hxxps://drive[.]google[.]com/file/d/1AB31C9U0yX9EuQhuTqNuvbhmFlV92EKL/view?usp=drive_link

Resubmissions

27-12-2024 23:39

241227-3nnn2ssmbn 6

27-12-2024 23:36

241227-3lr9fsslhl 6

Analysis

max time kernel
165s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
27-12-2024 23:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1AB31C9U0yX9EuQhuTqNuvbhmFlV92EKL/view?usp=drive_link

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
8	drive.google.com
10	drive.google.com
11	drive.google.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133798162054633271"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3442511616-637977696-3186306149-1000\{7B9A54CF-A147-4C0D-A098-EB75BB0357C1}	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3348	chrome.exe
3348	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
660	Process not Found
660	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe
Token: SeShutdownPrivilege	3348	chrome.exe
Token: SeCreatePagefilePrivilege	3348	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3348 wrote to memory of 2428	3348	chrome.exe	82
PID 3348 wrote to memory of 2428	3348	chrome.exe	82
PID 3348 wrote to memory of 768	3348	chrome.exe	83
PID 3348 wrote to memory of 768	3348	chrome.exe	83
PID 3348 wrote to memory of 768	3348	chrome.exe	83
PID 3348 wrote to memory of 768	3348	chrome.exe	83
PID 3348 wrote to memory of 768	3348	chrome.exe	83
PID 3348 wrote to memory of 768	3348	chrome.exe	83
PID 3348 wrote to memory of 768	3348	chrome.exe	83
PID 3348 wrote to memory of 768	3348	chrome.exe	83
PID 3348 wrote to memory of 768	3348	chrome.exe	83
PID 3348 wrote to memory of 768	3348	chrome.exe	83
PID 3348 wrote to memory of 768	3348	chrome.exe	83
PID 3348 wrote to memory of 768	3348	chrome.exe	83
PID 3348 wrote to memory of 768	3348	chrome.exe	83
PID 3348 wrote to memory of 768	3348	chrome.exe	83
PID 3348 wrote to memory of 768	3348	chrome.exe	83
PID 3348 wrote to memory of 768	3348	chrome.exe	83
PID 3348 wrote to memory of 768	3348	chrome.exe	83
PID 3348 wrote to memory of 768	3348	chrome.exe	83
PID 3348 wrote to memory of 768	3348	chrome.exe	83
PID 3348 wrote to memory of 768	3348	chrome.exe	83
PID 3348 wrote to memory of 768	3348	chrome.exe	83
PID 3348 wrote to memory of 768	3348	chrome.exe	83
PID 3348 wrote to memory of 768	3348	chrome.exe	83
PID 3348 wrote to memory of 768	3348	chrome.exe	83
PID 3348 wrote to memory of 768	3348	chrome.exe	83
PID 3348 wrote to memory of 768	3348	chrome.exe	83
PID 3348 wrote to memory of 768	3348	chrome.exe	83
PID 3348 wrote to memory of 768	3348	chrome.exe	83
PID 3348 wrote to memory of 768	3348	chrome.exe	83
PID 3348 wrote to memory of 768	3348	chrome.exe	83
PID 3348 wrote to memory of 4192	3348	chrome.exe	84
PID 3348 wrote to memory of 4192	3348	chrome.exe	84
PID 3348 wrote to memory of 4860	3348	chrome.exe	85
PID 3348 wrote to memory of 4860	3348	chrome.exe	85
PID 3348 wrote to memory of 4860	3348	chrome.exe	85
PID 3348 wrote to memory of 4860	3348	chrome.exe	85
PID 3348 wrote to memory of 4860	3348	chrome.exe	85
PID 3348 wrote to memory of 4860	3348	chrome.exe	85
PID 3348 wrote to memory of 4860	3348	chrome.exe	85
PID 3348 wrote to memory of 4860	3348	chrome.exe	85
PID 3348 wrote to memory of 4860	3348	chrome.exe	85
PID 3348 wrote to memory of 4860	3348	chrome.exe	85
PID 3348 wrote to memory of 4860	3348	chrome.exe	85
PID 3348 wrote to memory of 4860	3348	chrome.exe	85
PID 3348 wrote to memory of 4860	3348	chrome.exe	85
PID 3348 wrote to memory of 4860	3348	chrome.exe	85
PID 3348 wrote to memory of 4860	3348	chrome.exe	85
PID 3348 wrote to memory of 4860	3348	chrome.exe	85
PID 3348 wrote to memory of 4860	3348	chrome.exe	85
PID 3348 wrote to memory of 4860	3348	chrome.exe	85
PID 3348 wrote to memory of 4860	3348	chrome.exe	85
PID 3348 wrote to memory of 4860	3348	chrome.exe	85
PID 3348 wrote to memory of 4860	3348	chrome.exe	85
PID 3348 wrote to memory of 4860	3348	chrome.exe	85
PID 3348 wrote to memory of 4860	3348	chrome.exe	85
PID 3348 wrote to memory of 4860	3348	chrome.exe	85
PID 3348 wrote to memory of 4860	3348	chrome.exe	85
PID 3348 wrote to memory of 4860	3348	chrome.exe	85
PID 3348 wrote to memory of 4860	3348	chrome.exe	85
PID 3348 wrote to memory of 4860	3348	chrome.exe	85
PID 3348 wrote to memory of 4860	3348	chrome.exe	85
PID 3348 wrote to memory of 4860	3348	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/1AB31C9U0yX9EuQhuTqNuvbhmFlV92EKL/view?usp=drive_link
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff952c4cc40,0x7ff952c4cc4c,0x7ff952c4cc58
  2⤵
  PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1928,i,8865509632859788754,16254878090792583374,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1924 /prefetch:2
  2⤵
  PID:768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2168,i,8865509632859788754,16254878090792583374,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2536 /prefetch:3
  2⤵
  PID:4192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2216,i,8865509632859788754,16254878090792583374,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2584 /prefetch:8
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,8865509632859788754,16254878090792583374,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,8865509632859788754,16254878090792583374,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4408,i,8865509632859788754,16254878090792583374,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4524 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4780,i,8865509632859788754,16254878090792583374,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4788 /prefetch:8
  2⤵
  PID:3468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4820,i,8865509632859788754,16254878090792583374,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:1796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5528,i,8865509632859788754,16254878090792583374,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5260 /prefetch:8
  2⤵
  PID:3712
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\epic book i made.vbs"
  2⤵
  PID:2984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5164,i,8865509632859788754,16254878090792583374,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5664 /prefetch:8
  2⤵
  PID:532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5552,i,8865509632859788754,16254878090792583374,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5292 /prefetch:8
  2⤵
  - Modifies registry class
  PID:656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5824,i,8865509632859788754,16254878090792583374,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5844 /prefetch:2
  2⤵
  PID:1840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=6252,i,8865509632859788754,16254878090792583374,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6200 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3632
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\epic book i made.vbs"
  2⤵
  PID:2324
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\epic book i made.vbs"
  2⤵
  PID:4052

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2912

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4056

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1568

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\epic book i made.vbs"
1⤵
PID:2736

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3ac 0x4fc
1⤵
PID:4692

C:\Windows\System32\CScript.exe
"C:\Windows\System32\CScript.exe" "C:\Users\Admin\Downloads\epic book i made.vbs"
1⤵
PID:952

C:\Windows\System32\CScript.exe
"C:\Windows\System32\CScript.exe" "C:\Users\Admin\Downloads\epic book i made.vbs"
1⤵
PID:3632

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\epic book i made.vbs"
1⤵
PID:3680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
44d22c31ebf2d16257a1251c63ce4403

SHA1
ea309070a22bcf05dc99677bb3f664a648add3e3

SHA256
af21c89a80fafbf0edea8fa5a3a32d1fff8c504802f29ad5f858341586dd81dc

SHA512
cd03d8762f5e7e853f0e3393e8e65ae5c910b79022aef9004c28879335a92ea2b45a3f65dd8682dc042b243d2e3000b476650465449b4faeaf688d5c1f0dfd21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
38KB

MD5
300ab1d3d1d01c71825202e5cbf514b6

SHA1
9bf3b940af192a501b9f6e1b988bebee5bdd01db

SHA256
c9901d0166e1832e564f7eebd860ab37db44c88aa61b3dcc5ba1d5ee3b282598

SHA512
4f8b3839db58fe596b66be553c193c4cf836d49be068c6ccb485f63729ceed5e06a405b6c1b41e6a3c106585fef47b805311e64042652d0e2deeea2cad01e602

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
106KB

MD5
e901d7bb6735738e7143047707d8dcab

SHA1
d7f66dfcb2075b62a5633175b432ef6828916edd

SHA256
4160c0ad721a94195b15351a67d7080ab2036a4079d56de604965b33c36e0b52

SHA512
9fe0aeeba5d1185864e076fa6c42ad8c2614f115283104b96469bfd470c397311706593996e02de773d96589049b1cd03342c54684b40dd21cfdc7d2b9f5d473

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
33KB

MD5
c15d33a9508923be839d315a999ab9c7

SHA1
d17f6e786a1464e13d4ec8e842f4eb121b103842

SHA256
65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98

SHA512
959490e7ae26d4821170482d302e8772dd641ffbbe08cfee47f3aa2d7b1126dccd6dec5f1448ca71a4a8602981966ef8790ae0077429857367a33718b5097d06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
431KB

MD5
98e4a98551c823aa75c9bdf2f0d289cb

SHA1
030c2f1f11ca13679c7047493c6448106293e1de

SHA256
4b42c237624743578e190fe676c0a1b253091ac027584599f5cea54bcc84e196

SHA512
bac9fe8f9842ba0c31ed3fd5293f658fc55cb513baa439da63b31bd7f0ef0f82494219cc72769b9e4ec981aba1a107f14452ca7d0cb44a96c3fdaf574bee24ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
159KB

MD5
7f2e1b48b71ec58fda4539018a2f56cc

SHA1
507bf81f52fa8c99bf2c5c8bd59a981899ca9995

SHA256
7f80c4c91054b3d6c80721939242c2d4f68f15e41f251e12641f695d78eb2f35

SHA512
dd7b52119d1179332147984f6c7d8cdcb3388aeb1e8af708ef9036acdde6e7b3900acc965221f4e4864dad89797072e19e5b308cf065a65dda7656be884cdd77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
227KB

MD5
15c96b3a854769befdef92a4adb1ab0d

SHA1
a1e7a977670c4ebc80279f8669bf8a00989c7fe9

SHA256
b1c44063e9e3fd49af401ac0bc76dbb9c5b059018d43d1e29709e72f3a8a2a6f

SHA512
72c331f4bdb676ac345f864c203be8c40d5254b0c520f175cb5d007675bfea6e8da281b713c1ed64a69b4834f121d18795191f9f3effa9f2ea09faaba819b1d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
165KB

MD5
ec63ba24e1c574dd56976dc1dbc4ed06

SHA1
fef7df7c469def5b8f03a81e5ef5815b33658f8c

SHA256
797fb79612eb481a8c58468e01efac014c32e9d27036144e84a6003880335d20

SHA512
98c9f25e632a0c3b60450ef7d979d92348229dde9cd16ae977d1488202ae5ef7f9cd2b0a9f98be044c93a136cdf69c449bdabe2256aea95d31c8618c78d94574

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
1408919053c0a879a3ae8181a2e017a4

SHA1
5b5becd523acba13c2afdf3e7f2fc5fd855cd698

SHA256
76de336a038272de72748f59e19024d6eb55e8a56f26c079b74f033f98fdbac2

SHA512
dd6932d13c9b2444cc980fed3c5b2fcc45b8558dc5e6d773e1da50825e1886290b6a51ef45e5f98d839e21f2955da2c92a3e492a92d6d9bc994677287ff5b7d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
8e908c684d0563b444be6b72466d8e8f

SHA1
5398e04fea32bc82773a0744d206a5977cee9d88

SHA256
c543d795b9083b32fd7df8254b9e66e033c5544e898fac2bf895da768f5f4358

SHA512
bc72d5bf0247ed6fe509f8ca6127a0937869549ab6a274f3a89b747181f7fe32bfe353e0c05b08bfc006262cea8f70a60f617bd394875be892247295c76a72b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
5a13b907ea90a84663e76a5842232d57

SHA1
6dbb6986e7cc97a27fb35b9c17cc3a54414a5563

SHA256
ec3bd67a1bb4a94be0caa1f5ac09f38881b0efd3b0571275ea135dceb17622b5

SHA512
3c4b2ef9bdd384b5296d2d29ab361574fa146014d87504efbb3bae178c857dbd48ecaf5598c0e219deac96ac376ea800cb230cd559d5b094a969996db9a742e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
5872686282790a1b314d2001b481a802

SHA1
296a4206e2c3532f23b440e47330d16f76dd614e

SHA256
acd590c10795d6c3ff2ea96e69a622d7af36dfe1aefddd76693e5acbc98ee231

SHA512
90b7b34d9402677d63ca9d6c6cdd2d60bebb0009ec6967206dd2cbfce96ec628be54a81e161c211846f545ec12eb7d963e7b5b127cca9d244c7f6994e24142d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a03016efef7ce724c0ab1115ecac7784

SHA1
6bc1774d9b447e4abc7cc2ad46d60053ed5cef06

SHA256
608f03f38c6f8eb0de982437a80c3375fafdad28ce66f6f82ced8a20f9494dbc

SHA512
f42f1e3770fd33a043974adbb78e9187e1a914d7cbb09a9bee1cb9009b102a437a65bc2cc793e5816fc38a427b74bc5b005ae806668fe0dec4916db76efc5cea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
d2fc58bba12fd97ee1291aa51bbef393

SHA1
fca790e0ae44bbc904f64c9fe2e5122810d3fe2d

SHA256
5e78f4afd36e087ae2e2d2db2a77f731231c8e0481ce1c711761afb3ff5c86ab

SHA512
d53123861c655dcbc8f6fa562d7878cb6bc039391aab4b5880f6d0a37968a3b1c2d093bc4c2d5427aba7afbba921524753f5b334d5be0b7d9a8dbc351e728ed9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1023B

MD5
82a401acc2b0534735ab5a24c66345de

SHA1
646420596f0a4bd4426025393c4aa7e1d63a83eb

SHA256
b31b4920a68443cb50b49402c598e0c9191d3425d1ce3b462a0981d19e5a75f3

SHA512
046230ad63b54f7ba95c23f910a09a55ac39212369febd882a1d48c7fc357e0d32002b51e51f055fd86c202b6eae29fb9c2080b56ec5bd39d4eb4e69dd308939

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1023B

MD5
b43e19d61cd473ee35c1fd8d1221ea80

SHA1
370667c3c9650842828e411ffd05bf280c753fd0

SHA256
ff2e8be254fd15b20f4b83a3ee27509faa9597f34e5645715740010908475d9d

SHA512
9e35f5d6d256592733e4c9154299f57fa421b61e865ee7d374cc3af738db9b388f4f3b1e4b3badfccd51b27e20d0723e862e29dfaebcb82976bb1721395378b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
5d531f25384c8a3d1be9a1f086cc003a

SHA1
217d0d3f31c7611d08f8b9217969eb75c9e1633b

SHA256
ec011c6c4c0a32a046c9ed56af1aff9d2a16a3e30a923a2dc6f6f9757418fb59

SHA512
1961424189395f717d22e86abdb5e0a8c4029db8ad2fca43245dee34b84b8e100f7891820d9d02266d7f9ebf02c68e12d0bfd3cd5d5fa0ace50469a6ae8a5e26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4919479a6ade979bcf022ac176345c70

SHA1
0e30be0a6b57bd86e8892868484480ea68929741

SHA256
48b9829009ab6ac249d05304b27f89f12d96302a9dcb400adad4cc2871455bf3

SHA512
4fb825169c11dcdc9c71a31d1e0876cbdfce5ac52be8121783a228a05f03f6bb8401c3e98b9f106b9272daf6187c508ec7f9c2993a8d27c59668e527cdd6df85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
05e345ce524f5908a4e9c102378036b4

SHA1
211b8a1f1b7be000f20eac49534bdb299b972cde

SHA256
9daa236032b0efa00dddb165200bd04962c99d51bbeabd670b1e5947c4a8d9d3

SHA512
bf725f958e30b19d444b3e6513947c162588dfad036c85e8317789c223e9ee8f8883105bed2d8e0ef3298c5797d61f8abec636837a5b27c2d69d96cd351aaad5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
cac23e399edc670f4e71abdc847642a0

SHA1
1f48b23d0fc79e0c6de80fb1f6febc2fdc5eef8f

SHA256
de6d3107bc7e0a76da6c44f8d45f1a2f496ca0b8c9d7c8156cd4da4000f0d026

SHA512
d7b67d46d32ce6f44696711ec8c449a208c87e44a51f6947f51f24534296410e07627075f77dd96d4b4fba52bdaa5e5c8722416c0228dbd09e2c0f79a668f9b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
8aa8fa325032ce866807f73c87cb44ac

SHA1
5f2e87a70259d7de4de7774d1471cd3aad2d6801

SHA256
42ee5688613a9ad0e6f7f3ebde4577c8065a8f994170f708943215ae0e616664

SHA512
a49d384589fce4bc53a7fe1348f72960bf53ac74b1e2e6fe2a6fd579e2c327c632261f839484f1c394cace2b4bb976826aaf65ab4f0b95b6c0592ddd36836335

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
20a5067983de4cddfd7f483f5eeb7669

SHA1
22453d8bdfe52b107c1194b80324d9726d81b792

SHA256
805284ea2fd37e12b06024ddeefb2176ef8ab99f91f1f91c1cb3a3c56611fcc5

SHA512
485730e25f86490422a6485ffc679ddbb0fce359665938e0552bb424236eff7b477066bfbf52680b10c98501b7310d2cea3a4b736952b8a1232ddbb64c747530

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c818c41c2241d9669267ed4bcf8b8509

SHA1
017f76395e3f641f4b8614365b43832fe58f4a07

SHA256
1e4c2b17af4f6d27f2971d37c0f11740cb71b8dd69cf46c85be36f96bb946a21

SHA512
c6b0019f02e8e935f733a7e2144db1fabe9863793b18a511e81bc6f99672d8c07f37a7692aea86853142655221c4dfc54622169ea1277b2c138cd6aa9df71814

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
60fa9e0bb56f5ab1ef46cb5428d22d21

SHA1
2ef68925b646d9b22366a92df2da919f64e85497

SHA256
57bec0f834cd233bc8efbc6e5ac4d88f017f6fcde16690d9c82e6b2cdec504f9

SHA512
1882733b61a13756011c4188e88e80c99bc1803a6372cb6d9bdac6d99609df9af40af26b260d475d00df63b8848c1abab1d25e3af7cf39616852fb43a36bf037

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a255c98f4f05c459b1b9be6736a95c00

SHA1
e90d8940ff9694b1c1d685cf640bb684c4404c45

SHA256
bb6eeb50f58884cfaf9726f42d27861650df9e1232e37059bf4ae5b240060097

SHA512
3c7346de895cd816887456f231e8db262fe90ce9a7620ce88cb2f9654d67a9ae405489021cae97216003d047492863fbbd1f93ff7d4939414ce227393e53d1a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fde2f9785c94c9328f7009a9ccc6b2e6

SHA1
054aa08487123687ec92d2e7c33a9b9753494d07

SHA256
354e2054b87eb41403625e8dc2c709bae0c2f3383b89838d14af86248edeb557

SHA512
2caefc478fcf7163d5bedcea4d5e3199359710363ccbd2a6b93d428bdf48a859aa9180f1d10eeb31f86249692c23f4d55980c2307f98e6c98d060f36cc618851

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
75c44c3f1b433152df3a835fdd8a2dd8

SHA1
dc04f105e05f181f2abec6db89cda6f77a71e752

SHA256
225e89a0f31bc4da1d537f595d7ca2d5b1e4dc5a873fbec5f32e219e7cce3e07

SHA512
465e2618ee24e1cce04786cc299dad4d56d66e78cbf608308c5aaea693af44890bd0c1d7d85862377fac1ce4734342d9f25dd65f524b382e9fce70ee57b9aa5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ff731024329d691eecf36ec824ff15a0

SHA1
9394c3cab3e0411b6e9974df4b5d1a9a30bdfe29

SHA256
9147184d84b81df04bfb520920f6873e09576f15e972416a9ee3d2d729037f49

SHA512
0110ee9a480c27dea8c756f29f542021c964aad89a29621058e616146f9ae5e141937bfb6a9a90ca45a1de74f08eca67eff761de6f58a566c224c116f0d271ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
c29ddc181601778dde96bac704a63319

SHA1
28fe2e46037d53e69342ba87e9bd4d63c2e92137

SHA256
fcf7a0a5dc13162a063d15188487b14d41d8e67885c58bb8c67303d12931dad2

SHA512
55407fe830e2f4b7d95067b9cbf4837855b5ce1c32ddbf2597862207725aaab8e977a51ad21d51bcd58682296d3fc6ee656333fa2d7759db9122f10d548883b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\f278ba7242a4b0474c6478429cbbac36bd73e18d\b740197b-6fb9-4100-8c4a-605e1e955408\index-dir\the-real-index

Filesize
1KB

MD5
a1dcd4a2d81ca6cb7550b04b2f200698

SHA1
c7a76f66e46acadd22f3f585be48f5cb4c0c5967

SHA256
266f65eed1f1f7724994e20c1f3609acfb1bd8ae741bfed239df7ecc3797cd73

SHA512
79c840c78d62f23b8a830b081b74844853f88cec2ad3febb62cb66ddcc76b1afd374b5cd1ad92858ac5c33257880749f8a4919b8c1ced779bd5ce7190f9e9e65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\f278ba7242a4b0474c6478429cbbac36bd73e18d\b740197b-6fb9-4100-8c4a-605e1e955408\index-dir\the-real-index~RFe58f298.TMP

Filesize
48B

MD5
ae21a3610f1216ac029df27dbb879045

SHA1
a9710b5b2c8baae0e792f3bcb0132a9cec315e06

SHA256
274b87660b23df90a1f821c46fdc1559f2b7afca02366fa7e244cced4eb1c01e

SHA512
3563ecb3718e89a4cf03f3f7d82cedbad4c8918b43c44883fe139e72d9cf665524faea95976fcc3d8bcfea2cbfb4793cfe99e93e3cbb1d033ab795bbc1137143

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\f278ba7242a4b0474c6478429cbbac36bd73e18d\index.txt

Filesize
164B

MD5
5ddf7f0781a4b94c79fcf0b7fe6bf6f7

SHA1
ad211952e5a154277dcd47b4c72bb2a046baca0e

SHA256
954ed54d433c539b6514ddf71fd5abd2cbaed3d1fd72080114325ea58aee094d

SHA512
9ea83d8b4b65e3bd4f3e48fe16053eef8282737ccd8f1d850887592205556904e9c0931c0ae72878ada47783360b0b190cb9bd0a263efd70c2c8ce4d0338e1fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\f278ba7242a4b0474c6478429cbbac36bd73e18d\index.txt~RFe58f2d7.TMP

Filesize
168B

MD5
62a320b0998b6d12fd3f8c59c5a5fa94

SHA1
df772b665c0715865efaab5bd0c04766a6645d12

SHA256
ab7a6c5b72a34a371ac7e9e5fa70ea9ba001074067860b5e96dbd4907cf8b7c9

SHA512
30683a12d01fe99926285693c43feb12c28e4a9e97b5c97c5fc593688f024c1d7d3fe032647e0a256a921e4f18f5417c7c28f8c46e908b78f800d3298ca1f165

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
052d142bd32b6dad6496f6ad15ad7788

SHA1
dcebf44fd422ceadf1d706c67432dcc50a40675b

SHA256
a930d868e3640733e015576ac03598c9a2da59904e785c7ef518fb9ae8a08c18

SHA512
f884dd810d90e7f057e90667f4736a53e41c8f14d157326f0c46b1d7918ba7c75893c1f466fce2aa52376ab2bdf11ed019d84ed1afb1e3b1ee38d71b64345327

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
9992aa0dade2e727a316093392c344e2

SHA1
b1a92c1e8f6a064f4bdb75ca5084fe5271cb7a2d

SHA256
d55ace688b7a8f230c6735293bfa14b46caac6fa35f654d6867c0404c9542206

SHA512
356a337d54a5be607dd6d72f7f0168343528636e1c6a8de2d10ba8c124e99e0520e2f1cf7d982faf69f2bc3403c1bc4887b2905bdf7d158f7d7f662e9b73a504

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
d96116cd63af009d73e72bf2562b6c5c

SHA1
1b190215902f3b045306f3a02841087843e2ef3a

SHA256
15e94a11fdcadbd51e8f3ff5965e8522ffe135e40adc9fbe4cb05a98a1b8c6e6

SHA512
0a10191e33e0bfa721d4ba2bc84058d34e693015ae2b1aa01a4fdf67dad012ad3bf7d9a24bd5f3a9dabb99b448f32075446e79517a2e078b6d38e2c075b0e303

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
a9a3c280798f68ec7cfe3f303fb9854a

SHA1
617e0e4779067b4e11f594f85e53fdfe7bb7254a

SHA256
06b66f03e66b6ef72e523c258d21ce179a5f4a625b3a9115ba99a453e6135945

SHA512
10fa40a0542545af1524b8c3a0c73f625c7518c5a0849629cdbaa6a467e83f0d0d82c13800e2a34a23eb7bf28e2ac483e33fc3d13e70eb2bc08ccfad1979a1f8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\epic book i made.vbs

Filesize
399B

MD5
632c5134e02042b6b69df095ac16cb0a

SHA1
300d16b2857889967a243ec2c7bdcf2b3924d73c

SHA256
cc0f1c4fca89a5930d7c38a5645bd9131dfe9ba34d0951849810f520f1374380

SHA512
d495f8259489b4910dcf04335bed2000a427f2a354abd335f9c808280f40162909ceba917773bd47848b6f9f67a3529b86823aaaadb1291eb684eb9c2fb43291

Download Submit