260f06f0c6c1544afcdd9a380a114489ebdd041b846b68703158e207b7c983d6

Resubmissions

13/09/2024, 08:50

240913-krrk1avbln 8

13/09/2024, 08:46

240913-kpfeysvdlb 3

13/09/2024, 08:34

240913-kgtbvavakd 8

Analysis

max time kernel
185s
max time network
192s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
13/09/2024, 08:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

em.rar
Size

17.3MB
MD5

b18017525805b6fea9e5115f0b0c71ce
SHA1

3f14138c59369a0e66ed16cfdefc06e39bb3f59f
SHA256

260f06f0c6c1544afcdd9a380a114489ebdd041b846b68703158e207b7c983d6
SHA512

28a8227a769d89ef6984a374e0498e5d771f37ef29bdacfc68da5f449a4c336fbbac16e5174aff06ecf60a0b29cf5ede4c5883f0f248e996b994ad1ecb1f5cc1
SSDEEP

393216:1M5fWcqpKnHDBQ7jsW3z6Q1wL19Z6YVuFt6Fw0HPOHl1T590MZBxNyRLOb:qBqQnHDB8pYB/6YVuWa0vscMJNyRLOb

Score

8^/10

discovery persistence privilege_escalation

Malware Config

Signatures

Downloads MZ/PE file
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 3 IoCs

pid	Process
4904	7z2405-x64.exe
1408	7zFM.exe
1332	Launcherkks.exe

Loads dropped DLL 3 IoCs

pid	Process
3376	Process not Found
3376	Process not Found
1408	7zFM.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\7-Zip\Lang\uz.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\descript.ion	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ast.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\br.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\en.ttt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\is.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pt.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\az.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sw.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tk.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\yo.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\History.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\eu.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hr.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spc.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ug.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\cy.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fur.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\it.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.chm	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lt.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ky.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lv.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sv.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\el.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\es.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fa.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku-ckb.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\zh-cn.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip32.dll	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\be.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ext.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hy.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mk.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\7z.dll	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\da.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hu.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ne.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\de.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pt-br.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\co.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gu.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ta.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\af.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ga.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nl.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kab.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\id.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ka.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\an.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng2.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ru.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\License.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kk.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mr.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sq.txt	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.dll	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\7z.sfx	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\7zCon.sfx	7z2405-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\io.txt	7z2405-x64.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z2405-x64.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133706911269849899"	chrome.exe

Modifies registry class 23 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2405-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2405-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2405-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip	7z2405-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2405-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip	7z2405-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2405-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2405-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip	7z2405-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip	7z2405-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip	7z2405-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	chrome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2405-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2405-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll"	7z2405-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2405-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2405-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2405-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll"	7z2405-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2405-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2405-x64.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3280	chrome.exe
3280	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
3216	OpenWith.exe
1408	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe

Suspicious use of FindShellTrayWindow 58 IoCs

pid	Process
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
1408	7zFM.exe
3280	chrome.exe
1408	7zFM.exe
1408	7zFM.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe

Suspicious use of SetWindowsHookEx 21 IoCs

pid	Process
3216	OpenWith.exe
3216	OpenWith.exe
3216	OpenWith.exe
3216	OpenWith.exe
3216	OpenWith.exe
3216	OpenWith.exe
3216	OpenWith.exe
3216	OpenWith.exe
3216	OpenWith.exe
3216	OpenWith.exe
3216	OpenWith.exe
3216	OpenWith.exe
3216	OpenWith.exe
3216	OpenWith.exe
3216	OpenWith.exe
3216	OpenWith.exe
3216	OpenWith.exe
3216	OpenWith.exe
3216	OpenWith.exe
1332	Launcherkks.exe
1332	Launcherkks.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3280 wrote to memory of 2800	3280	chrome.exe	100
PID 3280 wrote to memory of 2800	3280	chrome.exe	100
PID 3280 wrote to memory of 3964	3280	chrome.exe	101
PID 3280 wrote to memory of 3964	3280	chrome.exe	101
PID 3280 wrote to memory of 3964	3280	chrome.exe	101
PID 3280 wrote to memory of 3964	3280	chrome.exe	101
PID 3280 wrote to memory of 3964	3280	chrome.exe	101
PID 3280 wrote to memory of 3964	3280	chrome.exe	101
PID 3280 wrote to memory of 3964	3280	chrome.exe	101
PID 3280 wrote to memory of 3964	3280	chrome.exe	101
PID 3280 wrote to memory of 3964	3280	chrome.exe	101
PID 3280 wrote to memory of 3964	3280	chrome.exe	101
PID 3280 wrote to memory of 3964	3280	chrome.exe	101
PID 3280 wrote to memory of 3964	3280	chrome.exe	101
PID 3280 wrote to memory of 3964	3280	chrome.exe	101
PID 3280 wrote to memory of 3964	3280	chrome.exe	101
PID 3280 wrote to memory of 3964	3280	chrome.exe	101
PID 3280 wrote to memory of 3964	3280	chrome.exe	101
PID 3280 wrote to memory of 3964	3280	chrome.exe	101
PID 3280 wrote to memory of 3964	3280	chrome.exe	101
PID 3280 wrote to memory of 3964	3280	chrome.exe	101
PID 3280 wrote to memory of 3964	3280	chrome.exe	101
PID 3280 wrote to memory of 3964	3280	chrome.exe	101
PID 3280 wrote to memory of 3964	3280	chrome.exe	101
PID 3280 wrote to memory of 3964	3280	chrome.exe	101
PID 3280 wrote to memory of 3964	3280	chrome.exe	101
PID 3280 wrote to memory of 3964	3280	chrome.exe	101
PID 3280 wrote to memory of 3964	3280	chrome.exe	101
PID 3280 wrote to memory of 3964	3280	chrome.exe	101
PID 3280 wrote to memory of 3964	3280	chrome.exe	101
PID 3280 wrote to memory of 3964	3280	chrome.exe	101
PID 3280 wrote to memory of 3964	3280	chrome.exe	101
PID 3280 wrote to memory of 4380	3280	chrome.exe	102
PID 3280 wrote to memory of 4380	3280	chrome.exe	102
PID 3280 wrote to memory of 2844	3280	chrome.exe	103
PID 3280 wrote to memory of 2844	3280	chrome.exe	103
PID 3280 wrote to memory of 2844	3280	chrome.exe	103
PID 3280 wrote to memory of 2844	3280	chrome.exe	103
PID 3280 wrote to memory of 2844	3280	chrome.exe	103
PID 3280 wrote to memory of 2844	3280	chrome.exe	103
PID 3280 wrote to memory of 2844	3280	chrome.exe	103
PID 3280 wrote to memory of 2844	3280	chrome.exe	103
PID 3280 wrote to memory of 2844	3280	chrome.exe	103
PID 3280 wrote to memory of 2844	3280	chrome.exe	103
PID 3280 wrote to memory of 2844	3280	chrome.exe	103
PID 3280 wrote to memory of 2844	3280	chrome.exe	103
PID 3280 wrote to memory of 2844	3280	chrome.exe	103
PID 3280 wrote to memory of 2844	3280	chrome.exe	103
PID 3280 wrote to memory of 2844	3280	chrome.exe	103
PID 3280 wrote to memory of 2844	3280	chrome.exe	103
PID 3280 wrote to memory of 2844	3280	chrome.exe	103
PID 3280 wrote to memory of 2844	3280	chrome.exe	103
PID 3280 wrote to memory of 2844	3280	chrome.exe	103
PID 3280 wrote to memory of 2844	3280	chrome.exe	103
PID 3280 wrote to memory of 2844	3280	chrome.exe	103
PID 3280 wrote to memory of 2844	3280	chrome.exe	103
PID 3280 wrote to memory of 2844	3280	chrome.exe	103
PID 3280 wrote to memory of 2844	3280	chrome.exe	103
PID 3280 wrote to memory of 2844	3280	chrome.exe	103
PID 3280 wrote to memory of 2844	3280	chrome.exe	103
PID 3280 wrote to memory of 2844	3280	chrome.exe	103
PID 3280 wrote to memory of 2844	3280	chrome.exe	103
PID 3280 wrote to memory of 2844	3280	chrome.exe	103
PID 3280 wrote to memory of 2844	3280	chrome.exe	103

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\em.rar
1⤵
- Modifies registry class
PID:2236

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb5261cc40,0x7ffb5261cc4c,0x7ffb5261cc58
  2⤵
  PID:2800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1916,i,953875285749498858,6675965683359386806,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:3964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2000,i,953875285749498858,6675965683359386806,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  PID:4380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2220,i,953875285749498858,6675965683359386806,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2452 /prefetch:8
  2⤵
  PID:2844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,953875285749498858,6675965683359386806,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3300,i,953875285749498858,6675965683359386806,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4572,i,953875285749498858,6675965683359386806,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4564 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4868,i,953875285749498858,6675965683359386806,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4880 /prefetch:8
  2⤵
  PID:224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5028,i,953875285749498858,6675965683359386806,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5040 /prefetch:8
  2⤵
  PID:4076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4760,i,953875285749498858,6675965683359386806,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4776,i,953875285749498858,6675965683359386806,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5172,i,953875285749498858,6675965683359386806,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5148 /prefetch:8
  2⤵
  PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4748,i,953875285749498858,6675965683359386806,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5040 /prefetch:8
  2⤵
  PID:2384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5496,i,953875285749498858,6675965683359386806,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5156 /prefetch:8
  2⤵
  PID:4752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5508,i,953875285749498858,6675965683359386806,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5648 /prefetch:8
  2⤵
  PID:2436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5680,i,953875285749498858,6675965683359386806,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5792 /prefetch:8
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3364,i,953875285749498858,6675965683359386806,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5168 /prefetch:8
  2⤵
  PID:5080
- C:\Users\Admin\Downloads\7z2405-x64.exe
  "C:\Users\Admin\Downloads\7z2405-x64.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  PID:4904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5464,i,953875285749498858,6675965683359386806,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:3144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5052,i,953875285749498858,6675965683359386806,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5416 /prefetch:8
  2⤵
  PID:4764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5812,i,953875285749498858,6675965683359386806,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5532 /prefetch:8
  2⤵
  PID:4864

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:876

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4156

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2156

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\em.rar"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:1408

C:\Users\Admin\Downloads\Launcherkks.exe
"C:\Users\Admin\Downloads\Launcherkks.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip.dll

Filesize
99KB

MD5
3428b9967f63c00213d6dbdb27973996

SHA1
1cf56abc2e0b71f5a927ea230c8cca073d20fc97

SHA256
56008756553ea5876fb8aad98f6f5dbca1ba14c5e53f4fa9ec318e355e146a7e

SHA512
b876b39d030818ce7879eb9bb5ff4375712cf145b7457a815880bf010215bd9dcde539e7d0877c56558e0d23a310bc75bfb9d315f9966cbda4ae02a7821980cc

Download Submit
C:\Program Files\7-Zip\7z.dll

Filesize
1.8MB

MD5
2537a4ba91cb5ad22293b506ad873500

SHA1
ce3f4a90278206b33f037eaf664a5fbc39089ec4

SHA256
5529fdc4e6385ad95106a4e6da1d2792046a71c9d7452ee6cbc8012b4eb8f3f4

SHA512
7c02445d8a9c239d31f1c14933d75b3e731ed4c5f21a0ecf32d1395be0302e50aab5eb2df3057f3e9668f4b8ec0ccbed533cd54bc36ee1ada4cc5098cc0cfb14

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
960KB

MD5
b161d842906239bf2f32ad158bea57f1

SHA1
4a125d6cbeae9658e862c637aba8f8b9f3bf5cf7

SHA256
3345c48505e0906f1352499ba7cbd439ac0c509a33f04c7d678e2c960c8b9f03

SHA512
0d14c75c8e80af8246ddf122052190f5ffb1f81ffd5b752990747b7efcb566b49842219d9b26df9dbe267c9a3876d7b60158c9f08d295d0926b60dbbebc1fa3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
79943037f6c6669f061f807bd6a4e8e3

SHA1
2e71993a9a332061630d8b6594f3c289c08da6d2

SHA256
d3ad9a61302d13c2064fa2dba3e55ccb35b43cf1ae14f6089f9c018db7a1619b

SHA512
98461803b08fbc3f5219d544452abd3b232f07ce814763cd495081f074947de7ae918bc1da943b40e060f2efd846be5fe53119f67b962737c5886f59ce676611

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
1.5MB

MD5
c73433dd532d445d099385865f62148b

SHA1
4723c45f297cc8075eac69d2ef94e7e131d3a734

SHA256
12ef1c8127ec3465520e4cfd23605b708d81a5a2cf37ba124f018e5c094de0d9

SHA512
1211c8b67652664d6f66e248856b95ca557d4fdb4ea90d30df68208055d4c94fea0d158e7e6a965eae5915312dee33f62db882bb173faec5332a17bd2fb59447

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
37KB

MD5
7193ca6b3f27e8d5ea7ce2347cc33198

SHA1
38a55d68668a6324c2f014755bba48fab389d827

SHA256
5eb61d382fb6a3f14be5213c0df50eca6f361fc0fd33b40058eea631fb5beb78

SHA512
a0b9231558db8396247ae3aa449e9722ac32d5bfd4930bb07e66497eb2faebf49c6abab0ddb0b68fac1ba103bbd75e120e6fed5b09e449731c0efbdb24831ccf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
37KB

MD5
33bdc9d333dc6b1e3dad3b166ea3a567

SHA1
30a38602e99bdc5c6a795f2ad5d54fec0458ddb3

SHA256
24cf7e133c705d3350bfe954c4e325b2de97fd4889de600f90cf06c8c3d02a4d

SHA512
5a7095db8e8733f71656871ef8109255049bfbff78c6beb030fb0c0a167a289dc29671f28a879b5e1ffd84418b29b15a59f5a264de6da8da08b02062fa3f1e92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
21KB

MD5
94a66764d0bd4c1d12019dcd9b7d2385

SHA1
922ba4ccf5e626923c1821d2df022a11a12183aa

SHA256
341c78787e5c199fa3d7c423854c597fd51a0fc495b9fd8fed010e15c0442548

SHA512
f27ba03356072970452307d81632c906e4b62c56c76b56dfe5c7f0ea898ac1af6be50f91c29f394a2644040929548d186e0fbcea0106e80d9a6a74035f533412

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
22KB

MD5
310332c9fcd187f4b4c3bc6198bc53c8

SHA1
e38fa66f3a0fee61cbe37eb7452c259321414159

SHA256
119ce23f0655325e876bca70a319f7345b6c53939e2e62f54335bd1218517976

SHA512
eaba5340162f1860db8be620274cda010b72050c5054075b92fdb0b73441349aa9f6c2a1c498d7e87bcdc8f42ddc5a2e965221bebe4063b9b16c40ce52341478

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
d3f58f0fe51b9c635730a33ddce14079

SHA1
20b2a52ebf9abf996c84ad1f3947d29c00a2508e

SHA256
2a5508b31e8df8374ad62c0e2eb822bcfd62c7b187c15daa86a9e86e9c13dc33

SHA512
10680936a42be6c0c8d04bace3c55805675884b778c16fbbf8fa796ef48b856496d8791535ffc9b2791ce2b92147a4211eaab398b1d0a6a9ed908926ceddada8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
9dd8721f3d27c676abee5a3972b19def

SHA1
ddf3b2013a368c7a0b57d218f8523d7dd4bc1909

SHA256
a8d7376842f25993a11c01bac3378c2992d835610972805adf83ae36f3f3a116

SHA512
d8468f14fe9c522803e0308c1b2a7dc6925e6cd5e8daa95f41ec439bc6ec7c4b04e97726aa4897eda8057878286de96dbcaca65e497264c7ec3beb9a3a39a642

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
def79bae4f30cdb255b9b27c18597332

SHA1
aac0e8e735ebb667ef4c5ca1d7d93d7d930a081c

SHA256
ffb10368704c3501d16dae28e322fd2d73647a193809c7abb98e43b686af584f

SHA512
ed79ac6364a4a52fcdbc72adbd413bba51fe33713f9e647c53a4f747702c366605444fbfdf5dcac3fafb82ccbea6e3f93350d327fc36af8acfb18b2be279d313

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
ed2c5a5d37e9774632a370c1a88cb82a

SHA1
2c4c76119158c74e937ec880c3e1fd3115835374

SHA256
a260332c6a8949e39f1dbe76208e25bd986178a7586d51907b9645ddbd9c968e

SHA512
4aa332309ddc1198d5f52770c6afa5003938d22c7add823cfffcd4d40b4f79086d852cd5b663087d282fb553aad6611eb303e97f398982493ffc1366bf689d65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
037251497673888f2a28a6f31fa7fc79

SHA1
8136ce55cdfaf8bf5603b94cd6315c4a30ae1c6f

SHA256
2c9adc435270ddda1d4cd3876ddc5432f97f8e0202a45a640b12a33a396b2874

SHA512
c653b25b3e95730d4dcb6eefadba74aacafffe0de10ff62f54e6a2cba8d04be5725a8471c4933c67388ca443c534fef37237caa880bc322f5d4f0555d7cd1e85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
819b97eed8e50c894feb15e4b5ffcf91

SHA1
9517ec0a227a94f7a20bae10f4897f13ebcb9676

SHA256
d566eb746adcf235f4239334501cfed996fd79a897f3f877b3a0c8e1f4234660

SHA512
f2cbeaf58cc4918e442dbc798d897fc097be4bef975eb0ac2de7f7b12e12b81608aa836a887ae842c634ad9ce2eee65bc6dac6291984ee3292a2c5eb81cf5ab9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
44671dda9094ef8d3a45c8c070098c33

SHA1
9a9564365bf4fdf247db31e802c70c00fd5b26f1

SHA256
33eefafd5d60b124dcdb9d4bb8abc90795c4a23c510773250679629fda042320

SHA512
51a1e5033a0d1a2a1db603ae19ebf0a2894aeef3309ac63e37ed2ed635d54fccc850ee73145729ed278ef11a8e73cb5f1d2872a54f205e048d53836cb8d399b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
100977554faf117f4402f88930b91b4d

SHA1
98eb9a90c3ef1c6aa0135460813b787e9d0a769e

SHA256
b74919d8e03c40b065c044666ea9d8896b2d154ba6c079ca2df8698f64a6128e

SHA512
759db352a68ea0de65e317bb682b4fc3da16ad9370f6cf407d606fddc673ba99df0cc59db5042e7c1b416a7ee7be7359aa279f0dabeb8d30ef9ef7076a44c3f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
58c1641931f90a7730b62775593207e9

SHA1
7cf59b61f20ffe699b5e33915ef77eec13522f8b

SHA256
7b1f5f5d491389a4c7fbf056395b5ef86eeb8974156375edd7a9b6ac145b2538

SHA512
5da5d62db47550a0f5b16ae391ef5bcfca7109a21669e9912eda47aadc72d1fbdf87e82ac0defcfaab67dc530062b22521b41bc1044bc04c834137b8c77a059e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
857B

MD5
521ad3edf7e1c775ba53fcaef1df46ac

SHA1
5bfea03511b34561f367b65998aa9f9ece725d32

SHA256
296c2fa82e1f5d0c4d85164e2d10f5842833757aab8ee765bb62bb22fc22796b

SHA512
2330f58361f7b2b17fc181d0425e1222d078b3a3202024d18bdf4aa84d6fe020ac3ee0d2a7244e46d350f830a4035af282c2962cca017dfe96a7c2fa605cea61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6a5bfe2fba169fa8dea57a87f4e0d063

SHA1
3ea470a276f9ea195a4b11d7e6509b5dc67bb13a

SHA256
6c39b21fac66545056aa14fa2570f477ea090f3df729bf48ac1c9d22b0044b77

SHA512
3ce5a83736f037579772b3f93b6180f21c0615a6e9275411f90f378b6709bda5bf9e6d155565f946879da9e1fed97bf020d28361dac8526c56e1a97e7fa9226b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1a1c9e225801728c6c6579178dedfd99

SHA1
e75616ba7e9b094bdd311689b326bca9f1de8950

SHA256
a7c06bd43c3354bf912f019cd675784a42b7d1fad620ae47127860fe362fb492

SHA512
95abe53f8362f6b2d4ce9c223c5b337f0250fec48724f63f2d99194b8b364026c66014761a5e5a5ca83c3a95a094605f5c20fe7b6fa9284d5c34ed9d960839c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8553141a85e9a96130a9302d4c34835c

SHA1
8a7016226966049ce194a67ad3d59626ac4744af

SHA256
a78d5c56b49e0d12be9d22beeb3af5c29bf9c680d5ea598ca563cf552a4378d6

SHA512
7c03a01a148aeb9b26a9c552b9d984aa0dcea8c734cb95c6829f51751defe068b95ad7c6d97092cbfedcfe49dd6d29b83ec736093d0476d03a9bc1bcfd49c980

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
968d6c17519a65e2d8f7cf617bffdc07

SHA1
1e0bbb93a1309e890d1ae011315a49a82f4c34d0

SHA256
8aa6d29f18d9389dea58010f184c83fd7c2c0bd92e80492ea758d2d1b47bc009

SHA512
fbb5626f98e36a33267fdbcdf4da07b4d0a7829666490f6654620501d73838640a5fd7a8cf58bc07827d267aa18adff7cc187259ad05b7e78bcf2f01d67244ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
46fa1404335ff25bcb2f6cea7bb8f32a

SHA1
ed1cb5fea7b34f6242130282f84dbad5b6e5c349

SHA256
f0220f1fbb4978e57cc6107fdc348c50fdf0bd352ef623c5d855ad3a68cee903

SHA512
b2e8a6bfae87a67ba48deff0140251111fdf23311a219c0a9b318f38d2b6253d1c8cc5cf3ef2726425e3bb9a37749515d022a50f27eba54a82eefaae25e08dd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
53ea78a2f311dc0f41b4ce88c498e2ea

SHA1
8c2077f173ab866db90d3859ae08de5b98ea5da9

SHA256
3b49caa79b5d81b1e90a68dfb14ef2f6f361fff6934f8f00097a5c23a8a16dc0

SHA512
de3b3064634f54e4985e39b88ec300a8c974eb8149683e57933a10dd0be3e0e015e5bd808b5dd38179d710a5d35ecd5bf08c2abec296fcc21810de9eeacec5be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6a54a82a1d8acf40c22a6b4834303803

SHA1
af7258d025427acc176e1b3f3f7cb3af5f9ad79f

SHA256
351d4a200cc6171b4f3c5004be0eb6fc2015cded5966a6772b0170bbab970178

SHA512
11fc19cf38e208287d78b16621107e5ee4cf7bc5cc64f2be8fa91487d8d0aaaca593da85e7b78d3f4e51da0f8314a3df06869a3ed40e5ce4f799ff8ff82fa637

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
37c5fa239c755304650dd2c060c34435

SHA1
d59e455f89ef1c93f41955d9ef519fe9eb64c29e

SHA256
902679a40cc53b469d3940cb3847cb65b22e6c5ac5a10d3af6fe8dba724f04bb

SHA512
fdf9da968e84f9b013b9ed05c0980f38757f435c9b0c6d63017e0fcdd7e2565e14895cb3802f947703f067eaf9f7be6470dc8fc4f1157a645396393599dd153b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
11f15febb173a0456f651dcf092c7ae2

SHA1
120aacf0e2375ec25b221449d9cfd0750824df31

SHA256
c692518f307f08a89128a018f6747b9f6f83604991a8aa65116616ceacecca3c

SHA512
1a985699ec90ee8345bb44c1ff842f2cb603189544b4ee5fb477df948ccebb77fb58f5bf570a8d4bc7a832cc48ec143c753ea28f4f2bb65bd3b35d875cd2e859

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
207KB

MD5
b07cd7eb07dc73a925fdd45db2944b49

SHA1
47845c6b4f479f1558a31fa5c6c6622c19ca2695

SHA256
1b6d789acd5d5e3a62737b8e92ce65d844dbc05498b26cd047f57d6ad89b75b3

SHA512
253b5a112b17fd49ff554a7312be766bb761c9253b275bbcda2852700106c19502da78449dec1a27fd381d8cce4f0c47a04660273cbfc967ad53e11a59a68f94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
207KB

MD5
d45744921ec4e324ef1b7b2c9cd5d6f2

SHA1
c0e7491d97556d053de2f8c6315ccba3368aa341

SHA256
0f7b65f9e2e091b617e6c0f80ecf7b8065ebcf25d0fa58ec01ca95ad5227c212

SHA512
c07fde1db3c22d0503ec233a2b45c2d7a62ed72aa544f6d9d9e7791763dd6414a76cab62e17add7f48ff47d7608bdc9cfcabbf7f8f1f53c1494da9e13d2835d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
207KB

MD5
29af0822958dd85c3da5fcd4e62b64a4

SHA1
d6650bc17cb5878e2974f89f30af18d0abc78703

SHA256
b86f9bf0c9397feb12e0358c72e3fb7f03851ef90240ad8a935679f3f26b64a6

SHA512
0ba685232387e7f1575be4f4101d77c19715d461299d0cdb6fc4957e0368d941dae159d3a259bedd5d222b5a6b6f5b47c5176271ed3ca0fbbb204b9b39387876

Download Submit
C:\Users\Admin\Downloads\Launcherkks.pck

Filesize
374KB

MD5
629de0818f1ddcad721e870d8a211bdf

SHA1
d251a07f8be2abdd3f5f4032fd820f641f1b9750

SHA256
0d03c7c6335e06c45dd810fba6c52cdb9eafe02111da897696b83811bff0be92

SHA512
e0652bc32229e7cb4fe7f18a45c68d2a43c425982750ca64ba775e39a04cf0a373e231f9b8b7eaf6a281c8492342b6d720901139c970676f57324b38ed7ec7ae

Download Submit
C:\Users\Admin\Downloads\em.rar.crdownload

Filesize
17.3MB

MD5
b18017525805b6fea9e5115f0b0c71ce

SHA1
3f14138c59369a0e66ed16cfdefc06e39bb3f59f

SHA256
260f06f0c6c1544afcdd9a380a114489ebdd041b846b68703158e207b7c983d6

SHA512
28a8227a769d89ef6984a374e0498e5d771f37ef29bdacfc68da5f449a4c336fbbac16e5174aff06ecf60a0b29cf5ede4c5883f0f248e996b994ad1ecb1f5cc1

Download Submit