Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

free_rbx.bat

windows11-21h2-x64

8

Analysis

  • max time kernel
    599s
  • max time network
    519s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    09/08/2024, 19:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    free_rbx.bat

  • Size

    668B

  • MD5

    c19cbfd860f2c06e984b9f4e9642876d

  • SHA1

    77bbd3c0d8555ef59db1b4905a234e3a67c68b22

  • SHA256

    d604573afb96b556da9f2588c3b13e80a85eb9d5f52cc27d5e4572e612808081

  • SHA512

    fad69d32715ddd8ae705ba006534c5466ba8323234ce752a118f17ddf65843c0090491653059d0000646720a9265ed207c3741ae4ff894f33c0c1e5e3e4e5434

Score
8/10
discoverypersistence

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 1 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Drops startup file 2 IoCs
  • Enumerates connected drives 3 TTPs 2 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 2 IoCs
  • Drops file in Windows directory 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 58 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 5 IoCs
  • Modifies Internet Explorer settings 1 TTPs 5 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 50 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\free_rbx.bat"
    1⤵
    • Drops startup file
    • Suspicious use of WriteProcessMemory
    PID:1600
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\script.bat"
      2⤵
        PID:4704
    • C:\Windows\system32\werfault.exe
      werfault.exe /h /shared Global\805480f936d342529966d4d97cce9470 /t 3412 /p 3408
      1⤵
        PID:1828
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:4980
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe"
          2⤵
          • Drops file in Windows directory
          • Enumerates system info in registry
          • Modifies data under HKEY_USERS
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of WriteProcessMemory
          PID:2680
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd5105cc40,0x7ffd5105cc4c,0x7ffd5105cc58
            3⤵
              PID:1980
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2316,i,6093201437380880098,11543889844632537251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2312 /prefetch:2
              3⤵
                PID:1076
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1620,i,6093201437380880098,11543889844632537251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2348 /prefetch:3
                3⤵
                  PID:4436
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1712,i,6093201437380880098,11543889844632537251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2452 /prefetch:8
                  3⤵
                    PID:3048
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,6093201437380880098,11543889844632537251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3124 /prefetch:1
                    3⤵
                      PID:4816
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3088,i,6093201437380880098,11543889844632537251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3300 /prefetch:1
                      3⤵
                        PID:1232
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4444,i,6093201437380880098,11543889844632537251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4468 /prefetch:1
                        3⤵
                          PID:1428
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4748,i,6093201437380880098,11543889844632537251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4660 /prefetch:8
                          3⤵
                            PID:4324
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5108,i,6093201437380880098,11543889844632537251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5124 /prefetch:8
                            3⤵
                              PID:4148
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4260,i,6093201437380880098,11543889844632537251,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=212 /prefetch:8
                              3⤵
                              • Drops file in System32 directory
                              • Suspicious behavior: EnumeratesProcesses
                              PID:5956
                        • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
                          "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
                          1⤵
                          • Enumerates system info in registry
                          • Modifies Internet Explorer settings
                          • Modifies registry class
                          • Suspicious use of SetWindowsHookEx
                          PID:3720
                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                          1⤵
                          • Modifies registry class
                          • Suspicious use of SetWindowsHookEx
                          PID:2996
                        • C:\Windows\System32\rundll32.exe
                          C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding
                          1⤵
                            PID:4260
                          • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                            "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                            1⤵
                              PID:3020
                            • C:\Windows\system32\svchost.exe
                              C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                              1⤵
                                PID:5216

                              Network

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
                                Filesize

                                64KB

                                MD5

                                b5ad5caaaee00cb8cf445427975ae66c

                                SHA1

                                dcde6527290a326e048f9c3a85280d3fa71e1e22

                                SHA256

                                b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

                                SHA512

                                92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

                                Download Submit

                              • C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
                                Filesize

                                4B

                                MD5

                                f49655f856acb8884cc0ace29216f511

                                SHA1

                                cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

                                SHA256

                                7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

                                SHA512

                                599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

                                Download Submit

                              • C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
                                Filesize

                                1008B

                                MD5

                                d222b77a61527f2c177b0869e7babc24

                                SHA1

                                3f23acb984307a4aeba41ebbb70439c97ad1f268

                                SHA256

                                80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

                                SHA512

                                d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
                                Filesize

                                649B

                                MD5

                                32617e53302eb2d94071d9e1837155e5

                                SHA1

                                d3cdca2847485a514d673618d6d82a6a698039a0

                                SHA256

                                9161b4f0fa37e82199f68c5d2f7f361b998259654541e6562ec012984449592b

                                SHA512

                                17bcd097743ac65048e3e0b2142c5de967e0049c8642c3b781980c12631076aefbcbb30a0b38a2e689af36ec98e8315a079cf878ec5cda3437d7338f1b0fddc9

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                Filesize

                                1KB

                                MD5

                                829a9a988f8c482d8df57e7e3c182bd0

                                SHA1

                                72b88eb0b9487233e41231a4234abb900db5852c

                                SHA256

                                2e26dc76af79c3e84d96cea16ee450244998fb28a48a5be865f86c30ae3762a5

                                SHA512

                                b08da2b769d6873378e884970c7109492edabdd3ba672ec5835e5367eda940a54efc36ef45925071be45c975b714556728ee1eb1f613b9b4f0c99d5c500e782f

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                Filesize

                                1KB

                                MD5

                                0a6f31304aa70c5bc74c663af13bb5ba

                                SHA1

                                0ec544e4366dbf1dc677fa575ab5633a78698262

                                SHA256

                                64ca5ec79977d92ca7995ef44e8759743589bb77fc5509348493d09a5ed582b7

                                SHA512

                                ef13fbb571de7f867b60a8a0a1a02daa9d65884845d1fb018b06ae5585cd3f48ed8369481134a15d4ad4e0197b29e0a43f87bf1f4297e4495c07c77adcbc7354

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                Filesize

                                1KB

                                MD5

                                067e322c89830daf11bdf956e398bb58

                                SHA1

                                fca78dd2689e87d734fc5e76a6d867b70267aff8

                                SHA256

                                b32af65006ce1b5595e458761cdb161a35ec08f9f6298be841c2a784f0288755

                                SHA512

                                9234ff20434142bb7ab04c48f8b82dcb8504937452b5cef2b1a5cc7ce8ad2bdc9f462d7f839aedfec2f082c8742af1a9c8579b20d95d1c92043e825923958110

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                Filesize

                                1KB

                                MD5

                                5c4157ab6f12da8c4aca3a09ac8f9c32

                                SHA1

                                6f35acfd08a934b289d09d4bfb6ff26235e5fdcd

                                SHA256

                                82cad3f9b8d97d6cff944026c40f67791fb7631453594feabb619d586e94a517

                                SHA512

                                537d6358490c7166aa16b7871c93769ab21f718ca48872eadfd9f72c815eaaf2f333f260e18f2f4db9d0aa7b0056b6a390d6a9c4b8b538f233979ba40f8c9d81

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
                                Filesize

                                2B

                                MD5

                                d751713988987e9331980363e24189ce

                                SHA1

                                97d170e1550eee4afc0af065b78cda302a97674c

                                SHA256

                                4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                SHA512

                                b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                Filesize

                                356B

                                MD5

                                71d94c23455b8efe6bf19a1d090b6c29

                                SHA1

                                21f69862ea6a6b2fd378eefbc0eb21f4e15208d0

                                SHA256

                                b67bceb480bc4efaf0dbce9fba9742a90c56476ef8d4ccbf1dc6893ba70b85e4

                                SHA512

                                4af232c3c9f53986e552599042161aebd86d41e2c0d7520e52ed52ac40fb2a8f8d8e31e983384d69dd28896e6c6b141e8fccd99eaa743c219ce3c72a59bfdbb7

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                Filesize

                                9KB

                                MD5

                                541d73befb769bb470648ab1595e7991

                                SHA1

                                2cad97a21b32a2c6ae611a19d786d1bd2c73a275

                                SHA256

                                4401872eaf9bc524aac464ec0ce5ac65652a62675b47507141f309f37f53f0df

                                SHA512

                                64e1b60326ef62b474a59bcb920d73f4a1efeefa8ba48a8905d43a3dae45b5d48582e8fd9b87a59b2e547eb5bd5f06cf46eda5824dcbbd4586f2e22fec51f89d

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                Filesize

                                9KB

                                MD5

                                2fd49f485f6e7492468b2568f2716a70

                                SHA1

                                1344859fbb336269bde40ddb1049978b4592906b

                                SHA256

                                314409c0fdc64fac1399844d3379145b0cbe936edb32fcf1d7d50b7cc70a0af0

                                SHA512

                                9d910f47512c39b45eafc70979f90904f07201452f10e45dd596121e57ecfe2d35492a7fca17b4fdeb40786ac2d459fe003a79a442015d7cd6044fe8bf8469fc

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                Filesize

                                9KB

                                MD5

                                39ed1aa90476dcf9438ecbdebee20ba3

                                SHA1

                                1c95ffc85ad87b69002794f4cdb10e1e2c24c235

                                SHA256

                                f7e798f44e0c1a0da73ed5e8c81333fdff4b1c25c2e2058d06fe1a894996112c

                                SHA512

                                f50878d8890d08db3a4d2a5d431989ad77fd6464cfbaeadf94e263c368a58fe7be2d83578a4f94801e039eafea50c00ea348e40ee27607fb9688a55f6774c806

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                Filesize

                                9KB

                                MD5

                                2d6d7e023da4d77bc51ce0516c76c898

                                SHA1

                                be7a02a184d50c1d5788cd34172ab1888b4073a2

                                SHA256

                                62f597ccd2e1811d75883b54541c5b4fe89baf523dc62919517c32721b4cac97

                                SHA512

                                ef45a98361a868f09c411a7250f6b88b63a6132eef8e0df001976d4795eabb20d6b241b736e15a93aa8d539cd436ab703a9cf57ee2d5692715ca530f088b6c74

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                Filesize

                                8KB

                                MD5

                                a63ed85d26dde3204e81543b7a2893a4

                                SHA1

                                052976e1a51e32b284487b2ac4eac6893a57b573

                                SHA256

                                6ee2ba57926c33c94658d058ef51e16d507d84c4ee053ad259adda246e5c3084

                                SHA512

                                3fec07128222f783c55156c622c37d3b7b860b070fa90277af8d3c469e913bbbb1609cbb0477174c52392adbbb4cd4d084d2818deb23911cf4ff85bb118b29cc

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                Filesize

                                9KB

                                MD5

                                ee7aae58c0fcdff3adc6294684c647d0

                                SHA1

                                6766ed32c311c2b4ea011ee1d2865bb54f71a11a

                                SHA256

                                99803314535bf9d6a9c9091081d794814bfb51f1b7fc9255031237591a26381d

                                SHA512

                                1e6c8a558fdc41d712e2438ece7507b3e229cb9e3afa78d854b3d324363666a7ff92781b62145962ff5310ae489d9574aaaf1dd6463ac85526df959de56719dd

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                Filesize

                                9KB

                                MD5

                                ee786fe2fa8e4851d83f749d43709088

                                SHA1

                                3591b58351d81119d377469a16f807b529e24b2a

                                SHA256

                                5953e4329cb738f2793dce421054fc182916316fd200b2c7088ab35881e2736d

                                SHA512

                                5004a633b38e6a7c7f9203770ec103522804dbf98f82211d2f904820d6f704221760cb21d937055c329d9adbf7d74b3fa55f9ebc09399999a0224856f9a35a01

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                Filesize

                                9KB

                                MD5

                                890b245ca785d29f74c651f8a2991909

                                SHA1

                                594a730308ba0f109f90a044a7fefb5c4b08e112

                                SHA256

                                d5cfb6b5bae9498b86ddb82bf6e61a2699c514b4c77797fd14e9c50636924e82

                                SHA512

                                2eb8b56acd249c44114cd04cf43555c62216e4a088246eb12770a911fcdaaed04447ddad7379b696b569ad79a51e5d1bae8e1385821ef638e00593d71411217f

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                Filesize

                                8KB

                                MD5

                                6e7ac8c392e594dc5356cb510a68811a

                                SHA1

                                7758e679f1a3e1983df788882db8dfd58a74407c

                                SHA256

                                7c6b3d55cba31f905e8677019c4663768ff0dbe3431ca48a7a5fb1b640a5c727

                                SHA512

                                95c0eb6d43ebacfc34947940cbf49c85e5e3545f50eb57c7fbcf56770cb00bf8804e0558619f94d44f525129edc53cf000bcac77f7ddd502782a4319df36e1f9

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                Filesize

                                9KB

                                MD5

                                9b095621ee0cfe1d3560a2fe8cc3f239

                                SHA1

                                459102d020d89aa90146a479b67ede6fcec0ea23

                                SHA256

                                431ad7ea9b97fc1bd9e337cd794b0f59e7e6ab825dcbec13c44e95fa8bbd4475

                                SHA512

                                a2c7cde5dc586b50ee820047c20bbe2da9d2e4c931f60995c6b0bd0bc5c72dc9bb5d6ce82461b9ef83c5f0a5de32af85ac6b0fe1c4b7f0290ef5e426302916b3

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                Filesize

                                9KB

                                MD5

                                b8c4c1d93ace9843ed8b9fa52753b2f4

                                SHA1

                                8da42941fc469382257521f9c89b302ebc3b36c0

                                SHA256

                                e93fe875d59624e49c28d06b3e32671700da79f9d44c3c84f8c172522f1b707c

                                SHA512

                                57262bb5d35f905fcee9f1ea4770f0e55baa7cab3ddeca88a45690b7df4e2b4da6e6ea0032126e0cc1717e403cb1772cd5a57a30107280bb89b2520468d8022b

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                Filesize

                                9KB

                                MD5

                                3aab58af692d8df3734a5873852eb927

                                SHA1

                                c047f01adf0add44cfcc1d712465721c5089449f

                                SHA256

                                27bcf78f591fe48fb1bafeb4c40e74e49435651cccc4e826d37259453d3136d8

                                SHA512

                                2b86f4885153667472e50bd479a319466603a02db7418b40937a82afa884455340a48d45884263cbbb88ae8414a4a7beb39bd14a8dfa9dc3529b149dffbd9209

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                Filesize

                                9KB

                                MD5

                                af8ea088e698cffb17abf097797c7774

                                SHA1

                                8cad2d59a0bcf42309a62164deb4cafc8a05b732

                                SHA256

                                ad7f5acd2999f518a5066174f583eb276fef32ae71e846ead385c740c07b8dea

                                SHA512

                                bc0b06dfc47b30f561ed6bde82f0b58751d8b49bf29353654c1716c84edfcde6b110a0e56fdbe91f177a964580a79f0372ae7c03ee6e691b22aa650fd9293c93

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                Filesize

                                9KB

                                MD5

                                25c19afccdb12664deee5ca97b33939a

                                SHA1

                                d6475ba69f81dcde111a8510d80c2bbaf76459b6

                                SHA256

                                4775987e2818c9703e1a7bb747e75e9443ce731349ecd5e2ae85f3763db10713

                                SHA512

                                d9fdfaf82ab08f3e26547d98f415c6df4ba312ae612e670beb4145d707e9970ab53039fff50d7e574e9401c8ee667647b69a8c723d529a882ba135db7eb6b8c8

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                Filesize

                                9KB

                                MD5

                                c18732c9509b1878ea7b104f94cd3f9f

                                SHA1

                                d14d47e32235b05ca0ee30e8f813175c4f8b591a

                                SHA256

                                24c87ca231bb7ad7ff60a820f7dee76e33be74fe7c8957b6030814b0c1e97835

                                SHA512

                                2fd257140d687ed40d1808ad7de0d8226731574f83687bd4b0461f3e9bb4aca1f98206c54b598494f04bb916dbaa3775cd1aa231826c42f107b41767385466cd

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                Filesize

                                9KB

                                MD5

                                16dbd6f1b2b7d950ea626fe696826872

                                SHA1

                                b583589e12118f2c71c323669ec5318675e4d701

                                SHA256

                                61d1afa6cde4b96c681591fac959864becb0b1979bae6d7f993b04d692733e2a

                                SHA512

                                f60df188db89fb4c24a6109bffc2c7c54a777cf7702ce41b7aacfd220b692f297ac07aea0f88e1694f0b9cc02fd5161b7dc8b990552c1d86388587ebe0bf69f2

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                Filesize

                                9KB

                                MD5

                                ebae6d91b28b40ef9535542bdb511bdf

                                SHA1

                                a4a8afede453e516474bbc21bc52b429847be2e7

                                SHA256

                                6c2e48bef4d8a0702cf299e423396331f312aa67e8559bd73bef7e6b728dad0b

                                SHA512

                                76566d0daf297a40c26ce81f754d871985dfaae6b64de6fc30423c6a98a6b174e8d1101a4a5ff6dc0defd9918d19f8ec2a8388a713cb7e04b67ae5e9f144db54

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                Filesize

                                9KB

                                MD5

                                ef9246f5c1a31a9ffabf3e7de8bf55ab

                                SHA1

                                14c1d5f624cb1068ef1d2afb842988f4a17e0bf9

                                SHA256

                                2988604936b16c001ae042e39b64a001bbc8341552aee055ac22c6a061f18310

                                SHA512

                                fe644604cf6931606abdd844d63ec8e6a272fef874bec13b1d44822dedd966457879361517b59ad03bff17c3a8066166fa3f6cd8ce2846664dbbbd7e2d5ae641

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                Filesize

                                9KB

                                MD5

                                8dcccd4af2ea4862184597a3f7953879

                                SHA1

                                fd18cadfc2e8d82c685ee0c2f20a4bf3ae5026ee

                                SHA256

                                4fbbf474852206158a087c184136708d81a0765fc7ab401caab537e6098cd4d6

                                SHA512

                                0e6f6ce107bbdeb0e55e87e6a9a70c41ce631831f59b11b04390569953dab4d0e3c35023b099603f3c930c451fc57d44621e2132760085af18a8baafb1f023fb

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
                                Filesize

                                15KB

                                MD5

                                0fad8701c460859d1006f9e17ba83080

                                SHA1

                                64b46071c031b48ed41250fa8b6074fd0921e695

                                SHA256

                                c7bf0c85330043834e4c85c1aba39ccb2aeddd0d88d3b960cb8df0e0601fbd82

                                SHA512

                                ebeb1f441888cee6f7f42ffb23da63fa1f48412c7b605f72951206d93e322d5a0445defc87fdb6eab0b527cc96ea04dff93deae689856a281e25a52def3ad96b

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                Filesize

                                194KB

                                MD5

                                9c7ff854147ece664976e9ce3dacb43a

                                SHA1

                                cbd78950e4ca4399f7366fba80fd7331ba125528

                                SHA256

                                d0ca77454f46ac03cfe17cb66bb0bb8ebb3ba891f9e146e93b8eb4f27a073bdc

                                SHA512

                                f14a3a72b7e3cdcfd1a5dbb75b95f7f28f04da253199dabae6910e3350951d014c7238360c1a870b5b36da1f411e059ce801b959de3124667a137a3a64536db3

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                Filesize

                                195KB

                                MD5

                                b07475ba499572b4b0e5afa3ea67ecbd

                                SHA1

                                44519136fef342a122642c8e38af266fbe97668e

                                SHA256

                                9af3ab36eb4727c121b2ec707a9d097913f70a72bab969aba2362d9b40bbb082

                                SHA512

                                8ab81ef71f6e1c8e41041fd1cc76224729ccfebd090d5132d3374addb03ee3eba910f1a2a42f1a36c65aa1dedde3c225ac9f91459e71f040b2cf82acc2999965

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                Filesize

                                194KB

                                MD5

                                2ddb96c8f9dbc0bb7fe8798a7516344d

                                SHA1

                                7469e804551ebb80d53b9249a2bfcce286d37177

                                SHA256

                                edd8e60510a95176d3dc036e3f57db4e102b5fb39fa38a70d287be2d92dde70c

                                SHA512

                                3c6ceac5523fae3d4485b036dd85bd2894621a5b17e64ebd0d5999d9609e7926b73758329ff069f170d4d2d152445e45f81e10bb88b5e0d294c46d517ac0e302

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
                                Filesize

                                28KB

                                MD5

                                6009c6d73026abee65ad3801a8e59312

                                SHA1

                                8debc125ad80092f76958e531e9d8405c28fee5d

                                SHA256

                                656bb52042cbf66780feb05503e95aa642b97e2ecbde64f286b54240cce5c260

                                SHA512

                                ca33ac1c1099e4d027efd1848ed11171deca7731cb77144c035a5cde6de32fc1f56360eb11231b0254fde2173e3905a8d37bc14d1b4bbf07eff962d86b6fdadc

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
                                Filesize

                                113KB

                                MD5

                                da05bb2e1fface6a37c898e64a7d09ba

                                SHA1

                                a2e7015f4dee1bc96423ae0bda2d07163c8ebcfb

                                SHA256

                                41acc7f8fb33e7d814eef57a96ab327dff17d274e10251b02b037af40290a57a

                                SHA512

                                26a73feee967e9c5dc8a84030bf765f75009118acadd0dfc54cebc6b7a1cfe414596beae9b3831126b14455cd315870781d06ce42c259f84e76b83946ac43ac5

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\GUY07P0L\www.bing[1].xml
                                Filesize

                                24KB

                                MD5

                                7ba2833397bed9e6c530917dd7c12a99

                                SHA1

                                7faa39c97c5281ae5b6f36f31681341083bf1871

                                SHA256

                                be7148c699f561c65c9ed1145098b61da8f719f64293d68f3a12186a20d5f5a5

                                SHA512

                                36abd020f01f1aaef1b2b7b3ddf1da5a3870683fbba64ba5d7a89e923d7efee62216cc084f3f55ab5ec144fde5911487df2233f2e4c7eafae614c4739aab4cad

                                Download Submit

                              • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\script.bat
                                Filesize

                                111B

                                MD5

                                e1fb0edaa5e8c7fd3e3b13e556ef90cc

                                SHA1

                                cbcc264254a0a13d510de0b9762c2ca0ea18558f

                                SHA256

                                9b5a8878d9f606c6d43dcbd57115ffc69117bde85f11dbb928eb8d2362821455

                                SHA512

                                66ce1425a0f6bcf882eb5a81be576de0f12defeb791ce1e4ed28d5e0c605830156b004299a3e4e55c5ccdd43df0e29098f1b407c2aa5ecf4c2bb3d2aab37d21d

                                Download Submit

                              • memory/3720-65-0x000001F3749D0000-0x000001F3749F0000-memory.dmp

                                Filesize

                                128KB

                                Download

                              • memory/3720-110-0x000001F376150000-0x000001F376170000-memory.dmp

                                Filesize

                                128KB

                                Download

                              • memory/3720-186-0x000001F379650000-0x000001F379750000-memory.dmp

                                Filesize

                                1024KB

                                Download

                              • memory/3720-37-0x000001F373EF0000-0x000001F373FF0000-memory.dmp

                                Filesize

                                1024KB

                                Download

                              • memory/3720-90-0x000001F376210000-0x000001F376310000-memory.dmp

                                Filesize

                                1024KB

                                Download

                              • memory/3720-19-0x000001F3721A0000-0x000001F3722A0000-memory.dmp

                                Filesize

                                1024KB

                                Download

                              • memory/3720-289-0x000001F37C600000-0x000001F37C700000-memory.dmp

                                Filesize

                                1024KB

                                Download

                              • memory/3720-91-0x000001F3740B0000-0x000001F3740D0000-memory.dmp

                                Filesize

                                128KB

                                Download