33bf6d1ad3109235696c6e9c59e5400ee93283edfb81589352d082e594bccec0

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08/08/2024, 18:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Cold_Turkey_Micromanager.exe
Size

6.3MB
MD5

5d5d790ad27f9531181800c9ab4253c5
SHA1

82de2c7d1ba1061ff4e5e481423cddb725d691ec
SHA256

f371f2a9549804666784573815963fddf1dc559b871200a19969260e0a54da65
SHA512

86763f56127710d42248b0247c093c0f93c8ddd8df2a10ccb9d2163eafef0abe4585f1bcd6c95f6c50659ec486bce48d8382a84ce3f109a781cbf6608be5f831
SSDEEP

98304:3Si57xh1vfGOzztcF3a9HWMBlLky0Yf0YCUxAcHt/5VAl4BolHs4HXro:x7xh1vOOuF3a92MBpkzQLAcd5yl//s

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 5 IoCs

pid	Process
4452	Cold_Turkey_Micromanager.tmp
3352	Cold Turkey Micromanager.exe
3740	Cold Turkey Micromanager.exe
3676	Cold Turkey Micromanager.exe
3572	Cold Turkey Micromanager.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Cold Turkey Micromanager\web\css\is-BBIMK.tmp	Cold_Turkey_Micromanager.tmp
File created	C:\Program Files\Cold Turkey Micromanager\web\fonts\is-ERG4E.tmp	Cold_Turkey_Micromanager.tmp
File created	C:\Program Files\Cold Turkey Micromanager\is-IRQ4L.tmp	Cold_Turkey_Micromanager.tmp
File created	C:\Program Files\Cold Turkey Micromanager\web\is-9VA0E.tmp	Cold_Turkey_Micromanager.tmp
File created	C:\Program Files\Cold Turkey Micromanager\web\css\font-awesome\less\is-QSJ7A.tmp	Cold_Turkey_Micromanager.tmp
File created	C:\Program Files\Cold Turkey Micromanager\web\js\is-L8O3L.tmp	Cold_Turkey_Micromanager.tmp
File created	C:\Program Files\Cold Turkey Micromanager\is-E6G6S.tmp	Cold_Turkey_Micromanager.tmp
File created	C:\Program Files\Cold Turkey Micromanager\web\css\font-awesome\less\is-L05QQ.tmp	Cold_Turkey_Micromanager.tmp
File created	C:\Program Files\Cold Turkey Micromanager\web\fonts\is-R985G.tmp	Cold_Turkey_Micromanager.tmp
File created	C:\Program Files\Cold Turkey Micromanager\is-C7PS8.tmp	Cold_Turkey_Micromanager.tmp
File created	C:\Program Files\Cold Turkey Micromanager\web\css\font-awesome\less\is-QP9RC.tmp	Cold_Turkey_Micromanager.tmp
File created	C:\Program Files\Cold Turkey Micromanager\web\fonts\is-VTNB6.tmp	Cold_Turkey_Micromanager.tmp
File created	C:\Program Files\Cold Turkey Micromanager\web\js\is-8OUML.tmp	Cold_Turkey_Micromanager.tmp
File created	C:\Program Files\Cold Turkey Micromanager\is-1QSCE.tmp	Cold_Turkey_Micromanager.tmp
File created	C:\Program Files\Cold Turkey Micromanager\web\css\is-IIRB3.tmp	Cold_Turkey_Micromanager.tmp
File created	C:\Program Files\Cold Turkey Micromanager\web\css\font-awesome\scss\is-92C0B.tmp	Cold_Turkey_Micromanager.tmp
File created	C:\Program Files\Cold Turkey Micromanager\web\js\is-MFV5N.tmp	Cold_Turkey_Micromanager.tmp
File created	C:\Program Files\Cold Turkey Micromanager\web\css\font-awesome\is-PLC4G.tmp	Cold_Turkey_Micromanager.tmp
File created	C:\Program Files\Cold Turkey Micromanager\web\css\font-awesome\scss\is-234MG.tmp	Cold_Turkey_Micromanager.tmp
File created	C:\Program Files\Cold Turkey Micromanager\web\fonts\is-1PL8E.tmp	Cold_Turkey_Micromanager.tmp
File created	C:\Program Files\Cold Turkey Micromanager\is-7BFHD.tmp	Cold_Turkey_Micromanager.tmp
File created	C:\Program Files\Cold Turkey Micromanager\web\css\font-awesome\scss\is-QQL72.tmp	Cold_Turkey_Micromanager.tmp
File created	C:\Program Files\Cold Turkey Micromanager\web\fonts\is-SCCEQ.tmp	Cold_Turkey_Micromanager.tmp
File created	C:\Program Files\Cold Turkey Micromanager\web\images\is-D59RT.tmp	Cold_Turkey_Micromanager.tmp
File created	C:\Program Files\Cold Turkey Micromanager\web\css\font-awesome\less\is-9HCOC.tmp	Cold_Turkey_Micromanager.tmp
File created	C:\Program Files\Cold Turkey Micromanager\web\fonts\is-13USQ.tmp	Cold_Turkey_Micromanager.tmp
File created	C:\Program Files\Cold Turkey Micromanager\web\js\bootstrap-datetimepicker\js\is-BNGN0.tmp	Cold_Turkey_Micromanager.tmp
File created	C:\Program Files\Cold Turkey Micromanager\is-OB59B.tmp	Cold_Turkey_Micromanager.tmp
File created	C:\Program Files\Cold Turkey Micromanager\is-ACJVV.tmp	Cold_Turkey_Micromanager.tmp
File created	C:\Program Files\Cold Turkey Micromanager\is-N7MJQ.tmp	Cold_Turkey_Micromanager.tmp
File created	C:\Program Files\Cold Turkey Micromanager\web\css\is-DPUGS.tmp	Cold_Turkey_Micromanager.tmp
File created	C:\Program Files\Cold Turkey Micromanager\web\css\font-awesome\fonts\is-NSH5D.tmp	Cold_Turkey_Micromanager.tmp
File created	C:\Program Files\Cold Turkey Micromanager\web\css\font-awesome\less\is-3CMAO.tmp	Cold_Turkey_Micromanager.tmp
File created	C:\Program Files\Cold Turkey Micromanager\web\css\font-awesome\scss\is-V7EM8.tmp	Cold_Turkey_Micromanager.tmp
File opened for modification	C:\Program Files\Cold Turkey Micromanager\unins000.dat	Cold_Turkey_Micromanager.tmp
File created	C:\Program Files\Cold Turkey Micromanager\web\css\font-awesome\less\is-ELGER.tmp	Cold_Turkey_Micromanager.tmp
File created	C:\Program Files\Cold Turkey Micromanager\web\css\font-awesome\scss\is-HPLNM.tmp	Cold_Turkey_Micromanager.tmp
File created	C:\Program Files\Cold Turkey Micromanager\web\css\font-awesome\scss\is-K8J8M.tmp	Cold_Turkey_Micromanager.tmp
File created	C:\Program Files\Cold Turkey Micromanager\web\css\font-awesome\scss\is-GQ9KQ.tmp	Cold_Turkey_Micromanager.tmp
File created	C:\Program Files\Cold Turkey Micromanager\web\images\is-0M0A6.tmp	Cold_Turkey_Micromanager.tmp
File created	C:\Program Files\Cold Turkey Micromanager\web\images\is-DAIQ7.tmp	Cold_Turkey_Micromanager.tmp
File created	C:\Program Files\Cold Turkey Micromanager\web\fonts\is-5SPLU.tmp	Cold_Turkey_Micromanager.tmp
File created	C:\Program Files\Cold Turkey Micromanager\web\fonts\is-5OUEA.tmp	Cold_Turkey_Micromanager.tmp
File created	C:\Program Files\Cold Turkey Micromanager\is-3FGPQ.tmp	Cold_Turkey_Micromanager.tmp
File created	C:\Program Files\Cold Turkey Micromanager\web\css\is-VTQHB.tmp	Cold_Turkey_Micromanager.tmp
File created	C:\Program Files\Cold Turkey Micromanager\web\js\bootstrap-datetimepicker\css\is-T983K.tmp	Cold_Turkey_Micromanager.tmp
File created	C:\Program Files\Cold Turkey Micromanager\web\css\font-awesome\fonts\is-D5I49.tmp	Cold_Turkey_Micromanager.tmp
File created	C:\Program Files\Cold Turkey Micromanager\web\css\font-awesome\less\is-PTECN.tmp	Cold_Turkey_Micromanager.tmp
File created	C:\Program Files\Cold Turkey Micromanager\web\css\font-awesome\less\is-VDLAQ.tmp	Cold_Turkey_Micromanager.tmp
File created	C:\Program Files\Cold Turkey Micromanager\web\images\is-B5VQE.tmp	Cold_Turkey_Micromanager.tmp
File created	C:\Program Files\Cold Turkey Micromanager\web\js\is-JA5MV.tmp	Cold_Turkey_Micromanager.tmp
File created	C:\Program Files\Cold Turkey Micromanager\web\js\is-7DR5G.tmp	Cold_Turkey_Micromanager.tmp
File created	C:\Program Files\Cold Turkey Micromanager\unins000.dat	Cold_Turkey_Micromanager.tmp
File created	C:\Program Files\Cold Turkey Micromanager\web\css\font-awesome\fonts\is-T526P.tmp	Cold_Turkey_Micromanager.tmp
File created	C:\Program Files\Cold Turkey Micromanager\web\css\font-awesome\less\is-OJU57.tmp	Cold_Turkey_Micromanager.tmp
File created	C:\Program Files\Cold Turkey Micromanager\web\fonts\is-F3SBF.tmp	Cold_Turkey_Micromanager.tmp
File created	C:\Program Files\Cold Turkey Micromanager\is-V4CSK.tmp	Cold_Turkey_Micromanager.tmp
File created	C:\Program Files\Cold Turkey Micromanager\web\fonts\is-530JU.tmp	Cold_Turkey_Micromanager.tmp
File created	C:\Program Files\Cold Turkey Micromanager\web\css\font-awesome\fonts\is-G7AAF.tmp	Cold_Turkey_Micromanager.tmp
File created	C:\Program Files\Cold Turkey Micromanager\web\css\font-awesome\scss\is-7VSRT.tmp	Cold_Turkey_Micromanager.tmp
File created	C:\Program Files\Cold Turkey Micromanager\web\css\font-awesome\scss\is-P6UQ7.tmp	Cold_Turkey_Micromanager.tmp
File created	C:\Program Files\Cold Turkey Micromanager\web\fonts\is-JT5VK.tmp	Cold_Turkey_Micromanager.tmp
File created	C:\Program Files\Cold Turkey Micromanager\web\fonts\is-46USU.tmp	Cold_Turkey_Micromanager.tmp
File created	C:\Program Files\Cold Turkey Micromanager\web\fonts\is-56P90.tmp	Cold_Turkey_Micromanager.tmp

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Cold_Turkey_Micromanager.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Cold_Turkey_Micromanager.tmp

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133676162747776991"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4968	chrome.exe
4968	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe

Suspicious use of FindShellTrayWindow 61 IoCs

pid	Process
4452	Cold_Turkey_Micromanager.tmp
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
3276	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
3352	Cold Turkey Micromanager.exe
3352	Cold Turkey Micromanager.exe
3740	Cold Turkey Micromanager.exe
3740	Cold Turkey Micromanager.exe
3676	Cold Turkey Micromanager.exe
3676	Cold Turkey Micromanager.exe
3572	Cold Turkey Micromanager.exe
3572	Cold Turkey Micromanager.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4384 wrote to memory of 4452	4384	Cold_Turkey_Micromanager.exe	86
PID 4384 wrote to memory of 4452	4384	Cold_Turkey_Micromanager.exe	86
PID 4384 wrote to memory of 4452	4384	Cold_Turkey_Micromanager.exe	86
PID 4452 wrote to memory of 3352	4452	Cold_Turkey_Micromanager.tmp	90
PID 4452 wrote to memory of 3352	4452	Cold_Turkey_Micromanager.tmp	90
PID 4968 wrote to memory of 1808	4968	chrome.exe	109
PID 4968 wrote to memory of 1808	4968	chrome.exe	109
PID 4968 wrote to memory of 4560	4968	chrome.exe	110
PID 4968 wrote to memory of 4560	4968	chrome.exe	110
PID 4968 wrote to memory of 4560	4968	chrome.exe	110
PID 4968 wrote to memory of 4560	4968	chrome.exe	110
PID 4968 wrote to memory of 4560	4968	chrome.exe	110
PID 4968 wrote to memory of 4560	4968	chrome.exe	110
PID 4968 wrote to memory of 4560	4968	chrome.exe	110
PID 4968 wrote to memory of 4560	4968	chrome.exe	110
PID 4968 wrote to memory of 4560	4968	chrome.exe	110
PID 4968 wrote to memory of 4560	4968	chrome.exe	110
PID 4968 wrote to memory of 4560	4968	chrome.exe	110
PID 4968 wrote to memory of 4560	4968	chrome.exe	110
PID 4968 wrote to memory of 4560	4968	chrome.exe	110
PID 4968 wrote to memory of 4560	4968	chrome.exe	110
PID 4968 wrote to memory of 4560	4968	chrome.exe	110
PID 4968 wrote to memory of 4560	4968	chrome.exe	110
PID 4968 wrote to memory of 4560	4968	chrome.exe	110
PID 4968 wrote to memory of 4560	4968	chrome.exe	110
PID 4968 wrote to memory of 4560	4968	chrome.exe	110
PID 4968 wrote to memory of 4560	4968	chrome.exe	110
PID 4968 wrote to memory of 4560	4968	chrome.exe	110
PID 4968 wrote to memory of 4560	4968	chrome.exe	110
PID 4968 wrote to memory of 4560	4968	chrome.exe	110
PID 4968 wrote to memory of 4560	4968	chrome.exe	110
PID 4968 wrote to memory of 4560	4968	chrome.exe	110
PID 4968 wrote to memory of 4560	4968	chrome.exe	110
PID 4968 wrote to memory of 4560	4968	chrome.exe	110
PID 4968 wrote to memory of 4560	4968	chrome.exe	110
PID 4968 wrote to memory of 4560	4968	chrome.exe	110
PID 4968 wrote to memory of 4560	4968	chrome.exe	110
PID 4968 wrote to memory of 3852	4968	chrome.exe	111
PID 4968 wrote to memory of 3852	4968	chrome.exe	111
PID 4968 wrote to memory of 1736	4968	chrome.exe	112
PID 4968 wrote to memory of 1736	4968	chrome.exe	112
PID 4968 wrote to memory of 1736	4968	chrome.exe	112
PID 4968 wrote to memory of 1736	4968	chrome.exe	112
PID 4968 wrote to memory of 1736	4968	chrome.exe	112
PID 4968 wrote to memory of 1736	4968	chrome.exe	112
PID 4968 wrote to memory of 1736	4968	chrome.exe	112
PID 4968 wrote to memory of 1736	4968	chrome.exe	112
PID 4968 wrote to memory of 1736	4968	chrome.exe	112
PID 4968 wrote to memory of 1736	4968	chrome.exe	112
PID 4968 wrote to memory of 1736	4968	chrome.exe	112
PID 4968 wrote to memory of 1736	4968	chrome.exe	112
PID 4968 wrote to memory of 1736	4968	chrome.exe	112
PID 4968 wrote to memory of 1736	4968	chrome.exe	112
PID 4968 wrote to memory of 1736	4968	chrome.exe	112
PID 4968 wrote to memory of 1736	4968	chrome.exe	112
PID 4968 wrote to memory of 1736	4968	chrome.exe	112
PID 4968 wrote to memory of 1736	4968	chrome.exe	112
PID 4968 wrote to memory of 1736	4968	chrome.exe	112
PID 4968 wrote to memory of 1736	4968	chrome.exe	112
PID 4968 wrote to memory of 1736	4968	chrome.exe	112
PID 4968 wrote to memory of 1736	4968	chrome.exe	112
PID 4968 wrote to memory of 1736	4968	chrome.exe	112
PID 4968 wrote to memory of 1736	4968	chrome.exe	112
PID 4968 wrote to memory of 1736	4968	chrome.exe	112

C:\Users\Admin\AppData\Local\Temp\Cold_Turkey_Micromanager.exe
"C:\Users\Admin\AppData\Local\Temp\Cold_Turkey_Micromanager.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4384
- C:\Users\Admin\AppData\Local\Temp\is-DNBKF.tmp\Cold_Turkey_Micromanager.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-DNBKF.tmp\Cold_Turkey_Micromanager.tmp" /SL5="$A0066,5563790,1362944,C:\Users\Admin\AppData\Local\Temp\Cold_Turkey_Micromanager.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:4452
- - C:\Program Files\Cold Turkey Micromanager\Cold Turkey Micromanager.exe
    "C:\Program Files\Cold Turkey Micromanager\Cold Turkey Micromanager.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3352

C:\Program Files\Cold Turkey Micromanager\Cold Turkey Micromanager.exe
"C:\Program Files\Cold Turkey Micromanager\Cold Turkey Micromanager.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3740

C:\Program Files\Cold Turkey Micromanager\Cold Turkey Micromanager.exe
"C:\Program Files\Cold Turkey Micromanager\Cold Turkey Micromanager.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3676

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2076

C:\Program Files\Cold Turkey Micromanager\Cold Turkey Micromanager.exe
"C:\Program Files\Cold Turkey Micromanager\Cold Turkey Micromanager.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3572

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffc9f0ecc40,0x7ffc9f0ecc4c,0x7ffc9f0ecc58
  2⤵
  PID:1808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1936,i,15589878963885468345,11413982811695847724,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:4560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1960,i,15589878963885468345,11413982811695847724,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2008 /prefetch:3
  2⤵
  PID:3852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2292,i,15589878963885468345,11413982811695847724,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2252 /prefetch:8
  2⤵
  PID:1736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,15589878963885468345,11413982811695847724,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3260,i,15589878963885468345,11413982811695847724,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:1288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3712,i,15589878963885468345,11413982811695847724,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3672 /prefetch:1
  2⤵
  PID:2684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4888,i,15589878963885468345,11413982811695847724,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4824 /prefetch:8
  2⤵
  PID:3876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5028,i,15589878963885468345,11413982811695847724,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5036 /prefetch:8
  2⤵
  PID:1792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4924,i,15589878963885468345,11413982811695847724,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4560 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4472,i,15589878963885468345,11413982811695847724,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4884 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3168,i,15589878963885468345,11413982811695847724,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4632 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3476,i,15589878963885468345,11413982811695847724,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5508,i,15589878963885468345,11413982811695847724,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5536 /prefetch:8
  2⤵
  PID:2864

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:876

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:764

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap32237:152:7zEvent1237
1⤵
- Suspicious use of FindShellTrayWindow
PID:3276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Cold Turkey Micromanager\Cold Turkey Micromanager.exe

Filesize
219KB

MD5
792dcd919781c9664288c0ad6fa91cdd

SHA1
4e17980e21ccf4f8fbe8f6f378e6d06929afe723

SHA256
d282a463edf5561db934713b78743f8be7a9ba2a860c300d0f96dee7af69783d

SHA512
015f98ecdb6bc0f8115e878c32d5d75592744512311e299d12e091ad909d129a5a9a9b6c99e8f56c705752ae351cd6ceb5ec071a20eb6be57079d807d2558332

Download Submit
C:\Program Files\Cold Turkey Micromanager\web\css\bootstrap.css

Filesize
144KB

MD5
aaaa85c69e41c62628005055958348f2

SHA1
60e7fe3ad66f7f7c9bcecbe5b3f1ffbc3ae5a5cc

SHA256
30bd8d7d8b0467086f23104814a89f69fb1bd5c5f779ca2bb978806772c58cea

SHA512
96ee6e4488d10bf551d946e99fcda10607209e76a376b6268ba970f1cc321cd158c1a39c75753d06b79abb1f2baf94fa94a57fd40531f436df3a3950be686529

Download Submit
C:\Program Files\Cold Turkey Micromanager\web\css\components.css

Filesize
7KB

MD5
75bf10a1cbd3dbfb278fb3e519e9a025

SHA1
ba83d2bb589df919b6b216261d75b361ab640dd6

SHA256
4670229615be54d15100d5cc3abf180546e4f184c66ddc16afeeea041e680e62

SHA512
0efd150b55b59f000b961b37509e8ade9ec662c3f8089e9e48811dc87dbf0b4880203671c0f4452a907c64bf18bf953df2e30d23b311d590aa06c5982d9c4168

Download Submit
C:\Program Files\Cold Turkey Micromanager\web\css\custom.css

Filesize
19KB

MD5
bbab76d8e6a724b911bcbc3055ed775e

SHA1
ebc7865bff5988edde75081276645fb36230000e

SHA256
9b6b94d4ad1bbfa94c8d6641d49bae4dc26a3ea310f518242ad46a27781d33c2

SHA512
6a7982143a48ee2e21aad5194d7564defc3127690a956cc6cf6cac2d68526fa54ab52f59b88de9f0af941f40da42261ba634ad49d5c1584dfc77171574f2c81a

Download Submit
C:\Program Files\Cold Turkey Micromanager\web\css\font-awesome\css\font-awesome.min.css

Filesize
30KB

MD5
269550530cc127b6aa5a35925a7de6ce

SHA1
512c7d79033e3028a9be61b540cf1a6870c896f8

SHA256
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

SHA512
49f4e24e55fa924faa8ad7debe5ffb2e26d439e25696df6b6f20e7f766b50ea58ec3dbd61b6305a1acacd2c80e6e659accee4140f885b9c9e71008e9001fbf4b

Download Submit
C:\Program Files\Cold Turkey Micromanager\web\css\font-awesome\fonts\fontawesome-webfont.eot

Filesize
161KB

MD5
674f50d287a8c48dc19ba404d20fe713

SHA1
d980c2ce873dc43af460d4d572d441304499f400

SHA256
7bfcab6db99d5cfbf1705ca0536ddc78585432cc5fa41bbd7ad0f009033b2979

SHA512
c160d3d77e67eff986043461693b2a831e1175f579490d7f0b411005ea81bd4f5850ff534f6721b727c002973f3f9027ea960fac4317d37db1d4cb53ec9d343a

Download Submit
C:\Program Files\Cold Turkey Micromanager\web\css\font-awesome\fonts\fontawesome-webfont.ttf

Filesize
161KB

MD5
b06871f281fee6b241d60582ae9369b9

SHA1
13b1eab65a983c7a73bc7997c479d66943f7c6cb

SHA256
aa58f33f239a0fb02f5c7a6c45c043d7a9ac9a093335806694ecd6d4edc0d6a8

SHA512
9ffb91e68c975172848b4bba25284678cc2c6eb4fb2d42000aa871c36656c4cebc28bf83c94df9afdfbf2407c01fe6b554c660b9b5c11af27c35acadfe6136ac

Download Submit
C:\Program Files\Cold Turkey Micromanager\web\css\font-awesome\fonts\fontawesome-webfont.woff

Filesize
95KB

MD5
fee66e712a8a08eef5805a46892932ad

SHA1
28b782240b3e76db824e12c02754a9731a167527

SHA256
ba0c59deb5450f5cb41b3f93609ee2d0d995415877ddfa223e8a8a7533474f07

SHA512
9c776dea55a01fd854ea23b3463d9ac716077d406ecbe8ed0c9b6120ff7e60357f0521ab3e3bf9d4e17ca2c44a5d63ee58a4e7a37a3d3f26415a98d11c99e04f

Download Submit
C:\Program Files\Cold Turkey Micromanager\web\css\plugins.css

Filesize
49KB

MD5
7ab35af9e3bc5a23653d2bf19f24dfa2

SHA1
4556fe3e33c1efe41755e41ec22d589978e774fc

SHA256
c5cb038df15325b498fbfadb48585d6b971c403b632204c2e9abe4274411347f

SHA512
ffde06980cc9b5240aae7fc596256e0ad55d4aca2c653d3da43fece2e01030c128ae449bc3a57ab74c90e2279fc9a4901c3dba5205ab294cec0c23f18f2eb015

Download Submit
C:\Program Files\Cold Turkey Micromanager\web\fonts\OpenSans-Bold.eot

Filesize
19KB

MD5
1d9c7945c7bc7dd0909105119bfbc191

SHA1
88e07164acfdb480c1cf6be262cd5b6937b9ca14

SHA256
5753780fe4ed044cfb98144f0bd6f8da560e00e485573ee038acf26b26a849b2

SHA512
97cd1d0aafc749b255d34b16cd0c23315e2097a62f8e1f53455704f026c3224fa1e1ecf65791a08c59d593f23ca4fd99f15b20addb563365265f3af6d9d12e44

Download Submit
C:\Program Files\Cold Turkey Micromanager\web\fonts\OpenSans-Bold.ttf

Filesize
219KB

MD5
50145685042b4df07a1fd19957275b81

SHA1
c1691e8168b2596af8a00162bac60dbe605e9e36

SHA256
5894a3649b213cf5b2d673b6e7a871815fd1d120fa68a463592f27db14eae323

SHA512
9c995725aade5f126c727faf1c4453344e37b590a14152d31d44dca3c9328a54207bbc7c840695cb55bc1b559097b457888655e11199192cd5197c85aab8b1b6

Download Submit
C:\Program Files\Cold Turkey Micromanager\web\fonts\OpenSans-Bold.woff

Filesize
21KB

MD5
2e90d5152ce92858b62ba053c7b9d2cb

SHA1
8cf65f42a2a8c349ccd6ab63b6cbd17c96fd665c

SHA256
a0357cb694b5284870c77c0dbcaf33f238004800419288afde313317b0dbd0b7

SHA512
5f452b4ab3e3ff3a8225d092fbf7e147595b398742dec5abce787e54cef471c0bc29044e0e00142cc09af7ea1e2f6fbf6da5d5a8b476c86b71594ad68d30858a

Download Submit
C:\Program Files\Cold Turkey Micromanager\web\fonts\OpenSans-Light.eot

Filesize
19KB

MD5
09e00aa7622ece30a0f1e06b55f66c2a

SHA1
3b118f81ac22a995f7ce5faf2216012b5d217adb

SHA256
83a5c3512b7e56bef9b0d5451adf664b070eb3cf6278e69e2cf4fa0b2d2ef379

SHA512
b8d560e6750bfd7308648d160df695de5fe63cfe67a472e885462d357aff6feb9fdc53fcd3ecd2f5845eac3a00b8d4c6b1aa922c01e9009d3dd878d53e6b9174

Download Submit
C:\Program Files\Cold Turkey Micromanager\web\fonts\OpenSans-Light.ttf

Filesize
217KB

MD5
1bf71be111189e76987a4bb9b3115cb7

SHA1
40442c189568184b6e6c27a25d69f14d91b65039

SHA256
cf5f5184c1441a1660aa52526328e9d5c2793e77b6d8d3a3ad654bdb07ab8424

SHA512
cb18b69e98a194af5e3e3d982a75254f3a20bd94c68816a15f38870b9be616cef0c32033f253219cca9146b2b419dd6df28cc4ceeff80d01f400aa0ed101e061

Download Submit
C:\Program Files\Cold Turkey Micromanager\web\fonts\OpenSans-Light.woff

Filesize
21KB

MD5
45b47f3e9c7d74b80f5c6e0a3c513b23

SHA1
523f9403d934ba017bfe924cdc40f1bb0e5d97e2

SHA256
a1cb81c9f07f1f399db66ec188c02a1c74bc382df9a8550ab8091aac93dff8a2

SHA512
ff5e16bb510106306fa98474149227685f502d730f95541c257f72eb33195cf3f45a91bdd5a599fb6720f434ce88b01f598ae1b73e025c6c33f49832268f1ed6

Download Submit
C:\Program Files\Cold Turkey Micromanager\web\fonts\OpenSans-Semibold.eot

Filesize
19KB

MD5
f28eb362fb6afe946d822ee5451c2146

SHA1
1b6dfbcd3d634e2ef7ee7d0ee2abb8b940d7c32d

SHA256
efe97650f3270aca9ba594789ca75ba7b1fc1a22d8189b3439e6dfb57a16e853

SHA512
84da9eb2403acac85f1c39f56fe9aa28844a393c668f41a7339556e2ad402263b20b0633222f9ba9dda1c82e9371a94a9fd7e6dae4d1a32937b15f7213858953

Download Submit
C:\Program Files\Cold Turkey Micromanager\web\fonts\OpenSans-Semibold.ttf

Filesize
216KB

MD5
33f225b8f5f7d6b34a0926f58f96c1e9

SHA1
f1ee7a9c6d13ee2d642a806c09e737275e613792

SHA256
aa3b0ef53db12e3d45094030cac0e69d384e44cc5978643dd4390041cad546e2

SHA512
4169d72f086e732a30fe1b0e977b32c9ef0d2913b8608a4d2409c4876e204bfa48548188b0c2a7437dbb79a1fc632916f966b25453feb5e40f2f79d75aa3299d

Download Submit
C:\Program Files\Cold Turkey Micromanager\web\fonts\OpenSans-Semibold.woff

Filesize
22KB

MD5
697574b47bcfdd2c45e3e63c7380dd67

SHA1
4590722b795938e0b6ff1b99701d1abe37aeabef

SHA256
26b216fadb2ffcd542ca56c2d84f9918f62e40de89bf88b4211fffacd2a4ad83

SHA512
35badb8706e160840f38e8a0ed151f92f84d0e966f5f5dad5f42036b3c52b0f93c3fbdd4d3416bdec39a73bb27ce6f21e19700e4337ca37a18aadd771fd905cb

Download Submit
C:\Program Files\Cold Turkey Micromanager\web\fonts\OpenSans.eot

Filesize
19KB

MD5
c4d82460ef260eb1589e73528cbfb257

SHA1
a64c0e7003dd8ec5e9d265956dbadd6e8b12c155

SHA256
25f7c6430e4b537dfa6bbe5554d4641c0fbdbf3f9351aab6cd91d43d11738528

SHA512
2a717d36d80183ddc1a8b2de80e1c9370dc5fe751304507f5eb9c43a3bef7e8764914af06fb70328123404526f707a5aa55d97fef9fcf56d998eb7305b837461

Download Submit
C:\Program Files\Cold Turkey Micromanager\web\fonts\OpenSans.ttf

Filesize
212KB

MD5
629a55a7e793da068dc580d184cc0e31

SHA1
3564ed0b5363df5cf277c16e0c6bedc5a682217f

SHA256
e64e508b2aa2880f907e470c4550980ec4c0694d103a43f36150ac3f93189bee

SHA512
6c24c71bee7370939df8085fa70f1298cfa9be6d1b9567e2a12b9bb92872a45547cbabcf14a5d93a6d86cd77165eb262ba8530b988bf2c989fadb255c943df9b

Download Submit
C:\Program Files\Cold Turkey Micromanager\web\fonts\OpenSans.woff

Filesize
22KB

MD5
79515ad0788973c533405f7012dfeccd

SHA1
5092881fad2caffdc6bf71bdab1ea547b73d3564

SHA256
22e7a1b10c110072f5a0bfd16e2197a76b279ec879bcce8978fada1dc9ee5d40

SHA512
a0f8bc1917ff69550fb6e27671345acbbfdefb22423274c8876e0ba291feaca65240260e64b236ca76f10448b7a938fe27aeb388eba3a8462acd43d54b352346

Download Submit
C:\Program Files\Cold Turkey Micromanager\web\fonts\fonts.css

Filesize
1KB

MD5
32d4e61d0951d9189574814e94bbadde

SHA1
1a4af428ef571368cef7eb548aeeed65a9c66151

SHA256
c4f2eb99e50c137e8a15ff0c5aa7e254b8aa44fe41fa9d2b0b27b81f3ead5ac3

SHA512
d7798c9559be227707703d0b15dbb0866c3b728f1d771a8a997273fd541e5c05e9bd95af79ecc80b057644f54fb9507eb4e0f751f648b62e0161b1ce11fa46f9

Download Submit
C:\Program Files\Cold Turkey Micromanager\web\images\logo.png

Filesize
11KB

MD5
dea360fc914c5d0bc509979fa2d7aa84

SHA1
c5c0e6a599f4acb3ac1b2ffd9d20775f6e800774

SHA256
843e6c70286bb176f51b5b0751035b5cd0a4e9e7734c0241ac4d41e615d43184

SHA512
ccbd385935e53933697b65b56ea81c0e206d0f0b9491a5f53baf480bedcefb9736d08afd6a92e39147f1c01a163c24f568ac2047aeb3ed432a64a1503dadb967

Download Submit
C:\Program Files\Cold Turkey Micromanager\web\images\lumberg.jpg

Filesize
176KB

MD5
c441b2c44453a5897a85b756888eecc8

SHA1
81ce10aa2d500e10fedaca3fa098c6c898cee63e

SHA256
0ce73d1116ce5de41c3d880c4d4d67df91b98ad384017f5813e4312d44bb6897

SHA512
64cd7b1f0b215971014aaf62ac3b4c3745f0d9e05174830c790a077db7fc46c0c8dac33dbc98e8e799f2ffb947ca111fa2d3ddefdbb18f82c5e4c5eb70690a94

Download Submit
C:\Program Files\Cold Turkey Micromanager\web\images\mario.gif

Filesize
994KB

MD5
f1ff1359097667efb5cc15549ae8f35a

SHA1
5b94d707b1a2cdafd600bcaf5d53b840331d8f3b

SHA256
45a91287ec74e1559b4aef0c169a1600243c5b848aed0234145f94951bc20ec5

SHA512
5ab71d685c6029e68312656902ef93639f7878f64d3e34d6d923f9843a1ec16d3747baf42e65e59b49b13c931869f50426de04aa3d021bdac1bb19c9738fc576

Download Submit
C:\Program Files\Cold Turkey Micromanager\web\index.html

Filesize
15KB

MD5
996dadd4119a846dd4732b1991b3dd26

SHA1
4f75c38ebbfdb1ff55fe8605b82d61d55ec0da46

SHA256
75fed2ef5080f920bbdb6ab8c92799ec04a43a7c68aa44eaa770f3c6a27990ad

SHA512
51305574bd089c2e8c5615dfec17b0f2b79d8a92592f10e15fc529b77df199572ab765fa6b9a626495920a0f283efac54132e37302553c60be13472dac1d6f59

Download Submit
C:\Program Files\Cold Turkey Micromanager\web\js\bootstrap-datetimepicker\css\bootstrap-datetimepicker.css

Filesize
8KB

MD5
1376617545121da9a4634704da9d8d72

SHA1
1c55e3c8ad8172aa1aedef7e9ce550bec737d3bf

SHA256
ca124a8446a32ee80ea54dd30cff6bcc2e192537d77124554ffe5d8794682153

SHA512
62fa41427d10c9eb0323c9d184cf924e9fef1a8891c57f5ca2f2d02978d5c4a59dcaf7305398f23f9a549782af363befddca59b5ded9164d2628afed0488f326

Download Submit
C:\Program Files\Cold Turkey Micromanager\web\js\bootstrap-datetimepicker\js\bootstrap-datetimepicker.js

Filesize
100KB

MD5
c6569a9985acf5c2b6153a84da2f4ef6

SHA1
6b1c56b1311d26352b4a1dd6c9d248e3e172ea03

SHA256
ababe3ed7907ad745566d48abd6664c9cd0ae678a88b4c76bb47544d874b54e7

SHA512
66504d52cfe737d13956244d1730208598169f4e47fbcf3a09da0db44624482de1d386936225a2719619877803d51ef2b0fb4f1c14927383048c83226e6817e8

Download Submit
C:\Program Files\Cold Turkey Micromanager\web\js\bootstrap.min.js

Filesize
35KB

MD5
4becdc9104623e891fbb9d38bba01be4

SHA1
6c264e0e0026ab5ece49350c6a8812398e696cbb

SHA256
4a4de7903ea62d330e17410ea4db6c22bcbeb350ac6aa402d6b54b4c0cbed327

SHA512
2b5aa343e35c1764d83bf788dcceaff0488d6197c0f79a50ba67ef715ad31edc105431be68746a2e2fc44e7dae07ed49ab062a546dcb22f766f658fa8a64bfa5

Download Submit
C:\Program Files\Cold Turkey Micromanager\web\js\index.js

Filesize
35KB

MD5
7b5edd943e79379015b11c87f0632d77

SHA1
ffe23f6e1294742b51a5716f9845ea71f020e258

SHA256
84b3b2f800dfd58285d6ec1df281a1d5433264e6abe9b8dbec9ba9464bf0a7b7

SHA512
7c7692e0a806e7e5e444e7ac68ff6ea0fcbc3ee9691af4850c58c8ba76134647b8db55d1babef88dda4764b5c42b26a7d1d5bbb59d0c5808dcc2de5ffac67914

Download Submit
C:\Program Files\Cold Turkey Micromanager\web\js\is-PDE2D.tmp

Filesize
1KB

MD5
a9e27818578312061f51349bbe7076a9

SHA1
13d98576633b48275930da54cc7fdd162640322b

SHA256
773cc6d8ca7044c070b65ccb42ecd0f48f8175ee04c2439fd16be9dcb7a3be10

SHA512
4f169da6e78a8ecededee91d83fabea1eaab07c84a35e21dac6034264c08facecf5d922918ae298a963fe9437166f3ef2528492c54e6eb61441425f32ff0100f

Download Submit
C:\Program Files\Cold Turkey Micromanager\web\js\jquery-ui.min.js

Filesize
234KB

MD5
d935d506ae9c8dd9e0f96706fbb91f65

SHA1
7f650ee30c6a4d3eea04032039b20ff72997559b

SHA256
c4d8dbe77feb63e5a61bee0bead4e5f66e8fa6a927599bd1b74aced52467273c

SHA512
0470c258bb5da745e900571c3f63627c26c97d8a1886c45264e50cdca9c0c72d9bfc0cb7067f757ebb9dfb703de5bac0e300d6577c84399ac9aa057c69945751

Download Submit
C:\Program Files\Cold Turkey Micromanager\web\js\jquery.easing.pack.js

Filesize
6KB

MD5
def257dbb0ab805c4996fd8abb1a6b49

SHA1
55d99c8d1e3e5867724a274df57ad05e3168a5cc

SHA256
9a7f76fdc1930049302dff8d3cb5e6e0cbfcf8feb6d1b1a06ef16a7445b05111

SHA512
839ff0c6768895a10707b89a361e83c7f992bd252fe86a6419a75e30696abc78b5f044baa3bdf56a4440d64bffd6325f384d98c27ac057c5543df9a51cfc127a

Download Submit
C:\Program Files\Cold Turkey Micromanager\web\js\jquery.min.js

Filesize
93KB

MD5
00f66eada2c54b64a3f632747ce1fe2d

SHA1
a4837154098ac13ccd72e08fd25d7bcf76826986

SHA256
100a135d8e7d5ebf1fe83b0b16da1d8d8b2321acdc4d5c24a1f9a7df53b23cf1

SHA512
11220e328a367f1086d0369686d09206badfd2cce18cdbc7420b4aca9785054ad7576f156b6039444f762f6a46a58ac7cefdc0f2bf031f215f59a8d6ae8e254d

Download Submit
C:\Program Files\Cold Turkey Micromanager\web\js\modernizr.js

Filesize
15KB

MD5
69fe00ee5b386e5a3d46a4339609d6e3

SHA1
de6aad13ff24fa87e86c828e55a46c47ee597fb3

SHA256
7a30a10a0ca8f89943cec8bc9a264b029cf87626757dd024e402a4656e814069

SHA512
55bdceffe442c84c9897c48c26661f52fe1a717f610100b90cb463c3edd070577de6f211b19e249b9809f0974be5dada43e62077110ecaeddab53f9b4c36932c

Download Submit
C:\Program Files\Cold Turkey Micromanager\web\js\moment-duration-format.js

Filesize
12KB

MD5
c7af43b1559f182990227fbe38bdfcf8

SHA1
47abef5ac3ed1a021593ca3180b004c0dd25f8c0

SHA256
493c18c7fe2b367e761404dbdf0825b1166b28e7f16437ecf8dbba88f9135b56

SHA512
d141f40289f1e0964b56af22dad4e961782e0e3000e0b1ff5198fa0adcbed3fcb363c255d2d7bf1b16914fff873ae0638fef2e8dbe3fafe2ea186df26e8e8da8

Download Submit
C:\Program Files\Cold Turkey Micromanager\web\js\moment-with-locales.min.js

Filesize
328KB

MD5
1b1c80b617bfcaf8c0766d41c4a3c680

SHA1
6319f4a7d5f345583a730ab527704ff2491a9043

SHA256
01d40df7c31566ce3812adb24f0b682ae7e19d4fae67bbf69179c3e6fab3655a

SHA512
8652e0221e279dc6f6c9ce183ed5a4e703b291c1711747c1779ac77c9eb1b002c8da4858dc7f0b6e2becc09139169cfb870b3b0890aa3b37728d61e2289625f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
210KB

MD5
48d2860dd3168b6f06a4f27c6791bcaa

SHA1
f5f803efed91cd45a36c3d6acdffaaf0e863bf8c

SHA256
04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77

SHA512
172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
960B

MD5
4f56ae3c7a05eef424fba8bfd45410c9

SHA1
6019ebe8405cd27c9fa1bf65cdb4c662284b0805

SHA256
d9532989013d6c88f7d416724f211e90e66155cda1d0b5caea8a50d34001803a

SHA512
b0fa49f24a754f1bb25b4e5d53bed0be9b91592919a4ad1a6bb1a78e972afdd92b47d211a726418a75719692958f47b85ecc913fb3b755e1dbbaee52b95048cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
d3a04718a85a92b71c1291a9b74d71ce

SHA1
d74eac0ac007ee5645d488ea0041dba2f1813c23

SHA256
88402922bde86440ffc47fba2c13998a24451ef144077aacbcd3b40266873d4f

SHA512
9443369d0d055a8634f42b6f98e722eb080e47ccf553d9b8abbbb1301123fe199517d011f13ade3394844343a59afb7248e15f80726a9f141702673139722bc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
869bf18a281f196dd837dc6ba96a787e

SHA1
c61a31618dcede8753915f7101ddd786db159068

SHA256
574478e320d969193f6c2364691ab0ec9c1730fa14dd4d9fdcfe7331e4983416

SHA512
4cd0ccba849a0e4a0f32dc87152983a9feb69d9a3e725fc9da401e69758c7d0d428b3c252273e0e119f1f1ee2507eb59f1e3b77b4bda396a5f5c496e04a44541

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
c5ee81c03f36e22903ae4a4f38c866cc

SHA1
46440c6b3685489555d9560e252af101f35ac635

SHA256
ba5fe81c4bddafa7b0fd5af724e242e7e9d135ae99f81124c9700118e304333f

SHA512
070b42edf47f0cbd32da8f5fdd0511a4ac1b300309de623d285c88358582e9300d88a06aa113878f74675ae04f2e930dd7280b794c2ac54b8880b9e42b343e1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
8ce90074e087db2db16af91aeda2df7e

SHA1
4426b9796efae4b22952c644a0a839129f5f50fc

SHA256
0577856bc5fc7d515b3b6cb4d32d60d397a39b06f5bcafdd1540382361638752

SHA512
33e9efb627b0a2fe23a6000e56dbdb969b131c21e204a4119c9f595bd08846570cfcde693aa561cbdf24a7d4702e662777725d04732ae960be2d11adb6bace49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ce595bb51934e553e5693400185d16b3

SHA1
e9e300184f9628fc0787164b11afac5102100b41

SHA256
c5057d16625316150835a226a12dcf8943cb1a28d25ffa85273fff1e5744c9fa

SHA512
8328a93236e738b7c6833c445956344b667e9de5be43a0a82dcd2ac8a4dcdf33d6b7bc43da331ab7b52db9697f020813a867c030999f8ba6be8899c85b3431ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b323d323c8298f5accbc321c93641acf

SHA1
df6521b9ba3a86c671b0e3c3b0c8a43f8e43451d

SHA256
8fb3675624ce1f8cc20fcff0250c29b858cffbc2d4ad3570b98e7b6b5c91dd1b

SHA512
37dbf89023b458d968523c87e5e4d2e167f1c4e83b1d47ab86b7fba9e03352afa5553569348d54228c93f16d4d128bc4cd5dc32e2074c7eef2fa1bb4a3a02db1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
93dc571e8c54241e05db94a07bc92a50

SHA1
35bd65aeb5ed591fc9e97b745626ce7428a0fe73

SHA256
ef9fc5d6c2a5018da20893356cdd42e890bf03d1ba727398cac686c616036fb8

SHA512
4565ee76a36ed0d7ecdd09663a4d1a231b8ee9f40463f2f750717500968c953b011fa308f068b99d5564b0967b8d337d9f52b15cedadadbf660220c466e3d663

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
467c94e300218cede306b8ed61d88769

SHA1
84168294ee31e6b5d752c0e630f92b997abbbc5c

SHA256
089f75425ce0e1e740e8e1ebf8029fba5fb939160558360142a01348c54d33ed

SHA512
6b363b7618fb566ddafdfbe1684a8902ed8941f9acc536944f5b32628be76ce5b95032f1d0fafee68af984dccd6709a086d51c38862506178cc30b742dc39dec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
10aeb8049303a61e5c426025b14e3761

SHA1
27c69c48816dcf64aed4e0ad8547f3ae3cfc3844

SHA256
3fce5c3476506bc963fab1f48be7b5d72a8e65fda82bea381781c2f89cf1767c

SHA512
cab54f1599af507ed8dcc08cc2501c5bc6383853e6b1986f1b6756219d6d5c384f9bdf569f26fd2c9c06779ecf171fb29d1781dc6fa94dfe7b91b45b9b7615be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
89ebee28457d564b99d8e5c595576724

SHA1
064c115a01aa2e4837138ff426c15b82a856731a

SHA256
16a0879576d66bdae8668096fa800a2cec23173021f3fa2a2925dd257d2e4749

SHA512
bf06503f457f875366bf770eb3a1331dfcd7e416797441f059965fa6eba6dedfe4a307f7243bd5d5392de584bebe37a687e8c1b59df4ff425e2224c5e4b98dec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
395eaefc2c20be24493d1f5a7fcb80a0

SHA1
8767045f1860328e1c3cd1c6c3f48bf3b8f3b8dc

SHA256
0056181c07872941226ea55fa4f9dfc4da9cc2c6014cb06849af8ad9e9134877

SHA512
1750696d35b167b51d9ec3d746b1b9a7dd4936d7955687d136d61de92e013260928d92e5500839068b083a22ad12a691d0fb9e80484b4ef21c41a1b87e48f6e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
193KB

MD5
d29fb6a700c64f92bb64a8ae371998cb

SHA1
bcd7fc50b30b1abb87490a80e5979fa932e450d4

SHA256
9ce9e1e9b0d22fab813ce0179d2d27b2924ea4814e33dc38ccd3d6fc0a723645

SHA512
429530f344dfda0da6df2198fa58c46e0d6fd017230fb8b513597ccdc9cc971fb722b8cbfc5d00a26407812d98055fc5c7561b8217e46c0499abfc23872d61a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
193KB

MD5
62b29cb1b6ce583d29d04d95dc9bc8b7

SHA1
d3655149dc3ba24c2a2c223c18240ba7a2c7f7fa

SHA256
b5aca91b895727775a43041ed7e0b21f535180361c91bd8cd30df85ecdfd8f02

SHA512
a3b3156033f54fbf3126876c92010db31c905642e0af80e567ce8c6b35b96560c17cc2e5435355b1858c8e2b9a504e4181606309c8ff6c81bc913a9f9a2eddb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DNBKF.tmp\Cold_Turkey_Micromanager.tmp

Filesize
3.4MB

MD5
d7afc237aaaf88d587f5bf71086171c1

SHA1
6aacf872cb63890ae3d4d8aafbec3b3f8a7a96ea

SHA256
431fe13352f26b23665c8dbc722ebe5e5fce55feb22d358fb5b7607e8f770bff

SHA512
1de42244ab842f9302c3d21f0c8dbb187b10fd8bc4f0fd5265f3830f67bbc3d44d1cf68d555a3c69fb6603a3c783117b4a41031dfffde92374ef941196d23827

Download Submit
C:\Users\Admin\Downloads\Cold_Turkey_Micromanager Cracked By Abo Jamal.rar.crdownload

Filesize
5.6MB

MD5
bba222fecbd5d7a8ad0fc7df3c534dab

SHA1
5314eda27d758b86219261a447abe69353c03b72

SHA256
33bf6d1ad3109235696c6e9c59e5400ee93283edfb81589352d082e594bccec0

SHA512
86a116b99238b5d2593d0b411943374285ab4d7ae771a054da2a267979f8fe63e95990699115ed2a19ebffede99952431875db190dfef020a79077545b23c97c

Download Submit
memory/3352-239-0x00007FFC8EC70000-0x00007FFC8F731000-memory.dmp

Filesize
10.8MB

Download
memory/3352-237-0x0000020699200000-0x000002069923A000-memory.dmp

Filesize
232KB

Download
memory/3352-238-0x00007FFC8EC73000-0x00007FFC8EC75000-memory.dmp

Filesize
8KB

Download
memory/3352-281-0x00007FFC8EC70000-0x00007FFC8F731000-memory.dmp

Filesize
10.8MB

Download
memory/3352-244-0x0000020EB6780000-0x0000020EB6F26000-memory.dmp

Filesize
7.6MB

Download
memory/3740-284-0x000002C27B2D0000-0x000002C27B3D0000-memory.dmp

Filesize
1024KB

Download
memory/4384-2-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/4384-232-0x0000000000400000-0x000000000055A000-memory.dmp

Filesize
1.4MB

Download
memory/4384-243-0x0000000000400000-0x000000000055A000-memory.dmp

Filesize
1.4MB

Download
memory/4384-0-0x0000000000400000-0x000000000055A000-memory.dmp

Filesize
1.4MB

Download
memory/4452-6-0x0000000000400000-0x000000000077C000-memory.dmp

Filesize
3.5MB

Download
memory/4452-236-0x0000000000400000-0x000000000077C000-memory.dmp

Filesize
3.5MB

Download
memory/4452-242-0x0000000000400000-0x000000000077C000-memory.dmp

Filesize
3.5MB

Download