Resubmissions

14-09-2024 13:40

240914-qyh54awgjq 10

14-09-2024 13:34

240914-qvecqswepq 10

Analysis

  • max time kernel
    177s
  • max time network
    490s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    14-09-2024 13:40

General

  • Target

    e049bf2e95cfd9354cd04da57dc33e0d_JaffaCakes118.exe

  • Size

    345KB

  • MD5

    e049bf2e95cfd9354cd04da57dc33e0d

  • SHA1

    e5b896193a4bcfd10723dd914e2f19fd693df9b3

  • SHA256

    2122beff06c9c868008da7f8d5659f4866b5696a809abf8c48b231db6e6a690f

  • SHA512

    f01d1c90cd261c21a7536cc907e9bf3d0a6e3b45f6f60cc18da9350f687116d404161c1d5ead05bcad30da8b2f0c94fc3068389db6820be16a06fbf8cad10dcd

  • SSDEEP

    6144:011QE6KflZF3TcH76K9Wwj1JJUkOOeaGO+/5cX52J2w:sFrITWwBJJfOOfGB/Q2Jr

Malware Config

Signatures

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

  • AgentTesla payload 4 IoCs
  • Credentials from Password Stores: Credentials from Web Browsers 1 TTPs

    Malicious Access or copy of Web Browser Credential store.

  • Loads dropped DLL 2 IoCs
  • Reads user/profile data of local email clients 2 TTPs

    Email clients store some user data on disk where infostealers will often target it.

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 11 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 34 IoCs
  • Suspicious use of SendNotifyMessage 32 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • outlook_office_path 1 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e049bf2e95cfd9354cd04da57dc33e0d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e049bf2e95cfd9354cd04da57dc33e0d_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:2636
    • C:\Users\Admin\AppData\Local\Temp\e049bf2e95cfd9354cd04da57dc33e0d_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\e049bf2e95cfd9354cd04da57dc33e0d_JaffaCakes118.exe"
      2⤵
      • Accesses Microsoft Outlook profiles
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • outlook_office_path
      • outlook_win_path
      PID:2508
  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe"
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2784
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef8189758,0x7fef8189768,0x7fef8189778
      2⤵
        PID:2724
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1196 --field-trial-handle=1212,i,13694666092458372354,4882540142183391905,131072 /prefetch:2
        2⤵
          PID:1864
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1540 --field-trial-handle=1212,i,13694666092458372354,4882540142183391905,131072 /prefetch:8
          2⤵
            PID:1436
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1636 --field-trial-handle=1212,i,13694666092458372354,4882540142183391905,131072 /prefetch:8
            2⤵
              PID:2956
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2212 --field-trial-handle=1212,i,13694666092458372354,4882540142183391905,131072 /prefetch:1
              2⤵
                PID:484
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2228 --field-trial-handle=1212,i,13694666092458372354,4882540142183391905,131072 /prefetch:1
                2⤵
                  PID:2532
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1412 --field-trial-handle=1212,i,13694666092458372354,4882540142183391905,131072 /prefetch:2
                  2⤵
                    PID:408
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2504 --field-trial-handle=1212,i,13694666092458372354,4882540142183391905,131072 /prefetch:1
                    2⤵
                      PID:1872
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3644 --field-trial-handle=1212,i,13694666092458372354,4882540142183391905,131072 /prefetch:8
                      2⤵
                        PID:1684
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3736 --field-trial-handle=1212,i,13694666092458372354,4882540142183391905,131072 /prefetch:8
                        2⤵
                          PID:1924
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3656 --field-trial-handle=1212,i,13694666092458372354,4882540142183391905,131072 /prefetch:8
                          2⤵
                            PID:824
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=716 --field-trial-handle=1212,i,13694666092458372354,4882540142183391905,131072 /prefetch:1
                            2⤵
                              PID:2796
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2412 --field-trial-handle=1212,i,13694666092458372354,4882540142183391905,131072 /prefetch:1
                              2⤵
                                PID:596
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2284 --field-trial-handle=1212,i,13694666092458372354,4882540142183391905,131072 /prefetch:1
                                2⤵
                                  PID:1488
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=804 --field-trial-handle=1212,i,13694666092458372354,4882540142183391905,131072 /prefetch:1
                                  2⤵
                                    PID:1344
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3432 --field-trial-handle=1212,i,13694666092458372354,4882540142183391905,131072 /prefetch:1
                                    2⤵
                                      PID:3044
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2324 --field-trial-handle=1212,i,13694666092458372354,4882540142183391905,131072 /prefetch:1
                                      2⤵
                                        PID:2884
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3400 --field-trial-handle=1212,i,13694666092458372354,4882540142183391905,131072 /prefetch:1
                                        2⤵
                                          PID:2392
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3728 --field-trial-handle=1212,i,13694666092458372354,4882540142183391905,131072 /prefetch:1
                                          2⤵
                                            PID:2396
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3908 --field-trial-handle=1212,i,13694666092458372354,4882540142183391905,131072 /prefetch:1
                                            2⤵
                                              PID:1060
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1428 --field-trial-handle=1212,i,13694666092458372354,4882540142183391905,131072 /prefetch:8
                                              2⤵
                                                PID:2904
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=2280 --field-trial-handle=1212,i,13694666092458372354,4882540142183391905,131072 /prefetch:1
                                                2⤵
                                                  PID:2292
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3904 --field-trial-handle=1212,i,13694666092458372354,4882540142183391905,131072 /prefetch:8
                                                  2⤵
                                                    PID:1652
                                                • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                                  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                                  1⤵
                                                    PID:1664
                                                  • C:\Windows\system32\AUDIODG.EXE
                                                    C:\Windows\system32\AUDIODG.EXE 0x4f0
                                                    1⤵
                                                      PID:1032

                                                    Network

                                                    MITRE ATT&CK Enterprise v15

                                                    Replay Monitor

                                                    Loading Replay Monitor...

                                                    Downloads

                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\reports\12e2e44d-8176-4abf-999d-7312e904ab04.dmp

                                                      Filesize

                                                      524KB

                                                      MD5

                                                      6c4da52aaaf2435f45bb504e62785cc9

                                                      SHA1

                                                      3fe003b9febf66e435335779dc6801177c5b6cec

                                                      SHA256

                                                      57bbdf23d58fdb5706f6f65d1a42ac6d1da310729b0e6941556dfde788034ece

                                                      SHA512

                                                      a237475cfd8bb60d0704860f273f5e4523c9ee841627c132643c96568b45ab3b39b6c293b10eabde1416520883b3e32c6364abb4abb4effc108e955bfb236d09

                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

                                                      Filesize

                                                      40B

                                                      MD5

                                                      ba9989410d716a22402772f7579c497b

                                                      SHA1

                                                      e382fd8a875080e0bc8d207a7714f1bb80e49166

                                                      SHA256

                                                      44b5004d498de3043d1f4775bdbeecf54135c83125021a3e68fcded07299936b

                                                      SHA512

                                                      bc9b14c99089e450cae307b7439b4624265925eeee20a89bf6dc13a9e6f4a54ab242d095d0549cbffa3cd88ea622eb1ea9d6ad9154a3b75a09448aabae4c1c5b

                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

                                                      Filesize

                                                      212KB

                                                      MD5

                                                      08ec57068db9971e917b9046f90d0e49

                                                      SHA1

                                                      28b80d73a861f88735d89e301fa98f2ae502e94b

                                                      SHA256

                                                      7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

                                                      SHA512

                                                      b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

                                                      Filesize

                                                      39KB

                                                      MD5

                                                      2dc5559e67a8bc070c55a8250dac20cc

                                                      SHA1

                                                      43e13198bd38c36de3eb0ffce3204cf0ccee0fcc

                                                      SHA256

                                                      94aa6db95be36e718c37572c20dcfda20ae7b9c84c5036f2c53937478f7dac95

                                                      SHA512

                                                      95980061abd9f103a9f3a4ccd489c7b7d9ca4ce16bed43a70341e327aed029c6b7c436a7dc58e8cf8524a58d05f04389f24f55296bc7d75ef685921c70d81472

                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                      Filesize

                                                      168B

                                                      MD5

                                                      ccab8fca359ee8afe98adb06d931a5c3

                                                      SHA1

                                                      9c83963d7801540d0b21fe90aea96bfca52deeb8

                                                      SHA256

                                                      be438279a9e0603add7aeefb939122fb8d13de1e494a4ffb36c4a6befcdd5cf7

                                                      SHA512

                                                      e27caf5f404fead940a8b396f38869ea7538abf5e5dba040610fdd3a49d9d12f98df21ccff2a6ff9bb0cc605e3884f19ea7e19df8ce7f9eebca503d3f677e442

                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                      Filesize

                                                      168B

                                                      MD5

                                                      3f18181df9032f9e3c55916ee85d7c73

                                                      SHA1

                                                      517028752c8a10912f513c3df2bd46b36a88f0d8

                                                      SHA256

                                                      cb22e55ed7abc2580a293860794c6936eca8a0c4aae9bc1514e8f3c94de83ad0

                                                      SHA512

                                                      8f7e4c5ba9b6cabdf764555011dfd0d40661de777d8fc09039dca5d4248b4592cebce6a751d5f49f7beff57874c7448190abc0d41092968010f2986527095f06

                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                      Filesize

                                                      168B

                                                      MD5

                                                      a7c022ad6e3d9d2828b28cb60e877409

                                                      SHA1

                                                      992083f7db55d08acb5d21bc16b4b864d5a7081a

                                                      SHA256

                                                      b34af2d0c3638f09820d303038b611bffbc6f62d1392dd04252713507678ace3

                                                      SHA512

                                                      3691e54a4e1fdde81ffe2c4b38b6e39c8e1d954e1de83d9f372d1364ce9766b151ff4636de5febbc5c57ef3d2182866cf19af5954bec7e8a678b091a18b281af

                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

                                                      Filesize

                                                      264KB

                                                      MD5

                                                      f50f89a0a91564d0b8a211f8921aa7de

                                                      SHA1

                                                      112403a17dd69d5b9018b8cede023cb3b54eab7d

                                                      SHA256

                                                      b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                                      SHA512

                                                      bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                      Filesize

                                                      1KB

                                                      MD5

                                                      0a020568f5567af2c39c4b5bc526c683

                                                      SHA1

                                                      040908f8b4da87849feb0737f088cdb1b98a8c5d

                                                      SHA256

                                                      fa52530df50f2cf3a007cf602d07994f4d98f238fde6b1cac4ff214edc08277d

                                                      SHA512

                                                      1da30271f30615e0426f2d5fb445d126206307b17c0a7aeaa19728ff5e411f506304185ad042a9334eb7cf37dd1820381ab7dc3c91ee42cb6b909277abb1d368

                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                      Filesize

                                                      2KB

                                                      MD5

                                                      5c901535dd970ff0ecca38dff060d307

                                                      SHA1

                                                      f76f964cf0b020bd18dd6ddd81ffd9d4edc7906a

                                                      SHA256

                                                      f8b85abbe39f507af0eff00a0ca75252b5c585a11923915106fecc6078ef024b

                                                      SHA512

                                                      9f11ccd2426546cfaa397a3d3c2fe7c288f33f596f843d76515ec505b942dc8ff691c11ce3abd2cc576df47466b1d966c32d5f5210caa50d86206cad8717b5ea

                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                      Filesize

                                                      2KB

                                                      MD5

                                                      ccb94eb007134491cd8e1454f4e0d3ed

                                                      SHA1

                                                      8c6b283a24191f7d270c1f094081eadcc9d38a73

                                                      SHA256

                                                      8747c34ce001f6f516c50104b95bb46f8eef64880943461c61eda54dae019f9e

                                                      SHA512

                                                      feffc2fad2f6db22ebc925c870a2863a339366ce3e5fed8333c1fd13a7d3f1f5348d514ae00b58b29f88eabd194cf9e030babeb69d25f72ae675b1db0bd56f76

                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                      Filesize

                                                      1KB

                                                      MD5

                                                      c04e6f747bec8692d40b37e93307ecfc

                                                      SHA1

                                                      7f92fa862e52db8ddb7e3b5389ec4be97e5af7e1

                                                      SHA256

                                                      6bd152c2396d315a66275df6dded38134269ccf37b3a3c1ed1eb4ef5a919b337

                                                      SHA512

                                                      1793e279ae0bc680b0812c62e4741de5c31a15d56d9eb9fc9bda9529d784973fe036407c83955774c856560be2029a954e157876550f1de45ff719f14b430835

                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                      Filesize

                                                      363B

                                                      MD5

                                                      8751b6e295763f33515b920f38119c4d

                                                      SHA1

                                                      f243d309459c04403dc102632b0061b876796c38

                                                      SHA256

                                                      bd85d7b4695a91f8c235963d1cd4bb65fde7362fca1b78e17db8474eca2bf3cd

                                                      SHA512

                                                      47204d81b65752f6d76317d5b814efeab711c4cee815e0f986aeddf31e1d9befb87d8488ed80251c0c150e4385e582b3746d703d6d8e1f310d2e6c9d4d69adf5

                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                      Filesize

                                                      363B

                                                      MD5

                                                      f68344745a9075baad77a5d7729deb04

                                                      SHA1

                                                      1e622ad8a6f6429f45fc7d1da8c3cda63a012077

                                                      SHA256

                                                      3b503c9b105080573595a68eea04d3bee5469b82835887960eb516c2eb054b7f

                                                      SHA512

                                                      45fb8f2168651f0928ca576109fc99dcc0f6c7a48bb1fddc48dbc082791498d1e0c9d7bb0d87d2486b53227ab1dae610930cb203c6b6892a5f190577775a711b

                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                      Filesize

                                                      363B

                                                      MD5

                                                      58e4ddea85f02b9326298862b64bae13

                                                      SHA1

                                                      2c1d76c384e48c7d7a89d29bbee4552dc029d6e1

                                                      SHA256

                                                      b3dfe65c1e086f62a60cc1cf0d495b1e750703671a2b629253b798994ceaa448

                                                      SHA512

                                                      82b3073623cd97446a686c6029a4fb7f0a6b5f687590ea7b840d3c5da105b132dd1cd6fbd2961db297b950d00515b2245f84588f0458162bb8c2d47e01638277

                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                      Filesize

                                                      5KB

                                                      MD5

                                                      f79ae9b9c04b4c9cd10ca1579feb0f91

                                                      SHA1

                                                      713edf11dfc54cc147603b5e6546998e65a0c1cb

                                                      SHA256

                                                      8fff52b9750f827e7292b0f160c008f7447702a6cdd8de4674aa9c8878ec2bbc

                                                      SHA512

                                                      f1af5dea768216bc2fba6bbe9682a60bf8073e0fb67fc5a3d98d07dc2a3af73a393bcc4ebf97031d0f10f80d39b70ad8ec52a58563574bb54bbeb5dabed82be0

                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                      Filesize

                                                      6KB

                                                      MD5

                                                      a7b905f6ab7bfb8b8d7ae4221e113729

                                                      SHA1

                                                      4cc2402edcf6d41dfa6ff6c8ad66750ed0940977

                                                      SHA256

                                                      b8d33f51379d8533d4f6fb51ff81fff36069430a9b3069a8baffc372cdafd08a

                                                      SHA512

                                                      2c84ec5950fb291a0209db508499cf8aa88ce9d14d85374467649cde77e80f866312ca665634264faa00b76baa10dc0ed29e0d9ac68debb1e5a24669d7869533

                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                      Filesize

                                                      6KB

                                                      MD5

                                                      18ecf99d2b61567828c7b82bb4e2adef

                                                      SHA1

                                                      2c81d7e5830645cbab7185296925579a59268f04

                                                      SHA256

                                                      22948e63bfe1265cb070f8560b3f06393f84b170cde46ba8bc3e221a7bdc1886

                                                      SHA512

                                                      1a362d216670b6dedbbe27c1b364e7dc0c2ccc16fa11922b177e2c1ee59c3385c43efc775246528ffb43c35e4888ddd3159a93de778187265c764c08f9bfad9b

                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                      Filesize

                                                      6KB

                                                      MD5

                                                      f3cf539330b9a2ff036e162dbe3d175e

                                                      SHA1

                                                      43a5964c283adf4cbec9868a7f98ec2aad0fce28

                                                      SHA256

                                                      734608236825d00f7c75a301f5e69bcef88552eec0458772e2f05e07b9c6a2a9

                                                      SHA512

                                                      3dec9503395e99eb7453a3e961600a430cd51d7714f18b5a02be5fcb2647edada9e8ed58ebfe804d765bbdf155745a94f12c5d12550ad41556bbb1ba5e904014

                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                      Filesize

                                                      6KB

                                                      MD5

                                                      9334e64b6eb413e0eb21a242813291f9

                                                      SHA1

                                                      c2862daccbf59651ea50fc6a922f06fe6ba9301e

                                                      SHA256

                                                      a5b3e8da6d526d2073aa0328308580f1eacf16309a77bca3abf81fea410256a3

                                                      SHA512

                                                      6a8dfe39ee216eec0a26aafa075d317184d77632f5de06573aae224afa33522bc075976a39cc721c09e9b066d0d380c255e10cca7150bb169d031609e9e7e84b

                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                      Filesize

                                                      5KB

                                                      MD5

                                                      0e2e6565c3c9bc3038a40c2d25113be0

                                                      SHA1

                                                      40ea3de125e0a90ab4172522d155e34bdf61e74f

                                                      SHA256

                                                      185c1e904ac66ff2197665f36b00428cc3d43c94b1bc0340e4d12b2f906289c0

                                                      SHA512

                                                      693cde2da2f18913a01ab54756d53684a35e0f3466c37f3e6957022b4adbf31930674bcc25eba776a6cd7b27b30bf0a1062c7dd576c72ab75edfe70a56b1e05b

                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

                                                      Filesize

                                                      16B

                                                      MD5

                                                      18e723571b00fb1694a3bad6c78e4054

                                                      SHA1

                                                      afcc0ef32d46fe59e0483f9a3c891d3034d12f32

                                                      SHA256

                                                      8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

                                                      SHA512

                                                      43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d9d45ad0-47e2-4a8e-b8ac-cf912ad8093f.tmp

                                                      Filesize

                                                      7KB

                                                      MD5

                                                      eac7c64a373713fce1c48543a7acdc50

                                                      SHA1

                                                      9506f7a0e82383ebd402c0d87988417a4d0dac82

                                                      SHA256

                                                      3b77dd1eb7ca294a702298bdaef67d60d1eb83da218de5a48462d02f8f07cb1c

                                                      SHA512

                                                      f2e3223aa699967fbb84a4da7ad9eae99fea379481c018c4027d3be542978e2ff383a66c5b6a3d4b7b366db5e4da05cae5ed1b9af93ef8e26b7042f79ebf988d

                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                      Filesize

                                                      335KB

                                                      MD5

                                                      491281e6bafdb43c621e6b2d17a1eb33

                                                      SHA1

                                                      6885bede772e6b1004de1c5b8c0ef6c859ac72a5

                                                      SHA256

                                                      a43c0afcea52957e114d4084a0a623411b63fb190e0e1fa3d79e01a9310d3291

                                                      SHA512

                                                      1f1458325defcc8f4f41f2fe746a22c33be6a732ba18fdce9a19962f6ba5acae75300c14bb70586dd7b3c473417e5a80d37cb49b507896a71dbb80a4ea8eede0

                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                      Filesize

                                                      393KB

                                                      MD5

                                                      f03096867e5fc01d91b4dcb26c31650a

                                                      SHA1

                                                      82a77ee2c975a219721fe0c6cc5ef20aa3bf6961

                                                      SHA256

                                                      451aa15cd5a7ff1e492f95b084a7906f3c45c8e8a5ddac411ce55db9b69c6620

                                                      SHA512

                                                      06caf1c522cb809eb16a0ce06fad38121c7adbe97d02f6c1af2b975ec40486f03a01d2d6863e995198af93bffcfcee1de7e70c8cecb1f8417d1e08540cf1eb42

                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\cdf06666-7e35-4442-8bc9-82948dc7f559.tmp

                                                      Filesize

                                                      341KB

                                                      MD5

                                                      002e275aa56845a592113b9d7ced5275

                                                      SHA1

                                                      904c2aa9cf5272966cc7c9b34ed0b5a6e3c52824

                                                      SHA256

                                                      7b31514eb463eed60f2ba8c80a4b8f6181d9a3717beb6e45624b13f1333dbd11

                                                      SHA512

                                                      222361c0b75435a52014a7d20add442a14cf7efde0059a96e1c603b1d34cc45d48056f4b30048aa1de837c0a8c59a625b0a0c96895d8f795d25347abc78709b7

                                                    • C:\Users\Admin\AppData\Local\Temp\tdh.dll

                                                      Filesize

                                                      20KB

                                                      MD5

                                                      1dafb2cf34f35d5814c11c4c7c97aad8

                                                      SHA1

                                                      3f49bcb442c672bda015eebc1e1e6ca8584b2c01

                                                      SHA256

                                                      a6ab79699435b6f5879e540cb754be7a637e7b878b3decd87a6a9445f81ae6d6

                                                      SHA512

                                                      c8c0b1529aae25a95b053f82724ac1b60e4a1ab3493187691aab8a46c93414379222c06de238b7f351bd062ab7aa8a03e5d5b2122a0d9b1b30712501b6780365

                                                    • \Users\Admin\AppData\Local\Temp\nsoE85E.tmp\System.dll

                                                      Filesize

                                                      11KB

                                                      MD5

                                                      fccff8cb7a1067e23fd2e2b63971a8e1

                                                      SHA1

                                                      30e2a9e137c1223a78a0f7b0bf96a1c361976d91

                                                      SHA256

                                                      6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e

                                                      SHA512

                                                      f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c

                                                    • memory/2508-110-0x0000000074620000-0x0000000074D0E000-memory.dmp

                                                      Filesize

                                                      6.9MB

                                                    • memory/2508-102-0x0000000074620000-0x0000000074D0E000-memory.dmp

                                                      Filesize

                                                      6.9MB

                                                    • memory/2508-101-0x0000000074620000-0x0000000074D0E000-memory.dmp

                                                      Filesize

                                                      6.9MB

                                                    • memory/2508-100-0x0000000002000000-0x000000000203C000-memory.dmp

                                                      Filesize

                                                      240KB

                                                    • memory/2508-99-0x000000007462E000-0x000000007462F000-memory.dmp

                                                      Filesize

                                                      4KB

                                                    • memory/2508-98-0x0000000000400000-0x000000000044B000-memory.dmp

                                                      Filesize

                                                      300KB

                                                    • memory/2508-96-0x0000000000400000-0x000000000044B000-memory.dmp

                                                      Filesize

                                                      300KB

                                                    • memory/2508-103-0x0000000074620000-0x0000000074D0E000-memory.dmp

                                                      Filesize

                                                      6.9MB

                                                    • memory/2508-108-0x0000000074620000-0x0000000074D0E000-memory.dmp

                                                      Filesize

                                                      6.9MB

                                                    • memory/2508-109-0x000000007462E000-0x000000007462F000-memory.dmp

                                                      Filesize

                                                      4KB

                                                    • memory/2508-112-0x0000000074620000-0x0000000074D0E000-memory.dmp

                                                      Filesize

                                                      6.9MB

                                                    • memory/2508-111-0x0000000000400000-0x000000000044B000-memory.dmp

                                                      Filesize

                                                      300KB

                                                    • memory/2636-15-0x0000000010005000-0x0000000010007000-memory.dmp

                                                      Filesize

                                                      8KB