hxxps://github[.]com/Da2dalus/The-MALWARE-Repo

max time kernel
58s
max time network
61s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
23-07-2024 17:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Da2dalus/The-MALWARE-Repo

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file
Executes dropped EXE 1 IoCs

Processes:

SpySheriff.exe

pid process

3872 SpySheriff.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

37 raw.githubusercontent.com
38 raw.githubusercontent.com
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

SpySheriff.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language SpySheriff.exe

pid	process
3872	SpySheriff.exe

flow	ioc
37	raw.githubusercontent.com
38	raw.githubusercontent.com

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SpySheriff.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133662299709240925"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

3636 chrome.exe
3636 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

chrome.exe

pid process

3636 chrome.exe
3636 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

Processes:

chrome.exeSpySheriff.exe

pid	process
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3872	SpySheriff.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3636 wrote to memory of 4372	3636	chrome.exe	chrome.exe
PID 3636 wrote to memory of 4372	3636	chrome.exe	chrome.exe
PID 3636 wrote to memory of 3712	3636	chrome.exe	chrome.exe
PID 3636 wrote to memory of 3712	3636	chrome.exe	chrome.exe
PID 3636 wrote to memory of 3712	3636	chrome.exe	chrome.exe
PID 3636 wrote to memory of 3712	3636	chrome.exe	chrome.exe
PID 3636 wrote to memory of 3712	3636	chrome.exe	chrome.exe
PID 3636 wrote to memory of 3712	3636	chrome.exe	chrome.exe
PID 3636 wrote to memory of 3712	3636	chrome.exe	chrome.exe
PID 3636 wrote to memory of 3712	3636	chrome.exe	chrome.exe
PID 3636 wrote to memory of 3712	3636	chrome.exe	chrome.exe
PID 3636 wrote to memory of 3712	3636	chrome.exe	chrome.exe
PID 3636 wrote to memory of 3712	3636	chrome.exe	chrome.exe
PID 3636 wrote to memory of 3712	3636	chrome.exe	chrome.exe
PID 3636 wrote to memory of 3712	3636	chrome.exe	chrome.exe
PID 3636 wrote to memory of 3712	3636	chrome.exe	chrome.exe
PID 3636 wrote to memory of 3712	3636	chrome.exe	chrome.exe
PID 3636 wrote to memory of 3712	3636	chrome.exe	chrome.exe
PID 3636 wrote to memory of 3712	3636	chrome.exe	chrome.exe
PID 3636 wrote to memory of 3712	3636	chrome.exe	chrome.exe
PID 3636 wrote to memory of 3712	3636	chrome.exe	chrome.exe
PID 3636 wrote to memory of 3712	3636	chrome.exe	chrome.exe
PID 3636 wrote to memory of 3712	3636	chrome.exe	chrome.exe
PID 3636 wrote to memory of 3712	3636	chrome.exe	chrome.exe
PID 3636 wrote to memory of 3712	3636	chrome.exe	chrome.exe
PID 3636 wrote to memory of 3712	3636	chrome.exe	chrome.exe
PID 3636 wrote to memory of 3712	3636	chrome.exe	chrome.exe
PID 3636 wrote to memory of 3712	3636	chrome.exe	chrome.exe
PID 3636 wrote to memory of 3712	3636	chrome.exe	chrome.exe
PID 3636 wrote to memory of 3712	3636	chrome.exe	chrome.exe
PID 3636 wrote to memory of 3712	3636	chrome.exe	chrome.exe
PID 3636 wrote to memory of 3712	3636	chrome.exe	chrome.exe
PID 3636 wrote to memory of 3712	3636	chrome.exe	chrome.exe
PID 3636 wrote to memory of 3712	3636	chrome.exe	chrome.exe
PID 3636 wrote to memory of 3712	3636	chrome.exe	chrome.exe
PID 3636 wrote to memory of 3712	3636	chrome.exe	chrome.exe
PID 3636 wrote to memory of 3712	3636	chrome.exe	chrome.exe
PID 3636 wrote to memory of 3712	3636	chrome.exe	chrome.exe
PID 3636 wrote to memory of 3712	3636	chrome.exe	chrome.exe
PID 3636 wrote to memory of 3712	3636	chrome.exe	chrome.exe
PID 3636 wrote to memory of 4948	3636	chrome.exe	chrome.exe
PID 3636 wrote to memory of 4948	3636	chrome.exe	chrome.exe
PID 3636 wrote to memory of 1260	3636	chrome.exe	chrome.exe
PID 3636 wrote to memory of 1260	3636	chrome.exe	chrome.exe
PID 3636 wrote to memory of 1260	3636	chrome.exe	chrome.exe
PID 3636 wrote to memory of 1260	3636	chrome.exe	chrome.exe
PID 3636 wrote to memory of 1260	3636	chrome.exe	chrome.exe
PID 3636 wrote to memory of 1260	3636	chrome.exe	chrome.exe
PID 3636 wrote to memory of 1260	3636	chrome.exe	chrome.exe
PID 3636 wrote to memory of 1260	3636	chrome.exe	chrome.exe
PID 3636 wrote to memory of 1260	3636	chrome.exe	chrome.exe
PID 3636 wrote to memory of 1260	3636	chrome.exe	chrome.exe
PID 3636 wrote to memory of 1260	3636	chrome.exe	chrome.exe
PID 3636 wrote to memory of 1260	3636	chrome.exe	chrome.exe
PID 3636 wrote to memory of 1260	3636	chrome.exe	chrome.exe
PID 3636 wrote to memory of 1260	3636	chrome.exe	chrome.exe
PID 3636 wrote to memory of 1260	3636	chrome.exe	chrome.exe
PID 3636 wrote to memory of 1260	3636	chrome.exe	chrome.exe
PID 3636 wrote to memory of 1260	3636	chrome.exe	chrome.exe
PID 3636 wrote to memory of 1260	3636	chrome.exe	chrome.exe
PID 3636 wrote to memory of 1260	3636	chrome.exe	chrome.exe
PID 3636 wrote to memory of 1260	3636	chrome.exe	chrome.exe
PID 3636 wrote to memory of 1260	3636	chrome.exe	chrome.exe
PID 3636 wrote to memory of 1260	3636	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Da2dalus/The-MALWARE-Repo
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffb64499758,0x7ffb64499768,0x7ffb64499778
  2⤵
  PID:4372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 --field-trial-handle=1692,i,10207701454490285547,10620127406859655276,131072 /prefetch:2
  2⤵
  PID:3712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 --field-trial-handle=1692,i,10207701454490285547,10620127406859655276,131072 /prefetch:8
  2⤵
  PID:4948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2076 --field-trial-handle=1692,i,10207701454490285547,10620127406859655276,131072 /prefetch:8
  2⤵
  PID:1260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2900 --field-trial-handle=1692,i,10207701454490285547,10620127406859655276,131072 /prefetch:1
  2⤵
  PID:3208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2920 --field-trial-handle=1692,i,10207701454490285547,10620127406859655276,131072 /prefetch:1
  2⤵
  PID:1312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 --field-trial-handle=1692,i,10207701454490285547,10620127406859655276,131072 /prefetch:8
  2⤵
  PID:1392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 --field-trial-handle=1692,i,10207701454490285547,10620127406859655276,131072 /prefetch:8
  2⤵
  PID:4728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3624 --field-trial-handle=1692,i,10207701454490285547,10620127406859655276,131072 /prefetch:8
  2⤵
  PID:3360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5340 --field-trial-handle=1692,i,10207701454490285547,10620127406859655276,131072 /prefetch:8
  2⤵
  PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5492 --field-trial-handle=1692,i,10207701454490285547,10620127406859655276,131072 /prefetch:8
  2⤵
  PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 --field-trial-handle=1692,i,10207701454490285547,10620127406859655276,131072 /prefetch:8
  2⤵
  PID:2236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4980 --field-trial-handle=1692,i,10207701454490285547,10620127406859655276,131072 /prefetch:8
  2⤵
  PID:2240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5504 --field-trial-handle=1692,i,10207701454490285547,10620127406859655276,131072 /prefetch:8
  2⤵
  PID:1712
- C:\Users\Admin\Downloads\SpySheriff.exe
  "C:\Users\Admin\Downloads\SpySheriff.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of FindShellTrayWindow
  PID:3872

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
025ecc2a17b5bc65d79b3f190def42ef

SHA1
d5f84e845bef9f0f37d91f9c1c44464775750079

SHA256
cf3de8625aab14e2f2ab993fd4d44b6d9534639afa373775626f236d11e95e27

SHA512
fe2f3f1b459c38078186aef77c66b57ec379d8ef855e9b38448f34cf513ca063b9a2f7231b1b5cf763cf67e3b3245510e58db8ff1c6957e6e5401fe578db47ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1018B

MD5
1ca73034de01cdb61ccb237f732c5c9d

SHA1
300fdd90609471528a57b05bc01904ad64a7d5cc

SHA256
23c5fe24a1b22355a0e0b580551e4d5660110825c4c7562d8654cdec47e91b2d

SHA512
1b1bffbb0ad94358eebca222ecc36b907dfb9bd652d0299f373d0b5080ea6e87e844b6adac917ffd5626f05d0a9ee66e79d9f96149e3c7f0022b4e710d6a75d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1018B

MD5
8b9f001c91099f472399c2e43f62d8ba

SHA1
a7f1d6cd72086dbc22ed33fecd6953bd8f18e721

SHA256
8b119346a5031be2d1c2c2afb366acfe98b1d7fb031635a4c6df3591a8a0102c

SHA512
b93e4faa1210cbea8ad84265fef084962f604e0e6a3207afccc44254675be4388cf4b776ec3138fa97e94960fe882ce64c05a4aebf8b5a482f372880efa0a5c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b23f42ac0b4628fddc50fdd3c6a00752

SHA1
a6fe4c578a17f09d0eb8ad240330ff2c4e3f7c13

SHA256
79c7bb4cb44289f0eb5115c0d508ec846ef164babc7c7c685bccf90a6d4d7a20

SHA512
636f578addb8942e20a39ebd2a168500111549d5bd6631c3e92f44a8d6da3b0fcfbe37af1bba23a23d9d6dabc097c0723a8e2b2a357b657899cc2db4a4cd8df8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2bcebb36f324c693ccae651eddca3ced

SHA1
cd84c8a4c0060a3a6375c5eb18e0d6bfe2fa46af

SHA256
40d1fca2810691e661184e2218d6b0455f5579f22c93b389901a4e83753dad2c

SHA512
c287d06007b3448e60fff4d160f5e2bac8c78171788ea5c556a6369986cf2b92b69170968a4e44153c96e72e9e1f7ef6a6129cee06df9ad36007d4699ddc89cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7c84c3183245c7a70d4e7cd055a4abd9

SHA1
c844da649d2221ef54cd98ea0b20804b87660275

SHA256
bc00dc7479217935865176087ceb2a64d8c4c97f7b3d3db6d7084d6879e69865

SHA512
f369bdeb127d9fb943251cc9abb7080958ab078c0463d3376b9f42979f52672aa1e033bdb173cc480943f1b8541654b3af00843ecb39a6153aa289043fd2bd71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5169e4df628541ec2eff7e02c034be5f

SHA1
1cc78769bdb479b419fd3c5bad3a6d18c68d097c

SHA256
9228576bdd370622a6ced52fabef60afbda9d7a0ad501b03c7655082f07e79c6

SHA512
a360ce5c92c263e6124774e6321dc99fb8fa8bc655a9ee1b4cd8049366e6b5496a403ab3bbf32b5f5da20d83aebb9044d1bfb90d9191a72d9fced9cf85483e21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2c0cf68d58cc04426bad7a71dc59614c

SHA1
589ba4f59949a923987e334eb3d4c6e26b33d238

SHA256
78296a7d02a0ee3fd1bf666be5da397f2a3110b97fbac4be9de16244fbcc8246

SHA512
a307d2e9b72a44421a8215596ad5e899cc5b1f55c0423442d2aa52114e7243e402c9b7fcb851e41f7ba02d6c7dd24026625600fa76bc3b2b4e5db68ff9d645c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
e1ca587a1edb734c3331001730e901cd

SHA1
a072a580d7ab78ad52005670e2434b251d0e68e5

SHA256
3528d9c501027f1b454f287477f7223cee567a776cbdd07776538aa364db372d

SHA512
646becf1f46444105eb9ef1ed65a8908a6a121a22b8795d2a820aae74e1e9bdaa7025cf97eceb0985f06957c4446087e38b63c68d1c77616ac7fe62de0e5b05d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
111KB

MD5
7303fddaab149963b94d7a9d55553b43

SHA1
f334219f4c5276e9678ae3ed62b2809b2c9c9c8f

SHA256
8438f3ac26a41941538b6b27ccda4c36647ba8f01fdc3e89038773978b6bf438

SHA512
67311f0e5f02429b8fb2d6378bc28c0775e55d6bdf1ef15996124414c155940b5c9b3f06cf448fe76d49b00d11162ef6a2479f41dbd6f5857e5b7f14a350c4e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57ff11.TMP

Filesize
98KB

MD5
1889060dd2c3833dae0d79ca4e322154

SHA1
81f13759325bfc9e92c15fddadf908a0a8d918ec

SHA256
ec77a058f3148a1430f0b3e052788231c6d2d3ea9244ce4dc50b2608a3712333

SHA512
da83562e5f1df52cbb04b4511fcdfac7b036b367b1fde5a61ccbad3af673f28af5f777b4037fc0dd7955ed1854517c4954d2408c450e581c3da33f17f80aad41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\SpySheriff.exe

Filesize
48KB

MD5
ab3e43a60f47a98962d50f2da0507df7

SHA1
4177228a54c15ac42855e87854d4cd9a1722fe39

SHA256
4f5f0d9a2b6ef077402a17136ff066dda4c8175ceb6086877aaa3570cabb638f

SHA512
9e3365c7860c4766091183d633462f1cc8c30d28871ae2cd8a9a086ce61c0bccf457f919db6826b708f0cf4f88e90f71185420edc4756b7d70137e2096f8797f

Download Submit
\??\pipe\crashpad_3636_QBYBKDNXMENUFLCF

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/3872-272-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/3872-273-0x0000000000401000-0x0000000000402000-memory.dmp

Filesize
4KB

Download
memory/3872-308-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download