
9c50089f0ba00ed5764580122b3398ff159a8485b6c1c1b02cb5e1096b1b642879ea7bed733bef9b6fc188822ca5656368a9d213931ee559af12ea457210eceb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0489ba4a7f00a2a1_0

Filesize
274B

MD5
f38ec70c6a19e622ef46e6d3bffdb7fa

SHA1
148ced9d3c5488ef912c9e5b938b10b3db3659b2

SHA256
914eec0a299f1fcd77dcee43b41cc76a6cf83b14d420664eccca565caff33c55

SHA512
521455f5aac63cedf328b8482d04f0d1ee0b428e2baa17374132c6f8f9a482f4b648d626ca2dabbd81a86ebd0dd26b1647d9cd2029be6a60126e77747941d053

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\05f98f3e8d436ff0_0

Filesize
221B

MD5
57f86ecfe5fcbee8680a6966a537c78b

SHA1
e0dea2ff75a60504372816ba0be02411e8e52840

SHA256
fe62e5d7ae082376afa2abcac0ac478ef574a197bd09c9104ef7f430bf96fe1a

SHA512
b604de5900b626614c300fc16c13f4da71d9cc78321145d8b63b8ae8c41042e42e3ad2e2fa47f636c37ad10b2dda41418e68404fa7b04408bcd916cccc7e5720

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\07a0c4a3e1abceea_0

Filesize
254B

MD5
14d08ea9a07cbc1809cad80658771c73

SHA1
ba1c0151bbdf38005ef7dd223ab0274321b2d232

SHA256
5315a72a04ce54b6c974a76e0744cf0e47273b182b8ea4c6106b7be27c782bc7

SHA512
fd2319484ff49b9ca0ee8486a572e081d5cfc9098076dc9bb7721dc42346323884c41ae31c064ccbfc3247652a776777ca7b761c437e25439c9b71922128aad8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\09f4462215482980_0

Filesize
2KB

MD5
4e6d7608ee27b198c72e0d9db6b19c85

SHA1
7ba11a35f30b703377e856de51150f8018df4425

SHA256
1f3996e604fb5bb21cb9711290524f2ae3ac9ceb0db79ae4582c6bf66750dbb4

SHA512
483ba1f367e78e74616193635e2ed8b196f2b32ac8bcf4394a43580a213df206c7831921024ee14a7e057fddae4246b7a1e1b1a48971348c02d6f1b422199206

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0a926c1a801a9ac5_0

Filesize
312B

MD5
af293c3f0bba7f17e1e0785bdfb4d29d

SHA1
9792c6c6a917af0c5ad85d6b4a9be4180fd45699

SHA256
def37962b5b9e2745b68ce17955efcacccd1397401d88517efc798b1fe7b4370

SHA512
3caa5632cf1d6c303731f73ab4ccf43804c7c4fce401c169a10dfd4cdd114a4462f207c7c20ba557f3d4df3168e41dea251d59d8fea8f7fdb80f48bd663ad48e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0c8543dedcb7ccd1_0

Filesize
319B

MD5
df3832493951bd817e4dea12b8cecce5

SHA1
2c22cfc3289533919cf47dde0c47d0b25c9086e5

SHA256
8858f42df01876cc55ab1cd0070b568bb4976ed9538ee54741167e77e8383295

SHA512
e782faef401b2dbfb427d3040f99596f60ebf726acd4137bebd413c533bf649d81456c171837a4846d0a433b32a9cf44a3e3e651e9370f587cee9c58458e0892

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0cac38a50a5fa198_0

Filesize
312B

MD5
c8ce5ff31a5b06fe998e0d2f13ad50e4

SHA1
7e871915434c01174fb61a52c52b54e9e4a1b1d7

SHA256
167bf8de1bfc405a4f8cc8d2e918986297c42b1bc90c7d396222281d22ae438a

SHA512
029409df8721c870564f6d2826fb2b45013942ecbaa3fd13efbc985a2292896f1292deee622f429204aced9175d2523b32c31b9badd298fd6dd86ce98cfcbc0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\14475254aafd8ec0_0

Filesize
3KB

MD5
24b0b05cee0afa93e3befb34a1420801

SHA1
7b305fe9948b5d50e0485de4b4fb2fe51f9790a0

SHA256
e8048707c7e5e8ae4a105bf823d3065681bb255fee346d3bc49ff842011cc7c4

SHA512
d891f18d3bf535bd8f42b4ae19ffe9ca32651d68294264b381a54a447aee12c3daff7207f86fd56622dc4f240afac86b21a70773ce2946dea5c825ad3d1270d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1677fa2fba85b762_0

Filesize
275B

MD5
f81be888338cc1dfbfb6a639507694be

SHA1
f73985c967187a527fa6068198fc5bce5efe573b

SHA256
ca59fbc9d59e56fa56055b77bd1b71d5db6d0ef7c69f61f31af8a9e445b6731f

SHA512
c2a46a04c6625bbfbaaa15dbb4c46017b2896be4ebcd81d086af9c04360a73a658d0cc764343b025f6e9eade5f18d0ffdb76139e380cf03f32eed9e2fa777c85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\180e414f012d8ae3_0

Filesize
309B

MD5
e00045afdf99208955691f96586147a7

SHA1
a58e3a01ea84593a90436dcf77db07fda56b9ea5

SHA256
2276b70b77258fc2d2d86e2ea194d5c34914b563d83ec1b1cd927eb50496ca3f

SHA512
4f54f02fe5997d34d3ded959bb3ea8878448bcaa9f564495e7321f54e5c34d74d5ff5e8ff5de5985e014e890cac8c0cebf8f386b97c9c19e2be764dc738da918

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1c9e08ee2bb9b3c0_0

Filesize
312B

MD5
4b84250503752441b64ccf0afdc1f3e3

SHA1
cb59898455527b721eff22b50b7031aa52480459

SHA256
d6dcb01316f645a72c884b1952bcf296b96521fc8ecb3c4bc61ad41c0f839781

SHA512
f54d33bd712d53835f99cd36a7ed26d4a5b4367e491eb9f5fa170da5ac29cdd7fd1b114ff97c6b2e59d06116e389b1d3b24ca96e69052407979ba1337cf27d75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1ddefb550a28cc70_0

Filesize
253B

MD5
a9e0e5cd442fa07c4d4d26f302a26ecd

SHA1
39aca6ecf2e573ea56c4ea111925ea6523cef555

SHA256
3c55bae5313a1e911316b4bf432bae6fcc558d04e96004661a57b1f17e3ff36c

SHA512
968c045ed956cea47d198f37c2cbace160e159f71c70727edf8895e0e7266b454231b6d84c9cc04263a2b6d19173e65ab3038cda18ad426e4547077be8ccd34d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1fa28549f73acd32_0

Filesize
270B

MD5
a6db2f47b2a954c4d3fa3a84cc1ca61d

SHA1
d9a6797512741d3a4df22743eb6351568ddc0076

SHA256
f6545451ebae08d0de2fdea15a0ce16f38e5ece53000e2e9e692fc73e75b9fe2

SHA512
38955fdce769519a3bd2e0097f52770563afc04e07dcc3d24bbaf9ea69c419cc3a86412dc887928d6f59827774d6a94080ede600447098b1aa2b1c44a163fb93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2260d6a973753084_0

Filesize
4KB

MD5
52ddd6ddae1b2a7ed45ff5f23b32b9e8

SHA1
422bfbe335a3082eccc86725cf41a4209ceb3173

SHA256
1d8c8a96e9276951396ef7f8d817f21c9bd9c53c82166f92b3b7a632a040b319

SHA512
95303e9f59cf03cd08762231b5cc64516c94a61d612574db24ad7f2b743c6f838291ca253de4fb8a2c1a988727aa1a859efe0916e67486b265f96549209bf27c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\24caa2c005cb4fa2_0

Filesize
312B

MD5
319366bab4e347ccd6c8404cd0629c00

SHA1
89b8a7bd8abcdf7372ffc1602a37fe35c3a0d073

SHA256
5d3e61fc01ba4005c784139b4f8217221a04d3216dfc045aed7d25708ad9fea2

SHA512
2c5042c2676ccd70fa3e876fd273de50ca340c39556864b5ef81f65d0fe49fe07de4c906ed74613721b95f77596e18bbe292838347732bfdf8174c59627ece2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2504af4177af1958_0

Filesize
1KB

MD5
85ffd4a9864b47b105af7f17c6075418

SHA1
8372e0b17cf009e7b5614fa8db32ebbefc093c30

SHA256
1ae4bb4bc6a34cedf23e8b468586ed8ed16d91d24e1d020f9db1ee33478282a2

SHA512
bbdf139d20f4b3a557fd0e8eb01c2698a17ee78c574b40bf6112df2cb03ce413902eff7e4501427ccae481ab9744fafcc0a67f9b8931c19d742f6de91bc2a983

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\26dbab8f05a12756_0

Filesize
275B

MD5
fed0813e50844aac75c8747d6a7e536f

SHA1
4937cf8e34c36b30e46721a19ba35efcf8593a0f

SHA256
199dae739d31d5c5fa8f63b05cb224165e8a5cb8d7be18f06a7b0b9f9dc55af9

SHA512
c8ae78be804428e0ac3afc1d0c032de29ef407134abf7cdc619ebdc0c57cd5eb8df7ff044d49b5ab2228d2d457763340607ededea9c83030cbc63a395275db2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2b76d7967c518e37_0

Filesize
1KB

MD5
c9371c63491ede04e9e989499c41c5f9

SHA1
5679261dbc6825f2f0def6cca70fe95c32bf0178

SHA256
bc808a2ced3295e71b2267746b8aa4f41e0c883e820b16e5abfaebd28d8ec61c

SHA512
951038662e3b1304109555489e9c8d7dd3734d3ef7da984e749bbc9d88287c0d43cdbcc1556e043b4742d64e93d117f449bc6afc75956bd48d6b33b6ca30ef65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3407e3dcd0870f4a_0

Filesize
312B

MD5
b6d4c63554b26cba3de2b6b9ec44e46c

SHA1
09192ab39be0146802c1a63d39ee1a7fab3cb077

SHA256
881ad69f98a23b428d40f81bf13d3632d7d5207575d454a01c3f3842dd398635

SHA512
42c5ec99c365c7db9e02f58dda77514b80d8681483012ee7483a5e61feecbdf264c9cc983f24ff23ea6e7479a957356705660b1b24cc9e96c6f40b1c72a56672

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
192d54f6ded29a3d4c804a675414815c

SHA1
e763f18fafff542c49fd8681e09581f2c0931f00

SHA256
c017682da3cd58049c53dd9a5559248df93d1ae5bb68dedef7bf105e9cc5280a

SHA512
313a231b760e83c569bd7d6fddbd67fed84672e377b610e4d100861773b14327c92ab3e19ca69439da22dd28c48147bd5cb952ac43ed4753b913c86e37bbb78e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
bb67eb6806d2652817b79bbeb5e4c325

SHA1
0c5fe4a0f8ffc563cf771ebdfe57e66f63976679

SHA256
8c96b17f40d6f07d2a56284a92e8a3df590c7080eada1890a02cb8476f321114

SHA512
3c811e6fc4ac093c2fdf2e88c04ab83094da822479500ce0d007761b447a19714e9119bf7eab50892ffe0d3805389d386893e7b07f14ba2f5dc0c4244e870d2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5d3039df8f4dc0de9674c606747d5e63

SHA1
e7b8fa579f4fc0eb761cea0140c60de3bd94b5ff

SHA256
2f589ec8d15c2bdd8529ec7271f1be863a57e9c8de892b9abdc1bf0556679ba7

SHA512
d28a4e8687c9ee94679bd59c0bb7e07da626cc9209ba70a607b662e7291a6e71e52269c248700bbf07b243a6536044732bf43f0dc4aee716c727233323e8b0b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0a31e0a6c9624428eed67f66daa18446

SHA1
11fd087340c3fdb72dc9de039d98427de9288c48

SHA256
8228bed6ca556dfcc99776d7116f56031948bac9dbe3d1a11529ac42fbce2c3c

SHA512
7c214fc05f28a0fb5d3fdf56ed89eb197633f8543ab4b6133d5465aeff7fd6933a42cbe4d8329705b7dc140a915b431c954e1b5d080f04faed886b0f88be824a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
335a45e711ff2d2c4660ff9d9a2d423f

SHA1
1540d5c2ddc0cee1456e846808199bcc2a76cd58

SHA256
d1b2e96ffd4cefff1db6c6ca2b221a2e6d249f1f3ac29963df45d05684fa2013

SHA512
137485a71c2ce84633005cfd5c0c736650ebf0c196bc6447ebf33bcf2ab7ce97f0f0f50a079404709e34d678f8aa12d6d52a94f55e7da58c9c1c69e1e82edcd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e50e9afea9c06a0f1926345684f7c401

SHA1
bbe33e1cbefab336c3b60310781eb765c23fe9ad

SHA256
15e7677afc20435afa0c9a877302f0807f6ab8075be676cbdb29b965fc9d2840

SHA512
c4567499c6bd923f2ada7e7fdb964f50fbb860c0a1192375a29c1623ec01e3fed9117d54bc044fa57defaa38a02e605830052fa05caf2324d232fade5f8a1aa5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7860387cb625ad5da025c5537b2d4447

SHA1
1d5a90d9a4257069af90fd1e098a8d8d842074db

SHA256
15a5f60cc6ef83318d55c896c62b58cba1c2ba8b7a878e2a1373f45d14959678

SHA512
5972b004f351e0826d0d5a48ee1fcf769096833abd6d87c9c892befc9e92c9cfad8fc9c94a4028e3516a3127be0420f35fb52a817489573caf687e349a187133

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1b9d549298d53bac2ac7d728cc986293

SHA1
381090c98b254f3788bde216906b566dadbbd580

SHA256
e6ecb32c2498ae58189621e9936bc9bb03cab6e0fb51517f7c2027e64906ee81

SHA512
6f03bb8f85faa8eecfd8a07fa9ef09857309c6c84252f162c23cba85eaeaabbb169920d2ded96eea7dc3e2558a1c36a87cf3847a3eabc478d3d02c5cc6b45b7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
63157f23f7062fa81b10574ff0aab083

SHA1
9cd20045d2535d7d17da420fe36a39e51fa8b48e

SHA256
278a5af27ea73b7c699a587b81d8a9fb03a83e634168a21d892df32dc3d1f1db

SHA512
7c3d9fcd253886be3779b770736bbe8f128c45729877af965b83651bb20095836cb6ec7374aaed15afdb0e5af0ea4ea8f5b534a916c59c4228d8435a276ff187

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Browser

Filesize
106B

MD5
de9ef0c5bcc012a3a1131988dee272d8

SHA1
fa9ccbdc969ac9e1474fce773234b28d50951cd8

SHA256
3615498fbef408a96bf30e01c318dac2d5451b054998119080e7faac5995f590

SHA512
cea946ebeadfe6be65e33edff6c68953a84ec2e2410884e12f406cac1e6c8a0793180433a7ef7ce097b24ea78a1fdbb4e3b3d9cdf1a827ab6ff5605da3691724

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
6678c2b556ec9a1aee6d8dfdd26a81c8

SHA1
8c1f4c458a536ff0ef262f7d882925463f38a47c

SHA256
019d4274f75477f6f5dedcac53cba77b8bfcd33e55d799b747ff1af4430f0d65

SHA512
b2336740adfcc401d2fd2cd190ad151323a4bff7a1c554c619b8f74f49ba06ae193de3b1326124bb3ab1afea443edac756c2acb7b76727230834ec22192f52b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
111KB

MD5
bbc6eb5ae7087361610caaad504fc732

SHA1
fb45c00e99abd94d8d9159cf3c58b7cea2187a1b

SHA256
974cd70faab944b4e45c51089953eb475f24103954596f4ecaf839f5739802b3

SHA512
2d11fcb89f8d66b80c99cb276cf39785b108d6470ac02b075664522dbfeb8435bc928b8172b3f8a7668443d7da5f440b2606a91f734b41f8d6ec7e8f98f8520b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5813e1.TMP

Filesize
98KB

MD5
62d67d22312ade4382829327b208613f

SHA1
5e08053b12fe55e9f0df37d18cd677f27c2f66f3

SHA256
322186d63c05a144c8878712715586c3533e8dae39b25acd589b7adc7624cf2e

SHA512
d088421eb932bf2236a722e1968505239081c21866e28485e656dd57461a7b8b18e6a48b51276972480d38fa98e633ea5280a1b0c2694313c844f32ba51e6ab6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\ECF0.tmp\ECF1.tmp\ECF2.bat

Filesize
155B

MD5
0de7237ec7e2c8ab8e55d1ae6319e02a

SHA1
f586f3344183e563d71a8cb91b8a97439b9d3558

SHA256
49cc06b2575a0838d1ce5188fdf655ae1454d7d44670e9ba49be90e01cbd69a8

SHA512
8cb779a6daffd97c9709eb43ace6b5cd10f7093991f9319032a809770d27a26cf13739117374f3e3c330b4eb0f60a5714bfed9194a1b8d0eadcd4c5b3f161d69

Download Submit
C:\Users\Admin\Downloads\A employee has shared Covid-19 report with You.doc.exe

Filesize
207KB

MD5
cddd8d24c88d1d2f77f5ea463ef9cede

SHA1
68e7b55ab17c6553d27d3e76e5d4210065cfe204

SHA256
63ffe543660a74b4217b991f6214f823ab68b54a318b165cf01d791ce65b2525

SHA512
24a17153641a97bf35dd655e6cd2f1d10c0854c7dddb64adea3b2f47c8915bbb22d449f06a43ac40c2080860a4c94996921c93d471c5c10747a954e8f8c18865

Download Submit
C:\Users\Admin\Downloads\Covid19.txt

Filesize
51B

MD5
d872404f10fd1b91858bd74d8d5b4a89

SHA1
6d89d5f1cd970008214dcf9bfefe07f919d16d36

SHA256
8646567627903a6f93edf03d7b70304f085779467dd7a9381a98ce3b10c6d3b5

SHA512
22f2c6473b4fce3f111fce7f865fb2f6cf6744db58a9688e9037fc772cbcab8eb1f2d0500cf3b1190add5da186141db1746d56a8aa4d26769d008671a60b8259

Download Submit
C:\Users\Admin\Downloads\GuideLauncher.exe

Filesize
408KB

MD5
934b81faace8824b29105af62987af2a

SHA1
296d77ca6c3dac44ee95dd789f9dc1dc84ef3cef

SHA256
f95eaf4de259a6e73e86981895f45adc5660268740f34bfddf2d7b4f6a6d4b69

SHA512
a18b15f38b68b3134c55e314db47b6cee14b6910d7101384cdab53053c2a9c222d7ac70936663e74382cfe9808d6b9d9f893dc377cabbd2d953472f77d7ef246

Download Submit
C:\Users\Admin\Downloads\MBRDemon.exe

Filesize
105KB

MD5
79ea93cf63e288882d9c56255a200705

SHA1
722f14ff99f5f73f7bfe2187012c5fc54199573d

SHA256
718a921e0a7f2f784a62b36239b1d9a1d4119ca325ccdbfe4a83ff7ef02a51cf

SHA512
14f923bb8d9ab153c758868e95d03652214d67a1491c45124bcb1bf604a5d45bf66b705afabccd14850c107421daee3da819e3ac80d85aff421979d7dd91b7c8

Download Submit
memory/700-387-0x0000000000400000-0x000000000047D000-memory.dmp

Filesize
500KB

Download
memory/1560-386-0x0000000000400000-0x000000000047D000-memory.dmp

Filesize
500KB

Download
memory/2192-420-0x00007FF6A5E20000-0x00007FF6A5E83000-memory.dmp

Filesize
396KB

Download
memory/3532-231-0x0000000000400000-0x000000000046E000-memory.dmp

Filesize
440KB

Download
memory/3532-258-0x0000000000400000-0x000000000046E000-memory.dmp

Filesize
440KB

Download