hxxps://github[.]com/Endermanch/MalwareDatabase

Resubmissions

02/08/2024, 19:52

240802-ylhb2axflj 10

02/08/2024, 19:51

240802-yk374ssfpb 5

02/08/2024, 19:48

240802-yjczjasfjc 7

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02/08/2024, 19:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Endermanch/MalwareDatabase

Score

7^/10

discovery

Malware Config

Signatures

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LOGON.exe	[email protected]

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
50	raw.githubusercontent.com
51	raw.githubusercontent.com

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
672	chrome.exe
672	chrome.exe
5028	[email protected]
5028	[email protected]
5028	[email protected]
5028	[email protected]
5028	[email protected]
5028	[email protected]
5028	[email protected]
5028	[email protected]
5028	[email protected]
5028	[email protected]
5028	[email protected]
5028	[email protected]
5028	[email protected]
5028	[email protected]
5028	[email protected]
5028	[email protected]
5028	[email protected]
5028	[email protected]
5028	[email protected]
5028	[email protected]
5028	[email protected]
5028	[email protected]
5028	[email protected]
5028	[email protected]
5028	[email protected]
5028	[email protected]
5028	[email protected]
5028	[email protected]
5028	[email protected]
5028	[email protected]
5028	[email protected]
5028	[email protected]
5028	[email protected]
5028	[email protected]
5028	[email protected]
5028	[email protected]
5028	[email protected]
5028	[email protected]
5028	[email protected]
5028	[email protected]
5028	[email protected]
5028	[email protected]
5028	[email protected]
5028	[email protected]
5028	[email protected]
5028	[email protected]
5028	[email protected]
5028	[email protected]
5028	[email protected]
5028	[email protected]
5028	[email protected]
5028	[email protected]
5028	[email protected]
5028	[email protected]
5028	[email protected]
5028	[email protected]
5028	[email protected]
5028	[email protected]
5028	[email protected]
5028	[email protected]
5028	[email protected]
5028	[email protected]

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
636	7zG.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
672	chrome.exe
672	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
636	7zG.exe
3452	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 672 wrote to memory of 4832	672	chrome.exe	88
PID 672 wrote to memory of 4832	672	chrome.exe	88
PID 672 wrote to memory of 4260	672	chrome.exe	90
PID 672 wrote to memory of 4260	672	chrome.exe	90
PID 672 wrote to memory of 4260	672	chrome.exe	90
PID 672 wrote to memory of 4260	672	chrome.exe	90
PID 672 wrote to memory of 4260	672	chrome.exe	90
PID 672 wrote to memory of 4260	672	chrome.exe	90
PID 672 wrote to memory of 4260	672	chrome.exe	90
PID 672 wrote to memory of 4260	672	chrome.exe	90
PID 672 wrote to memory of 4260	672	chrome.exe	90
PID 672 wrote to memory of 4260	672	chrome.exe	90
PID 672 wrote to memory of 4260	672	chrome.exe	90
PID 672 wrote to memory of 4260	672	chrome.exe	90
PID 672 wrote to memory of 4260	672	chrome.exe	90
PID 672 wrote to memory of 4260	672	chrome.exe	90
PID 672 wrote to memory of 4260	672	chrome.exe	90
PID 672 wrote to memory of 4260	672	chrome.exe	90
PID 672 wrote to memory of 4260	672	chrome.exe	90
PID 672 wrote to memory of 4260	672	chrome.exe	90
PID 672 wrote to memory of 4260	672	chrome.exe	90
PID 672 wrote to memory of 4260	672	chrome.exe	90
PID 672 wrote to memory of 4260	672	chrome.exe	90
PID 672 wrote to memory of 4260	672	chrome.exe	90
PID 672 wrote to memory of 4260	672	chrome.exe	90
PID 672 wrote to memory of 4260	672	chrome.exe	90
PID 672 wrote to memory of 4260	672	chrome.exe	90
PID 672 wrote to memory of 4260	672	chrome.exe	90
PID 672 wrote to memory of 4260	672	chrome.exe	90
PID 672 wrote to memory of 4260	672	chrome.exe	90
PID 672 wrote to memory of 4260	672	chrome.exe	90
PID 672 wrote to memory of 4260	672	chrome.exe	90
PID 672 wrote to memory of 828	672	chrome.exe	91
PID 672 wrote to memory of 828	672	chrome.exe	91
PID 672 wrote to memory of 1976	672	chrome.exe	92
PID 672 wrote to memory of 1976	672	chrome.exe	92
PID 672 wrote to memory of 1976	672	chrome.exe	92
PID 672 wrote to memory of 1976	672	chrome.exe	92
PID 672 wrote to memory of 1976	672	chrome.exe	92
PID 672 wrote to memory of 1976	672	chrome.exe	92
PID 672 wrote to memory of 1976	672	chrome.exe	92
PID 672 wrote to memory of 1976	672	chrome.exe	92
PID 672 wrote to memory of 1976	672	chrome.exe	92
PID 672 wrote to memory of 1976	672	chrome.exe	92
PID 672 wrote to memory of 1976	672	chrome.exe	92
PID 672 wrote to memory of 1976	672	chrome.exe	92
PID 672 wrote to memory of 1976	672	chrome.exe	92
PID 672 wrote to memory of 1976	672	chrome.exe	92
PID 672 wrote to memory of 1976	672	chrome.exe	92
PID 672 wrote to memory of 1976	672	chrome.exe	92
PID 672 wrote to memory of 1976	672	chrome.exe	92
PID 672 wrote to memory of 1976	672	chrome.exe	92
PID 672 wrote to memory of 1976	672	chrome.exe	92
PID 672 wrote to memory of 1976	672	chrome.exe	92
PID 672 wrote to memory of 1976	672	chrome.exe	92
PID 672 wrote to memory of 1976	672	chrome.exe	92
PID 672 wrote to memory of 1976	672	chrome.exe	92
PID 672 wrote to memory of 1976	672	chrome.exe	92
PID 672 wrote to memory of 1976	672	chrome.exe	92
PID 672 wrote to memory of 1976	672	chrome.exe	92
PID 672 wrote to memory of 1976	672	chrome.exe	92
PID 672 wrote to memory of 1976	672	chrome.exe	92
PID 672 wrote to memory of 1976	672	chrome.exe	92
PID 672 wrote to memory of 1976	672	chrome.exe	92

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Endermanch/MalwareDatabase
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8a22bcc40,0x7ff8a22bcc4c,0x7ff8a22bcc58
  2⤵
  PID:4832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2076,i,16319986514747096811,9130009434179515528,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:4260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1812,i,16319986514747096811,9130009434179515528,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2124 /prefetch:3
  2⤵
  PID:828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2228,i,16319986514747096811,9130009434179515528,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2308 /prefetch:8
  2⤵
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,16319986514747096811,9130009434179515528,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:2540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,16319986514747096811,9130009434179515528,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:1508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4784,i,16319986514747096811,9130009434179515528,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4828 /prefetch:8
  2⤵
  PID:3008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4992,i,16319986514747096811,9130009434179515528,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5004 /prefetch:8
  2⤵
  PID:2684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=984,i,16319986514747096811,9130009434179515528,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4644 /prefetch:8
  2⤵
  - Drops file in System32 directory
  PID:1564

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4616,i,15336851255456239337,16379811035920490645,262144 --variations-seed-version --mojo-platform-channel-handle=1008 /prefetch:8
1⤵
PID:956

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2376

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4504

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap11040:76:7zEvent21125
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:636

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap20624:76:7zEvent22136
1⤵
- Suspicious use of FindShellTrayWindow
PID:3452

C:\Users\Admin\Desktop\[email protected]
"C:\Users\Admin\Desktop\[email protected]"
1⤵
- Drops startup file
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:5028

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:1036

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\bf4a4d3cecab462c949d63e08e3291d8 /t 4212 /p 5028
1⤵
PID:1180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
62402c5f8c440ec3fe93b90d986c240d

SHA1
0ed3550ad55050139cfa6cbc4f69306a6447323f

SHA256
a4cbf8cb8ca9f902e3e7ea34a6525d5895b31940b1be0962923bfe3741feb5ca

SHA512
a036c3819006ae04d2bb11334b83a7789e7da69d34f737d5545402bc2aca4ccd230b4bf7fe39ba26bd5fe67b0876ed7f17ca515066f043728a84080823970609

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
50285fa7215a54798dfcb17303d4b9b6

SHA1
8e51e510ca8fcd635c368c7be41648352df6a6eb

SHA256
af373e7f4e9950c03303e3d0e457352312edcbf402352c2b129e5a9cd3c62111

SHA512
600cc763322b9d439827bf6acc8afab39a4492e52057bda2f76329c55be7e966dd8b6ad8466adba09631fb41f70ffb881d0fb2209db08edce89c67d8efaab36f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e497eae62329c418ba31feaf8d392d66

SHA1
80ccaf619cca24f66d74c4ca12fe9c34da61d1a4

SHA256
cdc6d234b0c95d597aeb7905c06de50a374ebe0adf2579db38973b7bb1216094

SHA512
b96b66045bb2faf6105b3d25f8335aa1c946c2818989b8e560d1c9c260ed032bc3167b9643fb4bee1766a2901207540143d8c6e5a2fa3a8ddb01c6b8812523d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5030f5706d6690b3f276d5d2f667d1ce

SHA1
cda7ed1b3f43cdbfd68e9f3b94597cc024645963

SHA256
ba7ffc1d56bce6bc3add2830d3002026ef31ce92344319744a6d74ef07b3e836

SHA512
bb63350e9e0bbe5e32d96870046c5a7656e7ceac76125710ba7b4cbec6ed57bbfd8580c6eddb5f6dc54e9be8f17c174d135ead350f3235c710d0aa805106206d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9e89622fca517d5f99fb66966eb8bbd6

SHA1
45a723e3c5e67c436a9e15561ee05a042474f0bb

SHA256
e5f8f918d52f3548173acec28bd63332cd2f3680757b40604650935c3ca47f1f

SHA512
2cb8d113954cd0490dd15029fbdd0766cf20c4ae248e84c425107c749fa5584e0a6d34da20500e18776f29762c416bda88100db18665d3fca2c787f9bd53d29e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\b66c7c94-4fc3-4def-8cb2-c1df54158030.tmp

Filesize
1KB

MD5
415cf791f68824bf205dc45e9510a413

SHA1
185c16b9ba5db3df9cb59e94181cde493ee486ef

SHA256
94021e9ca1bf3f07b0c8cf3546c6d720e29c6805ea4e43e8da5905d593c8ab75

SHA512
e86b9b6ae62e9b6737bc553407b6bfa192f13322de23c4e410b1d15b7d3ed1c69e55b2e2be13d524fffe43a3fb31064a07143b0199665cd921c1515a5767a1c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
ca83d8918d7a04fce08ef5ca2ca23a1f

SHA1
aaf196b06924c7594bf74b9a16cf195bbb9ad219

SHA256
9ef2126bbc277df093625985a258d196d65f6fcb70124bae5356aa32ddefae2a

SHA512
031eefb10efd6b3573082c3472d22b27504a33b2316ab2435eb4c709addec9387f56605cc0ce0832dbd7c2546d4ad2c364d29c93a66651a2b3ed8ca7722f0970

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cbd8281f1f7733a24a38299ae815a944

SHA1
d9f47ac9f521e3a0f7aa83def85b1262bc37557c

SHA256
4f188baef9035879393d4e3f61fe871c749b2e1f0cced03b79804914f8f2371b

SHA512
d9ed25f7f7f19dbc6f311fdd09b9c208c5e762b069b4e9b29cf229decbb03a8e051fa62bbfc691d9a26be0aec2cc6869321573e3eb2669ff4d79f70cf797371f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
3cdb3b9bd009622cb3e6f09fa9a767f3

SHA1
5ab50b059f0c98f3290a33155ea5f17f7174214a

SHA256
c0d8233efc15675b8bad27be9d8f843805483569f34d799d7af947154841acae

SHA512
47887199c27a5ace805a384bb61f14f0e3ed4d381457efd52484e05f36e72a486a4803249f0a923dc4c333507e5a53b10827d7b47645bff52ed913f2c59e343b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
c9d59eb1fa4ceb18d6b54b95e985df1b

SHA1
6a928f81e056ae7467dfc3d7deb79a8e204f3d11

SHA256
c9a83d68d114e0372d4f2b01a224d89c8d7c1061f8580745f23f668007f9d84f

SHA512
a0205f77718ea5b4705f984ea6f19cd4f33d6ec4a90c39eba21ec49644e918056b52300f9a4f6e8afb2ce962da5fc5643b61fa3ba23f099a01a9473af505a015

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2bfc3ed45da6fe5e3f1ce6c4d19b9452

SHA1
0d75058bc5f1e5e354f38acb5df5ca57d5be5091

SHA256
8e03fef740c321870e46e01074a64c7af08b5989c15d859915903d6d06e44e14

SHA512
d8f1f26ad9a2189976b649aba90a4f88fed53c379133a7f7dab268a5ccc8493875b33e4790cda6dbb68fe12700eda9a82d27044b63d77aadee674c9437cf3efc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1fd3ae9863f22afe5f3734da73e51622

SHA1
0f960e32a43dc97059f23d313953b8a2bd8ded77

SHA256
628090d5dee7b270c4ef9868c9341deec6d25dad92c7f70b9c4df576942fd91a

SHA512
1c305eec401d21713597c0d9209f49789cacaf78a94a8fda76f976c90350c15b5be7e69a2b09a6255bf2c220da9a67e0ae64765f9d13be5fb6c588c24ae4f845

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8c8bad2e97571f0cc8b98a79dbe40360

SHA1
147e023d2b523b43e74b5458adcbffbd564ffe92

SHA256
8697c65a9140b51bdd7a1358fca94cbf37110448bbff12201e463df61d55bac8

SHA512
33891408bfa5d41279af67dd14a0926da097dda89b062709e3235ed7224520d40c87d4bcc1d7c06c0cab47acba71c6abee872ee6c43e88eeeb5a9b5d6247cdfd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cd3535676268e19a81c06ce9947ab311

SHA1
a8fe42bde9a31aefa96dae059532fbbdf0678e84

SHA256
c5c9f4767f2f68d8d544916317c2ee75d5adadb9ec382947e1ba3ee2563ffe41

SHA512
31e3ccae1e7bc2ba32f93571f7dbb8fb315c8b79c4013803d865de060f5364405b570e68b31cb79270edd1025d8944a4f348552cfc0860ed49820e5ecee77249

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
87467593a362bb49df6a8bfe7570a23a

SHA1
f3477ea6d4053f158ccd9caf9078b290270e0777

SHA256
48c6ef31cf8d6273347dec578a7a4a210f5b4aa5b535f28e5cae4efdca301b96

SHA512
834bfb332b3420c9f7b1b5bd14bb116983802a1011c24a7583ce34f2fccc96f699b11888460d3c6a29ada5b84db0e41e7e0f4ff13d8e493637f929ecd8049aa4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
5eff150fff424ccca37c3e37f862a770

SHA1
4c949d2b03f962e34158dfb568c334407c3b4902

SHA256
97f599da8eb05bb2f9652d2fb839b2b565b67e70f7e2eb6a75eebf60c6d2d2bd

SHA512
7e546ed5042fd572d4a246187d6e98d93b410518ccb2a2b24e8b2671c38e11f2c40bdd8356ce181aac9495fa47230ae7e2d9608bff02258d30e49eaff016097d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
a353227408df9660e098258fa3b7a5f8

SHA1
c6c9180d314aa52770aae1c9f6e02de64b9daf81

SHA256
9bcc0b3aa37ffd8b0d7c4161bf0819f1dd2592bb9bd5004be1caa719e9694aa6

SHA512
23cf913d3379232dfd1cb9a1ce8f31d7f207223aa62a33d02f0662632d9e7accb9ed26b455581d578640ca3a5c028b3325437ec55531e55afe8a5e9f5f78e726

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
11514bd01b3a913a93863c9d2da6d268

SHA1
55bbcb1dae1bbc786c8ed3c849aa72eb2dc0b892

SHA256
fc351a430395161e9b71c0b34cc8f8f306da71a9e41c4d9f13d11713db7591ad

SHA512
8e68908126d81cde3c0561af5d2f9a52baab1dab87c837abbea9fd7a9de3f0741f12945c2a9ec87653eb708eebe5d00c4b3d688b682a87d17913bba0bea15323

Download Submit
C:\Users\Admin\Downloads\DeriaLock.zip

Filesize
210KB

MD5
016d1ca76d387ec75a64c6eb3dac9dd9

SHA1
b0a2b2d4d639c6bcc5b114b3fcbb56d7c7ddbcbe

SHA256
8037a333dfeca754a46e284b8c4b250127daef6d728834bf39497df03006e177

SHA512
f08653184d7caf48e971635699b17b9502addb33fb91cc6e0a563e6a000aeb57ac0a2edd5a9e21ef99a4770c0dbb65899150fa5842b0326976a299382f6be86e

Download Submit
memory/5028-328-0x0000000000120000-0x00000000001A2000-memory.dmp

Filesize
520KB

Download
memory/5028-332-0x0000000004C20000-0x0000000004C2A000-memory.dmp

Filesize
40KB

Download
memory/5028-333-0x0000000004E20000-0x0000000004E76000-memory.dmp

Filesize
344KB

Download
memory/5028-331-0x0000000004C30000-0x0000000004CC2000-memory.dmp

Filesize
584KB

Download
memory/5028-330-0x0000000005140000-0x00000000056E4000-memory.dmp

Filesize
5.6MB

Download
memory/5028-329-0x0000000004AE0000-0x0000000004B7C000-memory.dmp

Filesize
624KB

Download