b7dd3bce3ebfbc2d5e3a9f00d47f27cb6a5895c4618c878e314e573a7c216df1

Analysis

max time kernel
900s
max time network
907s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
01/03/2025, 16:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

The-MALWARE-Repo-master/Botnets/FritzFrog/7f18e5b5b7645a80a0d44adf3fecdafcbf937bfe30a4cfb965a1421e034996dd
Size

8.7MB
MD5

b2e0eede7b18253dccd0d44ebb5db85a
SHA1

ee5db9590090efd5549e1c17ec1ee956ef1ed3d1
SHA256

7f18e5b5b7645a80a0d44adf3fecdafcbf937bfe30a4cfb965a1421e034996dd
SHA512

5608fe7bde5072de7c98bacfe7beb928e6073be87c0fbccd8075c808d9a7c642abe254f6eb620d627f5324e35821fc9b41a31970264abcc472adfbe2c214a9fe
SSDEEP

98304:zbc+G4RTwJg0GTvmF3D4cQ1XmkPF0ihOehaOE3Ok7Xk:zbc+G4RTwJGOzfQYkPGihOekj

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file 2 IoCs

flow	pid	Process
180	3292	chrome.exe
180	3292	chrome.exe

Executes dropped EXE 2 IoCs

pid	Process
4028	DesktopBoom.exe
1692	Hydra.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
180	raw.githubusercontent.com
75	raw.githubusercontent.com

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Crashpad\metadata	setup.exe
File opened for modification	C:\Program Files\Crashpad\settings.dat	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Hydra.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133853211246960616"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4344	chrome.exe
4344	chrome.exe
3340	chrome.exe
3340	chrome.exe
3340	chrome.exe
3340	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4028	DesktopBoom.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe

Suspicious use of FindShellTrayWindow 56 IoCs

pid	Process
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
1692	Hydra.exe
1692	Hydra.exe
1692	Hydra.exe
1692	Hydra.exe
1692	Hydra.exe
1692	Hydra.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4344 wrote to memory of 2164	4344	chrome.exe	105
PID 4344 wrote to memory of 2164	4344	chrome.exe	105
PID 4344 wrote to memory of 4896	4344	chrome.exe	106
PID 4344 wrote to memory of 4896	4344	chrome.exe	106
PID 4344 wrote to memory of 4896	4344	chrome.exe	106
PID 4344 wrote to memory of 4896	4344	chrome.exe	106
PID 4344 wrote to memory of 4896	4344	chrome.exe	106
PID 4344 wrote to memory of 4896	4344	chrome.exe	106
PID 4344 wrote to memory of 4896	4344	chrome.exe	106
PID 4344 wrote to memory of 4896	4344	chrome.exe	106
PID 4344 wrote to memory of 4896	4344	chrome.exe	106
PID 4344 wrote to memory of 4896	4344	chrome.exe	106
PID 4344 wrote to memory of 4896	4344	chrome.exe	106
PID 4344 wrote to memory of 4896	4344	chrome.exe	106
PID 4344 wrote to memory of 4896	4344	chrome.exe	106
PID 4344 wrote to memory of 4896	4344	chrome.exe	106
PID 4344 wrote to memory of 4896	4344	chrome.exe	106
PID 4344 wrote to memory of 4896	4344	chrome.exe	106
PID 4344 wrote to memory of 4896	4344	chrome.exe	106
PID 4344 wrote to memory of 4896	4344	chrome.exe	106
PID 4344 wrote to memory of 4896	4344	chrome.exe	106
PID 4344 wrote to memory of 4896	4344	chrome.exe	106
PID 4344 wrote to memory of 4896	4344	chrome.exe	106
PID 4344 wrote to memory of 4896	4344	chrome.exe	106
PID 4344 wrote to memory of 4896	4344	chrome.exe	106
PID 4344 wrote to memory of 4896	4344	chrome.exe	106
PID 4344 wrote to memory of 4896	4344	chrome.exe	106
PID 4344 wrote to memory of 4896	4344	chrome.exe	106
PID 4344 wrote to memory of 4896	4344	chrome.exe	106
PID 4344 wrote to memory of 4896	4344	chrome.exe	106
PID 4344 wrote to memory of 4896	4344	chrome.exe	106
PID 4344 wrote to memory of 4896	4344	chrome.exe	106
PID 4344 wrote to memory of 3292	4344	chrome.exe	107
PID 4344 wrote to memory of 3292	4344	chrome.exe	107
PID 4344 wrote to memory of 3076	4344	chrome.exe	108
PID 4344 wrote to memory of 3076	4344	chrome.exe	108
PID 4344 wrote to memory of 3076	4344	chrome.exe	108
PID 4344 wrote to memory of 3076	4344	chrome.exe	108
PID 4344 wrote to memory of 3076	4344	chrome.exe	108
PID 4344 wrote to memory of 3076	4344	chrome.exe	108
PID 4344 wrote to memory of 3076	4344	chrome.exe	108
PID 4344 wrote to memory of 3076	4344	chrome.exe	108
PID 4344 wrote to memory of 3076	4344	chrome.exe	108
PID 4344 wrote to memory of 3076	4344	chrome.exe	108
PID 4344 wrote to memory of 3076	4344	chrome.exe	108
PID 4344 wrote to memory of 3076	4344	chrome.exe	108
PID 4344 wrote to memory of 3076	4344	chrome.exe	108
PID 4344 wrote to memory of 3076	4344	chrome.exe	108
PID 4344 wrote to memory of 3076	4344	chrome.exe	108
PID 4344 wrote to memory of 3076	4344	chrome.exe	108
PID 4344 wrote to memory of 3076	4344	chrome.exe	108
PID 4344 wrote to memory of 3076	4344	chrome.exe	108
PID 4344 wrote to memory of 3076	4344	chrome.exe	108
PID 4344 wrote to memory of 3076	4344	chrome.exe	108
PID 4344 wrote to memory of 3076	4344	chrome.exe	108
PID 4344 wrote to memory of 3076	4344	chrome.exe	108
PID 4344 wrote to memory of 3076	4344	chrome.exe	108
PID 4344 wrote to memory of 3076	4344	chrome.exe	108
PID 4344 wrote to memory of 3076	4344	chrome.exe	108
PID 4344 wrote to memory of 3076	4344	chrome.exe	108
PID 4344 wrote to memory of 3076	4344	chrome.exe	108
PID 4344 wrote to memory of 3076	4344	chrome.exe	108
PID 4344 wrote to memory of 3076	4344	chrome.exe	108
PID 4344 wrote to memory of 3076	4344	chrome.exe	108

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Botnets\FritzFrog\7f18e5b5b7645a80a0d44adf3fecdafcbf937bfe30a4cfb965a1421e034996dd
1⤵
PID:1624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd08b7cc40,0x7ffd08b7cc4c,0x7ffd08b7cc58
  2⤵
  PID:2164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1884,i,194461425191909239,7705315846064367557,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1880 /prefetch:2
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2192,i,194461425191909239,7705315846064367557,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  PID:3292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2284,i,194461425191909239,7705315846064367557,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2496 /prefetch:8
  2⤵
  PID:3076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3180,i,194461425191909239,7705315846064367557,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:2864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3344,i,194461425191909239,7705315846064367557,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3764,i,194461425191909239,7705315846064367557,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3848 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4692,i,194461425191909239,7705315846064367557,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3772 /prefetch:8
  2⤵
  PID:1184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4828,i,194461425191909239,7705315846064367557,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4808 /prefetch:8
  2⤵
  PID:1052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4536,i,194461425191909239,7705315846064367557,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4972 /prefetch:8
  2⤵
  PID:2116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4416,i,194461425191909239,7705315846064367557,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4452 /prefetch:8
  2⤵
  PID:440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4944,i,194461425191909239,7705315846064367557,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4936 /prefetch:8
  2⤵
  PID:1112
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Program Files directory
  PID:3464
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x284,0x288,0x28c,0x204,0x290,0x7ff75b754698,0x7ff75b7546a4,0x7ff75b7546b0
    3⤵
    - Drops file in Program Files directory
    PID:3764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4732,i,194461425191909239,7705315846064367557,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3560,i,194461425191909239,7705315846064367557,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3432 /prefetch:8
  2⤵
  PID:512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3416,i,194461425191909239,7705315846064367557,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3544 /prefetch:8
  2⤵
  PID:3956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3376,i,194461425191909239,7705315846064367557,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3412 /prefetch:8
  2⤵
  PID:2256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3356,i,194461425191909239,7705315846064367557,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3528 /prefetch:8
  2⤵
  PID:2676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3484,i,194461425191909239,7705315846064367557,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3444 /prefetch:8
  2⤵
  PID:3164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5272,i,194461425191909239,7705315846064367557,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5360 /prefetch:2
  2⤵
  PID:3692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=3404,i,194461425191909239,7705315846064367557,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:3776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5556,i,194461425191909239,7705315846064367557,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5560 /prefetch:8
  2⤵
  PID:2608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5480,i,194461425191909239,7705315846064367557,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  PID:4068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3428,i,194461425191909239,7705315846064367557,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3552 /prefetch:8
  2⤵
  PID:1968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3548,i,194461425191909239,7705315846064367557,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3524 /prefetch:8
  2⤵
  PID:4176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5716,i,194461425191909239,7705315846064367557,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5764 /prefetch:8
  2⤵
  PID:2932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5424,i,194461425191909239,7705315846064367557,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6088 /prefetch:8
  2⤵
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5896,i,194461425191909239,7705315846064367557,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3420 /prefetch:8
  2⤵
  PID:5088
- C:\Users\Admin\Downloads\DesktopBoom.exe
  "C:\Users\Admin\Downloads\DesktopBoom.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: GetForegroundWindowSpam
  PID:4028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5552,i,194461425191909239,7705315846064367557,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5516 /prefetch:8
  2⤵
  PID:2964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3576,i,194461425191909239,7705315846064367557,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5684 /prefetch:8
  2⤵
  PID:4132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3384,i,194461425191909239,7705315846064367557,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6008 /prefetch:8
  2⤵
  PID:1588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3588,i,194461425191909239,7705315846064367557,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3556 /prefetch:8
  2⤵
  PID:1176
- C:\Users\Admin\Downloads\Hydra.exe
  "C:\Users\Admin\Downloads\Hydra.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of FindShellTrayWindow
  PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=6132,i,194461425191909239,7705315846064367557,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5500 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3340

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3332

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:232

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:1132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
20202c4755ab51fdb4bee9ae951bcd10

SHA1
178ac7007376f087fc91be41be482ed4ca13d226

SHA256
2a6557449fc9e461fdcd66a68f045209c993d2a9c11e3015c307428fe5241ddc

SHA512
2d51a6abf64039896f6ab97b4193dc7bd875e17053e6306f0907cd5d7394650414f7972d326313a1cc94480127f23ee7726c686dcb229c0ed29c131519649f99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
3KB

MD5
cc894416a7c9323586722121134c650d

SHA1
0a55fecb7094672f46bde4126b63fb27c75970d2

SHA256
0824921426cf57a0a8dd6e9942163e59a2ee0cc75648817f97e58a7ccd864624

SHA512
a6f6b1ef5ff6bf1a56b30e1a7d26852194b6cf46255fda88f9e86b01c9734370d8ff9d2953984510c84daace9ff83262001549e3aba69b3e9cebbeee45565228

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
41328d5fedb1a6c430f35ff6e009451a

SHA1
6f5a14c22a2d9ab1695e36b09379fd8c99569206

SHA256
7eac7e820318bf9f0b2bc689545139651dbc47f9ee75c504519690a3b7d8f334

SHA512
9aa53adbb475b2d6af6d3444e20b34533be52c7f7c720c2ad73cc2343716ec462820ae641433f9ddb7e7d1f309db77a173b0a6c07a6339442ef64692c95e43db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
0e4a1ba2f63e716960dfa058f1f9115b

SHA1
dd7ed5d760a0a60734a87a1dff3c137547e5a508

SHA256
16dd14eea7ecceea815971f6b7e069d6484d35361d1e7a55d194ebf4437bc29a

SHA512
360823f49d51390388b6099f538fd9d1e6ea02c62c93db872816b16874faffae738add1a6f82255bf7c46822b76ff23c20818b1a2cb80176831d39a81608bf5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d23bdff394fe27977351b4768cad720f

SHA1
c5a57cd043cb5b9c61e33227cdcc68f4c4fc65a9

SHA256
d5036f690a2fff9db114af0c96ecaa646b56116196b019d4b44f77074a06d9df

SHA512
ce8c92edf24285dac327699c133975f1d3a28fb9b4d1d960275586b27158d21af4d3f394eddd89f97a8e2f2690e3f555d49da27650ce5d7f88f2fbe66085a8e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d3624ec96483aebf2dda975d16be6444

SHA1
80866a3a1f3b29c268f0abd53bb1e608a1a67a28

SHA256
6980130ef6a142421f459001df0930e604e27c09fe4d313f656c52b82cb84529

SHA512
cf398bc5e09d3c1cdc038e52943c1843d3a98d0983c22cbfa504c16f7fa8b3767533a0cca3bf23db4d1111a10a85eaaf3c06e8450e667291a73afcb9fb1dcdf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8c37d9696b7c8e4feca95104ce61a6ee

SHA1
9863ad87b00a58d4d2794234e9c160b1fe0a995a

SHA256
b38fc1444d7b703d463250a7774fc0915a6706ca5a0d861150117c843e515c72

SHA512
38f279471462d31e227bf0e548d3d557b1b9a8b1c0d9b49bddc78754425b8465c0bb0c2ba14ecbd6f3224cf8552d980001dd6918e679a06f4301395dfe2a928a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5f8989980b4b6e610c7e400268661ee6

SHA1
cdf31868879aa5bd2f58e01ac1b62bedd10df95c

SHA256
a64df4f9c276f5bc7d1f5d003c511088e2a4666dd67664787d36edd101c087fa

SHA512
67d4226ca13733e010da8c81e616e14f019ee37544835d33d9e86964c6ae33a820b492a577175e4cadc1d5803047735137bae34c4b3f9153d983d362a0590828

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8a09c0dfe20ec1d5decda4f83645ad32

SHA1
13246b21e7d54fece2b422773018231272801ff0

SHA256
0cd314e56140492d131a9247a9230e2af96eed56e1bf0bce9e1f33a0159572da

SHA512
f01871b2dfbc9cd54adf1bc2037f272df6e8b3b7260c2a9248a6accaacd2bb200031b9d619f6d924359412c33b042543867bc86b6a139591399eaccf12bf7c80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d054541547d7fa32d9205009c5add87b

SHA1
f677cb626aa6176b7ce2f78b636b52d412a61144

SHA256
9e1f68ddec5e018b58ecfd9bf40c39e4c3ff15b97da5653a91fde4be0e9aa471

SHA512
e44f6dc5bcf90055201ada23f1ac84503d40fc4a7d99053e9ad564adcc9af562a550533e95f423fd872f36f972ebc1e784768654ed844d03dbef018c8c1e5dd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
db21e1d1bff43dee1d1c8cc402d4cccf

SHA1
3447f43405df86ff03028aa00284d804e3ac4a3a

SHA256
d11f63d7e6682895b327ce6e0fba039293f528e99ed4efc99d76bae59697c23f

SHA512
b1dc04fc419d5eba8073ef2c71f4cc70890080f12ca593c4799fb8edcfa0ada3461c1b22218672fe5200ce192d0eda0c8274f36a0917110d8f57f863c2eaf54a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\f194f803-9c7a-4bb1-9e29-90a0c0009e46.tmp

Filesize
1KB

MD5
a568ddad197eecd4500e87cd71f166d0

SHA1
a090f2e72c568ecb2bcf89148a8bbe6bb49dc23d

SHA256
e7a779666bdb223da16fea7947a12ce4adc1b895fea3996724cbbf78a6c7feb2

SHA512
5ef1d78cce2d4a0c41d0176c0976be5d96a35e616392ee06db077d8e4538c1462e575e7f7802da132f5eece57326cc7ea309c3ffe6d472e649ad3bb8603d3aae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4d55b63d96ca2bcf0bbf21d2cda63c03

SHA1
dc9b213000fb5718dd5043f340fec0bfcdf6d5f4

SHA256
a10b70c9b0810d66bd1d059fbc5b614fe48df0d8e5ed27e1ccd6f39674b2f781

SHA512
2dd790cfca7ec322759e44476d67ac1e11f55c252220ac7e95e77ed50bae5c2642318746f3872ee8af26a7c23d65f2570b1454881c43f469da92f9811fdfcaea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a0bf1f2a399415a688dfccaa6dddaf24

SHA1
8eeb5b30341dd81f9a7bbc4ac59f42f880b9e13f

SHA256
722de1fe8c74682a696359312dfa1cc5342ca259941446e9c855dfeaeea99787

SHA512
e91d47810e265d4a733c55a2c7d98a3a3fda29cd9b8d3bef5e9b935da1b0ebb4d1584f426cf0dbd1d73dc4aad17dc140b8cfb6a4975ffb666a5fed1d32d2c872

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3e233e5411e229a356ddf2abc6ac7846

SHA1
e8e245f5b6d349d88ee611dc8789d39b6ab397d1

SHA256
509c0c46201167e29ed98cf8ece2f13ef5e3d2a026fb5fb41d87bbe244580d76

SHA512
21bf8c055c04ff19bd38471a97466d05952d0117a107122bf9ea1115a2de27d8f42fc860d049aa16bebd13923b6ad7ce21f090d5e6c39e2b0cad5f92308a88f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
07196a5851ecea2360a5420bb4957b80

SHA1
7838be11f4bec24b7a3f6042350a2ee8ebceeee3

SHA256
82268e796c1c537a9b0ed9a723ef857966b2271d75222cfe2fff61ab94d5fcf5

SHA512
b0e07a5b416a0e700c153b00a5fc5ca14739d27b8aa37ca99f9ff8f20e5b00414d4da2c32b98e4dad5178b063afc71164d50db65781747a8dbd9f9963f55fa67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
be7159eec909971f136c4569b0920d67

SHA1
b1b4870c9f6a95340bfb279f91f7f4de278bab0a

SHA256
3e79fe3f0386e5c76580049db2d53dd905cfbb28c25da6cdea1c452f197797e9

SHA512
148587431b889d220712a1654cb1f77971416803b016684dc5c3fb04fbfaa5bae5db4a8da122165c9bb64c91d2503a3e21b0cb7ff7acd77adb8f3fbffb57cbdc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2076a93dce7a0ea05f73bfc03ac451bc

SHA1
8c0a5ee7af3702e8621f70d4ce3bcd9ff847c213

SHA256
1ddae5abf329eb2d440edf96c9387f34614837f49699328c1f9b5308dc1b9c58

SHA512
8469dc96d9eeed4d184e7b458863c8d859b5ae966300bdf793ec9e4821b4ee010003f7a134ea9369d793110b1afe0712ad0dde804c7583772420d7c6b2e7b03e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cbbe3e9921f83520a6e34045174cafc1

SHA1
a209d59a2779e22d8b165b6c607fa568f6ef8961

SHA256
aa408eb80262b566e6e2bf299b6b7fe14760c779cc952149b32741ed6d9a05c5

SHA512
07bfd302a560439d758939e275e266d899ece21cd5401e458dd78a84a95a688631a5976c272ad5babb045a056e9c7bfadc387f3b226f97348166707a748873c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7dc59ca41ab100edff3b624c52e1a116

SHA1
676b761da43db956e3c32c99f688d25ff19e253b

SHA256
09f07e1972a5a3df509f7891f568ca16c83846f17b79b85a559d8243d434c9a1

SHA512
b6ada31e02f928d1f30c8ad789c3f8e3bff4d85a49903d34ed31b1aa5d109f978c2c53c714d96cd2352fb72daa88643cac00fa36b812b55f9471ad4c58065a92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c30493816265adc69e509889edf5cd47

SHA1
6ba5818e530d965f07296544b75e41dcc9d11868

SHA256
e12f73658cbce840e29f42616891c253e0e10eb40ac4a1d81c32804bc8fd946f

SHA512
0c46acd5d749008a77441b72be00649849d4ff0c2042e640502847d35022fb59f0d93a6cf049053a50158f3124f65ebd5bfd623c8cec539d8e1dde1473a46ecb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f6ba1eab15ca41c4bb851de9f7bc1442

SHA1
a022591e8b0cbd6cbe14e57b3a34082b0416edba

SHA256
a77b42bc5b032ed345ddcc1da4ec77e442e4fcde7969b1316e46f9affc06c6ec

SHA512
84bd29c95a542cf317b0488541b1c653ebe33b92908e8902784e665f31ed9d0988750d79bfe0d7361faa55c187d7fe7b8854f31bea37ee8af8051da374e972bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3693c19ac7b8c0b8c23d90b17f352995

SHA1
c21ccdeb2904e4b96600baa548e32b961c41e33b

SHA256
6f405f56e9aff6f4b4b5891964cef88c25c0fc4ea47386f09d9635e658841d89

SHA512
99bd68a0eee16b943d641a07ab86c9a53f31d77a9f30b3b5bacc2d17bf19d0a862e6201a2bb9769206e386195a755919e873e95eaa5c91b5a44a6b11dfa35871

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bbe59cdbe8cec90782c499565bad4752

SHA1
fe753ad10faece28c8d4be1d0fd8a89b92ea64f3

SHA256
17905dde15e089da29e51941a2cca8ac2f793088eb2b9ed7cf4aeab29afedcdd

SHA512
99ebff9b795f3d23fbd640f17abf2317acd32e310be5f32047deaa580f00014fb3820f54e6c2f3bf67dd2ee0c7e84217a3ec7f5e5d4cfe96ca81645666f92209

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
84469bd08324a8811dd162af9c36682f

SHA1
924ec96bd48930750b0fcef223788af2ac44bd64

SHA256
22fecfd675bc3c389561df79dbeb6021a62e422ba26b641a5bc3ef1fb61df620

SHA512
e67dd18a7c1ccc4856340d99554a6375b2794032bd6727d70c36aedce390cd230f0e25c0b3de3cb58a5ef8abfb9e67fad2f7b9f2339f29315ef7ea02fdd7921f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
706f1db274bcf004bac81d30529bb5fc

SHA1
a2cfc4c664122f8760324031ac54b32ce2757bdf

SHA256
62a599e2a01adf4f1da30c49ea17f9f8b3cfd784ebc56f7bfecb518de8ef1956

SHA512
513c12cac9efb4bbea3f496a72fce79e0d1da145d0f35ffd6a29a262c43c05d8de87c76d793f984f44860381c9f0169ac9117cdffce9ffa75d6e4cc9e1a4450e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ecbe08ed35102360423d6f08ca103cab

SHA1
2a577a62ad57892ea7f1ec0d1ec081c09888e355

SHA256
f9173d1d437ae6ca7df0c42e387f5916ec027c7e99216c2d50c5a91de94b159e

SHA512
283b0f30ec85a98117511e7607a3a391efffa99a59b3a076d5736a8f4f5858375c2e1e6d21564bef0856c9a1cd2e0494bb530f006aa5bd245717789574edb4e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b525e486309325cdeccc6038df9f613c

SHA1
9b81d21c98067338d15798eaf0042b18d5387376

SHA256
6c2ade23e0735ee3b07cc7b0b326f9fbc609d9b875ae7b29cabd7e46e24de42f

SHA512
e31a4ef3490cb2d4c70c9b90065be3218beae7895f1feb96d5a61822ce768248cc8fefd741fbe45e564614bc74410b5ebe2c5e424bc0cea28d79840eaf1ac7b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8990c6afa88a487c9aececb485d5e7e0

SHA1
2edf4050ea602fc3e683cf4f84dfa95568a93da8

SHA256
653d1d7096db3571bfb28d9ae8f3dd3b40e774187b7d99469840d6d113356de5

SHA512
2d9542559fab07142bd72a51d7897d828c58f76295027a7fedaa56496d3c8531c1d1c1c0fe0f5dd26d65a379a237918f3c12162cde8ff19faae9d96b25d6f147

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
68b965dc1fe07b8de523c8713f3cba74

SHA1
1574b59e5bb1f9b0d2184d395e3f032955838969

SHA256
d0f24a57ee816ab45379dee6de2b3a8e8093a97f4336b9ea44ad47c19738df9d

SHA512
14bcece68155a4f8b1a77249348f7071bc763f62f500b0e755ce22fae3c48223f84992aa605bb49471dcccc563652794aff7f6607150ea44130140d43c3b982b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c68e25e07dbf0ee0a16d32c1e3014359

SHA1
635a67e0d7b58a8d445971b7e9444b1b5a0f4214

SHA256
2263e634312a0148d8e3e3af58d018f2fa86aafecdbb5e3f6b7d9162992516b9

SHA512
aa46ff0d3b51c1e35077cad5ce71e58dcce756d735fa04f35cb4b26359ca5649751bc2fdab64ba480db67732feaefefb9ec75b8facbb9dd00dc70bfebe226509

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e6f2cbdae9cfd8fd0346a652ae8d2c4e

SHA1
1de46166b5be9227fc5ebe88000380e667327cec

SHA256
267ffdd6df1258c37c01ad7a3b0d25dfc48e22ece2d74c5dd186923ffcba0fbd

SHA512
eef5031ce8c50141c3513b5b21f2475902cfb64f3ba63ae3c62fc014d262d543f6b09fd933f03304fa4588ff432b8542452686b1330ab424556128db8c14fede

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
1dd03548c8776609c7b3cf07ad5434c0

SHA1
423832b2b7dc46d9987ad6cd734622728453f16c

SHA256
fa08d219314de8ea0e9b78f7844005a6e1b8f79092c806da1d9d40483b5206f2

SHA512
f7bf916db5c391c54cb7d274f37ef334ddfbdb594d1e534b657128edffd3f35c2ca97fac63164ce8735d8ef38cce0f79041dd4e40e3872aa0e2a4a21d66d6bba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
f8dcb35b9334bf8dcdd5882648a5d2bf

SHA1
8e75c958ab649db928b52f6c1f6488d88c97d424

SHA256
d8e6b72df058412957cbd9de620ef76a6f886a6bff200547a21dfd0ed1dcd565

SHA512
f6b93f81595f3f9972c28cf11dd1dbc5948095e46297b5351e47a2b893e9d96aa1cc29be78dd7c63f315be2b73ad049ca098433a6f5c8ffdf804bd9795c7c7ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
245KB

MD5
e65fd8f2a24233d1b713d13c517c5721

SHA1
26eb38aa2468e01225831fe12b612e38b6d18e0c

SHA256
da814ff1babc396c91b623a038eb67640c0c530df2832f5e9752dc0a8602a815

SHA512
108b5a48d83d48d3b1db86bfa31c0b325b3a09194388f9b881eede3ecef8f6806265ac3093fc5e0d2db016e8b687b492149739cf5097e68267ab4c0f919062e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
245KB

MD5
a60aa31fb5aa520b4de1c32dcca4b07a

SHA1
32f0e3cc9b14c96f693d27d1152d679c78f60d15

SHA256
de0d96b65b6915fae41fd74df948316a721a4ceb32d253ba8172804799c9b351

SHA512
a23762e67e9d733eb77acef449715e7586eb2fe197d478d38f49a8ac9e88b8f64f768f4be24f3f4332d3e6e0d4dec6d45437d81af46f656c299fc9f90c9ff385

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4344_1117469569\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4344_1117469569\abd051c1-3a48-468a-880c-16713fd3dfd7.tmp

Filesize
150KB

MD5
eae462c55eba847a1a8b58e58976b253

SHA1
4d7c9d59d6ae64eb852bd60b48c161125c820673

SHA256
ebcda644bcfbd0c9300227bafde696e8923ddb004b4ee619d7873e8a12eae2ad

SHA512
494481a98ab6c83b16b4e8d287d85ba66499501545da45458acc395da89955971cf2a14e83c2da041c79c580714b92b9409aa14017a16d0b80a7ff3d91bad2a3

Download Submit
C:\Users\Admin\Downloads\DesktopBoom.exe

Filesize
1.1MB

MD5
f0a661d33aac3a3ce0c38c89bec52f89

SHA1
709d6465793675208f22f779f9e070ed31d81e61

SHA256
c20e78ce9028299d566684d35b1230d055e5ea0e9b94d0aff58f650e0468778a

SHA512
57cdb3c38f2e90d03e6dc1f9d8d1131d40d3919f390bb1783343c82465461319e70483dc3cd3efdbd9a62dfc88d74fc706f05d760ffd8506b16fd7686e414443

Download Submit
C:\Users\Admin\Downloads\Hydra.exe

Filesize
43KB

MD5
b2eca909a91e1946457a0b36eaf90930

SHA1
3200c4e4d0d4ece2b2aadb6939be59b91954bcfa

SHA256
0b6c0af51cde971b3e5f8aa204f8205418ab8c180b79a5ac1c11a6e0676f0f7c

SHA512
607d20e4a46932c7f4d9609ef9451e2303cd79e7c4778fe03f444e7dc800d6de7537fd2648c7c476b9f098588dc447e8c39d8b21cd528d002dfa513a19c6ebbf

Download Submit
memory/1692-1045-0x0000000004BD0000-0x0000000004BDA000-memory.dmp

Filesize
40KB

Download
memory/1692-1044-0x0000000004A10000-0x0000000004AA2000-memory.dmp

Filesize
584KB

Download
memory/1692-1043-0x0000000004EC0000-0x0000000005464000-memory.dmp

Filesize
5.6MB

Download
memory/1692-1042-0x0000000000040000-0x0000000000050000-memory.dmp

Filesize
64KB

Download