mimikatz | hxxp://149[.]88[.]74[.]5[:]8000/

Analysis

max time kernel
184s
max time network
183s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12-10-2024 08:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://149.88.74.5:8000/

Score

10^/10

mimikatz discovery

Malware Config

Signatures

Mimikatz
mimikatz is an open source tool to dump credentials on Windows.
mimikatz

mimikatz is an open source tool to dump credentials on Windows 1 IoCs

Processes:

resource	yara_rule
behavioral1/files/0x000b000000023baa-114.dat	mimikatz

Downloads MZ/PE file

Executes dropped EXE 4 IoCs

Processes:

agent.exeRingQ.exerunshc32.exetest.exe

pid	Process
2268	agent.exe
2116	RingQ.exe
2548	runshc32.exe
2008	test.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

runshc32.execmd.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	runshc32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133731951531689614"	chrome.exe

Modifies registry class 64 IoCs

Processes:

chrome.exechrome.exechrome.exechrome.exechrome.exe

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\NodeSlot = "3"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

Processes:

NOTEPAD.EXE

pid	Process
2872	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid	Process
2700	chrome.exe
2700	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

chrome.exe

pid	Process
3076	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

chrome.exe

pid	Process
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	Process
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeCreatePagefilePrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeCreatePagefilePrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeCreatePagefilePrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeCreatePagefilePrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeCreatePagefilePrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeCreatePagefilePrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeCreatePagefilePrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeCreatePagefilePrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeCreatePagefilePrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeCreatePagefilePrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeCreatePagefilePrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeCreatePagefilePrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeCreatePagefilePrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeCreatePagefilePrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeCreatePagefilePrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeCreatePagefilePrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeCreatePagefilePrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeCreatePagefilePrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeCreatePagefilePrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeCreatePagefilePrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeCreatePagefilePrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeCreatePagefilePrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeCreatePagefilePrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeCreatePagefilePrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeCreatePagefilePrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeCreatePagefilePrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeCreatePagefilePrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeCreatePagefilePrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeCreatePagefilePrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeCreatePagefilePrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeCreatePagefilePrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeCreatePagefilePrivilege	2700	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exe

pid	Process
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	Process
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe

Suspicious use of SetWindowsHookEx 9 IoCs

Processes:

chrome.exechrome.exechrome.exechrome.exechrome.exe

pid	Process
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
1560	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
3272	chrome.exe
2168	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	Process	procid_target
PID 2700 wrote to memory of 4236	2700	chrome.exe	83
PID 2700 wrote to memory of 4236	2700	chrome.exe	83
PID 2700 wrote to memory of 4596	2700	chrome.exe	85
PID 2700 wrote to memory of 4596	2700	chrome.exe	85
PID 2700 wrote to memory of 4596	2700	chrome.exe	85
PID 2700 wrote to memory of 4596	2700	chrome.exe	85
PID 2700 wrote to memory of 4596	2700	chrome.exe	85
PID 2700 wrote to memory of 4596	2700	chrome.exe	85
PID 2700 wrote to memory of 4596	2700	chrome.exe	85
PID 2700 wrote to memory of 4596	2700	chrome.exe	85
PID 2700 wrote to memory of 4596	2700	chrome.exe	85
PID 2700 wrote to memory of 4596	2700	chrome.exe	85
PID 2700 wrote to memory of 4596	2700	chrome.exe	85
PID 2700 wrote to memory of 4596	2700	chrome.exe	85
PID 2700 wrote to memory of 4596	2700	chrome.exe	85
PID 2700 wrote to memory of 4596	2700	chrome.exe	85
PID 2700 wrote to memory of 4596	2700	chrome.exe	85
PID 2700 wrote to memory of 4596	2700	chrome.exe	85
PID 2700 wrote to memory of 4596	2700	chrome.exe	85
PID 2700 wrote to memory of 4596	2700	chrome.exe	85
PID 2700 wrote to memory of 4596	2700	chrome.exe	85
PID 2700 wrote to memory of 4596	2700	chrome.exe	85
PID 2700 wrote to memory of 4596	2700	chrome.exe	85
PID 2700 wrote to memory of 4596	2700	chrome.exe	85
PID 2700 wrote to memory of 4596	2700	chrome.exe	85
PID 2700 wrote to memory of 4596	2700	chrome.exe	85
PID 2700 wrote to memory of 4596	2700	chrome.exe	85
PID 2700 wrote to memory of 4596	2700	chrome.exe	85
PID 2700 wrote to memory of 4596	2700	chrome.exe	85
PID 2700 wrote to memory of 4596	2700	chrome.exe	85
PID 2700 wrote to memory of 4596	2700	chrome.exe	85
PID 2700 wrote to memory of 4596	2700	chrome.exe	85
PID 2700 wrote to memory of 2372	2700	chrome.exe	86
PID 2700 wrote to memory of 2372	2700	chrome.exe	86
PID 2700 wrote to memory of 940	2700	chrome.exe	87
PID 2700 wrote to memory of 940	2700	chrome.exe	87
PID 2700 wrote to memory of 940	2700	chrome.exe	87
PID 2700 wrote to memory of 940	2700	chrome.exe	87
PID 2700 wrote to memory of 940	2700	chrome.exe	87
PID 2700 wrote to memory of 940	2700	chrome.exe	87
PID 2700 wrote to memory of 940	2700	chrome.exe	87
PID 2700 wrote to memory of 940	2700	chrome.exe	87
PID 2700 wrote to memory of 940	2700	chrome.exe	87
PID 2700 wrote to memory of 940	2700	chrome.exe	87
PID 2700 wrote to memory of 940	2700	chrome.exe	87
PID 2700 wrote to memory of 940	2700	chrome.exe	87
PID 2700 wrote to memory of 940	2700	chrome.exe	87
PID 2700 wrote to memory of 940	2700	chrome.exe	87
PID 2700 wrote to memory of 940	2700	chrome.exe	87
PID 2700 wrote to memory of 940	2700	chrome.exe	87
PID 2700 wrote to memory of 940	2700	chrome.exe	87
PID 2700 wrote to memory of 940	2700	chrome.exe	87
PID 2700 wrote to memory of 940	2700	chrome.exe	87
PID 2700 wrote to memory of 940	2700	chrome.exe	87
PID 2700 wrote to memory of 940	2700	chrome.exe	87
PID 2700 wrote to memory of 940	2700	chrome.exe	87
PID 2700 wrote to memory of 940	2700	chrome.exe	87
PID 2700 wrote to memory of 940	2700	chrome.exe	87
PID 2700 wrote to memory of 940	2700	chrome.exe	87
PID 2700 wrote to memory of 940	2700	chrome.exe	87
PID 2700 wrote to memory of 940	2700	chrome.exe	87
PID 2700 wrote to memory of 940	2700	chrome.exe	87
PID 2700 wrote to memory of 940	2700	chrome.exe	87
PID 2700 wrote to memory of 940	2700	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://149.88.74.5:8000/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8bd7dcc40,0x7ff8bd7dcc4c,0x7ff8bd7dcc58
  2⤵
  PID:4236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2084,i,10050138763996252969,8240255914216543080,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1636,i,10050138763996252969,8240255914216543080,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2352 /prefetch:3
  2⤵
  PID:2372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2132,i,10050138763996252969,8240255914216543080,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2540 /prefetch:8
  2⤵
  PID:940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3032,i,10050138763996252969,8240255914216543080,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3084 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3048,i,10050138763996252969,8240255914216543080,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:2620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4628,i,10050138763996252969,8240255914216543080,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4640 /prefetch:8
  2⤵
  PID:3424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4680,i,10050138763996252969,8240255914216543080,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4656 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3056,i,10050138763996252969,8240255914216543080,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3184 /prefetch:8
  2⤵
  PID:4140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5156,i,10050138763996252969,8240255914216543080,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5300 /prefetch:8
  2⤵
  PID:1192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5184,i,10050138763996252969,8240255914216543080,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5436 /prefetch:8
  2⤵
  PID:2028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5328,i,10050138763996252969,8240255914216543080,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5608 /prefetch:8
  2⤵
  PID:1120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5472,i,10050138763996252969,8240255914216543080,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5732 /prefetch:8
  2⤵
  PID:556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5704,i,10050138763996252969,8240255914216543080,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4820 /prefetch:8
  2⤵
  PID:4184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5680,i,10050138763996252969,8240255914216543080,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4924 /prefetch:8
  2⤵
  PID:2168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5712,i,10050138763996252969,8240255914216543080,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5616 /prefetch:8
  2⤵
  PID:3300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5544,i,10050138763996252969,8240255914216543080,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4476 /prefetch:8
  2⤵
  PID:5068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5588,i,10050138763996252969,8240255914216543080,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5552 /prefetch:8
  2⤵
  PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5160,i,10050138763996252969,8240255914216543080,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5568 /prefetch:8
  2⤵
  PID:4256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4924,i,10050138763996252969,8240255914216543080,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5616 /prefetch:8
  2⤵
  PID:1828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5424,i,10050138763996252969,8240255914216543080,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:1704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5028,i,10050138763996252969,8240255914216543080,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4332,i,10050138763996252969,8240255914216543080,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5596 /prefetch:8
  2⤵
  PID:2360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5292,i,10050138763996252969,8240255914216543080,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5420 /prefetch:8
  2⤵
  PID:772
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\a.txt
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:2872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5608,i,10050138763996252969,8240255914216543080,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3836 /prefetch:1
  2⤵
  PID:1828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5240,i,10050138763996252969,8240255914216543080,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5964,i,10050138763996252969,8240255914216543080,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5956 /prefetch:8
  2⤵
  PID:3688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5896,i,10050138763996252969,8240255914216543080,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3060 /prefetch:8
  2⤵
  PID:4044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=5672,i,10050138763996252969,8240255914216543080,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=5188,i,10050138763996252969,8240255914216543080,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:1212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6004,i,10050138763996252969,8240255914216543080,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6028 /prefetch:8
  2⤵
  PID:2120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5992,i,10050138763996252969,8240255914216543080,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3836 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:3076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5736,i,10050138763996252969,8240255914216543080,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3060 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:1560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5164,i,10050138763996252969,8240255914216543080,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4480 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:4328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5364,i,10050138763996252969,8240255914216543080,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5744 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4976,i,10050138763996252969,8240255914216543080,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6128 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:3272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6112,i,10050138763996252969,8240255914216543080,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5248 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:2168

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1212

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1272

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4256

C:\Users\Admin\Downloads\agent.exe
"C:\Users\Admin\Downloads\agent.exe"
1⤵
- Executes dropped EXE
PID:2268

C:\Users\Admin\Downloads\RingQ.exe
"C:\Users\Admin\Downloads\RingQ.exe"
1⤵
- Executes dropped EXE
PID:2116

C:\Users\Admin\Downloads\runshc32.exe
"C:\Users\Admin\Downloads\runshc32.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2548
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c pause
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4584

C:\Users\Admin\Downloads\test.exe
"C:\Users\Admin\Downloads\test.exe"
1⤵
- Executes dropped EXE
PID:2008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
215KB

MD5
1585c4c0ffdb55b2a4fdc0b0f5c317be

SHA1
aac0e0f12332063c75c690458b2cfe5acb800d0a

SHA256
18a1cfc3b339903a71e6a68791cde83fca626a4c1a22be5cb7755c9f2343e2a5

SHA512
7021ed87f0c97edc3a8ff838202fa444841eafcbfa4e00e722b723393a1ac679279aa744e8edde237a05be6060527a0c7e64a36148bd2d1316d5589d78d08e23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
27KB

MD5
6b5c5bc3ac6e12eaa80c654e675f72df

SHA1
9e7124ce24650bc44dc734b5dc4356a245763845

SHA256
d1d3f1ebec67cc7dc38ae8a3d46a48f76f39755bf7d78eb1d5f20e0608c40b81

SHA512
66bd618ca40261040b17d36e6ad6611d8180984fd7120ccda0dfe26d18b786dbf018a93576ebafe00d3ce86d1476589c7af314d1d608b843e502cb481a561348

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5d80df2197d8b05577ba713e88f2bb15

SHA1
1ff6092b3ed9ae732d76bc14fb4a06be980a0440

SHA256
56e1ad007dbd89ca043aba015797a2fcbd0d47030e57735bd89f9d404f42caf7

SHA512
a68f45861aae60ab0188e7a088caa167f1e37c31184f96e0c27720b34b38d855ccbdfa0cabcf1dc1aaca45a4ffeef4851774d7dd06672c1a678bf685aab96d22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
b4f98f9c699e32e838c9f79d6746da43

SHA1
f37e09e853b0e8427ec715866d8c6000b2c93d1f

SHA256
0fd19dbcedb4452d9c1678368edde6abdae93c481e02e9720342a05777f32c7b

SHA512
6732d6023ae655024c2663034931900c2206e33b3eba2c66956eed835b36fec5ecef595dac7f0b2473b6b478da10c0c1a959b36939bf937732dc58f74b4d0148

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
3ed35087f4c893863291697d4bde6675

SHA1
6b654fb9f88f108818f9e455fbaa574fe170a3a3

SHA256
51467dc16ef0ee1544733edbe1df29dbe559d1c4fd5879a963e98776365b4c76

SHA512
8675594e3a54a2af9386391bc499d342ef1a3490ace7a6cc4861ae7c89359bc2d09275ab07ad92da74162ce9626869d17f6c0cd91375fcf55ad6fe4fa6edf30a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
4be7f74122d96bb881263c1f53381afe

SHA1
793a27508bfbc8b8e6a3a9ed3759b3747c7e71f9

SHA256
7e3c0cd95e92f4fb1c04619888442ae18af22421778a66bd86151cf3b7a8c179

SHA512
3f99e164934149937ff98474f1c285f4a2c1b8b200f2e95448d98f3895c9b9c4416a0c427c1d4d1de548cacb04662050d39656748508a613b7be69ce50f599b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
d5e6b0885f37f3cd3ee00f07c0b8aa50

SHA1
1c3e75129b2647a1bb65e531f4bb20a46cb4b146

SHA256
302196c13fc3e6e75544040b9f3e9e327ad5f67e71d7de612a6d4d756dc908d4

SHA512
271e05e9b6a2bd9bc475c72cedd094bfe670cfb304ea9d28170b22303ff0c6c683796090aaec342d3802957398ddc76c0242517e7a70e5ea06157b6dd39b7afe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
7d9d950ec7df8631612bf8bbc74b343b

SHA1
9deb1c474a02431e3802d2f30b943367d7171533

SHA256
25c96dc7c77de3d77ac534c711b8297dd8c0235a5e43da710b400353439ad52a

SHA512
47e65458255f0bb8dd9e2dcf374a6c48a35f190261e25b92143b6390c687bc870d6fa4084e30a368757fefd48640d1a08d9cab4b6a1faddf408fb5ae67db22b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
394064a6ef755aac1dfd58411938eca3

SHA1
55ebcff6b0d8c67b7dfd0a7c13d90eac8177c4a9

SHA256
fa833469caad5ed05fc8f96031b5d58aafee48a58e02895861926d1176bb3141

SHA512
d10c945519dbc4e9cc0ec9927f0e933c76c829d6043f399d4af075035d43caafa4c5eaec7e8d97f87b4d5381b9daaf2dccea1c1cd8244090eac25a1b43d7306d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e20a3962ecc446126ef2de5deb503cdd

SHA1
362fd7be6b712607045244c98a36f484e7d786a7

SHA256
673b06c3390c5e0d02273e839c2625837fd401ed940ff1930c71df706e027d61

SHA512
d383f86831a07165c7fd4f73e69cf602358a831638e6791cf285d349712798282bcf5bfdbb0f90f3e960d731b13d01f7aaddd7d6eb739e0359d0d65f368621da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e3168cdcb1dc1e0e1a17f8ae22c917f5

SHA1
4e93ad2722801033d1d928e1d8c5ff5bc8429899

SHA256
1640890d6ec105c90b93d517d9f19c019d96a45fc1cf206295ade6b485c57892

SHA512
a1f635f676267ead51426a1c86b1a40c595c7797f8c30c6105f824f5e4a8a4f9c7fee48fe49ab6a0001ab2c9dcbfdf6e391bda1c1a5be0320afef1ac341fc925

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6a991a64b4314826077ffefccfcd9887

SHA1
9397edd568834d9c32e63b41c6157ecd5fbd9b9f

SHA256
9a01923f95e861bfd8578cb5c21322b3942b4bed781815726f475d97f8b33c90

SHA512
6572bedd43d62895d6f8cb186416bcde86352fe4263ad40af19ed975b572d480e83e6ff5bfa689694a8ad9891d2a5da4e12c4b67839dd5ef04c79f7983b43165

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ed011b5d4a502765b32cd6618db33e0c

SHA1
4116d28363205c25dbae54cc13dd2fadf6e7d8ad

SHA256
3b6ed2b7e47018c84b34938853b53cc583cb89f7d746e077c137a5dc78c77406

SHA512
3209c2065e69d2a40fe8ddd84bd10b877af8a006b265aacf02fc89abd90427c91681488778e3bc890445483329c8f376438ff3e030c15771c1c58ff8793216d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6aa4cb1671ee50b744295eafdb6fd7a7

SHA1
131d91e7c1d2ebcd3bba752ac78f657ab8acdf5c

SHA256
5bcb2cca9618c90aa0bffdec429ec6caf7e2769c364b660eceb03819f2aba0fb

SHA512
eb971952b2093e158e4adc23697e9adfe2d273b82cc97f809f42257a448734be4c0e582bab735a237c3b71389403ecd3f0e501a7e779391d5a3a62ac3e588753

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b1c3757a01ef22ceccb820c63e74f1e9

SHA1
a6ede71d07b5027de43ec283f529ae5824dea5e0

SHA256
cb24ceaa0609df97f3b16a9b640c20416ee7c1304ac55b4a0d028248d8c81cb3

SHA512
31869c5d1172635e83e292b9e12ac40b9c4cab59eada50ab2422b8c66379b439227629d33e22558486df20504e618757ac0d12f9002b59a1778171bc9783946c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2870ec8a74d82b58b9f43b1707509ced

SHA1
b52e7228f202e11907a14066a3d3bb19897fb64e

SHA256
8755df3f8463cc56d322637aafaddd59d7e3048935ff2559054c17a58ee813f5

SHA512
069b5a72205c733f125d16db35fad83bf5c01481c68603bd86a1b417bd918df8a3a08b0ebfa7f62ddf74a9b55fb7e8ef8cb42ca2a5b9ecec0d0c798eb179e887

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
0f3d70d29f2e62e7ccce3e24b12cfcfa

SHA1
0fa13ef9196cf77352285e4a6eee2e7aaafede78

SHA256
4efff1aea4f4e887fca0eab00624885a20eecc50b5b68cffaefe0ac608535822

SHA512
acb16f8f7f5dadd7c4da26d0c27ebf59163c0e22dfde429e415d2017278f1cf69e451741922e6a9df5bd3278176f46b558f90f9b31b0618251a19178bc90d260

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cb0152a543caf8b7f9da101c809b7892

SHA1
792a21ac9db7b5eb28ddc2582f5745a617000aa7

SHA256
944da1add63f60b21e4bbd876a3d33dd9645917413aeb95f60be045ce85cd356

SHA512
895191ee09caede6a2e24540d60987cac58f78ef6fc87402cfb800d74c12fb1c128a847e5887bfbdb2ea5f757ac00a7f02499f697409085ffe56aecbcb59a119

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5a65fd82ebd22fc5523de833b854cf8a

SHA1
973d1cda6816dc95d617f6f804360827a38d7771

SHA256
3dab9516891b7312b78f7249f5eddff67fad440b544bf56fb301bfeebb2bb589

SHA512
7dda5d161ad95369c01e006a9d107b8c629b5b9c5d6adcaa1e889dc654e1d5b8f8bbcd1155628f074ebbe28324f267297c61f5b9bfa6d158ceb3c45fd72b9001

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
36c3a78c1cf9ef05a32fc87001d79730

SHA1
277026f155346278ceebc27acde293c2432dde03

SHA256
ad9f92c0796d3c24e1d2c0c5a664301d9a7bf92fe97a284df2676461d97f140e

SHA512
ade90365c6b6126d7e2badc35d0d5bab63e0e15a4146dca9aed03e17ba219a4168c24e42bba2194bde499a4137101ad39cf6df9669fc65bdef5922fe97abb0bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
8d0756fe372e8dd2bbf45355c769f30d

SHA1
ed437519c05e4c34a76a02a99f3ec061c9564467

SHA256
ada61a3872750ac23278bf82d8af643d9ee795edc30b24484f3b117f92394aa9

SHA512
9c64bd038160b4457872094befdefbb497ed0e32d88b890fd0095994527b3ce22dc0341d11aabee7e9e394999e9f14ce2575eee41fed80a64dbe215f681166ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
d77539f16f852d1d449901dd5df00dcc

SHA1
d1883399b774912f15f42bd457865e8bc4e50e07

SHA256
00af587c5a4067ac0edabb1493c0aa667c45e6983735e42198096c0fecfbc9bf

SHA512
97733e876a7d00880ed4d870eef2070935e747c66b024c6a7e51da6a5e863442acb2bd0431f1065233d766a17db6eed7e0fb1c29e8b70cb1bb1a1945bef0d47a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
1988d2ee9d8d140e6391955d91be1f33

SHA1
8bc12b9c0e1260137a5820b64fc4ae1f8959298e

SHA256
b2deaf1d85e2966d81a446a28b93c4071a14f502a6cce5121c1defd13ebf2780

SHA512
a1404ffd3dd36dc20ca618d35d663623f1f102b9ca3a31cd1da45a2c977e1e79f50d74471cc7548bb7cffd27a2aa34c8cd0f1929e0ad83b26f7c20bae3d0c43b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
8cfead4013067013b2e2d8ca4ee1e616

SHA1
2568f0cfe9e88b29041c21b2169c701921e27862

SHA256
9013d278a9023d1e616c16396ea2a11d105c8add3bc4f00aa5a0dc658f2e0c20

SHA512
2cee50968d095f196618d8318fc4f93be9e7eeb49fe9e28237fc6817ae3828043ca3360dead972032cda2b7ecc896cda1cc7392bff47cc8c1ede6b33fad93fd4

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 251507.crdownload

Filesize
214KB

MD5
f32e47eeab5658904b67a491c4c08a39

SHA1
11661085721eaa76651e7132f4e4ff36722f7ea4

SHA256
0bda73349659b682a08172de94196235b902784d74457d3cd837aa47f16144f8

SHA512
7ce6a0111c55ef9403d32d042e333baeb447bd72b8964b3b96fd31639c4d3a9ded955645f89e78921887dc36d5bb9277e2072c70fd03d49dd7a2d3484abb1c45

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 563515.crdownload

Filesize
700KB

MD5
2616e7ec2d6c4b86a7fa1f4a762ae918

SHA1
e1bcf36ed2f7a60dd0dde52abf11c942e2657e31

SHA256
23c2ebc8f9bac96b2fbbb9b00b457c48d65a9f66ec24fbfba339eeefd0539ad7

SHA512
a03b7de67567f42ac71c9e23f8cb6846a64029b5654789a868e4a1116799b91e2529e88fbb4c9bb0953d857c9a6aed3dd3ebb8f7d00d1adc6220b7e9071288d3

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 567760.crdownload

Filesize
5.5MB

MD5
eaa5207750d5fc8204170ec6bda64cca

SHA1
34828c5aa252a5e83127d1185edcee869f611567

SHA256
1ed69b65f453f2f8363a8988d0b069c66c045cc28232dfd2935dddbd9fcfe011

SHA512
23f20623953094a56bb8367b5ce8de218710cb1f77c35be16a2241d544b917f5936331d442b85fafb7ed42512b5bbe57e374bb1e944ea421a114f3e9ed16f3ae

Download Submit
C:\Users\Admin\Downloads\a.txt

Filesize
1.0MB

MD5
4e05fa47a4cd80b224b2e36159fd10f1

SHA1
eba1eb091be22ea64153ca5e02fd63e186cc5ef2

SHA256
5d18f98241f4883d775f865eacb4cef493554e80c2b47114f8a0de0a00d916ab

SHA512
2574ee873b1f29b6c7c5c2fd8fc406d04dcd58c63a0c18977e7f98ce3c4cd11491c4a82a29524fc0b05f96751ae70a9cce0d4307395b8208008739d959a14816

Download Submit
C:\Users\Admin\Downloads\test.exe

Filesize
11KB

MD5
30ac4fa491a16c47cbbaf20bae713508

SHA1
de387e96336483838496797efd7fd63ecd724c0f

SHA256
d36a0c15de9512acb9909457e3aec20ce2b9004b6c37b7ce04610a3dee4e5a95

SHA512
5a66bd09390311063f2a185f39efa26f862d09d05402568810c468fd4f1f328ba42435ce9ce3e0523598af6bd030992d99a31ba09d7e74f40780e03c2c9f91e9

Download Submit
\??\pipe\crashpad_2700_TRDMXQQQVAGLXJYA

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit