cryptolocker | hxxps://github[.]com/ytisf/theZoo/blob/master/malware/Binaries/CryptoLocker_20Nov2013/CryptoLocker_20Nov2013[.]zip

Analysis

max time kernel
1538s
max time network
1542s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
07-10-2023 08:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/ytisf/theZoo/blob/master/malware/Binaries/CryptoLocker_20Nov2013/CryptoLocker_20Nov2013.zip

Score

10^/10

cryptolocker discovery persistence ransomware

Malware Config

Signatures

CryptoLocker
Ransomware family with multiple variants.
ransomware cryptolocker

Executes dropped EXE 3 IoCs

pid	Process
1348	5E5146D6C5.exe
1364	{34184A33-0407-212E-3320-09040709E2C2}.exe
3328	{34184A33-0407-212E-3320-09040709E2C2}.exe

Adds Run key to start application 2 TTPs 5 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5E5146D6C5 = "C:\\Users\\Admin\\AppData\\Roaming\\5E5146D6C5.exe"	1003.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\*5E5146D6C5 = "C:\\Users\\Admin\\AppData\\Roaming\\5E5146D6C5.exe"	1003.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5E5146D6C5 = "C:\\Users\\Admin\\AppData\\Roaming\\5E5146D6C5.exe"	5E5146D6C5.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\*5E5146D6C5 = "C:\\Users\\Admin\\AppData\\Roaming\\5E5146D6C5.exe"	5E5146D6C5.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CryptoLocker = "C:\\Users\\Admin\\AppData\\Roaming\\{34184A33-0407-212E-3320-09040709E2C2}.exe"	{34184A33-0407-212E-3320-09040709E2C2}.exe

Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1852	2196	WerFault.exe	109
3680	4424	WerFault.exe	135

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
2016	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133411408467335044"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 26 IoCs

pid	Process
2104	chrome.exe
2104	chrome.exe
1100	chrome.exe
1100	chrome.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2104	chrome.exe
2104	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeCreatePagefilePrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeCreatePagefilePrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeCreatePagefilePrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeCreatePagefilePrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeCreatePagefilePrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeCreatePagefilePrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeCreatePagefilePrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeCreatePagefilePrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeCreatePagefilePrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeCreatePagefilePrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeCreatePagefilePrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeCreatePagefilePrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeCreatePagefilePrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeCreatePagefilePrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeCreatePagefilePrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeCreatePagefilePrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeCreatePagefilePrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeCreatePagefilePrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeCreatePagefilePrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeCreatePagefilePrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeCreatePagefilePrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeCreatePagefilePrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeCreatePagefilePrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeCreatePagefilePrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeCreatePagefilePrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeCreatePagefilePrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeCreatePagefilePrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeCreatePagefilePrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeCreatePagefilePrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeCreatePagefilePrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeCreatePagefilePrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeCreatePagefilePrivilege	2104	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe
2132	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2104 wrote to memory of 2496	2104	chrome.exe	56
PID 2104 wrote to memory of 2496	2104	chrome.exe	56
PID 2104 wrote to memory of 4456	2104	chrome.exe	83
PID 2104 wrote to memory of 4456	2104	chrome.exe	83
PID 2104 wrote to memory of 4456	2104	chrome.exe	83
PID 2104 wrote to memory of 4456	2104	chrome.exe	83
PID 2104 wrote to memory of 4456	2104	chrome.exe	83
PID 2104 wrote to memory of 4456	2104	chrome.exe	83
PID 2104 wrote to memory of 4456	2104	chrome.exe	83
PID 2104 wrote to memory of 4456	2104	chrome.exe	83
PID 2104 wrote to memory of 4456	2104	chrome.exe	83
PID 2104 wrote to memory of 4456	2104	chrome.exe	83
PID 2104 wrote to memory of 4456	2104	chrome.exe	83
PID 2104 wrote to memory of 4456	2104	chrome.exe	83
PID 2104 wrote to memory of 4456	2104	chrome.exe	83
PID 2104 wrote to memory of 4456	2104	chrome.exe	83
PID 2104 wrote to memory of 4456	2104	chrome.exe	83
PID 2104 wrote to memory of 4456	2104	chrome.exe	83
PID 2104 wrote to memory of 4456	2104	chrome.exe	83
PID 2104 wrote to memory of 4456	2104	chrome.exe	83
PID 2104 wrote to memory of 4456	2104	chrome.exe	83
PID 2104 wrote to memory of 4456	2104	chrome.exe	83
PID 2104 wrote to memory of 4456	2104	chrome.exe	83
PID 2104 wrote to memory of 4456	2104	chrome.exe	83
PID 2104 wrote to memory of 4456	2104	chrome.exe	83
PID 2104 wrote to memory of 4456	2104	chrome.exe	83
PID 2104 wrote to memory of 4456	2104	chrome.exe	83
PID 2104 wrote to memory of 4456	2104	chrome.exe	83
PID 2104 wrote to memory of 4456	2104	chrome.exe	83
PID 2104 wrote to memory of 4456	2104	chrome.exe	83
PID 2104 wrote to memory of 4456	2104	chrome.exe	83
PID 2104 wrote to memory of 4456	2104	chrome.exe	83
PID 2104 wrote to memory of 4456	2104	chrome.exe	83
PID 2104 wrote to memory of 4456	2104	chrome.exe	83
PID 2104 wrote to memory of 4456	2104	chrome.exe	83
PID 2104 wrote to memory of 4456	2104	chrome.exe	83
PID 2104 wrote to memory of 4456	2104	chrome.exe	83
PID 2104 wrote to memory of 4456	2104	chrome.exe	83
PID 2104 wrote to memory of 4456	2104	chrome.exe	83
PID 2104 wrote to memory of 4456	2104	chrome.exe	83
PID 2104 wrote to memory of 2504	2104	chrome.exe	84
PID 2104 wrote to memory of 2504	2104	chrome.exe	84
PID 2104 wrote to memory of 3564	2104	chrome.exe	85
PID 2104 wrote to memory of 3564	2104	chrome.exe	85
PID 2104 wrote to memory of 3564	2104	chrome.exe	85
PID 2104 wrote to memory of 3564	2104	chrome.exe	85
PID 2104 wrote to memory of 3564	2104	chrome.exe	85
PID 2104 wrote to memory of 3564	2104	chrome.exe	85
PID 2104 wrote to memory of 3564	2104	chrome.exe	85
PID 2104 wrote to memory of 3564	2104	chrome.exe	85
PID 2104 wrote to memory of 3564	2104	chrome.exe	85
PID 2104 wrote to memory of 3564	2104	chrome.exe	85
PID 2104 wrote to memory of 3564	2104	chrome.exe	85
PID 2104 wrote to memory of 3564	2104	chrome.exe	85
PID 2104 wrote to memory of 3564	2104	chrome.exe	85
PID 2104 wrote to memory of 3564	2104	chrome.exe	85
PID 2104 wrote to memory of 3564	2104	chrome.exe	85
PID 2104 wrote to memory of 3564	2104	chrome.exe	85
PID 2104 wrote to memory of 3564	2104	chrome.exe	85
PID 2104 wrote to memory of 3564	2104	chrome.exe	85
PID 2104 wrote to memory of 3564	2104	chrome.exe	85
PID 2104 wrote to memory of 3564	2104	chrome.exe	85
PID 2104 wrote to memory of 3564	2104	chrome.exe	85
PID 2104 wrote to memory of 3564	2104	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/ytisf/theZoo/blob/master/malware/Binaries/CryptoLocker_20Nov2013/CryptoLocker_20Nov2013.zip
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff78979758,0x7fff78979768,0x7fff78979778
  2⤵
  PID:2496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1780 --field-trial-handle=1896,i,4514990717479288277,2958004759237361454,131072 /prefetch:2
  2⤵
  PID:4456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1896,i,4514990717479288277,2958004759237361454,131072 /prefetch:8
  2⤵
  PID:2504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1896,i,4514990717479288277,2958004759237361454,131072 /prefetch:8
  2⤵
  PID:3564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3080 --field-trial-handle=1896,i,4514990717479288277,2958004759237361454,131072 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3100 --field-trial-handle=1896,i,4514990717479288277,2958004759237361454,131072 /prefetch:1
  2⤵
  PID:3452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4544 --field-trial-handle=1896,i,4514990717479288277,2958004759237361454,131072 /prefetch:8
  2⤵
  PID:3308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 --field-trial-handle=1896,i,4514990717479288277,2958004759237361454,131072 /prefetch:8
  2⤵
  PID:1160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 --field-trial-handle=1896,i,4514990717479288277,2958004759237361454,131072 /prefetch:8
  2⤵
  PID:3636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2812 --field-trial-handle=1896,i,4514990717479288277,2958004759237361454,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 --field-trial-handle=1896,i,4514990717479288277,2958004759237361454,131072 /prefetch:8
  2⤵
  PID:3844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1652 --field-trial-handle=1896,i,4514990717479288277,2958004759237361454,131072 /prefetch:8
  2⤵
  PID:820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 --field-trial-handle=1896,i,4514990717479288277,2958004759237361454,131072 /prefetch:8
  2⤵
  PID:2996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5692 --field-trial-handle=1896,i,4514990717479288277,2958004759237361454,131072 /prefetch:8
  2⤵
  PID:4856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5896 --field-trial-handle=1896,i,4514990717479288277,2958004759237361454,131072 /prefetch:8
  2⤵
  PID:1192

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3280

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4076

C:\Users\Admin\Desktop\Vcffipzmnipbxzdl.exe
"C:\Users\Admin\Desktop\Vcffipzmnipbxzdl.exe"
1⤵
PID:2196
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 408
  2⤵
  - Program crash
  PID:1852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 2196 -ip 2196
1⤵
PID:1380

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /6
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2132

C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask
1⤵
PID:2116

C:\Users\Admin\Desktop\Vcffipzmnipbxzdl.exe
"C:\Users\Admin\Desktop\Vcffipzmnipbxzdl.exe"
1⤵
PID:4424
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4424 -s 380
  2⤵
  - Program crash
  PID:3680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 4424 -ip 4424
1⤵
PID:2136

C:\Users\Admin\Desktop\1003.exe
"C:\Users\Admin\Desktop\1003.exe"
1⤵
- Adds Run key to start application
PID:1416
- C:\Users\Admin\AppData\Roaming\5E5146D6C5.exe
  "C:\Users\Admin\AppData\Roaming\5E5146D6C5.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  PID:1348
- C:\Windows\SYSTEM32\taskkill.exe
  "taskkill" /F /IM 1003.exe
  2⤵
  - Kills process with taskkill
  PID:2016

C:\Users\Admin\Desktop\{71257279-042b-371d-a1d3-fbf8d2fadffa}.exe
"C:\Users\Admin\Desktop\{71257279-042b-371d-a1d3-fbf8d2fadffa}.exe"
1⤵
PID:4704
- C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe
  "C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe" "/rC:\Users\Admin\Desktop\{71257279-042b-371d-a1d3-fbf8d2fadffa}.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  PID:1364
- - C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe
    "C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe" /w0000021C
    3⤵
    - Executes dropped EXE
    PID:3328

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Windows\WinSxS\amd64_microsoft-windows-shell-wallpaper-theme2_31bf3856ad364e35_10.0.19041.1_none_8ccaf9c8444b9274\Desktop.ini
1⤵
PID:2012

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Windows\WinSxS\amd64_microsoft-windows-shell-sounds_31bf3856ad364e35_10.0.19041.1_none_cd0389b654e71da2\Desktop.ini
1⤵
PID:4624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Network Service Discovery

T1046

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
335KB

MD5
3c877dfd0d60572be7c939c08c39866d

SHA1
07789609b3dff0b2f2b0acadc4a57e1c50e9eea3

SHA256
e908dca957b9cb7759feeabef0f2921e3cb236368acc5e124e87af0492308b14

SHA512
b2a392b84cc763e0fd248424f077d6cd4b94e86ba43cbef49e967f974ee0fad503f1556b847f4484343e8fad57a64542a9f1007ed13dcfe78936ce19110cfde3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
70KB

MD5
c3adb3e2370c964162babae20c88c142

SHA1
e4fac0316d7aa81969ed906ccb9c900d9f3b6b32

SHA256
8bbd7978caf86b0f17690586225e296123d6664916e40a4b02a65cc605e4692b

SHA512
f672cf944b87c3df559cd3f0adb5acddc909638b61eb785be94e5592893cac0f415dee5d3cec8115dfd95a06c1dae34a7381eb7d12972142e53c58ccd7b989ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f0852a0f75bc6c3d2595ab690ad01885

SHA1
3ee64bb05b1e6ca18512fe2195d85964a88e4a7a

SHA256
1bc001f28e499130aa23c02dc2a2621e9aeae67981a0c33ebdd90747c7bd1094

SHA512
a274f11068d6a9e0b100146e06689fd5a9522747113b732bd27ce91f9847e638fef35aa36ce3b37344ab294427256e0329f140d7f01ca577b288df3384349c05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\22744166-875a-4b39-a253-9b983a81a9ef.tmp

Filesize
1KB

MD5
5d06fd0442839fbfcf54e9191df2241d

SHA1
c152a7555f0b5c1eb510ba993003d444d5e3d420

SHA256
fda8a318c069b7a44a5282d12523f60e263a202e143ddf47c22d2ab4b623aa6f

SHA512
a9b520326e2bcf7eecf0ed55187ea237bfb6ae71b4ea8e61da658c3168ea0ae70ba7d7b51321a734142ba6d46686c8916112330d52d1d02cca8f5af9acc6efbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
82c5cdb84c3cf67519ed362cb0d5985d

SHA1
d67cd61ad9c5a4ab7c89c9f66e99c81131899175

SHA256
bfeaafc65d3bb1ff6faae2d21bf05a8fa7dcaf0cc8615b93996f924c461f097c

SHA512
c4c4cf9a3e7d7da18197fb8fe3c2700ceeb8f17e3919012c408fb00c320954a3f4104993a888bd7eef348ff6389192c38e8ab2f86b163342427cfc23d33ce4c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
5eb65cb65f74503096c50c67562c5758

SHA1
41d072b79091173077a9e9e5bd2a96902d947fc2

SHA256
0b58f3ac3892a1315108c98dbcb23f62f29dbca1aec63461760c1bec9dc3bcb1

SHA512
76b399a49d36501d7171863af37104310169642129e9a1018b4f98d1d56d3a33b7fb28c5e2d9fe49fb0c248a02268a6e3d0d59f9060b558f0756969fd4182462

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
248e5bb1fe65de46c2c94c47990ff7af

SHA1
1d5045edc9a52a51ec279571bb86de700e9a78b0

SHA256
f77496385b0c52673733afd134b14bdfaae93fcb2db1d4b7b56484b830c5e97c

SHA512
871e820cd60de8644e31dee53a61105575bcabbecccb57cab6cbf40991873edb632711f48be41652cad2db7dce994cd9e92f42d306e9fae1fcf3ab29eb694521

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b0f3b5a8f32d3e1e51f714312e061a63

SHA1
1eab87617c18444f51a675f3996f49d93c40a380

SHA256
d61acb96b7cc6af36369ae962d511395b6f710c31da51a7edec1c4e681eaec15

SHA512
0b93eb07052156a9418cfacb48e91805c01440d1e93110cef0d541a37671d752401d499330bd121adcd9631a31668db8aa435fbf62307c51034e4fe4e8623be8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
93d2196e358e7b7d5959ad02ac5ebc2c

SHA1
ab6e46289192716cbd0297afa92736f282727e39

SHA256
85d287cbc11a77db3cdd5a02e34bddc12b3d52cc72a6c1fe587c8486f0a9060c

SHA512
a2ee7b0082409b842be31564c491904a088c8559d65a50ddd4ec9860e8bd6d4297ed331e3d8298aaed3296a3ce383a1fdd329f131208b7c16d09f98f21f3c187

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e78d51367c15f8c30e653e97760cbfa2

SHA1
6a58bdd9b6650ce8dbdc7835a1d86cfa32f404b2

SHA256
f95a15d141b0a466283b59ac33326b9c6756ba464069a438a286af13584585e3

SHA512
6cf7c997afb6de15e3b79774ec29cb81e0f3a2dead9e13334a3ece7fb947eac1e5b6cbc6db6384a419c40fde825b7e469598bc9c8e30282f53d96d48b4e012b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b13fdfa2036b38453b14534d2447e4d8

SHA1
ae36efeba6708492c1a082ea243fb4f006985aa9

SHA256
cee4c6b72a6f4b875e360a3187399f8179f09466a69dbb6a1bf92612fe66e4cc

SHA512
a16ecd053cfd7d560a0aae71220fa27412db87b63bb1ae9f4e0a4af97337bb58e37cf800d012f9328fc87c1fccda075f255864f8273a31bb47b2c25db8f2ee54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ae39db0afaf9d6e45fdf677f4013df81

SHA1
37545110dc9c9248c2be81c5106a79b832f00869

SHA256
b24e29942431b4346b9694f12958a68956d0925bb7eab2260413392562633286

SHA512
9a95e8d383102baea1d8356aa3cb4f1fdabd98266506697601b6156ebbfe53f67f6d2baf2a9872ffda71a18dec8857422b744ee4ac5d952b7a9fb03c4ff25c62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f4d51edeffee8818d8e4059bf1a34cca

SHA1
47f0744e602da745c05b1d90ae2d00ce861143f4

SHA256
0971e8feda9f319e12b34a10697725a3fb9b97f7c05ab51057d21d80ce953b5a

SHA512
cf7369cef13ac2a2a1c4376189c89f91d87cc908da6a49827dd729e06d305f4f1e34e8ba09724fd09bf4860acc8f20c9059712ae0440a0dbe7df9d01e5fca4fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7a9a2a053ec7d63f3dd3f98422041526

SHA1
bfb123c80deab23519ec1926f1b3321cb8d2f264

SHA256
0d5160a65cff98ef5e6475d1c1adcf83d46cfa6e09ea839f4dd5033cc1cf2267

SHA512
b995c954472cc686b779ca4ae656c52984cb608e4e4c9cc62d409999b048aa53c28cf05585504db1032ec8db2def03bec337cdcaeef0f7b1e3d65ead7a0938f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f5ca8ed57c491e047a541138d1f6eeb9

SHA1
200c5b1b0b60da6079bf0cbda45a627340f27c3d

SHA256
6a5c46033d4dbf4e9af0ea5290b8d742f1151ae60ac85b1e8e6c767c919554d7

SHA512
678fa0dd39d7238707bb73b762dd898df0bcb147ef2d5313582680e24be47f5f9710faaade9e155572b564958078ccc823cb7ad9352cac0949b3792ef3dcbde3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
53e8d7a25f32bc7aa09f7505157c9cbf

SHA1
48abaad4e8425160f068c3d5d8dce39eeb1509f4

SHA256
5535555fb799cb0695bbfd5d15eda3525d677371edf0b04635425781966b270a

SHA512
51240c0c52461464f4f6ddde40ba5dbe6e6121af153e32dae235670224f4a3288ffca8b151173c292417f4310038bd134c72c04b3faa0f40eacc147e2afa4d96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e1bc7ed2204a6935d27675134d994dba

SHA1
686a9174ad658a8e1c926edb8ea49bb9bb8b1585

SHA256
98988b8479ab4defa5c836e1e27a6e171261d5fdd4bd84e817f138dee694e6cc

SHA512
b54a7438ef037737194f4607e29aaceaa9705919b08c6925a02fe2c0d364c266aca212ae14a8cbc38d0682b1b6c6e2049928815e56ce7b6fab4005e70fd2e4a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
667d5ba1d53f7cbef86308dadc350a7d

SHA1
e0051fcf921d261380905e4abe6c579e615efe91

SHA256
20b86806f5346f4a253a361eee8a1d63f707add4037b37fee523b21b79460511

SHA512
c0c59923e804a2c1e5216ff2c8d47fb4f5733778a8ecb36cb4e0bf6cb62c535bab6c0b62523feae2654fbb7dd1accf744ad99d7b95f01b27be5ec5e41a7c3d70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4dbd0139a9078bed52ec9bf422b9b038

SHA1
9f202744f0a708a24c56ce84875ef3e736e8cdca

SHA256
155545b5979ac1989ba266259e4e295d4e9dddcaa6d97c4cd56505aa7d579cb6

SHA512
4a947a2c239595f7801034e39a71c2f79d8fc078fe8511b23f28aad16d646aacd22cab4099c1b5ddac356534e0f7c04a3eb13c5e4a56e683979982a3adfb03af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a9788ea107af3d9b0dbafb6b350a86f5

SHA1
feda567bf52feda928e82d85a31e62c856e72e64

SHA256
7a986358abc8367a9a6968b9e9b8b7c77aac7d2241390794790e41a55573047b

SHA512
09c13087dac777661037c7dbd8b32fe78807b72fe1613f026342e16861728260984cb4554d267a5b0f8164bcf5ea8d2daf7f5c1de4cd06583d63a6065999c3b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6ea0a8bd5d4780cd11297907a5b72fe5

SHA1
354f4456ee3f407fb4c00ef8edee2875ca29a527

SHA256
939d35fbe2ea904565e504911a2bc9f473784c26b224db2e2be0ebb02a99b805

SHA512
26afec8872ca1a81d8cedf9a66e447ce0b386f87e16427ddf9f5d2ee802190f4d29ea9527ff72dc48c8fbb25f3aaf6f60efe8b16a43d9a816c2c95a911e51e65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
96bd8642c64941a6345e0eeb9030fccc

SHA1
94e54073175709218fe0cd6e0da41d2e3f299627

SHA256
d8670be63531375a5f52cd7a88a62b1c4522922799c99df0e4877e495abccef6

SHA512
62a9ae77870b3390c79d03282cad779e929e1f9009aaa10a90731369046531f145a9edd4a61a89db26deb0d2d88ac80e2209a55f2f31f619bf65e3e9beba6a44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c95d5bd9d542502fa8353050f70e14cc

SHA1
62082073e8256bdcf428a81457acc2ef866f6733

SHA256
b6b60ab548f5282e1e1662f62a420b46688de4bf897298cb22f39fa04da29f1b

SHA512
65c0e5a7b38052d4d31e91eff1b077cc703e3cf61e607a301763d4b0b7a14f88a241ec9061bc49cc134b718538b44d398dba35099902787138b7bc29e4bd1bdc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b02c309bcf254bbfb90f798ab48eb9d3

SHA1
6e598e004fe6e2841639ef79aaa8f78c328492de

SHA256
3ed5b1b4daf53df5ce7cdc6e095bbc1b8cf02fc113de54812ae554256b00a21f

SHA512
10cb10362af48a545b5685464c7e1e03cfb7c0a7685bdc1a80ee6f83155e81d9052c114cc11be9e2cee3f72716a321b1f3ae9701f601b08ff42777424ab789a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b9e81b0398303a2bdea5036dfde52b7d

SHA1
f2b7bd54c1c5f0807f18992ccd4d52a3a04acc15

SHA256
314b57a70de1f357bfec76c9676f83e7791efa7ec45f52ac2656d3af183258ee

SHA512
64431ee077be6eaa18fe2258ff0deabf159ead4898a917c760a2928f468c8e2a3d43df15b68253e7b244fa9288a60d585b31bb88b6fb81247bebc3ce64ab9a61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
610a5a06379ab030ff033251b52cb9a1

SHA1
ac223bba114c062952f543372deb38105d5a1069

SHA256
2fcc3ac8c3745a69a895175813486aae477f4c7ecf9f4df9bdbc11187338441e

SHA512
b8d7220f7b0094afb664b240d7d101a62a52ae819e28b13e1429d3fce58635a3734150ec33e3f0eaa96be3ae275ce04dcf18562ef65f9d6bcc68229c695d050e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5e5443658858fcb3e14d1224b838fdc1

SHA1
0a7863bc9dbbc914bdf5ddb739b29b03ddf27748

SHA256
02572910f2e4c591c9d2ec0cfe928edbc3b0d6a15af096347a1d3ad8eed89992

SHA512
ed07d6a562bedec2e9c81af7276bfaddc55bc042ec314d22c951dbc7f240980b161121e50ca20290799506344348dea7fd9a64e16f5e7e1fde9204bf1c3b85c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
345e9d3231fea2c123abe80a29b55cf6

SHA1
6b8c5914be2473fe011d85da24a0e9b390ed02c9

SHA256
a3e885e49156933d3a44b0c44ebc325db018c082a659e3a0da71096a1e7f4a69

SHA512
c43d4cf1c73c0234fe484e768bfe4ef85285a4f7a2d8a265787b00fb8ae5d8f572060f039de0b9be65fdfffa8bc64924b49e04566939bf07ed4359b118e0955f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5948a5f9b962c82454fc59fc3c109d34

SHA1
70009503d39cee9e3e80a1d1cd5a0ab409ad9b79

SHA256
e2c1ca3c553f90f923ce1ca49f69162b4658407d7089fb384eddb543767151c1

SHA512
6194683ddb3026bcd0971c507c7f7cdffd35cdfbce5363466e9593db7f7a39a51e6cc7ea61459cc185abd8687a75457ae08b9b10cb1af6a677e68019275f1f11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0408df4ce765d7fa95f1f66d34df19d9

SHA1
627bd3b527bb11a7ae4ec80b45da14332721d669

SHA256
c2bfe086655d520d246922bb504234d1e50ca2af83d91320758bd5cc926a05d2

SHA512
7da3a06ac090810e9d4089d251fed81219549f65075fc2c643be5c24620695d8e8b7c4bcd2fa12ab5c55b51c77509a6f031858b0433e7a877d629e5acb683c50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
76270345e4e5fe2bbde5fa0e4b3e40a9

SHA1
f43839444b1b52830df2811c9398e468bc10f37c

SHA256
d09c2ed9244c1dfa0126e49e8b2e0cc1f9c9151cb4176910edb3625d5691606c

SHA512
4fb6c9b5d9255cd2080f8b524f9eadab604defbb0a771c7f93d0d85ae98c2ab2243212b35e384e2b41e17711652f617015c9fa12b9785995c3ec5703456d5d68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
509549bf3bd3a36eaeef4c0356f4f88e

SHA1
9824ac581c262e069798c47b7059dafe63674b36

SHA256
789ff64913fd56628cfdf4a2babbb79e2a3096ada028f474cc8f8f74a432780a

SHA512
903cfdff21b21dde3d83128bb0d348209f9742b57cb346cba98318a84043d5e918ffd1ebf5d0ebaf5b5a9b3b0349555504dc86fd9477fcdbc6cd156dfad4333b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
9a7db8e3e27484e0d6769e2042961386

SHA1
82c783c87626ec839ab2789e92badef2d9126de8

SHA256
5183f9660b25038b2b02bd62af3714cac65c34ec78a62ea87c2f8463594a3f3a

SHA512
f24202871689477a7e8e9c1631837a8cee61cf80cf7336db5416e525c0cc73d0287efba969eae70d9a7950197d3e9a9763f458c6ec1dc39c1823cc12d57d52f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0073e12d5fe0f97b0cd36f354a68e9db

SHA1
d5f3446b03146f6d5b16d3a93f078a2159f3e9df

SHA256
75392132949bf9dfec6ead446cdeed0eb27f7abaa0f8e54acab35e70b2fa3d7a

SHA512
6b914f4469ea0d952b6b93041a148dec9596e65b71922baa5a43684be3f14c6f4de558bcf6996b042591bb3a25acf6c89eaaeeeae1fd4097b00d558263951d47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5a7ee3d16fecd9d82f3d3ccdbf9b6aba

SHA1
aca88ef78d9e33d3f205a2ec0172ae0305660979

SHA256
beecd1e1ae339d9ef3cfb66c7292ebd6ad7c56c3d35e0e79d901ae8e769fde2b

SHA512
1c85f0a745bd3073e3b945701278c99963eca65443cd8f8110bced7a5d6ffa124edb13735bc22bf2f55206de4ae994e71ff57439d4334fabc88b0ead932fddd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3f13551788a308731ebee310ed171497

SHA1
484b61e03a536fbde300c0fdd63dfaf13b933760

SHA256
a425fe44db2070d7232f1ad13abc68f520ed11a3ff57a273fdd782419cb446eb

SHA512
6707e31d9d4ed07bf0e35e1d43dd59b2d01d6f6e9e72e1feda88d9bf0397061957a79360fe363577c60f5ee4be91a4d0fd2c85560d532ce8499b61a4dd433440

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
38823c4a5ad8cb08327fcbca19fdedb0

SHA1
b8b5a18e7926eafdfb2715ed2ebdf1d567b9f26f

SHA256
f64d807b0ef00de99c3687ec01ccd2184b381b05ad9f03eb0b25bed44e530ca1

SHA512
37c13d69629834dd7de4b08c3da07ab613a961cf0a0cdeaa61e1036f0043d9fd4825ea4e241ad614248bbb143b70a782a4a7520ec78d6cf940698529fa57834b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e6582a54fe81ed2db15844e1b5838a6a

SHA1
2501d10bd2cee95fb580238f340224a13c598ebe

SHA256
9b6dc75706630ab0306d83322298749bdc5fa9e486def877693fe06a712294cf

SHA512
28b22662eda36588b5d4294fecd47e9ca62a09d1c0f483548ec59ef92d059f30a27793a453c203cd5a935ab585f4584c7f694dd9d6c9eeea6db17e0967a4973d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
af4513095ed36c316d9ea68e595ae28d

SHA1
414abf160e05be357c57f50da2e5de4222516c98

SHA256
31208680ad34a483ea964564b2eae7c46e5033795f3444bb04f2a4d9797deb29

SHA512
a105f87524c3af303c9c5bb0bfd0c21bc6da424a8c556e8725612869ca96ef6727d9241ffb4e1b479f640a7a4a5c3318b41eebc8828c44841a519fcdddfb4f38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ff2eac472ddb9510ad7200d311344d07

SHA1
e900e0e6917c81155bfbb4dc2aebe5ef1f4ef08f

SHA256
94462b096908a3e6c7b09fba328f06abee1f3a68e878eab7b41ee2a97fb3c7d2

SHA512
fb6c2dc2fdb933055243b641d305518b0ba618a0452c1a26200c84cd63244a5f66747353a8cba225451425c687508e099dc6eefad9a58d094d00b60acf05e66d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2016190faae247ff5a6ca864c71b9b9a

SHA1
523606fb59c1eedb3bd0b53e1ffeff4520e631bd

SHA256
37e9b050c66365cd082559bc4be5bb67174bb722f10f496a4576c782e0d46b2d

SHA512
adebdbc897d85289cc10fd6048c32f9084f8b12eb4e0ad8a3635c65587f3fdd567a734e13c4a4c230cdc1fa63febc64e7bbc56addb3939bc99b69977c009326a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b60ad114c0658e1c8a5d214c26bbd1e9

SHA1
aabcb73bfb35711fad6ec3c39cfc4f4c23c3101e

SHA256
c87564e3aa48b4bc1c36616cc8765ab8893a691842b4e30960987b7960b1e98d

SHA512
023e88693c60892a0afb2534ad00d4374164d08eb605be7196fdb97dbd952e7645459a20a3bbafceea3c661ae8a2258ace191e21b9acea0b8f373836bb7c1cb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0f7a1ffcc01c6d369f00d06c99e6f53c

SHA1
149f544f1cda1d1b19d05bc2d6d77aee692ab221

SHA256
3d305ec2f6ff034d2c6e5fac08b804250cb43f53d635ae250194c586e91a5558

SHA512
7aecc8b8cba65e831d4d9bad8e964a60409400a0536f3dc8c0622220614d83c275315e3fbd98cb4c6b958672df1f2350c59efc809f5b0da7ee784ab13d80ac4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
25f2e756c38e8fcad7bfe4b2ac96bf10

SHA1
6c5e383cfc3453c767d7f42ed29c4712f957ae33

SHA256
3cd49e8410deb2cb2f41ba35f9c9d31949c6205671feaee50df40213148f23c3

SHA512
69ca426cdda1ef84500c6125b4617f1ecf61e1609d76eb5231b7a0c6d48127709f8cef805f2f4013ca02388bd806b01817d9c1a1cf875d23ea512803f9aa2abc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ccf9ab8f52c167a5868ed3845e4e70a2

SHA1
a0ae40d5c7f844bd9dcf772cbc7c584e4affe0c8

SHA256
208f6d0cbe34c89119c7abee8b23d6d5f1a2071a99831eba5aefa93fb6949b37

SHA512
4d77cc21f9e3b7fdf7e48b6bd0ad8193d0b418a5ca3ce8c0ce94f19c807ffff1b0408ac9fda0c405e9424832dee2ac6fc4c4930020bb8cee986cea3f7fb8b76a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
73527d87d4917a244aac3c3a9435b9f5

SHA1
3e61787f5b58963c1d1c0966f21496965d627a62

SHA256
182286b494443ba9e646c7c1785f50d32b703d9095445ce7e8b61f9f128325af

SHA512
6c7d8f1f6a6c33d1896888d17633c909eb2ff2013b2f927feae7d9a1c48ccd996bcee03d797c9ba8c68bedf3d3e5fc691a74947ca006507551e7d1fdfbf3ce6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
d23eef7f70525e20ed919fc959b11a61

SHA1
157b01962e7d55a353f5a7aedc6602d8e0f1f6ef

SHA256
9a72875a47cfd4a47a34f19ed6274d1ab9ff49489a91e43017dfa8278ca4fabd

SHA512
58af3e7d88f9a51da9777ef8a8bc0de705f8e9c4f34cae4be7d9f212187746ddb0351adcd58c3d24ecf3bf889c47f0be5f8daf186a915bf5f3e837816be9eedf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\5E5146D6C5.exe

Filesize
255KB

MD5
0246bb54723bd4a49444aa4ca254845a

SHA1
151382e82fbcfdf188b347911bd6a34293c14878

SHA256
8cf50ae247445de2e570f19705236ed4b1e19f75ca15345e5f00857243bc0e9b

SHA512
8b920699602ad00015ececf7f58a181e311a6726aece237de86fcc455d0e6fcb587fe46f6ef2e86a34fe1c52d835c5e2a547874a7906315247f07daa30e4323a

Download Submit
C:\Users\Admin\AppData\Roaming\5E5146D6C5.exe

Filesize
255KB

MD5
0246bb54723bd4a49444aa4ca254845a

SHA1
151382e82fbcfdf188b347911bd6a34293c14878

SHA256
8cf50ae247445de2e570f19705236ed4b1e19f75ca15345e5f00857243bc0e9b

SHA512
8b920699602ad00015ececf7f58a181e311a6726aece237de86fcc455d0e6fcb587fe46f6ef2e86a34fe1c52d835c5e2a547874a7906315247f07daa30e4323a

Download Submit
C:\Users\Admin\AppData\Roaming\5E5146D6C5.exe

Filesize
255KB

MD5
0246bb54723bd4a49444aa4ca254845a

SHA1
151382e82fbcfdf188b347911bd6a34293c14878

SHA256
8cf50ae247445de2e570f19705236ed4b1e19f75ca15345e5f00857243bc0e9b

SHA512
8b920699602ad00015ececf7f58a181e311a6726aece237de86fcc455d0e6fcb587fe46f6ef2e86a34fe1c52d835c5e2a547874a7906315247f07daa30e4323a

Download Submit
C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe

Filesize
338KB

MD5
04fb36199787f2e3e2135611a38321eb

SHA1
65559245709fe98052eb284577f1fd61c01ad20d

SHA256
d765e722e295969c0a5c2d90f549db8b89ab617900bf4698db41c7cdad993bb9

SHA512
533d6603f6e2a77bd1b2c6591a135c4717753d53317c1be06e43774e896d9543bcd0ea6904a0688aa84b2d8424641d68994b1e7dc4aa46d66c36feecb6145444

Download Submit
C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe

Filesize
338KB

MD5
04fb36199787f2e3e2135611a38321eb

SHA1
65559245709fe98052eb284577f1fd61c01ad20d

SHA256
d765e722e295969c0a5c2d90f549db8b89ab617900bf4698db41c7cdad993bb9

SHA512
533d6603f6e2a77bd1b2c6591a135c4717753d53317c1be06e43774e896d9543bcd0ea6904a0688aa84b2d8424641d68994b1e7dc4aa46d66c36feecb6145444

Download Submit
C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe

Filesize
338KB

MD5
04fb36199787f2e3e2135611a38321eb

SHA1
65559245709fe98052eb284577f1fd61c01ad20d

SHA256
d765e722e295969c0a5c2d90f549db8b89ab617900bf4698db41c7cdad993bb9

SHA512
533d6603f6e2a77bd1b2c6591a135c4717753d53317c1be06e43774e896d9543bcd0ea6904a0688aa84b2d8424641d68994b1e7dc4aa46d66c36feecb6145444

Download Submit
C:\Users\Admin\Downloads\CryptoLocker_10Sep2013.zip

Filesize
282KB

MD5
22078ff56e3fcd674ec4b9322a7dee5b

SHA1
3a5d07577b40e85047dcfb0bd03a6fc23e7cc671

SHA256
ddb9b850fa0eee2f62463728b07bffc11eaa9b241d215029eaddf1de4ec54936

SHA512
6e1f260057ba8f8eb4568fac513f0b49094ae387d9a555c2600a75df00d1c091506e77dab58f36908b1c0cbfebb1d82984f915741c1a8b790f5f6c82f64add5e

Download Submit
C:\Users\Admin\Downloads\CryptoLocker_20Nov2013.zip

Filesize
590KB

MD5
eb5eb336636e3f6cacf6c8db6bf4ea00

SHA1
e09eea305aa0f2897b3d7dac55c2ef2857bdfa5b

SHA256
43c5f2e7aacbc9a3439a810e3768087b7c8bea191ef84d71b2aa8686befed073

SHA512
4f728b1ae4b5328feb491e163950c78e888270fd4cd0a19396ff770e5ec2bd38815ce2fa6539bda69e4601150e6c9807708255e8219ded2a18420d8340bbffd5

Download Submit
C:\Users\Admin\Downloads\Ransomware.Thanos.zip

Filesize
145KB

MD5
00184463f3b071369d60353c692be6f0

SHA1
d3c1e90f39da2997ef4888b54d706b1a1fde642a

SHA256
cd0f55dd00111251cd580c7e7cc1d17448faf27e4ef39818d75ce330628c7787

SHA512
baa931a23ecbcb15dda6a1dc46d65fd74b46ccea8891c48f0822a8a10092b7d4f7ea1dc971946a161ac861f0aa8b99362d5bea960b47b10f8c91e33d1b018006

Download Submit
C:\Users\Admin\Downloads\Ransomware.Vipasana.zip

Filesize
638KB

MD5
8d2c4c192772985776bacfd77f7bc4d9

SHA1
3b923b911d443e321e551f26c9588b16a994d52e

SHA256
1733b199a7063443c167e3caeae7dda2315f590341ea2152a9b132e1ad8e94a8

SHA512
6c24f2fe498cf38e3f3d66b62915e6fbc8c2746a1d4c3c3de270f994b02e1369b9540099c12d150712574ececbe63c8c9f28877d8aa4557fbbb7890d5a0de6c1

Download Submit
memory/1348-311-0x00007FFF640C0000-0x00007FFF64A61000-memory.dmp

Filesize
9.6MB

Download
memory/1348-313-0x00007FFF640C0000-0x00007FFF64A61000-memory.dmp

Filesize
9.6MB

Download
memory/1348-323-0x0000000000FF0000-0x0000000001000000-memory.dmp

Filesize
64KB

Download
memory/1348-322-0x0000000000FF0000-0x0000000001000000-memory.dmp

Filesize
64KB

Download
memory/1348-321-0x0000000000FF0000-0x0000000001000000-memory.dmp

Filesize
64KB

Download
memory/1348-320-0x00007FFF640C0000-0x00007FFF64A61000-memory.dmp

Filesize
9.6MB

Download
memory/1348-324-0x0000000000FF0000-0x0000000001000000-memory.dmp

Filesize
64KB

Download
memory/1348-319-0x0000000000FF0000-0x0000000001000000-memory.dmp

Filesize
64KB

Download
memory/1348-318-0x00007FFF640C0000-0x00007FFF64A61000-memory.dmp

Filesize
9.6MB

Download
memory/1348-317-0x0000000000FF0000-0x0000000001000000-memory.dmp

Filesize
64KB

Download
memory/1348-312-0x0000000000FF0000-0x0000000001000000-memory.dmp

Filesize
64KB

Download
memory/1348-315-0x0000000000FF0000-0x0000000001000000-memory.dmp

Filesize
64KB

Download
memory/1348-314-0x0000000000FF0000-0x0000000001000000-memory.dmp

Filesize
64KB

Download
memory/1416-287-0x00007FFF640C0000-0x00007FFF64A61000-memory.dmp

Filesize
9.6MB

Download
memory/1416-297-0x0000000000BC0000-0x0000000000BD0000-memory.dmp

Filesize
64KB

Download
memory/1416-316-0x00007FFF640C0000-0x00007FFF64A61000-memory.dmp

Filesize
9.6MB

Download
memory/1416-286-0x00007FFF640C0000-0x00007FFF64A61000-memory.dmp

Filesize
9.6MB

Download
memory/1416-299-0x0000000000BC0000-0x0000000000BD0000-memory.dmp

Filesize
64KB

Download
memory/1416-298-0x0000000000BC0000-0x0000000000BD0000-memory.dmp

Filesize
64KB

Download
memory/1416-288-0x0000000000BC0000-0x0000000000BD0000-memory.dmp

Filesize
64KB

Download
memory/1416-289-0x000000001B170000-0x000000001B188000-memory.dmp

Filesize
96KB

Download
memory/1416-294-0x0000000000BC0000-0x0000000000BD0000-memory.dmp

Filesize
64KB

Download
memory/1416-290-0x000000001BC60000-0x000000001C12E000-memory.dmp

Filesize
4.8MB

Download
memory/1416-291-0x000000001B670000-0x000000001B70C000-memory.dmp

Filesize
624KB

Download
memory/1416-292-0x0000000000C30000-0x0000000000C38000-memory.dmp

Filesize
32KB

Download
memory/1416-293-0x0000000000BC0000-0x0000000000BD0000-memory.dmp

Filesize
64KB

Download
memory/1416-296-0x0000000000BC0000-0x0000000000BD0000-memory.dmp

Filesize
64KB

Download
memory/1416-295-0x00007FFF640C0000-0x00007FFF64A61000-memory.dmp

Filesize
9.6MB

Download
memory/2132-226-0x0000013BF6EA0000-0x0000013BF6EA1000-memory.dmp

Filesize
4KB

Download
memory/2132-216-0x0000013BF6EA0000-0x0000013BF6EA1000-memory.dmp

Filesize
4KB

Download
memory/2132-217-0x0000013BF6EA0000-0x0000013BF6EA1000-memory.dmp

Filesize
4KB

Download
memory/2132-218-0x0000013BF6EA0000-0x0000013BF6EA1000-memory.dmp

Filesize
4KB

Download
memory/2132-222-0x0000013BF6EA0000-0x0000013BF6EA1000-memory.dmp

Filesize
4KB

Download
memory/2132-223-0x0000013BF6EA0000-0x0000013BF6EA1000-memory.dmp

Filesize
4KB

Download
memory/2132-224-0x0000013BF6EA0000-0x0000013BF6EA1000-memory.dmp

Filesize
4KB

Download
memory/2132-225-0x0000013BF6EA0000-0x0000013BF6EA1000-memory.dmp

Filesize
4KB

Download
memory/2132-227-0x0000013BF6EA0000-0x0000013BF6EA1000-memory.dmp

Filesize
4KB

Download
memory/2132-228-0x0000013BF6EA0000-0x0000013BF6EA1000-memory.dmp

Filesize
4KB

Download