734403a96fad68cb2ef2b340adddd9cadd5894007aac703dcdb4a4cb8326c538

max time kernel
516s
max time network
525s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
15-09-2024 23:02

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

eeeeeeeeeeeeee.zip
Size

82.4MB
MD5

bf78359f6f126b4216ace9edf63f1b39
SHA1

d59846e938348f7a3c48b6cc304545a6ed87816c
SHA256

734403a96fad68cb2ef2b340adddd9cadd5894007aac703dcdb4a4cb8326c538
SHA512

1fc2cdccf5dd6956896d1d90e0cbdf20e02b2586b59736921de9811dafec9c6ffeeb5082a56b3dd4a13283b7a08163cbea5576bd869f7b841a801b2962ef3dfa
SSDEEP

1572864:WuWJiEjJ5HXL3sPp12Elt9J/oQnQbz0Tipr4mUOzOgwLNL+mTdmOyd:W1Ji+HXL3sPyC9RoFwid4qnwZCmTdm3d

Score

8^/10

discovery evasion ransomware

Malware Config

Signatures

Disables Task Manager via registry modification
evasion

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\H:	[email protected]
File opened (read-only)	\??\Y:	[email protected]
File opened (read-only)	\??\B:	[email protected]
File opened (read-only)	\??\G:	[email protected]
File opened (read-only)	\??\O:	[email protected]
File opened (read-only)	\??\P:	[email protected]
File opened (read-only)	\??\Q:	[email protected]
File opened (read-only)	\??\S:	[email protected]
File opened (read-only)	\??\Z:	[email protected]
File opened (read-only)	\??\J:	[email protected]
File opened (read-only)	\??\L:	[email protected]
File opened (read-only)	\??\I:	[email protected]
File opened (read-only)	\??\K:	[email protected]
File opened (read-only)	\??\T:	[email protected]
File opened (read-only)	\??\V:	[email protected]
File opened (read-only)	\??\W:	[email protected]
File opened (read-only)	\??\X:	[email protected]
File opened (read-only)	\??\A:	[email protected]
File opened (read-only)	\??\E:	[email protected]
File opened (read-only)	\??\R:	[email protected]
File opened (read-only)	\??\U:	[email protected]
File opened (read-only)	\??\M:	[email protected]
File opened (read-only)	\??\N:	[email protected]

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000\Control Panel\Desktop\Wallpaper	[email protected]

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WMIC.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WMIC.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 2 IoCs

evasion

pid	Process
1776	taskkill.exe
4552	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133709151193128621"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\0\0\0\MRUListEx = ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 02000000030000000000000001000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\MRUListEx = ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3\NodeSlot = "11"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\0\0\MRUListEx = ffffffff	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\Shell\SniffedFolderType = "Generic"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\0\MRUListEx = 00000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\0\0\0\NodeSlot = "16"	chrome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\icon.ico"	[email protected]
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\0\0 = 66003100000000002f59a5b810004d414c5741527e3100004e0009000400efbe2f59a5b82f59a5b82e0000009b06000000000300000000000000000000000000000056c511004d0061006c0077006100720065005f007000610063006b005f003200000018000000	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile	[email protected]
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\Shell	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\MRUListEx = 00000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202020202020202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202020202020202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\0\0\NodeSlot = "15"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\DefaultIcon	[email protected]
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
660	chrome.exe
660	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4748	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe

Suspicious use of SendNotifyMessage 14 IoCs

pid	Process
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
4748	chrome.exe
2632	[email protected]
2632	[email protected]

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 660 wrote to memory of 1872	660	chrome.exe	85
PID 660 wrote to memory of 1872	660	chrome.exe	85
PID 660 wrote to memory of 1780	660	chrome.exe	86
PID 660 wrote to memory of 1780	660	chrome.exe	86
PID 660 wrote to memory of 1780	660	chrome.exe	86
PID 660 wrote to memory of 1780	660	chrome.exe	86
PID 660 wrote to memory of 1780	660	chrome.exe	86
PID 660 wrote to memory of 1780	660	chrome.exe	86
PID 660 wrote to memory of 1780	660	chrome.exe	86
PID 660 wrote to memory of 1780	660	chrome.exe	86
PID 660 wrote to memory of 1780	660	chrome.exe	86
PID 660 wrote to memory of 1780	660	chrome.exe	86
PID 660 wrote to memory of 1780	660	chrome.exe	86
PID 660 wrote to memory of 1780	660	chrome.exe	86
PID 660 wrote to memory of 1780	660	chrome.exe	86
PID 660 wrote to memory of 1780	660	chrome.exe	86
PID 660 wrote to memory of 1780	660	chrome.exe	86
PID 660 wrote to memory of 1780	660	chrome.exe	86
PID 660 wrote to memory of 1780	660	chrome.exe	86
PID 660 wrote to memory of 1780	660	chrome.exe	86
PID 660 wrote to memory of 1780	660	chrome.exe	86
PID 660 wrote to memory of 1780	660	chrome.exe	86
PID 660 wrote to memory of 1780	660	chrome.exe	86
PID 660 wrote to memory of 1780	660	chrome.exe	86
PID 660 wrote to memory of 1780	660	chrome.exe	86
PID 660 wrote to memory of 1780	660	chrome.exe	86
PID 660 wrote to memory of 1780	660	chrome.exe	86
PID 660 wrote to memory of 1780	660	chrome.exe	86
PID 660 wrote to memory of 1780	660	chrome.exe	86
PID 660 wrote to memory of 1780	660	chrome.exe	86
PID 660 wrote to memory of 1780	660	chrome.exe	86
PID 660 wrote to memory of 1780	660	chrome.exe	86
PID 660 wrote to memory of 4612	660	chrome.exe	87
PID 660 wrote to memory of 4612	660	chrome.exe	87
PID 660 wrote to memory of 4876	660	chrome.exe	88
PID 660 wrote to memory of 4876	660	chrome.exe	88
PID 660 wrote to memory of 4876	660	chrome.exe	88
PID 660 wrote to memory of 4876	660	chrome.exe	88
PID 660 wrote to memory of 4876	660	chrome.exe	88
PID 660 wrote to memory of 4876	660	chrome.exe	88
PID 660 wrote to memory of 4876	660	chrome.exe	88
PID 660 wrote to memory of 4876	660	chrome.exe	88
PID 660 wrote to memory of 4876	660	chrome.exe	88
PID 660 wrote to memory of 4876	660	chrome.exe	88
PID 660 wrote to memory of 4876	660	chrome.exe	88
PID 660 wrote to memory of 4876	660	chrome.exe	88
PID 660 wrote to memory of 4876	660	chrome.exe	88
PID 660 wrote to memory of 4876	660	chrome.exe	88
PID 660 wrote to memory of 4876	660	chrome.exe	88
PID 660 wrote to memory of 4876	660	chrome.exe	88
PID 660 wrote to memory of 4876	660	chrome.exe	88
PID 660 wrote to memory of 4876	660	chrome.exe	88
PID 660 wrote to memory of 4876	660	chrome.exe	88
PID 660 wrote to memory of 4876	660	chrome.exe	88
PID 660 wrote to memory of 4876	660	chrome.exe	88
PID 660 wrote to memory of 4876	660	chrome.exe	88
PID 660 wrote to memory of 4876	660	chrome.exe	88
PID 660 wrote to memory of 4876	660	chrome.exe	88
PID 660 wrote to memory of 4876	660	chrome.exe	88
PID 660 wrote to memory of 4876	660	chrome.exe	88
PID 660 wrote to memory of 4876	660	chrome.exe	88
PID 660 wrote to memory of 4876	660	chrome.exe	88
PID 660 wrote to memory of 4876	660	chrome.exe	88
PID 660 wrote to memory of 4876	660	chrome.exe	88

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee.zip
1⤵
PID:1608

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2296

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdbc1dcc40,0x7ffdbc1dcc4c,0x7ffdbc1dcc58
  2⤵
  PID:1872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1760,i,12917728117534409906,16153227094532142982,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1752 /prefetch:2
  2⤵
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1888,i,12917728117534409906,16153227094532142982,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2104 /prefetch:3
  2⤵
  PID:4612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2176,i,12917728117534409906,16153227094532142982,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2148 /prefetch:8
  2⤵
  PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,12917728117534409906,16153227094532142982,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3128 /prefetch:1
  2⤵
  PID:3144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3228,i,12917728117534409906,16153227094532142982,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:4216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4488,i,12917728117534409906,16153227094532142982,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3636 /prefetch:1
  2⤵
  PID:3232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4836,i,12917728117534409906,16153227094532142982,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4860 /prefetch:8
  2⤵
  PID:2452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4888,i,12917728117534409906,16153227094532142982,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3084 /prefetch:8
  2⤵
  PID:2412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4420,i,12917728117534409906,16153227094532142982,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4864 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4364,i,12917728117534409906,16153227094532142982,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5048,i,12917728117534409906,16153227094532142982,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4768 /prefetch:8
  2⤵
  PID:4044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4624,i,12917728117534409906,16153227094532142982,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4496 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:4748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5056,i,12917728117534409906,16153227094532142982,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3332 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2768

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2848

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2780

C:\Users\Admin\Desktop\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\000\[email protected]
"C:\Users\Admin\Desktop\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\000\[email protected]"
1⤵
- Enumerates connected drives
- Sets desktop wallpaper using registry
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2632
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\windl.bat""
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2172
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    PID:1776
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im taskmgr.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    PID:4552
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic useraccount where name='Admin' set FullName='UR NEXT'
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3764
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic useraccount where name='Admin' rename 'UR NEXT'
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1736
- - C:\Windows\SysWOW64\shutdown.exe
    shutdown /f /r /t 0
    3⤵
    PID:4000

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3a2b055 /state1:0x41c64e6d
1⤵
PID:2332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\115f12b2-d011-4a1d-9372-62e5306b9ce0.tmp

Filesize
10KB

MD5
af4318310aa3148292ea02595431e984

SHA1
8e5d5b34d4d7f1f4661be13b70ea860e4e5d52b0

SHA256
fe7e2baaeb0a823e154c14fdd96fb5b79bec07b038249749f4defc77f087ee4f

SHA512
76d835681407e5a33ee2faa8e603d098528f7dcc0284db879eeb89b4d19d88aea4d0ee85b770f25e594b7b3787433dc6d862d2b2f94628e90ae4c8207960cebc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
1b34c6f396567bdabc793aae804455e2

SHA1
67a4c392ce124fdc9e9b967ca6e83020ecb6f48a

SHA256
5c4fa06bdb755eaf2cbd83eb8f975a2672098ac0e7afc575a9da46b7307aeafe

SHA512
b8908a718c6db06b459309ec4a8f3c4ad7761224cddf3f3fe60925099e5b69a4d174ef16ad98204e8497706c10464cf8bd5b17f4cf1b74b611f3fd6b6315b058

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
6410ba4e239f21e3b39467e3ff85b8b9

SHA1
ba3a94f2f306a6a55f7c4af9fbd1d9c9b0e76cee

SHA256
861b9e7d77868bf8b4883b4a8cb8498c3c262f2c9c36008cbb588963250da0d4

SHA512
00d944190656979aec3fc0747ff02ba510db84a9eb92db830e31b9758f9c7b4e07f18871379f7e391c0a41e4ec719e24a1ce223dce1568a34f31199ae315408a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
e23f2bbb8a650c8e95cb30ffb80d6c00

SHA1
ac5ee1aae308be06509023c0495fbad590fe52f5

SHA256
f9c0f598123608b4387eb973a7321770eb765a08140daed6ba8bf6e4e4c1821d

SHA512
64fa5099371ec020ccec9f38e221575b5ffde9b0b0d74b4f0006b432bc7614b16353d76be9ef52400bc6486ebe6f409cc961e80849b5854135ee681e9a7b2c16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
f758e2087b2a20501cb84dd349e382c4

SHA1
0281d51ea5c29e3bc3e859558f8d56e2731249ff

SHA256
dbc1f37ccdca62d33e95f4a842f0c012f327d4e9bf59697a4fbf5ae16901280d

SHA512
56bc2e991ce9b247ccf465efbb78e1e1ce79e6e14146b58e4468746f0ec2f3dc433cbf87785fa9a8f805ee242a19f76b46474149752c7faae083e7412abfcc56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
353fda60007e5c9f094e4a015687c121

SHA1
1efb501206d02c3ea37e35bf16d1cb8e20df3436

SHA256
11b9f4ba699d1f0095a3b65ff62d7a94564b244543d377e8b07513808bea3aba

SHA512
735a2cf7cbeb2071188354f2716adede9c37e3c4ec37426be11895f260e346ed9b3c2418d9296340d8b999c3638f788d2f9d429aa69802556c1c24f16f70313e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
80896937438b6a7b1930bfd5520ba191

SHA1
80492faa57a6c91c670aca1b0ea7bdf70004fe92

SHA256
2d4c7b10e12d8f5ccbb23176fc80ff9a50d510d85cd797e20d561df7d7ab1e46

SHA512
4a0bffc6b27add5b7176e4d2c6c33b292c636fc597c61202309091d3645fe9f1c2a9c7ff9751ea82735bd515928525a6d2876adbd2bc152b0bb207225aae0feb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
746cecbf9321854732f92f16e902f756

SHA1
aa3320d8448c3886257e8b60e8b618a8c1f7febd

SHA256
95f1c94f0f0455ee23e61daada0cd8cc665b2c965385f7bd4cc3a47a45644fe8

SHA512
5c424a5b5433176406b7d6c56f72bc1f74064823c1032b95971ffb04b031ef9a32810e5f0a9d8e25c3c807db4cf047fcc7eca12823dfc1ab10ff020471e6c1d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
de6ac8af1759f2a2407d73c71ab82171

SHA1
bed144cda34a28b3f24a4e835b52c39c604dea10

SHA256
7febe5b679ebf77a902271dc24208f884aaeed0784117f86487898b99b824131

SHA512
09490cc12816ba710a7f652a61a03c0c28a1f2b35fbdef12cd1ce66bb3a56dd55093c05863a2ded5d99db5877522981ad866f7d902b5fc66967e7550ae3c654b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c7fadab9a064002b941986060ec3bd7f

SHA1
872ab071986ef89240c09110be312bfc9db8c790

SHA256
911378ed45031b953a46807b4770e0a26be3584e875e60a365738fd138635420

SHA512
d0e67d10ec8e48c77755d5fa3a75c3ef99acd1c0ab6c699f4d9ba310fdbbff6d548a4c0479712a0fcc4bd0be5ca093293bb18b5c229ff2268c07ea357f3f718c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
52783dceec448365d092b79e76ef8f53

SHA1
9fe90e995d6a7632dfea6b7b90356388f562a730

SHA256
6f14a1a0ead0041a45e2486b1a381325991c797fb7f6fb5e7e87225119717c35

SHA512
07dcf07f84503bbf7cf62006c27f21d84700c7195e679c35d69ab55e5479248de019069f79cda41083aed7038660e41866b7807f32d9dec74d8a93d5c7a58b02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bb4cb129029f138d17bb562d30e14ead

SHA1
5638d75d5ba4a5e3c3f7726a13bd8c3327460006

SHA256
77389107a0958831ab5d8ae0e809720d015880f43a0e425ee7383a9ff39bda45

SHA512
c4e9e04d3025804fe5fd6989aab2ddbdbf672442539ebb7e5bed865f3a0fe5d116877cc272b6fd555b8c8466a901c38a1de62307410b97d3c14b610cdc5268e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6c42b64a5a4b7f8e5900ddf3bfaa246a

SHA1
d222557ad70631f2cd813791b04837140f7d3611

SHA256
2f80ccd524a09858c3d9348aa215ac8b308c92211688be5bbd64f4c2e7721698

SHA512
1c9674cdd45e10e11102627b17f5d474725328c889c8334a183e61e8854f24eaaf059131d7a74b10f5502702b2ee224f03b614275b0d1802609683d59c790d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e13d48cd2f1d2387d14f21a5d5069ee7

SHA1
f014c25ad7a31ab5e840d6000f58af794aee7b00

SHA256
c02225e6e16e2eccea77f6b7f46dfa959733245ff90543e4934281f31db068dd

SHA512
d2b0bf3eb9457a24bd52b5d2cd0026deeae94b7dafc85d3b06d9963eeaba456586f9dddf62f31712328562722a41c75e078e13f4bc868a64b8fc11c2a86007eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1c600e5941e5f2966f15d48ad84d8dde

SHA1
e489d565323408250efe5583182e2f2e070f33eb

SHA256
88a22343bf2c23bbc96c5fa7fac0a1e582eeb69c869c419c7f10dcab5aea9724

SHA512
83d0e40f0b692877b9a95395bb466ad21003f6677df86cb41f1cc1a9fa4e323ead40f54cbb1b883b869692edb12cea66cb6357d4fa2609d008f21e241ccf4a6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c952547407444d676c9a87270be12809

SHA1
34f5672e2c70f89502610fc5143c28bf396c9ecf

SHA256
a021da68b6c34a3975fdbc17f3c4939a556af28e36675095ee4bcb5121b8a11b

SHA512
8144d8506cd9dd5a1ec402b1aef027a84cd9cf40929676050e1bafffa2ba1434085331f678d812ba015d621e677747ee60cb2e5a13f6ba3892c1f9468d07666c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
21b573fa93b08376298bf6f2caf12a9d

SHA1
e0b1694790f9a624ddc9aff3f1514823c3547d78

SHA256
372a40cae31d197e5ff12c798c238ff2ae7b0615fd45f4b441282744301c58ee

SHA512
86e287762d5b3c8a1812250aff7ac6458b0447cb4cf6c61ac699c97219700d1b657e2baac92ca236f5b8057c7225aee2e1c2eb594152c9d2fd0fa47e37cc3f15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d2b677d220f549f2dda30f52848ca22a

SHA1
75d1eec559e9d57c471ab6469c91391158173a36

SHA256
3124de35dedc260c9f2eaee0a4b415a5c953f9d77057f0e8324cada3dbb151c1

SHA512
aae9d795da1a369e7739d2bb381a8d69915060eb034d408acd8966febcecc9acff997fba49b44cea9770b59ea5764b68c069d9f9cf1820cd524cbecaa2a75b77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5d5dfdc2c6446c1ac58432fc8763e085

SHA1
5a289785c30dd42c62c74f7ea426c3ca96b7367e

SHA256
062d7b3fa28021539c5bcfd71c56829f38d192d78537ccef434b24032c1a1eb4

SHA512
1ecf123db3e859ad599fe18fdfe48062151416af5dc971936d289a5645c9f7473b500473eab5def2b81fca75f82a8ddb871c44fb0b7c759858d833774e94b89e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7992f4f5917248d7ffefdcf2b3f7273c

SHA1
9a7ff09c8dbe0c39ea84bb083ac31c85a7faf158

SHA256
3ff0430b4b825e003862c5d43a8730db55af5fcef756f443b954e1a52c0660a7

SHA512
e60938b6bc01b685dbc4017700bfa2e9f5f8f6d56ae68b020a2c6bba774375b9315533be2c98a1f27e56988a91ea29609c735e0d1027a0d06cf1a0294c23216d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d1ec656a54bcf5c08cd943a6215ea69d

SHA1
62752a5858ebd7eb81ae2a3ff3a13d7cad82a1ba

SHA256
802324b908c0489ea1aa8e1b0993b0f8f400d7f8dafe68485e569a60bc24a45e

SHA512
31c303f994e38f7e347b589e63a177248f8d4d66915628ae96f68d507d647457cb591047992dcaa11d86ef9c8ab746114fb24f3a3ce0449d8e5ad894b120a15c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ee52b54c1932ed8e8d04a06247c52681

SHA1
75d6f408b94f82139ad6fa154785bc263d7321b9

SHA256
b39ff11c0b3cc61030acee1aee616dcebc6ea6280cbeff4a1a5f0914148dfb38

SHA512
f4c092a98ea894dd522429c2d5203c5c92e28b26606f0fb4d1b095d004287ee9df43f2c34c7d3db66cc4b27f72c7a5e174ad358e97b2990310aa94d09eb587c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
67d3e6506525e3e2f27bd35b3ccfd839

SHA1
4553b8b4d50e03eb3809e4616efd0bdd017e4326

SHA256
0b414b11b7de02a30b9618b0ce8e7aa975299ff494f26570622091dfa7c39318

SHA512
61087b83b3f9c8260e0c47da96c3e468db366994e6ef0a264212db150285c2009b4f8368d1ec96f3b2939a49e7a45992724f6a0d3419fa2afd4a11983e7d4f02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4d5e9301d7c1a7fb9e8153af3a55a5f4

SHA1
d38b66db6dcfc76e7a9eae67dde0fd58608004bd

SHA256
4fb8f343f5d81e3a4ac891ce08b2630296c34b7a08a92cd0f5b0306339f848b8

SHA512
4bd60d453303b8a6e68096b83b3cc2dff49b2da09814faaba6fab849bbc7e7d19c0189be9f87ba6f5a6391f12699552bffd664ebb0cd6e8ac8457f83cd1b8b2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1c56a7f0e765230f2781b5a98fed7820

SHA1
f17658ce488a56110fea32bc450dad41c7d11649

SHA256
dd98bd34f2be149bc2435b8e77c66adc126bcc78978b400add44dafd66e059c4

SHA512
01bea805f0a0551cc228ae0fb44e6b0097e65d0c0091c3c704712381a9363097bc4a1f21227cf66d88b43639db7161c9c60a445fba1e7fd4be1ca375c72dec88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
060b038971d9beedee84e4281bd1fe4e

SHA1
fb4ad3ba006116e2b5bf4cb3acb386b58d8a7b0e

SHA256
9f9431f5bcea2f697c07c263fb47850b276e960b5f7792957968b3910ac74545

SHA512
a9cdca44cfb9a53ae9260be1a89044a87a392f558b3b595c1fba8dc08f6824608cc793ea9dd1aded11dbc0b09547261c7393db8de9131e5c7a52d8878f77441b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
92f82f93a9dd63c50395cc5ddf997131

SHA1
5f935bd0c89d91d7c4f1e2cb3f0ab90a93d75054

SHA256
03c4353d6fb5fdc005286638727c5d58bae12b6dbbbf2ac1d197c749f4f50899

SHA512
092379f748daa7b960669105d09eebe62f43f3e165edf8c353a54769e1c57508725ba857b79a859474e25e47e4f92755f0178c049df81b447669503259e9e757

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e92f2e20b289808b188db2574b18addc

SHA1
98489885b4e3f405e5c1d1fd6799907661fbd317

SHA256
b7581a2c578be9e6f90644176f3ccf6d2ae24fb11cb5a0c9a2bbf573fe8e4bfc

SHA512
90933409f9d3ea802bb1cddb501d52c61d697540da670d9bd3ea0c65e9e952f2e42ee24ee302a642f763920f648f3bbdd3deb5cfa3216dab20908aeb6009e920

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
316b509483cade954371e42687f33262

SHA1
c6619c13518256afc9dea244edf9fc6bb95d317c

SHA256
1d7c5daa9c34e36ea264d17ce4b40de13e2042e7dd36401458ece17305935201

SHA512
c3801f57bb52cdc8685642ecc0b408d320b5468917bc2693e378debf0ee7b94561b10837efc4193e1debd7d0961eef020eda4b9502d4eb6b2f1813a308aa55bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8c6788690c5be97e1e3372b886f8fd20

SHA1
3d5c3f33cb702fd45fa1ebce853afd327d64b0bb

SHA256
ce5244ccbc677a94f7ec4ed2ad365b4e6f3fa3ea099b836c8fb66ac9d8175261

SHA512
40e944a92a78c7fed59106e4109d179732af18af50783f01ef31bf5cf00b5945cc0eb03a74611ec331e03b878fa229287ef1b042d48f0f596c1cd60f810d3fb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
34118e7dfe0d1dcdcde3fc71d5bb36f3

SHA1
51463c11a965b518862583b7cbc4b0f9313bd3bf

SHA256
d08c5f83614835333bd7974ad951b6966534e62fa8a14656674d98d0d94f73ef

SHA512
6b81d1447eeb42e453ee1c94236c8c28c748f26d30fea07611ba490cdeb9576fef48f981b77dc23c54b1aca4ee0d70323eaf98530bdcb7170521b7b29a2610b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
06958956e863fafb880d54b0d62329df

SHA1
350db43a6851938904e5160fe9c15e54d23b045b

SHA256
3946a6e444ac65d408ed8db5b7d24f6c1f16053c6d5ebc90cdd044931f3326a4

SHA512
9748447c174e23a7cd800404fde8c8e63bc238ce1f1dcc35bf3c50c1a2a30ff1d900d181b634e7b68515292a2f5810c349334f9581cbd101eb16507177c9c818

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
83c8f3afc5fbcfa564052054e50f8def

SHA1
aeefebccc1f6d1fb9378b9b8752bf13dae31bb38

SHA256
7a0c327ba648dcda26bb099f5d85e24c60999aa7d764a0fab2b919f6cf913680

SHA512
af78275f5474b3ca5ed491018f21173712a5d33f15107a785f36d2074168c201b67ba4fe44746d8db38dd0287ce83f782ecb451b321cfdf1289f203be7b7dce1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0dd980c5f42969603fb5680baed7d0e4

SHA1
b997d882942cbe7bd98072fae417bbfb1fc060a0

SHA256
6397e149ddf9b81a4f283971147899fb9ce6ceb8b02d17e0ff78829365da7396

SHA512
a39e2bd1d29559a1e44bddf3f457deb1f2d768f09b9e1c003988a1051fed9145f46d22697dd6cb6880a7bcc2245e84614de7289b177db33004987bd88e017973

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
3c1c530e050e2c5999e7966edeacfdcb

SHA1
d8c0badbb21b1eca0b7c08b52d5912958f1ff8fd

SHA256
ebd66b276fc819ed179d51fbd76141a349d2885a59a48d32985bdcf6b3019bd7

SHA512
5288c63a24e6bcf32e0dbbbda9395fa98227c71fbdb91cca941d02003436377160539b32e9c517fd87634833afaa93465298c21ec9b11c55c0738f86d7dabef3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
30419faf2cbb8760596ab43073e5bae2

SHA1
aa099d7a9c3255f640dfd918fa023c8c3bd692d2

SHA256
183d7abdc268be3870ad03b0bd7b6fdddf1094cc821d78127673b2c22591f014

SHA512
ccdd5472b6c208ce1dd444fca02e16a5b0e50abb8f111d12674d11c97aad1a1ab9e54f1752ec9a88aec723a5b06df83d2fd935539ec7b19a73d8e654b5e36f2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ed142be3-067c-4313-92f4-c92e904bdd7c.tmp

Filesize
10KB

MD5
1782485c842b9093525f922a88951fad

SHA1
d1ad444ed8377a198cd1057cc6afff115ce632dd

SHA256
52bd5d8b3ad01299f5b7147e1b22a3266d52045651ee419265965d3536048eee

SHA512
a052abd1418b329e503dda833cb1d444eab9bfcb99e42bfeb62caf77836a5640915627dab3b9727cb327d185fb2cadb123763ed229465ae5ecd4101f22d1144a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
208KB

MD5
e257b7a019de4a72491b0930f7875a2c

SHA1
010fd95193ea90e40608f7ae7cc70fcfd6d65af2

SHA256
07747790c822820d413204a7d3289f844eadcf06752f79a91b7cfe7f41b38946

SHA512
1a5bfc09b42e6a6db58164f9f06b54515cb551c8408bd11ae6f07b6f19729d106671c46d97f47a31629de447ac5ab2e62e12ac1faf34bc9baf0f0bd63457279d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
208KB

MD5
6af99c6a7b37e9b35c1ea51ad8c4bff5

SHA1
92c5d64bd0707fad44becf8eb14ac5afcb48207d

SHA256
d59b9511eff0852467d59d2094b4a319286ec40c20754942fcdf2d22b1b13f92

SHA512
dca3f0d9f77487e5483426796feb0fbbbd6ad7c8aa1fdf0ddb90bbca198d7c349889e48740a289f4666f48b808441b025043d13a1b103f9be6a7edce8489b5e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
208KB

MD5
4d56682ff9e128cd17c21c0e1663114d

SHA1
b537c60188f1612d804070baf4a77cba41fbff24

SHA256
85a2781a795616cff807e21f7d3ce6fa853a07c48a85dbf1aef090b7da6f4703

SHA512
60d4029da389f3eccab803155a5c3e24bf8415e78ab6f67ddbfce5c8004c466e53aceffbdd9ba010877d5a8b8f9a63cd172df99b2f691bec5b952e7a974ac6eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
896KB

MD5
a195f69f5994676e2aabd2d04ba1c078

SHA1
a698dbb9012169995d28417eb1845f8539411384

SHA256
a59b13b3eb4b4f53724952ff36503acc752a6bd1fc20c87ec15f812f3e0f3da6

SHA512
bd6dff6ee450c9dfd43b700a9d020eae34d273674fd9c13a48ad9b4d66d82e4d86d9ce0b62a4d922f6c53c38ffcf7c4ab42c3006ea22546e08de2d11bb892988

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Temp\one.rtf

Filesize
403B

MD5
6fbd6ce25307749d6e0a66ebbc0264e7

SHA1
faee71e2eac4c03b96aabecde91336a6510fff60

SHA256
e152b106733d9263d3cf175f0b6197880d70acb753f8bde8035a3e4865b31690

SHA512
35a0d6d91178ec10619cf4d2fd44d3e57aa0266e1779e15b1eef6e9c359c77c384e0ffe4edb2cde980a6847e53f47733e6eacb72d46762066b3541dee3d29064

Download Submit
C:\Users\Admin\AppData\Local\Temp\rniw.exe

Filesize
76KB

MD5
9232120b6ff11d48a90069b25aa30abc

SHA1
97bb45f4076083fca037eee15d001fd284e53e47

SHA256
70faa0e1498461731f873d3594f20cbf2beaa6f123a06b66f9df59a9cdf862be

SHA512
b06688a9fc0b853d2895f11e812c48d5871f2793183fda5e9638ded22fc5dc1e813f174baedc980a1f0b6a7b0a65cd61f29bb16acc6dd45da62988eb012d6877

Download Submit
C:\Users\Admin\AppData\Local\Temp\text.txt

Filesize
396B

MD5
9037ebf0a18a1c17537832bc73739109

SHA1
1d951dedfa4c172a1aa1aae096cfb576c1fb1d60

SHA256
38c889b5d7bdcb79bbcb55554c520a9ce74b5bfc29c19d1e4cb1419176c99f48

SHA512
4fb5c06089524c6dcd48b6d165cedb488e9efe2d27613289ef8834dbb6c010632d2bd5e3ac75f83b1d8024477ebdf05b9e0809602bbe1780528947c36e4de32f

Download Submit
C:\Users\Admin\AppData\Local\Temp\windl.bat

Filesize
771B

MD5
a9401e260d9856d1134692759d636e92

SHA1
4141d3c60173741e14f36dfe41588bb2716d2867

SHA256
b551fba71dfd526d4916ae277d8686d83fff36d22fcf6f18457924a070b30ef7

SHA512
5cbe38cdab0283b87d9a9875f7ba6fa4e8a7673d933ca05deddddbcf6cf793bd1bf34ac0add798b4ed59ab483e49f433ce4012f571a658bc0add28dd987a57b6

Download Submit
memory/2632-572-0x000000000BDF0000-0x000000000BE00000-memory.dmp

Filesize
64KB

Download
memory/2632-563-0x000000000BDF0000-0x000000000BE00000-memory.dmp

Filesize
64KB

Download
memory/2632-570-0x000000000BDC0000-0x000000000BDD0000-memory.dmp

Filesize
64KB

Download
memory/2632-573-0x000000000BDF0000-0x000000000BE00000-memory.dmp

Filesize
64KB

Download
memory/2632-574-0x000000000BDC0000-0x000000000BDD0000-memory.dmp

Filesize
64KB

Download
memory/2632-565-0x000000000BDF0000-0x000000000BE00000-memory.dmp

Filesize
64KB

Download
memory/2632-571-0x000000000BDC0000-0x000000000BDD0000-memory.dmp

Filesize
64KB

Download
memory/2632-564-0x000000000BDF0000-0x000000000BE00000-memory.dmp

Filesize
64KB

Download
memory/2632-560-0x0000000009350000-0x000000000935E000-memory.dmp

Filesize
56KB

Download
memory/2632-559-0x000000000BCB0000-0x000000000BCE8000-memory.dmp

Filesize
224KB

Download
memory/2632-541-0x0000000006050000-0x00000000065F6000-memory.dmp

Filesize
5.6MB

Download
memory/2632-540-0x0000000000860000-0x0000000000F0E000-memory.dmp

Filesize
6.7MB

Download
memory/2632-566-0x000000000BDF0000-0x000000000BE00000-memory.dmp

Filesize
64KB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads