hxxp://temp[.]sh/muiBS/another_trash_malware[.]zip

Resubmissions

08/03/2025, 02:26

250308-cw6ayszzbv 9

08/03/2025, 00:06

250308-adswsszms3 3

07/03/2025, 23:14

250307-272vcayxd1 10

Analysis

max time kernel
82s
max time network
79s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
08/03/2025, 00:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://temp.sh/muiBS/another_trash_malware.zip

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133858659805437941"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2512	chrome.exe
2512	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5964	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2512	chrome.exe
Token: SeCreatePagefilePrivilege	2512	chrome.exe
Token: SeShutdownPrivilege	2512	chrome.exe
Token: SeCreatePagefilePrivilege	2512	chrome.exe
Token: SeShutdownPrivilege	2512	chrome.exe
Token: SeCreatePagefilePrivilege	2512	chrome.exe
Token: SeShutdownPrivilege	2512	chrome.exe
Token: SeCreatePagefilePrivilege	2512	chrome.exe
Token: SeShutdownPrivilege	2512	chrome.exe
Token: SeCreatePagefilePrivilege	2512	chrome.exe
Token: SeShutdownPrivilege	2512	chrome.exe
Token: SeCreatePagefilePrivilege	2512	chrome.exe
Token: SeShutdownPrivilege	2512	chrome.exe
Token: SeCreatePagefilePrivilege	2512	chrome.exe
Token: SeShutdownPrivilege	2512	chrome.exe
Token: SeCreatePagefilePrivilege	2512	chrome.exe
Token: SeShutdownPrivilege	2512	chrome.exe
Token: SeCreatePagefilePrivilege	2512	chrome.exe
Token: SeShutdownPrivilege	2512	chrome.exe
Token: SeCreatePagefilePrivilege	2512	chrome.exe
Token: SeShutdownPrivilege	2512	chrome.exe
Token: SeCreatePagefilePrivilege	2512	chrome.exe
Token: SeShutdownPrivilege	2512	chrome.exe
Token: SeCreatePagefilePrivilege	2512	chrome.exe
Token: SeShutdownPrivilege	2512	chrome.exe
Token: SeCreatePagefilePrivilege	2512	chrome.exe
Token: SeShutdownPrivilege	2512	chrome.exe
Token: SeCreatePagefilePrivilege	2512	chrome.exe
Token: SeShutdownPrivilege	2512	chrome.exe
Token: SeCreatePagefilePrivilege	2512	chrome.exe
Token: SeShutdownPrivilege	2512	chrome.exe
Token: SeCreatePagefilePrivilege	2512	chrome.exe
Token: SeShutdownPrivilege	2512	chrome.exe
Token: SeCreatePagefilePrivilege	2512	chrome.exe
Token: SeShutdownPrivilege	2512	chrome.exe
Token: SeCreatePagefilePrivilege	2512	chrome.exe
Token: SeShutdownPrivilege	2512	chrome.exe
Token: SeCreatePagefilePrivilege	2512	chrome.exe
Token: SeShutdownPrivilege	2512	chrome.exe
Token: SeCreatePagefilePrivilege	2512	chrome.exe
Token: SeShutdownPrivilege	2512	chrome.exe
Token: SeCreatePagefilePrivilege	2512	chrome.exe
Token: SeShutdownPrivilege	2512	chrome.exe
Token: SeCreatePagefilePrivilege	2512	chrome.exe
Token: SeShutdownPrivilege	2512	chrome.exe
Token: SeCreatePagefilePrivilege	2512	chrome.exe
Token: SeShutdownPrivilege	2512	chrome.exe
Token: SeCreatePagefilePrivilege	2512	chrome.exe
Token: SeRestorePrivilege	2728	7zG.exe
Token: 35	2728	7zG.exe
Token: SeSecurityPrivilege	2728	7zG.exe
Token: SeSecurityPrivilege	2728	7zG.exe
Token: SeShutdownPrivilege	2512	chrome.exe
Token: SeCreatePagefilePrivilege	2512	chrome.exe
Token: SeShutdownPrivilege	2512	chrome.exe
Token: SeCreatePagefilePrivilege	2512	chrome.exe
Token: SeShutdownPrivilege	2512	chrome.exe
Token: SeCreatePagefilePrivilege	2512	chrome.exe
Token: SeShutdownPrivilege	2512	chrome.exe
Token: SeCreatePagefilePrivilege	2512	chrome.exe
Token: SeShutdownPrivilege	2512	chrome.exe
Token: SeCreatePagefilePrivilege	2512	chrome.exe
Token: SeShutdownPrivilege	2512	chrome.exe
Token: SeCreatePagefilePrivilege	2512	chrome.exe

Suspicious use of FindShellTrayWindow 54 IoCs

pid	Process
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2728	7zG.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
4600	7zG.exe
5964	7zFM.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe

Suspicious use of SendNotifyMessage 40 IoCs

pid	Process
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe
2512	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2512 wrote to memory of 3200	2512	chrome.exe	85
PID 2512 wrote to memory of 3200	2512	chrome.exe	85
PID 2512 wrote to memory of 3360	2512	chrome.exe	86
PID 2512 wrote to memory of 3360	2512	chrome.exe	86
PID 2512 wrote to memory of 3360	2512	chrome.exe	86
PID 2512 wrote to memory of 3360	2512	chrome.exe	86
PID 2512 wrote to memory of 3360	2512	chrome.exe	86
PID 2512 wrote to memory of 3360	2512	chrome.exe	86
PID 2512 wrote to memory of 3360	2512	chrome.exe	86
PID 2512 wrote to memory of 3360	2512	chrome.exe	86
PID 2512 wrote to memory of 3360	2512	chrome.exe	86
PID 2512 wrote to memory of 3360	2512	chrome.exe	86
PID 2512 wrote to memory of 3360	2512	chrome.exe	86
PID 2512 wrote to memory of 3360	2512	chrome.exe	86
PID 2512 wrote to memory of 3360	2512	chrome.exe	86
PID 2512 wrote to memory of 3360	2512	chrome.exe	86
PID 2512 wrote to memory of 3360	2512	chrome.exe	86
PID 2512 wrote to memory of 3360	2512	chrome.exe	86
PID 2512 wrote to memory of 3360	2512	chrome.exe	86
PID 2512 wrote to memory of 3360	2512	chrome.exe	86
PID 2512 wrote to memory of 3360	2512	chrome.exe	86
PID 2512 wrote to memory of 3360	2512	chrome.exe	86
PID 2512 wrote to memory of 3360	2512	chrome.exe	86
PID 2512 wrote to memory of 3360	2512	chrome.exe	86
PID 2512 wrote to memory of 3360	2512	chrome.exe	86
PID 2512 wrote to memory of 3360	2512	chrome.exe	86
PID 2512 wrote to memory of 3360	2512	chrome.exe	86
PID 2512 wrote to memory of 3360	2512	chrome.exe	86
PID 2512 wrote to memory of 3360	2512	chrome.exe	86
PID 2512 wrote to memory of 3360	2512	chrome.exe	86
PID 2512 wrote to memory of 3360	2512	chrome.exe	86
PID 2512 wrote to memory of 3360	2512	chrome.exe	86
PID 2512 wrote to memory of 5856	2512	chrome.exe	87
PID 2512 wrote to memory of 5856	2512	chrome.exe	87
PID 2512 wrote to memory of 3180	2512	chrome.exe	88
PID 2512 wrote to memory of 3180	2512	chrome.exe	88
PID 2512 wrote to memory of 3180	2512	chrome.exe	88
PID 2512 wrote to memory of 3180	2512	chrome.exe	88
PID 2512 wrote to memory of 3180	2512	chrome.exe	88
PID 2512 wrote to memory of 3180	2512	chrome.exe	88
PID 2512 wrote to memory of 3180	2512	chrome.exe	88
PID 2512 wrote to memory of 3180	2512	chrome.exe	88
PID 2512 wrote to memory of 3180	2512	chrome.exe	88
PID 2512 wrote to memory of 3180	2512	chrome.exe	88
PID 2512 wrote to memory of 3180	2512	chrome.exe	88
PID 2512 wrote to memory of 3180	2512	chrome.exe	88
PID 2512 wrote to memory of 3180	2512	chrome.exe	88
PID 2512 wrote to memory of 3180	2512	chrome.exe	88
PID 2512 wrote to memory of 3180	2512	chrome.exe	88
PID 2512 wrote to memory of 3180	2512	chrome.exe	88
PID 2512 wrote to memory of 3180	2512	chrome.exe	88
PID 2512 wrote to memory of 3180	2512	chrome.exe	88
PID 2512 wrote to memory of 3180	2512	chrome.exe	88
PID 2512 wrote to memory of 3180	2512	chrome.exe	88
PID 2512 wrote to memory of 3180	2512	chrome.exe	88
PID 2512 wrote to memory of 3180	2512	chrome.exe	88
PID 2512 wrote to memory of 3180	2512	chrome.exe	88
PID 2512 wrote to memory of 3180	2512	chrome.exe	88
PID 2512 wrote to memory of 3180	2512	chrome.exe	88
PID 2512 wrote to memory of 3180	2512	chrome.exe	88
PID 2512 wrote to memory of 3180	2512	chrome.exe	88
PID 2512 wrote to memory of 3180	2512	chrome.exe	88
PID 2512 wrote to memory of 3180	2512	chrome.exe	88
PID 2512 wrote to memory of 3180	2512	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://temp.sh/muiBS/another_trash_malware.zip
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa9097cc40,0x7ffa9097cc4c,0x7ffa9097cc58
  2⤵
  PID:3200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1856,i,13089796773042356377,11037649061848978314,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1852 /prefetch:2
  2⤵
  PID:3360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2140,i,13089796773042356377,11037649061848978314,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  PID:5856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2216,i,13089796773042356377,11037649061848978314,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2412 /prefetch:8
  2⤵
  PID:3180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3036,i,13089796773042356377,11037649061848978314,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3064 /prefetch:1
  2⤵
  PID:2832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3048,i,13089796773042356377,11037649061848978314,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3100 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4468,i,13089796773042356377,11037649061848978314,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3656 /prefetch:1
  2⤵
  PID:4256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4748,i,13089796773042356377,11037649061848978314,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4788 /prefetch:8
  2⤵
  PID:900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4920,i,13089796773042356377,11037649061848978314,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4016 /prefetch:8
  2⤵
  PID:3584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3388,i,13089796773042356377,11037649061848978314,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:4228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5296,i,13089796773042356377,11037649061848978314,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:1840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5496,i,13089796773042356377,11037649061848978314,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5504 /prefetch:8
  2⤵
  PID:5536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5616,i,13089796773042356377,11037649061848978314,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5232 /prefetch:8
  2⤵
  PID:3288

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5512

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1340

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1724

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\New folder\" -an -ai#7zMap24225:122:7zEvent1497
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2728

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\New folder\" -an -ai#7zMap17308:122:7zEvent18178
1⤵
- Suspicious use of FindShellTrayWindow
PID:4600

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Desktop\New folder\another_trash_malware.zip"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:5964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
fcd274a7db22265ff6a618a262c9103f

SHA1
546731747868cdc652fe50d212fde7ae1d1f99ae

SHA256
2e4ded8f4958674c2f6faddc323549892382a9a43929ff9fc0c577b1c296c690

SHA512
7ef29a5b97923e4278fe5361577d023d78a7b68228dd964fabc9ac5f84f14fee88864a71959351f9599a424c1fa11bfe1fa68d681d2af7aafd793770a38d8515

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
336329544622f82e1e9bfdf95a4241a7

SHA1
33cc3b01bf74cc02e579a6d0aa0b22a0cc5a407f

SHA256
1e52945184fb1f52e2de50adbc43e9cf6440ca28e3844a6cd984c8eb436fc4b0

SHA512
1e58d5b26ff57404875b4a6f2fca5977608a51ed095085863f8956ea87b6db5327e14ef07f70db902573f81c1d23e191f9320ba54d34e5d6c1375cbe7eb8ca19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
b9968376be04557146ddd0e6cafc1654

SHA1
fcd49407b727ae63600baefcf7e62385caa04081

SHA256
49c17f3f653b9c3dd5fb3e605a6749af34855e3b87772dd68f2e439a8179f558

SHA512
f4ba1811e48d016f3d9f7c851e0ad42d7258e440a854838e49aaddffbb18f0f59c7d8df9f307c28a7b00386f6f9acaf6bd8d2a2916d9c01088761190860a35bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
16e63273f348b7c06a5032f048b7f951

SHA1
521e39afaa0865a66641eb44d8ed9ef0b3f130e0

SHA256
12169635287357e4671dc902dd538374298c3ed0023aa191aab37fed0c232b12

SHA512
88cf964c5fb3dd9fae9a2de213c9cfdfff15f523d650d07e75e3a9c9abde740f2ed3b4b4d6b305d1b054b71ca12fe1f67329205849c183f155cd658d19e87e24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cfa3135a559d63b0e89653ac35ec5842

SHA1
606bddf1a5b9e4b962d0cacc0eccdb371c0dc048

SHA256
30108a1c8f831e9e08bb2f664057a9645244ba9b5e1be0a78ecd4595500ad36e

SHA512
944401eaa4b08d2fea6bdf185358fd64e62daee2504fd64dd2236e5f690674ebfd1c3e9fb632b06e349001300ba795b8f498a66c355edd3aa6d5792c6fdf1d98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9ef2d0aac1e1783e934dd9bf8b46969c

SHA1
812d44a2385659e876d4333d409477dcd425c201

SHA256
694f8560abfba2732bea4d6375b07adf46914fc927a19f0f13e98ee8a8af3dac

SHA512
9ba16a52bccbeaa54590d6fe5bc1e109417782371f03c57358215929f1d3555f28b3085e52463e12b59fe9979a6d6b143ff77c075a0427653cce5ca0f93579af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b404718a84ad58d13421569b064cbc9d

SHA1
d2650a4de4947ba17d32287703af48e5172b944e

SHA256
db02b2ea5ea00ad9ad5cf1b839f77c8a552d845000749658349452a942b31e23

SHA512
25cb93855ed56e90bb65750fa583b89c47561d173db61e906e509c4605775272cb8009ac71a3a33814397c07e5fecef10478003201a043f07ff218800906840d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
22dc086e4b35277644987d2a1971b596

SHA1
ded5c58d219f56278034d42a1bbcbe086f9fd7ed

SHA256
922a9545a97494f12d9628d1553fd4291366878b8371a40dec8bd8bd4c5b1c93

SHA512
58f3f73e43f3fcca3d417a17d2499b1765c641893c6d48e522ffc55c89502b6780ce506bdebb11ead359d11c13bd590d85be7864dd9e4b90719ba40a73d0a765

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
123KB

MD5
f3e4cc10d7fab3b53a92d3a5999945ba

SHA1
33aba1bd88b5d0bcf70ff4f37c56a58464ebc24d

SHA256
bff512faf75f499d7414c07fc251cc08d53f7c95970a8051af8906623d650b55

SHA512
c75c30c5b5e571908f2364a685c3a96bb1cf59751658ecc437cf1a43a88c632382aea6068bcc4a2c381dddb99e2e39608426470589b4ca1a32d79c8601319d4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
123KB

MD5
56c34b2c7f89a62529f6438fb5528760

SHA1
2c276b1568e149d9e74a6ff3e246b3248e731628

SHA256
187057c4a8bcb04a51f7b4fd47abf06da243bb4cdd5e5669eb94e14334af4824

SHA512
1933c020d14c95bfbce75b46d724cf1a8134e179782bb6716353b5ec4c6b1b2d46e50cc03a1d1338b02395eedade6e72bb6e48d8d8644993e37b6bf861577c59

Download Submit
C:\Users\Admin\Downloads\another_trash_malware.zip.crdownload

Filesize
4.1MB

MD5
d01a1b7e0a5c2bf622c29e24bf07a0a9

SHA1
a0b4d7b3587989d29213f591b654a2cc3ce7a4e6

SHA256
6c9f9aff29db9417b09b0daedd58ee83beae8e5735c55c81a12f2286d936e8e9

SHA512
b80ae7792cd745fec1942261359330a1063262b60eefba248de6ff0e0c141f5219f2959c4be8a7743ab559774b2e6c05a9ec52b535a51b55820ebb0747cf2323

Download Submit