crimsonrat | hxxps://tria[.]ge/dashboard

Analysis

max time kernel
899s
max time network
898s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250217-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250217-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
18/02/2025, 22:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://tria.ge/dashboard

Score

10^/10

crimsonrat agilenet discovery persistence rat

Malware Config

Extracted

Family

crimsonrat

185.136.161.124

Signatures

CrimsonRAT main payload 1 IoCs

resource	yara_rule
behavioral1/files/0x000d000000027eb0-892.dat	family_crimsonrat

CrimsonRat
Crimson RAT is a malware linked to a Pakistani-linked threat actor.
rat crimsonrat
Crimsonrat family
crimsonrat

Downloads MZ/PE file 6 IoCs

flow	pid	Process
123	2564	chrome.exe
123	2564	chrome.exe
123	2564	chrome.exe
123	2564	chrome.exe
123	2564	chrome.exe
123	2564	chrome.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3524754987-2550789650-2995585052-1000\Control Panel\International\Geo\Nation	AdwereCleaner.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3524754987-2550789650-2995585052-1000\Control Panel\International\Geo\Nation	CrimsonRAT.exe

Executes dropped EXE 10 IoCs

pid	Process
3648	AdwereCleaner.exe
5188	6AdwCleaner.exe
4448	SpySheriff.exe
2768	Lokibot.exe
2944	Lokibot.exe
2160	CrimsonRAT.exe
5100	dlrarhsiva.exe
4696	Lokibot.exe
5572	DesktopBoom.exe
2512	CookieClickerHack.exe

Obfuscated with Agile.Net obfuscator 1 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

resource	yara_rule
behavioral1/memory/2768-787-0x00000000015C0000-0x00000000015D4000-memory.dmp	agile_net

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3524754987-2550789650-2995585052-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdwCleaner = "\"C:\\Users\\Admin\\AppData\\Local\\6AdwCleaner.exe\" -auto"	6AdwCleaner.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
122	raw.githubusercontent.com
123	raw.githubusercontent.com
174	raw.githubusercontent.com

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2768 set thread context of 4696	2768	Lokibot.exe	142

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AdwereCleaner.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SpySheriff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Lokibot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Lokibot.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
behavioral1/files/0x0008000000027e7f-405.dat	nsis_installer_1
behavioral1/files/0x0008000000027e7f-405.dat	nsis_installer_2

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133843915469907023"	chrome.exe

Modifies system certificate store 2 TTPs 5 IoCs

defense_evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-3524754987-2550789650-2995585052-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\8AD5C9987E6F190BD6F5416E2DE44CCD641D8CDA\Blob = 0300000001000000140000008ad5c9987e6f190bd6f5416e2de44ccd641d8cda140000000100000014000000daed6474149c143cabdd99a9bd5b284d8b3cc9d8040000000100000010000000ff5fbc4290fa389e798467ebd7ae940b0f0000000100000014000000c45627b5584bf62327df60d6185744a2d2f2bcbf190000000100000010000000e843ac3b52ec8c297fa948c9b1fb28195c00000001000000040000000008000018000000010000001000000045ed9bbc5e43d3b9ecd63c060db78e5c4b0000000100000044000000350034003500370041003800430045003400420032004100370034003900390046003800320039003900410030003100330042003600450031004300370043005f000000200000000100000088040000308204843082036ca0030201020210421af2940984191f520a4bc62426a74b300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3035303630373038303931305a170d3230303533303130343833385a308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a65637430820122300d06092a864886f70d01010105000382010f003082010a0282010100ceaa813fa3a36178aa31005595119e270f1f1cdf3a9b826830c04a611df12f0efabe79f7a523ef55519684cddbe3b96e3e31d80a2067c7f4d9bf94eb47043e02ce2aa25d870409f6309d188a97b2aa1cfc41d2a136cbfb3d91bae7d97035fae4e790c39ba39bd33cf5129977b1b709e068e61cb8f39463886a6afe0b76c9bef422e467b9ab1a5e77c18507dd0d6cbfee06c7776a419ea70fd7fbee9417b7fc85bea4abc41c31ddd7b6d1e4f0efdf168fb25293d7a1d489a1072ebfe10112421e1ae1d89534db647928ffba2e11c2e5e85b9248fb470bc26cdaad328341f3a5e54170fd65906dfafa51c4f9bd962b19042cd36da7dcf07f6f8365e26aab8786750203010001a381f43081f1301f0603551d23041830168014adbd987a34b426f7fac42654ef03bde024cb541a301d0603551d0e04160414daed6474149c143cabdd99a9bd5b284d8b3cc9d8300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff30110603551d20040a300830060604551d200030440603551d1f043d303b3039a037a0358633687474703a2f2f63726c2e7573657274727573742e636f6d2f416464547275737445787465726e616c4341526f6f742e63726c303506082b0601050507010104293027302506082b060105050730018619687474703a2f2f6f6373702e7573657274727573742e636f6d300d06092a864886f70d010105050003820101004d422fa6c18aeb07809058468cf81939662a3c5a2c6dcfd4d987558d790b12887b408fd5c7f84b8d551663adb757dc3b2bbdd3c14f1e03874b449be3e2404526f326492b6a84f1547ad442dafcd36abb667eca9eeae9bbdc07c7c3924e833c81499f92d53209ea492ea111719a36d2c54e68b6cb0e1b2516af6cde5d76d81f72b193268617db18deaf45e9dffb98af1418eda45ef6899445f055044addff27dd064a40f6b4bcf1e40f9902bbfd5d0e2e28c1be3b5f1a3f971084bc163ed8a39c631d66cb5c5fda3ef30f0a093522dbdbc03f00f9e60d5d67d1fda01e032bd940f7becc87665480a6a3b8f51962d5d226b19826ee9acb44a7455a8195151af551	6AdwCleaner.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868	6AdwCleaner.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 0f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b00000001000000260000005300650063007400690067006f00200028004100640064005400720075007300740029000000620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff2140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a1d000000010000001000000006f9583c00a763c23fb9e065a3366d557e0000000100000008000000000063f58926d70168000000010000000800000000409120d035d90103000000010000001400000002faf3e291435468607857694df5e45b6885186820000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604	6AdwCleaner.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 19000000010000001000000045ed9bbc5e43d3b9ecd63c060db78e5c03000000010000001400000002faf3e291435468607857694df5e45b6885186868000000010000000800000000409120d035d9017e0000000100000008000000000063f58926d7011d000000010000001000000006f9583c00a763c23fb9e065a3366d55140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff20b00000001000000260000005300650063007400690067006f0020002800410064006400540072007500730074002900000053000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b20000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604	6AdwCleaner.exe
Key created	\REGISTRY\USER\S-1-5-21-3524754987-2550789650-2995585052-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\8AD5C9987E6F190BD6F5416E2DE44CCD641D8CDA	6AdwCleaner.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
5824	msedge.exe
5824	msedge.exe
4340	msedge.exe
4340	msedge.exe
3844	chrome.exe
3844	chrome.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
2436	chrome.exe
2436	chrome.exe
2436	chrome.exe
2436	chrome.exe
1352	identity_helper.exe
1352	identity_helper.exe
2768	Lokibot.exe
2768	Lokibot.exe
2944	Lokibot.exe
2944	Lokibot.exe
2768	Lokibot.exe
2768	Lokibot.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5572	DesktopBoom.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
4340	msedge.exe
4340	msedge.exe
4340	msedge.exe
4340	msedge.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
4340	msedge.exe
4340	msedge.exe
4340	msedge.exe
4340	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4340	msedge.exe
4340	msedge.exe
4340	msedge.exe
4340	msedge.exe
4340	msedge.exe
4340	msedge.exe
4340	msedge.exe
4340	msedge.exe
4340	msedge.exe
4340	msedge.exe
4340	msedge.exe
4340	msedge.exe
4340	msedge.exe
4340	msedge.exe
4340	msedge.exe
4340	msedge.exe
4340	msedge.exe
4340	msedge.exe
4340	msedge.exe
4340	msedge.exe
4340	msedge.exe
4340	msedge.exe
4340	msedge.exe
4340	msedge.exe
4340	msedge.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe

Suspicious use of SendNotifyMessage 56 IoCs

pid	Process
4340	msedge.exe
4340	msedge.exe
4340	msedge.exe
4340	msedge.exe
4340	msedge.exe
4340	msedge.exe
4340	msedge.exe
4340	msedge.exe
4340	msedge.exe
4340	msedge.exe
4340	msedge.exe
4340	msedge.exe
4340	msedge.exe
4340	msedge.exe
4340	msedge.exe
4340	msedge.exe
4340	msedge.exe
4340	msedge.exe
4340	msedge.exe
4340	msedge.exe
4340	msedge.exe
4340	msedge.exe
4340	msedge.exe
4340	msedge.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
5188	6AdwCleaner.exe
5188	6AdwCleaner.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4340 wrote to memory of 4436	4340	msedge.exe	83
PID 4340 wrote to memory of 4436	4340	msedge.exe	83
PID 4340 wrote to memory of 5988	4340	msedge.exe	84
PID 4340 wrote to memory of 5988	4340	msedge.exe	84
PID 4340 wrote to memory of 5988	4340	msedge.exe	84
PID 4340 wrote to memory of 5988	4340	msedge.exe	84
PID 4340 wrote to memory of 5988	4340	msedge.exe	84
PID 4340 wrote to memory of 5988	4340	msedge.exe	84
PID 4340 wrote to memory of 5988	4340	msedge.exe	84
PID 4340 wrote to memory of 5988	4340	msedge.exe	84
PID 4340 wrote to memory of 5988	4340	msedge.exe	84
PID 4340 wrote to memory of 5988	4340	msedge.exe	84
PID 4340 wrote to memory of 5988	4340	msedge.exe	84
PID 4340 wrote to memory of 5988	4340	msedge.exe	84
PID 4340 wrote to memory of 5988	4340	msedge.exe	84
PID 4340 wrote to memory of 5988	4340	msedge.exe	84
PID 4340 wrote to memory of 5988	4340	msedge.exe	84
PID 4340 wrote to memory of 5988	4340	msedge.exe	84
PID 4340 wrote to memory of 5988	4340	msedge.exe	84
PID 4340 wrote to memory of 5988	4340	msedge.exe	84
PID 4340 wrote to memory of 5988	4340	msedge.exe	84
PID 4340 wrote to memory of 5988	4340	msedge.exe	84
PID 4340 wrote to memory of 5988	4340	msedge.exe	84
PID 4340 wrote to memory of 5988	4340	msedge.exe	84
PID 4340 wrote to memory of 5988	4340	msedge.exe	84
PID 4340 wrote to memory of 5988	4340	msedge.exe	84
PID 4340 wrote to memory of 5988	4340	msedge.exe	84
PID 4340 wrote to memory of 5988	4340	msedge.exe	84
PID 4340 wrote to memory of 5988	4340	msedge.exe	84
PID 4340 wrote to memory of 5988	4340	msedge.exe	84
PID 4340 wrote to memory of 5988	4340	msedge.exe	84
PID 4340 wrote to memory of 5988	4340	msedge.exe	84
PID 4340 wrote to memory of 5988	4340	msedge.exe	84
PID 4340 wrote to memory of 5988	4340	msedge.exe	84
PID 4340 wrote to memory of 5988	4340	msedge.exe	84
PID 4340 wrote to memory of 5988	4340	msedge.exe	84
PID 4340 wrote to memory of 5988	4340	msedge.exe	84
PID 4340 wrote to memory of 5988	4340	msedge.exe	84
PID 4340 wrote to memory of 5988	4340	msedge.exe	84
PID 4340 wrote to memory of 5988	4340	msedge.exe	84
PID 4340 wrote to memory of 5988	4340	msedge.exe	84
PID 4340 wrote to memory of 5988	4340	msedge.exe	84
PID 4340 wrote to memory of 5824	4340	msedge.exe	85
PID 4340 wrote to memory of 5824	4340	msedge.exe	85
PID 4340 wrote to memory of 756	4340	msedge.exe	86
PID 4340 wrote to memory of 756	4340	msedge.exe	86
PID 4340 wrote to memory of 756	4340	msedge.exe	86
PID 4340 wrote to memory of 756	4340	msedge.exe	86
PID 4340 wrote to memory of 756	4340	msedge.exe	86
PID 4340 wrote to memory of 756	4340	msedge.exe	86
PID 4340 wrote to memory of 756	4340	msedge.exe	86
PID 4340 wrote to memory of 756	4340	msedge.exe	86
PID 4340 wrote to memory of 756	4340	msedge.exe	86
PID 4340 wrote to memory of 756	4340	msedge.exe	86
PID 4340 wrote to memory of 756	4340	msedge.exe	86
PID 4340 wrote to memory of 756	4340	msedge.exe	86
PID 4340 wrote to memory of 756	4340	msedge.exe	86
PID 4340 wrote to memory of 756	4340	msedge.exe	86
PID 4340 wrote to memory of 756	4340	msedge.exe	86
PID 4340 wrote to memory of 756	4340	msedge.exe	86
PID 4340 wrote to memory of 756	4340	msedge.exe	86
PID 4340 wrote to memory of 756	4340	msedge.exe	86
PID 4340 wrote to memory of 756	4340	msedge.exe	86
PID 4340 wrote to memory of 756	4340	msedge.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://tria.ge/dashboard
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffd545b46f8,0x7ffd545b4708,0x7ffd545b4718
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,4940649933048194284,1905273404558003677,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
  2⤵
  PID:5988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,4940649933048194284,1905273404558003677,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,4940649933048194284,1905273404558003677,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
  2⤵
  PID:756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,4940649933048194284,1905273404558003677,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,4940649933048194284,1905273404558003677,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,4940649933048194284,1905273404558003677,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:2468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,4940649933048194284,1905273404558003677,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:6040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,4940649933048194284,1905273404558003677,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1768 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,4940649933048194284,1905273404558003677,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  PID:6064
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,4940649933048194284,1905273404558003677,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,4940649933048194284,1905273404558003677,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,4940649933048194284,1905273404558003677,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,4940649933048194284,1905273404558003677,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3936 /prefetch:1
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,4940649933048194284,1905273404558003677,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:5080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3908

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1724

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ffd4470cc40,0x7ffd4470cc4c,0x7ffd4470cc58
  2⤵
  PID:4496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1924,i,8726821903851990590,11326001046680199440,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:2320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2160,i,8726821903851990590,11326001046680199440,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2012 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  PID:2564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2252,i,8726821903851990590,11326001046680199440,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2156 /prefetch:8
  2⤵
  PID:4784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3144,i,8726821903851990590,11326001046680199440,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:2668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3160,i,8726821903851990590,11326001046680199440,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4580,i,8726821903851990590,11326001046680199440,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4600 /prefetch:1
  2⤵
  PID:1120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4700,i,8726821903851990590,11326001046680199440,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4712 /prefetch:8
  2⤵
  PID:3068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4548,i,8726821903851990590,11326001046680199440,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4840 /prefetch:8
  2⤵
  PID:5040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4504,i,8726821903851990590,11326001046680199440,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4844 /prefetch:8
  2⤵
  PID:5136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4960,i,8726821903851990590,11326001046680199440,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4948 /prefetch:8
  2⤵
  PID:1088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4756,i,8726821903851990590,11326001046680199440,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4936 /prefetch:1
  2⤵
  PID:2116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4984,i,8726821903851990590,11326001046680199440,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:4204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3252,i,8726821903851990590,11326001046680199440,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3228 /prefetch:8
  2⤵
  PID:2768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3292,i,8726821903851990590,11326001046680199440,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3256 /prefetch:8
  2⤵
  PID:3044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5116,i,8726821903851990590,11326001046680199440,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5748 /prefetch:8
  2⤵
  PID:4428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5180,i,8726821903851990590,11326001046680199440,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5884 /prefetch:8
  2⤵
  PID:3476
- C:\Users\Admin\Downloads\AdwereCleaner.exe
  "C:\Users\Admin\Downloads\AdwereCleaner.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3648
- - C:\Users\Admin\AppData\Local\6AdwCleaner.exe
    "C:\Users\Admin\AppData\Local\6AdwCleaner.exe"
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Modifies system certificate store
    - Suspicious use of SetWindowsHookEx
    PID:5188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5592,i,8726821903851990590,11326001046680199440,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5016 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5744,i,8726821903851990590,11326001046680199440,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5884 /prefetch:8
  2⤵
  PID:3784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5492,i,8726821903851990590,11326001046680199440,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5536 /prefetch:8
  2⤵
  PID:4236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5128,i,8726821903851990590,11326001046680199440,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5136 /prefetch:8
  2⤵
  PID:5256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5036,i,8726821903851990590,11326001046680199440,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5976 /prefetch:8
  2⤵
  PID:3264
- C:\Users\Admin\Downloads\SpySheriff.exe
  "C:\Users\Admin\Downloads\SpySheriff.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5428,i,8726821903851990590,11326001046680199440,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3280 /prefetch:8
  2⤵
  PID:5896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3216,i,8726821903851990590,11326001046680199440,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5860 /prefetch:8
  2⤵
  PID:5848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5468,i,8726821903851990590,11326001046680199440,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5484 /prefetch:8
  2⤵
  PID:4792
- C:\Users\Admin\Downloads\Lokibot.exe
  "C:\Users\Admin\Downloads\Lokibot.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:2768
- - C:\Users\Admin\Downloads\Lokibot.exe
    "C:\Users\Admin\Downloads\Lokibot.exe"
    3⤵
    - Executes dropped EXE
    PID:4696
- C:\Users\Admin\Downloads\Lokibot.exe
  "C:\Users\Admin\Downloads\Lokibot.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:2944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5280,i,8726821903851990590,11326001046680199440,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6076 /prefetch:8
  2⤵
  PID:3396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6096,i,8726821903851990590,11326001046680199440,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5856 /prefetch:8
  2⤵
  PID:3580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5488,i,8726821903851990590,11326001046680199440,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6028 /prefetch:8
  2⤵
  PID:5396
- C:\Users\Admin\Downloads\CrimsonRAT.exe
  "C:\Users\Admin\Downloads\CrimsonRAT.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:2160
- - C:\ProgramData\Hdlharas\dlrarhsiva.exe
    "C:\ProgramData\Hdlharas\dlrarhsiva.exe"
    3⤵
    - Executes dropped EXE
    PID:5100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6016,i,8726821903851990590,11326001046680199440,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1272 /prefetch:8
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6092,i,8726821903851990590,11326001046680199440,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5984 /prefetch:8
  2⤵
  PID:5832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6136,i,8726821903851990590,11326001046680199440,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6132 /prefetch:8
  2⤵
  PID:5968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6100,i,8726821903851990590,11326001046680199440,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5900 /prefetch:8
  2⤵
  PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5972,i,8726821903851990590,11326001046680199440,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6188 /prefetch:8
  2⤵
  PID:3252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6300,i,8726821903851990590,11326001046680199440,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6324 /prefetch:8
  2⤵
  PID:5896
- C:\Users\Admin\Downloads\DesktopBoom.exe
  "C:\Users\Admin\Downloads\DesktopBoom.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: GetForegroundWindowSpam
  PID:5572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5016,i,8726821903851990590,11326001046680199440,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3556 /prefetch:8
  2⤵
  PID:4872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6276,i,8726821903851990590,11326001046680199440,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6204 /prefetch:8
  2⤵
  PID:5528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6220,i,8726821903851990590,11326001046680199440,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4064 /prefetch:8
  2⤵
  PID:2944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5136,i,8726821903851990590,11326001046680199440,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6132 /prefetch:8
  2⤵
  PID:1300
- C:\Users\Admin\Downloads\CookieClickerHack.exe
  "C:\Users\Admin\Downloads\CookieClickerHack.exe"
  2⤵
  - Executes dropped EXE
  PID:2512

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4768

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2948

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\c747b97f2a484deda0f2b2943e2573db /t 3676 /p 5188
1⤵
PID:3864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Hdlharas\dlrarhsiva.exe

Filesize
9.1MB

MD5
64261d5f3b07671f15b7f10f2f78da3f

SHA1
d4f978177394024bb4d0e5b6b972a5f72f830181

SHA256
87f51b4632c5fbc351a59a234dfefef506d807f2c173aac23162b85d0d73c2ad

SHA512
3a9ff39e6bc7585b0b03f7327652e4c3b766563e8b183c25b6497e30956945add5684f1579862117e44c6bac2802601fc7c4d2a0daa1824f16c4da1fd6c9c91a

Download Submit
C:\ProgramData\Hdlharas\mdkhm.zip

Filesize
56KB

MD5
b635f6f767e485c7e17833411d567712

SHA1
5a9cbdca7794aae308c44edfa7a1ff5b155e4aa8

SHA256
6838286fb88e9e4e68882601a13fa770f1b510a0a86389b6a29070a129bf2e5e

SHA512
551ba05bd44e66685f359802b35a8c9775792a12844906b4b53e1a000d56624c6db323754331c9f399072790991c1b256d9114a50fb78111652a1c973d2880af

Download Submit
C:\Users\Admin\AppData\Local\6AdwCleaner.exe

Filesize
168KB

MD5
87e4959fefec297ebbf42de79b5c88f6

SHA1
eba50d6b266b527025cd624003799bdda9a6bc86

SHA256
4f0033e811fe2497b38f0d45df958829d01933ebe7d331079eefc8e38fbeaa61

SHA512
232fedec0180e85560a226870a244a22f54ca130ed6d6dc95dc02a1ff85f17da396925c9ff27d522067a30ee3e74a38adff375d8752161ee629df14f39cf6ba9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
fe89d520fa9aaca79f3787a840b14007

SHA1
f5eccdddc76db6d6e9372bc19f4b647fb62a732b

SHA256
3281b4a8186094f619a5e15207ef949a753d4c7d28543055a17463614684d948

SHA512
4b17fb2e6f36d90e67d91f1a246389cef2c23d8651341db524678f7acb49733f99d1c33a822d62dfb4cf937ff94410b7faaedbd2b0260c13a84ad43d51288fb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
81ae7a02787a6ba43321f2b84ccbc738

SHA1
191656bab4e494d17701a4b5b008b93f1e5fa59e

SHA256
03b02fddd2fc03d7783c761eb05a9a14f07b36e882ee81e009df4d4ed274256e

SHA512
5f17e773cc77a20016fc20c29465d59a3cb8ddb22ef5b65d946570a1c5d2ddf086e27b691bf4ad1939a536c002baa17260f6d864a73b297a11d71fb4911900f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
b567d188747bca5e3f29558edcb6533d

SHA1
188d7e371e4552b0db0abededd1edb8eb96e3458

SHA256
03e9c876328ca7b8e982260f925d70e2b3081f34c04157614f0ba49a5b0881a4

SHA512
1169b9f2a551c7414aad7a986553696945ce87e4b4c9c55fe9be5e9c61698aff4c1a49c2080e857d5e42a15f0aa625d984ced629bc0f0118f54c747773db8906

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
2dbb5f9b6a6d0b786ba20b93e718315a

SHA1
877ca0db286cd817e68541421de7fac66488b632

SHA256
00ed4fbefd4103893799c2355e342bbc1a193f614ba7e8940b2052f38d5824f4

SHA512
83c54926911d173cfa62a83b89abb0b74fb6f11ca4f3d77bff94e4a20a8f66411cc575e8c7a7a14011a464624c4f6e92440cac563dc4b1a5e4daae99aca94b6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d9430289863e2eafe3c6a4f6c6e353ff

SHA1
2294c95ffeabc680518ee2cf49aacdb517e87a73

SHA256
aae86ed6e4301ef03db4843e862e665754ce3c8d3820d6700873bfa53e2c42da

SHA512
396ef7538e8c91e09c52a18cea7d7676ea91cf3e6adecefdb435f09962b8cc3d97afc61562c59df95637bb08fbfdcb5f7dd8b8e9f9384f146e35206893aeccf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f3da9ada5cf103f6c5b92fdf92b8551f

SHA1
6b0315241c6ecaa870b4bd873f723cf1226d1ad2

SHA256
297f4dc3c837a655d247e23966efcd99ed16bbf0805d570e586d5b87055e8705

SHA512
df407fcd30094103c769044f9bc4dd3305b21bd8bfe69f83984ca6b490647058663c58ff9b74e49867615790c15f6cce6531d009d4a727eae3e8d8a6151f6ebb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
a615cbae0e0f178d7f7d4f0d54396509

SHA1
783977fb98fb7a8926f3b69b32dfabe5c0a90bb1

SHA256
9f9c7c2f44b74c13244229f1db3335fb8f6eec70b30a5d0f78b0a06162e87bb6

SHA512
2870d2699a7bafbb6d1738005cc98a2b25f0f272733968be6b855789b7442bbf492b788ca7b801fd8687a73c71cc751651863dfa24a25cf1bd580e45a706bc4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c55ef0f5085d137409c30214c45a8802

SHA1
b40464b0f0cfcb738811b17d8150524837c36520

SHA256
c8e7afc34c425a80a805f28c6a53c99f4fafd99873d27eea34bc6cd9fa8b1e80

SHA512
a20682a9a2d530f4f2ec7713175344fd0d740c2ca6d74a5f92cbd8ae8efccb094fb8e6527821783212c5cad0cd153bd6fd5786518b1281866d0373a6c3f97324

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
23b1d76856ae6d7632cf4e94b863637d

SHA1
3664ffabf5acde87f6f33774c12fdf1b6e86b2bc

SHA256
b5a9cfac45ff0069ddcaaa9b22d7030859662fadfcf9f636714700bb2ea9e17d

SHA512
80256caf38d2dc811b489dcc91b1504e25e525baa82e215a21b6a4984fd2c1dbeb19711b8a0395c63f1e3baa7fc70c9502b7657983cc74dbd53999ab5de191bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
30458254e6a411e78d2d98ce9ca2c8cc

SHA1
09ad73725872c571e5f89598274c87e7a4e41da3

SHA256
75e75c41a43ce249c3f059e125296a3234d55d1863b16dce267ba5c2aa9ce9b9

SHA512
b3d2e0a4500689e62cd338573f62cc8a1da99c839b04531b1dcc4615959d767e3e4727109445250d5ec5c7777bfcccc902e36d578b2694fec3e836e7c70c2e5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
13dca2491d285be2fe2a15b0350f3590

SHA1
cf0339c9e7575a61ce9e44d5a175631e1a846bbb

SHA256
4adc81e01c7b13e896e1a8ee5b261a18877b3747ebe3aa38a9725a88958da4c6

SHA512
a70aa87c07ca7ea32a828223a701ef1f784a899bbc7699c77b1fd856fe549e8bc0efcc6e4ecad57ed3b454047164f4bf637cc9c09339e41bfb0673f90089ac7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
db5444b3c7d26502b315c98a35f878f4

SHA1
97f6b0013230c7a06b422ad6ee35c578451e43b5

SHA256
1c0c0a987691629a05e97d43f1055342886cae25db304dbb90890cd37845a952

SHA512
1aba6b13cc3449430d521495e2a9d825ddf0118c26375393266549e0613f9471890046e7462c9d768511b183b5ac3280855b81ece9c0bc0b25543759d5e3a817

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
618c93068b1c4be316bb17c291a2ad03

SHA1
3ee3840979f635e118495bfec17a2a968175fc46

SHA256
01b693aaa3abe297a9973972e1248a28e0f9f3a52f46e6f663e8d4175e37aa6c

SHA512
811dbe67f5264314d0fb9f46ae9e2f4fa98d40cb8210fe106e91a1594ae406e4a6247a205c8fedf85f76bb866bc68d98d9e8a0f3b035ba0ecb0ab6283fb6a132

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e48d84689c70ae7ce3293860458e259a

SHA1
05ebe82b5cecb8e494f5bb27bc8617451a03d417

SHA256
e98aa48099be279b74d582deaf20636d6fedb69aafcc413134ff7d9d819f8a5d

SHA512
4d7685a7aa6e3048165d4daedad580769369fcfca0e5d1a40e0f0deb32452d831b8712b4f9427bbb99371f3034240f2ff1f3fadd684f51ed368886414dd0bbd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
09bc685ea21a22b939e1c86f4e63dd50

SHA1
558d96916bfecc6da560dc5e54f11a5b969d4d6d

SHA256
b5f791a1a1745ee3a963b2896aa4102a97ba7c2231ee54dff215f8964a4031f5

SHA512
a6cf9cbdf2f12b9c09906311171fdb0a08644b0f785c7dc6989fc425808cd396cf896451fcf1217d2ec2b3ef1735a4951b3f709705fe1587c9395d5ce387a11f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
589fcd41410708c880597a19af5b56f2

SHA1
d097e48feebd5ae20f52d4a6c0fb14a9578ead39

SHA256
5e2dddae65d0149768fb76910e94947d4c1e9a7a29469c3a0fcd19ce2cbafe0a

SHA512
3e8dce9514329fce1754bbe8f3cd86ac93a8696c1166e7d69143f5ffb4742b07f563f2fdf9b0b5f5963a5281bbd1686b683c3ed4e1e053a65458d90d2df37a64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6e1816081685331b4f6021343d0f5544

SHA1
35e2d7a00fe440638bf452f0a43c8f8935f84c1b

SHA256
b35a9bc3043a3480ed2bfc0b4b9b38322eaf093a8ce3715428b8af2a5569b5be

SHA512
fae14945318a140918a0050d1b2c1b30ef1b3e9d22819647e1aadfee6eb559d221c7ceaf0fa53abc9ad5fa4102e53ab649417638f6459e330bb359090298e89d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
722669997d19f5c5dfffb1b5453caad2

SHA1
6cb3f676c43325e173431aafcdaedc5ba16e981d

SHA256
4a0b2e6a63bb15759f059b3a1491afbb3832c613b2cbd91229d9cb2663fc5301

SHA512
f12e2e459b18327b179ea2207fdf7d0a747aafc5bbbf3df949b648268784b3d82e5062f2d772174a83d9a65713c160b69d003f2014558b669e7497c7a63c6dbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
58cc1eaa495edc651060cc3320126195

SHA1
27662223e36c004f22eb2fb1caa5d25f68f2dd5b

SHA256
d17d4792546c984f8cef4a79d7f39cc857c51dc6f410eeb0d10175162a63e49b

SHA512
9c2bc90dc42e50ee5d7a1962f8bda3390eb8ea1560720c39e397832bc0aae22b1f0a11045a1be11dfd49b4924c5c8041f8c99c6fda732ba139c2948e36723d9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1fa274da550ceae105d8691ca9d95c56

SHA1
feaf7acefaf1367c1094c1d4943e5c90946d53b9

SHA256
12e9e66bde5d65e79884319ee6fe7a276cca0c21d1c4f5557dc583576f898452

SHA512
1973f3301fe8837872da74648986b7696ebc858335623949fcb7eb786d382f37675b2a00a743f8e23cf222d97a1e6b2db6889e8dd13f23cdd422d484b1c2715b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
de4e7aec15faa1a86b329b97d7461dbb

SHA1
66e2826f098e8360ea761d030755f74901017a9e

SHA256
dd60a4274bba9a0cbbf8559eb727dcbb28eafd72a013596f224f495ed6546d69

SHA512
92e6d3f1d209bf7f6eff9bfe8a599547015dee08644a4d4a3c029b714524540a5fe2449cee43fe9369fe2a1d63ebb6193c5adc8fb0814740f8b28e6c7ec906ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e7463131f24ebe75e4052f2fcf7944b2

SHA1
eb8f822a2a3e9752583ac1178690c0642015d973

SHA256
7bced07d58fb96283c6edacd359d154bbb3581cf401fa356339e260c43c0e45e

SHA512
cf1f5baf2d1f3a9195ea3a361b5f03d9a60352c1a7d3cbbd12b9ae10a8ae9f50a3c3b68aa2263552237a2e525a5623e0fa277c126b0ce5e407fafaa3904c6823

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cffbe3d8a42b50ee04bed1580bfe119a

SHA1
b1ab10adbfe01801a50395e37235ef2512ec4e03

SHA256
53eb3fe53520809b2ff191152a87230a4882e17b59c46b673444cb3afb1b490f

SHA512
02548e10c854599dddc66bdb6fc1851dd673585f99fe9237c82536494f85f5297c9f696b56d993515ee1336bfa964b9fd1a27b73ef0e567dccada17fa39f3833

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d8e369c5f50395b86d65beb13085393f

SHA1
485f79f945a29814e6d61cc6f16f8e3ec4122999

SHA256
d147666e433d957019aac84ed1c859b8dc4024037e318c0dd0f58bcfaff3d0cc

SHA512
5baf52532cfda03fb5ea85369f308c42c5d18e9c61dc632b0f0c431237e6d6c4164a3e1eec5731841438efed6532955fa56291cc7be06f4a189630fce768712c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
24b2ec94d90a38d18c4a9a0be789807c

SHA1
8884e88b360b5b1844a2c85d8524280734daf4e1

SHA256
d3f44531b4cc2098a57f13bbb8482a95178048fcb3749fe46d870102e23317d5

SHA512
0a141c109dfc984b01ecda15ac91fa011ebe1bb2e48474a0d318c6c7491c9725262fca9db3f5687468a76e21a3506cef25a40f93837649795f3136ed484a626b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a498ad1a094cdf0c3a44ac1577590cbf

SHA1
6639e81c240bded67529ece64843bb588d34e80e

SHA256
21e2c8e07f7a4b9b6ee84018181f558c6f02c879f6b961f07229cb2d634e7a7f

SHA512
a41d19d0648b26cecea2f1b791e4174feb6488ca5204fea8f4a7ecaed729f5ec6a7325c52bd5cc63e98b8b5aa5a56095a00446190696ab9a6d1de41758330d4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a9bd790c7e55b139f869b3f77d0a8146

SHA1
c4cc60f86b8cd1d6eed8d4c44594a9757da6c4d9

SHA256
8c39070a6a9b236d603942bf804141b94efd4b34890af0545b5c38d260e9bc44

SHA512
2534f918dd4f42ded7a81a12d6619bccd11a7387697cf4880f4007482ce47e285ade6add18c4c886bd59eed0ed3e28ccf0df39a3eee56c76d8f51d31c5d44e97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e58614f19906fbabd5e071be312aaa7b

SHA1
1b18a1bc3914606f02027b98219e0a91a498bfc3

SHA256
8cbfa6a2029384965ed56a79dca2c667afe11bd840d76bfdcedfc0491f68aaf6

SHA512
068bd1db6140c0eb7ed64750809ce12400fa1d519978a2d74a06dc003acbdfb3ea5ab29fca9806bb442687cecd2a81bab08df0e6361f9e064f2595d1eeff8782

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4ec81671ff1bb21c515db88eb68643a8

SHA1
b9a02a8833125fc747421437fc5b66e16c92f7e0

SHA256
702f4365d7e417f2629e41550355bea2d4b2cd537812242e530a9fbe4af8929c

SHA512
b0d7edd6fe6f2f171368300485419c614ae61a3752694e33000e90fa27081016fa5614069b84dd5540f751cb5c5056adf587e27f7d9bec4320d5455724ede8e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0043575f861ffd59e17019c5530092d3

SHA1
83276f1d29dbbf2287449e50f7026bb3a11097fc

SHA256
04941f0dfeec979e623d84ce214b510965ccf7e92eab998e5081a9a79908b9cb

SHA512
ea69bc6869fab8969295199b155433f574a08dc70c7212bc330b9785cb38d369e880c889e2ff3c54e944731c53179882b90222e5219f39c209cc10986a761351

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
268242d8d74321e8e6150ff0ff623a36

SHA1
22e75deaf050999ac00f1f9e5ace463c20efb61c

SHA256
39dc445ebcf96a83e414a6ea61198d5188bf9a517bdac029fc785fd84271ee4c

SHA512
cb8f932be1c56e9f860c2253119605537ab029f8ef1ec3de22c1398a504d36b6621da3d59a37b5f992e5f8b475589adeeb256cc062187aa421eb399bf1f39347

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
69c44576c8c421fc34a69abaa30a3245

SHA1
9b3af73f5061422623dc18eb485e0efd1455b5f4

SHA256
4fc572386d8fa0bc2854d1da9a8194452b0f8833a524a8058a297465bdb2fea9

SHA512
cb88bb9bf155fb2fccfc4dfb7502a15955d8d531ca5e6556195aba7bb3206a0155ed5d5b6c1c31849c3d7aaa34823b9f1c1b5c37bfadc6914e98012ddf626cd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c72807775db86399dac6ae17c5afd356

SHA1
23f610865926613d0d95b23a33abf63a26c8c9b6

SHA256
8c67b353d3992157dbbf0251c2cf3a91f9864ccbedc4d39eed10544dbf344e2e

SHA512
342738b2b12953323ee53fc5221174363ff55fcfb6357bf89f8611dea3fbc6122738ecb7cc5b63e9f634ea241460e5bdf3f4d6fcab1d92b718425c61330607f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a2cbf2c38969a129c8a78626bc892780

SHA1
f9763d037d47929a877b8422f506327b4fea1da2

SHA256
6f3c71b2420198c8c2bf684773658cc4263a08e53264ccebed3a6ad4fb54951f

SHA512
dccc9c234a6cf267b6659c79743fd35fe920c2eeabdbfadcf1529ecc40b3769044d324083beae10d2ae1876810f1d34d2b14fa34ef5f9c25409110359d1a7e13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
54cf16ccc2ef55a3e51025e91fbd57a3

SHA1
afb64a042a4f84fb70b78ac55a56bf8e9318d281

SHA256
2894ba2c387836bafdb03f176c835dd1a07d6500a3d3a381d97a1f7f552a587a

SHA512
5a579598b41e5f1fac20d7cb44d40b87c053af61573e47016492277ebd240c98c156ead81c6b0d787814e57284a34bf4c19f3de058d883648e0ffb1c694011bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
469c1977e7d7aabdc5e35ec28710d93c

SHA1
03fe31978823cc9feaa06eeb1fb03e9087b2f9d9

SHA256
f73ee07da3fbd9dcc6b4d5f2cf688373926e94ae79b05144de2857342ad79292

SHA512
15cbb950001edb306941fb0f17d8288e5a4be19486a08f8c2599c0dd3f085b447d8372a849432db7a087d6508ec46526a0688a258b45445262e3c2e07eba6f78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7c62fac24d326c18193c7a49f039a887

SHA1
24490cbe9f994e6118c1e4554d7a5aa26c8a1837

SHA256
d622cf57db43cbead1f660e9d30159e5dcac91aecd827dbad06e07c442689958

SHA512
76b8fcfa99a61fadd4ec35d40efb4a505c3c30261fdf27aacba228681d3fe688e3d41896ca5fc22863eacfe801ddf7db14ebd76b6f72b00a1578f071ee48e23c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2f612eade732012e434bb859e07dbbfe

SHA1
258a477106909af2bdcd07dcda350f6199c35f40

SHA256
3532ee1e0693bf6f7605fb855a64ba4e41f73627cdc002aa3859c81dff95bd14

SHA512
7ec452cf71699b72fab7419b2b8334ac5f90f0158f5bde4e84149baa33159aea55fa8d1a610dc86d00cacf2d3c4eb31740a2dc6e7e6803e1381d03633dc9ac2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ab7580ed5575645c7b4f0138e5edf097

SHA1
acfc78c72ce0bd92fd6538595ce843b5b5f3942e

SHA256
6fcef3044c52324b089cb27a681bd8e85a6e25a34d64419b2944eb2edc7828e8

SHA512
1c4dd8d9be53a2da07842fa848a256e0fae20a1728dc98c946ddd46c07063779864937a73828f0c2cd7d953f6153ea7994aa2e584a56b6c2508e713ebdee8698

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
88cb43a88cc6bfb0cc5187db589c6461

SHA1
f7bed343c91ac0bd93a71a0eb1c59aadb814ce27

SHA256
3ee5897cc32d729a0f33720ad25477ee05f18e3614daa59e795a7627d9124a0b

SHA512
a66fb5f0c6aa419697a4278c80de11e1ca36d113e9fe4ef612e4200c08c230ffb2e4fd0975fc1d490eadb532c30b9415be632775de26c3583651f9a2b67309d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4190dd14829aa23f5e5b064cb90f0809

SHA1
4bbcb898b382536c4b6b9f8865ddaeda62fdbaf8

SHA256
5a691ca8a8e0c68b504a89610f824bbb7d4fb948d725699a2e363791af479cf4

SHA512
266d12c8ecea7a8693f1cbcdafef70d59de167155f41ca2b13a526789ccbfcbc729cc3de4f0131355371165b53968567c2f01d2a5b5fb129b7d2cd42b386cf68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
df28197c8e0e978a938e90f8c8f48c28

SHA1
2684f7b1387785901500fdcf80add041411b1bb8

SHA256
ca9f6188de9deb832ad40a2fff6df380615073ff2629601c58e09ad42aa3b5f6

SHA512
a4a087ab08dfa271f3ca0c18b7bd85415df509d261dad3640f2c9a0549851af38497070f6cbbfe7dc831243af575d631f81372ec9d67558e3f7647932786082d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
572b3a9d87fe090fce7b9c08aa8d9170

SHA1
4d4579dd168629925b556cc610cfef1f46942007

SHA256
b3e27527fc67c34fbd1494631b5f9038e8247ad7e4776846a69d427b7177641e

SHA512
4da4b0a56cc1066813531528088494758419b7f0c64dd83c6b7cac1ef526758cc29cae291c4c9137babf483e62b6c22a2fb82329dafdbcd916d66b3dfb5013c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d18d79ae18f7a85d91e949ac58ed3c0b

SHA1
aa50e21e1f0261e4c23b8f58f3abc09edc3e7784

SHA256
8a7a0c681bf1013d0cc0e443819b310fecb03bf0fa6b8902644bd08a20f5e180

SHA512
2ac47c74049b8b2e6aeca6a9dfbd2ffc9f3c8f4db43a7b9eaed37e83facb7a26ca129876f0f31c970e084e98965d1ecf654e5cff3816c27465b3cf2c0d61cb50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
afce3a134c663b5f6398332b7922940c

SHA1
7a7aaf990f92ba5666b7a7da3e3661bd544675f3

SHA256
6dc865d0ef2ba452bf7d5a36e6fd821fc3f7ec49d571140350a9d44257607825

SHA512
9e4026972a3d14e01c63924360e6eccf847ff4ef71ba8336a13eb66ae6e705e2b5ed6c4b105ddfae6fc3c9f85db29f4aa7e74f1d495044b17393b33d97e57a23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
97b6df66d7b1c599cef97c715368e9fd

SHA1
53c48f44245f80b27a02882ccd5bedb5ea3d342a

SHA256
bdbed7ee7f1fd8cf5e5ebbe46d10491336909ac41f03d14d5456b943bf7e448c

SHA512
25cb04285022264692917d8b6a804258efab9d3b97de2fea1539b781e4e827b36fb36c11e447648455d2c77a8d8035550a82e6e4e1149d1bbd54fdc7c287a155

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d193c60b27b34044e29f6c1fda07d989

SHA1
24af5bf3c929bda4942b0b0bfd9c6698d10e9992

SHA256
26536dfb1a87e26342964c11f14c2ce0bd310cf108690bbe160be1906f21fb66

SHA512
96eee225a51bba21e97e63751bbcd116b4387bbfbd340ce4642a91a0c86d76ce84327c93ed116dc78575b6034c69aa2a37afe6db83acd1db2ac8e1674655b1ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
be56dfdff3b14242aac3873b42148b48

SHA1
452fc9fec7db2bb890256edba586119e0c64c4d2

SHA256
2331d49ca139712142ba8d64d58b83bb414500036eb725b1255b10a16146cc54

SHA512
cf4beefa770071222a1ebab21e899fdcbb55baca8ba07c66b14c85d66c9d5d8b208ad5ab30b28ebf387ca77c5c922698ecd03119e5243c03d294c1f758e0694e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e6a0d2b1438cd1bc738fa8b03446a967

SHA1
c0fd3f8f0491713c27f889eb9553dc97e505484e

SHA256
340b70849e5c9c9ac825c3f766997737377803afc33586a57fa01db5e8064ab3

SHA512
fb5bc8989cd73f0b2848b37884ac2af20d99472ca296780a4640e260209fe44e85fd6959397c0a6149e738e359b471515e12b2d900844286994c84ce8dd10072

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
799a4973d8f15ad82d8b02310b578c7c

SHA1
fd7c82d2d5d8faa4c3d9ecf5d62ba437bddea685

SHA256
03841d99d09f9ec1f8145a8f40fde0b117ea7d56e61083a25f8951d550114a46

SHA512
a8b3a0dbe5d56c071fed93d19c0b72913b1c6d97750dcbcb7c3eb4a6e4b723cd032c18cd5137b67c9c400c3c8d7cbaf81a1c994f6579a53946ecd7a63a3d0c26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
dd07c832fa0b70afa8010aec8a321e4b

SHA1
49bc1e36ddd29a2c267fa9c8b2e4fb2548320431

SHA256
ae22f4db76408591dc75313359c4c9d26142da5bae837cbdc05aba947434f7a3

SHA512
2b4854da90428ed895badb9b567fb17ace29b2576bc5cffcb20686605cf54b6bbd584fa8b8f036c678f175123d6489ca55f24c23e395797cd2f8ea9cc11678fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
691f791c3f92f8608f68c33ce99dfcd7

SHA1
83ee3e3145bcdd64cbcf1b321577da6711064617

SHA256
2f1f8a994fd80779bcd26e30788a4c268b3ba0619e062da81c9d22d310defb77

SHA512
19f23e49aa47f80207daaa66067d1f13582caac35b7fddd0c8aa031917adce1a0d03356c7527db2d8d8603b9dad80d1b70b5ade793315ce30e675781dd5009e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8ec456f9bcd6d862116bd309637d4eb4

SHA1
14291f3ada2419233b121b5ab6d66538b1749bbd

SHA256
4a3fd10f656363c4ce3b7ff9ee2aa02665a485f348392a5c929c31ff4fc7a102

SHA512
341b4c542792a17ded71f6f0248917b10dd5804f830815152f8fe3fbcdf5171f04be276b1fbc445078be7dfd4bb9b94285d6b8ce50c23ce9289f056b0323547f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c9fb5912c10f777684f8669f724245e4

SHA1
7fc5eb97fae2a63070d5cdb8f58044b70836ea73

SHA256
939382a8c3b2a59cbc6d01ac295bf0579a6c1040e211a0eb7539a6d3bfa548ec

SHA512
43f4b68b4f1b5335da6784b2bd1d12a17d1a25f4447f3f00167d2d73137e413987187869b343fdc2885b1e2b27b108ee7ba142d61f62eb1e6df184a7354866ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9795b369dcdf20bd6f884beca838f35b

SHA1
9d38b730956d039f8b2475a85014608106eb5cad

SHA256
cfb3252e6956005d7a1210be350091387a67e42277531af41082a6341ede571c

SHA512
095282e01977889a8cffe1d9d7c413ba1f11e72449e7dc2c939b550976fc1d2dd2ee65386a71a3eb0606df04fea830cfb3d415be2c5ea0f340dc644328b18d24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7017fd8c4e54a460ed33ab96633c4832

SHA1
4309675fc0702da0e074338b029ec9fe3bd18934

SHA256
348c48a2a62957e8edc425f6391bf404bbc0f07ec8445bd98577373a524adb06

SHA512
6755a0630b79f59634a593e710634ad78d15b7bfb51de3bd888f59ee2512d2b2004c0b3ee025f586af845b6dcafca1de1dc1da67437d2676f98ff5a01b2edb10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
13KB

MD5
fedf6d5f2175faa5b39d7359205e960f

SHA1
60b199fa2d1478ad8b9ce8230e5a5cf4bf4d6b40

SHA256
120a6d879a6c7ce02dfcc8236966fb992b79ab5dca1ded07c95ef4aa16bea329

SHA512
625ebd0e2dd370401a72e28e8cef1a965273ce109729ebddad48b69719b7e196b35e5d2176d952d0175cadd8de7150155ea5c5c31b5a1d1417f7d2def277881c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a689e780-4c36-4c0c-af11-c1188cd66ffe.tmp

Filesize
9KB

MD5
3b51544f4ab79cd4444698fafb55efd6

SHA1
329fd58b0fcb67fd8f8276b0256ce47418f0fa6c

SHA256
49a7489d1659e00ed21ae5ce59e29edf1cd1ad563999ae8d07a406c3c580b39b

SHA512
8dd17711674d86b1be42a0eb8964fc1bfeb03ac0aa5d7eb6a62713ee88f0f227ad5daac73686a6fa41f671624dd0f8c3426c0835dca23207b5d8e3cbb6dfc252

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
242KB

MD5
0c023e135b45698120760c993a888714

SHA1
81916f24cb31babed11a9754434ec08d2837d909

SHA256
ebae9a930ae1b0b2e0ecb0b3183582d3d5963a27103ca3d014982c4a5ab1b871

SHA512
df6ce8d6b09a0d7e36505531099f4d91ecee1c8c0dbd608788dde9002b11e97616352ae7816b7715b4e229febf916a261e8981ef310d93e0c7c11ef7701cffbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
242KB

MD5
d2b6443f351346e99d9a590212be125a

SHA1
afadf743a955f7d2c09f8927c1d5087b6fe708ea

SHA256
fb4a58b7575262834df52951a5002ff5c4d5ec9d40f79dedb19119148b11cecb

SHA512
7334f5f8da2be4ec933eafabe5c9186d039c48149145f0e8475eff7a8b1259fc669441dc68e3d1198bb82f0c20d52f4773a169f891246dcc85b46c99fb42d0a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Lokibot.exe.log

Filesize
425B

MD5
8c7889bde41724ce3db7c67e730677f6

SHA1
485891cc9120cb2203a2483754dbd5e6ea24f28e

SHA256
83c70bfcb1b41892c9c50cabe9bc2d96b2f7420b28545afabd32f682ac62d0ad

SHA512
b7c3aab27fc924dcaef78987b492931e164b9e30b813c532fe87e1d40001ed1861c4b5ddbdd85cd2278681a22e32eee816877f4f63cecaa9972976d87e38f5cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7fb0955b2f0e94f2388484f98deb88f4

SHA1
ab2363d95af3445a00981e78e6b6f0b860aade14

SHA256
a7c4cb739d577bfc41583a2dbf6e94ae41741c4529fe2d0443cd1dabefef8d15

SHA512
c9b6b6de78fb78c11b88860cd6c922d11717f5cf7477f602f197531aea114270c2b7111f66d96f60c3a9317fbf203fd26222e81d2d0eb70ad6515f5af1277edf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
215KB

MD5
0e9976cf5978c4cad671b37d68b935ef

SHA1
9f38e9786fbab41e6f34c2dcc041462eb11eccbc

SHA256
5e8e21f87c0a104d48abc589812e6f4e48655cabe4356cda9e3c1ceee0acaa4e

SHA512
2faa6fff6b47e20fd307a206827dc7ff4892fce8b55b59b53d3e45b7dcf5fd34cebc4776b63da5aa4d0e0408344bd4602d26d09e7a456dd286e93b768cbfaa51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
0592e5c410b288301ffb4d435684b67b

SHA1
8733a9a349ebc6b516a4c5c689825da95e1885f5

SHA256
d000fda1ddee795ddcb13ada67fb552ec40cb95b4510a8558c9d1a64152bafac

SHA512
e07624287b1060ebbaec65ac00fd7b1aa12923be81b288dfe29c5d1e28bffd310a3b9c62fa697100afb796380c58f6375ccd66682bd6dcd7ed7ce80886a9a2bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
684B

MD5
47035dd2e4b07bbccaf67069769c7ecb

SHA1
023b3368d8a157fcc6ffa3a007e62c00541066e7

SHA256
e45bb4a3d9534994581cfbdd9cdf684b5405b8afc304d6131f2aa3391e5f6cc4

SHA512
6b8e604cbd7e6bb1706fde9e34ab95a5c571524ee5e1917f00a424ab7de61c8d13231148242def27d18698d580cceb08fc694b6e4975981fdb05ccf88385cca5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
28bed4a4d99cb1b0bfacbd9bcc391d7c

SHA1
1341aeb440743534e039063297f81c4ee473e601

SHA256
efbe27db2da3943b3b56299b1f4c34f073a3a1bd3137e2a0647b98499c3dbb1a

SHA512
b8b003d75e0a2597b2c89c7a999c6fa3f2d43b9b889c06c9e2410944deb8728bed51f97ef335b92e44bbe90a4cdfd2648b5a6d106eac96972e466df15851a1f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d04a6eef8ca11645b6cc9ba3ea965074

SHA1
9ed5bd0da41c040e6aa89147877bf745da4a8ccb

SHA256
5a6b43b5dd7138dbd9f9acd29d36c47a133156ee4843db123743c4d402803e9a

SHA512
ec438c82b73b01627455f0a76582d595d05500fed8110b33129c58e076051ae8fcc394798715c366df438983a9e497c17912309fa26808c3580709f398d6dc91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
2627e6345730a6a479da30c0883d24a5

SHA1
7442a41a25fcc5415e1609b647c6e414a32c7b99

SHA256
640a5e5b62d5e5ce53f120e2238d95d61f09b45d0d4035fcedc0f452c431b26d

SHA512
1cd1044e89ebd307c088b4ebe587d41dee3b6dfcb10fc4f70f95819fc9b1f98132b9715cf1bce76d5f15d97802e85776f2ae6bfb293c4d033e661e5d34354d28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ad3e04aba745a18bce837c8d93c0209f

SHA1
9cc2e791cf4e177704301bcf5c8ed37e6b219a8f

SHA256
e72f5c6ec5a11cd46d0db7545553031ef91362536424867de2e7b4c10f6a5358

SHA512
7188032352567e25799fbaa43cc97c18ccae7c7f6cdf78572c8d6c3dff75a584b2cbbc83e679119c75405433a779af95064ae40bea0dd101c29dd7bc2f43aba0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms

Filesize
6KB

MD5
824bef2b8e2846d3bd736a1ea8edd930

SHA1
6132d6f07d88c708b9eb02f3964ae758988c04bd

SHA256
abb849d9476a7248d484ff6414890c23db09aa926b2017465c413136221539f5

SHA512
b1450cc9e75acc3e24add16cdccf7d3303a984099c7152a1556214e2f8831b71640ab50c2cf622b1b05f4c788b985948066f027cbf67634f680e29dbd10bc181

Download Submit
C:\Users\Admin\Downloads\AdwereCleaner.exe

Filesize
190KB

MD5
248aadd395ffa7ffb1670392a9398454

SHA1
c53c140bbdeb556fca33bc7f9b2e44e9061ea3e5

SHA256
51290129cccca38c6e3b4444d0dfb8d848c8f3fc2e5291fc0d219fd642530adc

SHA512
582b917864903252731c3d0dff536d7b1e44541ee866dc20e0341cbee5450f2f0ff4d82e1eee75f770e4dad9d8b9270ab5664ffedfe21d1ad2bd7fe6bc42cf0e

Download Submit
C:\Users\Admin\Downloads\CookieClickerHack.exe

Filesize
68KB

MD5
bc1e7d033a999c4fd006109c24599f4d

SHA1
b927f0fc4a4232a023312198b33272e1a6d79cec

SHA256
13adae722719839af8102f98730f3af1c5a56b58069bfce8995acd2123628401

SHA512
f5d9b8c1fd9239894ec9c075542bff0bcef79871f31038e627ae257b8c1db9070f4d124448a78e60ccc8bc12f138102a54825e9d7647cd34832984c7c24a6276

Download Submit
C:\Users\Admin\Downloads\CrimsonRAT.exe

Filesize
84KB

MD5
b6e148ee1a2a3b460dd2a0adbf1dd39c

SHA1
ec0efbe8fd2fa5300164e9e4eded0d40da549c60

SHA256
dc31e710277eac1b125de6f4626765a2684d992147691a33964e368e5f269cba

SHA512
4b8c62ddfc7cd3e5ce1f8b5a1ba4a611ab1bfccf81d80cf2cfc831cffa1d7a4b6da0494616a53b419168bc3a324b57382d4a6186af083de6fc93d144c4503741

Download Submit
C:\Users\Admin\Downloads\DesktopBoom.exe

Filesize
1.1MB

MD5
f0a661d33aac3a3ce0c38c89bec52f89

SHA1
709d6465793675208f22f779f9e070ed31d81e61

SHA256
c20e78ce9028299d566684d35b1230d055e5ea0e9b94d0aff58f650e0468778a

SHA512
57cdb3c38f2e90d03e6dc1f9d8d1131d40d3919f390bb1783343c82465461319e70483dc3cd3efdbd9a62dfc88d74fc706f05d760ffd8506b16fd7686e414443

Download Submit
C:\Users\Admin\Downloads\Lokibot.exe

Filesize
300KB

MD5
f52fbb02ac0666cae74fc389b1844e98

SHA1
f7721d590770e2076e64f148a4ba1241404996b8

SHA256
a885b1f5377c2a1cead4e2d7261fab6199f83610ffdd35d20c653d52279d4683

SHA512
78b4bf4d048bda5e4e109d4dd9dafaa250eac1c5a3558c2faecf88ef0ee5dd4f2c82a791756e2f5aa42f7890efcc0c420156308689a27e0ad9fb90156b8dc1c0

Download Submit
C:\Users\Admin\Downloads\SpySheriff.exe

Filesize
48KB

MD5
ab3e43a60f47a98962d50f2da0507df7

SHA1
4177228a54c15ac42855e87854d4cd9a1722fe39

SHA256
4f5f0d9a2b6ef077402a17136ff066dda4c8175ceb6086877aaa3570cabb638f

SHA512
9e3365c7860c4766091183d633462f1cc8c30d28871ae2cd8a9a086ce61c0bccf457f919db6826b708f0cf4f88e90f71185420edc4756b7d70137e2096f8797f

Download Submit
memory/2160-845-0x000001F8134C0000-0x000001F8134DE000-memory.dmp

Filesize
120KB

Download
memory/2512-1057-0x000000001B1C0000-0x000000001B266000-memory.dmp

Filesize
664KB

Download
memory/2512-1058-0x000000001B740000-0x000000001BC0E000-memory.dmp

Filesize
4.8MB

Download
memory/2512-1059-0x000000001BD40000-0x000000001BDDC000-memory.dmp

Filesize
624KB

Download
memory/2512-1069-0x000000001B0D0000-0x000000001B0D8000-memory.dmp

Filesize
32KB

Download
memory/2512-1070-0x000000001BEA0000-0x000000001BEEC000-memory.dmp

Filesize
304KB

Download
memory/2768-786-0x0000000000A50000-0x0000000000AA2000-memory.dmp

Filesize
328KB

Download
memory/2768-787-0x00000000015C0000-0x00000000015D4000-memory.dmp

Filesize
80KB

Download
memory/2768-791-0x0000000006310000-0x0000000006318000-memory.dmp

Filesize
32KB

Download
memory/2768-788-0x0000000005B20000-0x00000000060C6000-memory.dmp

Filesize
5.6MB

Download
memory/2768-813-0x0000000006360000-0x0000000006382000-memory.dmp

Filesize
136KB

Download
memory/2768-789-0x0000000003010000-0x0000000003018000-memory.dmp

Filesize
32KB

Download
memory/2768-790-0x00000000061F0000-0x0000000006282000-memory.dmp

Filesize
584KB

Download
memory/2768-792-0x00000000063B0000-0x00000000063F4000-memory.dmp

Filesize
272KB

Download
memory/4448-760-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/4448-725-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/5100-904-0x000001C2300D0000-0x000001C2309E4000-memory.dmp

Filesize
9.1MB

Download
memory/5188-432-0x0000000000530000-0x000000000055E000-memory.dmp

Filesize
184KB

Download
memory/5188-645-0x00000000228B0000-0x0000000023056000-memory.dmp

Filesize
7.6MB

Download