troldesh | hxxps://github[.]com/Endermanch/MalwareDatabase

Analysis

max time kernel
725s
max time network
727s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
18-08-2024 08:10

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://github.com/Endermanch/MalwareDatabase

Score

10^/10

troldesh defense_evasion discovery persistence ransomware trojan upx

Malware Config

Signatures

Troldesh, Shade, Encoder.858
Troldesh is a ransomware spread by malspam.
ransomware trojan troldesh

Executes dropped EXE 14 IoCs

pid	Process
4200	YouAreAnIdiot.exe
2008	YouAreAnIdiot.exe
3696	YouAreAnIdiot.exe
2084	YouAreAnIdiot.exe
1940	YouAreAnIdiot.exe
2464	YouAreAnIdiot.exe
1100	YouAreAnIdiot.exe
4020	YouAreAnIdiot.exe
416	YouAreAnIdiot.exe
1348	[email protected]
2460	[email protected]
1968	[email protected]
3364	YouAreAnIdiot.exe
1716	YouAreAnIdiot.exe

Loads dropped DLL 18 IoCs

pid	Process
3696	YouAreAnIdiot.exe
3696	YouAreAnIdiot.exe
2084	YouAreAnIdiot.exe
2084	YouAreAnIdiot.exe
1940	YouAreAnIdiot.exe
1940	YouAreAnIdiot.exe
2464	YouAreAnIdiot.exe
2464	YouAreAnIdiot.exe
1100	YouAreAnIdiot.exe
1100	YouAreAnIdiot.exe
4020	YouAreAnIdiot.exe
4020	YouAreAnIdiot.exe
416	YouAreAnIdiot.exe
416	YouAreAnIdiot.exe
3364	YouAreAnIdiot.exe
3364	YouAreAnIdiot.exe
1716	YouAreAnIdiot.exe
1716	YouAreAnIdiot.exe

UPX packed file 20 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1348-1167-0x0000000000400000-0x00000000005DE000-memory.dmp	upx
behavioral1/memory/1348-1169-0x0000000000400000-0x00000000005DE000-memory.dmp	upx
behavioral1/memory/1348-1170-0x0000000000400000-0x00000000005DE000-memory.dmp	upx
behavioral1/memory/1348-1168-0x0000000000400000-0x00000000005DE000-memory.dmp	upx
behavioral1/memory/1348-1183-0x0000000000400000-0x00000000005DE000-memory.dmp	upx
behavioral1/memory/2460-1185-0x0000000000400000-0x00000000005DE000-memory.dmp	upx
behavioral1/memory/2460-1186-0x0000000000400000-0x00000000005DE000-memory.dmp	upx
behavioral1/memory/2460-1187-0x0000000000400000-0x00000000005DE000-memory.dmp	upx
behavioral1/memory/1348-1190-0x0000000000400000-0x00000000005DE000-memory.dmp	upx
behavioral1/memory/1348-1203-0x0000000000400000-0x00000000005DE000-memory.dmp	upx
behavioral1/memory/1348-1213-0x0000000000400000-0x00000000005DE000-memory.dmp	upx
behavioral1/memory/1348-1214-0x0000000000400000-0x00000000005DE000-memory.dmp	upx
behavioral1/memory/1968-1217-0x0000000000400000-0x00000000005DE000-memory.dmp	upx
behavioral1/memory/1968-1227-0x0000000000400000-0x00000000005DE000-memory.dmp	upx
behavioral1/memory/1348-1232-0x0000000000400000-0x00000000005DE000-memory.dmp	upx
behavioral1/memory/1348-1248-0x0000000000400000-0x00000000005DE000-memory.dmp	upx
behavioral1/memory/1348-1249-0x0000000000400000-0x00000000005DE000-memory.dmp	upx
behavioral1/memory/1348-1300-0x0000000000400000-0x00000000005DE000-memory.dmp	upx
behavioral1/memory/1348-1315-0x0000000000400000-0x00000000005DE000-memory.dmp	upx
behavioral1/memory/1348-1442-0x0000000000400000-0x00000000005DE000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000\Software\Microsoft\Windows\CurrentVersion\Run\Client Server Runtime Subsystem = "\"C:\\ProgramData\\Windows\\csrss.exe\""	[email protected]

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
14	raw.githubusercontent.com
33	raw.githubusercontent.com

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Windows directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Temp\7zOC431E0CB\YouAreAnIdiot.exe:Zone.Identifier	7zFM.exe
File created	C:\Users\Admin\AppData\Local\Temp\7zOC43AD44B\YouAreAnIdiot.exe:Zone.Identifier	7zFM.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 11 IoCs

pid	pid_target	Process	procid_target
5032	4200	WerFault.exe	104
5100	2008	WerFault.exe	108
3388	3696	WerFault.exe	115
764	2084	WerFault.exe	119
4232	1940	WerFault.exe	122
4000	2464	WerFault.exe	125
4196	1100	WerFault.exe	128
4708	4020	WerFault.exe	133
2872	416	WerFault.exe	137
952	3364	WerFault.exe	155
4688	1716	WerFault.exe	159

System Location Discovery: System Language Discovery 1 TTPs 15 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	YouAreAnIdiot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	YouAreAnIdiot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	YouAreAnIdiot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	YouAreAnIdiot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	YouAreAnIdiot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	YouAreAnIdiot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	YouAreAnIdiot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	YouAreAnIdiot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	YouAreAnIdiot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	YouAreAnIdiot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FileCoAuth.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	YouAreAnIdiot.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 17 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "85"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133684422620082978"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings	OpenWith.exe

NTFS ADS 4 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\YouAreAnIdiot.zip:Zone.Identifier	chrome.exe
File created	C:\Users\Admin\AppData\Local\Temp\7zOC43AD44B\YouAreAnIdiot.exe:Zone.Identifier	7zFM.exe
File created	C:\Users\Admin\AppData\Local\Temp\7zOC431E0CB\YouAreAnIdiot.exe:Zone.Identifier	7zFM.exe
File opened for modification	C:\Users\Admin\Downloads\NoMoreRansom.zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
2028	chrome.exe
2028	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
4940	7zFM.exe
4940	7zFM.exe
4940	7zFM.exe
4940	7zFM.exe
1348	[email protected]
1348	[email protected]
1348	[email protected]
1348	[email protected]
2460	[email protected]
2460	[email protected]
2460	[email protected]
2460	[email protected]
1968	[email protected]
1968	[email protected]
1968	[email protected]
1968	[email protected]

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
4940	7zFM.exe
3468	7zFM.exe
2900	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
4940	7zFM.exe
4940	7zFM.exe
4940	7zFM.exe
3468	7zFM.exe
3468	7zFM.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
3468	7zFM.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2900	7zFM.exe
2900	7zFM.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
248	OpenWith.exe
2036	OpenWith.exe
4544	OpenWith.exe
3540	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2028 wrote to memory of 2032	2028	chrome.exe	81
PID 2028 wrote to memory of 2032	2028	chrome.exe	81
PID 2028 wrote to memory of 3776	2028	chrome.exe	82
PID 2028 wrote to memory of 3776	2028	chrome.exe	82
PID 2028 wrote to memory of 3776	2028	chrome.exe	82
PID 2028 wrote to memory of 3776	2028	chrome.exe	82
PID 2028 wrote to memory of 3776	2028	chrome.exe	82
PID 2028 wrote to memory of 3776	2028	chrome.exe	82
PID 2028 wrote to memory of 3776	2028	chrome.exe	82
PID 2028 wrote to memory of 3776	2028	chrome.exe	82
PID 2028 wrote to memory of 3776	2028	chrome.exe	82
PID 2028 wrote to memory of 3776	2028	chrome.exe	82
PID 2028 wrote to memory of 3776	2028	chrome.exe	82
PID 2028 wrote to memory of 3776	2028	chrome.exe	82
PID 2028 wrote to memory of 3776	2028	chrome.exe	82
PID 2028 wrote to memory of 3776	2028	chrome.exe	82
PID 2028 wrote to memory of 3776	2028	chrome.exe	82
PID 2028 wrote to memory of 3776	2028	chrome.exe	82
PID 2028 wrote to memory of 3776	2028	chrome.exe	82
PID 2028 wrote to memory of 3776	2028	chrome.exe	82
PID 2028 wrote to memory of 3776	2028	chrome.exe	82
PID 2028 wrote to memory of 3776	2028	chrome.exe	82
PID 2028 wrote to memory of 3776	2028	chrome.exe	82
PID 2028 wrote to memory of 3776	2028	chrome.exe	82
PID 2028 wrote to memory of 3776	2028	chrome.exe	82
PID 2028 wrote to memory of 3776	2028	chrome.exe	82
PID 2028 wrote to memory of 3776	2028	chrome.exe	82
PID 2028 wrote to memory of 3776	2028	chrome.exe	82
PID 2028 wrote to memory of 3776	2028	chrome.exe	82
PID 2028 wrote to memory of 3776	2028	chrome.exe	82
PID 2028 wrote to memory of 3776	2028	chrome.exe	82
PID 2028 wrote to memory of 3776	2028	chrome.exe	82
PID 2028 wrote to memory of 788	2028	chrome.exe	83
PID 2028 wrote to memory of 788	2028	chrome.exe	83
PID 2028 wrote to memory of 1216	2028	chrome.exe	84
PID 2028 wrote to memory of 1216	2028	chrome.exe	84
PID 2028 wrote to memory of 1216	2028	chrome.exe	84
PID 2028 wrote to memory of 1216	2028	chrome.exe	84
PID 2028 wrote to memory of 1216	2028	chrome.exe	84
PID 2028 wrote to memory of 1216	2028	chrome.exe	84
PID 2028 wrote to memory of 1216	2028	chrome.exe	84
PID 2028 wrote to memory of 1216	2028	chrome.exe	84
PID 2028 wrote to memory of 1216	2028	chrome.exe	84
PID 2028 wrote to memory of 1216	2028	chrome.exe	84
PID 2028 wrote to memory of 1216	2028	chrome.exe	84
PID 2028 wrote to memory of 1216	2028	chrome.exe	84
PID 2028 wrote to memory of 1216	2028	chrome.exe	84
PID 2028 wrote to memory of 1216	2028	chrome.exe	84
PID 2028 wrote to memory of 1216	2028	chrome.exe	84
PID 2028 wrote to memory of 1216	2028	chrome.exe	84
PID 2028 wrote to memory of 1216	2028	chrome.exe	84
PID 2028 wrote to memory of 1216	2028	chrome.exe	84
PID 2028 wrote to memory of 1216	2028	chrome.exe	84
PID 2028 wrote to memory of 1216	2028	chrome.exe	84
PID 2028 wrote to memory of 1216	2028	chrome.exe	84
PID 2028 wrote to memory of 1216	2028	chrome.exe	84
PID 2028 wrote to memory of 1216	2028	chrome.exe	84
PID 2028 wrote to memory of 1216	2028	chrome.exe	84
PID 2028 wrote to memory of 1216	2028	chrome.exe	84
PID 2028 wrote to memory of 1216	2028	chrome.exe	84
PID 2028 wrote to memory of 1216	2028	chrome.exe	84
PID 2028 wrote to memory of 1216	2028	chrome.exe	84
PID 2028 wrote to memory of 1216	2028	chrome.exe	84
PID 2028 wrote to memory of 1216	2028	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Endermanch/MalwareDatabase
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff8dc3cc40,0x7fff8dc3cc4c,0x7fff8dc3cc58
  2⤵
  PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1796,i,3650529635803149984,10594115134831872854,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1780 /prefetch:2
  2⤵
  PID:3776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2068,i,3650529635803149984,10594115134831872854,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2084 /prefetch:3
  2⤵
  PID:788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2156,i,3650529635803149984,10594115134831872854,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2388 /prefetch:8
  2⤵
  PID:1216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3048,i,3650529635803149984,10594115134831872854,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3088 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3080,i,3650529635803149984,10594115134831872854,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4496,i,3650529635803149984,10594115134831872854,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4520 /prefetch:8
  2⤵
  PID:1764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4960,i,3650529635803149984,10594115134831872854,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4972 /prefetch:8
  2⤵
  - NTFS ADS
  PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=984,i,3650529635803149984,10594115134831872854,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4856 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:3312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5116,i,3650529635803149984,10594115134831872854,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:3388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4924,i,3650529635803149984,10594115134831872854,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:2280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4596,i,3650529635803149984,10594115134831872854,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4576 /prefetch:1
  2⤵
  PID:3784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5416,i,3650529635803149984,10594115134831872854,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5124 /prefetch:8
  2⤵
  - NTFS ADS
  PID:3848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4844,i,3650529635803149984,10594115134831872854,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3296,i,3650529635803149984,10594115134831872854,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3056 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5548,i,3650529635803149984,10594115134831872854,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5536,i,3650529635803149984,10594115134831872854,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5112,i,3650529635803149984,10594115134831872854,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:3896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=1432,i,3650529635803149984,10594115134831872854,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=3256,i,3650529635803149984,10594115134831872854,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:3476

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3960

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2604

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:1164

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe"
1⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:4940
- C:\Users\Admin\AppData\Local\Temp\7zOC43AD44B\YouAreAnIdiot.exe
  "C:\Users\Admin\AppData\Local\Temp\7zOC43AD44B\YouAreAnIdiot.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4200
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4200 -s 1236
    3⤵
    - Program crash
    PID:5032
- C:\Users\Admin\AppData\Local\Temp\7zOC431E0CB\YouAreAnIdiot.exe
  "C:\Users\Admin\AppData\Local\Temp\7zOC431E0CB\YouAreAnIdiot.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2008
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 1232
    3⤵
    - Program crash
    PID:5100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4200 -ip 4200
1⤵
PID:4120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 2008 -ip 2008
1⤵
PID:1968

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2760

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:3468

C:\Users\Admin\Desktop\VIRUS\YouAreAnIdiot.exe
"C:\Users\Admin\Desktop\VIRUS\YouAreAnIdiot.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:3696
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 1452
  2⤵
  - Program crash
  PID:3388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3696 -ip 3696
1⤵
PID:4472

C:\Users\Admin\Desktop\VIRUS\YouAreAnIdiot.exe
"C:\Users\Admin\Desktop\VIRUS\YouAreAnIdiot.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2084
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 1428
  2⤵
  - Program crash
  PID:764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 2084 -ip 2084
1⤵
PID:5004

C:\Users\Admin\Desktop\VIRUS\YouAreAnIdiot.exe
"C:\Users\Admin\Desktop\VIRUS\YouAreAnIdiot.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:1940
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 1428
  2⤵
  - Program crash
  PID:4232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 1940 -ip 1940
1⤵
PID:4456

C:\Users\Admin\Desktop\VIRUS\YouAreAnIdiot.exe
"C:\Users\Admin\Desktop\VIRUS\YouAreAnIdiot.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2464
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 1436
  2⤵
  - Program crash
  PID:4000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 2464 -ip 2464
1⤵
PID:3660

C:\Users\Admin\Desktop\VIRUS\YouAreAnIdiot.exe
"C:\Users\Admin\Desktop\VIRUS\YouAreAnIdiot.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:1100
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1100 -s 1424
  2⤵
  - Program crash
  PID:4196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 1100 -ip 1100
1⤵
PID:4616

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:248

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2036

C:\Users\Admin\Desktop\VIRUS\YouAreAnIdiot.exe
"C:\Users\Admin\Desktop\VIRUS\YouAreAnIdiot.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4020
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 1428
  2⤵
  - Program crash
  PID:4708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 4020 -ip 4020
1⤵
PID:2112

C:\Users\Admin\Desktop\VIRUS\YouAreAnIdiot.exe
"C:\Users\Admin\Desktop\VIRUS\YouAreAnIdiot.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:416
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 416 -s 1424
  2⤵
  - Program crash
  PID:2872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 416 -ip 416
1⤵
PID:468

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:2900

C:\Users\Admin\Desktop\VIRUS\[email protected]
"C:\Users\Admin\Desktop\VIRUS\[email protected]"
1⤵
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:1348

C:\Users\Admin\Desktop\VIRUS\[email protected]
"C:\Users\Admin\Desktop\VIRUS\[email protected]"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:2460

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:3420

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:4616

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:4544

C:\Users\Admin\Desktop\VIRUS\[email protected]
"C:\Users\Admin\Desktop\VIRUS\[email protected]"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:1968

C:\Users\Admin\Desktop\VIRUS\YouAreAnIdiot.exe
"C:\Users\Admin\Desktop\VIRUS\YouAreAnIdiot.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:3364
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 1436
  2⤵
  - Program crash
  PID:952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3364 -ip 3364
1⤵
PID:4060

C:\Users\Admin\Desktop\VIRUS\YouAreAnIdiot.exe
"C:\Users\Admin\Desktop\VIRUS\YouAreAnIdiot.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:1716
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 1424
  2⤵
  - Program crash
  PID:4688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 356 -p 1716 -ip 1716
1⤵
PID:2540

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa39e0855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:3540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
d2a179ec1f9ebde1a24e2ee178176452

SHA1
3c52f1bca4ed297be1701b62dc94419e1d1c9dd5

SHA256
d823494172d72429cf778f8b1d7abaf06ed3b2934b66ad9d833afbcae0a95d06

SHA512
d50611e24accaf5308482a7166b1a10cd09000a117d7d668a0987809d83622bd2bf5f0071c472ac66637574664b2470a0b882a97eacece8de68e714d64ff5dd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
37KB

MD5
a2ade5db01e80467e87b512193e46838

SHA1
40b35ee60d5d0388a097f53a1d39261e4e94616d

SHA256
154a7cfc19fb8827601d1f8eda3788b74e2018c96779884b13da73f6b1853a15

SHA512
1c728558e68ed5c0a7d19d8f264ad3e3c83b173b3e3cd5f53f5f3b216ed243a16944dbe6b2159cfe40ee4a3813ca95a834f162073a296b72bbdedc15546be8f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
37KB

MD5
48f925eefce06701a10bb34743596ef6

SHA1
3271af5587fb44878f2355cb99cc2a5a915706fd

SHA256
85712a77e89fff00123155170da85c01b812e5b68de05a05f59c71fcba597a17

SHA512
76993db32748cf3f3295318b153ab6fd85d18a624f5b75d85d2e8c7b39f5d19003cb10c659173dee6a87aec02ce30f3f3219ca9bfae0996e37db64fd6b446d6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
21KB

MD5
7715176f600ed5d40eaa0ca90f7c5cd7

SHA1
00fdb1d5b1421ea03d2d33542a4eaf7ac543d3d0

SHA256
154632629a0698587e95c608e6ed5f232e2ba1a33d7c07fea862a25293a9926e

SHA512
799cfee1969b6137813c98b83b90052c04527b273156f577841b64828c07c4e6a3913a6ddd49ae5021ed54a367ddbc5ab2193226960b0ffe9a618c663c8d8a1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
23KB

MD5
bc715e42e60059c3ea36cd32bfb6ebc9

SHA1
b8961b23c29b9769100116ba0da44f13a24a3dd4

SHA256
110ccd760150c6ac29c987ee2b8f7c56772036f6fe74ff2fb56c094849912745

SHA512
5c0edd336a6d892f0163aa183e5482313dd86f9f5b2d624b3c4529692d70720f4823808f10ee7870fd9368b24de752b343570419fd244c33ad2d9cc86007bedc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
106KB

MD5
99f7b59bb69d6870454d0e3b02b058fc

SHA1
e8a23b7f7d941b128e378895861c79d501b2e5d1

SHA256
9d0dbc4343e9201276b332eb7a0de1c3efd103f86547080a5e6162ffc5f21e0c

SHA512
16bce0bba157c0b45b28a90375075739ef702a3f2709708a4adf4e6af99ee343cc2b25d752968b6053cbf5317dc30fbd6713bdae825de58d9f06bd2192ef92db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
60b92978640d187d8493a891bf21f5e4

SHA1
992d0b562951f58d02a82b7c4dc757337e09e2a3

SHA256
3977c51dd3182d70d434af213518cefbc02211b9359595149f9ad8f531ac361f

SHA512
b21fbe426d07f5bc9749f45f532e83c6a54218ac19577403e528e1b050971a39eba895083c45034657a0c323b30b52b584c7bfed11916381a1259fd0ed9556d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
c4cfab811f164ba27d3e03c648ea1499

SHA1
be69cce1464d23db05f6a6a68d034b5cbd1f4176

SHA256
14c4175a35ddac2ed93644f0e2dcbc93ce29339c16a262ae5a98b6514a269df9

SHA512
7ed1a9b5ad6d434d12a4e21f00b55621dea56a09da6cecf642c7ee10790137f5aa5d62771c48c056518d9a6f65ba9381a7ae9a98b3baaf83b030285ab84c9c03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
9b8b954b6b2da174298778bd9c8ad1e3

SHA1
2a485d92765f119fd13aad80c3140c1b20f2468e

SHA256
269817091228b8575305c4e7a144b324080d92258f515b2f491cdf8ad3badc14

SHA512
8db2a35e08aeb9789390fb0a65cc166c19ee385fee59d6d0f099079ccbc712235e6375fc12bd5c8ad75fc325a81d07e3b7d11ee65bd3404f540db3317660aec9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
6cd7411d74db351aa57a3280ab3004dc

SHA1
caed35be11c8dbc65426b842f91bc94dc5312890

SHA256
a901acb3b8bdd45f4731fdc58d6299baa531956301f483e8c73ebe9bb99e4156

SHA512
a30f1dc0a7dd81d319999062266c0699bc0ba04b89578fce9f5d741a7ae1d3c364a768e36db5a8da35d791f5ea439beb661375ca30b10334726bcb5c93579aa1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
5192f59aa360e30d5d16fcdd6562336b

SHA1
e3095868671052a216d9d70cd77d1051373cb70a

SHA256
a4a403642494c6d5bb7d2d6c0c4293bb78be993a53c4a6239f936d1fed39a1db

SHA512
e2c2944c1769daaec0a9c3cfabd39d8ef7e2ba7f17a066bb28f3756ca1eb0a24967ef72ec6fa1eace4f26dddda430fd1b24ba9a7fe9b83bccde8a3e20b673a92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\5a101659-8043-46d7-8b7d-70bd1251be7a.tmp

Filesize
1KB

MD5
dfee7b11aaee5ecade2b42d1d78983f4

SHA1
952ba4543a16b27014c916432e6b2a7332ef4e84

SHA256
65a5233923b2d9a2649f09eec1eaa91095c8ce0d00f99635cf96d0eec90b67d8

SHA512
4bf1b6bda5f0a930398f7f8f9bdac38a4efffb83c06edd332464a185233737747052813034357dd48be222ce51c2d9e43ecf1ec71548b51afaa31f6a78fca7db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
91f5aa291272145b0091202937f6b6cb

SHA1
d5d0cb34eae2dcac518e684caf9ffa55e0d51447

SHA256
404a91dfd69dc32d5c8d3009724f753b56b2462dcc1bb9e1ca07c1b3435bfec1

SHA512
b05ad4e2a989d4178c4bf5bd3b6472c5be256ab74045dedfb80907281d3cb62c7dd4f1e1ec8c0803860c7896c88ca245542b2e3df395eaf34263ea21a1c01711

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
a173e4af3c36d10f36bff07e738a795b

SHA1
e7e5c62fbf821afd6d6177188ca5db498e0f907d

SHA256
4490efea88aa0978425f835c74a94f837601bf3833d59c1187fd80c20f934b41

SHA512
372350de85901dc0eaca24c58c5e63d1e88d5297a6004d0a018fab40c350237e442bb414676312af64ae0862b3e67224f67a188fec7ea6305f668a78461efa49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
0cd96295b23ed7093590e2d7244e79d6

SHA1
151f4658652c9122746034fd6938150398fedfd0

SHA256
e67a0b2294b33d86bf55df2c88a16a5d9f4aa5e1fff01936f7fd89857e6e9a55

SHA512
fb89e82f55718c58443988981609b0e0d78fe75291e0bd889846981f18fc833756becbd1b57ae5075279d6ab9918d0dd8c4eb2fab8dcd4ad2e932240594f14d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
acdedac38e5f96f3026879c6729b285a

SHA1
d2a0ad020126361c05d45f17ce97dfbaa41199e4

SHA256
6495b3c637e7307d37ce8398491ebc0f749c0a6f2e1af05c0256adcefd57d228

SHA512
da22a214b880fa7a313ce89ca7f6e5468ab4e9e4df7812e557ed9efda46068f40a2012e31798003afeea142eac288f98fc66ce21eb79ba70ab3534d22d00f3ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a8102461ff14422c0b78c9ade39d561f

SHA1
dd52668f599958847dc2f4aa4c2ebe2215869eac

SHA256
57dca76b9a8f9939351f909652f30874d15bdb50b885f8a1a74d6d7ed7cdccb9

SHA512
c55cd853811bf58e4f6b5bbe5cf1c16b176a2ea3e8713277c9a58feb6b252a09fefed27bf90a00ec60fbc43e50f3ddda198ce531dcd83f4e22692f11b262a8af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f3d4d129fefa26f9968a2fba25b601b4

SHA1
a7abf78c4ba07852f3137afe4b275347793875fa

SHA256
6fc7fd52bb609c8ec8ddd909eb2cff2254e3b0a9af25a9dfa766ed3f6f790424

SHA512
84e0bff641eaaa54e93018558631f52e5b1464621915c267260081718bc1344b419c91e9624b82521815cbf86f0af3f75dd2b65b65b73bb9cd712c0f71b188f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c5df4a09ecd4e186b668c6d1e9982f5a

SHA1
36aa64a71f65ec3582613e16acc3deb235805543

SHA256
c4bb508cb2979a5d0c1c3ac311d938480a10fd07d60511517ef7024668557f77

SHA512
c351cdf220af3e12c6782b351256c5cb99eb26e46869c16f1d0f5148d26fca9b4e8949a40459670d87463548b378608e362b32f8f743843376e67efcc54e052e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fd67adf217b32d383c6fc530e80bc6a3

SHA1
92d19f16cc0db76e62e07894ae4c54bdadf6bc67

SHA256
62e490bbf4d81c31b22a81837240eb669608264a10ea42d37a69e2028f67e72e

SHA512
7fff948716217bf4a2c54ba2700a4d0d308f3a5d133f294b0025e400d2c65eef7ca340c4b493bc6b7673ff2d0934f0fa5dd70d422e8d93799229e4800cc2ef59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1da6625eb7a25a48f8502d9f46a43456

SHA1
1fcb4f363f44d333238575fbe4587d9066b484a1

SHA256
68fa8c460f3920736259d18c1090f45c6a63a8b54cf2239ca58be676087a44e4

SHA512
d7881d2459fda03c2cc4d359cd1710b6b724d15cc43871431ada358a4006cf65a3d405142a11b0a5c477f8f372ade96f2fe74a4dcdc8e1221db98f3ac8b62e65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
70e7c3e2006beb6cd6df7b1cf94ce0f0

SHA1
ecff7e350379794d26b2503e0deff19e92ce0858

SHA256
b59a661394c853b0ef4975b3d69be1a416dd6face20835c87c45f00a3b170da8

SHA512
1ff168d64498401210a03211bbf8b6464f80c40438529f3dc872b9b9605e3d68838d380654cf371a350fdc13778fd6dcae2e529bbca52ae2fd3ee8da8bf0dcff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
17b710d772be71110c3a3fa0e4664870

SHA1
58a90c7029333ed40741719b4e7e1584a3639a27

SHA256
731dce21b524a908b66aed487caca2f2eba701ddacb37916a45cc58778e1e0ad

SHA512
6efff49e7714f097365a639f4662f90cb9cc868fee9f4751c95ed93e1ee4d65255c229c0771d16783d4f1a0bb53e0ea171e02050a7c48cdfa29f1039bedcf0f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9d2f56cdf296793d5c90c8f387909471

SHA1
49c317bc89fb80ae68808aa266d92e23283abf16

SHA256
d6592fae1da7a2992d3080b133e1c87e348f20786bbae55912cf87bc03009ebf

SHA512
8f46d861ca9d3478aef6b70402d9ec1e98528e77416d80d27ce1e86b316fdb6ad28e9d84b39f862feb7eb8c003cde5591202f3c35c7865b2fc17ee18ecc28445

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c370fc8f0033e9e5f34a149daff0f564

SHA1
5de4db338649934a885e57dabd78eedb2ec748d9

SHA256
48b0bbaa542c98e7e3a299a31b53b146def538b77437c3c2465a237ef1b63eba

SHA512
e526f073e7564be8ea2825add3c87fa570b21e8be84abcbb3e0f8c650292cf97947d8dc8b70d1492bce25413fac5702583a905d2b8fdea739aa8599daa3bdd8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
315ff8d6ef05b67209778cdec3a66cfc

SHA1
0b611c446d8339a1f1ced17d295d0379b50254be

SHA256
7564b42e5bf86f9d3386ecbb6775eed3e541cbef71bd4586e3cd2613ac8722e1

SHA512
63768baf61f0ff8939aab92c404e32d97b58662823f63d6c73891c7c0a8a182e6165aa885e21b525817e21989b11d2547db55093674e2de58050f576c1e65368

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
008b2fe711a5b057f579ca61aeca7be2

SHA1
aad8ffa4d6e9e666e3de666012b74a31e1eeefd7

SHA256
ac2a249a9b3b5e32dacd81925dfd051888b674c352bdadf846fed1034f016c05

SHA512
a93f035da5c1d4539c578b2f1d471a75e43a438c2c242ea70fce68310c3df728c0c303fc8b031e5cd546310156041229d439c779ece01d312dbf26078957f58b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cef5f466fe4a2439800417ae7f975ab2

SHA1
9938edb75e78872dfbba23e1fb8632e041b3d31c

SHA256
1b06757a899b17143d3dfbbf70ee6477f29e7ac017cfc06dca385a6be964565d

SHA512
5dc95538c79322237ae5ddd6029482e47fdb2095a85fb8fe0e4c3e42d6f6948bd4d4acedf28a5e2c2638e86590addb99275c6822d314902ce0d33f1148bce3c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8083dbfa2f68611958d56ef4f99df88f

SHA1
c85a5e7a2544fcfbab1d9fcae6555328a509d07c

SHA256
410d9bfaaf0262a4d3482f64a91b70e3f9e475a922c37861f4c9f832f7278aaa

SHA512
7e403a61f521b3152e2dbec2090f63f2004706486307c2ffd1fd2fa57cb4368e21f279a6b2fbd42d99e314e44c52b908b2a4610d8057e025959bd14504608fd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d04536dcfad409bf5cadc8c0bd477c3c

SHA1
141c33e0b29bd1414dfe5609d81affbcdaf5a237

SHA256
7449d7e22684979c49140a5a43e37af5dc331a1accdcaeb27cd888eda2445db6

SHA512
5207ae18271182a614e34a9fef5292aa17c9b73077c6f1e45313b02955b04e92d4470ca1ff97d77a538ab532ebcc3f35f3031038104a3c74453c187e36025bfb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4ccf7b1c84225a577a8abf897ca1de09

SHA1
302b9429fd62bc8abc1a2186e4e4cae6c6a4e5c9

SHA256
fe343306ba5fd73906743bed2944fc74c52e328d7873ce744d3c462be0d18749

SHA512
c6122092a11d26e95e54106f20a5fdef4ca772e4a7e75f736886dcaca20b356e4c029315442d3e97698122f54d96b29930df6edc24dbde670330f5240a974cbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a2f77599187dadb3dbf17ac0f1305ad4

SHA1
389fa14df77e26d55575a6e968745dd81643e491

SHA256
1170f00e7d51f0b5a510e507e68525467c26c8b8fe5e880224207d6c7c72bd47

SHA512
efc0d43dc5a923e359c89d438bd26b44971a40f1b2fa2a81a8cdc71656898911c9fbf853a113728880c92be0bd93ddef5f170ec290b0e049fafefe812608f5f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b71b15457e251605c9bbd6022b0d160c

SHA1
b1ab65f5c7eb87075458ba8957ab7c52f1db48e1

SHA256
9f3e5f7005499744f36d1b8175b21235966da2a4d9639e583d7349bbc8a4ceb6

SHA512
47581166e82ad2b624f9954e8f114a2498147980b2f45dc79e2e1fe6e875f7ca713ba311957e2e3c9bf291e1d02d659ec80eb71c358ce02263999015ebe46f5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
061a3c5a674740c8d828e125b85558df

SHA1
3e4caa5af2a34c4f4ab8357fd3107a6781fb1c4f

SHA256
68a3051aa5e93eb36145700d507bc8c1b95b4bc1499fc56288079017b99a4618

SHA512
ef050e93db39e72c844640e3f6b44414c0144eb4b7a5dad6983fc11f52fc3ba77be38e490a22d578965563a85eb55c974fb8e75d01b9e11942df333e5195d515

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d82750d119b80c8bcf5832dc43ea7a83

SHA1
90a4261d1a1e66dee5891c3aa74a7f3d29865b60

SHA256
2dc6df0040a5929c433f6abf94815e11def583cf8b104506ee626854ef107014

SHA512
dfb4a02d82b839f51bf6b581cf087a54443cbab658d1946403fe3f888c41e6bf28ab59f3af4762b7b2e5c8e850046d3ac1d20903985e729e1a3477a1c2327ef6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0615a8fe996a8cf7fac1359b4077d830

SHA1
5d37f5f98c96a8e91551a337046ff029fa228aea

SHA256
2227e51743943d48b481795d3fbb776624b821698d5f80d4cd182905101cc335

SHA512
0e34f7c6e8eb02a0e0057aa2e0a0839d06f3df056383379a2bf563a6e8a68d72467d938755c875dd3cc7b6329835cfa0198dc7d2616918a3ae05fe1b69bed81a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8faa07eba1026cbf6b76614cc4b5b4f1

SHA1
c7f0e8ea983da7465df29a94a3e563e4b89b7051

SHA256
2efb3f1b5b6476fa1f958dbc845462bf72fa21b081f4fdedc47148cd6d7951d2

SHA512
7751cfe7a7d24ee3396f8070020d17a551e15c4a08a411cfdc96aef9c100c2ae2bc202a16f1de13dcc3145f4fa98dbdf0c306a075335fec846baa802d7695708

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ddd345e3f252ca29779eb9ecd6adb461

SHA1
f2d03f83a138905da754bee9f0090db1a9d1afab

SHA256
4ebcf635719d08ca4acb9d908e01a82f07592d26a39c2459c9de5f4d45bc0416

SHA512
33d08caa15c6a65c068ec9cf2dd22b3fba31851b88cd32b56f8d3a8b6a114d0e6af65563a187ab1f53ce6f08752cd4f3063ec4ce4ccfbefa4eb7505b72f5c733

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
28f18ff853d8bdefb24f66d4b1fcad55

SHA1
4e796212c1184ca54f43b72cce13fe0ef1bdb3ad

SHA256
d0d08d435754ed766208c0eb2ed738207c06aa0d9ab7a6f644759eb2d8a57cc7

SHA512
44f92f89730c66dad41f66040b7fbea095337be55d522015e67ce374362e37bc492af838484fdf1feae8acbdc3cc69e39cd737d7817aa26f3c3d466c29838a5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
76e075d8f003ba9e72638bea87554b91

SHA1
f39c5b19810aa34320652a621d58a437d609336d

SHA256
4ed13a49b492545fa9035c523ff16180919d0ec4055f3b57fd1c1ff0101dd9eb

SHA512
d4e66545a965d889d56f34c14160df54337d76747af9b47da89bf77f56bae6998bef46c66649457ea6674b34dd2004ccbdbe59eac6d3b0df155f9a69fcb89b77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
38d788a2316552dd5fe6892dc999b1b7

SHA1
467ef573f1957da3ea7f6191deed0f2e1541a7fa

SHA256
4683337afb1934bd330b01e42cc83133eae89b5d091aec57051d18c4eea5c235

SHA512
7bc56fce21298fabf984abf3762ca23ba36d5cae482ea26abafcff23cdf373abc18f07e4bb8daa614c65dfa15d7a5f668d4b9691d8b5d3463918ee7bbd51f994

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
856008d8ebc8f4dc4d62af0ca007b10d

SHA1
ef35c6253b517e8c871b4d65ed1a7f99c97e1d82

SHA256
572bfbafa3f35bc34e5da771767eb67c848ffaf5c53c801c924cb054cc2014ac

SHA512
f716e40700a0910516e3def90b634de7ca1231a34d8bceda6d8f4f99c0b642cb4aaad0fb6766057a4181976dff0a3579ff126d313ba7dc9df3fbd615516831bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
eeb5e1d941bc18c23e62deb2e2f33e7a

SHA1
5377b78105155f25d03c775a8feb96c084934388

SHA256
90b41ae198365a088468bd9e5560188adcadc32e2f3064e2bc68ace0ad6c30c9

SHA512
c7a0eda244ba3ece8edc447ab41adbf573e67da79621a5dccb619d039cbdb0b5fb8a17f16119da39e6ccc24ba39407b03ec40cef7f5430614e4bf427246aad10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8b6fbf20455cb1797b3ad23a90cce4ca

SHA1
a6d34cb45323a9437279300f335225ef7abc866b

SHA256
4e8400c56df043bdb9a80d46e4dab0f4e62cfc8c38278645a489d84d1d02a77f

SHA512
4ce22fb6a6bd09542f783c93fcc30f5cb6eae299404d2fc6dbbfdf2ca8fbf769582b80bfdf5fab5996d3b70f91864f01e84110df66a0cc1db82099ed41841d0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
829dbb17a50fc70e9f4b11449a0a41ac

SHA1
473fe706f03948adea4df6507d167c1bf7712f5d

SHA256
b3b73134a907ba7659d98ac5b68ec7d5c83a2b4cab3b8a11ef3c3a43a7dd5686

SHA512
9f2d7f8dcdd01a7983398072ac680a5f564f60538e9e6bcf4910f9792a014d91e02e27e631ea8094defab96ec11fe596dd6df972e37fb27c5cf297a05ababd43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ce571020119115f118f7ea9907355802

SHA1
1415733521637ec44ef3e72081caf0adc026c8aa

SHA256
396a59346ef4a9a84b681cb95c784645335c26783241343bc45294a76fe70667

SHA512
fe540eb8dd19ea0e8a4cdf8859c3d4c45eb2ed16f0e21ec45b8e4af9a0592c19a9c7eb3318adf9ffa325fe5ba3b4da880989733d1d0482afdf0a0ac51348257e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7d2dff7af2b9ca2f2d617b1025055bd7

SHA1
1d5b74ddc6663912f05c0597d22118a13c70ca1e

SHA256
89c58deebc031ac2cffcd0284662afbae7997b98bf907eba4cb857d8b5d69467

SHA512
ed70e6576ec95d8862147e6d8a81e7e1372f687e90ce1f386bb9fa5af9e8ec122c87c1435932bfffec518912a42e35b6c318b39743ede7d386a7265e5d89e855

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3a0fcfa2a263c250133ad66341c81698

SHA1
74889a7062bd43c6bf0865006d52b52bd29878d6

SHA256
382539a0722493244c031d976a436f8d3dd26f68f5abd0df5f20fc83d67b5ebc

SHA512
7ec81eace9422eae405600b2f54276be61e48a8090050a52be1e122cb11ff1362a76d954320575543ca75e79db2939a4d34a65eefeee9044d02fe3d5d4e0ea6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d825fc0b69586580a0a7940035d9845f

SHA1
7a01bbe14a82825acf9931707d9c1af42a990e59

SHA256
e62d49c4beb31e67f39c41803d41af3063d967cecbe5649328bfb4d90edb7773

SHA512
9c8c6a865e71d505267c67d53b75ddfa4f19ca0c4757fb35ef40acce29667d826267538affad3ccc97d2e2e71dd7acc1120f2bed512e11f58d0b2a44f0adf15c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b107be89703832ef36c9891bce9c22c3

SHA1
4e8dd39f105039c2cce11c49c3a594e42e903f1f

SHA256
dc0b1c181872cbf0969a5c6df7319ea3663f193157e96f051796ad25f64bf1ef

SHA512
7ddd079da95a1c252d7133923c64053c89b7e1b3bbda7e77fba50f3cc130f8444a3f7e97b001d5bd89db7acc5eaba4ec1c18b2b77a5a319207101c14d88f23f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ce7ba16ae90442a96f7984b16ea5d239

SHA1
f55cf8b4d92651725e8e117edc8296f4b11f0de3

SHA256
10b0ea2966b7ee9913866f207186fef9189af244d7a156265f5f4135535eda8d

SHA512
29b12d0d54523c0fcf8996ccdf5b4f7d1c0e38b6d5e5933fffa85064db0cc3a53634400bca17d782076abf12dd30e61506b96b2c1e7a6b1651063998a163f1b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a319a05f2aade716b44a41336b828b7d

SHA1
39030caf5b3278b193cbe14ee8c747c2026218a3

SHA256
09289e878d96cb0df211fdaf6e044715575cd999744620ba78b8dae264522b9a

SHA512
068181fff5741e40b23e19cd9ccd671199f7b20dec332d6523da354d24e3a468d755682e46653c0c60b618aee2efe0e0e78776f356e36589717b1b1cb57aadbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
743b3d11747d3e55706fa3242d648df4

SHA1
9ce654bc1263607dd628d4905346664306308047

SHA256
88a273270b0dc9b587ba492d8c5ff8d824e0fe9b9db434c37e695ecbe21483ef

SHA512
93c2b2b216063eda9fd0e4fe2c79de9902251d0e2ad9db9f6529eb853ce858d05815afbd414237b4cb0366a76bdd96d16f43a2edb27d034bdfade63417179092

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c7b93a19b0efd903d269ce3fed159fe4

SHA1
bfe13906dc987ca847f70ee087dbaa59247f7432

SHA256
d3448a5553aa176bdc4857089e48f3ff1cced4996c611659ffa53676a9d3c509

SHA512
f25aeb7fc2cbc92fc68984a5a1a90ab4dfac3c0d540352661739fd63537ecc5eda5d51f82158ff1c3af84623e987d5764a897e66084d64ad18c1557476a58174

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d33df115a0d9ff17bdeb1a0d716f0a46

SHA1
6c1bc69bf7e087fb71a31efceb53386f7d28086f

SHA256
ad5a9892565b15c23faec86af39abf939b729f339c48c8d460d43420ad62a80b

SHA512
63f8fb04759809d80af7011bf0667da04ff96ba66b7cf2ab02f70ffa0f122b47be9511eca16f18db92521072084f178734ff90c2ef1b7afae9cf00c06fb7981c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2acb0c7bbf743aabd16efa86afb73bb2

SHA1
fed39a9954fc248ec992d228ae8320f2af3499ee

SHA256
ce9a7a37567176b2a3505303a7bc121454ad4f6594e50e6d2ae30d48230665fe

SHA512
8aef5652b28c75f6eab0c622c350beb6341793e2031ca9bc5271a5fb59d15d1cb5b18380f09ddd85c57ce165dd7d32cda43cc4cbd11e04a837d961c5c4882000

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4e3639f6d11152fd05c203b31ec600ca

SHA1
d2444aa89fe2018d19791daa4069c0e0e632b1cf

SHA256
0bc7091ebe445d8c74ef3719969791b0edac9616dcbc303d042e34512cdafc5b

SHA512
6adf93423fee20be73ac403c7cd619575ff5c4443b30f7436d2697fcbd781321678b84383c26241cd8e37306978f919d8ce582f054532b1db0f265d2a7a26eef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5feec3f3d9d32033f5692326f2741488

SHA1
21cffd1d27a9840e8c8f786f590ef7a5e962ac8c

SHA256
2af2feb0e5ced39c89d0506755a71c69a32b340eb8d12f2564aaa60d59693aaf

SHA512
35cc1dda36c0dc6ba114fab764b00a393f2403910af410dc404748f36cc0eb0fb89c0b1f955deb791c37d866442ccfbcfa414f5e4d293228491c4689c8fc1b38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
86df916d7cdf3829de8ecac5977fdd41

SHA1
a05266e3122bc9a39ced3c279e72c15bb89dec7c

SHA256
91b522b0f116a4baa5256d0612c41093099915bd16a6e250899b551ce691c2b4

SHA512
de7daafbe351618548b544a9f1d12fbb75555151a4e41d1fa6a83197cf22857be99837966ac932453b244bcaf551f048f0668d445ef566d1e3f44544bc75eb57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0732e2d23d54369f6ffc5d5a26abcc5e

SHA1
84efb8ec2863db0433af8d9ff789ef1304147f2f

SHA256
e67e6aead3ccd824bb4b7a7099f6c75ff2212082b4b561cb725dde077dac31dc

SHA512
a99343c96d9966189e51a8a339685fa3210f3c61534a325ee0360ef5317cea85fd42907c18340d367309a1d90f1c4b822eb74bf4ebc8d6ac2338ce796264a7af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
68fac7d498c85ddb6103e1bc23248377

SHA1
21945cd7853d039fbe7a6b11fd4b85de5da90787

SHA256
edd99618ccb361f7b6cc55b8ca87be230c412df07747e75128e846762389f79f

SHA512
0f4a9367ec037e293bc0bdc105082affab227b72192c037ae663264df09295013403876368b3d56af0df044b8ecde7cc02304d64b7bfe01ccc2c42f80275cf25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f62d9b66be9605b171463b83f3103cd4

SHA1
0f64b272e3ceea7489610139f7a58024176a3008

SHA256
25c501b95e769beaa196da53854cb7766242122228df5fc4e616e1110d73e306

SHA512
2c8eeb5644a10b3d61cf6ff1380b1057dd2b86cfb46c767df5c159bbfe5183e54fb35f3f25aae564f4fcc0acf88d20e8e83368b19548db4f1db047814ed48335

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1fa05d8bd6f25bb2c024dc353cc8df2c

SHA1
ac32037f29a2b0c627adb6d1edba380057e81b88

SHA256
6a205cb6bee26d9339ab520312938ac0dc99894838faf57cf7b0495ceaa77248

SHA512
67d16fccb46b567f859e60fb2fd7e602c06bd165ac7c04830950da25a6ad9b7bdb415e1ba1c3c753dba57b593f7aa5a6c8aac066e3336ded7d135e314c7929b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e657b71b8353c5a82c48c46b385d41c1

SHA1
c9a3c962049dfca5011547783694ddfbd9fccf41

SHA256
eb140cfb88d2bd6e212aebcde0edec9bd7d2c410439725b491aee18fd39b6db8

SHA512
40f868933cba441e0f684cf3e86604d1eea5cac5ff3838c76c9fac2f8385702958a42024d684bf01843b127345686347e58a8a967305bd951b2c605555f841bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b33ab06bc611216b25b2308169a26e4b

SHA1
d6b03d5980a3f355c3cf4014dfc2328d855de02c

SHA256
b5464fa5bb70e2efb85d0532c73139733e621f5ddb60c3eacc289c4bf6d2ca19

SHA512
f792d3c7bfba9401877a3968524a10d1fc750d0962c75f3559ccab082c078a74197e37518ef1d58bdd77bdebc5a63dcf4625485d9abf9731a8d59cc7b25ae228

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7a184e010a8e7234c98446247804ae4d

SHA1
698e72e71a68341ba48d26038b27df5e793fc34a

SHA256
2d58facbc7b80dfe9b78951566baa6010cd0675cc22f129d1e2a96cd62a7d3a3

SHA512
6fabf8efe159cdc79e963a2f0dd38f348b570459ad2ed91ec34fb9139205b41ee3b005ca5499eed00a64da10e2cd39cd443f6fcedf2a1a0647f8d09a42bb1646

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0a7a6346131248b44f41626b5b9aec1e

SHA1
dd5519394e0dabfad853d8167e044269e0806552

SHA256
227c987af6fc8e1a5038c77ac0de9cd82a5e82a423364a3882cbb7ce47c1af28

SHA512
2bfa34dc9f92a9de063bc9972cf89b636d820a6cc117dbe4f1d2d4a0a47af0eff5159bfe3ac7f518ec102c86bce489e8322921748b8a9ac3ca6e844e943856ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3be56d3341abd5d6faf303faea492f1c

SHA1
0dd1db544bf30737fc388c1b3ef155b3cafbb39d

SHA256
7dea1f3b2b8d9b0a896b89b81e4876b46a22b7492f2f6d843899b153b398a8bf

SHA512
baca6e27ab5094d7b0bff554d279e418959ab628290a5a4058da1e73000ae7c833fd497cd0baee4aa961ba9a10fcc1d418d11990066c98e04a357be342ded651

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
713c2577d2259c65d18bced13465a6f5

SHA1
02d53f26473bd174cd44de38efae46a722cb1490

SHA256
76b51473f89b151f7f685bdfbf817b03ecd38b0471c40bd8c2c70679875ada85

SHA512
d0dd4e8cf7e5e8f974537287c039f254aaa9d2d0449100d456e65c89b131baeb2585d24f44b094e9113a05019304bd668feb94f30dc38887a70e52c3b3fc307a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
24583ce8dc9efb6b4bd59bdd3c4fc17c

SHA1
b257161c1d6a78140fa66512fdf6a566dc31540c

SHA256
684bd0f66bf4680212cd96206dc7884df885e7228ff4ec31af395b1b4f8afdac

SHA512
efdeb2715d16235d22498982e1c3c41ce26ef217dad2ef4e705dabdf23a5974bd5e3928e7e298974c10d54488be5539b533310d9c4827921c181925383904237

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5f5eb10c37f35f08a033135554faab18

SHA1
e6bb355ec8cd134d7532269d986d67e19d111c61

SHA256
842095257d5eb32e3c90c746404da8b779fe2c1a2c212308011674479ffa605a

SHA512
94edabd2c56dcbbcbfa3ce8b425fd734f78491e37dc6f096ca80784db47c0c94623ddd48031d36d729757f8be327bbbf6d123769cac436c2baf5996d9b6acbde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2a8a774594a636438400f5a8c9ffd4bc

SHA1
7a143ed5dc873bb5a100584a80f9aaf91e488233

SHA256
5591dc4f9f3913d4127e0a0beb0f987e332bd299929451883da58e6ba546a8f6

SHA512
708378a3553e14cbf5aa3221599637b167a384954609e76900050708779b13c4157cefb9f5150e5decd68374d6eda8f715a77d74d3665c7eab0d3c7513439061

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bd2d6659f562c6f12c5b14b12ec3cd2a

SHA1
a7ddd0e6655d97c6b71da9db50a9ef7657dc350e

SHA256
3a07ccaea00e25ea4c4d9d14ed011e8780f02a902e601a4d0a94d72851d5013d

SHA512
ad71a4b895150a24ef893673315ae7234944aa41cf9671e9acc872f9e1619298859c07a4920ada6eed9eb52b6ef869c97369c67f1e3f659c615edad30e4e3a8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0e909a7d8a50551b2be1127fc29b9f4c

SHA1
fc9dd45322306b1cbbf6803971efa88e25588b7d

SHA256
cc90964222359e7220ba8ff2bde924b1f0d45400ad4cf709bb4049e366e8b4c3

SHA512
6bd4861db88d70d495a5ddbdc5de89aea35ce4d95ee3b3fe17d45256b9575fa64d86d4df6b90602df38becea1c219d8b467ab3d2c13ccba29a221bf0fb2f0d4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cc8ec175d6509a2b25a033b0b03fde2e

SHA1
0182b9d6f754de71a43171af1816e19353bc23d9

SHA256
73961d7df847956fa03f173fdc0200584ad03f01dd1253314952b0738552f377

SHA512
f612017141af3f6d545ceb3436749e2760fd60ea412bdcd7707fdbdab6a1e72a21b37b489257fcf607bc5567141e9ce38354cf15013407937c386f79d9a8b2a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cc94385d4ce90dc27e2f57fff4e3599e

SHA1
f648f320d90e22c5ee881a764f38944020f00fde

SHA256
5bc156e2fa4ea51ce5a071272b34582e16c265a3246d60ed0d786bcb679166fc

SHA512
b2032241682ebf5d9299773ecde7454dc958f297816fc2e8b6e821656fd0fc04023ab5f9949f22a9a4e2b27a1a4850b2c644ac7de2515155ae02b714963b0438

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
35426294a879f6fb85b6b788d96619c7

SHA1
d1714ee96251ba1395c19df9e69b5b0f0a3918fa

SHA256
0703ece5997a2036019a8ca5beb9c7d9e81920afd6d996ea0a5f8ad336158c98

SHA512
2140526b53e362ccc7d9100078ee471584ded6691e2062693c2e8425090cd49ea79ba500da1ba54d026ba55c2e228ee761896177cf1ecf3ae309e818f5974fce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
f55037a6157f9330d77b3b760a41a4df

SHA1
d56f2b236469aa2448c97eaffbcbfcde90340435

SHA256
4d31f83987b11148ba4674a18e412a80b97c201a9eb06da92c6da992d0b038b7

SHA512
f8f2d326aba19447d3ab8937a5b48d5404a3ecbec88dc1eff0e012bef5c71301f2869a4aaa67820a857464712211afc19becb40265aedd56bafc0fa9780334c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
89e53f3d4e695aea72ce1e0f0b677beb

SHA1
fd5b1aebaf0ff17d4b9d60c4fdb95fd20fdb15bb

SHA256
57537cca008ec64af906b0373f94e37fa72b8ae5afcad5c37f6c329b9cc6c70a

SHA512
19b89443835ee81dcf0c08e4e669eab58f9df87e41ba860789c409b4c8ec42bfb69989a8d4dc5fc744a0463e9827505fb2256abe40d0807ff42128f9f5f438bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
ab03c54d9653ee91354dec6c72534add

SHA1
e2f3279c96c0977bfc06182943d2226fe873ecfc

SHA256
8a98eabc9396be6b1d2064a99b69af44cb6bf6677d8b338ae61005a3789d4914

SHA512
cded8217bc40112e0275b7cb28880ac8d036a2b15add663c8c1962f72bf5e8616642150e09bcd12b93dd33aeed7cfb9f42c1df483334e7f6a050109e590f5906

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
61612452f153903501258b056716a22f

SHA1
0a2054ae4a22433a26ec1c1dfca9bd0ef73741d6

SHA256
c916c87d40644ecbdc0ec6669eb717a745ab423406839cfa731aa6facc44ff19

SHA512
2836db0b0a65697daf63c4e0616d199e13121148334772388466d30f19606dd1d7f199f233439ea82329973392b7127fcb6e4029cc7f20df75f98f4811d95104

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
274ba126437f0a789e543863805a0b31

SHA1
28a87784d708ead0128bd873d980b63ab650c084

SHA256
a627de5f691c9d46a884419f0b5929b41a4adfef606b72eb133c178e829a3ee2

SHA512
47ed76660d80cb272aba12a5aafdc6450f042802bb3d725a9e221994a603f81f83dabf592285b04315743439753c5322fc6810ee6401f08958018254c5a8a0c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zOC43AD44B\YouAreAnIdiot.exe

Filesize
424KB

MD5
e263c5b306480143855655233f76dc5a

SHA1
e7dcd6c23c72209ee5aa0890372de1ce52045815

SHA256
1f69810b8fe71e30a8738278adf09dd982f7de0ab9891d296ce7ea61b3fa4f69

SHA512
e95981eae02d0a8bf44493c64cca8b7e50023332e91d75164735a1d0e38138f358100c93633ff3a0652e1c12a5155cba77d81e01027422d7d5f71000eafb4113

Download Submit
C:\Users\Admin\Desktop\VIRUS\AxInterop.ShockwaveFlashObjects.dll

Filesize
17KB

MD5
451112d955af4fe3c0d00f303d811d20

SHA1
1619c35078ba891091de6444099a69ef364e0c10

SHA256
0d57a706d4e10cca3aed49b341a651f29046f5ef1328878d616be93c3b4cbce9

SHA512
35357d2c4b8229ef9927fa37d85e22f3ae26606f577c4c4655b2126f0ecea4c69dae03043927207ca426cc3cd54fc3e72124369418932e04733a368c9316cf87

Download Submit
C:\Users\Admin\Desktop\VIRUS\[email protected]

Filesize
1.4MB

MD5
63210f8f1dde6c40a7f3643ccf0ff313

SHA1
57edd72391d710d71bead504d44389d0462ccec9

SHA256
2aab13d49b60001de3aa47fb8f7251a973faa7f3c53a3840cdf5fd0b26e9a09f

SHA512
87a89e8ab85be150a783a9f8d41797cfa12f86fdccb48f2180c0498bfd2b1040b730dee4665fe2c83b98d436453680226051b7f1532e1c0e0cda0cf702e80a11

Download Submit
C:\Users\Admin\Downloads\NoMoreRansom.zip

Filesize
916KB

MD5
f315e49d46914e3989a160bbcfc5de85

SHA1
99654bfeaad090d95deef3a2e9d5d021d2dc5f63

SHA256
5cbb6442c47708558da29588e0d8ef0b34c4716be4a47e7c715ea844fbcf60d7

SHA512
224747b15d0713afcb2641f8f3aa1687516d42e045d456b3ed096a42757a6c10c6626672366c9b632349cf6ffe41011724e6f4b684837de9b719d0f351dfd22e

Download Submit
C:\Users\Admin\Downloads\YouAreAnIdiot.zip

Filesize
223KB

MD5
a7a51358ab9cdf1773b76bc2e25812d9

SHA1
9f3befe37f5fbe58bbb9476a811869c5410ee919

SHA256
817ae49d7329ea507f0a01bb8009b9698bbd2fbe5055c942536f73f4d1d2b612

SHA512
3adc88eec7f646e50be24d2322b146438350aad358b3939d6ec0cd700fa3e3c07f2b75c5cd5e0018721af8e2391b0f32138ab66369869aaaa055d9188b4aa38d

Download Submit
C:\Users\Admin\Downloads\YouAreAnIdiot.zip:Zone.Identifier

Filesize
55B

MD5
0f98a5550abe0fb880568b1480c96a1c

SHA1
d2ce9f7057b201d31f79f3aee2225d89f36be07d

SHA256
2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1

SHA512
dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

Download Submit
memory/1348-1232-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/1348-1248-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/1348-1190-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/1348-1167-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/1348-1203-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/1348-1442-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/1348-1213-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/1348-1214-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/1348-1168-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/1348-1169-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/1348-1315-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/1348-1170-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/1348-1300-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/1348-1183-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/1348-1249-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/1968-1227-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/1968-1217-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/2460-1187-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/2460-1185-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/2460-1186-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/3696-789-0x00000000059F0000-0x00000000059FA000-memory.dmp

Filesize
40KB

Download
memory/4200-627-0x0000000005980000-0x00000000059D6000-memory.dmp

Filesize
344KB

Download
memory/4200-626-0x00000000057E0000-0x00000000057EA000-memory.dmp

Filesize
40KB

Download
memory/4200-625-0x00000000058E0000-0x0000000005972000-memory.dmp

Filesize
584KB

Download
memory/4200-624-0x0000000005DF0000-0x0000000006396000-memory.dmp

Filesize
5.6MB

Download
memory/4200-623-0x0000000005720000-0x00000000057BC000-memory.dmp

Filesize
624KB

Download
memory/4200-622-0x0000000000C30000-0x0000000000CA2000-memory.dmp

Filesize
456KB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads