crimsonrat | dc31e710277eac1b125de6f4626765a2684d992147691a33964e368e5f269cba

Analysis

max time kernel
899s
max time network
898s
platform
windows11-21h2_x64
resource
win11-20250217-en
resource tags

arch:x64arch:x86image:win11-20250217-enlocale:en-usos:windows11-21h2-x64system
submitted
19/02/2025, 15:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CrimsonRAT.exe
Size

84KB
MD5

b6e148ee1a2a3b460dd2a0adbf1dd39c
SHA1

ec0efbe8fd2fa5300164e9e4eded0d40da549c60
SHA256

dc31e710277eac1b125de6f4626765a2684d992147691a33964e368e5f269cba
SHA512

4b8c62ddfc7cd3e5ce1f8b5a1ba4a611ab1bfccf81d80cf2cfc831cffa1d7a4b6da0494616a53b419168bc3a324b57382d4a6186af083de6fc93d144c4503741
SSDEEP

1536:IjoAILD000jsdtP66K3uch3bCuExwwSV712fRp1Oo2IeG:IqLD000wD6VRhLbzwSv2H1beG

Score

10^/10

crimsonrat bootkit discovery persistence privilege_escalation rat

Malware Config

Extracted

Family

crimsonrat

185.136.161.124

Signatures

CrimsonRAT main payload 1 IoCs

resource	yara_rule
behavioral1/files/0x001b00000002ae8e-25.dat	family_crimsonrat

CrimsonRat
Crimson RAT is a malware linked to a Pakistani-linked threat actor.
rat crimsonrat
Crimsonrat family
crimsonrat
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 1 IoCs

pid	Process
4208	dlrarhsiva.exe

Modifies system executable filetype association 2 TTPs 47 IoCs

persistence

Modify Registry

T1112

Change Default File Association

T1546.001

description	ioc	Process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shell\print	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\comfile\DefaultIcon	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\comfile\shell\open	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\comfile\shell	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\comfile\shellex\DropHandler	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\runas	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\ContextMenuHandlers\PintoStartScreen	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-21-2250935964-4080446702-2776729278-1000_Classes\lnkfile\shellex\ContextMenuHandlers	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shell\open	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shell\print\command	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shell	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shellex\DropHandler	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\runas\command	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\command	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\runasuser	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shell\runasuser\command	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\comfile\shell\open\command	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\DropHandler	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\{00021401-0000-0000-C000-000000000046}	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\IconHandler	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\tabsets	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shell\runas\command	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shellex\{8895b1c6-b41f-4c1c-a562-0d564250836f}	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\comfile\shellex	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\piffile\shell\open\command	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\piffile\shell	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\piffile\shellex\DropHandler	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\piffile\shellex\IconHandler	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shell\edit	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shell\runas	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shellex\ContextMenuHandlers	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\CLSID	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-21-2250935964-4080446702-2776729278-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\OpenContainingFolderMenu	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\piffile\shell\open	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shellex\ContextMenuHandlers\Compatibility	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\ContextMenuHandlers	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\batfile\DefaultIcon	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shell\edit\command	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shell\runasuser	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\ContextMenuHandlers\Compatibility	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\DropHandler	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shell\open\command	reg.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 7 IoCs

Web Service

T1102

flow	ioc
47	camo.githubusercontent.com
48	camo.githubusercontent.com
49	camo.githubusercontent.com
3	camo.githubusercontent.com
44	camo.githubusercontent.com
45	camo.githubusercontent.com
46	camo.githubusercontent.com

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	MasonKnockout.exe

Drops file in Windows directory 8 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FileCoAuth.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FileCoAuth.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MasonKnockout.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133844509613931217"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\AFormAut.App\CLSID	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-21-2250935964-4080446702-2776729278-1000_Classes\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Microsoft.ZuneMusic_10.21012.10511.0_x64__8wekyb3d8bbwe\ActivatableClassId\Microsoft.ZuneMusic.AppXtv7ky83ngznmagrmhc5fhfwbktfhrjj	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Forms.HTML:Password.1\CLSID	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{51973C56-CB0C-11D0-B5C9-00A0244A0E7A}\ProxyStubClsid32	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6E215EF3-E44C-44D1-B7BA-B2401F7DC23D}\ProxyStubClsid32	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.DirectSoundI3DL2ReverbDMO\CurVer	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\PowerPoint.Slide.8\shell\OpenAsReadOnly\command	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Record\{19E73484-6BE5-3DEF-985E-0DEE4B64BBB5}	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-21-2250935964-4080446702-2776729278-1000_Classes\AppXvzg9q08e9beqxefd7wynf5essvk7wbhb\Shell\open	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3050F27E-98B5-11CF-BB82-00AA00BDCE0B}	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{000C03CE-0000-0000-C000-000000000046}\TypeLib	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{08A9E040-9A9C-4F42-B5F5-2029B8F17E1D}\ProxyStubClsid32	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\windows.protocol\feedback-hub\AppXsbz2fdbdmn6pz7xyd3zc95j9syhcnyc2	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.ScreenSketch_11.2104.2.0_x64__8wekyb3d8bbwe\Microsoft.ScreenSketch_8wekyb3d8bbwe!App\windows.fileTypeAssociation\.rwl	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Record\{C5BC309B-0109-3D26-A69B-ED2A79DAEAEF}	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CompressedFolder\ShellEx	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-21-2250935964-4080446702-2776729278-1000_Classes\Extensions\ContractId\Windows.Launch\PackageId\Microsoft.Win32WebViewHost_10.0.22000.1_neutral_neutral_cw5n1h2txyewy	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{000C0308-0000-0000-C000-000000000046}	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{305106D6-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Record\{8A958A5B-626C-3D22-AB56-3EC30C9B7EE2}\4.0.0.0	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Record\{D02066AC-B77D-39B1-92C9-F285CDE29E0B}	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WMP11.AssocFile.WMV\shellex	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-21-2250935964-4080446702-2776729278-1000_Classes\.dng\OpenWithProgids	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020821-0000-0000-C000-000000000046}\DataFormats\GetSet\4	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020832-0000-0000-C000-000000000046}\DefaultExtension	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\MAPI/IPM.StickyNote\ShellEx	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/vnd.fdf	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\VLC.adt\shell\PlayWithVLC\command	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WMP11.AssocFile.WMV\shell\Enqueue\command	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Word.Picture.8\Protocol\StdFileEditing\Verb\0	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\.sql	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-21-2250935964-4080446702-2776729278-1000_Classes\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Microsoft.MicrosoftEdge_44.22000.120.0_neutral__8wekyb3d8bbwe\ActivatableClassId	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4BB2066F-1B75-57CF-A722-1E58BFC5AE50}\ProxyStubClsid32	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Codepage\65001	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Record\{394033AF-E0BA-30E7-B099-A79873E55634}\15.0.0.0	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Theme.ThemeThumbnail\CurVer	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\VBSFile\DefaultIcon	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\.ari\ShellEx\{e357fccd-a995-4576-b01f-234630154e96}	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EABCECDB-CC1C-4A6F-B4E3-7F888A5ADFC8}\DocObject	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.heifs\Shell\setdesktopwallpaper	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\VLC.dts	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9889F253-F188-4427-8D54-CE0C2423C5C1}	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Record\{A420E45E-9EF0-3126-8E5C-FD7B5D355A5D}\15.0.0.0	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\VLC.ts	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\wordmhtmlfile	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-21-2250935964-4080446702-2776729278-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\SplashScreen\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe!App	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BDEADEF2-C265-11D0-BCED-00A0C90AB50F}	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0002E160-0000-0000-C000-000000000046}\TypeLib	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-21-2250935964-4080446702-2776729278-1000_Classes\WOW6432Node\Interface\{2F12C599-7AA5-407A-B898-09E6E4ED2D1E}\ProxyStubClsid32	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{34527502-D3DB-4205-A69B-789B27EE0414}	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{88034C53-AE71-434A-A331-BDF5227EE57A}\ProxyStubClsid32	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Record\{24246833-61EB-329D-BDDF-0DAF3874062B}\4.0.0.0	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\audio/x-flac	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLRMetaData.CorMetaDataDispenser\CurVer	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B801CA65-A1FC-11D0-85AD-444553540000}\AuxUserType\3	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Component Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-21-2250935964-4080446702-2776729278-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\Schemas	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.aac\shellex\ContextMenuHandlers\PlayTo	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\zapfile\shell\print\command	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-21-2250935964-4080446702-2776729278-1000_Classes\AppXvvr0sjtc34r6nk4mhn2e608s2xp2tezg	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\Elevation	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\ProgIDs\AppXcb6e5re383zqpgggd2grt6vrv627a4wt	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\.jpeg\PersistentHandler	reg.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\MasonKnockout-main.zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4364	chrome.exe
Token: SeCreatePagefilePrivilege	4364	chrome.exe
Token: SeShutdownPrivilege	4364	chrome.exe
Token: SeCreatePagefilePrivilege	4364	chrome.exe
Token: SeShutdownPrivilege	4364	chrome.exe
Token: SeCreatePagefilePrivilege	4364	chrome.exe
Token: SeShutdownPrivilege	4364	chrome.exe
Token: SeCreatePagefilePrivilege	4364	chrome.exe
Token: SeShutdownPrivilege	4364	chrome.exe
Token: SeCreatePagefilePrivilege	4364	chrome.exe
Token: SeShutdownPrivilege	4364	chrome.exe
Token: SeCreatePagefilePrivilege	4364	chrome.exe
Token: SeShutdownPrivilege	4364	chrome.exe
Token: SeCreatePagefilePrivilege	4364	chrome.exe
Token: SeShutdownPrivilege	4364	chrome.exe
Token: SeCreatePagefilePrivilege	4364	chrome.exe
Token: SeShutdownPrivilege	4364	chrome.exe
Token: SeCreatePagefilePrivilege	4364	chrome.exe
Token: SeShutdownPrivilege	4364	chrome.exe
Token: SeCreatePagefilePrivilege	4364	chrome.exe
Token: SeShutdownPrivilege	4364	chrome.exe
Token: SeCreatePagefilePrivilege	4364	chrome.exe
Token: SeShutdownPrivilege	4364	chrome.exe
Token: SeCreatePagefilePrivilege	4364	chrome.exe
Token: SeShutdownPrivilege	4364	chrome.exe
Token: SeCreatePagefilePrivilege	4364	chrome.exe
Token: SeShutdownPrivilege	4364	chrome.exe
Token: SeCreatePagefilePrivilege	4364	chrome.exe
Token: SeShutdownPrivilege	4364	chrome.exe
Token: SeCreatePagefilePrivilege	4364	chrome.exe
Token: SeShutdownPrivilege	4364	chrome.exe
Token: SeCreatePagefilePrivilege	4364	chrome.exe
Token: SeShutdownPrivilege	4364	chrome.exe
Token: SeCreatePagefilePrivilege	4364	chrome.exe
Token: SeShutdownPrivilege	4364	chrome.exe
Token: SeCreatePagefilePrivilege	4364	chrome.exe
Token: SeShutdownPrivilege	4364	chrome.exe
Token: SeCreatePagefilePrivilege	4364	chrome.exe
Token: SeShutdownPrivilege	4364	chrome.exe
Token: SeCreatePagefilePrivilege	4364	chrome.exe
Token: SeShutdownPrivilege	4364	chrome.exe
Token: SeCreatePagefilePrivilege	4364	chrome.exe
Token: SeShutdownPrivilege	4364	chrome.exe
Token: SeCreatePagefilePrivilege	4364	chrome.exe
Token: SeShutdownPrivilege	4364	chrome.exe
Token: SeCreatePagefilePrivilege	4364	chrome.exe
Token: SeShutdownPrivilege	4364	chrome.exe
Token: SeCreatePagefilePrivilege	4364	chrome.exe
Token: SeShutdownPrivilege	4364	chrome.exe
Token: SeCreatePagefilePrivilege	4364	chrome.exe
Token: SeShutdownPrivilege	4364	chrome.exe
Token: SeCreatePagefilePrivilege	4364	chrome.exe
Token: SeShutdownPrivilege	4364	chrome.exe
Token: SeCreatePagefilePrivilege	4364	chrome.exe
Token: SeShutdownPrivilege	4364	chrome.exe
Token: SeCreatePagefilePrivilege	4364	chrome.exe
Token: SeShutdownPrivilege	4364	chrome.exe
Token: SeCreatePagefilePrivilege	4364	chrome.exe
Token: SeShutdownPrivilege	4364	chrome.exe
Token: SeCreatePagefilePrivilege	4364	chrome.exe
Token: SeShutdownPrivilege	4364	chrome.exe
Token: SeCreatePagefilePrivilege	4364	chrome.exe
Token: SeShutdownPrivilege	4364	chrome.exe
Token: SeCreatePagefilePrivilege	4364	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2296 wrote to memory of 4208	2296	CrimsonRAT.exe	77
PID 2296 wrote to memory of 4208	2296	CrimsonRAT.exe	77
PID 4364 wrote to memory of 4932	4364	chrome.exe	81
PID 4364 wrote to memory of 4932	4364	chrome.exe	81
PID 4364 wrote to memory of 692	4364	chrome.exe	82
PID 4364 wrote to memory of 692	4364	chrome.exe	82
PID 4364 wrote to memory of 692	4364	chrome.exe	82
PID 4364 wrote to memory of 692	4364	chrome.exe	82
PID 4364 wrote to memory of 692	4364	chrome.exe	82
PID 4364 wrote to memory of 692	4364	chrome.exe	82
PID 4364 wrote to memory of 692	4364	chrome.exe	82
PID 4364 wrote to memory of 692	4364	chrome.exe	82
PID 4364 wrote to memory of 692	4364	chrome.exe	82
PID 4364 wrote to memory of 692	4364	chrome.exe	82
PID 4364 wrote to memory of 692	4364	chrome.exe	82
PID 4364 wrote to memory of 692	4364	chrome.exe	82
PID 4364 wrote to memory of 692	4364	chrome.exe	82
PID 4364 wrote to memory of 692	4364	chrome.exe	82
PID 4364 wrote to memory of 692	4364	chrome.exe	82
PID 4364 wrote to memory of 692	4364	chrome.exe	82
PID 4364 wrote to memory of 692	4364	chrome.exe	82
PID 4364 wrote to memory of 692	4364	chrome.exe	82
PID 4364 wrote to memory of 692	4364	chrome.exe	82
PID 4364 wrote to memory of 692	4364	chrome.exe	82
PID 4364 wrote to memory of 692	4364	chrome.exe	82
PID 4364 wrote to memory of 692	4364	chrome.exe	82
PID 4364 wrote to memory of 692	4364	chrome.exe	82
PID 4364 wrote to memory of 692	4364	chrome.exe	82
PID 4364 wrote to memory of 692	4364	chrome.exe	82
PID 4364 wrote to memory of 692	4364	chrome.exe	82
PID 4364 wrote to memory of 692	4364	chrome.exe	82
PID 4364 wrote to memory of 692	4364	chrome.exe	82
PID 4364 wrote to memory of 692	4364	chrome.exe	82
PID 4364 wrote to memory of 692	4364	chrome.exe	82
PID 4364 wrote to memory of 3664	4364	chrome.exe	83
PID 4364 wrote to memory of 3664	4364	chrome.exe	83
PID 4364 wrote to memory of 3260	4364	chrome.exe	84
PID 4364 wrote to memory of 3260	4364	chrome.exe	84
PID 4364 wrote to memory of 3260	4364	chrome.exe	84
PID 4364 wrote to memory of 3260	4364	chrome.exe	84
PID 4364 wrote to memory of 3260	4364	chrome.exe	84
PID 4364 wrote to memory of 3260	4364	chrome.exe	84
PID 4364 wrote to memory of 3260	4364	chrome.exe	84
PID 4364 wrote to memory of 3260	4364	chrome.exe	84
PID 4364 wrote to memory of 3260	4364	chrome.exe	84
PID 4364 wrote to memory of 3260	4364	chrome.exe	84
PID 4364 wrote to memory of 3260	4364	chrome.exe	84
PID 4364 wrote to memory of 3260	4364	chrome.exe	84
PID 4364 wrote to memory of 3260	4364	chrome.exe	84
PID 4364 wrote to memory of 3260	4364	chrome.exe	84
PID 4364 wrote to memory of 3260	4364	chrome.exe	84
PID 4364 wrote to memory of 3260	4364	chrome.exe	84
PID 4364 wrote to memory of 3260	4364	chrome.exe	84
PID 4364 wrote to memory of 3260	4364	chrome.exe	84
PID 4364 wrote to memory of 3260	4364	chrome.exe	84
PID 4364 wrote to memory of 3260	4364	chrome.exe	84
PID 4364 wrote to memory of 3260	4364	chrome.exe	84
PID 4364 wrote to memory of 3260	4364	chrome.exe	84
PID 4364 wrote to memory of 3260	4364	chrome.exe	84
PID 4364 wrote to memory of 3260	4364	chrome.exe	84
PID 4364 wrote to memory of 3260	4364	chrome.exe	84
PID 4364 wrote to memory of 3260	4364	chrome.exe	84
PID 4364 wrote to memory of 3260	4364	chrome.exe	84
PID 4364 wrote to memory of 3260	4364	chrome.exe	84

C:\Users\Admin\AppData\Local\Temp\CrimsonRAT.exe
"C:\Users\Admin\AppData\Local\Temp\CrimsonRAT.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2296
- C:\ProgramData\Hdlharas\dlrarhsiva.exe
  "C:\ProgramData\Hdlharas\dlrarhsiva.exe"
  2⤵
  - Executes dropped EXE
  PID:4208

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb2acccc40,0x7ffb2acccc4c,0x7ffb2acccc58
  2⤵
  PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1848,i,6894297906395088434,6269559684374775539,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1844 /prefetch:2
  2⤵
  PID:692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2144,i,6894297906395088434,6269559684374775539,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  PID:3664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,6894297906395088434,6269559684374775539,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2192 /prefetch:8
  2⤵
  PID:3260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,6894297906395088434,6269559684374775539,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:3300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3252,i,6894297906395088434,6269559684374775539,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:2380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4512,i,6894297906395088434,6269559684374775539,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3564 /prefetch:1
  2⤵
  PID:3008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4696,i,6894297906395088434,6269559684374775539,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4732 /prefetch:8
  2⤵
  PID:1540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4720,i,6894297906395088434,6269559684374775539,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4680 /prefetch:8
  2⤵
  PID:3296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4936,i,6894297906395088434,6269559684374775539,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4956 /prefetch:8
  2⤵
  PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5028,i,6894297906395088434,6269559684374775539,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4940 /prefetch:8
  2⤵
  PID:1596
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Windows directory
  PID:3864
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff771b74698,0x7ff771b746a4,0x7ff771b746b0
    3⤵
    - Drops file in Windows directory
    PID:5104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4396,i,6894297906395088434,6269559684374775539,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3328,i,6894297906395088434,6269559684374775539,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3508 /prefetch:1
  2⤵
  PID:1732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3524,i,6894297906395088434,6269559684374775539,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3492,i,6894297906395088434,6269559684374775539,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=212 /prefetch:8
  2⤵
  PID:1048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5132,i,6894297906395088434,6269559684374775539,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5148 /prefetch:8
  2⤵
  PID:3560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5312,i,6894297906395088434,6269559684374775539,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5316 /prefetch:8
  2⤵
  - NTFS ADS
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5060,i,6894297906395088434,6269559684374775539,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2236 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2220

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2556

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:716

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:4512

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
PID:2544

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:4696

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:1700

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:3764

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:3912

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1272

C:\Users\Admin\Downloads\MasonKnockout-main\MasonKnockout-main\MasonKnockout.exe
"C:\Users\Admin\Downloads\MasonKnockout-main\MasonKnockout-main\MasonKnockout.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
PID:1004
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /k reg delete HKCR /f
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4784
- - C:\Windows\SysWOW64\reg.exe
    reg delete HKCR /f
    3⤵
    - Modifies system executable filetype association
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    PID:3412

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E8 0x00000000000004E0
1⤵
PID:5088

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Component Object Model Hijacking

T1546.015

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Google\Chrome\Application\SetupMetrics\20250219150242.pma

Filesize
520B

MD5
d7bdecbddac6262e516e22a4d6f24f0b

SHA1
1a633ee43641fa78fbe959d13fa18654fd4a90be

SHA256
db3be7c6d81b2387c39b32d15c096173022cccee1015571dd3e09f2a69b508a9

SHA512
1e72db18de776fe264db3052ce9a842c9766a720a9119fc6605f795c36d4c7bf8f77680c5564f36e591368ccd354104a7412f267c4157f04c4926bce51aeeaa1

Download Submit
C:\ProgramData\Hdlharas\dlrarhsiva.exe

Filesize
9.1MB

MD5
64261d5f3b07671f15b7f10f2f78da3f

SHA1
d4f978177394024bb4d0e5b6b972a5f72f830181

SHA256
87f51b4632c5fbc351a59a234dfefef506d807f2c173aac23162b85d0d73c2ad

SHA512
3a9ff39e6bc7585b0b03f7327652e4c3b766563e8b183c25b6497e30956945add5684f1579862117e44c6bac2802601fc7c4d2a0daa1824f16c4da1fd6c9c91a

Download Submit
C:\ProgramData\Hdlharas\mdkhm.zip

Filesize
56KB

MD5
b635f6f767e485c7e17833411d567712

SHA1
5a9cbdca7794aae308c44edfa7a1ff5b155e4aa8

SHA256
6838286fb88e9e4e68882601a13fa770f1b510a0a86389b6a29070a129bf2e5e

SHA512
551ba05bd44e66685f359802b35a8c9775792a12844906b4b53e1a000d56624c6db323754331c9f399072790991c1b256d9114a50fb78111652a1c973d2880af

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\998afa0f-df13-40dd-be89-2fa05ee84211.tmp

Filesize
8KB

MD5
837ebef3da0604ad1e29a7ef557a97cb

SHA1
f1c168792e0af7109facf0d8a54bc7c9da35d95d

SHA256
7649c2b252c9b0513c2f4ce055142311b0d02f78d8c895cca6ce8b2341178a26

SHA512
05fcab8afb72c1ea2f7bc38a97fdf287bf2965eb8d689fc72129977b77ed5de88721e10b241433e5b0cee67894dd8adbe955df4248ab3c2b6fc722e19f480f66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
21KB

MD5
3958a3df1c32b86b752b6d1af94b2ad4

SHA1
63e5f9819e03bd3e677ad480f9690778573a1efb

SHA256
c6b2ac5de87c8dbbcc88929f78e9f469f7eda32b238735f17307129a935bd519

SHA512
06f2af8b7d538652fed628d9233b12913ae5b4cd117226652ca0a46e203cbd945a5ce1e6494a21727be1cf7b3fff1d4e39716fa24cd1b66a506ad1ace1c79bca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
21KB

MD5
54d2c504f0b710269a13bad34f552abb

SHA1
7c79631be828cd1fa04030b63cf9e23ed29571c5

SHA256
34acf086839092fa81d02de527db37c38c72806b7e53fdab9a50570cba953e47

SHA512
83ee68e560a33c5fa39527e1661a30820ba22b2c617a4ea40fd2f0ffdc44c167f1c91385e7aa3308e99cd2855e6c47cae2c9495dd386b3f8135fcad722f0b267

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
38KB

MD5
adf2df4a8072227a229a3f8cf81dc9df

SHA1
48b588df27e0a83fa3c56d97d68700170a58bd36

SHA256
2fd56ac4d62fec83843c83054e5548834a19001c077cdb224901237f2e2c0e4c

SHA512
d18ffc9a41157ea96014a503640b3a2a3931f578293e88cc05aa61c8223221d948c05637875d8e3ee5847b6a99341ea22b6a1aee67c170e27bde5e154cf1b9ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
37KB

MD5
d2610a5d8eb0910f15b4d0ba1db62ad1

SHA1
a48324d4034a4aede07736a1e1236edc09f82109

SHA256
30cfccf9517449b44740afc542d5ef80255071b5fbf4f36d767bd479dec3fdb6

SHA512
06c3abdb2ed0d6b9ab1f9b2172b1ac28862a8b27abbcc64250aa43302792cba76a201b2b1a180159a50658ba34657464335cee2f2cd8511e34133657bc1b60dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

Filesize
16KB

MD5
58795165fd616e7533d2fee408040605

SHA1
577e9fb5de2152fec8f871064351a45c5333f10e

SHA256
e6f9e1b930326284938dc4e85d6fdb37e394f98e269405b9d0caa96b214de26e

SHA512
b97d15c2c5ceee748a724f60568438edf1e9d1d3857e5ca233921ec92686295a3f48d2c908ff5572f970b7203ea386cf30c69afe9b5e2f10825879cd0d06f5f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
f8771da3ee5249f39c7508f49988cf71

SHA1
686e9ebb2dee765d6d50b7d37230904bff208c66

SHA256
ffad67d1960e65b383842b442a40c2d63db8d0840235cb6826c6f7fecfe934fd

SHA512
3fad40509806953086ee25c690482c1d1c3e4be73fb92c848c6588d37eaa92394fe64c02be864a53edf7aeb5e26b4a70aabd5061b9a99d3b727e6de72a99d2f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
e5c808bdd6f15219a88e064b8a12af28

SHA1
55c0c65ffa00c2da641d3799364835ce13512ef6

SHA256
344b56cf05b44f87828f7d88899cd35970ba63b9cbbbccf075e70b0384747c29

SHA512
6107daa0166ebc52c7b9c30bc38aae0efffc009c13fca5e0ca07f2d7458e0d0e911c0be76e7c8262c882aabe499786639e2173454e0df46110749c9ee02fce73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
ff3459a85812c759dc531b356c6da69c

SHA1
02299f970327a55b24d5d2d6c1a256b7d5388d1d

SHA256
bfe2da1705249cd8e98bbab3dd8a965d90af6fb19e47cd13c21010a977a23335

SHA512
73afbec301e538a9723e1478c872fa21041d4316ec499aa34a2ce5822170df939fd5e47a93c82feb3ce6618ce22c6cc4ba98e09d3f6e21f211b6678dda17fb88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
2a6c5f88cd41c35e85ac3f56f0fc0ace

SHA1
f7b1885403c6945e5cba87bbe381ef176b7bfb8e

SHA256
7b0acc93c20a77680ab48ac7b25a3433eea61e1ee5be075b0fdaa9c6d6d67aa1

SHA512
40ae0d4f12995ff8d341c912302517bf20caa6f02f1d3395555a7b1664175937670ea9d9be8f5defca8ce0758571f31ca5d3c414f3809761cc988c1ad2729346

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
806c06a54baf21b3f4497ca4a674a283

SHA1
841f2d6e33fed106ee43ce86ecccdbe38256f576

SHA256
3acc9776f7dcbd16d53cc50a00aa7bc9b58caef8956c18c3bd7a1bf61457789a

SHA512
e85e34bd108714b74ddaf19e605766d7a4edb0a175e7c9b9941679f4c657793e4cb9bd1141e7974c78cb4ef0706067966416dc76e814b279a0e8763986122026

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9d5a865baecec77abe83dcc017afb3cf

SHA1
8912c4233ef7d2f9e2770b79e21061d2a7fd47c7

SHA256
814c4d6b51e079c769ab6eee1b9b040effc256af748ed3dac20d8c56144f0c87

SHA512
9d47dfbbd92e200e21d78b8fc9fed0fab5d5edd4bfa81fd5a8344487c6f8e6e7cf1697c8d06c186a06fc7105cdc8dbb317dadf7f1ac38717ca642f8ee7b88b42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ffe714e1f92028639156fd79fecd9cfc

SHA1
b8df47ade240ec6ba385d132bd16bbc685cadbdf

SHA256
fef37f15f0e2bd2fbd96e32fa855b350ca99a951b524b18d0bcf73a4c489ed24

SHA512
1687be02bf0a455badfc1f20fa1db9031c0a0a61407bdc990d6a3a279a0a0d504bfae5b08afa56a222cacb5c8db0c362bbca6313d53f4d467eeace1727edb93c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7300ffb6fd8acc002f21b0cb84a5fc70

SHA1
34bcf170f2e3647dad9552adcf589606ce719e2d

SHA256
ec84be08168b33483b230d52223e23c5b7513a5f549656f2afe4af10ebc57780

SHA512
69f81b3ad8f8654627e665a7cd1415cf68c8c0923dbbf64480b117ee3b67b9c397d23b769d7416fe4b42248f51647e719b195cfded38a02a2a1094ba19a01e4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
32128638bd639209f809c38b4f6fb01c

SHA1
c54dbea06761ac50c1272602b929c736ca658504

SHA256
f6b26ea775aa2e2294709ead19e3ff9d2429293b2413ff49627bb4d16f12e5ed

SHA512
0f8cf44d429d937e4434618606456932279edb6f999491309fb3de4e4b5db89f90ef5dcf8b9b5f635348d6684ad0787f22006d5e698f60aa688d0f4ec5b3e638

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cfd56ebd43f6b2933df2a70c35b5de8b

SHA1
35293a2f3281ae87c9f4151518dc3efa7153fbee

SHA256
4a0f900c5f298604f6129ee07a9a6e89d7b2d7d1111ff2255adbbd2bf08d6739

SHA512
6653d83131ce85eac87e21c72e6baac37352065df98af3e28dbe4c5cc82c9c8600bebe3d21803def37f4c3becaa7c929ad7c70c5f111208ba4001c3d3a68f051

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
28a93ed01760e50d66735eee8d7d4b8d

SHA1
2a067785ba3165b64c1d13bbb6c67e676770ed14

SHA256
0bde57f10e508f6fde0750e16538ec0745dfb956dc98207f2135cae8ec035378

SHA512
2c3e5e5a1ef8920e5bbc8bd8806101b1bc1009765acd2a69794620f0609b1bcd22eb49b1b53edcbeb728a2c5956691d1470193024050813baf877aafef929e25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c303a436d7c5f0003a6ab6a11007662a

SHA1
e58b17118c42c04109b05ea4a7569047f6e5af95

SHA256
f5665418d01de588997bfa27f864fe6f8a5aeefb03a4bcb68b1f931ee8c92bbf

SHA512
f3b3c6c50eeb3eed67b3ebd764d60b78f28616c5766da4b67bc2365fd2641a7052bb37b368eee24db5999c1cadf8ef1ca821e938d16ed2eb70b15f2c4c3d2a57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fcd999ee21606924115128cf7ec470d0

SHA1
422f29fbf2269287eb79b84df948e9b1346305b6

SHA256
129bb5352a6cc4c263ce2d66ca6181a364ebe3142822baa62522703f774da2a5

SHA512
146521bce3c05118676a9f20a3759705961097a38068fe0fa2e3febd8ba922b2a469d4d90597c912626b737139cea64436a6aed5ff6ffb8952ba7baed16b8ade

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
13e39e4231d246ef39c268753855b2f4

SHA1
c2e93dc52301984b91f3414a4f102a0514bb07db

SHA256
95be15aebd6d1050abf3bb00abf7f053d50c7d935a3e7331c401ce2e267cbd2a

SHA512
9caeee78173fffe21326b57ecea7489cbcb94c8bc24f8d5fc5bb96cdc84978b764e17b7201925fa3c1a208d1c22a1066c93e1b93f543584ba1bdf71e1b1f19e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e345f5d298fba0c56dd97931946c1494

SHA1
a004b8433f15f27e243fb842e0214c5187348b60

SHA256
eeddcb823d1194285ff8f562144d787f71c89050780c99a12ecac5bb1eb7959b

SHA512
a1084b6f4e983ef16055160a10b5d12d7d59004a5199e0a12a7ed99b082898bf9e55fbe7b0a59882709e0a4c261fe001a74e0caebb2b748e18aca43a46641998

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
68ec5f531edc996d1fe9814505524afa

SHA1
e68b868cfeacfb7be8f1c98ca4da0258aeeccf6e

SHA256
b9a03cdc6bafc76f49a3f7907940339090bf7bc4148f9befcca5cb385a71baf4

SHA512
248a7eb82f6d19f92531d9a575bad867ecdff2020c4ff72c37540a2155aedf7c08c0ae58e72b6179de9edd1bc74bd130fd2065eb4cdbf79511a30a4c11b6d659

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
05470dc87a30b0664c49005abd5fe18d

SHA1
9aca6daa72641a257f114e582158b8a96cea6e3e

SHA256
f3fab15c17f32df5947b37e0877252bb458cc824fb77a439307cc7a5741adf82

SHA512
433eca6dc5e9de810bf2d6806eec8a931d7bd9417c7fbe7bd35565de776fc8a25031e1f5a34ab410d7190df8723f7ef1f8a900e62acb02ce4b79c366db3e432b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
44a219aba2a6a0bcc0bd1c037fe5f0bb

SHA1
7bdb86bcc8b989f4c93083ff33343b54689989b7

SHA256
61e4649fd1aaff7314c421ffdcd703f80a3b399dbfc175de4076f474508c8689

SHA512
3d335babd7636a6599caa65ef8418de62ddf6469f8b10c53123e0cc6d66cd8d2c0d00133f36654a5ea9a8fd470b9e570ab217c9530aaa276709fd703c75e7514

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9a4729c3341d452875fcae93f1d851bd

SHA1
10763532cb8e4d21545b07accd9aa4505ffd1b14

SHA256
83bd389caab6549cc6e58d7ef56308bbdaa3584e03f981ac39d7a33c6658ef35

SHA512
1847509ce02ace891dfd3f16e682680d52265799e9e2dcaaed94986ebc1fc479993b55e01b25d83e6a2762f97738e7dabe889570f4cb840465c491760cb15e6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
eca777c291b316f89fa96979dcfdcd2b

SHA1
e25f1d14a632b3ec06fcef2c159c2907e3bb31f7

SHA256
1749882f2eb41c683d3adba9ce87beb8e6865f63596a2267ffe7fac1e6b4c4f4

SHA512
bdf9d155983eb05eee4a0ab9ed7268595f6999e38529654d598b3ee86a0ed0a651c1e90387aa7703758b5ffbd408559167a623b9bf1e3b226eab878f3a7f2f47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
eaf8447ca90a94d2bb8beae5884d1a07

SHA1
63c3f18465d235aa40c9d078fc341e6bd4ac6060

SHA256
9f01ac7b9d8a639d0b3c0dba5f08cec0b5b475653a9560f3bfad46994a8b157c

SHA512
ba9038a85cb0f2fc3e2246828202f8aab56ce1a2f697ad1ff9738a5b42c1358971d7fe219fdd3a08fb2b6ae263cddc3100e23d7a844ad349a8f3b30beebd5f50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
57135174524c86b5c090840914330bc8

SHA1
d801a27116ec84a3a09110fab101a62c69a1461b

SHA256
d5d92c2109726beee204072961a70803be52beee60321406e64645245a8f809a

SHA512
6953b059e321df91bd4e729fb48dddf7883c773db02630ee79d990f1fd598a61bd347d01fdc5019811952857e261bacc65885ee06384ea8fa9a4eff24c8267cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
218aaee5a5bf5399f7bdaf4d40f009d0

SHA1
bb88c29a885687d107edc60e8e3546f81fc6e316

SHA256
14060d782542e3d014ea79b24476c07e123930d806bce094768e1ae23740c078

SHA512
e0262a396edb62eae9de4fe2875419ae2433362bbd6f7ff7bf8112a7508df3ba2c8142764585240ba3702693dc9c4bbb2b266a2df18a1e976a5199cf4355357b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
63c9740a64b54120d1c2a06d8aa91eda

SHA1
a4afbae8c6358cc6eaa3cd38d709e5642b0e6fb8

SHA256
87073f9e9a6c757d8275613c1ffc692861c7bc7f4a41520d8a1d07b44d760f10

SHA512
c28620b40799608a8a701bbad360d01bbf13e6317370b5681ed08122f5261744eedad14fb51e2d155c597e4857bdaa9f0443b50a1d09f47933f857e1f592f582

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c61fb2c7de48d62d5521c2c55c6dcd6d

SHA1
d353e46f98a1d1f5f49630806f30ec16207b6c73

SHA256
334ad83a0ca33ee32506883632e314651125efddd53371276d73872f49746e8a

SHA512
0b9368cf25246ea002cb5374f12ee447d9804af470f46c8c6ebb7a6fb0b54f87b7b8c2eebb0d699d4a5cc904164bc38c83a4a3b060dfef470e93716b8009cbca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
05b96282ea876409fe4b01a44ad02d74

SHA1
71f879c5f7fac9d682db9adfb9d2e12a62fbde33

SHA256
fd9e68faa7956c941f3797534a304a6c09540873133ae2193410656dabb334ed

SHA512
a692dfd77a750bbd12431e2d7475c05a9e6ec7be90596712ae2116ba4ed3891bb99f5357df5d3ff4538396cf2c915364426f2b2a13648a869d7abccc0441603f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7b7508496f6626580ce34255e9325767

SHA1
1c6cbfe07b0602647c1fcfaf3bcaae502c011706

SHA256
b72252cf23a8cb4efdb15b54d72024db9f7187b0f5cb20fde1f5a652edc87fd6

SHA512
033c8e2d30a01119909979b5f4305de155dad4444c8cbf9ada54652bb389d1ee76e66a3a44e60bbd9261465ec03a66a2affd424a649c49b76579014da45f5167

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
96971d3454dc03aa83e4e1488ba3e6aa

SHA1
97b03680605cefe341acab31a854f6029a059b70

SHA256
7bb8b019d8a04b98c57dd089a96dea4fb313a85fbf63903e727ea0f063d5b41a

SHA512
bf14656c60ed57cf43c8db2f0dc86c66dce276f4fd09dc305f1285707e5962cbdf54c34b792ef5cdeffb88a02972cff9c391fa49d1ba30d2cc1a86b1a188cb88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e5a61bd312a4dddfea9830a02e73e04e

SHA1
bb6ba91e1d2e5b3f6599ee78f3b0b68b5b791bfa

SHA256
0ccb91e2f087fea56de0282c1627c0ef6c66a9e9c12607e4ed6398928d6f9a52

SHA512
3286e2b8368039a53a4c42016c53284d114fcb4fbf299af205542e566458530c81de4a6b93a6d0a746180372fa5dcebc84dbba5aadc53eea81130de26e9805a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
53c313c3f4d2cafd6d437268ddc9c529

SHA1
7fc7a68c9052e875a4877b42ad878f2b2c9dc9e9

SHA256
9460020259b32aff024b2ed960c38f8524993f9390c5e75beeff0ac154ed649a

SHA512
c806a98b29ff0862878e1069e5c2d8b3137a59f6f44c1702947f53d3722e96345a64945dc7c08c47a8c74fb2896dc53d86b18be8b7b4ba77cead6dac5300399b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
96dfbdf3b5beeac6b60db4b3eb821571

SHA1
10dc2463e84a066ea820c56c0b2d383046efaac5

SHA256
84a7cf554a5df52fe803cc17dabdcf5fa3807f8226460b7446fd62c3159de570

SHA512
616926b40275a34cef73924adae492870ea35bde754a88059c344a9af7243524800333e7588abee7ba4a48e73c821aab573da81db015a9ae9ddc25ae4b85cb92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c7307801f64c7fdf29d2d513871b19c1

SHA1
adc6a9013af2009a0da8a375f1002728b7b6b93d

SHA256
31c5af93d7db92ce9c55e00a627fc1f3f081172da8bbb79403bed2c0be1f3d77

SHA512
4dba8b8e53fae70b191452346e91a252a5c0d214c9569956a1eb2bab8bdb357bf7e3731b5814ac72f96d55b9f55cf9d4b9eef1ecfad1caf58e58840404cfbbbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5f134a6b642df9c72f284f8630be7672

SHA1
f1c956a484147dddab30e1f8574665a0d42dcc16

SHA256
4e040e75adbd96aab6722d8eb7471dd03e5b3ea499a452be0254e3be4af4b2e2

SHA512
eab8636a2e4cd306d5f74d5018551c391bf963e308d6b969e9c385e2e233f85d1cd157e4ddcb780aeff08fd7c7b4fd8a99b9d6ecbe9c01320d72eb8b1bf94ef1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
76689668818a055c60ffe6b68186f735

SHA1
b19fbc6531ceb5a4de27d5d23fbbad308489d853

SHA256
32fd0fa8ac678fcc86e80ba2f0363857f6590f30d9aad7184bfb6706ec112491

SHA512
57f0d5aea18b1c64766480d351beaed0e802bd56979167e77a925586b2f435aaad4c7ed88d30b4cf772cf45d7efe0fc6e093a15f62e6201b122fcab5684dbbce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5fbdb084f0b98d097e80ce289cf6208d

SHA1
9eba400bce6537369c1f635be9202f80c31a9147

SHA256
14b9bb93ca95e6a94ef6f672dfba019f03e48179e22dddb72ff0100963667341

SHA512
ad80bc2c909f7b7a94ee0312ccbf1724f6a97f2a620c775ef5c4cdd33e56bd0013412fea3548cdd2af986319ff5f93eb072461501aeed6d0ad6cb124e5a7aae7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
78617e2ee3c91f973ed2a7c658ec4794

SHA1
d51153d0d41379c07e265d739e175d845a3f04b9

SHA256
3375d3a55754d39594221e9b5ab9946248f5556379c26d05ac5a8bf56fe4720b

SHA512
9087f5d6bca6f5b7adee9065ecff7c809ce4ff51d9047ba3c5b6b56ab94904d645faa9601e09213e7cca000d9beaeaa27831fc9203c3dc551424e19e54ebe5bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
022261120a0a7b7f04436604f3cc1827

SHA1
bf46fd65d8a727c2a1f7f31182725c14e43d81f1

SHA256
f17d704f6e44ed6f89a2acd06df8433a78f0f5ed50824a2282ac49c6029b886b

SHA512
3952915cc38dd1e8035b24fdbf65c487304cea5569f1452cde3026c6d2fd34b9e2a905b6b25e499af136d05271e7fa3a7dd73abf4b61db174ba905371cdc55fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
aa995ab1c6ad0cd5d97034663995aa03

SHA1
395e7abad676e5a23aaba9d25e456ceabce670ff

SHA256
2b83ec61f14466ed33bfb27d1621db255f3848585b764d85f38633bbc458b0fe

SHA512
815d54f048f5e7c736589ab31f2de04bf5899616616c99b44ad744b943fa1ce67bc5356e620865eeaae4a08421a43d973534f3133ee73cb71ad590d92e6fcd20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
31a7467a956bad5719cea3bf99ae0645

SHA1
95158f88020d8a8c5e2a924f43be55f859609b4a

SHA256
db81e47bdacf0757fe676c9d7f06c331b2ea913173f13a1f4b42a2f41ce7efdb

SHA512
f2223b5402b8cb0e34bf153fa40c3d9444014d3fc450e8e50fe66bd6d8ee7e8386c8d112a211443e1786de6b44277f1031f23c9cf333efdf92bd4d54b90c96ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7ed3f72972dbfe95a119c09f1071ee09

SHA1
0c3459ff1d167264ce3ed5ec31e610a9a49daed8

SHA256
c427337ba2a5617afbc8dd7ddd4298f41eb549b11c298c1abffdad097abda96e

SHA512
7302213ba3cb7a6c5a055699e358561b1dad2f86cc72f4ee1d371c68d435379c0042ef006daf8f51efd1127e80ec66ba6391c71c2522a8f6f3a9a19e95726e90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7a8938450fd4a7e93e3e9000592a12d7

SHA1
28826da4aca211302c1d442a7763fb4fd7f359da

SHA256
7542e6bd1b5de853940ee9bd21d70190e99edc8d3c1f1102f8e64f15fd29136b

SHA512
149b10bff22ea063a2d7485b790b2502f36ec2c68df2b6082d919d29d8bf848a30385f44e937d3d02c95c14843ed7703316e3f3441ec67e358fb1712894b7224

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
edd6e786b56502a6f7614d2fa3c39ffb

SHA1
a648694b5ad7cfa7569b4e93bc75a1be328f09c7

SHA256
39f09941e696ea033aec3a2083dc748f05ddb0360263d8bac582ade07c8b4552

SHA512
fb24b3a0dc5ef7abd5b9a14a76775a30ea626ad6224dc1d4fe7ad834d7df7905b408d5f03b886c7eecf09ae63fed91fd8d6bcaaa8fc7848a9d4d1c022ecd1135

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
79283149c9841119adf5eddd769e0f1a

SHA1
dd63b2017673c3fe9bdcf03f36f3d02f2c940986

SHA256
b814010f3604fe0504ff481be514fb1ffa060112255b809a6349915810bcdfd3

SHA512
e2d47b8e77ca4c870b802ac9817d8573c417644268663b27423e0d7377075fa9a3ab6d72c2462ab7187cdb22d847050128ddea2517cc4150a57125e918d4a1c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bf0d05fd4955fae2d7b92f7cce88a99a

SHA1
99ea262f11f290d6202bfee5f560bda6081c8fac

SHA256
27e9251c4cf2a31e7b2fd161bbedb25fb7ffbea0a78277d9953527220d26b843

SHA512
88ad66361e7aa38c09bff8f7462d78078ea9039f60df2dba71132d92784c675bb4b0aaff3df809fd0a4ab5811c229baed48cac45578c27304cf1aa9998b2c0fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1c39d526ca41c6a7e4f62882bb2d6a15

SHA1
ecee6592d62795cabccd73c93872b893cac0b498

SHA256
ccd6105f43c4009120204235ac93f9eb8cb969015154d069c29c52585319e792

SHA512
5bdd86a97748461b87905748d116b5193ebdc8c9ec471b50a742da8ad38142db6db154d0ca1e25c2dea990af69fc119d0911f066d3b8a87e76359cb1fd14cf00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a8c51cbfc5e304c38b339736a9fd05a3

SHA1
629382f56afc5f8a4df598d7eeb96acff4e5ce90

SHA256
f593016c62cf3c88064576410c5b0d638513ab707c2fa0fa31ca3bca561b2020

SHA512
86d3b4fda7625545fa9b7dbce72a648afe099a774f2af90f50acbc2a360c4f2d2af161aeca74b90673319f2baa191cd49c350f1a0404985354e1e4b1f14f4d14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2f47d972a7bcb724bc10cd4a0c5b2917

SHA1
c2f32aa28b0814ad0278158196968fde34d97563

SHA256
58933bff420cbc8db3f784ae47f3a2292104e3f9e49f2ad6080157ec622142e0

SHA512
fab875acba4843fff7fabadddb4f034454b13999e0d36f64746f1f272449f455f3633838d2b480e876d03aee5e8bdf1cbc62e8d5f5aa593759c3b09ebdac90f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
aa6cbb2e49f8263eb0c753e71086aa7f

SHA1
fe5236eea1bf7842e2f4da737606687711090342

SHA256
b474b11a8e6bab334d16e796a3d292347df67f5284daba196fec206aa682fa61

SHA512
1b12625ac9588d7d32e98f192f9b4813c47e3ce9d23054d582f3a9c879b7801e2e3ad665807ba13e8dff851895d341bd63c49ddeb34c937abb4c7d99c07a6067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8aa607d8fbf26d679f4c64edc58f288f

SHA1
f3877deed9b696b27bb01514b28ccee300678c5a

SHA256
83e9749b9a0f235c0afed30dc84235ddf8e0070f0a0231bcb831365e427fa1ee

SHA512
691c7086139eda3bd9c3e5492481752c4f5b2c803517dcc4e8b429e0fa763d5ac330010681aad1302e8b6cabe996fd77bbe81b73954724e407c40b884a1518cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
59b11d9c714dc429a696aadc7a51b0a1

SHA1
7524533f0e03c9d5a85ffe4b03dce4b60bd50986

SHA256
66655b7f60b79c6d2d4eac78ffc6c42f9226136fe1a78074968ec6df63285819

SHA512
e89a60a1dfacf235148098234961c501ac23943a232e65b31a052d3a4f8a57e61506d92194b5d75b70b7395b52fbdb4e294a1e5bf2672a621b8462ca6a3fe89b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
287ba98e3043b978930ac21f0b636113

SHA1
efc95b19560e58a887cc8cd4bcda8b279ffbbc7b

SHA256
89a3038b86df5b1e1327444b9c36635f43b9f12976e966d0a1ba8e746732012a

SHA512
674b6ff3cc8d17a73a1da2e7999aab1e40e5b95440a68d6a7f99880a544804442f4247c17f101e77b202a4f2e3eced812294ed95927775d3448b1788f4cbf5c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4660b83485424e6aed6e0e03e0298bbd

SHA1
1897ac9d8c3c6efb7e876de86e6c1f7a942f3b40

SHA256
a5920ab71ffb5cf9e1a05b89d36490d638574884c6325ed35362952747694f4f

SHA512
56c14b945467a60bae622f5cb8b2f3e690d8f4e0461e4697131b1fd36df5e9305a748e597a536a2cea26b6773aed2b2ac126649185f23bda703eeeafc922356a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c37617d585fd6bd1711ca7ede1c2d228

SHA1
9a8ad6595577245c1544ecedbda465edf571f102

SHA256
4487ad8687f34af2ae417979be2725b512fe99ccc5d864361a0e3d24e6391dc1

SHA512
7f105ee20b0e2180735e97e4879ab2e653057a4b164c62602c0c741255555dd948ba9e50e4a00756e94f5cc3d8b56a5cc593812bd7896d0c4ff9a39ca0979844

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
148a187c98c6728fb0edeb43ff888462

SHA1
2b9258c0dec79d5f54aba17675dff4505bf96689

SHA256
ce54e2d28a2dbf405ea2690e48c812ae8529c6faa7c9ec3e930985a8b7de8d70

SHA512
602bcd2a1e7b1824b81b16f2904f71997125cf366a081d9dced259b14f6b82361108fbff5dedc13411cb1c5ab6bfc6cdd4ae0db0a1d4c9f9ea88b9664d06f1fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d5caef4bbf08bc6117f0280d5a08df2c

SHA1
03175f9e8ceb8fe070730835fdcd11d3fa1e07bc

SHA256
bf12a7630a337f815be405d4fc88f71d2a76a0003396310f93b2aa87b1410c73

SHA512
e6c7a5e0d65e66d8996ec467e87015a82222bb6f786ed1fface4192b23e138656d5672568e3fc1b5249014a2cda83485cc9d9caa401e66d904f1f033fe37eeda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
76a2af811ee13268afd1c38cba276caf

SHA1
429bf9e9e314c0b460f0afa75586ff9aba5dd058

SHA256
ff506a81629dae95aeec2cd12c987c47a79086cec1250607f5ebfbbbdea5aec8

SHA512
02c8e25c2ae19c56ad3886c0e6f112998d679e6b0d217e3781aae96b4cd09dcb8054bac9e8e332ae6df2246d13e6ffabd832e6d106767e57764ed0496f4e0213

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
50fe863ef742ed29a09e636d2ab72e0c

SHA1
5622362a86571c1a3864ae2803d8b86aa4b296ae

SHA256
9e176e783185cc415183daa24236d1bde9ecb91d9101f7af914589e4b0f5a6de

SHA512
09cfdf2ffa98789a2b40c6a3eced7c18d86cfca0fd7e9d4fd2756be9d33900e148a3cfe84f2b957e235912a80bdc0d9f0ac58621f7be6f0b85b79a0bd1b8115b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1f64d5e20764d9869317094c6cb67173

SHA1
c9ac28d3cbd787f90936bbf6f6357e95a8e76929

SHA256
0e4be892b0e3155e4c40d1cb5f89126550f8a5cd0b97657dc3d390c29125c00c

SHA512
34669ec57f312e9aeba824d2200727028a66e8c4e5cfcf54058023bd115bca95fc6cf94ebaafd3b7d87cdae31fc61ad2ce3b65b6f9a47f4a9e95a233c5cea006

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6b6ba5d3326fdcb1cdacc76a55db4856

SHA1
82721eef4aa172e4f61529ad47927914801c839f

SHA256
2f1ff99a939f8746c7850d84dce92dd1398ac6faf4854fd8e7f6012fdb845e5a

SHA512
ce2e137a1a6a51cac3cecc274e551614c25c22512e7015336784c9157d8911d1b0cb051a0198f4d556172ec0687b11692f939dc654d8b874c37df50ea416129b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a326a58d44b49e0c68298d7af5483680

SHA1
271ea3c4fe329c8cc50a62da0f5ac9325e5e7c8d

SHA256
49d4413212dfd22c26882f50c3d74992ebd848bb2e7fc0d79841db63dbc00224

SHA512
6e161107723648e75f6a144d4613d98092905b7b99f0b9f22b179215d7b310f4d8c0f7545dbea04348bb45a6082f985dacda9720de487f5cc8511c2ebb6765de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7cc8ef6fadfda9d66695fd765b033b9c

SHA1
1f17acbddb4c128a83060c0f9209dd6caf10a24b

SHA256
75c35eeb195714954aa6a70281414b4cbbfded8d53c85ada0a897f6a4b981c38

SHA512
dc8ff7c79963c31b01a085277a05cf1a763d9fc4f451f1c2cc45bde9489341df79e1537b8f67698a40572aaee6af9129abc0896a4f18e7641f5b5d11d534c9dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8bdc4ae334379c79083b8cacfb60985e

SHA1
b295bb7ed7a291416501c0ed604d6fd8252f6d33

SHA256
631d172fbc8317eba5b7b035eb8516886e3c142b0f035fae5a495c9d3b4ef171

SHA512
33088a0e10481cb35497c6b2b69b3bf5ef123ab451cca838c7802564d18d685f9d4fff1fad2000cb68854369e285fc4906b2043687bee3ac8b683997cf0139a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ada5e868949643ad442d5e52b5efd3d5

SHA1
572bc517e6d5a8572a21b660c6c7b1a3d4df2563

SHA256
10426a130709d79eef3f9bba76ecdf97d7e9189f6abf502e736708d95d506838

SHA512
0c38faac3d21c00fed5669cda8ff0331bf5579584157ac519e82107739e349cade0e3fdc7c1b94fc7e1fcb4ce5d11d7a9b8f6f9ef9b65ca7e17f1227fc52922d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6fe9a5acc6ba47c34b0ea9d2c3aab6c7

SHA1
256afb83de792b54ef0f63984edf30c3f9f949af

SHA256
1ce6b82ee6deeb9a186e3f86874376f23cd0fd060ce4a0dda92f1eb3cf90306c

SHA512
91401d70b607656eccd7eddb2a059d1aa25fbda73dc10641864c1a17cf06d8da086d2f32a9b6f33036ce4c653362c291eb00d668cd9a30a60b287eef42b8f2a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9841aa08f6c9e283d05f79b1d6e844a2

SHA1
11bae4f4d5cb72469eea6b57d245ab5de9692ebe

SHA256
0304b58d2aad614b1709640b814cb459c650729e8c3d7cbec464f8fb6bd56330

SHA512
79330e03173cf8a9dbf0dcc1465f58fed7873f62560a0a8ab759e8d31ed53881683e0dc137abc064688ce19c080ed39fc0c639b33efe0f0bb57795b46dae6b0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d3befe3bbed8fc0ee300737b0927b94c

SHA1
42cb34c4e5bae548a8cc9418075d353427bb6eab

SHA256
5659023bc2a6db90bc05462acccd1cd0b76ec27ee966be1aa7fcf5db4772ea53

SHA512
c6115de6a48d7c3ffd6c6c23b5cff5885ef05f4f4c56ae24cadfa651a17f5bc13a5d419f0d52ba17791220f3ca09979417ec86a0c895718619b048f427f254a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
bd4b3431df55eaea1d3edcc86914df68

SHA1
601f250828ac7da93de21a243a90572757ebe50f

SHA256
eb90d636c541ed56cb601b06df1c36d0cbe31d33e1ce956c793bc30f612eec8c

SHA512
e21598b84cb22d1bb56d160a2fca6ea8eafd7bcacd65add1efe68ee0e77c2c8492d52ba2ecd2f9c78ba3750792134b9d3425ef1f536894c3ee08143d3d8d5094

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
273KB

MD5
889ef687413f85bc727a600137727317

SHA1
8844f8bd0436e704e6dd439dc4b33172540e8d94

SHA256
9601c0a459e7c4bacbdce48840f62f18b54bbb3b0817074a1966937e03c77817

SHA512
9597771dd0bef205a214e7233e642cb2d40b091f777e647c2090e530ca0445de997daeeeb57beedef3cb0064ab9435c759a9530af94f4ecba4f3c23bb3866979

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
244KB

MD5
771d4d22c09a3c9f08b56ebbb3d23896

SHA1
0143e4f6abd6116fdeb8ba8e3109b4d3848bbc21

SHA256
e833cc61ca32657e524854cd503e760de4468282aa4a0be157eb5d8a8b2d44d4

SHA512
f2af73024f80706690c07741712b33f1c3f588173ee65a9260c775d79e01ca38b5e440908383921ed923123c5ca93d06fd85146835830b0c5ea0a6ac66140bc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
244KB

MD5
ebefb033fe0f521b0d046c2aaebd3a11

SHA1
1b8e76c0430eefc6b03b2520dae5b160bde7162c

SHA256
daf7190d480f500540691e550f7784b479f16d6c29cb51b73852134d77fd708f

SHA512
5e7007bf2de3f384c4110ec823dadb90557a736def6b8a888f56e1b9dd57dc8e054cc52ee4ad18ec0c1a9a2fff377fcf7eb901596b6db73a5f532cb07fca67ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
124KB

MD5
e672e4e556c022a0c7416638873c416b

SHA1
00b7d9987315dadea6d884d11418ddfe353b9864

SHA256
3970ec740e93b4ec399861d7c20bf2fa57f2a3e0b52f5a7c624084b2ba709975

SHA512
9919a1cbce01b2c59507135ce291da39677ed53b2afffef0ac2ef26f5183960b8174dc709e6168657dacb654b48d4c20cf94c35353166c24c379abade4b2b130

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
244KB

MD5
954c7d42c053a0bafbc61644024f42aa

SHA1
7601b01d09c102441d6246bdef42a55b1f3f8601

SHA256
ac33dce0ee9ded561758a41568c6083d4680d0f9514dd0340096d6cdd9273916

SHA512
1563c6e9a71c281568fe16293eab1e46c95b6c499e640013eb283d053577cc4b9c8e16fcf8b0e78701a9a117be99ac04943ed3a49b973e0ce28051fe0f305dc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2025-2-19.153.1700.1.odl

Filesize
706B

MD5
4e39b3f40d8817f35b5f00eabd70bbae

SHA1
dc0850fad0a8a3716770c49b66fbe02c0b8a04fa

SHA256
2543ee5641b7b19f5d6d5ee95a82af08aeaff7d75db363017af4df46e932d3f0

SHA512
9cf40843ce9721473d0fb2ef6f1845b875612663e0f9bfd4b5ac3d318ad22c889b2d2a668f2001402a9304615c937466da808e3d0cc2cc536fecfd416aa1fe2e

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\2e56369e-8268-44dc-b8f5-7f6302af4f1c.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms

Filesize
8KB

MD5
e7e65c796ee6cafc0df125ae883b5763

SHA1
0edeaf153b022f82d553a67be96f672277ee1a5a

SHA256
23bb17e7155dbf685c496c8315705576d37ea3217ad2e7179321b8b674b37369

SHA512
b0fc43ac916902f300e2dd2c7db6328839b57059c0cdaf9b6aada4d033135fa2368c872601fd2ae8061c7723e8fd6fd3b42b74ba9aa46ee71cd85a4639d2f075

Download Submit
C:\Users\Admin\Desktop\ConnectMove.ram

Filesize
309KB

MD5
9ff2af5cf76bd75b94803674480935d7

SHA1
817c3dc49de993ee75511c5623a1ce10d0c3f057

SHA256
f1b161454cf9fa77bbac145498864198bef2babc180343ec3639b7a44cc72ee2

SHA512
5ed496e85e8475d5f776568ab35d76ce4b17742da28a16eaf15622e9963fd0503c303f337d65abe692cdc5854b880f069765d882ed00c495787887d50e92053b

Download Submit
C:\Users\Admin\Desktop\ConvertToRestart.inf

Filesize
450KB

MD5
72eb74167f79a17a3225796d33586151

SHA1
6095aa6e625aa00c8c242fee8b637bf42d1089c6

SHA256
f3cb89ee1db754c2ee0e016163c7f474c18edfaf9be6b13a91597644d681ff54

SHA512
06a8fab304f505da5ca09d1bc3f310311bf79de5f89fa067d00ed2650b2649d114b850daabc3848d6b37914e903e4b007c3a535709e8af3333911ee982efb9bf

Download Submit
C:\Users\Admin\Desktop\EnterUninstall.mpg

Filesize
760KB

MD5
3c5b0383ef8dd434e09cce089b085204

SHA1
fe2db3bffb9963cd44bf77548ca54cdc71f2774b

SHA256
2286cae9fd4ed1cfbafa33aada6fe718f4ed5972f381eac1673e8f2d0f49e423

SHA512
433966f78e58d112a4ce16bda8cca0a611e4635f2055a02c71e7b8fea55ea08ab90b71bbc0c1795f2148b5a8009137984414e49fbe7b3054fff8af53c54138f4

Download Submit
C:\Users\Admin\Desktop\FindUnregister.crw

Filesize
732KB

MD5
19273af98eccce8686430758c573fe6c

SHA1
ee1c210166d8b5eda0306fcf586bfb7aace81beb

SHA256
7b937486fe4e91bc6f50ad438c6803169d0ef488979a0574661701b367ba1681

SHA512
b76d6f5e51e187fcd3a0b673e1d5b31e84dcd50982f7aa2d0fbfbc03b2b812353c0e3c1c676183b5c70fc78a04d0d4ac16db570b1d99baf9d0915ff273c3332f

Download Submit
C:\Users\Admin\Desktop\HideSend.MOD

Filesize
366KB

MD5
0d9611b3f8c80e23ceaec3939121f877

SHA1
b22de2267509a47e2b15ebebba5b581ee30929f3

SHA256
289ff730d700896ed5bfa7ed639c6369dc7ceafc3d562eea85b79afa96dda69a

SHA512
153e8f5f141f3f2f76df52ea8cc4a106cfd68c61dcf57353a561edc0ac2fb8424e4784676586313af30d167bae7b61e90384e0dc70f81f28ebe21e73229c9799

Download Submit
C:\Users\Admin\Desktop\MoveUnregister.vsdm

Filesize
394KB

MD5
25afab051fbb44e7a9e9cd3360ea2ae9

SHA1
577a54a78427e7e46fabb36388c752d9f8418961

SHA256
0cd9e78319f695eba7ff3c29567dba9dfab8d4700870e8876c06712bc763e67d

SHA512
adade9c9d965004ada0d93936f72c4c5bfe0007c101c684fa25968a1f10e1851fdb47b96b524e3bbb4f858c4357ca5b0df28a7c2ef5ca724b956dc0b2f4013a5

Download Submit
C:\Users\Admin\Desktop\PublishAssert.temp

Filesize
788KB

MD5
63b2547ecda85bfbaf18361f5ed76279

SHA1
4e3d81cb71f39246672eba24d411455d5bf770a9

SHA256
c7a2b2a456ca26a4c09dd4f5ee4779c3c4499754f363351e2d885a26aabc313b

SHA512
3a7d7c8b1042f5f278f948ea15e64748823498151775a229e41ee04cf1e5ee9e6a862a2c8043e6262647f1be04fbb37c18251133501c734421cebd39825b7145

Download Submit
C:\Users\Admin\Desktop\ResolveLimit.xlsx

Filesize
14KB

MD5
f106778ffa090f6af2f80f2662e190f1

SHA1
3be79a689ba91dcaff6f2e24f0edbecfffaf300f

SHA256
2e44655741ca235433fe68b9cfeb91963852a30b675822c5d8271be14c906d9c

SHA512
1b030a151c51498ab366308d4f5b9d5f0f32093dbf549174b9fd6416b3801d0f8e379adf61b7a1b0074861dd578071faa6323a878330ed3be39bf3c5ee21a93d

Download Submit
C:\Users\Admin\Desktop\SaveConvertTo.ppsm

Filesize
563KB

MD5
c47b348e60187e808e14cdb986f1c2d2

SHA1
3b23b159b67a89f4a2f332b4e8dbb069fed884d0

SHA256
6976d72d07cabb19314b7b686b5700df10571dff05e2545185ec0107bb6caf0a

SHA512
603de6cc062fd4b2488f10d853dae276e9fa82580528d883861ad7812b0724844d8d7334ec386fbc8474f1d373001b31eb47b4ebdeec0e3e8e340bb38959a5f6

Download Submit
C:\Users\Admin\Desktop\SyncDisable.xltx

Filesize
281KB

MD5
7a3675fae552163a589f1bcb35833078

SHA1
1f05dd05fe03655b493f576926d3743af2e57f7c

SHA256
b3bfa4d3b9e488d6300c40fb93542ac2032f4b1c7fbe8faede33e169a8becc3a

SHA512
575f81833da213fe335db58bf908f619ce5e665c895e95a479ebd1595ac4a44db2bbf22bf9ac31df29e293ff64b7729dbd095049262f6dcb147cc684636b765e

Download Submit
C:\Users\Admin\Desktop\TracePop.xlsx

Filesize
12KB

MD5
d33bd75774d22971d865becbd900840f

SHA1
a66023d8c4e45795f6efe73233b73cd57c6a56c0

SHA256
ac1b062cc0c23bf934a2186787e065e062d479d74c5baca560cb578d937ef362

SHA512
3c890fad584b64bbb7b5ab062c68338215ce7ed1f8f6f6c6d90cc5b07153c7ed040e2074be3a57b9b4b72176cb9c53c5081fcbc2e1a60169837b9cb16c61d655

Download Submit
C:\Users\Admin\Desktop\UseUndo.xlsx

Filesize
14KB

MD5
d76e1b971f65cbcb02fa08cb9f4852f4

SHA1
906d09859177f5e43ca53ed899f94ae43b667fd7

SHA256
59345a20a6f31752cddcbe08e242a996714f4da32f8ac63b11d5bfe3d73db871

SHA512
9aa5906bf1f64ee6b7bc70c4780cfde154f44322a9d74600f1e542b3ebd775d33176b1da56249fa361e05bc6486d863e70e63518205d346970ce09fbadd5cd95

Download Submit
C:\Users\Admin\Downloads\MasonKnockout-main.zip.crdownload

Filesize
256KB

MD5
9905928436e6fa74b75fb97b19522393

SHA1
084a4b9f51656c4fac18199543fe158ecfc7b0af

SHA256
20d0ec9a9a5616bb02f36b7806d05bc0b76f2babc9dd8ed3f3fcf4bf3c3f33a9

SHA512
ae5b16dc135f696c3188a9f2b7ec73c810931b53078f4597160e11abcf51a5c2a4981fd67a683badb08a8f0fca7aa894d343c5bebde51d078f667fbcef241f21

Download Submit
C:\Users\Admin\Downloads\MasonKnockout-main.zip:Zone.Identifier

Filesize
165B

MD5
11da8ac7d70416e70876ace13f2407cd

SHA1
998dd974c94e82e33c47d6aae33be876a0269a49

SHA256
29372b4e30f31b7b1c403ab064993238aedb0d34a005daf9041e614a3b1b7e4d

SHA512
8d6e1350f0289f628cddfb4a8f4a603c45e10275c7519e728cf79ac220eb548d7a80c7c6aedda0cda1e6c25c7294d468cce8ed0bdd3b1e1d21424ed460615f9d

Download Submit
memory/1004-694-0x0000000000850000-0x0000000000898000-memory.dmp

Filesize
288KB

Download
memory/1004-698-0x0000000006530000-0x00000000065C2000-memory.dmp

Filesize
584KB

Download
memory/2296-2-0x00007FFB190D0000-0x00007FFB19B92000-memory.dmp

Filesize
10.8MB

Download
memory/2296-1-0x000001B376570000-0x000001B37658E000-memory.dmp

Filesize
120KB

Download
memory/2296-38-0x00007FFB190D0000-0x00007FFB19B92000-memory.dmp

Filesize
10.8MB

Download
memory/2296-0-0x00007FFB190D3000-0x00007FFB190D5000-memory.dmp

Filesize
8KB

Download
memory/4208-35-0x0000020A8F410000-0x0000020A8FD24000-memory.dmp

Filesize
9.1MB

Download
memory/4208-34-0x00007FFB190D0000-0x00007FFB19B92000-memory.dmp

Filesize
10.8MB

Download
memory/4208-36-0x00007FFB190D0000-0x00007FFB19B92000-memory.dmp

Filesize
10.8MB

Download
memory/4208-82-0x00007FFB190D0000-0x00007FFB19B92000-memory.dmp

Filesize
10.8MB

Download