hxxps://github[.]com/TheDarkMythos/windows-malware

Resubmissions

25/03/2025, 19:55

250325-ym9gxa1yct 10

25/03/2025, 19:51

250325-yky86a1xh1 10

25/03/2025, 19:35

250325-ya1dgavm12 10

25/03/2025, 19:32

250325-x849msvmw6 8

Analysis

max time kernel
547s
max time network
802s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
25/03/2025, 19:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/TheDarkMythos/windows-malware

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies Internet Explorer settings 1 TTPs 38 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0aba449bd9ddb01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{62BCF491-09B0-11F0-9358-7ACF20914AD0} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ab4c848519179541bf0fc95fae2c94a400000000020000000000106600000001000020000000efa5bf729fac77ab1b145047939a2bf361432cac723015e4dbd2e26b2b79e78e000000000e80000000020000200000002a0e6e08189dae7dea1c26fb24184308774cfade4b1c10e692ad44a2dd33f53e20000000c52af3119cbd1295bd1a4f0386318754d0c69b529b815dbf57e470dd16a287a140000000dcfcab7cb74ae209549936c1656eecb1bcc9a71227346cab19376f08583d1e7a5c993fa62837d03638fde4a91f8bef75d46ced58a2d464d45e30a398de7c86e4	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ab4c848519179541bf0fc95fae2c94a400000000020000000000106600000001000020000000eb28ce7ca3871c91dd76590f31de9a3740b7f547df8a034e39e65a49d9aa1dd2000000000e80000000020000200000002ac9ca681644347e4cc7b9388a9dc2912da313e47ca8c8c671bbde4a4ab7a1069000000074572529cdbd60819d58c607a9512afb52a142068bdbf6706799b90503c115f7a43252bafe5a204402e8229cefdb7313c2ed3db9510b62844acea01214119af1350ae8cfcf83f92dccab46f65a0264604411daf860d78bfd1c4ceb1b673b3ed1a7612e7c9c3aa1fafb96eea7c7db25a1cddc753a1514fe1d29b10564d301f613b7a73bd3c5b16aeb47dc063c7832e102400000009ccd3b54439c815ad046eb49bff5ee02d6eabe914150814776f890c30611b2c60d62c012c980b89645c61b4a2a9b179d32c009a0be25ef105fd5bccd6d528009	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "449093232"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2324	iexplore.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
2324	iexplore.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2324	iexplore.exe
2324	iexplore.exe
2740	IEXPLORE.EXE
2740	IEXPLORE.EXE
2740	IEXPLORE.EXE
2740	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1560 wrote to memory of 2324	1560	explorer.exe	32
PID 1560 wrote to memory of 2324	1560	explorer.exe	32
PID 1560 wrote to memory of 2324	1560	explorer.exe	32
PID 2324 wrote to memory of 2740	2324	iexplore.exe	33
PID 2324 wrote to memory of 2740	2324	iexplore.exe	33
PID 2324 wrote to memory of 2740	2324	iexplore.exe	33
PID 2324 wrote to memory of 2740	2324	iexplore.exe	33
PID 1324 wrote to memory of 836	1324	chrome.exe	37
PID 1324 wrote to memory of 836	1324	chrome.exe	37
PID 1324 wrote to memory of 836	1324	chrome.exe	37
PID 1324 wrote to memory of 2252	1324	chrome.exe	39
PID 1324 wrote to memory of 2252	1324	chrome.exe	39
PID 1324 wrote to memory of 2252	1324	chrome.exe	39
PID 1324 wrote to memory of 2252	1324	chrome.exe	39
PID 1324 wrote to memory of 2252	1324	chrome.exe	39
PID 1324 wrote to memory of 2252	1324	chrome.exe	39
PID 1324 wrote to memory of 2252	1324	chrome.exe	39
PID 1324 wrote to memory of 2252	1324	chrome.exe	39
PID 1324 wrote to memory of 2252	1324	chrome.exe	39
PID 1324 wrote to memory of 2252	1324	chrome.exe	39
PID 1324 wrote to memory of 2252	1324	chrome.exe	39
PID 1324 wrote to memory of 2252	1324	chrome.exe	39
PID 1324 wrote to memory of 2252	1324	chrome.exe	39
PID 1324 wrote to memory of 2252	1324	chrome.exe	39
PID 1324 wrote to memory of 2252	1324	chrome.exe	39
PID 1324 wrote to memory of 2252	1324	chrome.exe	39
PID 1324 wrote to memory of 2252	1324	chrome.exe	39
PID 1324 wrote to memory of 2252	1324	chrome.exe	39
PID 1324 wrote to memory of 2252	1324	chrome.exe	39
PID 1324 wrote to memory of 2252	1324	chrome.exe	39
PID 1324 wrote to memory of 2252	1324	chrome.exe	39
PID 1324 wrote to memory of 2252	1324	chrome.exe	39
PID 1324 wrote to memory of 2252	1324	chrome.exe	39
PID 1324 wrote to memory of 2252	1324	chrome.exe	39
PID 1324 wrote to memory of 2252	1324	chrome.exe	39
PID 1324 wrote to memory of 2252	1324	chrome.exe	39
PID 1324 wrote to memory of 2252	1324	chrome.exe	39
PID 1324 wrote to memory of 2252	1324	chrome.exe	39
PID 1324 wrote to memory of 2252	1324	chrome.exe	39
PID 1324 wrote to memory of 2252	1324	chrome.exe	39
PID 1324 wrote to memory of 2252	1324	chrome.exe	39
PID 1324 wrote to memory of 2252	1324	chrome.exe	39
PID 1324 wrote to memory of 2252	1324	chrome.exe	39
PID 1324 wrote to memory of 2252	1324	chrome.exe	39
PID 1324 wrote to memory of 2252	1324	chrome.exe	39
PID 1324 wrote to memory of 2252	1324	chrome.exe	39
PID 1324 wrote to memory of 2252	1324	chrome.exe	39
PID 1324 wrote to memory of 2252	1324	chrome.exe	39
PID 1324 wrote to memory of 2252	1324	chrome.exe	39
PID 1324 wrote to memory of 276	1324	chrome.exe	40
PID 1324 wrote to memory of 276	1324	chrome.exe	40
PID 1324 wrote to memory of 276	1324	chrome.exe	40
PID 1324 wrote to memory of 536	1324	chrome.exe	41
PID 1324 wrote to memory of 536	1324	chrome.exe	41
PID 1324 wrote to memory of 536	1324	chrome.exe	41
PID 1324 wrote to memory of 536	1324	chrome.exe	41
PID 1324 wrote to memory of 536	1324	chrome.exe	41
PID 1324 wrote to memory of 536	1324	chrome.exe	41
PID 1324 wrote to memory of 536	1324	chrome.exe	41
PID 1324 wrote to memory of 536	1324	chrome.exe	41
PID 1324 wrote to memory of 536	1324	chrome.exe	41
PID 1324 wrote to memory of 536	1324	chrome.exe	41
PID 1324 wrote to memory of 536	1324	chrome.exe	41
PID 1324 wrote to memory of 536	1324	chrome.exe	41

C:\Windows\explorer.exe
explorer https://github.com/TheDarkMythos/windows-malware
1⤵
PID:1764

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Suspicious use of WriteProcessMemory
PID:1560
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" https://github.com/TheDarkMythos/windows-malware
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2324
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2324 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6839758,0x7fef6839768,0x7fef6839778
  2⤵
  PID:836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1140 --field-trial-handle=1284,i,5981598822828896379,4730552949224263860,131072 /prefetch:2
  2⤵
  PID:2252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1500 --field-trial-handle=1284,i,5981598822828896379,4730552949224263860,131072 /prefetch:8
  2⤵
  PID:276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1596 --field-trial-handle=1284,i,5981598822828896379,4730552949224263860,131072 /prefetch:8
  2⤵
  PID:536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2276 --field-trial-handle=1284,i,5981598822828896379,4730552949224263860,131072 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2292 --field-trial-handle=1284,i,5981598822828896379,4730552949224263860,131072 /prefetch:1
  2⤵
  PID:2620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=3228 --field-trial-handle=1284,i,5981598822828896379,4730552949224263860,131072 /prefetch:2
  2⤵
  PID:2964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1392 --field-trial-handle=1284,i,5981598822828896379,4730552949224263860,131072 /prefetch:1
  2⤵
  PID:1900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3432 --field-trial-handle=1284,i,5981598822828896379,4730552949224263860,131072 /prefetch:8
  2⤵
  PID:2280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3512 --field-trial-handle=1284,i,5981598822828896379,4730552949224263860,131072 /prefetch:8
  2⤵
  PID:2304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3676 --field-trial-handle=1284,i,5981598822828896379,4730552949224263860,131072 /prefetch:8
  2⤵
  PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2320 --field-trial-handle=1284,i,5981598822828896379,4730552949224263860,131072 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2456 --field-trial-handle=1284,i,5981598822828896379,4730552949224263860,131072 /prefetch:8
  2⤵
  PID:2948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1388 --field-trial-handle=1284,i,5981598822828896379,4730552949224263860,131072 /prefetch:8
  2⤵
  PID:2236

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D

Filesize
2KB

MD5
d8da9d244f2842304a81fee54984b8ce

SHA1
f623175584db7cba0b6138d96869e66f4447f7eb

SHA256
478f18fc4a1a8ee9d4e8c3977e6deef35a67e43507189ad6da8ff63a1da475de

SHA512
4f62f9c5ec2c4aa939bc950d668d332abf6edcc28b217412ebbaf974047c6858daf96f446476fcb6363fffec7b705b2c38522e6551d4c86f154ac16086165a93

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
71KB

MD5
83142242e97b8953c386f988aa694e4a

SHA1
833ed12fc15b356136dcdd27c61a50f59c5c7d50

SHA256
d72761e1a334a754ce8250e3af7ea4bf25301040929fd88cf9e50b4a9197d755

SHA512
bb6da177bd16d163f377d9b4c63f6d535804137887684c113cc2f643ceab4f34338c06b5a29213c23d375e95d22ef417eac928822dfb3688ce9e2de9d5242d10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

Filesize
1KB

MD5
caf40df320b34ecf357768240d363804

SHA1
50b7c843959b185a33497c656c781d542fe822eb

SHA256
4dca6d20349d759ced4daec0d972a77c6862f49110736b6f1691c8aaf7b9ab56

SHA512
93e3ef516a93387546f04422cf419510ecaaa7412de312354f95518eb53a1ea2d052ae42a86a1515af7961952d0a4dd9c16a35ef41eb7366fab0610321e7b7bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

Filesize
1KB

MD5
9243562a066395834ae5e0596058bf7c

SHA1
7717a58dd2354fc12fe1b7ae6736579a0c6f7b67

SHA256
bc439d28c6860771ea1746266bc29f66c813aeab1c9dc084d46375fe50e0a4fc

SHA512
debad4940211e31864908afc6a63fcbc121c3b3813efc7cbc1e64130c1c5acf924e37d1e217384fb0ed0fe0c40b93800efd26d50ec857bfd52d4c4be0d9cb676

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

Filesize
978B

MD5
33a7239237d908c91131dbe7a196f849

SHA1
e0e0303b6eb57f8abe2f869a3e98e1ace1954df4

SHA256
f9e05758e171cb555f10ccf8adf7384c73d3a811d4bcf79b6f12d295c2a543be

SHA512
5e5e5a466844f3fc3334eecdf9ec87dda83386d5f869b84eadb2e87e80888b48732242ad1bce6616ddc04cccf900f12c0d1214810c9bdd91deeaefe74b3cceac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D9CA54E0FA212456E1DB00704A97658E

Filesize
281B

MD5
2e86129a0f3d70a83b5144b280a95dd2

SHA1
1305b36241771a9843bfe9fea2e393328a7ad6eb

SHA256
081efcb68bdcad121ed071e504b845d2c199f8ff71c8c2ea21eb806cbf81dbcc

SHA512
81a688d8384d5bcfbb588e9cc392ad153d98b37467e83db84ba4b1d926631f0a37666a1b62d6c9df7a1c019925d442264a0dede3f650d114056266e896e706bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D

Filesize
488B

MD5
3c8e9d115d46938d4b53a7bd00f4e396

SHA1
b79a498752d0bbd5605da0f828e165e340b2c16d

SHA256
4ab7d197ec538ec354439ce178d4ff6c97aa06f927436d12dbcf05ae0c81c136

SHA512
3c721d62107c756c577152539e10ad802665255d75e1e1c36b1fa3d942b457a3d4512461d5619d492b272ed863cd756f60c69c444d27aace24c0dec786e5abd7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
d555b47924065bee65cc396d6de3f65d

SHA1
36a99e0c7e389b7179466dfc55eb890f0c22ea45

SHA256
015a805aa82e62ce1b12a3b23bd072ad64a255eab8dabd6366c2f981fbbf4eb8

SHA512
7772281d23293d42d1066b46c6dc1d0064541960224a79271b7422db01496c7fd1ba28f86de82101cc94c21e0fd4f5dac5ad4dc776960caf4d1d5f4bbbc1c13f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
801cf0a61bb49a96150b01513a709003

SHA1
421b05ce846abfc36c7ec618c49f425a4b0eca59

SHA256
022521621c6f647e219bce12d3e522fe8c9b0c85a0a5fbcd876dd420f20e997b

SHA512
52678afbca44a2baf79082820db103a96e670d202b4d83f579de6d10e08c4f1545abd5a74d31a5f0b22d98bda5d73136af17de68f2845087694f413c5e054041

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
20c3a3808c0b1baef0d2e8d940ec680a

SHA1
7190158a4cf366122642a3a4290710f495f8c567

SHA256
24d390de77565d6c8611c7782b57982368701f0e2537a790beff2ff1316cea2e

SHA512
af03be6074ac190de91808494b4d4f68633a7cf1dfa9fa5ee29e97a0dbafec96781473a014ee850b1a1ddb73b30079862b615aa1c811cc8747ec8bbc63eefe17

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d9b94bead2bf832938082224f2c211ec

SHA1
92183c5c40d174a54deb31b15f55d1e35e7f9d7f

SHA256
422a2e98f7157e33f2869de3a4730c462567ebb818599126dc1142930cbffa52

SHA512
9c46ebbe6723693eacc1e55f551a7c5383f53b5de368434a27d3ed8adea071b44ffeb2fd07a9bb28292d9084ee8c074f670a13f55360324899f7e52607890b0b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1d28924a25f833fd5f72fcd767e5e7d4

SHA1
5a4791348c18b9af1fa9ade9409d54d3004c67d7

SHA256
91ff488e3eece16918f77143b4deb03b125b833d7d810a6b6b444f63d9a343db

SHA512
af670cb296a0ec7f8ff434daebd46a32f4123441c5da7178de0ca626ffbf69593ea008f015e29371fd513a071a84a8b77db4327c8e37323325209f40e41f4616

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4f83360baaea540b78b768ed07b759e0

SHA1
de68d49feb6661cd6ef85425e6ff49c399e53ce9

SHA256
6fbb3d275c877fdc5cb2a7683c4ee349011983ffe7550bf4dcfa97038079ff45

SHA512
198eb1590877bb0a96f863ce226f5277c56e98ba069a6b71d812b1fdffc2e9569037acc31c4fe3641ad1c89db551ec191891db5174d3e0067031b4811d974336

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4705f63d2ab1334d0d1284927c1cda2b

SHA1
549c068ec32576733016e93426065ad07fe38371

SHA256
07929e45494ce53a7010e266e86a087d658c58d8fdae26971725e238c1a5c2f9

SHA512
fb7b71dcf1e5d2da3627a3d4b8baa497929725a1ace1c69416701f68d5abdd7961c786d50f58291e2e475a5b79dca8d9a33a9b26408d6284515e31949b7479ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f11ee8ba844d9c3b0b4085e9068c6bb3

SHA1
29d850089f51a64a192d4ceb9b804ada2ec611a4

SHA256
7e89e45fa59b1b382e93932dcaed2cadac1f1c7fdf57a63113cdf4391a10d4c7

SHA512
a3607bd8937399a09cdbc936a59e12f29416a1a902edc3ffaeca9acc73b87629c404be652d6b1ca80cd8494f6ad611b18749157147ef64f748102351b89f1389

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3df952f9c0c7a82de05c72594a20519b

SHA1
a1fa7e94c8683c799d476d4fa1ad42ed7223efc8

SHA256
ba6c6696252deef77a557b0bc0ca694eceede0ac28b54cf10df68649adc67bf6

SHA512
a4bd5118535773954f39e163ddebd1455753353bd0da2a78c53c2b536430a69b4320a94deaa33e79ce0487ef0a69723aead72bedb2dbf5047fb2c0b2dd36226e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d4474040e8d3741622ef7b3879f46f58

SHA1
9ad42753be207788a07496ff1cfb39426d6f8531

SHA256
636a079c310b6428673cb619b50c9d7a81254d62ea2ab94f1473553bef781bf2

SHA512
24041df51e6f5383cc139f2597f0210e43c2a5affaeee955dceed552c59c8af611213e211f6f4d8ba45230f3c2f188044e7e87160d937223f7f50e9b70c1c7db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
30c5a97c62b466005b8718877b7c8265

SHA1
2f48a8b031f6905e0ac420e8017985b5f1c0bd20

SHA256
00ccf3c25a41d03abba7f9b3a95207876a1c85944315ce7ed02d958b4c3f6936

SHA512
e101b1c97b1a120033bb4b15c75af1feec1ca238e30ece8c4120d07ec29d274e81615c578ecb598eaba5744174fd6e896702d9e45eb95c183742fb58da132041

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
39f2bc1be49f42f397520554c21b3fc8

SHA1
e906cb1b98d8051579459103ca106e352967658a

SHA256
c5d100265872c2453d3a0dba93098444f0cb2865f7ada68e27d0141cdf073ef8

SHA512
50a35acff6dfcc5525e76a35169ac16b9bde22d168b58fe1c8b79d106b3870f428599be8238a698626ae566878b84b2c5bf0b8f06f652c435a397dbfd4c2effd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f58458bc1e9a356fa919a445c1d0d921

SHA1
aafc8be577565da520019faece71e866e8b82e3f

SHA256
ae2051adf8bfc7a4b29ffab36e8275b4e7784c0470b17dc3aae5a776aca7aa73

SHA512
9ac8ad63a9c0a150c52dbcaec12733c60b24f1bb4e2753dcd96d4e23c50f53260d931eacd2d039306937ea225ee9b8dc2c76561cad389ab5aa553d0ea9f9557d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cda374d1eb3e63e8c04d7869369c5813

SHA1
289ba30f7d2b5343928726578a3a52f68a4523f5

SHA256
e533a3074bd6b0b7c4ce4d581582e01644378daa6c8e992168a0b2505b789d3b

SHA512
38c109c10f29d8cad7336865262c76329230c257582366caa02183b034c5b7f519cc843bcebad369d74d9996df2b9f0db0d493c58035a4cbab19f47fc1e5baaa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
17a49bcdde98a17f94c2eb8e39ac6c35

SHA1
9fa697f5433d60f6091ee8243dac9ca5c358adea

SHA256
7e0d109e2a1217bf07891bf66c8ca38a009787ce966bf0b3713791be3190f8db

SHA512
17cdd5e520dd427431accb089a3fae0ddb876b7466884030afee23bfbe59111ec016cb4875c0f971b0ce1c5b38d73179fa96db7ede6fb4ee9cddd2ba17da32f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c6323d16eda692e5c46f84e775aa15e0

SHA1
42d51a5eb9a8aebfb303d1d958a6fcea68e655ba

SHA256
29ed3c8e414cb3c938d7023e78f302312751294455629ad623cd62d8425faef5

SHA512
d5a6404f45ca4dfc49a0fb3be113fcccef13987c1ed2d909a7af1c768fc4ee98bad49f34e322f2cce2bcf4091a38e7a6544a1dde3232b1bac501314bfbe3a43f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bf4f1e88b5ec7ca7cf58bb70f9877fe6

SHA1
ff899f55f5d9dda26f5a21d111e922f94a4ed090

SHA256
7a5f8eb6e94eb64998ffed07f4ad395622287df566fd72563d0cb41624677523

SHA512
207988fb7c6816920705db491933340b821648fe55a6b188e0ef7dbb43f2fcfe45636b141ab83c3bb63c82d95f38963d5866f207dfad9773ccf1eb4968a6da88

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bbe0cc31b47c6d055e557540b16c04ba

SHA1
490c3d28fa935b066c1a19b24334b3dd952f8ced

SHA256
69fa23e611c6f208ee715e54bcd606a686684fb7cc510c84ba26488199fbdb08

SHA512
c69c9fca584b8cdc0210a34386812da0909d0b292f0c11672029cd888ecea582f9bf28beaa62e0f354b35d2124df225727d32a266bbed8c387232086674991b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
de32d52f967cb8c42bfc8e260d058c61

SHA1
92a2f61e81d50688eba8fd6f1eaf011a05c15fe7

SHA256
7784d88977beafea25db3d559fd6692b105e9917bcebed72cb3c83c985574cc8

SHA512
babf0aaab97fbd4f4c72c03bcb55f6645e669c9f98e0ec07d3ca70e8e79a81f292fb11fe6c3236f2851449059c70d10b98016db3508902bd24a86a4449b42b69

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7a535ca78bd10eccce009306830ff136

SHA1
c14753b4af53a093f16ea394bfd64992da3f77aa

SHA256
829a7fe05e478c43f6473b307cac78e16f4c06f3406f23f6a7909297937f938a

SHA512
9fa33409bb61c845e0ce5b8f8187011c7ddffd586f584386bac0777a1e1f7a6895311c98a4cb7dd1d829ea12544d02d6818b8b475c4e62b09bd64ad82b15a366

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

Filesize
482B

MD5
acd479cf59674df20a9e5c5e9d8e77d6

SHA1
5207237850eadce33c4bcaed46736722cab7117f

SHA256
cbd1e9e5fc4ab364d43b34fc6c194536983657155f7678f95ec6350af527da95

SHA512
78494efa4b19f96340e07667822dba5ad5cd3f5d515504717377cd8e8241284893df58b7fcc5f108439170c08555ae2abd698135b8e3de1cb08db263c7dcb6bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

Filesize
482B

MD5
31c9df1749769256735449355eb92306

SHA1
561cda5e5b9043cd6757cc0865aa72ee0419b6ee

SHA256
f8d86a518e3ffeae028407c9f6780e827a0e23748ed5958b8adc1284bb204d46

SHA512
61d22910ce27e7f6d657c51fe7486b86251a3273d27e0a1b037bb2a687f85e722a7156ddc3f9d6983eb56966408d4f6f10b4764bbf9e129a695c55f7916264c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

Filesize
480B

MD5
d5b4e55a174afaa29d1ac52fd7dca596

SHA1
ae15897fb5cf8da10689a8bc2386e4125c7aad49

SHA256
744d5a57f96b34ee019f7de25154493c079fbae3de95bf866280008533f3dc71

SHA512
bf4226615b2841ed7cf2114a1eba42db1017bab3c0d9fd0293c028547191661168680fedee4408162aa4dc4fbdb6f0584d608587cb14be75b005b075cf4914fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D9CA54E0FA212456E1DB00704A97658E

Filesize
476B

MD5
e9fc9e686f2af714bca69fdae2e6e454

SHA1
1258f184a3d6611ca45a6de36019c6841888a24c

SHA256
604286260b477dadab4395c77488300a5270ae021a1f90e797f696d579c48e5e

SHA512
79e25824dd5217e939580200bcf943ad7662ce1b4010521933e171454135faf6e19723d7f0cfc284181d73f033c733316fb361a120a41f0126e4b64bb18561f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
02f8274c362b6e816b6afaea684438f0

SHA1
79101861ac74c4f5a7b14b5356a046c8f47fb4c4

SHA256
70887d175f5ea466993578566665fd1b460161f0dad9e34220482d561e2e1ccc

SHA512
3d4fe974f0eb98e0ae336f1c8fceee31ba9c07dc540b23645bb472c4744fe2e5081dd516eae343021581d204dcfb2b89796524179425de0f6f89a8dce8bd50be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
68c668df6a240e882cfe3aa3347a5fdd

SHA1
64c14c87dc9bcbba6583c0f4661c6f0e2cc235b9

SHA256
af944fe7feae55465141cfeb0ffaed56e44a5c95fb17d46beab8304cff8fc06c

SHA512
a4c3c54b49fb297d8ec18d211a0280232be64205ddc189561b27ebab8e547ff3cb532985e7497466caca7972079c00736c0ca9fc47738907b99c758b8102a6c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
9e0fec480e977ab3e9e8510912d05493

SHA1
32ac4e786510a49020ab66f16e91f38fe54873bf

SHA256
2ba94735e4d41173b2118a33ba8d4432c24daa23dd43627479c05467a93479f2

SHA512
25557128264d82aafda05432dbd6aaf11cb806ba117c9e77e7ccb5127ddd027f17ecde150f89136ee832c58b943bcab17d4d749878be8e0b98536081cbd8f171

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1016B

MD5
e8fb05dd6a0cef5d7bc664fa432af164

SHA1
df2cc1f6ddbca8040bab2ed18339cd24238a00a1

SHA256
61021697cc0c6282e7d3245b35dc0ebdc2a1dbad4a914ceeefa346a10c85c6d7

SHA512
8c6d42f96398bfb32c50cb568353636ab12f24e8417b89ec87c8bed3d1d009cc8e8c3a4af9fe2ce5e76487729f5b414fdaf624153b78d8a9901a8edfcedf41d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1016B

MD5
46f94f2a6eaddad70adca0b769ee881e

SHA1
5494534ac53de56a06c65773562261ce9cbc5cb4

SHA256
2442aa93e358d84ef1f0dbd5ca0e78431063fe99cded65cda44d152602e3662e

SHA512
039cfbcf756529298b19607f47aa08e18604babdd44fe39021fd76c615a798b7c097e51692dee12770fa0dde80e23bf5954009fa75cc90446b59d5967585eded

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
526B

MD5
a71bdc7cf5243940f6cca3a70b925122

SHA1
53296408f92c2c615c26fea6ceab146b697dc9d2

SHA256
d6771add91f60e32b33529034840176977f4fd251cde5423a58ed94e61500ef4

SHA512
08bb8b5441d238a1304cfd915d4506c81fc4e14f7e9022d23c5d3c4da9b999824a9aabf7c7261652bb70b63c57b08cc0bc8c74a231a53352095c01e011ed8061

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1016B

MD5
2c69d2712077cb58309a1e084ce55868

SHA1
2df9d4f1d3bdf9bd96cb64ce55e148de91d315fc

SHA256
dc59083f8d3ddf323230fddcc38057bde717a8f0da219c3348bba1340dfabdba

SHA512
f92f4e2f5e563cfb2e46b1e2cf3dab4b9a5139ed5adc50bc1a964fb59d5e0be14d19a95f8bbbc3bda2e54b67e953836c77e8c1e4c1275ddaa746162553a2279e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
812a1f6313022548775ee7710a2f0040

SHA1
fd35022d0a5e3d58b080777e16f1ddf2d6ffe775

SHA256
e760e18cec9775c9fa9caebaa085bd08fc910e4f25faeb050e84bcd99428667e

SHA512
1065cecb22833b3b9966351221e9b3b8722d1be231a06d67dfd74a44fc50dcd9bdcb60ee466cda2092e53affce6ecfe8e625938e353e4fa282273363679dccf7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ff6ecfe0e677ffb6ab44ae79e33b91e5

SHA1
0f5dde4e13f8ab44d73a9d0777a364993c050452

SHA256
ded6b88005e25b207b13676cf4c2ab160115ff3104df903fe9cc8d3ae750e2c7

SHA512
01cbb0c303c2b70cb7f81cdf2c28f5522e10efa0ccf4ab6d85e345b8f8fa5503fc9837491599526685f4895bcddd86b94dc1a3de9a727c85e96b38d1322313d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
7d58c96ffc5faf98151802a83a5d3f26

SHA1
1b7889607897057b47d22f69758837edf69ae01f

SHA256
6ccef56554a777771928d894b35afb1fda97563bc69e4daa1261dbc3eae244a4

SHA512
3dc63fa852f1f7a252b9c8eeaf30bf07827e368da4d5ab6745f9466133a6c60e0d4151c761143deb1e07fdd42c1bc17aa983528e4af73fedb02277aeb11623d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\melo7gx\imagestore.dat

Filesize
1KB

MD5
e37fd55a0f5ef537e524733532f96f3b

SHA1
ed8c75b207281b8be2d727bb0da5ad7cdc468ab1

SHA256
6e3449ccdcb68ddda770b16e28a7ea9aeae07c0cecf1246dfbf3e40187e7f99d

SHA512
fc7bb2947cacdd4e135b13a5a45e0c67ae810ad01d9b12052734d768a7f2d233f78e0e65af1fd1cc2dd6e90bfe91af5b1d9b44f13216da0f35ed91f54b87aa8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT668XG4\favicon[1].png

Filesize
958B

MD5
346e09471362f2907510a31812129cd2

SHA1
323b99430dd424604ae57a19a91f25376e209759

SHA256
74cf90ac2fe6624ab1056cacea11cf7ed4f8bef54bbb0e869638013bba45bc08

SHA512
a62b0fcc02e671d6037725cf67935f8ca1c875f764ce39fed267420935c0b7bad69ab50d3f9f8c628e9b3cff439885ee416989e31ceaa5d32ae596dd7e5fedbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6FCA.tmp

Filesize
183KB

MD5
109cab5505f5e065b63d01361467a83b

SHA1
4ed78955b9272a9ed689b51bf2bf4a86a25e53fc

SHA256
ea6b7f51e85835c09259d9475a7d246c3e764ad67c449673f9dc97172c351673

SHA512
753a6da5d6889dd52f40208e37f2b8c185805ef81148682b269fff5aa84a46d710fe0ebfe05bce625da2e801e1c26745998a41266fa36bf47bc088a224d730cc

Download Submit