hxxp://Google[.]com

max time kernel
621s
max time network
622s
platform
windows11-21h2_x64
resource
win11-20250313-en
resource tags

arch:x64arch:x86image:win11-20250313-enlocale:en-usos:windows11-21h2-x64system
submitted
25/03/2025, 02:53

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

http://Google.com

Score

10^/10

bootkit defense_evasion discovery persistence trojan

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "0"	WinXP.Horror.Destructive (Created By WobbyChip).exe

UAC bypass 3 TTPs 1 IoCs

defense_evasion trojan

Bypass User Account Control

T1548.002

Disable or Modify Tools

T1562.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	WinXP.Horror.Destructive (Created By WobbyChip).exe

Disables RegEdit via registry modification 1 IoCs

defense_evasion

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	WinXP.Horror.Destructive (Created By WobbyChip).exe

Disables Task Manager via registry modification
defense_evasion

Downloads MZ/PE file 2 IoCs

flow	pid	Process
54	5836	chrome.exe
54	5836	chrome.exe

Executes dropped EXE 2 IoCs

pid	Process
4360	Install.exe
5052	WinXP.Horror.Destructive (Created By WobbyChip).exe

Checks whether UAC is enabled 1 TTPs 2 IoCs

defense_evasion trojan

System Information Discovery

T1082

description	ioc	Process
Delete value	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	WinXP.Horror.Destructive (Created By WobbyChip).exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	WinXP.Horror.Destructive (Created By WobbyChip).exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
11	raw.githubusercontent.com
54	raw.githubusercontent.com

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	WinXP.Horror.Destructive (Created By WobbyChip).exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Install.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\WinXP.Horror.Destructive (Created By WobbyChip).exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Install.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WinXP.Horror.Destructive (Created By WobbyChip).exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Control Panel 2 IoCs

defense_evasion

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000\Control Panel\Mouse	WinXP.Horror.Destructive (Created By WobbyChip).exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000\Control Panel\Mouse\SwapMouseButtons = "1"	WinXP.Horror.Destructive (Created By WobbyChip).exe

Modifies data under HKEY_USERS 17 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "67"	LogonUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133873448144762487"	chrome.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268"	LogonUI.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\DisplayName = "Chrome Sandbox"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Moniker = "cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104"	chrome.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\WinXP.Horror.Destructive (Created By WobbyChip).exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\Install.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
5544	chrome.exe
5544	chrome.exe
5544	chrome.exe
5544	chrome.exe
4708	chrome.exe
4708	chrome.exe
5052	WinXP.Horror.Destructive (Created By WobbyChip).exe
5052	WinXP.Horror.Destructive (Created By WobbyChip).exe
5052	WinXP.Horror.Destructive (Created By WobbyChip).exe
5052	WinXP.Horror.Destructive (Created By WobbyChip).exe
5052	WinXP.Horror.Destructive (Created By WobbyChip).exe
5052	WinXP.Horror.Destructive (Created By WobbyChip).exe
5052	WinXP.Horror.Destructive (Created By WobbyChip).exe
5052	WinXP.Horror.Destructive (Created By WobbyChip).exe
5052	WinXP.Horror.Destructive (Created By WobbyChip).exe
5052	WinXP.Horror.Destructive (Created By WobbyChip).exe
5052	WinXP.Horror.Destructive (Created By WobbyChip).exe
5052	WinXP.Horror.Destructive (Created By WobbyChip).exe
5052	WinXP.Horror.Destructive (Created By WobbyChip).exe
5052	WinXP.Horror.Destructive (Created By WobbyChip).exe
5052	WinXP.Horror.Destructive (Created By WobbyChip).exe
5052	WinXP.Horror.Destructive (Created By WobbyChip).exe
5052	WinXP.Horror.Destructive (Created By WobbyChip).exe
5052	WinXP.Horror.Destructive (Created By WobbyChip).exe
5052	WinXP.Horror.Destructive (Created By WobbyChip).exe
5052	WinXP.Horror.Destructive (Created By WobbyChip).exe
5052	WinXP.Horror.Destructive (Created By WobbyChip).exe
5052	WinXP.Horror.Destructive (Created By WobbyChip).exe
5052	WinXP.Horror.Destructive (Created By WobbyChip).exe
5052	WinXP.Horror.Destructive (Created By WobbyChip).exe
5052	WinXP.Horror.Destructive (Created By WobbyChip).exe
5052	WinXP.Horror.Destructive (Created By WobbyChip).exe
5052	WinXP.Horror.Destructive (Created By WobbyChip).exe
5052	WinXP.Horror.Destructive (Created By WobbyChip).exe
5052	WinXP.Horror.Destructive (Created By WobbyChip).exe
5052	WinXP.Horror.Destructive (Created By WobbyChip).exe
5052	WinXP.Horror.Destructive (Created By WobbyChip).exe
5052	WinXP.Horror.Destructive (Created By WobbyChip).exe
5052	WinXP.Horror.Destructive (Created By WobbyChip).exe
5052	WinXP.Horror.Destructive (Created By WobbyChip).exe
5052	WinXP.Horror.Destructive (Created By WobbyChip).exe
5052	WinXP.Horror.Destructive (Created By WobbyChip).exe
5052	WinXP.Horror.Destructive (Created By WobbyChip).exe
5052	WinXP.Horror.Destructive (Created By WobbyChip).exe
5052	WinXP.Horror.Destructive (Created By WobbyChip).exe
5052	WinXP.Horror.Destructive (Created By WobbyChip).exe
5052	WinXP.Horror.Destructive (Created By WobbyChip).exe
5052	WinXP.Horror.Destructive (Created By WobbyChip).exe
5052	WinXP.Horror.Destructive (Created By WobbyChip).exe
5052	WinXP.Horror.Destructive (Created By WobbyChip).exe
5052	WinXP.Horror.Destructive (Created By WobbyChip).exe
5052	WinXP.Horror.Destructive (Created By WobbyChip).exe
5052	WinXP.Horror.Destructive (Created By WobbyChip).exe
5052	WinXP.Horror.Destructive (Created By WobbyChip).exe
5052	WinXP.Horror.Destructive (Created By WobbyChip).exe
5052	WinXP.Horror.Destructive (Created By WobbyChip).exe
5052	WinXP.Horror.Destructive (Created By WobbyChip).exe
5052	WinXP.Horror.Destructive (Created By WobbyChip).exe
5052	WinXP.Horror.Destructive (Created By WobbyChip).exe
5052	WinXP.Horror.Destructive (Created By WobbyChip).exe
5052	WinXP.Horror.Destructive (Created By WobbyChip).exe
5052	WinXP.Horror.Destructive (Created By WobbyChip).exe
5052	WinXP.Horror.Destructive (Created By WobbyChip).exe
5052	WinXP.Horror.Destructive (Created By WobbyChip).exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
5544	chrome.exe
5544	chrome.exe
5544	chrome.exe
5544	chrome.exe
5544	chrome.exe
5544	chrome.exe
5544	chrome.exe
5544	chrome.exe
5544	chrome.exe
5544	chrome.exe
5544	chrome.exe
5544	chrome.exe
5544	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5544	chrome.exe
Token: SeCreatePagefilePrivilege	5544	chrome.exe
Token: SeShutdownPrivilege	5544	chrome.exe
Token: SeCreatePagefilePrivilege	5544	chrome.exe
Token: SeShutdownPrivilege	5544	chrome.exe
Token: SeCreatePagefilePrivilege	5544	chrome.exe
Token: SeShutdownPrivilege	5544	chrome.exe
Token: SeCreatePagefilePrivilege	5544	chrome.exe
Token: SeShutdownPrivilege	5544	chrome.exe
Token: SeCreatePagefilePrivilege	5544	chrome.exe
Token: SeShutdownPrivilege	5544	chrome.exe
Token: SeCreatePagefilePrivilege	5544	chrome.exe
Token: SeShutdownPrivilege	5544	chrome.exe
Token: SeCreatePagefilePrivilege	5544	chrome.exe
Token: SeShutdownPrivilege	5544	chrome.exe
Token: SeCreatePagefilePrivilege	5544	chrome.exe
Token: SeShutdownPrivilege	5544	chrome.exe
Token: SeCreatePagefilePrivilege	5544	chrome.exe
Token: SeShutdownPrivilege	5544	chrome.exe
Token: SeCreatePagefilePrivilege	5544	chrome.exe
Token: SeShutdownPrivilege	5544	chrome.exe
Token: SeCreatePagefilePrivilege	5544	chrome.exe
Token: SeShutdownPrivilege	5544	chrome.exe
Token: SeCreatePagefilePrivilege	5544	chrome.exe
Token: SeShutdownPrivilege	5544	chrome.exe
Token: SeCreatePagefilePrivilege	5544	chrome.exe
Token: SeShutdownPrivilege	5544	chrome.exe
Token: SeCreatePagefilePrivilege	5544	chrome.exe
Token: SeShutdownPrivilege	5544	chrome.exe
Token: SeCreatePagefilePrivilege	5544	chrome.exe
Token: SeShutdownPrivilege	5544	chrome.exe
Token: SeCreatePagefilePrivilege	5544	chrome.exe
Token: SeShutdownPrivilege	5544	chrome.exe
Token: SeCreatePagefilePrivilege	5544	chrome.exe
Token: SeShutdownPrivilege	5544	chrome.exe
Token: SeCreatePagefilePrivilege	5544	chrome.exe
Token: SeShutdownPrivilege	5544	chrome.exe
Token: SeCreatePagefilePrivilege	5544	chrome.exe
Token: SeShutdownPrivilege	5544	chrome.exe
Token: SeCreatePagefilePrivilege	5544	chrome.exe
Token: SeShutdownPrivilege	5544	chrome.exe
Token: SeCreatePagefilePrivilege	5544	chrome.exe
Token: SeShutdownPrivilege	5544	chrome.exe
Token: SeCreatePagefilePrivilege	5544	chrome.exe
Token: SeShutdownPrivilege	5544	chrome.exe
Token: SeCreatePagefilePrivilege	5544	chrome.exe
Token: SeShutdownPrivilege	5544	chrome.exe
Token: SeCreatePagefilePrivilege	5544	chrome.exe
Token: SeShutdownPrivilege	5544	chrome.exe
Token: SeCreatePagefilePrivilege	5544	chrome.exe
Token: SeShutdownPrivilege	5544	chrome.exe
Token: SeCreatePagefilePrivilege	5544	chrome.exe
Token: SeShutdownPrivilege	5544	chrome.exe
Token: SeCreatePagefilePrivilege	5544	chrome.exe
Token: SeShutdownPrivilege	5544	chrome.exe
Token: SeCreatePagefilePrivilege	5544	chrome.exe
Token: SeShutdownPrivilege	5544	chrome.exe
Token: SeCreatePagefilePrivilege	5544	chrome.exe
Token: SeShutdownPrivilege	5544	chrome.exe
Token: SeCreatePagefilePrivilege	5544	chrome.exe
Token: SeShutdownPrivilege	5544	chrome.exe
Token: SeCreatePagefilePrivilege	5544	chrome.exe
Token: SeShutdownPrivilege	5544	chrome.exe
Token: SeCreatePagefilePrivilege	5544	chrome.exe

Suspicious use of FindShellTrayWindow 42 IoCs

pid	Process
5544	chrome.exe
5544	chrome.exe
5544	chrome.exe
5544	chrome.exe
5544	chrome.exe
5544	chrome.exe
5544	chrome.exe
5544	chrome.exe
5544	chrome.exe
5544	chrome.exe
5544	chrome.exe
5544	chrome.exe
5544	chrome.exe
5544	chrome.exe
5544	chrome.exe
5544	chrome.exe
5544	chrome.exe
5544	chrome.exe
5544	chrome.exe
5544	chrome.exe
5544	chrome.exe
5544	chrome.exe
5544	chrome.exe
5544	chrome.exe
5544	chrome.exe
5544	chrome.exe
5544	chrome.exe
5544	chrome.exe
5544	chrome.exe
5544	chrome.exe
5544	chrome.exe
5544	chrome.exe
5544	chrome.exe
5544	chrome.exe
5544	chrome.exe
5544	chrome.exe
5544	chrome.exe
5544	chrome.exe
5544	chrome.exe
5544	chrome.exe
5544	chrome.exe
5544	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
5544	chrome.exe
5544	chrome.exe
5544	chrome.exe
5544	chrome.exe
5544	chrome.exe
5544	chrome.exe
5544	chrome.exe
5544	chrome.exe
5544	chrome.exe
5544	chrome.exe
5544	chrome.exe
5544	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
5052	WinXP.Horror.Destructive (Created By WobbyChip).exe
5692	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5544 wrote to memory of 5020	5544	chrome.exe	81
PID 5544 wrote to memory of 5020	5544	chrome.exe	81
PID 5544 wrote to memory of 6056	5544	chrome.exe	82
PID 5544 wrote to memory of 6056	5544	chrome.exe	82
PID 5544 wrote to memory of 6056	5544	chrome.exe	82
PID 5544 wrote to memory of 6056	5544	chrome.exe	82
PID 5544 wrote to memory of 6056	5544	chrome.exe	82
PID 5544 wrote to memory of 6056	5544	chrome.exe	82
PID 5544 wrote to memory of 6056	5544	chrome.exe	82
PID 5544 wrote to memory of 6056	5544	chrome.exe	82
PID 5544 wrote to memory of 6056	5544	chrome.exe	82
PID 5544 wrote to memory of 6056	5544	chrome.exe	82
PID 5544 wrote to memory of 6056	5544	chrome.exe	82
PID 5544 wrote to memory of 6056	5544	chrome.exe	82
PID 5544 wrote to memory of 6056	5544	chrome.exe	82
PID 5544 wrote to memory of 6056	5544	chrome.exe	82
PID 5544 wrote to memory of 6056	5544	chrome.exe	82
PID 5544 wrote to memory of 6056	5544	chrome.exe	82
PID 5544 wrote to memory of 6056	5544	chrome.exe	82
PID 5544 wrote to memory of 6056	5544	chrome.exe	82
PID 5544 wrote to memory of 6056	5544	chrome.exe	82
PID 5544 wrote to memory of 6056	5544	chrome.exe	82
PID 5544 wrote to memory of 6056	5544	chrome.exe	82
PID 5544 wrote to memory of 6056	5544	chrome.exe	82
PID 5544 wrote to memory of 6056	5544	chrome.exe	82
PID 5544 wrote to memory of 6056	5544	chrome.exe	82
PID 5544 wrote to memory of 6056	5544	chrome.exe	82
PID 5544 wrote to memory of 6056	5544	chrome.exe	82
PID 5544 wrote to memory of 6056	5544	chrome.exe	82
PID 5544 wrote to memory of 6056	5544	chrome.exe	82
PID 5544 wrote to memory of 6056	5544	chrome.exe	82
PID 5544 wrote to memory of 6056	5544	chrome.exe	82
PID 5544 wrote to memory of 5836	5544	chrome.exe	83
PID 5544 wrote to memory of 5836	5544	chrome.exe	83
PID 5544 wrote to memory of 5320	5544	chrome.exe	84
PID 5544 wrote to memory of 5320	5544	chrome.exe	84
PID 5544 wrote to memory of 5320	5544	chrome.exe	84
PID 5544 wrote to memory of 5320	5544	chrome.exe	84
PID 5544 wrote to memory of 5320	5544	chrome.exe	84
PID 5544 wrote to memory of 5320	5544	chrome.exe	84
PID 5544 wrote to memory of 5320	5544	chrome.exe	84
PID 5544 wrote to memory of 5320	5544	chrome.exe	84
PID 5544 wrote to memory of 5320	5544	chrome.exe	84
PID 5544 wrote to memory of 5320	5544	chrome.exe	84
PID 5544 wrote to memory of 5320	5544	chrome.exe	84
PID 5544 wrote to memory of 5320	5544	chrome.exe	84
PID 5544 wrote to memory of 5320	5544	chrome.exe	84
PID 5544 wrote to memory of 5320	5544	chrome.exe	84
PID 5544 wrote to memory of 5320	5544	chrome.exe	84
PID 5544 wrote to memory of 5320	5544	chrome.exe	84
PID 5544 wrote to memory of 5320	5544	chrome.exe	84
PID 5544 wrote to memory of 5320	5544	chrome.exe	84
PID 5544 wrote to memory of 5320	5544	chrome.exe	84
PID 5544 wrote to memory of 5320	5544	chrome.exe	84
PID 5544 wrote to memory of 5320	5544	chrome.exe	84
PID 5544 wrote to memory of 5320	5544	chrome.exe	84
PID 5544 wrote to memory of 5320	5544	chrome.exe	84
PID 5544 wrote to memory of 5320	5544	chrome.exe	84
PID 5544 wrote to memory of 5320	5544	chrome.exe	84
PID 5544 wrote to memory of 5320	5544	chrome.exe	84
PID 5544 wrote to memory of 5320	5544	chrome.exe	84
PID 5544 wrote to memory of 5320	5544	chrome.exe	84
PID 5544 wrote to memory of 5320	5544	chrome.exe	84
PID 5544 wrote to memory of 5320	5544	chrome.exe	84

System policy modification 1 TTPs 5 IoCs

defense_evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System	WinXP.Horror.Destructive (Created By WobbyChip).exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	WinXP.Horror.Destructive (Created By WobbyChip).exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer	WinXP.Horror.Destructive (Created By WobbyChip).exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop = "1"	WinXP.Horror.Destructive (Created By WobbyChip).exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\HideFastUserSwitching = "1"	WinXP.Horror.Destructive (Created By WobbyChip).exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://Google.com
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe99a5dcf8,0x7ffe99a5dd04,0x7ffe99a5dd10
  2⤵
  PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1912,i,12554843909130196610,16806436761888212745,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=1904 /prefetch:2
  2⤵
  PID:6056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2212,i,12554843909130196610,16806436761888212745,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=1432 /prefetch:11
  2⤵
  - Downloads MZ/PE file
  PID:5836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2340,i,12554843909130196610,16806436761888212745,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=1808 /prefetch:13
  2⤵
  PID:5320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3084,i,12554843909130196610,16806436761888212745,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3128 /prefetch:1
  2⤵
  PID:2388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3088,i,12554843909130196610,16806436761888212745,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4196,i,12554843909130196610,16806436761888212745,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4244 /prefetch:9
  2⤵
  PID:5208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4208,i,12554843909130196610,16806436761888212745,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:5744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5160,i,12554843909130196610,16806436761888212745,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5172 /prefetch:14
  2⤵
  PID:5424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5612,i,12554843909130196610,16806436761888212745,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5700,i,12554843909130196610,16806436761888212745,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5684 /prefetch:14
  2⤵
  PID:5404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5692,i,12554843909130196610,16806436761888212745,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5748 /prefetch:14
  2⤵
  PID:6016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3828,i,12554843909130196610,16806436761888212745,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5760 /prefetch:14
  2⤵
  PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5680,i,12554843909130196610,16806436761888212745,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5684 /prefetch:14
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:4228
- C:\Users\Admin\Downloads\Install.exe
  "C:\Users\Admin\Downloads\Install.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=6048,i,12554843909130196610,16806436761888212745,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=6040 /prefetch:1
  2⤵
  PID:2004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=6124,i,12554843909130196610,16806436761888212745,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=6016 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=6260,i,12554843909130196610,16806436761888212745,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=6308 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5560,i,12554843909130196610,16806436761888212745,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=6244 /prefetch:1
  2⤵
  PID:5828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=5596,i,12554843909130196610,16806436761888212745,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5540 /prefetch:10
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5184,i,12554843909130196610,16806436761888212745,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3628 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5436,i,12554843909130196610,16806436761888212745,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=6600 /prefetch:1
  2⤵
  PID:2272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=1488,i,12554843909130196610,16806436761888212745,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5192 /prefetch:14
  2⤵
  PID:4304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6588,i,12554843909130196610,16806436761888212745,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=6800 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=7016,i,12554843909130196610,16806436761888212745,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=6964 /prefetch:1
  2⤵
  PID:3036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6596,i,12554843909130196610,16806436761888212745,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=6560 /prefetch:14
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:4040
- C:\Users\Admin\Downloads\WinXP.Horror.Destructive (Created By WobbyChip).exe
  "C:\Users\Admin\Downloads\WinXP.Horror.Destructive (Created By WobbyChip).exe"
  2⤵
  - Modifies WinLogon for persistence
  - UAC bypass
  - Disables RegEdit via registry modification
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Writes to the Master Boot Record (MBR)
  - System Location Discovery: System Language Discovery
  - Modifies Control Panel
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  - System policy modification
  PID:5052

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:5100

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4880

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:5628

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004BC 0x00000000000004D8
1⤵
PID:1044

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa39f7055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:5692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
b7a1d543fbca181567af6da4e67fa22c

SHA1
a9512c6d3607e2d4958e85d4b0eef0e6a3f57abf

SHA256
f3aa97e67ceeabd88355e8f9add4c1beea2b19f6a16061335a8ef3f1272a088c

SHA512
624918180ad7e6cd2ff61973dc820fb0f6ffe55d03498b2bb0ba82bb7d0ec2ea05240bd907b7d0fe4fd0cc24ae83928ff20f37b3779f3d85225d2c0950c30c6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002e

Filesize
38KB

MD5
f53236bc138719b68ccd1c7efb02a276

SHA1
26b7d3eea5d3b12d0b0e173ebf2af50a7d7e56d6

SHA256
787c14f8cc865430c03c96a345044b7c5b8dc8a032511a500d4a42228533acd8

SHA512
5485bc7ccce8ec75f60bca3be846086a4bd4466009c8e22da9cdd16bb1154529af2fb2667cd3a97485cc4f6635fb79ac0fdda4f3e1f39f25f6196f708a92d740

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
76aac47a905e8f3da46b13b22a33b1ba

SHA1
8b50f7750aa4167b5c80d9a0dc4b8f051d59b036

SHA256
cec89a696472cea84439c40916de7769a92feaa51ea5f57854a355375e451470

SHA512
42d65bc2bdbd1465f1efebcf20820556a35af8394e4bd6ec1de96e85fb03f41c66036bde8ace92feabd7dd78623c9a2690db95db634482e6f1904e46dd6c427c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
5571119b29ca770594b0d1cf4aeb5901

SHA1
5bd7a86131f1ab44d6e231bf6a88d3f0e4bedcc5

SHA256
04625daaac23dea3544eb18b8e4d7d1700c1ee4ac12ccd2876daa008b47cfb27

SHA512
c9be405179d2226d607a3cf3690668037a1ae2656ba6c1137d4aac60772b93c913a3ebfd8fed0824a628ec027bc6e3d953ee795308c39dea165de1339873b7be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
cc2b656a1cb593d6b48d47e02d472583

SHA1
ba0f7f630505d0b802bf693af7e11d080fad87ef

SHA256
beb9c153a9c918c57c0034ca13a2f6ce63ab3e54f127dc026b742c192cd76a0a

SHA512
46e61e0ced7da2b6993ea8e17dd09d245f8b8f7325e222da9930f58b1204b62edd0598365f48bb5a5b5c84a3b15c9a382e8db6e2ee9c0fdf57c14c2b0a3eacd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
5b69dde9816a272fd31c380cf6881cd9

SHA1
62de278e5d721f3261f9767016f891863240d0bc

SHA256
a5cf695de5d6f43ed4481e1b955d3001e7f1d02f98667dbdb9796f0a39f4b43c

SHA512
f7026b5b3f647489b8b58a40754043ade8207318db0beecfb7901c3276610859d0f7a16cca88c860efabbede66e59973904471d5395209b343f4b003ad4af9ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
93bca14d47fb3c2d0d01b3a3f653e772

SHA1
d4a46ec61f22fef949dc1998cb594d4351b39501

SHA256
75785d14dc0fff07a455f289d086f232c337cc9f3bea08539a74a07bc427aca7

SHA512
c95ff4914f125523bdced2002ae1d925867fe12cbe8d17f36a4c3b38e8378fd8dfb026bcfb311d8613860e9c15028308d82df8badf5c39dfec3cf8c5c649410d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
78937e96a49dd9b35cc25acaf84c97d2

SHA1
5651b9c73d54dd0cef507b69fad0b16811c22dc7

SHA256
d7996a5aee89538d1ccf4d9b914e9338519bcce123d1f616fd1beeedee9d5993

SHA512
6afc22100b915d8c25330b473975e6fc82964cdb37e633bf8f7499b3adb248501fcdef7d2828611eb1f796bd916829f6b18df0d27062db8c6210d9628ddb994f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
11KB

MD5
94cb474444e84a7f7eb3afa8bab5f5b0

SHA1
531053b95944d920da908125b0e793cfb2391d91

SHA256
405b53d70c2d9b59a7500fad678fc96cf815ab8d30078772bfa6aa6f11d78fcd

SHA512
1f32622f5853c1122c030a8962692566ae45c34b8f87410816e7e6c0be055bd83a7838e0a13722238d8c1fe5eb67ce2d598048cf2575ab63e940982f3b4f0d41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
11KB

MD5
98cf9661250f298f4f0ec36cd25a6178

SHA1
25b20e324fbb4bfe1ac0e7374e3b0f18c66d9480

SHA256
6f0da6f18ba9730736234b48366f155500971a64e7f13cd7d7cf64d22cf2d3c2

SHA512
1bc6e177ddb562dcade083b860f7f3f5f4ec65d4a73e6e4a8044edeb668ee205e8a57b37a533e4ae275023f1bef84e924bfeffbcb942f83715b51c659a7d8d49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
2cc7a39ddfd823da58c39bdbd4d09473

SHA1
3287c153bdc22a7bd853ac0bfea5752cd4bcc861

SHA256
8dec2a41f87876550a6a2c50788d43d07c60bb4dea1c71b37bdd0f349e7b20a6

SHA512
f05b080f8f2ea2c0db810663eddeb46e48849aff66f427d5e64107295fb15d6a55248532ee5f83eb0704cb92b30c9ddb46a2812e494ea82b11c0eb4c17137c25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e578b23a17925246817c89181e87db27

SHA1
2b44ed76a6f0347d3b6d19df77f37027acfdf5e7

SHA256
e6a3fc16e76c92095316f8c0421719a4d4a74a84a3afc5129b97804be8b471ac

SHA512
5359631da1e30899c06100e89da2e2c4be90d518d4d228bbe88f4b492a0f6a6d4a4382ed36bdb63329bec69ccc737d85b3ffbbdeeb920c1f8aafb89884da067f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
31fcec0fb557e7876e19db5e0edfe2c8

SHA1
85c02335d8a7558abd81c46a2852bd39033be98c

SHA256
03da8b4aeed3ccc3b64377f2bf8fee98f59f697574dec19eb2524cdb2925c44b

SHA512
0463b2c3a80f0985be180de1285686d30e5314742f96e957e8f4a4962ce580ea6922d3d67e038cbef058c0929c35f0a5939326a216cddb9f2a7e805160a6c55a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
89426361fd7b2cd20baf617012c02b7a

SHA1
71aa7f4dcb661157a8fe325498e93298eb93e4b7

SHA256
5f556ab436d2e6c48e02d257b1efdd949fa6311ba9f0f67fcd9728a0a2fc5ab2

SHA512
fac4cae5a617e4176ab326e1b6534f9907037ca70ddfca843106512d5c4d55621d2cf967b0205e12134feeb883117bfcb92f0482f90787b318504f22380b2d8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
5e01ead86e914555ac843fa137a0712b

SHA1
7e0c6c71f80d093da8cf09178a1ddab1b1e1c765

SHA256
5f5c223f31110709d55a46c96f42b699305b9cf4cbbcb87f42a914aa621c7bdd

SHA512
37970483854016cb00737f20e782caf6bec53565b01cbec45effa0abd5b3968ef2da7b7b9b09cda471801f12a3eb647c91003f02d491063e69dba8ebb330d4b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
42900d92dd611f7758ac03e52a79ee13

SHA1
5f5b0ee6e0ed411cf37a459d6a14ac0bf2fd8ad3

SHA256
29a250a603c2c8583cc1935a0d7c7443d4db2e8f68711b4c43ab4ab29100f078

SHA512
792bb8a8d724810cb8d14c8208aa9c0e69fae011692c0abfe02aca52bb02028ecb48cbcaf6ae747b73d0109e83d531279bb65d9525ac84aaac8647362f463e85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
d761c775b16983f1490e599dd4d62d76

SHA1
56c69e3db30dcd50f54495ebe90f11f7da4ec651

SHA256
2eed677fd0f1dc5cd63792b65f17ff9e844c8a694e6f582afb5a426b5aafb78d

SHA512
a24ab969991568adc45d4df57245bb869ce58d9a45869740c7ed5f28801c7fae47502f25a89df096c4eca6358f2ccf98f75a65fc81cf0edf1cffe76b0e87776b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
ad4a8648f0b1340d02ad93f601a30d8c

SHA1
8da404db64b37e96f1f077e658d4b7739ad588b8

SHA256
c90522dd1a99dfff525eb389becf7dff41be273eeebe53ac59118c3959857406

SHA512
ea6399452fdc05e767fed0a5a2dc99623ba8514024a387aac8392a50ea9d63da33a5e92938ef339d7b4437af9f3a595a1fb91e760e8823ef69860f143c492ed7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
1bdc48f11a8190a4b0cf1964d91924a9

SHA1
d9ece9f58bca05f028700ceb08e0a42453f571a2

SHA256
373d499da7f235b6a2f1565b263cabf8c6979dcc6bd8970ca8760175849aba1c

SHA512
fcefd84ef8f20a60d2d1dcabfc2320c938a95cb3f57b0fc99acbfae82f5728024a392ef5490f2e43e58636e0744e813d7d61fe1c0e9e28fe39d943d70aff2a88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bbca3260ee9e2b01abb0da0acf24b442

SHA1
659826b5187945d50e224e9047143ab9c11c67f6

SHA256
fa368ece4983eca4f92fd369395685c6e2e9755faacf83a026032a1742e4cd54

SHA512
14066e326ae9fb893c8ec5abac01713f2f0f5e778431faf840112a14025a29734e551bae7757294a970799b32d6996b84c088ab11f12390f755f58e68b893d79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
a8fe775e064628561abe9b9bae905b01

SHA1
e61cd991ff55c97ee3be6c837604474bbc117cd5

SHA256
3f46583eb60c15800c44b6925ed708e64bf32f82e1ce18c03a36171801cf5798

SHA512
73b1763d73d6751839456425dee17a7284762150a6287bcf67db56f1ea2b99dbbc4cb600eeb79c4db989f00b2d9f1609a3a3c646070c1fead3f77277153c7364

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
0d18768ed73c72b9b104978426239184

SHA1
cbc27d77c7f3ddff2ec5bf9a859955f0d27f64a8

SHA256
e7e8869f2b68d29f73dbeddfac480ab2e0454966819dd5e62c31b1e99f5d308e

SHA512
01d0c52056659b7408975230abafde3ea6e1e077d8a31892b8d66bab4788c940bd114e7a7dbf88eeddb73f49048f125f7591e82168a6068d449c9fba64a0e48e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
0d6db11c2b2ad86833dbebe8f1436d28

SHA1
83cf708e6a4399f21c0ae35ea3de802550af348a

SHA256
3b3622ab79cc4ed74aa4098ec4e4122b3d8f7b3a0ed89a72128044d9ac8ca030

SHA512
b539b74a1150f72b200d1626ef6c4e677275cf87723b2d270a789c5a9854043b9368f779309dfacd364c1abdfc413b0d0c0d643fecc6acaa091810ba84984571

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
b58b1ef9194348365214b511dac7594c

SHA1
82ca6c32408c1706ceb733695dae1550376781cd

SHA256
6956b01b5c6863a116badc25840440a6d4a762961c8e77bb7339f06340ddf4fc

SHA512
ecf3cab4e3bb07cb5c16071a938aa1cc19af9997212518a10864bd4d883ed2a40562def389bfbe76166fc8d7014553538c81e12750cd6fbfdaf3af25bca12831

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
823b70cbb35c0d1f3f8138fc53b3ae46

SHA1
3285b124539329ae392330bd11d89758c942f34d

SHA256
b92135e38f35b38d4fc759535a1f66cc139047eec858a8d788a7185cb76c4807

SHA512
29d9339537d0329d718d50ea0b2fdab276f01c1a211bf481386c5fa29d48dc03d29e557cc820e0760a8ebb9935e6f316df4e2cf9f0a8cf2f82f80997510940a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57e4c2.TMP

Filesize
48B

MD5
ac4e579784015a872dc8cc675a7c4077

SHA1
3be9403d949448e86a5094c04734e4a5646446ae

SHA256
1c9bf1d4b695e26adea4727312a4c2a4c75c5d1ad4e663321c3602cb9b2967ac

SHA512
678984472f6b2f35a6e2fc1b3bd9c2866d98e20a9d1597cde37e07df3d3a79f35ca767f17ba39eb5143b4c4d151e58e368b7262a5e18a1001bf9d9c4a7b2bb1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
76B

MD5
a7a2f6dbe4e14a9267f786d0d5e06097

SHA1
5513aebb0bda58551acacbfc338d903316851a7b

SHA256
dd9045ea2f3beaf0282320db70fdf395854071bf212ad747e8765837ec390cbc

SHA512
aa5d81e7ee3a646afec55aee5435dc84fe06d84d3e7e1c45c934f258292c0c4dc2f2853a13d2f2b37a98fe2f1dcc7639eacf51b09e7dcccb2e29c2cbd3ba1835

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe593e19.TMP

Filesize
140B

MD5
0226a49cd1f2a980454f5a81db18c2b5

SHA1
448aac13c39fc9c6a1f5cc6f67cfad4ef9737527

SHA256
e30e6d57abd856a37e98ea521a0f3cd39497abd96bc0655c3e7b1f7e9cffa672

SHA512
e9f15c5e0a00d6fdb1ee98f7a1297db2946a4119b767932b6831d1a09f9ffd84a15f27c2e3510659e538c52daa7a823ac43f1d026e7c5fc8ec5da64a70a9a811

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\IndexedDB\indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage\e558f699-e795-48c4-97e1-033ff8d5a9e3\0

Filesize
31.0MB

MD5
506ce746e96881aa5203fc7200d5f028

SHA1
bd5fe465d7824f5cd42528a80ebbcec41d235f57

SHA256
6f65774c6d97fbf7ee1b271ee234aad9a3f5cb65754fc5cb7414e40235c4de45

SHA512
ef1319921b506bea15a7b86894a0c523d22be714607c22bf3ed6af3227ba414a554ef9cab6d97a83b817b384b265f03e713dfacb7b505d89240c5f3036910408

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
f7993ea8141263db8113c3bbecef08fe

SHA1
d6efdf134615ae878ca98073ef9dc5833f448223

SHA256
536617536186d7cebe3c221b3a15d97b308a23085ecdf15c13d590bf648c2dc2

SHA512
5484d398b33bd6bd8b40e038754376bf0d57f5449336a03f55a97ae673a4a246a945067e263d2eebdb44af5b763c5e64c923d5564d29d4ffba500d2cf3cb40b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
df2c4bf7fffeb004fc7745188b74cfcd

SHA1
5406dfba5810d073b2574ce72a3ce2480f0ee867

SHA256
04492f4e1fbc9c86fe306332e98b142d15634d13fc0d569cf6d0530ec77869bf

SHA512
892109240b2b1f8b1b6382fff849a26551540f5ec2301f8b95b3b92b902ac91a3b792c50f3d0f8e72186fb3debd586da1426dd62c24200e550410c3a991c9f06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
5dbbc0ffa384793ab4350f7aee83c8c3

SHA1
05e071e3fc7182137630a7ecd7c6e19d4db31bcc

SHA256
7e93db383bc47197b796df761a63b3e1ad3f92dc24591079a057c352581d0ac1

SHA512
04500402a926e42acc1268a58a324e3fc8acc9723898ef549b53d61612e67178250825a5b362399581e6292b96556d908cfc06bc96ebad731e37b9b24c21769f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
6d90166b2d794f0e28f8d6a62c5aae63

SHA1
959e9e68b8ef7c5bbcb477d04cc4cc3741787b8b

SHA256
0bfea935bff8cd717a4745af88841885cce682fc57cd7d92f8ded87ff3adb771

SHA512
9f559464ff17cefca3785c8265e67d493e078a457bf5e354c344d03893dc40aed0f849ac917172188c97fb6f9e3761ae3742cdb9372500241c92ddbcd58f7cc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
d2901252fd34aa31f96273bee73eee0e

SHA1
c38320c298c8e7cd8f1c84712d4a3f715c9f43a0

SHA256
acf54bc91b5ff97c939d6d17f914bbee3ec401e65ff2ac13887819b97479193b

SHA512
e97b99bac668db8e921c881cd393a84dd6795b676355ca4bed46f2f4f97544ceb2148aa08b946efee9c26e0be197186f320ec5db396bf9effbf0a3a633cdafb6

Download Submit
C:\Users\Admin\Downloads\Install.exe

Filesize
48KB

MD5
2949c1a5ed0da748d949ac59dbc15059

SHA1
9fa86b84cba147b2806f4e11dd76f38dc358c202

SHA256
2e0b86cba229e27b6eec45751be45b24f9197cdc7b2eca30447112f917899d0a

SHA512
65eac714afaa0e7e84a41a18dc710b233afc80a03022e4504b3a30fdc5a82dd22f3ec78e2f5ad9df360c0e93f7d06d53b7a638fbaea93d62093a524beb627a66

Download Submit
C:\Users\Admin\Downloads\Install.exe:Zone.Identifier

Filesize
55B

MD5
0f98a5550abe0fb880568b1480c96a1c

SHA1
d2ce9f7057b201d31f79f3aee2225d89f36be07d

SHA256
2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1

SHA512
dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

Download Submit
C:\Users\Admin\Downloads\WinXP.Horror.Destructive (Created By WobbyChip).exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/4360-474-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/4360-514-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/4360-475-0x0000000000401000-0x0000000000402000-memory.dmp

Filesize
4KB

Download
memory/5052-949-0x0000000000400000-0x0000000003DF3000-memory.dmp

Filesize
57.9MB

Download
memory/5052-962-0x0000000000400000-0x0000000003DF3000-memory.dmp

Filesize
57.9MB

Download
memory/5052-961-0x0000000000400000-0x0000000003DF3000-memory.dmp

Filesize
57.9MB

Download
memory/5052-972-0x0000000000400000-0x0000000003DF3000-memory.dmp

Filesize
57.9MB

Download
memory/5052-975-0x0000000000400000-0x0000000003DF3000-memory.dmp

Filesize
57.9MB

Download
memory/5052-960-0x0000000000400000-0x0000000003DF3000-memory.dmp

Filesize
57.9MB

Download
memory/5052-980-0x0000000000400000-0x0000000003DF3000-memory.dmp

Filesize
57.9MB

Download
memory/5052-990-0x0000000000400000-0x0000000003DF3000-memory.dmp

Filesize
57.9MB

Download
memory/5052-991-0x0000000000400000-0x0000000003DF3000-memory.dmp

Filesize
57.9MB

Download
memory/5052-992-0x0000000000400000-0x0000000003DF3000-memory.dmp

Filesize
57.9MB

Download
memory/5052-993-0x0000000000400000-0x0000000003DF3000-memory.dmp

Filesize
57.9MB

Download
memory/5052-994-0x0000000000400000-0x0000000003DF3000-memory.dmp

Filesize
57.9MB

Download
memory/5052-995-0x0000000000400000-0x0000000003DF3000-memory.dmp

Filesize
57.9MB

Download
memory/5052-996-0x0000000000400000-0x0000000003DF3000-memory.dmp

Filesize
57.9MB

Download
memory/5052-997-0x0000000000400000-0x0000000003DF3000-memory.dmp

Filesize
57.9MB

Download
memory/5052-998-0x0000000000400000-0x0000000003DF3000-memory.dmp

Filesize
57.9MB

Download
memory/5052-999-0x0000000000400000-0x0000000003DF3000-memory.dmp

Filesize
57.9MB

Download
memory/5052-1000-0x0000000000400000-0x0000000003DF3000-memory.dmp

Filesize
57.9MB

Download
memory/5052-1001-0x0000000000400000-0x0000000003DF3000-memory.dmp

Filesize
57.9MB

Download
memory/5052-1011-0x0000000000400000-0x0000000003DF3000-memory.dmp

Filesize
57.9MB

Download
memory/5052-1012-0x0000000000400000-0x0000000003DF3000-memory.dmp

Filesize
57.9MB

Download
memory/5052-1013-0x0000000000400000-0x0000000003DF3000-memory.dmp

Filesize
57.9MB

Download
memory/5052-1014-0x0000000000400000-0x0000000003DF3000-memory.dmp

Filesize
57.9MB

Download
memory/5052-1015-0x0000000000400000-0x0000000003DF3000-memory.dmp

Filesize
57.9MB

Download
memory/5052-1016-0x0000000000400000-0x0000000003DF3000-memory.dmp

Filesize
57.9MB

Download
memory/5052-1017-0x0000000000400000-0x0000000003DF3000-memory.dmp

Filesize
57.9MB

Download
memory/5052-1018-0x0000000000400000-0x0000000003DF3000-memory.dmp

Filesize
57.9MB

Download
memory/5052-1019-0x0000000000400000-0x0000000003DF3000-memory.dmp

Filesize
57.9MB

Download
memory/5052-1020-0x0000000000400000-0x0000000003DF3000-memory.dmp

Filesize
57.9MB

Download
memory/5052-1021-0x0000000000400000-0x0000000003DF3000-memory.dmp

Filesize
57.9MB

Download
memory/5052-1022-0x0000000000400000-0x0000000003DF3000-memory.dmp

Filesize
57.9MB

Download
memory/5052-1023-0x0000000000400000-0x0000000003DF3000-memory.dmp

Filesize
57.9MB

Download
memory/5052-1024-0x0000000000400000-0x0000000003DF3000-memory.dmp

Filesize
57.9MB

Download
memory/5052-1025-0x0000000000400000-0x0000000003DF3000-memory.dmp

Filesize
57.9MB

Download
memory/5052-1026-0x0000000000400000-0x0000000003DF3000-memory.dmp

Filesize
57.9MB

Download
memory/5052-1027-0x0000000000400000-0x0000000003DF3000-memory.dmp

Filesize
57.9MB

Download
memory/5052-959-0x0000000000400000-0x0000000003DF3000-memory.dmp

Filesize
57.9MB

Download
memory/5052-1033-0x0000000000400000-0x0000000003DF3000-memory.dmp

Filesize
57.9MB

Download
memory/5052-1043-0x0000000000400000-0x0000000003DF3000-memory.dmp

Filesize
57.9MB

Download
memory/5052-1044-0x0000000000400000-0x0000000003DF3000-memory.dmp

Filesize
57.9MB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads