eff570f89626bb82bc162019dca3afe05fb5d8e7b6a46135f94236563603fae9

Resubmissions

14/08/2024, 17:49

240814-wefhrazfln 8

14/08/2024, 17:47

240814-wcv6eszemr 3

Analysis

max time kernel
338s
max time network
339s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
14/08/2024, 17:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

istripper-vst-crack-download.html
Size

100KB
MD5

cbb542b172c097d4b301456dcdfae053
SHA1

7bea917a76a5d50045aea39485a251652760b52c
SHA256

eff570f89626bb82bc162019dca3afe05fb5d8e7b6a46135f94236563603fae9
SHA512

9e4735c2d613595d78a4dd222d9af8634633a6cf9d33b37b86de6aeacbfb1186d6584801bd7389378f8fe635a1fcc13c3997c932029d796ee097cb658128f194
SSDEEP

1536:Zjtjap8WjuUvnspIw/ZPpIw/yK3oxo/bVS:ptG/dz+8o4

Score

8^/10

defense_evasion discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
2068	winrar-x64-701.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\K:	unregmp2.exe
File opened (read-only)	\??\Y:	unregmp2.exe
File opened (read-only)	\??\R:	wmplayer.exe
File opened (read-only)	\??\V:	unregmp2.exe
File opened (read-only)	\??\H:	wmplayer.exe
File opened (read-only)	\??\U:	unregmp2.exe
File opened (read-only)	\??\L:	wmplayer.exe
File opened (read-only)	\??\M:	wmplayer.exe
File opened (read-only)	\??\Z:	wmplayer.exe
File opened (read-only)	\??\L:	unregmp2.exe
File opened (read-only)	\??\O:	unregmp2.exe
File opened (read-only)	\??\P:	unregmp2.exe
File opened (read-only)	\??\W:	unregmp2.exe
File opened (read-only)	\??\K:	wmplayer.exe
File opened (read-only)	\??\J:	unregmp2.exe
File opened (read-only)	\??\N:	unregmp2.exe
File opened (read-only)	\??\R:	unregmp2.exe
File opened (read-only)	\??\I:	unregmp2.exe
File opened (read-only)	\??\X:	unregmp2.exe
File opened (read-only)	\??\O:	wmplayer.exe
File opened (read-only)	\??\S:	wmplayer.exe
File opened (read-only)	\??\T:	wmplayer.exe
File opened (read-only)	\??\A:	unregmp2.exe
File opened (read-only)	\??\B:	unregmp2.exe
File opened (read-only)	\??\H:	unregmp2.exe
File opened (read-only)	\??\W:	wmplayer.exe
File opened (read-only)	\??\X:	wmplayer.exe
File opened (read-only)	\??\B:	wmplayer.exe
File opened (read-only)	\??\E:	wmplayer.exe
File opened (read-only)	\??\I:	wmplayer.exe
File opened (read-only)	\??\V:	wmplayer.exe
File opened (read-only)	\??\G:	unregmp2.exe
File opened (read-only)	\??\S:	unregmp2.exe
File opened (read-only)	\??\A:	wmplayer.exe
File opened (read-only)	\??\G:	wmplayer.exe
File opened (read-only)	\??\N:	wmplayer.exe
File opened (read-only)	\??\P:	wmplayer.exe
File opened (read-only)	\??\Q:	wmplayer.exe
File opened (read-only)	\??\U:	wmplayer.exe
File opened (read-only)	\??\M:	unregmp2.exe
File opened (read-only)	\??\T:	unregmp2.exe
File opened (read-only)	\??\Z:	unregmp2.exe
File opened (read-only)	\??\Y:	wmplayer.exe
File opened (read-only)	\??\E:	unregmp2.exe
File opened (read-only)	\??\Q:	unregmp2.exe
File opened (read-only)	\??\J:	wmplayer.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll	svchost.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll	svchost.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\winrar-x64-701.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1596	5816	WerFault.exe	142

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	unregmp2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wmplayer.exe

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133681314553324935"	chrome.exe

Modifies registry class 6 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings	OpenWith.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\))Full_PC_Setup_2024_as_P@$$word((.zip:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\winrar-x64-701.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2860	chrome.exe
2860	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
4840	OpenWith.exe
2448	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2788	OpenWith.exe
2788	OpenWith.exe
2788	OpenWith.exe
2788	OpenWith.exe
2788	OpenWith.exe
2068	winrar-x64-701.exe
2068	winrar-x64-701.exe
2068	winrar-x64-701.exe
4840	OpenWith.exe
4840	OpenWith.exe
4840	OpenWith.exe
4840	OpenWith.exe
4840	OpenWith.exe
4840	OpenWith.exe
4840	OpenWith.exe
4840	OpenWith.exe
4840	OpenWith.exe
4840	OpenWith.exe
4840	OpenWith.exe
4840	OpenWith.exe
4840	OpenWith.exe
4840	OpenWith.exe
4840	OpenWith.exe
4840	OpenWith.exe
4840	OpenWith.exe
4840	OpenWith.exe
4840	OpenWith.exe
4840	OpenWith.exe
4840	OpenWith.exe
4840	OpenWith.exe
4840	OpenWith.exe
4840	OpenWith.exe
4840	OpenWith.exe
4840	OpenWith.exe
4840	OpenWith.exe
4840	OpenWith.exe
4840	OpenWith.exe
4840	OpenWith.exe
4840	OpenWith.exe
4840	OpenWith.exe
4840	OpenWith.exe
4244	OpenWith.exe
4244	OpenWith.exe
4244	OpenWith.exe
4244	OpenWith.exe
4244	OpenWith.exe
4244	OpenWith.exe
4244	OpenWith.exe
4244	OpenWith.exe
4244	OpenWith.exe
4244	OpenWith.exe
4244	OpenWith.exe
4244	OpenWith.exe
4244	OpenWith.exe
4244	OpenWith.exe
4244	OpenWith.exe
2448	OpenWith.exe
2448	OpenWith.exe
2448	OpenWith.exe
2448	OpenWith.exe
2448	OpenWith.exe
2448	OpenWith.exe
2448	OpenWith.exe
2448	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2860 wrote to memory of 1732	2860	chrome.exe	81
PID 2860 wrote to memory of 1732	2860	chrome.exe	81
PID 2860 wrote to memory of 1592	2860	chrome.exe	82
PID 2860 wrote to memory of 1592	2860	chrome.exe	82
PID 2860 wrote to memory of 1592	2860	chrome.exe	82
PID 2860 wrote to memory of 1592	2860	chrome.exe	82
PID 2860 wrote to memory of 1592	2860	chrome.exe	82
PID 2860 wrote to memory of 1592	2860	chrome.exe	82
PID 2860 wrote to memory of 1592	2860	chrome.exe	82
PID 2860 wrote to memory of 1592	2860	chrome.exe	82
PID 2860 wrote to memory of 1592	2860	chrome.exe	82
PID 2860 wrote to memory of 1592	2860	chrome.exe	82
PID 2860 wrote to memory of 1592	2860	chrome.exe	82
PID 2860 wrote to memory of 1592	2860	chrome.exe	82
PID 2860 wrote to memory of 1592	2860	chrome.exe	82
PID 2860 wrote to memory of 1592	2860	chrome.exe	82
PID 2860 wrote to memory of 1592	2860	chrome.exe	82
PID 2860 wrote to memory of 1592	2860	chrome.exe	82
PID 2860 wrote to memory of 1592	2860	chrome.exe	82
PID 2860 wrote to memory of 1592	2860	chrome.exe	82
PID 2860 wrote to memory of 1592	2860	chrome.exe	82
PID 2860 wrote to memory of 1592	2860	chrome.exe	82
PID 2860 wrote to memory of 1592	2860	chrome.exe	82
PID 2860 wrote to memory of 1592	2860	chrome.exe	82
PID 2860 wrote to memory of 1592	2860	chrome.exe	82
PID 2860 wrote to memory of 1592	2860	chrome.exe	82
PID 2860 wrote to memory of 1592	2860	chrome.exe	82
PID 2860 wrote to memory of 1592	2860	chrome.exe	82
PID 2860 wrote to memory of 1592	2860	chrome.exe	82
PID 2860 wrote to memory of 1592	2860	chrome.exe	82
PID 2860 wrote to memory of 1592	2860	chrome.exe	82
PID 2860 wrote to memory of 1592	2860	chrome.exe	82
PID 2860 wrote to memory of 2816	2860	chrome.exe	83
PID 2860 wrote to memory of 2816	2860	chrome.exe	83
PID 2860 wrote to memory of 2220	2860	chrome.exe	84
PID 2860 wrote to memory of 2220	2860	chrome.exe	84
PID 2860 wrote to memory of 2220	2860	chrome.exe	84
PID 2860 wrote to memory of 2220	2860	chrome.exe	84
PID 2860 wrote to memory of 2220	2860	chrome.exe	84
PID 2860 wrote to memory of 2220	2860	chrome.exe	84
PID 2860 wrote to memory of 2220	2860	chrome.exe	84
PID 2860 wrote to memory of 2220	2860	chrome.exe	84
PID 2860 wrote to memory of 2220	2860	chrome.exe	84
PID 2860 wrote to memory of 2220	2860	chrome.exe	84
PID 2860 wrote to memory of 2220	2860	chrome.exe	84
PID 2860 wrote to memory of 2220	2860	chrome.exe	84
PID 2860 wrote to memory of 2220	2860	chrome.exe	84
PID 2860 wrote to memory of 2220	2860	chrome.exe	84
PID 2860 wrote to memory of 2220	2860	chrome.exe	84
PID 2860 wrote to memory of 2220	2860	chrome.exe	84
PID 2860 wrote to memory of 2220	2860	chrome.exe	84
PID 2860 wrote to memory of 2220	2860	chrome.exe	84
PID 2860 wrote to memory of 2220	2860	chrome.exe	84
PID 2860 wrote to memory of 2220	2860	chrome.exe	84
PID 2860 wrote to memory of 2220	2860	chrome.exe	84
PID 2860 wrote to memory of 2220	2860	chrome.exe	84
PID 2860 wrote to memory of 2220	2860	chrome.exe	84
PID 2860 wrote to memory of 2220	2860	chrome.exe	84
PID 2860 wrote to memory of 2220	2860	chrome.exe	84
PID 2860 wrote to memory of 2220	2860	chrome.exe	84
PID 2860 wrote to memory of 2220	2860	chrome.exe	84
PID 2860 wrote to memory of 2220	2860	chrome.exe	84
PID 2860 wrote to memory of 2220	2860	chrome.exe	84
PID 2860 wrote to memory of 2220	2860	chrome.exe	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\istripper-vst-crack-download.html
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa7548cc40,0x7ffa7548cc4c,0x7ffa7548cc58
  2⤵
  PID:1732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1932,i,10496818962524684422,7738370702990219146,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:1592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1752,i,10496818962524684422,7738370702990219146,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2088 /prefetch:3
  2⤵
  PID:2816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1668,i,10496818962524684422,7738370702990219146,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2380 /prefetch:8
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3064,i,10496818962524684422,7738370702990219146,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3104 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3084,i,10496818962524684422,7738370702990219146,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4740,i,10496818962524684422,7738370702990219146,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4756 /prefetch:8
  2⤵
  PID:2072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4564,i,10496818962524684422,7738370702990219146,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4776 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5024,i,10496818962524684422,7738370702990219146,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3080,i,10496818962524684422,7738370702990219146,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4860 /prefetch:8
  2⤵
  PID:2980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3720,i,10496818962524684422,7738370702990219146,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4884 /prefetch:1
  2⤵
  PID:3784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5132,i,10496818962524684422,7738370702990219146,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4532 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4500,i,10496818962524684422,7738370702990219146,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5284,i,10496818962524684422,7738370702990219146,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4460,i,10496818962524684422,7738370702990219146,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5568,i,10496818962524684422,7738370702990219146,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:3432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4768,i,10496818962524684422,7738370702990219146,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5748,i,10496818962524684422,7738370702990219146,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:1544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=980,i,10496818962524684422,7738370702990219146,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5188 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:1052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5832,i,10496818962524684422,7738370702990219146,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4776 /prefetch:8
  2⤵
  - NTFS ADS
  PID:2320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=1344,i,10496818962524684422,7738370702990219146,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6136,i,10496818962524684422,7738370702990219146,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:2484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6116,i,10496818962524684422,7738370702990219146,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6320 /prefetch:1
  2⤵
  PID:1916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5784,i,10496818962524684422,7738370702990219146,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:2516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=1428,i,10496818962524684422,7738370702990219146,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5976 /prefetch:8
  2⤵
  PID:3396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6124,i,10496818962524684422,7738370702990219146,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4400 /prefetch:8
  2⤵
  PID:1864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6500,i,10496818962524684422,7738370702990219146,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6112 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:2152
- C:\Users\Admin\Downloads\winrar-x64-701.exe
  "C:\Users\Admin\Downloads\winrar-x64-701.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2068

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3616

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2192

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E8 0x00000000000004F0
1⤵
PID:2956

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4144

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2788

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4840

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\))Full_PC_Setup_2024_as_P@$$word((\" -spe -an -ai#7zMap25412:130:7zEvent13353
1⤵
PID:1484

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4244

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2448
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\))Full_PC_Setup_2024_as_P@$$word((\))Full_PC_Setup_2024_as_P@$$word((.rar"
  2⤵
  PID:4840
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\))Full_PC_Setup_2024_as_P@$$word((\))Full_PC_Setup_2024_as_P@$$word((.rar
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    PID:1536
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1916 -parentBuildID 20240401114208 -prefsHandle 1788 -prefMapHandle 1780 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4f9a91f2-11e0-42db-aa41-050de1f38dd0} 1536 "\\.\pipe\gecko-crash-server-pipe.1536" gpu
      4⤵
      PID:3688
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2380 -parentBuildID 20240401114208 -prefsHandle 2364 -prefMapHandle 2360 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a91052b-9581-4ff1-95f2-45f59f24887a} 1536 "\\.\pipe\gecko-crash-server-pipe.1536" socket
      4⤵
      Checks processor information in registry
      PID:1920
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3132 -childID 1 -isForBrowser -prefsHandle 3112 -prefMapHandle 3108 -prefsLen 24739 -prefMapSize 244658 -jsInitHandle 948 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6895ae9c-50c1-4fe5-a989-82169dbda8e8} 1536 "\\.\pipe\gecko-crash-server-pipe.1536" tab
      4⤵
      PID:2040
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3620 -childID 2 -isForBrowser -prefsHandle 3612 -prefMapHandle 3608 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 948 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d62203a3-5d9d-4f8e-86a2-6d31fdc73e44} 1536 "\\.\pipe\gecko-crash-server-pipe.1536" tab
      4⤵
      PID:1168
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4628 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4336 -prefMapHandle 4600 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d7ecdb7-7901-4b2d-bafa-036e8cfeaf16} 1536 "\\.\pipe\gecko-crash-server-pipe.1536" utility
      4⤵
      Checks processor information in registry
      PID:5676
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5768 -childID 3 -isForBrowser -prefsHandle 5744 -prefMapHandle 5748 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 948 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4405c0bb-3811-4842-9af5-3f5224daab20} 1536 "\\.\pipe\gecko-crash-server-pipe.1536" tab
      4⤵
      PID:5412
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5956 -childID 4 -isForBrowser -prefsHandle 5876 -prefMapHandle 5884 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 948 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e59b999-bf9d-46b8-ad76-7993ff4940f5} 1536 "\\.\pipe\gecko-crash-server-pipe.1536" tab
      4⤵
      PID:5428
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6140 -childID 5 -isForBrowser -prefsHandle 6060 -prefMapHandle 6064 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 948 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {73a2651a-77a7-4e58-abc7-293ac2986d7a} 1536 "\\.\pipe\gecko-crash-server-pipe.1536" tab
      4⤵
      PID:5432

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" C:\Users\Admin\Downloads\))Full_PC_Setup_2024_as_P@$$word((\))Full_PC_Setup_2024_as_P@$$word((.rar
1⤵
- Enumerates connected drives
- System Location Discovery: System Language Discovery
PID:5816
- C:\Windows\SysWOW64\unregmp2.exe
  "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5972
- - C:\Windows\system32\unregmp2.exe
    "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
    3⤵
    - Enumerates connected drives
    PID:5896
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 680
  2⤵
  - Program crash
  PID:1596

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
1⤵
- Drops file in Windows directory
PID:5360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5816 -ip 5816
1⤵
PID:6132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\50988b99-7ca5-4a81-9feb-13e50dba913e.tmp

Filesize
11KB

MD5
f74dfb426bc94127daaf15b2471990f4

SHA1
6cc9aae2349a4296a40015a7573c8034104e8403

SHA256
0963f5fe8f3e25abc2fefdb988ad445d87ddadda74bddf56375a3846cba96d75

SHA512
2b7f08961f895db7d670c2512d798380206de711d11141cd0371444afc379f8ac62b2d7815eb5c40525c178b47ddbd1c530ad3bb936e986ba23a615c5a2a3a4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
767ce642a9fe5667f95ec65c6c383978

SHA1
fe066e0cb8d8f7dd1c4190eacc95ff68e561f042

SHA256
472f94ba91c638d0fb376589c559b36b9899f1aeb8ebc21fb06e9023883b80f7

SHA512
44d5cc21fd46be3181c0d25f67b804c7b40badd8d7573153e44d80da40a469e76e2314a68223050ba4cbedd01a000dcfe6513868ff1fce44665c8705cc5b3595

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
f6cb6cc110bc56e88cac48d87a841ede

SHA1
6650c01520930b503f810db891052d6bc63dab55

SHA256
a16471f3eabec60dfa21e5e753921601700406d927dfe5aad811f1531ace63e7

SHA512
f2b724533b457dc7037f7ad30b1e9e87f7a30440d56a8f4921d316318611b97caf3fed4387dc637c95cfa91a93b7fd3e6ffe84482037559de50a1c3b5763b261

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
912B

MD5
63f27a56ab7374181dd19bbdc3e8e52a

SHA1
3d8ca0a056b22c5cd81f50bac2bfc541b8f95a9f

SHA256
4e46a20827a6a20a21752a7bc9aa710713285b44bcb460c5dd6936830e3b624d

SHA512
ab27e5b4043cd251b14025bd2179b64b587adb4c915ccfbd9e7dedab215b939508a29885eab0a160fd5b8ae65f3ecad8f0fbce94401d8bca6066be4ff13a77ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
c988483787e871a1f2b0dd5431c6e0f2

SHA1
8a5f132333200c53713344210cfb685b331af4b0

SHA256
74bd4355058e90f508ebc4347c8f5d7922c401b93bf8f2a8b45692b0f30135fe

SHA512
58a07a7d4291d681e767747effd21e25aa5f3112832228d9e803e2201fa29348d3f781bcfeed2799a18bdcbcedac93ccd9d79d31bf96aae31e420e5ed9f9b555

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
cfca8cfefc42d6b8c02fe7435c0d84e6

SHA1
1aeeb566b86e27475fa0573674a41d6e5864d3d3

SHA256
a664ab917c6f963cd83918f50bec2e079fceefb2947a16b3631069d72ad406de

SHA512
86275d77e8e171d75cea02b42ccd2f1981a948151af0f93600407899eb023586b3589fc059c716aa94524ad3080a26660f8ee22d31a612cb8f49b740578eade6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
4118fc12a6444de2a034648aac4e2ed4

SHA1
694786b4bba78413f3646bb46c195682392e10a3

SHA256
9f9f5fbc763275f63ab2849b5d1de4e56f3060a0e2a09dffa79ec16d429151c4

SHA512
2b469f9368909fa55c081106301b4e65c4cfd9945190ed87bcadef1c9d78f86071683a939072260311156580c6b1df6d8ff3e537d91e128127df1e4aecaada54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
687B

MD5
ce1759a69546618fd18a422761694569

SHA1
51fe76a150d39a334e0671c819ea9aa94f0a70f9

SHA256
08700678be675dcd135d8dd4f32cf27a4c03b2d13d286bb7f2b5170aedee24cc

SHA512
c970a825862ec2289739f436135a992789a398ec2f601a7167e99a358e7daeba9c5480e8926a3652d25c6f1fba546dcd1333ce1a73bfac2468a9dec2b68dcd7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a950e1c3b726e978e3810d0d4008ff17

SHA1
2852fe8ecad18153d157841bfb903424367cd171

SHA256
d58cc91f259639604ae55e046e88fcc36dab08a20c02d5f9a30d949d4f81d6d2

SHA512
41af6a023ed96a41a4aa375047bc71c92aaa279ab769ca6565d9431dc48fcb0ee0a0541cc9572d352c09d23dd28e7ec15c5f8cdd55837348055744e5b5451638

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4d3a45d8c2e25e77c284afbed2e0d802

SHA1
44bdac32f3633ba2fdb8f99b8953ab5fd2f70066

SHA256
b3f606c5d7abfadec5bba6f116167e2851c160c5d34a6f21d74b8e0b9959eb37

SHA512
4385e9004b3145ae725bcb8c40db0f21badf7131054ad780dd888109dda6e3d32454fdf95a0057c9b28670284601ee71a8390be8c39fda277d21f164124ddae9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
90ab8596eb608744e5b4891688f80874

SHA1
915353b0d38d77c08554f4979c16f6ff7bf5fee4

SHA256
5db7b34947a067ab61decd3c86f4976cd7edc9b41764aa538dddb25d6bf078ca

SHA512
f987d123a71a43ec5ca725359e9a7c3140662194c50d748c6b0ab8597c9edd9a5815861321d65a81efadc8125a17a701bb7bd92c982425f4c253adf91d544874

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
55464f51c474980c03ac03db71a1eab4

SHA1
73b02a9d93153e390a427096683577d37fc2536d

SHA256
745c40608399945afe9e931a9f1972797a8fc354a394b062d07274665a83208a

SHA512
d48876cdf087d7141aee1fcf89ddd420b83953a815d3dd4ac4fe0174fb6c21d4a3d131367b5e0acc8302def8f15a733a7baf43ca7b1d6d2c16bc35ca80ef84e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7b6a268d4e4b996bcf14cf0d036a3dfd

SHA1
8c38d971a3f9579cd81362103affff40e16f9c77

SHA256
db5477649df685f7f4d638aef3dfbfd5802cb78cb3c2195169254df09044eb7a

SHA512
a2c8b2bd70a0a7ef28d10b1848946efae95be81f0d21a4da9808aa698a9caea359e5873efbc87380cb9d76e2c89afb40107400b2fc0f2184c156a0ff1e92a66e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\d9b26bd4-67e8-4979-b2bf-73b925346f97.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
305f2a5915c288c9485ad2ea870f8130

SHA1
480374275ed742d9602fe67e98ad1436bf3e187d

SHA256
1efb164d099d3f4ab740bfaa44ba938018aa304dead10982d0ecce68301ba9f0

SHA512
447e84c2b47d85da5ec988cf25bf2dd5294dd265490bdd7a97b5e154fbbc24132460bb779349092ee86a1619697cf8a4df941363192dd98412e7faa3a5d1f6a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
cb43f2ce1e5849a2ef97e889afb0cb77

SHA1
8d9798677c1f9ac9a0ae2947f6c60892a3f47e76

SHA256
ed2d718d511e12b0f4e23c1efed1f54d056b8d0df4948e7e7ea70910dc04ed60

SHA512
93de2afd97e958d32fdf3681ac76b74769ebabd7a6eba52c5b55f2b22443f871b63774d4c5baca6a6b83243be50d37c3d68d10e219db371422d99938d7ba273f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
3d304d64c2c7a6e0064e55fc803e3d32

SHA1
812a7b72c864bac9481f935eebbb3f9303bb3ca7

SHA256
d85c343b13b95124beff5974da807ea4a6c345c249b61a1f1eec56914070fee4

SHA512
6488223aaf622b1e74f0e874d2151650a1e8d4ab0fd5a10f5dc6ffd2dc4196a4519fae27d0f29f5099b8d098712b3795c50ba45599f4c3b7b26ed71ac126924d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
456afd6d721936a59227a7e24434ad87

SHA1
0876204a17e4e0fe5812d1a78197fd9957ff2f2a

SHA256
092f9d370cd0acc159d8e986312d2ee05be60b5432b934ed73dbe2d99c6cdeaf

SHA512
482f3c30afd0ebc20053fea7b61e3a578472a9e96b88c5babf5db49a308ecf69589f244de6e764d270f6af2a201eec134e7302e1d3ea6c159342d0649e52ef43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
cf56c07e144b51dd2b9a7230290e0c37

SHA1
82952a83ac1deb958f5f70f6b1a906c81ec8579a

SHA256
e41b2713b66bf7ee8d6f6827491c0ef9ea84890950de72b666b6cd373eced897

SHA512
d79bc97906d31988ec67a1964979f17d4558fb0256eb8041e3b36a1a9dbbdb6249e6c6b848366679107befbe4f47501fafc5817e8933a83f409cc2f3e887e17e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a057ae0010c2e34499a12c87baefd590

SHA1
43fb30c055e919cee86a66ba609cc4d0d26be4a8

SHA256
90a27f3890ac0e99f6455c29fb46436c830e2d2be579437e08b411ac9f93854f

SHA512
1a41d3a88d0a103f404ca4d6751205c34afbd2749c57e2314249f89a0c79dd6398fd68fbc542fe52da18de4764c74ccdf05d05f849039834b6be909e77046d79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
02cfe5eb5b7f2fb41537c9f9008f67d1

SHA1
b3d456f94989a791d0c7463b7dea6fc84a5df0a8

SHA256
79c962c46f9d233c3c045a136918679dfb58c5eeaffd3587808d556e1186d7cd

SHA512
7c1a2549bd60dbd7d33cf3fa30b689f7e46c4242ba32c70eefc2f35c9ac9f62612680c6cbb7d2aee61b0b8190e9755338de3a766137b6fa1044e9ebfa5149b39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ab18251e5724ca95d3ac06d5aa2622de

SHA1
5f630830f45fe2e98285be9c2799e56d6201dc95

SHA256
4626f6b694ec8862d6fe0f55f080b9df35cfa8982826dc25660ffbcad594fb1b

SHA512
4fcf122aec4cf3dfa9f1c07e221462ca6360cdd067fa80a351d0016ed8de3bf9a2b4438a700c000262fe5495b653fef712466df0e8e0a6f4e3b0ea90a5ea60ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
40eadbc29ebc9fad72059c14d106dc62

SHA1
e6b67dd6e6bc498a5d460db862747ebc35f96533

SHA256
0765139061d2c39581fb3eb9173ca81d90d6e5cf7f5e009b74533970612b9235

SHA512
6751ae9564cf50e8bf6394ab36e1fdac563302a749aa8fbc895df9805e7422cf35b8c28b479dc1b39728b513fbb0c28cdb1921d9688990259bbb4ba1dd1bc8c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
37394c3e7b9f5ec83e28a6026b89bcf3

SHA1
c32b027c97fb7e86190ac28da56644333ff8eed7

SHA256
a4a45c69b03f61e019cd223ee273acd4b9bfcb326f83acbfd34e034662d483d6

SHA512
ddd11d3a0202adff9e64d759a8a093ee80c02cd924bf549983b09b83ce39960ff2ca6b374b4d6ec603a5f27bc50d9db70ad95c0fdab1b54a6319e469cdbacae1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
47fc39940b6155e57b5c91e23b54fab6

SHA1
00c897990134b1f185979f75307d2161e5266d99

SHA256
3bbecc9adb15c3216b6547008697494e517bd9adb7e2c51345e91825b60fa707

SHA512
28c66ff696c42002e4a2a41a969386c6791280faf644ffa7fbe0c0151f9712e4fceb370f328175268b656980c613d8ef60a19668f0d689ff1ede8d0085512f7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
66136261d385a0e88561088d1fa9001d

SHA1
317edbf0944a60f47431544b76b877dd0a76a4b5

SHA256
8ad1e25529598c98854ff325978393fff63d547c1a9bc63696718bbb7691a1bf

SHA512
be4a899d9a328a2e4eebd56b94c618b2e75e0b01700b424cac3cb758585a3f3aef4101141b2610faa12cb2efa4d20d23f8abad65060f66fe3c740c6f787c3006

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
6bd88535217b1154736639ee91e68349

SHA1
175940953c331271a7157b1825c93b68d15d867b

SHA256
cb71459ce407e72265cc7bd89c6d1f09f9d81eda437a3f2efac4d50e82673759

SHA512
6e25fc83723a015018244d0f6ca27df1e681e11bcea1b1bf3d740f7063e66fd43ea81b64b0057e41c00f3c5ac0854bef4ffb76d53f7d06e440ffa1ae4823c25d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
aa5e1cfffed4c1931579539494f461bb

SHA1
cb843a3f82ff68dffd63d9d6e80e94c626cd9635

SHA256
b741c0608e55ccd7f0410a2373923f61ef6bd8f8830a93adaa6f57dd38302646

SHA512
1f86c5b226beb677071ac137dd7a5f63acd668596f0800ab98c8b131706c952d8dd633d6b08f5dd75067b8be4109d02ce4687bd108a73388e8e88fcb2458d876

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bc9cf146070851b56c9dd72fea2a340d

SHA1
0f3f73a6a77f002939658138d57885bc390c8d9b

SHA256
abeb709c632a389c218308a400df996daa88618df9fdb4262872d4a8ad2778d9

SHA512
9ddf7be30c8e77f7b39f2def2c15bd6209f26c11073b53660f8d0e3af58e9cf2cb132219470910414e26cf86db66d9c9e46ae35df8e687bfbba330c22fc3dd86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
5628dc7a8bb5aa0cdadd602403f81434

SHA1
f1e907609976846115bc6b8fce7861b699acfe98

SHA256
bf3ab1205e7f4d7320f8b9ac3967d1bbc60d90a40d39e44bd09638685fb6a757

SHA512
1dce8ecfcb736dd9b2e28290426bf9305341108241476665340a87b38a53c8b7ffef3b39196b4d903bdc1c8bfdd82a8bee65a6dada5b2c7e16afab06d3e8bb76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
1ca8986c493727e5490d3b62ee78566a

SHA1
4f478b3cf603a56c99676969897c4d979fa3fdca

SHA256
31a714d5f0117c5598ed4f8f553b1d149c47207966afc308cce2421f8b80f265

SHA512
6d80aa77c220a308413148efae017d3b8a31d09f8f0cfa83d612d7b2156b9e89ddb163b0b64f50156b3e4b095abd7f34da4472514c206ec73ab3a6674e65baae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d25af0f3e431fa0b756f12d016ae7439

SHA1
241a78dd628b8850ddd8e81f6993ae3dd504dd86

SHA256
68c6a28746d956d037595584a35201bd7c077210d74eaf90fd52e7070e873e9f

SHA512
079148377989247791bff9d708cecc2ed272a48f49020bbeaff7dc1937d3b2ed49f4fdff488b2eb0690fc5c66fd6c627bb5e236f1cb30fc7d03f5275d39f1e78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
bbf237cf45826f2760c4af52aa6bf80a

SHA1
938c20c06727d692f35a924d16bc34855e571a39

SHA256
14496ee98bb3146fd11f63576c2f61db67176b0f946e6478859f23a7cf8a06e7

SHA512
af3099b1bdb17280fbbbf322d45b8452323b87cf0ce4c9ba4789fbbbfc215809ccc5ad0de00dd690298ec6a8e2a88e1702f11ea2ff172428f1b0bb8e8589159e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
02df231cdcffaf76351c39475c27376f

SHA1
9a7a8dd27f13d868afa2fce90c1d022790137fdc

SHA256
a0391f2af180bfbc35a6c9ec156e5b367775ed80e80af0d04d571a3da9797396

SHA512
6f7b833eb105338f4fdd9c1dc868fedf47532d6d06314baa4fff2fae3c539e17e2481f4e257d9db28dbb71a587a10f12c1752cb0b75ae878aea65e1dc495eab3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d4fcc6c2b9c6b32a44c878781c1dbf7e

SHA1
9b6fea7bdcc4984b8221dd1aef7112bc561ec831

SHA256
5801e35559ef12cd7812f15948156b84c380f1e95d69b409a81f5deedea5b28b

SHA512
32c4c2a7f5a955ecb6d540595da3fe1724031549b705223b3c72ad9d18cecac117047b475219e30c7489e382b295e5889c7acc0d4c371f3afb53081e6e82ed00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
9782ae8333facb462dd44317848c3649

SHA1
461bc125fd370fd3c84c4f72a970b9bdfbb0d8d5

SHA256
efdcb7dec0253b0949176b236eaa5ae14840279347d81506b49e336a96c8e9c1

SHA512
92ae966dabe67ebee4a72d06c5e48a336a89954a24a072a606cde2c8fca71ef4add3eb7e427ca9e5e396c1e4a080057e6189b0361aeac8abb9792c38b812425a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
6ba5256aac9bf4500678a6a369e6ba49

SHA1
db7b14a471e619e2585c3550ceee9494d6cf6794

SHA256
af4f7aed8a1ff525d7e880a8548a619503d390aca87aee5dfc91070a0149d1ed

SHA512
9e268f82bf538828b518fdda63afbd001aa670647ff26cdf3dd270f7ad36d26c210827f20f4349fed04e9384f904c6c9e97f3433b38000fb5fb4d022ff817b67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
d1d9cd4dfbfeb05c0cd4c59b6a8d693d

SHA1
229bb2a320904950547ec6936c0ee421bdc3e124

SHA256
f4045457660ad609aeca64031a34465e880dc5851c858a9c4a7a97ba099dc190

SHA512
d83b7e66b97b4cc8526fb2ab0a7f197f1e7110094f79fd88db0af6b96f0282c72ae8b59ac615256d25f8d2191c99e7ef003a463a05599f86fc5073a332dcfee5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
a7ae0e7294e8f19c1909012712e8f86f

SHA1
bafa99e17d4d1b950bc39a04384c4a10cd039d4c

SHA256
11bb29460e0ed932a70609822288087fef834a2eabbff22dfcc42ecc333ef400

SHA512
438c96689152cb3291587d1897e09bbc4c144d4aac2b47965eb9cbb74f066437c9011ac9fbc6682d0b624bd0455a418ac6bc6a7587cf04ea1451ceaeb1c96565

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
9bd2809c2482b2d72192541a01a56633

SHA1
665a8b5f8b38607cc6bab8a56af2d738d9f1045c

SHA256
a3f0933ad3a9d77e2f31f493d36afa6d2667b003e21fd903761d714a20e92f59

SHA512
e98e53f642b10069fde8122d3c1565d1f0446140d59ea07b7006df38d30ab4f8a70a99b7033fc0838fadbb9d81f5bf30466719e3fc9a0d2247a17491af15c3d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
912f721134a4245e6ff3c7b051d8845a

SHA1
ea1bca28966947a1b952c4a6ef5c8b00a0f4f808

SHA256
d077ef1d61c6f679db005f41526e561d1aba36ff29389fbd32216fe33b52a7aa

SHA512
28c9f76e3e8b78f557b1e1f6d1eef2c558a025c5af1573d8aa501a0ee842eddfab2dce297788524dc8e6a0c756e1afab2dbd5d8aba1f99929a4512f5e2c71041

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
207b36a348c995ee7eea2aeba7eee2b0

SHA1
7271d566d8fdee0c6a00adaa9a28cbd0e782aa95

SHA256
0285682019962f40d8f890e16573af49af5770d17f0b28be1c0243f162e93e2c

SHA512
b909af9075a93258c9cd7bab143b82b4ce352967c46772dcfb27372fd1c2f9ff00565c942121f04642dfed2aacd30cae09cbc28ecb5bfed44e56ad6a2c4a831e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
896KB

MD5
62167e3822d3e085e5c0c1f26cb4e486

SHA1
31494a1ead07ed53e7ca70c6c17e0bde8369a722

SHA256
1c2494cf7cf3f92ee810ba7b6f9ac59bda05cab861da1e4183d12e7492b1a82b

SHA512
bcd421fb77189200081f89621bb6fef2d3f93f6fc152c85d55de3ed7457d27414cde154a0cb118c5321466c7541e97fa5141036109d72ec75e00e505c30f5f15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
1024KB

MD5
b5a886f09fba6fa25ecea82c722234b9

SHA1
2e7570b7746f851334d8de85730dad96e2007fce

SHA256
7749509acc37cabdc7d493c5c180a4f0a04097037e814e109b1ee5d94f315252

SHA512
f1c0167b1af82570d0f7dbef474b7a00b4db827df7f77256488b0584449eab34bfa378a617e58044ec810d633a095845f19d3a438bc79d2ce0046d968ae6486c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD

Filesize
498B

MD5
90be2701c8112bebc6bd58a7de19846e

SHA1
a95be407036982392e2e684fb9ff6602ecad6f1e

SHA256
644fbcdc20086e16d57f31c5bad98be68d02b1c061938d2f5f91cbe88c871fbf

SHA512
d618b473b68b48d746c912ac5fc06c73b047bd35a44a6efc7a859fe1162d68015cf69da41a5db504dcbc4928e360c095b32a3b7792fcc6a38072e1ebd12e7cbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Filesize
9KB

MD5
5433eab10c6b5c6d55b7cbd302426a39

SHA1
c5b1604b3350dab290d081eecd5389a895c58de5

SHA256
23dbf7014e99e93af5f2760f18ee1370274f06a453145c8d539b66d798dad131

SHA512
207b40d6bec65ab147f963a5f42263ae5bf39857987b439a4fa1647bf9b40e99cdc43ff68b7e2463aa9a948284126ac3c9c7af8350c91134b36d8b1a9c61fd34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9lt6socl.default-release\activity-stream.discovery_stream.json

Filesize
32KB

MD5
aa3a33d716b4b8d8badbde7a370280b0

SHA1
a4d65cc599ebbaac9f1c478a4115660bf97a25ff

SHA256
baad809d9c0f53da4e5914281639dbcce5f0355f9be396f7947f6ce57712252b

SHA512
6a2a97e95cf53a3a25ba9811209fff51c41aca43c6a9b478d14ee5ef2af046658db61aff8420a490ff49bb5c9417ee4b4fb3cfbfe046b48b7a74576785c93800

Download Submit
C:\Users\Admin\AppData\Local\Temp\wmsetup.log

Filesize
1KB

MD5
4f4d836e9dfc3acacf6aae681e70726e

SHA1
0df325bdd5922869ee6945a5c76813bf7ea37490

SHA256
d1528b98cde94dee6495ce71e84880187c84b5dd789d5c0a97db17143bec4eb1

SHA512
056e821b9253d3a4747605993bd256446eaddaba045bb45b3a11c44473ad69356d06c5f2ed275ea6e52e46f6930250964297e61659b3469130944215616abf42

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.exc

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
9KB

MD5
01944eb125204507d4c52fae171652eb

SHA1
465fd20caf3dafe204e64bb6767d0abd7ca2cde6

SHA256
a33d4701376ca8c9010c04dfdfff290c9b57f1ed3ae8ba80b42770e7ed482ef1

SHA512
ee45b0ce3eeadd2a47940654e90b49553ff88680e726229a0d62dbf5bf0bd8628f78dc391c35b7d0279980d85296f7964fe1c41293bc64fb7c602afb22b4848f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
13KB

MD5
6954fe63b4db77bf2ed60218ac421064

SHA1
fc62899e7411282300a52d4f195f0ebc2c996f7a

SHA256
cdc64ff8b2481677bb28d82e85b1996b3ad3d5bad3b77d0c1a5e6e9006dbc842

SHA512
b5e781ce6d1f589d21db9757bf5f1c1737fe12e3e3e49e57b6d57311ce36bec0a19e97a3d08542f12356cc83db2e2b11c3386e5e30137e09256266f920e2fc40

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
c05114239727f4a913d3067c4698c51e

SHA1
9e1e404b1e3874bb7f24816ae4736b7809c43f52

SHA256
dcebe46595f96f029df3269e86bce8dc63ebb4eff72b49608c5a5e452da8f0e2

SHA512
5794f32a8e565e9504da459acd1d9b795d583d7273ef3765b1dc58904549a3ed1d214b2952319530c46c55db5959d51e0fa7d78782adf4337304887f08b529cf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
b23573149766583410ad36a66980e304

SHA1
9525a91355248c9862fe1d297bf93b0f9b2eb448

SHA256
3594d2b849d9602c33b44481b5bda16c8d5190b4b2096da22534264035f0bf43

SHA512
6c8519e2398f629c1fb9b207bd3b728f8fc9204acc5d63a8862bea531e24f9738f07aa20a3ab16e2ba1882a0433fbed88b3eaa8d495f9980d58f621b255b78eb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\datareporting\glean\pending_pings\701aad94-c519-4204-ae9c-b2eee466c0b4

Filesize
982B

MD5
c9d6b121ba9e5542decb1f5f700ece74

SHA1
a7068ee0d67278165566362ad557fa9888c7eb3b

SHA256
a0acaf98b27368b1a86ad6b5bbacdb4e332843d303488f29fac72a895e95c1a4

SHA512
f2b806278ed7ac3880fb341c7175be6368cbaec342dfe258fd140d1d64d27390d055cdeb5d2a0a823b8009674c6c292ba129c8181c46f0156eab633d1cd1f2b3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\datareporting\glean\pending_pings\d34bc1dc-b56c-47ef-9c44-f58d28e5f4f9

Filesize
671B

MD5
c6bb4e272f897ac6ac075e9c35bc029b

SHA1
1a87e084b0fbe6be466dd39a4a4d618d1292b509

SHA256
d57857554e336e1e2d966dffe5e772a2a932646196977e3c0ddda5d0a4709aa8

SHA512
ffd3cb1a81ef899b158db7261c7f79ee35f496f096da7d4a058613905a55a481f38916f8612e64ec28237a29fb48be3a3ab4555c45ed8a4743fea51cdbec19cc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\datareporting\glean\pending_pings\da47579f-f53c-46e3-8407-e717968b6f99

Filesize
24KB

MD5
8491f88ae39e8c3bf8f23723db23ad69

SHA1
5db90a93ea924b0b6f192cc71ceceb38b6d3915d

SHA256
e41ad4c77491fa2530ce16dd7fbd20dd064581b25134ad705927d5d11adf6d85

SHA512
e7c4af71446fc42cbc4ab63342fb2bf3fa8d1428df252c1c7905af6225a4589d03e906a1681e048c135226a379e73a68467a33e34116aee9f677b48a137c1bdd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\prefs-1.js

Filesize
11KB

MD5
a2ef072577b2dd53957222edf5a916e6

SHA1
75747b21347db880fef4bc5a48b1b9955f08d51a

SHA256
545caf9acff505eb75cd76bd66103eca7bcfd8bb2d590c228f0880993e964309

SHA512
ee76babd03c9973da8617f573f3db1165ab1744b2746db4629d363b4a077873844193902fabe7c69fe18042faf59d2beb9b73f40123a9819eaabd868c8946934

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\prefs-1.js

Filesize
10KB

MD5
5707bf4134679e6a455df6ab8faf7eb7

SHA1
ff06584bc4deb0c7fff51c04fd9caed8e1f948e0

SHA256
6ea75b44ba4d09ed00caad92f01a2f8f033a75dfcbbdd606b3022fb5f9589011

SHA512
556ee9a947385d71a831b45e736d1196fff081c3b782acf0c649095c54b76f0228e17209e15f96a5f9b045bdecb5c0e67cda335b59310b5cefed433e4115bf64

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\sessionCheckpoints.json

Filesize
228B

MD5
a0821bc1a142e3b5bca852e1090c9f2c

SHA1
e51beb8731e990129d965ddb60530d198c73825f

SHA256
db037b650f36ff45da5df59bc07b0c5948f9e9b7b148ead4454ab84cb04fd0e2

SHA512
997528e2ecd24a7e697d95cd1a2a7de46a3d80b37fd67fac4fb0da0db756b60a24648b7074255dc38f7651302f70894a53c3d789f3d7cd9f80fb91bd0cade4be

Download Submit
C:\Users\Admin\Downloads\))Full_PC_Setup_2024_as_P@$$word((.zip

Filesize
19.1MB

MD5
0139e6d7d4b4a86ffcb06e45c328ee7f

SHA1
d3840d8a8d7f298ea6173b1f03dac4a72d6a8a40

SHA256
ad33ea72bf0658ca451f4be2596801b540d2ac76bce500ba648fa4ce9213f0f2

SHA512
8e964de6aa257f771a4fe3219909dd708d5092de159e970a51c70a8c7bf0c8ce9e36d03471a0b82833ed7576d5ddaa89fb05eca514d69ad336c0069ccfa8800e

Download Submit
C:\Users\Admin\Downloads\))Full_PC_Setup_2024_as_P@$$word((.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\))Full_PC_Setup_2024_as_P@$$word((\))Full_PC_Setup_2024_as_P@$$word((.rar

Filesize
19.1MB

MD5
d932b55b2a8fad46dd982e98ef6bedfa

SHA1
bda88730795c44d15eab39be5c52075851cfa161

SHA256
c3aa7f88d2d6db056ff4ee0febef5308a2f5ebc974d60c651ccc5308d56e861f

SHA512
a89a0184186bfa540f02ea5d17e0365123c14923602a91d99a1aa82f59e18bd961cc35358c281db7c54ad45208e365ec92b8f183c2ba04c158c2f5e97cd6145c

Download Submit
C:\Users\Admin\Downloads\winrar-x64-701.exe

Filesize
3.8MB

MD5
46c17c999744470b689331f41eab7df1

SHA1
b8a63127df6a87d333061c622220d6d70ed80f7c

SHA256
c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a

SHA512
4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6

Download Submit
memory/5816-955-0x0000000009C10000-0x0000000009C20000-memory.dmp

Filesize
64KB

Download
memory/5816-958-0x0000000009C10000-0x0000000009C20000-memory.dmp

Filesize
64KB

Download
memory/5816-957-0x0000000009C10000-0x0000000009C20000-memory.dmp

Filesize
64KB

Download
memory/5816-964-0x00000000078E0000-0x00000000078F0000-memory.dmp

Filesize
64KB

Download
memory/5816-965-0x0000000009C10000-0x0000000009C20000-memory.dmp

Filesize
64KB

Download
memory/5816-968-0x0000000009C10000-0x0000000009C20000-memory.dmp

Filesize
64KB

Download
memory/5816-970-0x0000000009C10000-0x0000000009C20000-memory.dmp

Filesize
64KB

Download
memory/5816-969-0x0000000009C10000-0x0000000009C20000-memory.dmp

Filesize
64KB

Download
memory/5816-966-0x0000000009C10000-0x0000000009C20000-memory.dmp

Filesize
64KB

Download
memory/5816-967-0x0000000009C10000-0x0000000009C20000-memory.dmp

Filesize
64KB

Download
memory/5816-972-0x0000000009C10000-0x0000000009C20000-memory.dmp

Filesize
64KB

Download
memory/5816-971-0x0000000009C10000-0x0000000009C20000-memory.dmp

Filesize
64KB

Download
memory/5816-952-0x0000000009C10000-0x0000000009C20000-memory.dmp

Filesize
64KB

Download
memory/5816-954-0x0000000009C10000-0x0000000009C20000-memory.dmp

Filesize
64KB

Download
memory/5816-953-0x0000000009C10000-0x0000000009C20000-memory.dmp

Filesize
64KB

Download
memory/5816-956-0x0000000009C10000-0x0000000009C20000-memory.dmp

Filesize
64KB

Download
memory/5816-951-0x0000000009C10000-0x0000000009C20000-memory.dmp

Filesize
64KB

Download
memory/5816-950-0x00000000078E0000-0x00000000078F0000-memory.dmp

Filesize
64KB

Download