hxxps://github[.]com/pankoza2-pl/malwaredatabase-old/blob/main/Twitch%20Booster%20by%20back%20v4[.]exe

Analysis

max time kernel
293s
max time network
276s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
01/10/2024, 14:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/pankoza2-pl/malwaredatabase-old/blob/main/Twitch%20Booster%20by%20back%20v4.exe

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
3664	Dead Fish-GDIOnly.exe
3744	Dead Fish-GDIOnly.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
70	raw.githubusercontent.com
71	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133722651751486343"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4008	chrome.exe
4008	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4008	chrome.exe
4008	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4008	chrome.exe
Token: SeCreatePagefilePrivilege	4008	chrome.exe
Token: SeShutdownPrivilege	4008	chrome.exe
Token: SeCreatePagefilePrivilege	4008	chrome.exe
Token: SeShutdownPrivilege	4008	chrome.exe
Token: SeCreatePagefilePrivilege	4008	chrome.exe
Token: SeShutdownPrivilege	4008	chrome.exe
Token: SeCreatePagefilePrivilege	4008	chrome.exe
Token: SeShutdownPrivilege	4008	chrome.exe
Token: SeCreatePagefilePrivilege	4008	chrome.exe
Token: SeShutdownPrivilege	4008	chrome.exe
Token: SeCreatePagefilePrivilege	4008	chrome.exe
Token: SeShutdownPrivilege	4008	chrome.exe
Token: SeCreatePagefilePrivilege	4008	chrome.exe
Token: SeShutdownPrivilege	4008	chrome.exe
Token: SeCreatePagefilePrivilege	4008	chrome.exe
Token: SeShutdownPrivilege	4008	chrome.exe
Token: SeCreatePagefilePrivilege	4008	chrome.exe
Token: SeShutdownPrivilege	4008	chrome.exe
Token: SeCreatePagefilePrivilege	4008	chrome.exe
Token: SeShutdownPrivilege	4008	chrome.exe
Token: SeCreatePagefilePrivilege	4008	chrome.exe
Token: SeShutdownPrivilege	4008	chrome.exe
Token: SeCreatePagefilePrivilege	4008	chrome.exe
Token: SeShutdownPrivilege	4008	chrome.exe
Token: SeCreatePagefilePrivilege	4008	chrome.exe
Token: SeShutdownPrivilege	4008	chrome.exe
Token: SeCreatePagefilePrivilege	4008	chrome.exe
Token: SeShutdownPrivilege	4008	chrome.exe
Token: SeCreatePagefilePrivilege	4008	chrome.exe
Token: SeShutdownPrivilege	4008	chrome.exe
Token: SeCreatePagefilePrivilege	4008	chrome.exe
Token: SeShutdownPrivilege	4008	chrome.exe
Token: SeCreatePagefilePrivilege	4008	chrome.exe
Token: SeShutdownPrivilege	4008	chrome.exe
Token: SeCreatePagefilePrivilege	4008	chrome.exe
Token: SeShutdownPrivilege	4008	chrome.exe
Token: SeCreatePagefilePrivilege	4008	chrome.exe
Token: SeShutdownPrivilege	4008	chrome.exe
Token: SeCreatePagefilePrivilege	4008	chrome.exe
Token: SeShutdownPrivilege	4008	chrome.exe
Token: SeCreatePagefilePrivilege	4008	chrome.exe
Token: SeShutdownPrivilege	4008	chrome.exe
Token: SeCreatePagefilePrivilege	4008	chrome.exe
Token: SeShutdownPrivilege	4008	chrome.exe
Token: SeCreatePagefilePrivilege	4008	chrome.exe
Token: SeShutdownPrivilege	4008	chrome.exe
Token: SeCreatePagefilePrivilege	4008	chrome.exe
Token: SeShutdownPrivilege	4008	chrome.exe
Token: SeCreatePagefilePrivilege	4008	chrome.exe
Token: SeShutdownPrivilege	4008	chrome.exe
Token: SeCreatePagefilePrivilege	4008	chrome.exe
Token: SeShutdownPrivilege	4008	chrome.exe
Token: SeCreatePagefilePrivilege	4008	chrome.exe
Token: SeShutdownPrivilege	4008	chrome.exe
Token: SeCreatePagefilePrivilege	4008	chrome.exe
Token: SeShutdownPrivilege	4008	chrome.exe
Token: SeCreatePagefilePrivilege	4008	chrome.exe
Token: SeShutdownPrivilege	4008	chrome.exe
Token: SeCreatePagefilePrivilege	4008	chrome.exe
Token: SeShutdownPrivilege	4008	chrome.exe
Token: SeCreatePagefilePrivilege	4008	chrome.exe
Token: SeShutdownPrivilege	4008	chrome.exe
Token: SeCreatePagefilePrivilege	4008	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4008 wrote to memory of 4404	4008	chrome.exe	82
PID 4008 wrote to memory of 4404	4008	chrome.exe	82
PID 4008 wrote to memory of 4444	4008	chrome.exe	83
PID 4008 wrote to memory of 4444	4008	chrome.exe	83
PID 4008 wrote to memory of 4444	4008	chrome.exe	83
PID 4008 wrote to memory of 4444	4008	chrome.exe	83
PID 4008 wrote to memory of 4444	4008	chrome.exe	83
PID 4008 wrote to memory of 4444	4008	chrome.exe	83
PID 4008 wrote to memory of 4444	4008	chrome.exe	83
PID 4008 wrote to memory of 4444	4008	chrome.exe	83
PID 4008 wrote to memory of 4444	4008	chrome.exe	83
PID 4008 wrote to memory of 4444	4008	chrome.exe	83
PID 4008 wrote to memory of 4444	4008	chrome.exe	83
PID 4008 wrote to memory of 4444	4008	chrome.exe	83
PID 4008 wrote to memory of 4444	4008	chrome.exe	83
PID 4008 wrote to memory of 4444	4008	chrome.exe	83
PID 4008 wrote to memory of 4444	4008	chrome.exe	83
PID 4008 wrote to memory of 4444	4008	chrome.exe	83
PID 4008 wrote to memory of 4444	4008	chrome.exe	83
PID 4008 wrote to memory of 4444	4008	chrome.exe	83
PID 4008 wrote to memory of 4444	4008	chrome.exe	83
PID 4008 wrote to memory of 4444	4008	chrome.exe	83
PID 4008 wrote to memory of 4444	4008	chrome.exe	83
PID 4008 wrote to memory of 4444	4008	chrome.exe	83
PID 4008 wrote to memory of 4444	4008	chrome.exe	83
PID 4008 wrote to memory of 4444	4008	chrome.exe	83
PID 4008 wrote to memory of 4444	4008	chrome.exe	83
PID 4008 wrote to memory of 4444	4008	chrome.exe	83
PID 4008 wrote to memory of 4444	4008	chrome.exe	83
PID 4008 wrote to memory of 4444	4008	chrome.exe	83
PID 4008 wrote to memory of 4444	4008	chrome.exe	83
PID 4008 wrote to memory of 4444	4008	chrome.exe	83
PID 4008 wrote to memory of 2256	4008	chrome.exe	84
PID 4008 wrote to memory of 2256	4008	chrome.exe	84
PID 4008 wrote to memory of 2864	4008	chrome.exe	85
PID 4008 wrote to memory of 2864	4008	chrome.exe	85
PID 4008 wrote to memory of 2864	4008	chrome.exe	85
PID 4008 wrote to memory of 2864	4008	chrome.exe	85
PID 4008 wrote to memory of 2864	4008	chrome.exe	85
PID 4008 wrote to memory of 2864	4008	chrome.exe	85
PID 4008 wrote to memory of 2864	4008	chrome.exe	85
PID 4008 wrote to memory of 2864	4008	chrome.exe	85
PID 4008 wrote to memory of 2864	4008	chrome.exe	85
PID 4008 wrote to memory of 2864	4008	chrome.exe	85
PID 4008 wrote to memory of 2864	4008	chrome.exe	85
PID 4008 wrote to memory of 2864	4008	chrome.exe	85
PID 4008 wrote to memory of 2864	4008	chrome.exe	85
PID 4008 wrote to memory of 2864	4008	chrome.exe	85
PID 4008 wrote to memory of 2864	4008	chrome.exe	85
PID 4008 wrote to memory of 2864	4008	chrome.exe	85
PID 4008 wrote to memory of 2864	4008	chrome.exe	85
PID 4008 wrote to memory of 2864	4008	chrome.exe	85
PID 4008 wrote to memory of 2864	4008	chrome.exe	85
PID 4008 wrote to memory of 2864	4008	chrome.exe	85
PID 4008 wrote to memory of 2864	4008	chrome.exe	85
PID 4008 wrote to memory of 2864	4008	chrome.exe	85
PID 4008 wrote to memory of 2864	4008	chrome.exe	85
PID 4008 wrote to memory of 2864	4008	chrome.exe	85
PID 4008 wrote to memory of 2864	4008	chrome.exe	85
PID 4008 wrote to memory of 2864	4008	chrome.exe	85
PID 4008 wrote to memory of 2864	4008	chrome.exe	85
PID 4008 wrote to memory of 2864	4008	chrome.exe	85
PID 4008 wrote to memory of 2864	4008	chrome.exe	85
PID 4008 wrote to memory of 2864	4008	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/pankoza2-pl/malwaredatabase-old/blob/main/Twitch%20Booster%20by%20back%20v4.exe
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff90235cc40,0x7ff90235cc4c,0x7ff90235cc58
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1916,i,15838621057975705905,6328835541943514237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2176,i,15838621057975705905,6328835541943514237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  PID:2256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2236,i,15838621057975705905,6328835541943514237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2420 /prefetch:8
  2⤵
  PID:2864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,15838621057975705905,6328835541943514237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3108,i,15838621057975705905,6328835541943514237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4616,i,15838621057975705905,6328835541943514237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4608 /prefetch:8
  2⤵
  PID:1256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5032,i,15838621057975705905,6328835541943514237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5020 /prefetch:8
  2⤵
  PID:4800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5028,i,15838621057975705905,6328835541943514237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5092 /prefetch:8
  2⤵
  PID:796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5384,i,15838621057975705905,6328835541943514237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5412 /prefetch:8
  2⤵
  PID:3008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5076,i,15838621057975705905,6328835541943514237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5340 /prefetch:8
  2⤵
  PID:4312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5508,i,15838621057975705905,6328835541943514237,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4744 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2548

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4808

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:956

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1252

C:\Users\Admin\Downloads\Dead Fish-GDIOnly.exe
"C:\Users\Admin\Downloads\Dead Fish-GDIOnly.exe"
1⤵
- Executes dropped EXE
PID:3664

C:\Users\Admin\Downloads\Dead Fish-GDIOnly.exe
"C:\Users\Admin\Downloads\Dead Fish-GDIOnly.exe"
1⤵
- Executes dropped EXE
PID:3744

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f4 0x498
1⤵
PID:1328

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\1ce04dba-c9cd-4425-ae79-a0202a03b04b.tmp

Filesize
10KB

MD5
1896ad5dd2cf4ab71fa7b3a50cf9c111

SHA1
bb7911683017745f6c1253c02e996e25d986979a

SHA256
a2c89c104414aaf97eb35e92d0d1b43b17fe00ba4c56981ffc437a26c82db144

SHA512
2f125b6057bb98bf050099d1ec5aa279d48e4d1d9dc5266670049c00c88714a824545e613884ff997b540fa835e81f967989d84d5d4ae4296a0ab19f94d70ed9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
c6ea3ab7095ef8b4c1cbd44a502d0820

SHA1
460157103b2f67a068c7734d279317442f983137

SHA256
ff6e22b2a08e56a32d92d5739548b52e42c863e3f565274a5df4bb406abe6f88

SHA512
10bbc00a76192c0e28f53b8d7b7abaeb548dd3b892dea1544ad7dbd87bc40a476f4546b05fa902bbd809014f8bc407b996c2c9d321086cf6b34a00d4535f2738

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
2c2f277f649f7626348e150267ed1ee4

SHA1
2aef4c913eb94ab89f65603611fdd6842b9ef96e

SHA256
b15dc7f64690efa8311af8488c8ae9eebdda2b681d6bab690acfd4a8c4e4a152

SHA512
4c33172cc65421fda0ebe4160bebcac629aabb27d6a4c8aab316839da64cbd835098e39cfb238784ac59635b85077ff42d5b803f993cc331af832694b823e5b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
441afbb8a09b15542fbde8ebf141b5cc

SHA1
c6f1829c2ecadab9296c9f39e188b9a57123f210

SHA256
ccad8252f435255d4a295da0a27c97f0290ca046128b8211d0ac6686eb8135ee

SHA512
d2fa7f010bba1e667323a3db9f9b19a83dc895b54a7ba8941a4f3ee02c95ddb21329f047d3e563184ce5cc7517e1c4e67956f8da11d491ed0067520c29794304

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
224f9d4eeed6fe62c25bb45343ef8e67

SHA1
a13e93eb8b436e2045ecfd9fe3c9a719b46a41a8

SHA256
6165f500d5e661e5b18d13f2b0267f0374a951a61361c9774688094eb9f9048c

SHA512
9dbaa1d60aa8167dd705cbf1779b92eda2e34f4537edab46dac1ed33234182a3069d4a28838d6d0d4a99fbf5ca8eb26621f9cea57951ccdf0d1d12b493bfe3ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3dec46cc79edd79decae8086cfabfec6

SHA1
e1177cd612e2550fc0a1c53489635535d16a7178

SHA256
18d80eb7de556ab47b976dd239b46d2590d26e1f33dbc52b0015408052cca8d3

SHA512
fdfb8f62f1fd32282fbdb8e722d7522278df5e46e57b6f0c87b8bc7771b3cd3af07833b88ebcd31be6e4da8d71e64e67c0a5f47db14a985c2173b645206c7e87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9a74fbd97827d88965c699b16295f64d

SHA1
2d3638a3252b68346b424b0199ec945d6140ee7d

SHA256
f0f2ca81299b64e51b9b6fc1905eb76bbb7b0fde80634a5aabb65a0f5d5f4073

SHA512
5530388f369caf01e305382a0715712243f6a00f7cf7df33c71d184f8b8587c7fe64d1ab3f32043953fe71ea3f8564eff2e6de95168b0533443495a0b8ee9358

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1955def62c032a4e6aa0b17d66a5ea46

SHA1
cc6decbe678c9cee75f4b27a54100002e8fc9056

SHA256
b395077ec2af4f5a7903fcf51e9e88dcef356aa608461d9df9f2cedc025397da

SHA512
35956d21d01c5a2faa5106ced0c3d7131d0302c0dfb6e647bdb9d4eab7638e107f78553114a775d7837400c378938b0f5569d8e0cc7d5aa1dd5952875cc19efc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bcd2b74248ef38aed697b3e787344922

SHA1
871b4ca27a008acc297e142fb44913670f929d1a

SHA256
06e2947946b03176bc554513e7ba8aaf3150536208edad68363f5569157c7072

SHA512
c4ebf9041cad005b79d62b5a90cc1f424d8d324dcc6679412c0be60dde60b544f259ff03e058333d5bf04c3959b134c0581264d18c2e5b51ca5d52c87005e05e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0f534df4979ccf11f16e4228475a507c

SHA1
deb0743e3b2330815455241128a3803aba5c8683

SHA256
d108f500556a5c29a6f5410cfe1d6a492d35039f0f648901b4598dbb27aa4ac1

SHA512
087b2f85212b1c8d0996c878a6eb8f499a66a7783b5bfd482801c52989d180f56dccbe017b86ad0d39132f67aef2d37fbf68e547cb9e623eb9a8b1e840c0cf67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7805e972fc82323cbfa43a0ba20c6d4e

SHA1
377405ba088a39e4d07444cad3701ae8cd761ec9

SHA256
a265a47d645ea3f9c5d2d8af8ac3382570c8aef43377501f58ee34d41b1af91b

SHA512
dba91f8cf4cb77f013bdb909ad085759748514df2042f7749628b2b299402bb4a18603761806c721d65da3054d31a407ac448614c8c91a7f2790bcbf8676a350

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bf64dc4cbd854db15dd7cab38804f2b3

SHA1
0f7e71931f43a178d4f467e1ea94a7c52a6c894e

SHA256
d745c8cb5b409089d42a35d9995c8f9a779167fc19853e68e58dd604717567d3

SHA512
a4e63ea11cf1eb884547c4d109251402d082d9d9d560e7d1513d3d3e90d9d3fdf7f75ce905ba39e082d6271711bffdab53c4e2444534b49c70787edf5308cdd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0c1a0c49d2dc6f7b86aea254ea45fd1f

SHA1
9b2bd59504d4833f4e79eb8b2c6383bfbe5b587b

SHA256
255c46bac896f280d9e4fe2f872f4595404bd191788c95f7a794307ff4e8e5ac

SHA512
445d2a40a709eeaeb3963b14ac3b82e07121ec7a4b67a7b1fa45b30177bfd5d1fd549a74418234f2ae33a9784d9a7a360ce30757f66851387ee649c0cfab02b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e59ab99dfca442d6cc0e0db168e4077a

SHA1
7866d109934a9c0d6cea1b67885ef265178754e9

SHA256
66e2adbb5626622ef7d3b1017d73b44e6921501de372ab6014f51d87c05cb440

SHA512
4b753858353a23dc75b1162a59b106faceff06f5d4bffeb41a5530f6939f4d283733b92aaf4dd7b758623b3e759efc1161c590716f944470114a3c4022bf0088

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a9a653171e9cbc7cbe37fa970a25310c

SHA1
5b38d95a4ea1086ace29ea4a8fdc80b74067ea75

SHA256
580d7490696b3fe760d42b969c890a99cb887a096f0a6253c9bb5115bfa37c2f

SHA512
0b061ca745e41073b8f96bdd8ec2a84d9f2c360f3c94921ec4f0cb069aa6cfaea1d2b00b03d90d36ee063a96b254d5a4638143c0081e2415f18230990a862caf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c1127a40e616897ed45c0a7f7d04a22d

SHA1
75ef49b1608f7f523fe1b461610f6806911e60d9

SHA256
b31ccd3004949d65ea79b19a12fd49cdc832bbbf6628b7f2ab0c8f5886a65667

SHA512
62c33515aa500b5ca3bcfe7f715ae9c4b6e0eab929c968f6df6d51bf8717e55dd296d227cdce931e34ec10cdf73a46bb40dc6bb6d10aca2217558b671bd2431a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
86d90fece336a12d6bca0bb647090a6f

SHA1
0b488af32bb48c7588a6744754c0b791910288a2

SHA256
844739b274816573074eda4a47598ae34f9151454c92e628a44f0cc55f661ed3

SHA512
49f5d7eb7edc5cb3e1f413c798e40aefc3d7045bef6a35f6a00a9919eba09f6be41c7f3f590ee78ed69951d1b8b1fa20afb0c36efb899abd9fcceb4a0353b62e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7e7c0d3d41f5c32046ff9e367996fda1

SHA1
009ecdc762c3a9bec52c2c62069bcfd6e2796ba6

SHA256
a781d87255097b8bacf55cbf77e3aea2c6415b37625c7342bfaf898b94582602

SHA512
c93dcc1af5a143168e959eb15b7a592547fe753661545c4e113fb9091bf7ba09be68396de75fda32e8e2b584b1211c0c3e6a35b159c02cd7e56386a67fd1bddb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0947f78b3391ff8c3a107f777a4b9bdb

SHA1
53d129d4cb5188b5569bf117626933ad94e2c9ea

SHA256
3d7d35a41c6a5819751a5d4b7f21bf001ed8163b3086c2c82a0922fee65e8f21

SHA512
a06919a3740a9ed0b8195ab7c9305dbb8400da9d1ae6f12ff946f24b297d46f244f0fdab404bb1b2920ea1d6c4de6522ed66a59a37cd33e8642ed51699952e45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2628406a81cab1025a64a2d782880d1b

SHA1
87de61f8432172ee79941cb2e4c61e3aced54d05

SHA256
c02b7207122fbedbb9f85abc3b3a33820e8204edd7775aeb282a9f77c63efefd

SHA512
c25442e80022dfe9631628ef4045a75760a9cab1b0d2abbf59aaf83026cb7b52984daec0b48d33711ceee19fed02c040fbc005c4e444970e5fcb72ad4b264ae8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
71308d7adf748758e84e38fb03e30b65

SHA1
5bf575909a62623f58b523f531fc822c7260c14a

SHA256
89085d753cb7b05239e727e7118ed57f9db36e3fa9958894ce4dd3f26f33b5c8

SHA512
8e1f309860e9ec26fcd6e25751096b32a8b68ed63fc3cac8930eb8fa281397be3c89afa25cd256415dba7cb9ecef6c7ca773f31106be6e2fe28397a5ed7dc924

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cedb608cc3d6b5590f80a77285b38cba

SHA1
22e9a1649aab263d60534094e558e2cae93f0f58

SHA256
51f66141dd367537b28fb10e842122449508a8b1ee10e4ac863aac3d626e03e9

SHA512
17807eca85acf7e6bd5333af594d6ee0f3502d7562c3933e4da008d3b23c8874f21cca3d199e74e31d5a47f4b6947424cc0b295a2921e28d884a842f2dee55d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d451875eb205fef9aa085bb714c485af

SHA1
358ab18e84cd75ce50a3f21b6f7512512e90e2b3

SHA256
610f1784ea35b7309cfb1da7211743233fb44a5b88ea041678260efdae7cea0d

SHA512
1ca5a02472f5a21f42b06aa878d9cccee1aec0aee3cdfa2553f31b207294550defe97947e2504b2f9a4524b975ed6807198a7f5c46913ba0c7d8b4540b13fd8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
8df38d21e609649bd669d3963805690a

SHA1
df264f4d4a6a96cb82ef0c688e8d33f930cccc3f

SHA256
6d94f54638ecffc08a91710ef6bf213896adf92e2e8de5bb3513eb4e607a2865

SHA512
6ed50e0d28c20af0ac5fdefc2785e37720c987d155893684b80ba9a087353fb5b37b4f31d6ca7b2edf022c79dd6c1052017b9a55b726f5df747459b2fe92f584

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
a1d432032bc76999184b04da8b2f03f6

SHA1
dde1a20c7027063b9445d83961f2817dc5a3559a

SHA256
151d1bb2e4e9010edd573dbf7e0e3cf850ee9eea4e4194f9294dc9bec4b70c5e

SHA512
7ca57ff761fcccfc07ce0fa71b8df6f98f4814cd8d45020e872c7091975e1b02aca686400af909dc4f9d06034f9cfa2f92a567f8b073396e5ae4c24d21d97c45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Dead Fish-GDIOnly.exe.log

Filesize
660B

MD5
1c5e1d0ff3381486370760b0f2eb656b

SHA1
f9df6be8804ef611063f1ff277e323b1215372de

SHA256
f424c891fbc7385e9826beed2dd8755aeac5495744b5de0a1e370891a7beaf7a

SHA512
78f5fc40a185d04c9e4a02a3d1b10b4bd684c579a45a0d1e8f49f8dee9018ed7bc8875cbf21f98632f93ead667214a41904226ce54817b85caeeb4b0de54a743

Download Submit
C:\Users\Admin\Downloads\Dead Fish-GDIOnly.exe

Filesize
127KB

MD5
c50b7a75006047d5288a3ea5dfc967d7

SHA1
a3fec3dfc2047dc827ae5a991e2d9be7741b7083

SHA256
415e6d4f552423bb7f28d2a535e9963295562393f470c63d4086fb0faa237752

SHA512
d121d355be6e4249482aba04ccfe7824551c3e45a7e6d6870e9bc2342e7ce8c323b4958f84d9b1f8758a2f9a4bbc33cb6f4bfb1de83d35f13c0dd57a2cd51883

Download Submit
memory/3664-369-0x00007FF8ED933000-0x00007FF8ED935000-memory.dmp

Filesize
8KB

Download
memory/3664-370-0x00000000008D0000-0x00000000008F6000-memory.dmp

Filesize
152KB

Download
memory/3664-371-0x00007FF8ED930000-0x00007FF8EE3F1000-memory.dmp

Filesize
10.8MB

Download
memory/3664-373-0x00007FF8ED930000-0x00007FF8EE3F1000-memory.dmp

Filesize
10.8MB

Download