4a0a92fa34eeffb15a201735e9c4ef89f6d5d0b6c9149bf554b0912c08019176

Analysis

max time kernel
281s
max time network
676s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
01/09/2024, 23:36

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

getscreen.exe
Size

4.1MB
MD5

bbc4c1acc77666e7259ad7066010de20
SHA1

5568abfab1a7fc70d6bae7ddc1a8dd8b43455d1e
SHA256

4a0a92fa34eeffb15a201735e9c4ef89f6d5d0b6c9149bf554b0912c08019176
SHA512

1e2e8067aa2ac84341012984e64b1aae004accabf036329226b89d2e066f93126596ea749a1d5c9a065ead505a99998b45aa65c0a3c4eb3c8f426206260ebf78
SSDEEP

98304:W8YlQbDbj6CKUW4p2wgoQBVPJ77vmUkR2u/CTsTqRvsug:WPKNWSrtWPJ7QR5/CTsQvq

Score

7^/10

discovery upx

Malware Config

Signatures

Executes dropped EXE 7 IoCs

pid	Process
472	Process not Found
2116	lmockiahxnzszjuaovwrcwpiomtvavv-elevate.exe
924	getscreen.exe
896	getscreen.exe
2632	getscreen.exe
2692	getscreen.exe
684	getscreen.exe

Loads dropped DLL 7 IoCs

pid	Process
1100	getscreen.exe
1100	getscreen.exe
472	Process not Found
1200	Process not Found
1200	Process not Found
1200	Process not Found
1200	Process not Found

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1956-0-0x000000013FD10000-0x000000014161E000-memory.dmp	upx
behavioral1/memory/2500-7-0x000000013FD10000-0x000000014161E000-memory.dmp	upx
behavioral1/files/0x00090000000170f2-8.dat	upx
behavioral1/memory/2116-10-0x000000013F560000-0x0000000140E6E000-memory.dmp	upx
behavioral1/memory/2116-21-0x000000013F560000-0x0000000140E6E000-memory.dmp	upx
behavioral1/memory/2736-33-0x000000013FD10000-0x000000014161E000-memory.dmp	upx
behavioral1/memory/1956-34-0x000000013FD10000-0x000000014161E000-memory.dmp	upx
behavioral1/memory/1956-36-0x000000013FD10000-0x000000014161E000-memory.dmp	upx
behavioral1/memory/2500-37-0x000000013FD10000-0x000000014161E000-memory.dmp	upx
behavioral1/memory/2500-39-0x000000013FD10000-0x000000014161E000-memory.dmp	upx
behavioral1/memory/2928-45-0x000000013FD10000-0x000000014161E000-memory.dmp	upx
behavioral1/memory/2500-48-0x000000013FD10000-0x000000014161E000-memory.dmp	upx
behavioral1/memory/1956-47-0x000000013FD10000-0x000000014161E000-memory.dmp	upx
behavioral1/memory/1956-49-0x000000013FD10000-0x000000014161E000-memory.dmp	upx
behavioral1/memory/2500-50-0x000000013FD10000-0x000000014161E000-memory.dmp	upx
behavioral1/memory/2500-52-0x000000013FD10000-0x000000014161E000-memory.dmp	upx
behavioral1/memory/1956-51-0x000000013FD10000-0x000000014161E000-memory.dmp	upx
behavioral1/memory/2500-54-0x000000013FD10000-0x000000014161E000-memory.dmp	upx
behavioral1/memory/1956-53-0x000000013FD10000-0x000000014161E000-memory.dmp	upx
behavioral1/memory/2500-57-0x000000013FD10000-0x000000014161E000-memory.dmp	upx
behavioral1/memory/1956-58-0x000000013FD10000-0x000000014161E000-memory.dmp	upx
behavioral1/memory/2500-59-0x000000013FD10000-0x000000014161E000-memory.dmp	upx
behavioral1/memory/1956-60-0x000000013FD10000-0x000000014161E000-memory.dmp	upx
behavioral1/memory/2500-61-0x000000013FD10000-0x000000014161E000-memory.dmp	upx
behavioral1/memory/1844-64-0x000000013FD10000-0x000000014161E000-memory.dmp	upx
behavioral1/memory/1956-66-0x000000013FD10000-0x000000014161E000-memory.dmp	upx
behavioral1/memory/2500-67-0x000000013FD10000-0x000000014161E000-memory.dmp	upx
behavioral1/memory/1956-69-0x000000013FD10000-0x000000014161E000-memory.dmp	upx
behavioral1/memory/2500-70-0x000000013FD10000-0x000000014161E000-memory.dmp	upx
behavioral1/memory/2788-71-0x000000013FD10000-0x000000014161E000-memory.dmp	upx
behavioral1/memory/1100-86-0x000000013FD10000-0x000000014161E000-memory.dmp	upx
behavioral1/memory/2500-92-0x000000013FD10000-0x000000014161E000-memory.dmp	upx
behavioral1/memory/2788-105-0x000000013FD10000-0x000000014161E000-memory.dmp	upx
behavioral1/memory/1956-110-0x000000013FD10000-0x000000014161E000-memory.dmp	upx
behavioral1/memory/896-115-0x000000013F720000-0x000000014102E000-memory.dmp	upx
behavioral1/memory/1956-117-0x000000013FD10000-0x000000014161E000-memory.dmp	upx
behavioral1/memory/2692-120-0x000000013F720000-0x000000014102E000-memory.dmp	upx
behavioral1/memory/924-125-0x000000013F720000-0x000000014102E000-memory.dmp	upx
behavioral1/memory/2632-126-0x000000013F720000-0x000000014102E000-memory.dmp	upx
behavioral1/memory/684-181-0x000000013F720000-0x000000014102E000-memory.dmp	upx
behavioral1/memory/924-180-0x000000013F720000-0x000000014102E000-memory.dmp	upx
behavioral1/memory/2632-186-0x000000013F720000-0x000000014102E000-memory.dmp	upx
behavioral1/memory/924-286-0x000000013F720000-0x000000014102E000-memory.dmp	upx
behavioral1/memory/684-287-0x000000013F720000-0x000000014102E000-memory.dmp	upx
behavioral1/memory/2632-290-0x000000013F720000-0x000000014102E000-memory.dmp	upx
behavioral1/memory/684-432-0x000000013F720000-0x000000014102E000-memory.dmp	upx
behavioral1/memory/924-424-0x000000013F720000-0x000000014102E000-memory.dmp	upx
behavioral1/memory/2632-450-0x000000013F720000-0x000000014102E000-memory.dmp	upx
behavioral1/memory/684-618-0x000000013F720000-0x000000014102E000-memory.dmp	upx
behavioral1/memory/924-617-0x000000013F720000-0x000000014102E000-memory.dmp	upx
behavioral1/memory/2632-639-0x000000013F720000-0x000000014102E000-memory.dmp	upx
behavioral1/memory/924-734-0x000000013F720000-0x000000014102E000-memory.dmp	upx
behavioral1/memory/684-735-0x000000013F720000-0x000000014102E000-memory.dmp	upx
behavioral1/memory/2632-758-0x000000013F720000-0x000000014102E000-memory.dmp	upx
behavioral1/memory/924-828-0x000000013F720000-0x000000014102E000-memory.dmp	upx
behavioral1/memory/684-829-0x000000013F720000-0x000000014102E000-memory.dmp	upx
behavioral1/memory/2632-830-0x000000013F720000-0x000000014102E000-memory.dmp	upx
behavioral1/memory/924-1036-0x000000013F720000-0x000000014102E000-memory.dmp	upx
behavioral1/memory/684-1039-0x000000013F720000-0x000000014102E000-memory.dmp	upx
behavioral1/memory/2632-1056-0x000000013F720000-0x000000014102E000-memory.dmp	upx
behavioral1/memory/684-1309-0x000000013F720000-0x000000014102E000-memory.dmp	upx
behavioral1/memory/924-1308-0x000000013F720000-0x000000014102E000-memory.dmp	upx
behavioral1/memory/2632-1371-0x000000013F720000-0x000000014102E000-memory.dmp	upx
behavioral1/memory/924-1452-0x000000013F720000-0x000000014102E000-memory.dmp	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 7 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Getscreen.me\logs\20240901.log	getscreen.exe
File opened for modification	C:\Program Files\Getscreen.me\logs\20240901.log	getscreen.exe
File created	C:\Program Files\Getscreen.me\getscreen.exe	getscreen.exe
File opened for modification	C:\Program Files\Getscreen.me\getscreen.exe	getscreen.exe
File opened for modification	C:\Program Files\Getscreen.me\logs\20240901.log	getscreen.exe
File opened for modification	C:\Program Files\Getscreen.me\logs\20240901.log	getscreen.exe
File opened for modification	C:\Program Files\Getscreen.me\logs\20240901.log	getscreen.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 10 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\getscreen.exe = "11001"	getscreen.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	getscreen.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main	getscreen.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\getscreen.exe = "11001"	getscreen.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main	getscreen.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl	getscreen.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\getscreen.exe = "11001"	getscreen.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl	getscreen.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION	getscreen.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	getscreen.exe

Modifies data under HKEY_USERS 9 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE	getscreen.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\GetScreen	getscreen.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\GetScreen\Getscreen.me\ProxyLogin	getscreen.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\GetScreen\Getscreen.me\ProxyPassword	getscreen.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\GetScreen\Getscreen.me\ProxyPort = "0"	getscreen.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\GetScreen\Getscreen.me	getscreen.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\GetScreen\Getscreen.me\ProxyEnable = "0"	getscreen.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\GetScreen\Getscreen.me\ProxyType = "0"	getscreen.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\GetScreen\Getscreen.me\ProxyServer	getscreen.exe

Modifies registry class 14 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\*\shell\Download with Getscreen.me\command\ = "\"C:\\Program Files\\Getscreen.me\\getscreen.exe\" -download \"%1\""	getscreen.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\*\shell\Download with Getscreen.me	getscreen.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\*\shell\Download with Getscreen.me\ = "Download with Getscreen.me"	getscreen.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\*\shell\Download with Getscreen.me\ = "Download with Getscreen.me"	getscreen.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\*\shell\Download with Getscreen.me\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\getscreen.exe\" -download \"%1\""	getscreen.exe
Key deleted	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\*\shell\Download with Getscreen.me\command	getscreen.exe
Key deleted	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\*\shell\Download with Getscreen.me	getscreen.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\*\shell\Download with Getscreen.me\icon = "C:\\Program Files\\Getscreen.me\\getscreen.exe"	getscreen.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\*	getscreen.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\*\shell\Download with Getscreen.me\command	getscreen.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\*\shell\Download with Getscreen.me\icon = "C:\\Users\\Admin\\AppData\\Local\\Temp\\getscreen.exe"	getscreen.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\*\shell\Download with Getscreen.me	getscreen.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\*\shell\Download with Getscreen.me\command	getscreen.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\*\shell	getscreen.exe

Suspicious behavior: EnumeratesProcesses 24 IoCs

pid	Process
2736	getscreen.exe
2928	getscreen.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2788	getscreen.exe
924	getscreen.exe
896	getscreen.exe
924	getscreen.exe
684	getscreen.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
2464	taskmgr.exe
2544	SndVol.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncBasePriorityPrivilege	1956	getscreen.exe
Token: SeIncBasePriorityPrivilege	1956	getscreen.exe
Token: SeDebugPrivilege	2464	taskmgr.exe
Token: SeIncBasePriorityPrivilege	1956	getscreen.exe
Token: 33	524	SndVol.exe
Token: SeIncBasePriorityPrivilege	524	SndVol.exe
Token: SeDebugPrivilege	924	getscreen.exe
Token: SeIncBasePriorityPrivilege	924	getscreen.exe
Token: SeDebugPrivilege	924	getscreen.exe
Token: SeIncBasePriorityPrivilege	924	getscreen.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe
Token: SeShutdownPrivilege	2580	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2500	getscreen.exe
2500	getscreen.exe
2500	getscreen.exe
2500	getscreen.exe
2500	getscreen.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2500	getscreen.exe
2500	getscreen.exe
524	SndVol.exe
524	SndVol.exe
2500	getscreen.exe
2500	getscreen.exe
2632	getscreen.exe
2632	getscreen.exe
2632	getscreen.exe
2632	getscreen.exe
2632	getscreen.exe
2632	getscreen.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2500	getscreen.exe
2500	getscreen.exe
2500	getscreen.exe
2500	getscreen.exe
2500	getscreen.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2464	taskmgr.exe
2500	getscreen.exe
2500	getscreen.exe
524	SndVol.exe
524	SndVol.exe
524	SndVol.exe
524	SndVol.exe
2500	getscreen.exe
2500	getscreen.exe
2632	getscreen.exe
2632	getscreen.exe
2632	getscreen.exe
2632	getscreen.exe
2632	getscreen.exe
2632	getscreen.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe
2580	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1956 wrote to memory of 2500	1956	getscreen.exe	30
PID 1956 wrote to memory of 2500	1956	getscreen.exe	30
PID 1956 wrote to memory of 2500	1956	getscreen.exe	30
PID 1956 wrote to memory of 1844	1956	getscreen.exe	42
PID 1956 wrote to memory of 1844	1956	getscreen.exe	42
PID 1956 wrote to memory of 1844	1956	getscreen.exe	42
PID 1956 wrote to memory of 1100	1956	getscreen.exe	45
PID 1956 wrote to memory of 1100	1956	getscreen.exe	45
PID 1956 wrote to memory of 1100	1956	getscreen.exe	45
PID 924 wrote to memory of 896	924	getscreen.exe	48
PID 924 wrote to memory of 896	924	getscreen.exe	48
PID 924 wrote to memory of 896	924	getscreen.exe	48
PID 924 wrote to memory of 2632	924	getscreen.exe	49
PID 924 wrote to memory of 2632	924	getscreen.exe	49
PID 924 wrote to memory of 2632	924	getscreen.exe	49
PID 924 wrote to memory of 2692	924	getscreen.exe	51
PID 924 wrote to memory of 2692	924	getscreen.exe	51
PID 924 wrote to memory of 2692	924	getscreen.exe	51
PID 924 wrote to memory of 684	924	getscreen.exe	52
PID 924 wrote to memory of 684	924	getscreen.exe	52
PID 924 wrote to memory of 684	924	getscreen.exe	52
PID 2580 wrote to memory of 2292	2580	chrome.exe	54
PID 2580 wrote to memory of 2292	2580	chrome.exe	54
PID 2580 wrote to memory of 2292	2580	chrome.exe	54
PID 2580 wrote to memory of 2432	2580	chrome.exe	55
PID 2580 wrote to memory of 2432	2580	chrome.exe	55
PID 2580 wrote to memory of 2432	2580	chrome.exe	55
PID 2580 wrote to memory of 2432	2580	chrome.exe	55
PID 2580 wrote to memory of 2432	2580	chrome.exe	55
PID 2580 wrote to memory of 2432	2580	chrome.exe	55
PID 2580 wrote to memory of 2432	2580	chrome.exe	55
PID 2580 wrote to memory of 2432	2580	chrome.exe	55
PID 2580 wrote to memory of 2432	2580	chrome.exe	55
PID 2580 wrote to memory of 2432	2580	chrome.exe	55
PID 2580 wrote to memory of 2432	2580	chrome.exe	55
PID 2580 wrote to memory of 2432	2580	chrome.exe	55
PID 2580 wrote to memory of 2432	2580	chrome.exe	55
PID 2580 wrote to memory of 2432	2580	chrome.exe	55
PID 2580 wrote to memory of 2432	2580	chrome.exe	55
PID 2580 wrote to memory of 2432	2580	chrome.exe	55
PID 2580 wrote to memory of 2432	2580	chrome.exe	55
PID 2580 wrote to memory of 2432	2580	chrome.exe	55
PID 2580 wrote to memory of 2432	2580	chrome.exe	55
PID 2580 wrote to memory of 2432	2580	chrome.exe	55
PID 2580 wrote to memory of 2432	2580	chrome.exe	55
PID 2580 wrote to memory of 2432	2580	chrome.exe	55
PID 2580 wrote to memory of 2432	2580	chrome.exe	55
PID 2580 wrote to memory of 2432	2580	chrome.exe	55
PID 2580 wrote to memory of 2432	2580	chrome.exe	55
PID 2580 wrote to memory of 2432	2580	chrome.exe	55
PID 2580 wrote to memory of 2432	2580	chrome.exe	55
PID 2580 wrote to memory of 2432	2580	chrome.exe	55
PID 2580 wrote to memory of 2432	2580	chrome.exe	55
PID 2580 wrote to memory of 2432	2580	chrome.exe	55
PID 2580 wrote to memory of 2432	2580	chrome.exe	55
PID 2580 wrote to memory of 2432	2580	chrome.exe	55
PID 2580 wrote to memory of 2432	2580	chrome.exe	55
PID 2580 wrote to memory of 2432	2580	chrome.exe	55
PID 2580 wrote to memory of 2432	2580	chrome.exe	55
PID 2580 wrote to memory of 2432	2580	chrome.exe	55
PID 2580 wrote to memory of 2432	2580	chrome.exe	55
PID 2580 wrote to memory of 2432	2580	chrome.exe	55
PID 2580 wrote to memory of 2432	2580	chrome.exe	55
PID 2580 wrote to memory of 2840	2580	chrome.exe	56

System policy modification 1 TTPs 1 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\SoftwareSASGeneration = "1"	getscreen.exe

C:\Users\Admin\AppData\Local\Temp\getscreen.exe
"C:\Users\Admin\AppData\Local\Temp\getscreen.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1956
- C:\Users\Admin\AppData\Local\Temp\getscreen.exe
  "C:\Users\Admin\AppData\Local\Temp\getscreen.exe" -gpipe \\.\pipe\PCommand97Getscreen.me -gui
  2⤵
  - Modifies Internet Explorer settings
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:2500
- C:\Users\Admin\AppData\Local\Temp\getscreen.exe
  "C:\Users\Admin\AppData\Local\Temp\getscreen.exe" -cpipe \\.\pipe\PCommand96Getscreen.me -cmem 0000pipe0PCommand96Getscreen0me2k1oj3myofrg9d7 -child
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2736
- C:\Users\Admin\AppData\Local\Temp\getscreen.exe
  "C:\Users\Admin\AppData\Local\Temp\getscreen.exe" -cpipe \\.\pipe\PCommand96Getscreen.me -cmem 0000pipe0PCommand96Getscreen0mese0pzoqopcrhpz8 -child
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2928
- C:\Users\Admin\AppData\Local\Temp\getscreen.exe
  "C:\Users\Admin\AppData\Local\Temp\getscreen.exe" -epipe \\.\pipe\PCommand98phqghumeaylnlfd -environment
  2⤵
  PID:1844
- C:\Users\Admin\AppData\Local\Temp\getscreen.exe
  "C:\Users\Admin\AppData\Local\Temp\getscreen.exe" -cpipe \\.\pipe\PCommand96Getscreen.me -cmem 0000pipe0PCommand96Getscreen0me662ug3klco9da7m -child
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2788
- C:\Users\Admin\AppData\Local\Temp\getscreen.exe
  "C:\Users\Admin\AppData\Local\Temp\getscreen.exe" -install
  2⤵
  - Loads dropped DLL
  - Drops file in Program Files directory
  PID:1100

C:\ProgramData\Getscreen.me\lmockiahxnzszjuaovwrcwpiomtvavv-elevate.exe
"C:\ProgramData\Getscreen.me\lmockiahxnzszjuaovwrcwpiomtvavv-elevate.exe" -elevate \\.\pipe\elevateGS512lmockiahxnzszjuaovwrcwpiomtvavv
1⤵
- Executes dropped EXE
PID:2116

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:836

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:892

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2464

C:\Windows\system32\SndVol.exe
SndVol.exe -f 45417627 3811
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:524

C:\Program Files\Getscreen.me\getscreen.exe
"C:\Program Files\Getscreen.me\getscreen.exe" -service
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
- System policy modification
PID:924
- C:\Program Files\Getscreen.me\getscreen.exe
  "C:\Program Files\Getscreen.me\getscreen.exe" -cpipe \\.\pipe\PCommand96Getscreen.me -cmem 0000pipe0PCommand96Getscreen0mele5qehoae4tdfse -child
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  PID:896
- C:\Program Files\Getscreen.me\getscreen.exe
  "C:\Program Files\Getscreen.me\getscreen.exe" -gpipe \\.\pipe\PCommand99Getscreen.me -guihide
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Modifies Internet Explorer settings
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:2632
- C:\Program Files\Getscreen.me\getscreen.exe
  "C:\Program Files\Getscreen.me\getscreen.exe" -epipe \\.\pipe\PCommand98phqghumeaylnlfd -environment
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:2692
- C:\Program Files\Getscreen.me\getscreen.exe
  "C:\Program Files\Getscreen.me\getscreen.exe" -cpipe \\.\pipe\PCommand96Getscreen.me -cmem 0000pipe0PCommand96Getscreen0meirslpvwkmvifo6d -child
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  PID:684
- C:\Program Files\Getscreen.me\getscreen.exe
  "C:\Program Files\Getscreen.me\getscreen.exe" -epipe \\.\pipe\PCommand98xfircvscxggbwkf -environment
  2⤵
  PID:1032
- C:\Program Files\Getscreen.me\getscreen.exe
  "C:\Program Files\Getscreen.me\getscreen.exe" -epipe \\.\pipe\PCommand98nqduxwfnfozvsrt -environment
  2⤵
  PID:2624
- C:\Program Files\Getscreen.me\getscreen.exe
  "C:\Program Files\Getscreen.me\getscreen.exe" -gpipe \\.\pipe\PCommand99Getscreen.me -guihide
  2⤵
  PID:532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5df9758,0x7fef5df9768,0x7fef5df9778
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1164 --field-trial-handle=1228,i,6670212427719454629,10706022901684367625,131072 /prefetch:2
  2⤵
  PID:2432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1508 --field-trial-handle=1228,i,6670212427719454629,10706022901684367625,131072 /prefetch:8
  2⤵
  PID:2840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1624 --field-trial-handle=1228,i,6670212427719454629,10706022901684367625,131072 /prefetch:8
  2⤵
  PID:1864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2248 --field-trial-handle=1228,i,6670212427719454629,10706022901684367625,131072 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2256 --field-trial-handle=1228,i,6670212427719454629,10706022901684367625,131072 /prefetch:1
  2⤵
  PID:1668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1328 --field-trial-handle=1228,i,6670212427719454629,10706022901684367625,131072 /prefetch:2
  2⤵
  PID:1244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2780 --field-trial-handle=1228,i,6670212427719454629,10706022901684367625,131072 /prefetch:1
  2⤵
  PID:3044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3636 --field-trial-handle=1228,i,6670212427719454629,10706022901684367625,131072 /prefetch:8
  2⤵
  PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2636 --field-trial-handle=1228,i,6670212427719454629,10706022901684367625,131072 /prefetch:1
  2⤵
  PID:352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2336 --field-trial-handle=1228,i,6670212427719454629,10706022901684367625,131072 /prefetch:1
  2⤵
  PID:2400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1556 --field-trial-handle=1228,i,6670212427719454629,10706022901684367625,131072 /prefetch:1
  2⤵
  PID:1812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3416 --field-trial-handle=1228,i,6670212427719454629,10706022901684367625,131072 /prefetch:1
  2⤵
  PID:2600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3832 --field-trial-handle=1228,i,6670212427719454629,10706022901684367625,131072 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4100 --field-trial-handle=1228,i,6670212427719454629,10706022901684367625,131072 /prefetch:1
  2⤵
  PID:2348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2280 --field-trial-handle=1228,i,6670212427719454629,10706022901684367625,131072 /prefetch:8
  2⤵
  PID:1716

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1552

C:\Windows\system32\SndVol.exe
SndVol.exe -f 45286557 32478
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:2544

C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE" "C:\Users\Admin\Desktop\The_glamrocks (1) (1) (1) (1).pptx"
1⤵
PID:2784
- C:\Windows\splwow64.exe
  C:\Windows\splwow64.exe 12288
  2⤵
  PID:1748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:1740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5df9758,0x7fef5df9768,0x7fef5df9778
  2⤵
  PID:2192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1112 --field-trial-handle=1192,i,11176772816389918313,14595961550019373728,131072 /prefetch:2
  2⤵
  PID:2892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1544 --field-trial-handle=1192,i,11176772816389918313,14595961550019373728,131072 /prefetch:8
  2⤵
  PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1604 --field-trial-handle=1192,i,11176772816389918313,14595961550019373728,131072 /prefetch:8
  2⤵
  PID:1932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2244 --field-trial-handle=1192,i,11176772816389918313,14595961550019373728,131072 /prefetch:1
  2⤵
  PID:984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2260 --field-trial-handle=1192,i,11176772816389918313,14595961550019373728,131072 /prefetch:1
  2⤵
  PID:1752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1464 --field-trial-handle=1192,i,11176772816389918313,14595961550019373728,131072 /prefetch:2
  2⤵
  PID:560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1404 --field-trial-handle=1192,i,11176772816389918313,14595961550019373728,131072 /prefetch:1
  2⤵
  PID:780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3892 --field-trial-handle=1192,i,11176772816389918313,14595961550019373728,131072 /prefetch:8
  2⤵
  PID:2532

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1240

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
1⤵
PID:2732

C:\Program Files\Getscreen.me\getscreen.exe
"C:\Program Files\Getscreen.me\getscreen.exe" -download "C:\Users\Admin\Desktop\The_glamrocks (1) (1) (1) (1).pptx"
1⤵
PID:1992

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
1⤵
PID:2984

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x1
1⤵
PID:2696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Getscreen.me\logs\20240901.log

Filesize
38KB

MD5
44ff9518bc1d425e1ee39819d8eecb47

SHA1
1a5b00cb14cfd5eb3bbaadb5a42fa86ac75981dc

SHA256
b14d09255ae98c1b1e4e753051dc94b4d9b865f9f9b223d75aa1867ed7a16c62

SHA512
af7878bf4959e72cbb5fd2ebab7b0336f758322722d1f67643fdb75672322c2d8d99db9220c3a810f07114530769e05a67f9476e965feffb12c6c0bf47400d13

Download Submit
C:\Program Files\Getscreen.me\logs\20240901.log

Filesize
1KB

MD5
a450c48f4088b854bda71ccdbaa80a5a

SHA1
b7821c8147455f42aa9a332586ea411b09947b33

SHA256
72a8cb045ecb18867c02091a397dc1ba4b103e6ba2bcd054421a398698209543

SHA512
c0b32b2dec307e10ea2f230ac34ddcb6c74da19d4cd5a9441f0d24083892f5252b73869e5831b638a933dedd5bd815220eb13ab5d9e67ec2770655aef2345d13

Download Submit
C:\ProgramData\Getscreen.me\logs\20240901.log

Filesize
47KB

MD5
ccb4d2b92f9b758436b7754d6727a8de

SHA1
8cbcfe522489d0b6acaa580222a928b736dc3a1d

SHA256
d9cf7ceed51596fcbc13baedcf1f6a61f87d05e4ae2940cc219f26bfb0aa0792

SHA512
f49ffc2d4ac124f96a3294b6fbebaa8e18e6e0184b48bfc570e75eb1005ca2a0ef3d486f044959f36924083f70cf43464305a440db34224c1eaee6e1896878cc

Download Submit
C:\ProgramData\Getscreen.me\logs\20240901.log

Filesize
47KB

MD5
684de513307626d8d1d409be9f38c7a0

SHA1
376540c4bda1eaf7b774974299c17e95ebe8f350

SHA256
59781d0773fb88867e1275b0440dde053d3b3d50833fa6b79eab250b58981c65

SHA512
3587b926baf13e371294fac500db2fd086284258840ec3b540be5fbd3d95c997cc1f3a736f774744ae1b8e6149543dfc1149e55c50c47b652ecf89388ce438df

Download Submit
C:\ProgramData\Getscreen.me\logs\20240901.log

Filesize
673B

MD5
a11b7aa534d2c5324331cb58cbe93721

SHA1
44c120c4e72df70899115e18dfdb65e24c4c7a3a

SHA256
20d8d41e02ad1e1771a3c7d06628098b0ec53d778bb6c46d1db2fbf0e458afef

SHA512
2d967fc7f7fdaf8531918e28885aa00a7084c9a42ff3ee39f30e94a1790d33d55dea44ed749989506cb13f42395b79b30b691d9791068fed33c50780d21d1ccd

Download Submit
C:\ProgramData\Getscreen.me\logs\20240901.log

Filesize
2KB

MD5
2ec86dd26ad47e24a57741f9e4a1e9e1

SHA1
27d69406f4d01607cc37328225573a1ee73844c5

SHA256
4d61f9acb59d77a652847ec06ae6303d48e371ead51a68064975cebb8fc76ffd

SHA512
f0ba53d1317beeda853686b98557391d125f6b0ae6002f320ca488acd619d09a5c4e75238ac54b25b45a2677156e19a294bd5585351a5356e15cfc5180837c2d

Download Submit
C:\ProgramData\Getscreen.me\logs\20240901.log

Filesize
10KB

MD5
4d1a9b00ef9a705d5aabcea3065cf993

SHA1
5158577cbf2debf66920270066a71658ab73dee4

SHA256
cab3edb5f9f069312740d3f8da6eae0cc25361e7ed28aa4d5eb5fffb010dfdbf

SHA512
e0218bb522b0c4d08bf5e54b7b5c14a81b45848cc7d15684b12591f79166e04559712ad0c5e54b385771cb69873e0cc46bfa64d7987f22b65724b39d90e6c555

Download Submit
C:\ProgramData\Getscreen.me\logs\20240901.log

Filesize
426B

MD5
e15d10e9c73717de219b21b54c17fac9

SHA1
5198e0d710cf7618e620b675e92d16c62ef84644

SHA256
2e3a369fe326be2897c89017db8e4b3d067354ae63dd19a276ce5584a4d62e55

SHA512
588f2c1bb48e084dc161143e074071ef4c3bd883cd4bec355b86d1d177ba15e0792f9e09003086af64f4d557ac9e3323a293fbdc7429dfd0203747b2d161e13a

Download Submit
C:\ProgramData\Getscreen.me\logs\20240901.log

Filesize
15KB

MD5
6becd5fe4a425c9ad28ed2a817fa7bfb

SHA1
993e5385a2f4909a39c8fd6138b83de79e484f05

SHA256
f870a127d18e9727b1585e5a5f46198a4a7995241f669b5dee2b5fa7df873794

SHA512
3d785984e4fc1cb010241189d29792b95c1bae7eeefeacae7786bb3002531dc1a1953b47fc5e521b10e530d2514ddfc469a0a565125b4dc66d6de5514a119a78

Download Submit
C:\ProgramData\Getscreen.me\logs\20240901.log

Filesize
43KB

MD5
026a40c7a8f765e863bf107143477f89

SHA1
670225ef69ce9c8598d9fe44796f0f410c5e246b

SHA256
890a7aea5e6f24130487de1c871edd73b2d15c2c37ff17b9f31fe921e826f057

SHA512
9a582e986648c7ec689e336b9b0238881df71aa2785be3a12d7e288146d28122db26d1ebd19564b58d65ab018ab294d6d04b1449b8fe82733490b75763e699a6

Download Submit
C:\ProgramData\Getscreen.me\logs\20240901.log

Filesize
45KB

MD5
53b809f9c55017e4beae82639116e37b

SHA1
472e5ff15f8cee9a8deff1db75b6b9184fe8c8b6

SHA256
18e804af4138303c2f564100c34a772e65db5c469d6331771aa1b96e9488b5e5

SHA512
b0a18c116acad268d4fe769d6db8c3a6b2ff79b2c247d08338c116b7a8a4bb25bebc82b9db10d3e01d13c225f6705ea6e4ab7a087ff4ee74dfc621f56c041b93

Download Submit
C:\ProgramData\Getscreen.me\logs\20240901.log

Filesize
46KB

MD5
3c250eaa6d72cf3d818eaeaaa7e834f3

SHA1
d235cd41781490ca7499c2198ccb3eee49800e1f

SHA256
6d0a9c6652cf126ccf29a4243305546394357b5e4e06724faa1432f661405ff4

SHA512
285ae4e76cdebf7df37abca61991df5d4f1d6d5e0c8766ea2ba57bdf0d6c10182ebf26a8bfdf225be9228c65ce54dbf1f199feb9608d11a0123fd231484d7481

Download Submit
C:\ProgramData\Getscreen.me\settings.dat

Filesize
224B

MD5
2712cf10d47f65edf86bdebed0a8aa82

SHA1
47fbf3e8ea4976957d21a6c8e7b28c221640976e

SHA256
466c4867e39bf9b16f8b3d3ff03abb92f38c3cd13f6245a263699643935b17c3

SHA512
576ccc5b55de203f97bfc7be377a51aaf2f5a77666680af1933df0b03664c519a0d4fc5fa796a1e32d7cca1efa84ada69f0705cab3edbc625679ddf34925f3a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
f4bec3331e6e7f174dc263e3505b126a

SHA1
677e0a7301b3b21fa426e100ad73b7392a87e1ca

SHA256
ce26a2b775d94269029f417be968a882ec9bc3e833614f9b104ee7f61423faae

SHA512
5cc8f47bf29ac205fc088cb8213934d7662eaa7bfb98693e532390299f360d0ed376e4b0b8df5b44f19fb398199fc2320a702ff289a7ebf729c0a5d2f6c493dd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a0d0b18ceab51dc53adf641c41b4af43

SHA1
3784aa2b5b987a437ba82ef3ea41157adfc495d0

SHA256
46a906218fa2fa1f8419b4669ad0093ab504725c7482890a8a551e999161523c

SHA512
7e433f9206e1e8ea757f749fa40425f9ab58dccf0977e99d4bac3fef40eb8c0dec7d98290f9e4477c24d4a29ce6e04d0986250275f459ca6b184009c572e52a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c60f164a48933368ac6d95f9c37e039d

SHA1
5d71a3f0e0a133bdf11cf9722f1ce1032a80f0ae

SHA256
9dafc864d67beaccc79ff370e05c720a51bf8eef576fa908e9a819132ecf19ba

SHA512
4de738c0214fec69283bd0ef61f52744062411dff21bb57bb37d3b64c51e35bbee75c801f47938d23a5626d908c370aac964de9732d9ab671a5f2c737df71502

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2da1a45d7d855ef6c3c88de9e1e35e7f

SHA1
6ade295dee7300c760497e5706aff791800fff71

SHA256
32d459f2829fc5d23c1c838630d696b3dd2ae7954d6b3a01ead9fc1b667728d2

SHA512
e00733c3e9c9ddb836b9dfc23b55880d48e9e28f8a1bee2380f8ed89a02a9e23776bd1be20d428db0e84f0e4f2b1aac25713519b9109d4e2c25a80c643bd00d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7576e91ff80eaea59d597ae39d0217e1

SHA1
dbc0e3f71e1caabd7e0dba1c215eec24e2d5f1b1

SHA256
0f29fb74e5e3cdd49cf1c51b971d33497e0eea9327dfbf28c5bb710145f466e1

SHA512
2dbf04b72274abcfcbec0e8c3d42aa336137946f16cd07f73520294c0976385a6ffb3544daca719c0d37d1cef990bc34699bb0296771555545f4f2c551b1c4e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4cc668e53659dc63db089ce1a5b8656b

SHA1
049211b693d89956e7d77cca686281dc33cc1db5

SHA256
8287a8bd2b9b4c2149f546b9d26e6aa9722c5badbc0978693215138a8fc747bf

SHA512
f77184f2cb1d4fdbadcc1d361cc2893c2b7c640af5518bab8ce63628552ebc799712c2610aa28ed717310820b0d2a26a18c165abe76f4c4000da6606a8b0ab8d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3d7825c04a85cee37e39c1d2a2241a77

SHA1
39ca5b6976e1e29dd60408fb8391c1a210ed91b3

SHA256
ae1ff2cb7e1c33c96c65c9031b4c001168937051b83f8d7c9155b271ddae7eff

SHA512
8728d9b8a9f5cd24282fc191b0953271f62151a31f0c394c6e30282dd45252afa243fe80f132883922b05c870fa3f2fe31e8c7751f814c99cd505a721b47dadb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
05b36e673942acde9732735d29f14cc9

SHA1
6fd3f33f4171f4f4fae1a878256410d365aa0945

SHA256
38ff672a596aa31875a6f0333a0a08bebe44c068980c1f623db9ba0f2c8efd6e

SHA512
6f1e8053fde449271a25e8196719e8a2f04f0ccabc087b26626e79f7e3fefe8bea1481c7229a2eb663ca54b2b40b05957edebfddef7eb4e8462d94b64687e7f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7301ef7f6f717486170a9a675ef29d50

SHA1
2613b734f4aa4dcb12419f603ebaf02a415ea822

SHA256
59d3fe62262e35f87ed97029c0e4435609d96f0886c6885fcacd018bba202d7f

SHA512
eb3cb8b0bda225ae844d7b38001c4d7d06829d605ef732c3253f76dc569eec1831b7ebb8820470b80d4230385a4b2909b557dabcfe0a22d5f7769b136987f6bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e78f4e2acb5ba28a774529ec2fa97257

SHA1
4d3755f57cdf42d9479681f1b29d3479b554b5c7

SHA256
355ee2cc9bffe506cccc5f57f6ad8726e1ed06ce86fdad59df3d90391f07d288

SHA512
195ab120603cb9e8b34fcf7f72c38f8874c7542cdbcf4248bbd70296f0584d6fab5e564435f526593e1bc2e33f68826477ef3fac2cb52b532973f66b0ed302dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e2891eeb6b7e89ac426fba7cfe4c86c7

SHA1
c83d837a353e05a6815b4adec154ae3b7ee20064

SHA256
88ff016f8afa9bd9f36e93251e1124988f60c2a0ea89ed0bd510bac083ca7776

SHA512
833f9519bd14774b982a179be1135d86856fdc7b408eb59424d3245feeaa2dbaaa399821125c631fd4458ff6682555789f2abb79f2ffac6121c77a49093b0242

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5e20689009a4acf825122eb7d048551b

SHA1
a20821a5be660cff69b84084edfa04708962a742

SHA256
3a395b862c92a738bd8d070afd07b468a477bdb3d1183cf77b3a0066930e0fcd

SHA512
17075b21ad3f5ab8bd0d978f8e4538b3fbf97cd8636da756fc7e17d394c53b10bc6b1e60314d8ecab052d3e3299ce6b3c36b5e40d379bb8d58d07c1678781204

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\07afce36-c23e-49f6-b71d-c12e8ea9c613.tmp

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\715e0cdb-5f19-4a84-a490-05c1e7897e97.tmp

Filesize
321KB

MD5
d07834d0106e87128deb58d7b946771c

SHA1
e49e4f83c8696be4ad11b06d8559c8c4fb63d205

SHA256
1e7cf7dd7fdedac31663083f55bad853af3b0d4a1ce3f2e70c398e5364ae0c18

SHA512
e778daf2a49bd341ee19cec9d08f1773b4e7a983c0f3cc62fd617eccf6154d23c986ae08dd1c09c6d0243d59a91f83dc7ba55b7b8e8d54dcf49d682e0efac782

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
51b3f2696f2411664a3530ccc1b78570

SHA1
71a56319bbe5a4cc81c9002a32622ecee1539785

SHA256
450844e776ba0af5dcda1885d25fef8f269f1ee79c51e9b42c691a706d8846a9

SHA512
d166c48bea335ef71e9b397c4254d6f129b96703866d19ee380f9967fa93013b4cfcf3e55f70af73debda99a340704d73f1864c71e33681385ed069b7fe691ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\366c702a-78b4-464a-9923-83d316252ac6.tmp

Filesize
6KB

MD5
313f462c2eb970d21095bbb29a1d6653

SHA1
e89a5913df4300f0107a8b4be90e346896a94a95

SHA256
836d72561b44b81b92fb8850cb8fb62f629a6adb4c9aea9297142fcf63391731

SHA512
8d94645a6c4be9f8a557df376776eed4e216931e85d727eb0e967907dc4cc76f35d601896f98eb30906a527836930a7d8d32fafb362f9d6d9552b03ed4bea314

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
58KB

MD5
a119e2352736b09277d0ebb23b2e1c91

SHA1
5b968e385a615cbcf7eb3af9c60d9161a8c5a233

SHA256
c2daf1f588a2908c2be252977f1ede62aef30dc7f7cbdd1802a05899b45dad3f

SHA512
c812dbc911b55e344b6e75a573433a38b4365e615d541ef3558ac08b834a683bd05814b47d43df257158ddc9465aa4ca63833f75cd7ecba89565d79c68e4de59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
64KB

MD5
17a0df970078d0f4764c04c335ef555a

SHA1
aed492b4aae2620cdb6b4bac3f62999728062118

SHA256
13af37b33a332856c4f9194d2020bea0d8e91b078aac2f68ee90940dd7fdc070

SHA512
fb09d0c8f81e45e537d8ee7437926f3092e96d3cb45d8c7e3c07bf8a4986ad31fe11e50dfe82bdbb41ab5815edcba1fd5a6e2c0d33220c5c47a038888b7759c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000033

Filesize
38KB

MD5
42513623d9dca1ad180fb616e550557c

SHA1
16102d9f0ac7f168fdfa927f626e3b962077e06f

SHA256
c398991784a08268f05111cb3a6473c78d6c6808661b004532de09d970d23afc

SHA512
957f46355fee32c986e1f3164ed10ec666cd9cf80120643be6a3f6d476f6638f2e03c1a4ff060342ceb758b4f36479f685e75e0249076896a13c42e86c8a78d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000038

Filesize
20KB

MD5
3973841ec72ffb5afafe4405da28472c

SHA1
c2c78b166c159522fb4300d45ed24640c8bbcb4f

SHA256
b107713430c2cdf1038385157566ac7dbf4b592dc563e8c76a1c4c9b03c4b3ae

SHA512
e7935999e6b560ee77e0a379f8e6cb144b9724553a703d16934335618a7b9686a6e87cdb27c8d032ade17e1d95eb45425a6dda731f601854794dee18bad9b4ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000054

Filesize
211KB

MD5
e7226392c938e4e604d2175eb9f43ca1

SHA1
2098293f39aa0bcdd62e718f9212d9062fa283ab

SHA256
d46ec08b6c29c4ca56cecbf73149cc66ebd902197590fe28cd65dad52a08c4e1

SHA512
63a4b99101c790d40a813db9e0d5fde21a64ccaf60a6009ead027920dbbdb52cc262af829e5c4140f3702a559c7ac46efa89622d76d45b4b49a9ce01625ef145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000009.dbtmp

Filesize
16B

MD5
979c29c2917bed63ccf520ece1d18cda

SHA1
65cd81cdce0be04c74222b54d0881d3fdfe4736c

SHA256
b3524365a633ee6d1fa9953638d2867946c515218c497a5ec2dbef7dc44a7c53

SHA512
e38f694fd6ab9f678ae156528230d7a8bfb7b59a13b227f59f9c38ab5617db11ebb6be1276323a905d09c4066a3fe820cf58077ab48bf201f3c467a98516ee7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_lpcdn.lpsnmedia.net_0.indexeddb.leveldb\000002.dbtmp

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.bbc.co.uk_0.indexeddb.leveldb\CURRENT~RFf79bae6.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
e45d47f50a7ef3fa1c6b503d0864de2e

SHA1
4671067186fe54ff5568f147bff850cb76ce6ea2

SHA256
728c6b41e0e414e458362705bceb320598b663ebe811f0cc48c0c71133c9db9a

SHA512
b113d794aaf3667f8914e0b085c4a37bc1e366245b59b28613bd0d1983f10e1ccc5d1087e3abd8fb47af748aa541345659d4e43fb1f19ee7aa04b5a958445083

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
987B

MD5
a7319975b6d18ee41dd1be0d9672b81c

SHA1
5cc3846b5557218a69b319acc0790ee29b24445c

SHA256
3dc6043fd43ea9bbeec26020953c86b6522e61efa061a86b5dc3e7162f3e7f06

SHA512
f0022a309793d62327c153da340de1f968d22b0f61e9471845ea8d3da84952bc3a723a69ac6cef360e20ba335cda3eb39e1f4ee7d570ffb5ca9c0d3bda3dd09e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
3f253eb7451adcdbced064e8297d5000

SHA1
64ce23fe8d291d19b794f87b0e6927a1c9e43a8c

SHA256
2863b0ba6dc1c9b52b1ea31ae5704ac0b1cccd209007c73f44114b62dca7dddc

SHA512
d56cbec73bbd958c6c4cc7bf5e283e28a7d9543aad5234e9e691612e5d1e2252994e3861a5229c8ee8e0f620a34801d4db94797da7ee0dade7c702524beb9f35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
adf267a8fd27ed2eb43790624e8e7796

SHA1
a4ee8d81aaea1acb32353ef4df490b12211bd072

SHA256
37178078f594e4e4ea62fddc1942b75eaddd2ab2415400695944c82dfeb104af

SHA512
0f25b327498d6d5918be393b1279af839552b9c2dd75a5055a2bfccf4ac2d34a3771f954ac2bc108db2442c232f1913f729368ad578adc7622215f768f72de04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
9ef81902b7994c7daf911952e9888e24

SHA1
44ed5a1f2b39b34d710ad8834c09d4143707bd26

SHA256
eab5864307fea6feb7eda870a717f7f3481ef053b4ddd1348a339e68daa7179b

SHA512
97eed7e126d531787a8df87123e56f26f593b8a32c4aa7d287b1c7f17f7afdb7c6dd215004d7e5d121abaa0632e348266119b971868edeac17cb86ff286f74a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
f1b7217e8f09252c89bd8d706817b08b

SHA1
9f2c7bfc78d3554adbd4e9726fb42b98bcb5b7e7

SHA256
b71176e5d4e0a4d6f56eaf786c395c8adb902f2f6f1366dcf54e0e8865c92561

SHA512
01ac66efc003217380cf2e92b4faa2dead2574fc5ee3dd789c38a22cc3f2081b10097a92c38e8168b07579a70fa35e0b7820ac21aa5926ebd0a9ae5c4527b885

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
5a881cec28d92a2dc6bc10af43dc91cf

SHA1
babe2d969a7cc2bda9204bb3e8a9dba704082335

SHA256
299e4540b97377d18de95fed66de230174062ac572bdeeea68e797c8bb32e007

SHA512
017b08a0073ee7598fdc70d78c5f59bcbd103a426697040cba41f697fb9df1d05b3cd080431b35925cca65c01334ab6b11ca14349590db7c37ea8c62a1bc23c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
ca33c723d149887b1d5de4be30dd2079

SHA1
d429a523180ff66682b8a6b224254dcf2d500dfa

SHA256
0e2e83a2ad4c371591219f0757ace409c52e399161b879416d91d18b71198889

SHA512
2ebb45c618f5b365deb60d59d689b17aa1cdc6348f684f6f3b73ebb0faafa86d952845dfe3602fef6ee6b9c1d5eca288845081dc7e2f1aa75663f51bfb7dbedd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
a734cbe506db16f3eae34008eb2314fd

SHA1
10258a8d1eafaa090b28e6ff64d701b827b61e74

SHA256
a158a1591a3230da51d91516eb682aff8d913183644acc4409a380c49c45a249

SHA512
2bc57d6bf95f2dc39be8856822a4fb70aff3c4868cca1c14d6f07145783f80357c26ed1a2d18f92320410d18c3b60828fbb9b3da17bd9cc305dea003fd59e7a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
5e5f603bb563cbca487c3c6ae24eb390

SHA1
63d558fb2d7343e998c0a79c205f4f28543922c8

SHA256
d882e1e4f01a817093f1c8d3d068f4f1642304b1847ab9f9053a8bd610c9651d

SHA512
d681594ca53a2e59e30d163650551ef04fe9f46818101c47f8321c1aab252ce1ec23ac902df8a37a06f1160daa9437e60916af0794b47e89651274461dcc10c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
84683facd72d34c9b27bdeee2f20acd0

SHA1
043d9b5d6f6bec5be9131a0381e614eed4220d07

SHA256
90116bf3ee72acb6bfff574daeaa83bb8bafee2665af20e56c643f68142576f3

SHA512
12fe92d37994816dde641b8f92a575eee12f807a32c7ccc4ccba886d64cd890fb5d37c8323ecce231952e92a38210b7266246bcbf555c34cd25adc3eff58ee79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
951157639906b5a932fcc9069a82c5fa

SHA1
2d8c1da3d5c729a0235bf57da0e2bf08db072396

SHA256
58fecebe61d99269d791465913539cc4266e8842f3f075d72c1c5c881238fa89

SHA512
be90964a6a804866d0c2f1f4d5be8d1be60f542e5318136e9f8236242e2bed4b0ab3f157da7b95449801585da32ee0e87ac0bf26d7f1217cf9e7c8f77709f514

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
3ecbc0ba88316f4af2824a7f4e450dde

SHA1
2788832dab48f1789587131ddba1873b171eae4a

SHA256
145471dfccf663c4da728b91a1f7594df54dfa0747de2c2d197125df47162782

SHA512
b6c4aee14692abaf26d03dd94bb13b93f4c8cfadbf849ec9aea54c28df23c8855a15ee2191392709da49022341b82e88db143e3f7393b8dc4ebc80dd6ddd046c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
25ed142cbdf668383831eeb0195d8de5

SHA1
d03780c32e2604036d88f05f0e76a37f651103be

SHA256
9d042c57ad343587d4765077c17c201f990841b8b06d480494beb7008152c336

SHA512
8eb0f0622ce56eb1d2d74df8c9ce2ba23012a944c7ecf8d67a865f77baf60bb88b091444fe51c37b357a53b9253a09bc9abc5c015f3b0fe6ab57be4fa1a9b074

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
b679d729df6fcd39dd4b676b601d0260

SHA1
01fc6034d04bfe08c095a68057c05ef4cbe4a0b1

SHA256
3f08c71a95a477e71d4cbc73ad24d9684a36cd928c7c2c01f29aef3f3d2e3087

SHA512
96785afe8756eaec2f020c6315838a9c7c30aed2d0c983c5b683e259324da93656a6d5759fce68d68fcf7cd072c64f0dd7e622941f2a05d0ebc7e52381e570c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
acdc8b5a20005e976ca8e3db76b0cec6

SHA1
be41a9304fd6e2929415b10aec743e9a98045108

SHA256
7b5ddd998fe53e9cebe089539db8ff30f6ae7b4f7c0c4006633ebd4de54db33f

SHA512
40cf06535c665d4eec9302b3ea384ee439e33a1e486a1f0d3acaaacc322b1166db30ee5faaf760edb4c65a43f2530d2866beb12c597d03094e8684d87760bf25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
c12cf6f3d9b8f54b5ac258f7e803ca83

SHA1
322c585b7c46d0140ab17236fa1ca93dfa0cb7fe

SHA256
660c3a40acc8f23d4cd6848c839a900d256a34db383bdf882735af658e732072

SHA512
a54833d0694740cfae65c65640844f6ee8a02bff80cefffcaacf1757a6e3dbd99c91a235c55e90605eb32ae38bb096ce62369c2f04b3aee6d41434701359f5d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
fbb8853645dfd084104594ed00179ac1

SHA1
e21b3acbfe89ac556f8af70486d65ff5ffad1229

SHA256
1822e4acb80b49daac0738ff5051da7d3875204e02197a499a657bd3e6764b01

SHA512
93e2d9a62ed39a5f2572c42a097b677974b5d037a9707981b7bacb5171169dd92cbddbdf45d7525b1853bfacffaa4657efc270f5fd6bf3e7e9839d80caf05313

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
79e4839b52cf3c0db94f71d8dd672584

SHA1
88de6e2867bebe632d72847a60dea8525e2d8200

SHA256
0a1d22234b128063f4b090c98d12683c1064ed1ceb8060c6f08e49b3efeab29e

SHA512
7b632573d69fb459987174427bad51b7a0241ba4629c461d8daa91697504dceef259949934ff18544ba5eabc04531f9f09495c28a154a737cf14f3ca701e5d03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
d4b0905c3052a8f03c2eaa3116c2d21e

SHA1
c52c8198aba9f84d2ef17dd1474ae80f4cc142bd

SHA256
e125c6772281055afc1c48a192ada6d21dac9acc11d39e13b6749f1a26ee4c99

SHA512
7375a94b5b36e3e8cc8fb99d553f05bb857bb8752b5e37ba533c4500aad7e1b3bc40742739a5585b6d800128f31ea93e3c151bc3e70ca308f1be4c4ad2a0a00a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
c2ed3da6e851f2732418d3a537393b7e

SHA1
a409b41fe9cfef82f5ae3cfb595ec9a17e1da3a1

SHA256
5a6b89259cd2a003b7ad0fb9f235388278e4edc9006791b7e599260af8ae913d

SHA512
773c760fbfe60ae5766c474157d061de67aec805e3e4653787699fb6ad59b3d9f4f4cc58134091d907f038e49278a1e8782511f84de0450b476f69af70a97dd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
80925050b7570b74921712779d5c7f26

SHA1
142ab9eb88e565a6f8beeee1a52d5c0aa7c1af6d

SHA256
9bea6eda5443fbd6f9b7688d2fdf4f0273dc6fc43e39107ad48fb90f1176c55c

SHA512
6c71fcf88154da3ea2dbfdbf01d6c2d3b2c0d216466277743f8d4c843d579d8e3920f91a820ad20d1aa1baae7db4647bcfd1119d945f621da6eddcf930302a4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
fde49367dfb834fe970abcd08d801dde

SHA1
253ba29bb2d533c5326cb784b13866f73d0a1929

SHA256
a4390f04781d28d63f8b56487f443ea814d7beb924e03b7e7b02337cf2699178

SHA512
59609a961d365307ca80cbd097661af3e85414b2fb03d11217b8db4d65df525c5f807427644387e0703e9f3f60418a0ac581d816fc3e238cb225edd85bba3874

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
70c372e99181bf0d0c63f25e5b7404e0

SHA1
48bbecb30dc46e392f7c02ca385dc06a8215c705

SHA256
2bf70a973b98eb8d1512f8ff1c578bd3d28b04e468dfc381e46748407c40c45f

SHA512
3455d92238c24950e2bf94d78d2a58403a510ce4db2a8581af513c87d1f9056178386596537b5910a6f443dd880f746ff16223ce82f670e6b18c0dc290b7f3f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f570c80d1bc20d550dda13c9474f24fd

SHA1
5d4ba6cfd960fed2d61b0bb7c18bf10804f12f0d

SHA256
4b12ba013c4dbf8ef5705e84a9045390e81f0d84a1d31ef375193de3c4dadd42

SHA512
93c1066203e511ed1f78860a579aa9adf8803eb515639d7d604442d8064cbe692e7a8bd3e62b4c8901331d805b2dd51043ce9452fe8cfa35095264277d726ad4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
e297b828b4305211e6b5fea2d7b6dddb

SHA1
a47339a3f0c104c8a5b9b56882fefb808098c8bf

SHA256
7d867e5fb9b038c7a402c0691b021195298ebbda95c62a87ec06385ac3ebae41

SHA512
a70442d20dfce4d53c0ac6089362807981c940361a8f18caef549bc778f8a3fbce28c1f72d07cb081aa3a95956f802b0b2404478b0c67e916228bc9f326622b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d102889bea96644590605f2e48697a7d

SHA1
01cce43ac96f2e0a3d0712a12aa5fc7cfc20fbc8

SHA256
f23e87738bd118d8f7323d63537e8300738dc7d7d627fd497b4bb43acf762201

SHA512
1f1d12b947069aeb7e879aa326b2f6fb9266d1fece6210979b1169014e51c0bff017454917aee5649eb187bc94a8f41dd9ebe0fd40a5973596434878e298d268

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
77a0675ff843d9562168abba673cb8ec

SHA1
99d50480943856a7200c98814159c5ed80993643

SHA256
d3125c011c42b85b8650dc8933fe35164c662578bb07aa4bf5e22ce1852df3e2

SHA512
1f2a5bb4cd90b824c0c469d76a5179d3932b720046cd672ee1eece25a6a2d0a3ff3a19cd92fb2680515e645809126ca69dc5441f3c0b938b8a013ca7d0cc7846

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
6028fdfe83e815685ab9d6247fb85387

SHA1
af536dd04ba3e2b6cd726793c00cdc9c582d9da7

SHA256
063acd5533ea33d8f9c9c1f4c22bbcac1ef2c54485f957f73fbadf93cf8535c5

SHA512
648383a41372f0e25c732f2c5db7df27cd59fe7b47b52434546fd5b3abe6c3c4026091eba617177e69576e68730af58ef68f4178b4d4843b0be0c488f809e9fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
326c789457b55003aa2e0ccf6c6c2840

SHA1
2d5c6e70b6d7241a69eaeb2869cf0a94de55d970

SHA256
2de7384add4bc4e4769b786d58d538d8042c8301a6623a60f2232feda11e83ea

SHA512
97b076eab13ab616cc3888d76d4af193e422f4b9d8523a0bcd6be73af776c2a0501e873ac067a32d60444a349608309d95a340426b5cf2007cb3d76b9abda52c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7ba4666c6bb8460e97821e55bd92dca7

SHA1
c8981239956a438dbf1bf0065c0a984959d109a7

SHA256
a4d53d6ca812bd3af7c517822b18ae8d0777fdd4e8d0b977850532fb9a23860b

SHA512
0bc35f285c63e1c0b09d09bd4c668410fb59c0cbfa42fa035c539f26020ecf6c13ea5d0ea95354446f36b99a36a2cb135f6a6f34cc7964bedd8c8eee6743d6ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e662296abd036580231d778bce2b1f4b

SHA1
2941f33a899e2ce3113eaef6eb3cc3cfa52d9dd0

SHA256
eb97235872bc0c7b93df6b6d9f1473a0505718bc429d56ef53277cfe1708f863

SHA512
dcf0281c814ef18f1497d870668e0597bcb2485e1efe70f3322934ce6ac417d5900fce705609adcf810f9274b1f6a7c4fa07aa4dc24349d7405f1d9abff3197d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6419464b4bc3329a499baf31033b6d19

SHA1
e58b1c7967ba7baa237823636bcd6979f3444285

SHA256
5437f63a80afbc38e8b4f33cfa853721d9a9e3cd1dad2a6d7f1bf5938e3e35a5

SHA512
77906676c8dfdd3ba95fe38d555af631aaa27a9febf73ec8d20d2f6e25af63f1cb3f0d9e1493b6ef4cb8df79b191e764f6a8471c6c6ba43fdb4a70744d412e33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1bcaaffc4307b7d6373b73fbf0ab9939

SHA1
e5b44f9c937333df76ca3b6ed3c2e5548690a264

SHA256
bafd741c11a98e131d753db4265e7ed3f3d745012eb4e0a0701e3dbbdff3a6d5

SHA512
268fabd4d001e23512fcff765e358f49d192327c412c6b174dcbec4cf189559ae99bede0559f6603efb16f13c5d7a0a9c76a1025dbf63d57bd564671c5d7607a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
afa0a05dc07d2bb0c3bcc4c834e3cdec

SHA1
a5b7a246a7b038a19cf1ba6a8897bb4012dd99af

SHA256
c552ffd8c3ef02a08593626ca6f40d8265ec98f4485b9f05d231efda094c9829

SHA512
d019e3a4dfbc9f904dd830d6327507780ad2a008339ada8894f6cf823cb4997182ee24662bfef43f6a95ead0f805093fc5eecd889d64ef5fd088c8f05c701727

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
dcc88f7f10bbccfb2622471a49901f82

SHA1
b96ea41391a44f4b090b836fb45f51375a969d79

SHA256
c3517cf7cb663f77eef80931a55aa34989a175162159494a4895f63a5314dc55

SHA512
1c3fbcb40173f356f4c48afe505af9e089f0ba8932c4be355a6c36b5abafb2d5d84d5d7779848d712abba1d2922c7eb63c2ef1b131497bccb66c995f3b13d9ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000010.dbtmp

Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
321KB

MD5
85779c8c39e8f0d7765875fe548680ce

SHA1
33de5b8df925417ca3237264132c945d352ff7b8

SHA256
58bd23a61a2ef78b227e523addae241647a2bb101bd56dddf2c0c30cca841c2a

SHA512
6e461fff6b232aac14db49137c859bbd2011970a76e62e2ed07d5a5f52115d7c8fb94db4537dc09dfed08a88b33ba71a0d05a7c2f4327afa96386a4178e52c47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
170KB

MD5
0416fcca703adaa22d3541a2b7447b4e

SHA1
cc3315a8dbd9430d9e4c6bb332a0184b31184c89

SHA256
ed33a0e2d9ee98e611c3e3992a422cd7b9fdefeb185b56933690fa4c79643bcf

SHA512
e4d017f23161f42c1b82980de8adab109501818cfe722d438eb6eec27465a901c5c9c97de3614976c6d62f171dc3dd777f95c2d3a709783480fc50f9de2272ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\af50d3b4-0040-4087-b4a3-f25ffe4dc1fc.tmp

Filesize
170KB

MD5
bdfb36c54ba79e411606b330ff83381d

SHA1
096699679080a8872af6aa623d84405247524209

SHA256
0028322fe568e867cd8bf5ef45c078c2296898b30f14cb7e56dbd7f5697ffcf2

SHA512
5aba71b6344d8e8be8f96af94bd40cd552575acf1bd82b3162b8a0574961cf71287834c27be01be27d7da67bb28a6d876a23cb820e769f00323686d15469e3df

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC9B7.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarCCE5.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Desktop\Getscreen.me.lnk

Filesize
1KB

MD5
755ee0541636d96c104f5af9559562b8

SHA1
358d5872f3bc4c64e479ea33924b0eff5cfdf487

SHA256
4e0f82da86ff1ed4a90d309413a6722baaba800a839933ba50edfd0e875bdd49

SHA512
ee9cd8c4cc53c4295d35ff2df352173349b42007dea4f7661191f5185405cbbac141d34ee76d5bd64ec8c19979dcca48d44e60b87002cb456b841b11c12e8cd4

Download Submit
C:\Users\Admin\Desktop\The_glamrocks (1) (1) (1) (1).pptx

Filesize
2.7MB

MD5
74bc7021fff5ebdc5335f6decd2cb104

SHA1
e75d5f09fc27ce1756cea6d2d410796e8db9e0dc

SHA256
5361cd12be92c807c9e3e63e37bc156fd5207196c1a70723d338bfd87e190b90

SHA512
16da2d8e00e2b99edd330621fba72ccebb5c9c03eed9129dd5c142733dea9a9d66cfe252abe02d5825dcb509008cb9a53aff6ffefab218fae6ac40b4fa0f6259

Download Submit
C:\Users\Admin\Documents\Photo Album.pptx

Filesize
499KB

MD5
497643363c5765e8c203aef76f329f04

SHA1
b2b46042aa62a0230937e25a3dbcc8ebf37e1207

SHA256
004f06c9f50799d0333d7ab61bd4404ce85809ff32f9240d0ec1cfba643eea13

SHA512
575e15a7bcd0479d5a29ffdbfd43cf6ddf578a0e47a83d53aaed9470534eb579031f9f794607d324c1b45e9e0ec2a9516c6ed2fbe1f9d3ebcc9ddc5473bf0a3b

Download Submit
\ProgramData\Getscreen.me\lmockiahxnzszjuaovwrcwpiomtvavv-elevate.exe

Filesize
4.1MB

MD5
bbc4c1acc77666e7259ad7066010de20

SHA1
5568abfab1a7fc70d6bae7ddc1a8dd8b43455d1e

SHA256
4a0a92fa34eeffb15a201735e9c4ef89f6d5d0b6c9149bf554b0912c08019176

SHA512
1e2e8067aa2ac84341012984e64b1aae004accabf036329226b89d2e066f93126596ea749a1d5c9a065ead505a99998b45aa65c0a3c4eb3c8f426206260ebf78

Download Submit
memory/684-181-0x000000013F720000-0x000000014102E000-memory.dmp

Filesize
25.1MB

Download
memory/684-432-0x000000013F720000-0x000000014102E000-memory.dmp

Filesize
25.1MB

Download
memory/684-735-0x000000013F720000-0x000000014102E000-memory.dmp

Filesize
25.1MB

Download
memory/684-1528-0x000000013F720000-0x000000014102E000-memory.dmp

Filesize
25.1MB

Download
memory/684-829-0x000000013F720000-0x000000014102E000-memory.dmp

Filesize
25.1MB

Download
memory/684-1453-0x000000013F720000-0x000000014102E000-memory.dmp

Filesize
25.1MB

Download
memory/684-287-0x000000013F720000-0x000000014102E000-memory.dmp

Filesize
25.1MB

Download
memory/684-1039-0x000000013F720000-0x000000014102E000-memory.dmp

Filesize
25.1MB

Download
memory/684-1309-0x000000013F720000-0x000000014102E000-memory.dmp

Filesize
25.1MB

Download
memory/684-618-0x000000013F720000-0x000000014102E000-memory.dmp

Filesize
25.1MB

Download
memory/896-115-0x000000013F720000-0x000000014102E000-memory.dmp

Filesize
25.1MB

Download
memory/924-617-0x000000013F720000-0x000000014102E000-memory.dmp

Filesize
25.1MB

Download
memory/924-125-0x000000013F720000-0x000000014102E000-memory.dmp

Filesize
25.1MB

Download
memory/924-1036-0x000000013F720000-0x000000014102E000-memory.dmp

Filesize
25.1MB

Download
memory/924-180-0x000000013F720000-0x000000014102E000-memory.dmp

Filesize
25.1MB

Download
memory/924-828-0x000000013F720000-0x000000014102E000-memory.dmp

Filesize
25.1MB

Download
memory/924-1308-0x000000013F720000-0x000000014102E000-memory.dmp

Filesize
25.1MB

Download
memory/924-1527-0x000000013F720000-0x000000014102E000-memory.dmp

Filesize
25.1MB

Download
memory/924-734-0x000000013F720000-0x000000014102E000-memory.dmp

Filesize
25.1MB

Download
memory/924-286-0x000000013F720000-0x000000014102E000-memory.dmp

Filesize
25.1MB

Download
memory/924-424-0x000000013F720000-0x000000014102E000-memory.dmp

Filesize
25.1MB

Download
memory/924-1452-0x000000013F720000-0x000000014102E000-memory.dmp

Filesize
25.1MB

Download
memory/1100-86-0x000000013FD10000-0x000000014161E000-memory.dmp

Filesize
25.1MB

Download
memory/1844-64-0x000000013FD10000-0x000000014161E000-memory.dmp

Filesize
25.1MB

Download
memory/1956-58-0x000000013FD10000-0x000000014161E000-memory.dmp

Filesize
25.1MB

Download
memory/1956-60-0x000000013FD10000-0x000000014161E000-memory.dmp

Filesize
25.1MB

Download
memory/1956-66-0x000000013FD10000-0x000000014161E000-memory.dmp

Filesize
25.1MB

Download
memory/1956-47-0x000000013FD10000-0x000000014161E000-memory.dmp

Filesize
25.1MB

Download
memory/1956-49-0x000000013FD10000-0x000000014161E000-memory.dmp

Filesize
25.1MB

Download
memory/1956-35-0x00000000028D0000-0x00000000041DE000-memory.dmp

Filesize
25.1MB

Download
memory/1956-5-0x00000000028D0000-0x00000000041DE000-memory.dmp

Filesize
25.1MB

Download
memory/1956-51-0x000000013FD10000-0x000000014161E000-memory.dmp

Filesize
25.1MB

Download
memory/1956-53-0x000000013FD10000-0x000000014161E000-memory.dmp

Filesize
25.1MB

Download
memory/1956-69-0x000000013FD10000-0x000000014161E000-memory.dmp

Filesize
25.1MB

Download
memory/1956-0-0x000000013FD10000-0x000000014161E000-memory.dmp

Filesize
25.1MB

Download
memory/1956-117-0x000000013FD10000-0x000000014161E000-memory.dmp

Filesize
25.1MB

Download
memory/1956-110-0x000000013FD10000-0x000000014161E000-memory.dmp

Filesize
25.1MB

Download
memory/1956-36-0x000000013FD10000-0x000000014161E000-memory.dmp

Filesize
25.1MB

Download
memory/1956-34-0x000000013FD10000-0x000000014161E000-memory.dmp

Filesize
25.1MB

Download
memory/2116-10-0x000000013F560000-0x0000000140E6E000-memory.dmp

Filesize
25.1MB

Download
memory/2116-21-0x000000013F560000-0x0000000140E6E000-memory.dmp

Filesize
25.1MB

Download
memory/2500-52-0x000000013FD10000-0x000000014161E000-memory.dmp

Filesize
25.1MB

Download
memory/2500-50-0x000000013FD10000-0x000000014161E000-memory.dmp

Filesize
25.1MB

Download
memory/2500-67-0x000000013FD10000-0x000000014161E000-memory.dmp

Filesize
25.1MB

Download
memory/2500-7-0x000000013FD10000-0x000000014161E000-memory.dmp

Filesize
25.1MB

Download
memory/2500-92-0x000000013FD10000-0x000000014161E000-memory.dmp

Filesize
25.1MB

Download
memory/2500-61-0x000000013FD10000-0x000000014161E000-memory.dmp

Filesize
25.1MB

Download
memory/2500-70-0x000000013FD10000-0x000000014161E000-memory.dmp

Filesize
25.1MB

Download
memory/2500-59-0x000000013FD10000-0x000000014161E000-memory.dmp

Filesize
25.1MB

Download
memory/2500-37-0x000000013FD10000-0x000000014161E000-memory.dmp

Filesize
25.1MB

Download
memory/2500-57-0x000000013FD10000-0x000000014161E000-memory.dmp

Filesize
25.1MB

Download
memory/2500-39-0x000000013FD10000-0x000000014161E000-memory.dmp

Filesize
25.1MB

Download
memory/2500-54-0x000000013FD10000-0x000000014161E000-memory.dmp

Filesize
25.1MB

Download
memory/2500-48-0x000000013FD10000-0x000000014161E000-memory.dmp

Filesize
25.1MB

Download
memory/2632-450-0x000000013F720000-0x000000014102E000-memory.dmp

Filesize
25.1MB

Download
memory/2632-639-0x000000013F720000-0x000000014102E000-memory.dmp

Filesize
25.1MB

Download
memory/2632-186-0x000000013F720000-0x000000014102E000-memory.dmp

Filesize
25.1MB

Download
memory/2632-1458-0x000000013F720000-0x000000014102E000-memory.dmp

Filesize
25.1MB

Download
memory/2632-1529-0x000000013F720000-0x000000014102E000-memory.dmp

Filesize
25.1MB

Download
memory/2632-830-0x000000013F720000-0x000000014102E000-memory.dmp

Filesize
25.1MB

Download
memory/2632-126-0x000000013F720000-0x000000014102E000-memory.dmp

Filesize
25.1MB

Download
memory/2632-758-0x000000013F720000-0x000000014102E000-memory.dmp

Filesize
25.1MB

Download
memory/2632-290-0x000000013F720000-0x000000014102E000-memory.dmp

Filesize
25.1MB

Download
memory/2632-1371-0x000000013F720000-0x000000014102E000-memory.dmp

Filesize
25.1MB

Download
memory/2632-1056-0x000000013F720000-0x000000014102E000-memory.dmp

Filesize
25.1MB

Download
memory/2692-120-0x000000013F720000-0x000000014102E000-memory.dmp

Filesize
25.1MB

Download
memory/2736-33-0x000000013FD10000-0x000000014161E000-memory.dmp

Filesize
25.1MB

Download
memory/2788-105-0x000000013FD10000-0x000000014161E000-memory.dmp

Filesize
25.1MB

Download
memory/2788-71-0x000000013FD10000-0x000000014161E000-memory.dmp

Filesize
25.1MB

Download
memory/2928-45-0x000000013FD10000-0x000000014161E000-memory.dmp

Filesize
25.1MB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads