hxxp://turbowarp[.]org

Analysis

max time kernel
85s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
09/08/2024, 16:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://turbowarp.org

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133676962833283142"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 19 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\kill.bat:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4824	chrome.exe
4824	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: 33	4156	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4156	AUDIODG.EXE
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3944	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4824 wrote to memory of 1372	4824	chrome.exe	78
PID 4824 wrote to memory of 1372	4824	chrome.exe	78
PID 4824 wrote to memory of 2080	4824	chrome.exe	79
PID 4824 wrote to memory of 2080	4824	chrome.exe	79
PID 4824 wrote to memory of 2080	4824	chrome.exe	79
PID 4824 wrote to memory of 2080	4824	chrome.exe	79
PID 4824 wrote to memory of 2080	4824	chrome.exe	79
PID 4824 wrote to memory of 2080	4824	chrome.exe	79
PID 4824 wrote to memory of 2080	4824	chrome.exe	79
PID 4824 wrote to memory of 2080	4824	chrome.exe	79
PID 4824 wrote to memory of 2080	4824	chrome.exe	79
PID 4824 wrote to memory of 2080	4824	chrome.exe	79
PID 4824 wrote to memory of 2080	4824	chrome.exe	79
PID 4824 wrote to memory of 2080	4824	chrome.exe	79
PID 4824 wrote to memory of 2080	4824	chrome.exe	79
PID 4824 wrote to memory of 2080	4824	chrome.exe	79
PID 4824 wrote to memory of 2080	4824	chrome.exe	79
PID 4824 wrote to memory of 2080	4824	chrome.exe	79
PID 4824 wrote to memory of 2080	4824	chrome.exe	79
PID 4824 wrote to memory of 2080	4824	chrome.exe	79
PID 4824 wrote to memory of 2080	4824	chrome.exe	79
PID 4824 wrote to memory of 2080	4824	chrome.exe	79
PID 4824 wrote to memory of 2080	4824	chrome.exe	79
PID 4824 wrote to memory of 2080	4824	chrome.exe	79
PID 4824 wrote to memory of 2080	4824	chrome.exe	79
PID 4824 wrote to memory of 2080	4824	chrome.exe	79
PID 4824 wrote to memory of 2080	4824	chrome.exe	79
PID 4824 wrote to memory of 2080	4824	chrome.exe	79
PID 4824 wrote to memory of 2080	4824	chrome.exe	79
PID 4824 wrote to memory of 2080	4824	chrome.exe	79
PID 4824 wrote to memory of 2080	4824	chrome.exe	79
PID 4824 wrote to memory of 2080	4824	chrome.exe	79
PID 4824 wrote to memory of 536	4824	chrome.exe	80
PID 4824 wrote to memory of 536	4824	chrome.exe	80
PID 4824 wrote to memory of 1448	4824	chrome.exe	81
PID 4824 wrote to memory of 1448	4824	chrome.exe	81
PID 4824 wrote to memory of 1448	4824	chrome.exe	81
PID 4824 wrote to memory of 1448	4824	chrome.exe	81
PID 4824 wrote to memory of 1448	4824	chrome.exe	81
PID 4824 wrote to memory of 1448	4824	chrome.exe	81
PID 4824 wrote to memory of 1448	4824	chrome.exe	81
PID 4824 wrote to memory of 1448	4824	chrome.exe	81
PID 4824 wrote to memory of 1448	4824	chrome.exe	81
PID 4824 wrote to memory of 1448	4824	chrome.exe	81
PID 4824 wrote to memory of 1448	4824	chrome.exe	81
PID 4824 wrote to memory of 1448	4824	chrome.exe	81
PID 4824 wrote to memory of 1448	4824	chrome.exe	81
PID 4824 wrote to memory of 1448	4824	chrome.exe	81
PID 4824 wrote to memory of 1448	4824	chrome.exe	81
PID 4824 wrote to memory of 1448	4824	chrome.exe	81
PID 4824 wrote to memory of 1448	4824	chrome.exe	81
PID 4824 wrote to memory of 1448	4824	chrome.exe	81
PID 4824 wrote to memory of 1448	4824	chrome.exe	81
PID 4824 wrote to memory of 1448	4824	chrome.exe	81
PID 4824 wrote to memory of 1448	4824	chrome.exe	81
PID 4824 wrote to memory of 1448	4824	chrome.exe	81
PID 4824 wrote to memory of 1448	4824	chrome.exe	81
PID 4824 wrote to memory of 1448	4824	chrome.exe	81
PID 4824 wrote to memory of 1448	4824	chrome.exe	81
PID 4824 wrote to memory of 1448	4824	chrome.exe	81
PID 4824 wrote to memory of 1448	4824	chrome.exe	81
PID 4824 wrote to memory of 1448	4824	chrome.exe	81
PID 4824 wrote to memory of 1448	4824	chrome.exe	81
PID 4824 wrote to memory of 1448	4824	chrome.exe	81

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://turbowarp.org
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe1fd1cc40,0x7ffe1fd1cc4c,0x7ffe1fd1cc58
  2⤵
  PID:1372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1892,i,3338712308607315184,6736915000486484529,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1888 /prefetch:2
  2⤵
  PID:2080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1688,i,3338712308607315184,6736915000486484529,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1936 /prefetch:3
  2⤵
  PID:536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2168,i,3338712308607315184,6736915000486484529,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2320 /prefetch:8
  2⤵
  PID:1448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2772,i,3338712308607315184,6736915000486484529,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3052 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3028,i,3338712308607315184,6736915000486484529,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:3016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4384,i,3338712308607315184,6736915000486484529,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4108 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3268,i,3338712308607315184,6736915000486484529,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3328 /prefetch:8
  2⤵
  PID:2608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4820,i,3338712308607315184,6736915000486484529,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4836 /prefetch:8
  2⤵
  PID:1172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4844,i,3338712308607315184,6736915000486484529,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4268 /prefetch:1
  2⤵
  PID:564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5116,i,3338712308607315184,6736915000486484529,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5288,i,3338712308607315184,6736915000486484529,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4876 /prefetch:1
  2⤵
  PID:3060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5500,i,3338712308607315184,6736915000486484529,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5008 /prefetch:8
  2⤵
  - NTFS ADS
  PID:3104
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\kill.bat" "
  2⤵
  PID:2884
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\kill.bat" "
  2⤵
  PID:1408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6068,i,3338712308607315184,6736915000486484529,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:3944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6688,i,3338712308607315184,6736915000486484529,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6700 /prefetch:8
  2⤵
  PID:4832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6608,i,3338712308607315184,6736915000486484529,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3680 /prefetch:8
  2⤵
  PID:4188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5432,i,3338712308607315184,6736915000486484529,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6156 /prefetch:8
  2⤵
  PID:1496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6896,i,3338712308607315184,6736915000486484529,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6380 /prefetch:8
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=7148,i,3338712308607315184,6736915000486484529,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7156 /prefetch:8
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=6888,i,3338712308607315184,6736915000486484529,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7132 /prefetch:8
  2⤵
  PID:232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=7008,i,3338712308607315184,6736915000486484529,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7076 /prefetch:8
  2⤵
  PID:4180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=7012,i,3338712308607315184,6736915000486484529,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6940 /prefetch:8
  2⤵
  PID:4388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6560,i,3338712308607315184,6736915000486484529,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6872 /prefetch:8
  2⤵
  PID:1604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6776,i,3338712308607315184,6736915000486484529,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7076 /prefetch:8
  2⤵
  PID:3832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6744,i,3338712308607315184,6736915000486484529,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6624 /prefetch:8
  2⤵
  PID:344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5472,i,3338712308607315184,6736915000486484529,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7084 /prefetch:8
  2⤵
  PID:1900

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3344

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E4 0x00000000000004D0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4156

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4660

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost
1⤵
PID:3044

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
331f63f89bb40e0e4604d2c2579cbc1f

SHA1
9206effb57c6c25e7f10a2e0a8a950a8ee79b7fb

SHA256
9edb640c2e72987fe3dfb1e6ae3b49ac04c7ad8ddc22e97e0d65b4031ea47d9f

SHA512
269c270096d1ff7f514d4dc43521e867a422770cc10775781f952cb1ad63030ffcb81ad8f3d31c142b9feed619ef0fb0e4ab3ff22a18ec7730630aa60e9613f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
210KB

MD5
48d2860dd3168b6f06a4f27c6791bcaa

SHA1
f5f803efed91cd45a36c3d6acdffaaf0e863bf8c

SHA256
04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77

SHA512
172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
9225c248ebbf7ca4c9e58ce1136c5546

SHA1
2614081a1799e831bd8f23c37c419b17e099a428

SHA256
c494ee5d22bb5f073ccd6ed3c1eee1a008645192e7212eaf3e6800cb472ffc73

SHA512
c526156790d8c55210c216416ae93bc551585331a22a75c8aef1445189e506f5b75996ec083c0054f5b03e70a157282412c4e523c3eb170c85241424e8dc314b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\38b50466-3c6c-4e8c-a5a2-019ca2d0b394.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
9e13529577f2c1650ef332f295c38eb6

SHA1
45ac07805a67b9bc98db983a585390a08082f8c8

SHA256
7035e85fef1cc25219cb6c42e1bd3d01737d2f3d6e8b763a2c05fb2982d5f7f4

SHA512
1a5094a994c198b9bf3bcb34a811445ce6e94e8efecfc992b64ddfb61a03292ff9ade91c6cf718aac81cbc4166f7148ce02aac7033e5d706fed2780818c49f82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
775de82b66164d01ce84ff05f6bae6fb

SHA1
35db87052a478160b292f19fc52d11461f20cacd

SHA256
bb09d6412a4e11602adb33f524c29d2621f2c0cb3175393e287b23007facd46d

SHA512
e66bd5385e8a99252913fba176b3bb377854fe9d822740e99919fdb2dc15f8bb482a82d99ff52bba55766b26ef06bcbc98326af591b6e78bb258f8ce42bffb83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
352B

MD5
941e7ecc29c9221bd40b570f7324f72a

SHA1
a1a3d7a9a30e3424c10299c89b42dc38d033135c

SHA256
646ca3876010fb8f9b7f6a70dc8d185785dda54964c956bd4aa1ee42d78bb765

SHA512
a9dd1325226960d13749df4b042f202940430976fb067a178735a8865881a4ace34a64856c18922ae52dd7743b58f30b67a14bc00286f9648de0dc7c8ad3426a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2cd4e2d79472f757d19439a7787e71f9

SHA1
29b94771cbc74205c767408f222e139ec12313a7

SHA256
df29846636ce7db50fd2eee9df7c4185ec64c0288943b7b1b348a083d997c303

SHA512
9aca410402ac3e062eea6e48334f572409e3c06c59bb213d9056db15514257a71df930e9f9344ff8551f17bdd882ada15ba6e945e955701378499d4a50795478

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c17121bb866b47f1969b029a667a7dfa

SHA1
d22560a10a927a5be0b1aa40013198701c1015b1

SHA256
cba3761603f99e667b2953576dd6e6e43c5595cfcfe03d7a2f36d55660876ed8

SHA512
9864fcbfef385b4372034594cada4815518ad22c53e02fd51bdfb73ae43ee1f7b1e4b6a1eb7dd5b43190d8633d7a56c1b9f6f876f8cac2f22fd212e2bd8c7fcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4a6d9bbd183e712fc10f8d6a3b9426bf

SHA1
604c5193a9d38b7d9185545758d2acb43bb63741

SHA256
687749c9f6cfd00888da339b9aa64c809b0bbfe477bd675f1645f0e8b0ce4ab7

SHA512
ac644e527c5e9a1c35e92fa9dede69c54d094e1d20a6072aa488f063d8f9ad899d64e2850064cd5955a5d941eaf406f63c1d0d54092a8ceca4c2f56e35875132

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3f04ae1a668acf747d462951807b61fd

SHA1
3d2c94ef5f2909351b0b76c8e395c84c15ddaf09

SHA256
bb4e3cb10879dcd2209e27c70806e849aebd35e2c916167d134feff0aa12b13c

SHA512
67781eac7ea9b42195db3cc334a1f2a76a6fe2c0c896af117ae0ca96a57b4ab113a950606cf8e8dc7a5bd0e7f2a420cad8155e8a6d432b94d74829bd9a017cd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
58756168d4a599c64843977190fc18f8

SHA1
c980ea9188f98229933e04f25d7ea80a13544afc

SHA256
d9d16b9dc5f92905fd7d990fd12107478774f85d5b3b241d22fba4962f0401c9

SHA512
b09949dcf60bf5a5ad016185fd7c904751e3957874d2847056bd481bcc6aa5ba6ce394b77aa9ca248589b5fa74450205954da5867de8cf0ef6a5d56ec66937c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2047d64e82118393eb841402b8b77042

SHA1
dfa42c02ff10a180b6460f1c4af492b8b24fc682

SHA256
dec256365220b6e8f09ec941e3b224da3d9b6d75e496de29a86806159817f704

SHA512
a56f3ede7abf9e7640b57a9b89a34c66af6c0e9da5e17e757bfd7fe945f2d5ed4426ac46adfd1132c6f6ce30efe0155e11367c374d640ac45f74893f1dcfba58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
28ef7d5becbe050f1d82da5f135ca576

SHA1
b75297089cd343fdb33d63de867b0b94245fab57

SHA256
b05fc98332e0662c3d98935eb2c5becc050ca621bf0b7eb9e10950fa864ccda7

SHA512
31be9fdc7c0b95984e3baa0d1365b5fd7b3481307ff2bfb23b06949b616ea48c3323d60c5ea77f6fe7559a895e035bb51b89afa20ba9d71da2432312d72975ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4cc7c7fb46a77428ef14582ccb8b2c23

SHA1
6149a98e1a8afc22f574029aa698e78437940a1e

SHA256
563f3f5040c4e6e0e1102e23ff06ff0925618732d1d91679c00dc34adc33d8a2

SHA512
68c21a190235e46189c8644d98d102b13261bebc2b1ad2803b714cc71f9f7cb63fd351655f5da0fc35a74314e9a9b4795c6b696c6af9f69818654991d11d3987

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6fe038afe5cd69cfebf460ecc26e32ad

SHA1
6df4c6fb87ed00077203794296fb15e7fa7b7be9

SHA256
8508c45f02215ed7a90d7d3b125374cd6722d411cfc73534d0adc198c2e92384

SHA512
7fd58aacc012c9423b33f15803eb68fa4540cf08b8288bac886b01ecae2f43bf797f569cbc0fb73e42b5e7911983bc8ef4a974200025a8c46ae3c75d41671512

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
635cd61dd49405d085e37646cbfe0e1f

SHA1
ea150d7661677b4a2dacfc0a3b060ebee39190d1

SHA256
b73ced531110827b09b413075cab48aaad2ceb037c61eecbf1446e4424f9f1c5

SHA512
3e16c321d115e18aa6a404ff3966535ccc979b258fa68d661f8ad0a154d66b8102178f2c8e1ac07782d19053d737766eebf1665a42cf4a6016472490398c0779

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b299ddc91f38fa9ed580b5c40d2c192f

SHA1
6c3353653c2e4c467618863ad12ad014f1cc0c3f

SHA256
6357efa6ea1fcd0f3f74f281ec6dbebeef4a7e374ae48b3e4e3a424a3e0ce4c0

SHA512
a7d42aa93f0dd7a155879bc6edcd22435e73fcb5800c019249962f4bf296545aeef0cdfee4d1634eff6d392a351670137e8c14c8d5ee6d0d472c8f058a69ed66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
6d31341e524463085759883d1170aab5

SHA1
4dae5a3fc5a4039aaee47493d3536cf30490549c

SHA256
4193643fb55f327c1a00148465dcf17ea090671eaf73f833028be7ee9ff31c5c

SHA512
c8a579d37f34df444caaa18a0cd9b8c1aa9f277106a7dd152047ecbf5f610b9c8c3a9a03cab4edf90735a65661a5745c2c53d2211174d7d213d19ae6896bfc35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
4103bb0b40ac28c80a0e5639d60373ee

SHA1
9279945cd05000c627f6e1bdcca34f75c2940a93

SHA256
163941f259031c2a105e8580d27b56edfc6f827f722c9969497df477b4f7b701

SHA512
5092f0d43fbd070aeea7fa380eed5b0b5104b3e0bcbde2825de595497ce5e67fbcae3a590d88c2e70c8672590f7bd493f0ac7394c763d29afbd9400aa822b2af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
4f1666919085b6e03e9a1c0351cd4e88

SHA1
8c0aae199ea6d8b9cec45eb3c7c5e681b952178c

SHA256
df2b3e819d43f3981f3894428dda146fd729e2d7da71fd7a1f051670dc3cd7ed

SHA512
9b41d0f04c7d4f5a26981b3ac20cc179ae2e456a364c7fa40c40acd84273dc02ede405d28a764b967e377d22d15ecdab902f38c632f793e97f6e4c2b07538e17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
14KB

MD5
347a9455e0d3fda0527a9780c03300a6

SHA1
71d1ece9d218ebbc5e51214f946faabc5c8b200f

SHA256
c1576774fde16b3981960699c8baed5cd1ea9820a6bf8b0b845b96bd657a492f

SHA512
55cae827fa5bb1cca7e8b5fbfca874891bc302bce2a3475a29078370de637ab5f91500fde148f31a5859adaf8ae82adc543a23146b012e3f5a3b87aa807243a0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\kill.bat

Filesize
13B

MD5
6cd3556deb0da54bca060b4c39479839

SHA1
943a702d06f34599aee1f8da8ef9f7296031d699

SHA256
315f5bdb76d078c43b8ac0064e4a0164612b1fce77c869345bfc94c75894edd3

SHA512
c1527cd893c124773d811911970c8fe6e857d6df5dc9226bd8a160614c0cd963a4ddea2b94bb7d36021ef9d865d5cea294a82dd49a0bb269f51f6e7a57f79421

Download Submit
C:\Users\Admin\Downloads\kill.bat:Zone.Identifier

Filesize
58B

MD5
d31f82947ac00aa34e8b0371827dfeb4

SHA1
83321eb758d980cfb76b545ceadb893c544df15d

SHA256
e68b253b7fec7f6b6050e7b5143bde49985fbb2c16733419536f904df96e8c2b

SHA512
39512de03222ee1e5832fb5e2a2e427aad75b854867621149feaa371b88da40a9337f1a778ce27b902411f969512b2506128b811ffb1d3f64461616ec5af2c3f

Download Submit