1309a6fa0c310a60167f6d7634cffa122e7863cc6170056dc6728dc27f107370

Analysis

max time kernel
558s
max time network
511s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19/02/2024, 16:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

feeshes.png
Size

41KB
MD5

2a48ff83b98727d33aa4b59596e2d768
SHA1

ddae380e216a4c584f9fcda6605d9559999a2d9e
SHA256

1309a6fa0c310a60167f6d7634cffa122e7863cc6170056dc6728dc27f107370
SHA512

067388fd714898a679b850558daccffb915c6221d2f1fdcce924f04b9bbcd95fb99e84baf28b8c66adc98e10d1c01b6371c7d8511eeafebefae117c567d7c164
SSDEEP

768:1ViUr5czQm5fPZfn/zHacCc9QITKVTVtiHK8RQfg7DVnGykv:1bdcz1R/OcC+QWKVTcvGyI

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133528327187436153"	chrome.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Local Settings	7zFM.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	7zFM.exe
Key created	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	7zFM.exe

Opens file in notepad (likely ransom note) 2 IoCs

ransomware

pid	Process
2796	NOTEPAD.EXE
1164	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3756	chrome.exe
3756	chrome.exe
2544	chrome.exe
2544	chrome.exe
2116	7zFM.exe
2116	7zFM.exe
2116	7zFM.exe
2116	7zFM.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
2116	7zFM.exe
3952	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe

Suspicious use of FindShellTrayWindow 44 IoCs

pid	Process
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
2116	7zFM.exe
2116	7zFM.exe
3756	chrome.exe
3952	7zFM.exe
3952	7zFM.exe
3952	7zFM.exe
3952	7zFM.exe
2116	7zFM.exe
2116	7zFM.exe
2116	7zFM.exe
2116	7zFM.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3756 wrote to memory of 5076	3756	chrome.exe	95
PID 3756 wrote to memory of 5076	3756	chrome.exe	95
PID 3756 wrote to memory of 2164	3756	chrome.exe	98
PID 3756 wrote to memory of 2164	3756	chrome.exe	98
PID 3756 wrote to memory of 2164	3756	chrome.exe	98
PID 3756 wrote to memory of 2164	3756	chrome.exe	98
PID 3756 wrote to memory of 2164	3756	chrome.exe	98
PID 3756 wrote to memory of 2164	3756	chrome.exe	98
PID 3756 wrote to memory of 2164	3756	chrome.exe	98
PID 3756 wrote to memory of 2164	3756	chrome.exe	98
PID 3756 wrote to memory of 2164	3756	chrome.exe	98
PID 3756 wrote to memory of 2164	3756	chrome.exe	98
PID 3756 wrote to memory of 2164	3756	chrome.exe	98
PID 3756 wrote to memory of 2164	3756	chrome.exe	98
PID 3756 wrote to memory of 2164	3756	chrome.exe	98
PID 3756 wrote to memory of 2164	3756	chrome.exe	98
PID 3756 wrote to memory of 2164	3756	chrome.exe	98
PID 3756 wrote to memory of 2164	3756	chrome.exe	98
PID 3756 wrote to memory of 2164	3756	chrome.exe	98
PID 3756 wrote to memory of 2164	3756	chrome.exe	98
PID 3756 wrote to memory of 2164	3756	chrome.exe	98
PID 3756 wrote to memory of 2164	3756	chrome.exe	98
PID 3756 wrote to memory of 2164	3756	chrome.exe	98
PID 3756 wrote to memory of 2164	3756	chrome.exe	98
PID 3756 wrote to memory of 2164	3756	chrome.exe	98
PID 3756 wrote to memory of 2164	3756	chrome.exe	98
PID 3756 wrote to memory of 2164	3756	chrome.exe	98
PID 3756 wrote to memory of 2164	3756	chrome.exe	98
PID 3756 wrote to memory of 2164	3756	chrome.exe	98
PID 3756 wrote to memory of 2164	3756	chrome.exe	98
PID 3756 wrote to memory of 2164	3756	chrome.exe	98
PID 3756 wrote to memory of 2164	3756	chrome.exe	98
PID 3756 wrote to memory of 2164	3756	chrome.exe	98
PID 3756 wrote to memory of 2164	3756	chrome.exe	98
PID 3756 wrote to memory of 2164	3756	chrome.exe	98
PID 3756 wrote to memory of 2164	3756	chrome.exe	98
PID 3756 wrote to memory of 2164	3756	chrome.exe	98
PID 3756 wrote to memory of 2164	3756	chrome.exe	98
PID 3756 wrote to memory of 2164	3756	chrome.exe	98
PID 3756 wrote to memory of 2164	3756	chrome.exe	98
PID 3756 wrote to memory of 1836	3756	chrome.exe	97
PID 3756 wrote to memory of 1836	3756	chrome.exe	97
PID 3756 wrote to memory of 4112	3756	chrome.exe	96
PID 3756 wrote to memory of 4112	3756	chrome.exe	96
PID 3756 wrote to memory of 4112	3756	chrome.exe	96
PID 3756 wrote to memory of 4112	3756	chrome.exe	96
PID 3756 wrote to memory of 4112	3756	chrome.exe	96
PID 3756 wrote to memory of 4112	3756	chrome.exe	96
PID 3756 wrote to memory of 4112	3756	chrome.exe	96
PID 3756 wrote to memory of 4112	3756	chrome.exe	96
PID 3756 wrote to memory of 4112	3756	chrome.exe	96
PID 3756 wrote to memory of 4112	3756	chrome.exe	96
PID 3756 wrote to memory of 4112	3756	chrome.exe	96
PID 3756 wrote to memory of 4112	3756	chrome.exe	96
PID 3756 wrote to memory of 4112	3756	chrome.exe	96
PID 3756 wrote to memory of 4112	3756	chrome.exe	96
PID 3756 wrote to memory of 4112	3756	chrome.exe	96
PID 3756 wrote to memory of 4112	3756	chrome.exe	96
PID 3756 wrote to memory of 4112	3756	chrome.exe	96
PID 3756 wrote to memory of 4112	3756	chrome.exe	96
PID 3756 wrote to memory of 4112	3756	chrome.exe	96
PID 3756 wrote to memory of 4112	3756	chrome.exe	96
PID 3756 wrote to memory of 4112	3756	chrome.exe	96
PID 3756 wrote to memory of 4112	3756	chrome.exe	96

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\feeshes.png
1⤵
PID:1460

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8f8079758,0x7ff8f8079768,0x7ff8f8079778
  2⤵
  PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2096 --field-trial-handle=2080,i,3892804627908543097,16450753508020149015,131072 /prefetch:8
  2⤵
  PID:4112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=2080,i,3892804627908543097,16450753508020149015,131072 /prefetch:8
  2⤵
  PID:1836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 --field-trial-handle=2080,i,3892804627908543097,16450753508020149015,131072 /prefetch:2
  2⤵
  PID:2164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3076 --field-trial-handle=2080,i,3892804627908543097,16450753508020149015,131072 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3108 --field-trial-handle=2080,i,3892804627908543097,16450753508020149015,131072 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4716 --field-trial-handle=2080,i,3892804627908543097,16450753508020149015,131072 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 --field-trial-handle=2080,i,3892804627908543097,16450753508020149015,131072 /prefetch:8
  2⤵
  PID:3620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5224 --field-trial-handle=2080,i,3892804627908543097,16450753508020149015,131072 /prefetch:8
  2⤵
  PID:2988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 --field-trial-handle=2080,i,3892804627908543097,16450753508020149015,131072 /prefetch:8
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2556 --field-trial-handle=2080,i,3892804627908543097,16450753508020149015,131072 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3464 --field-trial-handle=2080,i,3892804627908543097,16450753508020149015,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1652 --field-trial-handle=2080,i,3892804627908543097,16450753508020149015,131072 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3876 --field-trial-handle=2080,i,3892804627908543097,16450753508020149015,131072 /prefetch:8
  2⤵
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1072 --field-trial-handle=2080,i,3892804627908543097,16450753508020149015,131072 /prefetch:1
  2⤵
  PID:3020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3220 --field-trial-handle=2080,i,3892804627908543097,16450753508020149015,131072 /prefetch:1
  2⤵
  PID:3956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 --field-trial-handle=2080,i,3892804627908543097,16450753508020149015,131072 /prefetch:8
  2⤵
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5016 --field-trial-handle=2080,i,3892804627908543097,16450753508020149015,131072 /prefetch:1
  2⤵
  PID:3364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5248 --field-trial-handle=2080,i,3892804627908543097,16450753508020149015,131072 /prefetch:1
  2⤵
  PID:1808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=956 --field-trial-handle=2080,i,3892804627908543097,16450753508020149015,131072 /prefetch:1
  2⤵
  PID:2992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3236 --field-trial-handle=2080,i,3892804627908543097,16450753508020149015,131072 /prefetch:8
  2⤵
  PID:3112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3944 --field-trial-handle=2080,i,3892804627908543097,16450753508020149015,131072 /prefetch:8
  2⤵
  PID:4608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 --field-trial-handle=2080,i,3892804627908543097,16450753508020149015,131072 /prefetch:8
  2⤵
  PID:4576
- C:\Program Files\7-Zip\7zFM.exe
  "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Virus Maker.rar"
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  PID:2116
- - C:\Windows\system32\NOTEPAD.EXE
    "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\7zO44807D1D\readme.txt
    3⤵
    - Opens file in notepad (likely ransom note)
    PID:2796
- - C:\Windows\system32\NOTEPAD.EXE
    "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\7zO448C00EE\readme.txt
    3⤵
    - Opens file in notepad (likely ransom note)
    PID:1164

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2184

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1516

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Virus Maker.rar"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:3952

C:\Windows\system32\notepad.exe
"C:\Windows\system32\notepad.exe"
1⤵
PID:1736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
194KB

MD5
ac84f1282f8542dee07f8a1af421f2a7

SHA1
261885284826281a99ff982428a765be30de9029

SHA256
193b8f571f3fd65b98dc39601431ff6e91ade5f90ee7790bfc1fba8f7580a4b0

SHA512
9f4f58ab43ddadad903cea3454d79b99a750f05e4d850de5f25371d5bec16fc312015a875b8f418154f1124c400ae1c82e2efd862870cd35c3f0961426c8cd82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
316KB

MD5
d200ec4b60c5dd476be1cb4a0257888e

SHA1
8d86f57e17cfcdffa71b89ffb22bcbce89564b8a

SHA256
1ccf0d08dc5e73f647c87b9e589465970a4d60869d4b5d9baa17186c9ec21630

SHA512
04aa3b51ce7789099e41aa53806b1dc653d310a4b0acc8d98d1c8476bd9e483c3bd62e581454dbfdd8a9eafa944c03e757571298454c9934dddd1a8a81d45478

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
128KB

MD5
f418950ea2cb8c83174c2a7bb5662362

SHA1
414d2668a97d6031219846986b1ce978830bb5ea

SHA256
cabbd26f6fa4e941f6d680a9d997b097cb45ed1e8503b24e648bae19815322fd

SHA512
b348854f94d582a96cae974550370752c1aed64fb3f6020c768cdcba77069c6e18e650585a64105ffe0f68c633501d974ea267b4d3e7f2061406361e5bf55539

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
74KB

MD5
3fbdd6cbe2fbf9d9702e1d54881b0722

SHA1
51fd04aaf9b010c615808d1b4bde2135bf42320b

SHA256
6601f0c23e89092b8312ae70262f31f0b33022b009cc8d97b6fcdab4d0525a8b

SHA512
da8ac5755e55857d9b5765cf844838da6fd7c42d218cec892433449e3b5109c36b676abf44e5ba1062faa332719a9f5caca89a694878965c03bf2c8844cde4e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
40KB

MD5
d2d0c427f1d093c36a9fd6751a9a9d61

SHA1
dbd596ab1f2256ed3e3816be5eeb75d34f38f821

SHA256
b37bce0e0f504a7b54d3a01007169d4126c2a401be8f93afe35f665e62c3e34f

SHA512
b8418e074df9619ae62461b5c42fcc42d2ffb8b099e09ec0271bb481f8e1ad8d7655fd5149d8abdbce1d35226029f200623574946d6223df1c9c14c7824d63ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000033

Filesize
128KB

MD5
24eb70e4ec14268a7360c838a487af25

SHA1
e0205bfe631a4ced26278ee84bc27c681fc0bcbc

SHA256
42f641685c9faa96dfd0fe9b98e63a92353c2a8d153293c75d634a4a99c34993

SHA512
39b6e673fb5c8c300327dd8452cebcc0f267aedc97ff4be208e9351c6803fa35fe8e740a3575cd035bfbde063e6ad68fd356b21db9194c33e8b9a1c2d6882c78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
b92fdf65c44bbf23d775ce0e65eca6e6

SHA1
7cef42d10f1d3929612f31065b23bf216934540a

SHA256
9e9948e2caa1d3d9fbdc0d599bd9bc331b3a9d8fae161ee70424563d6237a98f

SHA512
50e0126094e051adc0a8a518f8cc442575e50828e381f3980d57022aff5015bb8ab9c9f81dad02dd99e6d917da3ee0738276aeac361e7f5a3c66fc690c424194

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
5f75f541a4b90f992f5b6d95599016e8

SHA1
ce2402b0c38d8d38717a708e9da6993174155b9a

SHA256
6cc4c6394272c5502469a34df8093fe8b98911b2576f25180788748cc1956d66

SHA512
7ec1174bad4f29da3556072000191893b0fa70aaba8c72feb866bbd80b963db1495d576b486159ff8a0edb3a260edea1184d9b7846ea9e2751eb1092f12d8045

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
806e7d62d5f1b8886d687adcdf5b7e56

SHA1
7ecb11b46054078749a061fc864dd38d18d8b3ce

SHA256
b7b525ce50b7fdfb37ff1101458ce9d83db6f859d3bec4aeec2836a783140357

SHA512
e6dd5f4d215ce90f04bd3a3cce31540f436dc6aa44dca4104ff33b947a93580c208c0fd7ab6745d5c82c60a6704019a1af70e7ff8687d026046139a5f3298a27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
6f7aae9a0f97c0c9182fa6ec70bc2cf3

SHA1
b2ed123716b0613deb9af254e608f4c67ec15bc9

SHA256
d28f4277f7b52ce1a63bab247dbec4ddcd3a721c34160c3ef0af4ec845577e02

SHA512
dd2bb774245ef8710f3701c9ec779df70cd114a1f631a3036143cc48754e4bf2b4223fb08e1456ba3d9d49d4b71fe4e66b3542dcb3a12a198fd1acc21f0f3926

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
956abb210207b5b9dec82c645f58046b

SHA1
6867f0054712b543b450d83bb7660a9a7d416f3e

SHA256
2d43b584cb02980d3bf416c1abfb0efc03aee58259c98c339690cd95d60428c1

SHA512
e989e1c65c29e81d87ae60e75e4ed01d45de8f399435fdc0421557d2c07fc7d3d222b86da5a11d0bee340e0ad25a9e2d513502d5f682d13d87f24c1cef9489a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\1f972ef4-9358-45d3-a505-4bec54290f15.tmp

Filesize
2KB

MD5
904d515db3958234cbfc8bed0d86b66b

SHA1
777dc7017d941b03d90692a5a592a82884ea2ebc

SHA256
389070340a73a68ad13916460df45fe088be829580d7dcfdb06804e43b6239be

SHA512
52cd6b76728d3e5626449b568045f128cd71d58f320aad77a09d81a2acb82324465fd2892b283f8661581c02f78815ad479641431ec987e9fb92e93c3e10d490

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
fd329c06b8ac6985cd3a30ffe6062abd

SHA1
02a5f98b2df2b36f99ef9b9e3630f06123d01a70

SHA256
746cc09ef25f01c3861d374dedb92e8ccc2a55576d03dc0161c19269d54f2eaf

SHA512
a9b7d77c4c742fa44076d78b5b614a75ec26f2fedc915f3fd2eafa90211eed0fd62e00ea601493f930255cd255d2986fda790b5768275a8098f571e2b60f39e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
2ea4ddf7c07dcdbff28332a62966ba57

SHA1
b0d2182747f24d4edb89e69fa82ed36005a1bd00

SHA256
1af5d219893cc7a9cec5871a17875699b4e5fe5f1b4b9ddb90b9b803428b096f

SHA512
96d3bc1cfa9e3fc890ddc9132a18972ace72966567d8d9c485cb463ba06e5eee66d6b1c87552b9ee94e0c5b9a5ad7d417963f5437e8476add03bc56cecac9d08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
4125a6cc1e62d0f28ec2d541f75029c8

SHA1
eea8506e5e9595643875aad0ac98322b114d2c87

SHA256
374b36fb022933c911460c30a8bdfe93dae00ea72fa7d4bfe8431c82a2ba2a11

SHA512
545384283307e5365a1b25a5ded79ef974f2081d5beaaf7b8f077b6f0aec738b2b963ce5c9ee77eae2fefedb72b4f7270b7284a2e3c3981fd8a50eb484ec5d38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
4c1c94e87a4205ffb0079b79b302a262

SHA1
1efba1c9bb83e36c2b705c20c5f6f8ddabcbe825

SHA256
f3332a257685db85d81bb77aa25f15ca2c1fb9e58487ae7e86a682f1f270924b

SHA512
64aef5aef8de6728cfbf46e0e36e7cc84ec78fe0b035838d5eba8b02d3f3d52bf903efc5874ea9006381c3e359dc4e7bb4643a33bbc804810e40c6de67f09839

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
1e4fd62a39fc5fed0e68b06feb39d51b

SHA1
116354b1dfdca5d6774b6d450162918d2b2b0344

SHA256
a52a0373eb207b352176c1c378254f7fae363cb1dcd51ace4ff408e57ef34ce9

SHA512
3eeadee89f3f3ca77d7ae6acc2036fd7d5b7797c33bf1bef695ffb02a524372fc522f91559833b368a677262e2a1da2da10b9c625562a06e94bdd0cbbcc87b2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
ec79d938a16c96e46bc1cb75dd9cd705

SHA1
1599425d7b25ff90dad2666dfb189542d994c50c

SHA256
333a6ddee981abe3b36323305e33fdd9734a6ec15644def1269816ee68a8ece7

SHA512
9efcf297f553d551cba20e0801a5be8e536f7ba921f3703a73610b54458286f0f8020f2f7107b04afcb0e3a5d27c8bd3f872c850b5cfc9b9bb1cd55c22a9ccf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
289d9875abcaa3ff0b639aa7088d482a

SHA1
9011489df8d2deb0798f4b86b986d55f67840f3a

SHA256
fffe8cea5b139feafe16c69dd550949d098c00db8a2d22a95624f9d68742c1b7

SHA512
b760f566338f145b2f5bcf5dc03a782324d45ca7fe02bce4bb2815146578279e3fa6d146a0a1f3fb31e088e9986f53008d1e28b34bf4cb44f14774c1b90c02a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
2c1ad839a61fbcb28bc7322f4b83c568

SHA1
7a05b178a1f69ed39cd8a3aded7c4fd8a383d206

SHA256
5828fc4ef12e45dab857174b5becf061d03303c875e76a6907b42cfeb9b49495

SHA512
8a4eae2e97f21d0e713ddf54ffbbf8af38a2d9d2e05c3013863ffcafef6ad9941d8e404bee52f4c791a4c0b40097f5cf46825c833a2c2fbdc3c3bcaf4473464f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
d2ab748903316efa1ef2c0c80c2ecd39

SHA1
6a87a028ad3be9ad4f0d778491dd1bd57ae74408

SHA256
f52da3f37ea88fb3ddb274d381bc2acfa59774b95b9cef6107ac6a82018f5d77

SHA512
c18401cca62783ca8f6eba1da77e4830476751d5bfb82cfcf24a97698cd16ac6ed7f5a211b0fd219783c6739090f44b056311273ceeb842ed274917ef8b4d8dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
d41463a2408d8f3c5e93e08420eba325

SHA1
97c5db395ab4a455e1ba14463e592e30615e5e73

SHA256
2be980dc60517b6eccb09846a876250963e5c8f15e43def874e1d98f530060f9

SHA512
08b1b400c0b7691106cb656f629a858a00e568602cf5878617e72e3d397e1c17b154a2e4f7d9dbf69ff6131533798a45aecfda3e780e5d1e921ce78ec8297d27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
50557b1bae0ba5e0997a263b2cd97bae

SHA1
27218a4639882503a19efda87d35d957a76958db

SHA256
38a3c504121141f4d73e3e1d0cbc28c6c348452100fc4e8fcf50ecd16e3f172c

SHA512
c278b5842713fae49482e4c49994db62de14a6fc09acdcc1db73ecdd023dcbae0194ca8659a8ecde71baca08bbc9a693bbde05b8ed1783674b84a95bcd7a932e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
cd93ea4ec0f84d2f4ec3d76499f3d140

SHA1
1b8cc16ad3a82fb4c564adc418060d2c0609ea46

SHA256
173176d61c43b893d9c4ab5fdbda0268b0a360e2369cc44e88728c9cc5b56a20

SHA512
963476f7ad496c1594425f8142c26827686fb26c2b2e6786984b9561bb41105c2990e5c975882c422c1c96676c5bf19664127205631006ddd8eacf3d049fd14b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
351573a1db86700f8f9370fd3b488853

SHA1
ae13b6f1090ee06d9f6a0a8811e2a8f420f759c5

SHA256
f5e075052388fe7083c84435814a86312bdcc43ed054ab995ca6a4d678d5ba31

SHA512
a74d854a6de6ab5c80e8633cfe3ad7e8e658078729cac7511e6456e3ff41694a0bec440cbc384383e1edbc9e8d8d022b4fc7cca5779e9733578eea31df2c535a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e04a2ba6940196a003a38fa4efe68e91

SHA1
0cfc33340d1eddcbc761a8f59ca3b32cb2516078

SHA256
44d0417986dda46bf15dd27ea7ebccc160b6f7b8e2b0c0a5ce074999276ea241

SHA512
16cbd441fe180d023929dc8e80f539e0087738abb9286a7e8f2eab876343a41a66646a14590c07f0629316c3e07fdcd7cb5068089c9fcf395f859a57a5419f60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c507a9f296222f839f7488e6fe843dd5

SHA1
546637d7f93d46e51410cb6ab0e1e8b38d1d44b9

SHA256
6f38d6341105dc5931a8533e44afffcdd5904461a02edb067034c0ed48fbc2c0

SHA512
125031f391670ba7531372d5dc02a3dd9673a661ec74e59755a3bde445ca89a0469e0094ea2f540baaf6802c06101d81c904be671cfdcd4b6e4df5791f0dabbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a1ffed0162ff125924fc2e5beef23124

SHA1
b8c2ac2f29aa51ed96119fc6556be2a1bc8541c2

SHA256
90734dbca1442648d032a1037fa782921016a766c7a9d1a9f1d28f4c5d784d03

SHA512
6608174fd9bc6062a984d7c2b9104c2e9fb2ba17c39796f32f1d66b07bd9956506a3156389a1f501b0c11339ccf7acee2d7dd508fc3ac1f0a88721f8c96fe0b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
5784aff2ea5fe9dd564b81f560adeed8

SHA1
b308ffc9441c2516b9b0fc29122264c1f90ecdb9

SHA256
e3ca6af4b08e73348427f446457ce0fe53b5b25a5a330e6c98e7886c51432f26

SHA512
b12ed6012ac80e201ae30c041ca19e45ed0c7fad3633fcdfcbbe23644f5267b3427ff0aff68a42b4037fbc48e2ecf5839f0799ee1ebd305e55d219f0df6e2d19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
cb7e5827db9dfc01ff994c4d64a5f80f

SHA1
939b850d64091360e5ade760dd5e6c901d47966a

SHA256
4332e139d39d413a7bfe0c6bc4f69bc69411b3ca9cc4395bcf5f0d41b538c341

SHA512
b0ab73d44e6348854d0c6df899ef59789be8c85cc2942b623f05e0627dc75360d0e44f9bdd97d6ab68b3027302ef3e3d00dda5d63a710519342d57559de02bfe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
bbf39974561a5d53805a21c17a9baad6

SHA1
151e6eb22ed6304ec274434db7c0db178a82b9e1

SHA256
0e92fa464fed04d9fac8fe111061e90c6ed4b768a1852a5532d6b52ef7e109d9

SHA512
2bceabf51c21e187c813f8ecd176d408e08fdc880aefc82f0c5890af7123b4e8e6bc383a31191617e4700e410fc4947f26dae6bfd3ccd40eaba66153c9f2cc18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
55b78cf0ae96b91f5107be434831d662

SHA1
833ac0e6f14da65139b94be2c6a7d5e457bfc41f

SHA256
9a0049035899fde00e6b62568a55fce69f4174d9914a580087e24b2e4a7d00fb

SHA512
e5e315d85406fbf0df50dd653ebadf30497a3e3fedb05a9e7abc0e1fd63f83bfaf996a80415675ed93e5da837bc3f67834b5d0b66aa91a527600dbf4285ac576

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
393a4764bdf403c2b3054728b63e853b

SHA1
ab47125e6c20d58538b8bd91bdcb5d012cc52c08

SHA256
3d38546123a49405d90eb731900bf2f2ceb9880ef913b5544796bc2a380249b5

SHA512
77091477cb598fe50eb653082ee49b2bb18ae0a0f82dee3efad357d10f423b321fa3f16b20c9df1a2e94e8b99918c898e1bdc61e437ffddc6dad83d2f61caa23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f9bda20ac6bb70be0beb47f9c2c39fb2

SHA1
0976ce8bf28b614ffcc9590eae5f81c478cfb21d

SHA256
55db18b19ccda1166461ce8247a1b6a45d753efc185f81dccac6023878debdd7

SHA512
3d836c2a1a2ef6e13c9513343ee03e0e6f4cbe9a0769cd6f739c35c565bfbdced1ef12568c45361d9cbc674bcf7be2cb85bf296d36c225ff9a30817b0734fa88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
a3747f8668c7ccb591022649cffafc71

SHA1
dc37e9fb4d39e7ad45a5b6d5c6582966aae5dc04

SHA256
33fe55b594c1788a89497ba52871c54eacbfd2e502b5759e7d8a30f1d5a7a29c

SHA512
1a3515b2abc8642f15e779119e12f73312e71bc9cdde1a97bfbb03827c78ef0f1b84ea7177939b8842f83487ebb44151f3a2da919676a29541e97855caf1af8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
240KB

MD5
b8f11138c309c22bc52f928a495da6b4

SHA1
e0ae7588ca3338103efe0669291694985972cc13

SHA256
1a539ce3cff3aaee86333e78a26b080d50bc06bcc7efcdff0d913aa312a57f4e

SHA512
20ef19586708645ce14d8d6592b02734867320c0eae5896e05542ef787cd097298ff59dc92930865ec77e20088536244e83abfdd7d6c5bd271b7621f346130b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
240KB

MD5
51aa5da959340f4693d6e5b2020aa89b

SHA1
13bd80fdd15d2ee8d2ddecab67cfaeeaa2c34b7e

SHA256
c089f80cbb15621feb8b5e3a62f7a023b007891f6b77456af9ebc2a8646061f0

SHA512
838aa1df49952cc63a67f209571a9257a8ef8ef4666da7d5b8b88411298e78132706063cce1964092f13afc4743b81786edc7fbd0f1c19020e54f8a390814a20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
d7313c9e29127d510df59b0686a577fe

SHA1
cd5384040fe71dc3c1b04e72c49859cdf6dcf870

SHA256
1175f67d0c4b12077848c0f31a8df4a803ce2d3857383be84c22fe038cc7c266

SHA512
99bca421857aec9d9e6151d416f8fc355aabb0c661af55bfc3339bad7a24337a7f2d1a1c522847ba0eddc452250cc76d9acf7400d27b00e57d5187fc0440a45d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
114KB

MD5
df5108dbbc7b579179f6d8265698c5d0

SHA1
e4ee349ac37a10e47bf58f5fb6411f467eb5f731

SHA256
45bf4f7070897fa73857c7a7bc433508ecaa4a56b9457c7c2e5c4cd5cf937e25

SHA512
761e2881ab3f01a2a3c700f9d2bf77fdb32b502b6e6ba7f0422be7f5927999409140abbb83ccb82f9f85c83b41329c953ac8e6d37a784c931dbb90ce7114f83f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
b9971578120711708b6a2433382c5e78

SHA1
59bebed8e7bb380a193347b439224f902378f7bf

SHA256
a63fce944a1aca96497173ad7c9b4eca5c283447709ed927cb6d6abcc2fbd403

SHA512
1779d686b2503a257f948af568741117b1ec731c5e5b9c9ea22cd3b0f843b9b2927a65afce11292e5473094983a1185c4749041e3dad976bdc7f20f4a05295ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5b495a.TMP

Filesize
98KB

MD5
9231952cd2b92a9dd969c36ed64f6cd9

SHA1
2458bee87210df6f491108fc11545a8fcf591fa4

SHA256
47237e99fd68a063a975282dc163d65f56899302bb670e2fcb8f566a001dc1b4

SHA512
c9e2eaa99571735f896875fa4d9ebb8f7ba70dda3d29ec492003e29b4e2b6aa7a70724164a19b8de644c013c27e79879b32e99c71d9373d2745078fa5eeed963

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO44807D1D\readme.txt

Filesize
19B

MD5
25cacb7c8b102e2ad4658121bdd2459e

SHA1
7b5ed8c98f3e04774aa20de108d2b5e3ffcada8a

SHA256
ec059872ca0ab2a183c1e5539e76f926605ae2e7a60ced5247e5f0f72465d971

SHA512
747c6cef1744f1aba9c74b5573e21807225ee8ed7ac9229ae551f37e6d577b9875e3ce8a2991cbeac1e2ef5f1fb768d50deabb5fa5eaa0180a406d2c246956f5

Download Submit
C:\Users\Admin\Downloads\Virus Maker.rar.crdownload

Filesize
82KB

MD5
d1f61793e7898df4b27e3345764ceca8

SHA1
f03b91146aeaf753b565620a022a238830ed56d4

SHA256
d32f3a860b863d38f117c2e7efcaa6909583d418f8578b526a7ed0153529644b

SHA512
6491767f6db68886d000b173306377f3b0bf2d6db765ce4c14139c9ad09fa44e6cb75489f3858e45c4000333d2ad517721f81cc48e94de25c75c17cac36bb617

Download Submit