Analysis

  • max time kernel
    600s
  • max time network
    564s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-03-2024 16:03

General

  • Target

    https://mega.nz/file/AOUgkC7T#scMCKBs4QT6rfXVCW9zlLSED022HWEQbjYlx3Ibk1x8

Score
10/10

Malware Config

Signatures

  • Detect Umbral payload 1 IoCs
  • Umbral

    Umbral stealer is an opensource moduler stealer written in C#.

  • Checks SCSI registry key(s) 3 TTPs 6 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 18 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://mega.nz/file/AOUgkC7T#scMCKBs4QT6rfXVCW9zlLSED022HWEQbjYlx3Ibk1x8
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:928
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb19309758,0x7ffb19309768,0x7ffb19309778
      2⤵
        PID:4936
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1704 --field-trial-handle=1884,i,14630147934982243541,6778526556259778319,131072 /prefetch:2
        2⤵
          PID:3108
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1884,i,14630147934982243541,6778526556259778319,131072 /prefetch:8
          2⤵
            PID:2356
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2196 --field-trial-handle=1884,i,14630147934982243541,6778526556259778319,131072 /prefetch:8
            2⤵
              PID:224
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3028 --field-trial-handle=1884,i,14630147934982243541,6778526556259778319,131072 /prefetch:1
              2⤵
                PID:4468
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3048 --field-trial-handle=1884,i,14630147934982243541,6778526556259778319,131072 /prefetch:1
                2⤵
                  PID:4768
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5052 --field-trial-handle=1884,i,14630147934982243541,6778526556259778319,131072 /prefetch:8
                  2⤵
                    PID:1088
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 --field-trial-handle=1884,i,14630147934982243541,6778526556259778319,131072 /prefetch:8
                    2⤵
                      PID:4512
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5192 --field-trial-handle=1884,i,14630147934982243541,6778526556259778319,131072 /prefetch:8
                      2⤵
                        PID:2760
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 --field-trial-handle=1884,i,14630147934982243541,6778526556259778319,131072 /prefetch:8
                        2⤵
                          PID:512
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 --field-trial-handle=1884,i,14630147934982243541,6778526556259778319,131072 /prefetch:8
                          2⤵
                            PID:3372
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1876 --field-trial-handle=1884,i,14630147934982243541,6778526556259778319,131072 /prefetch:8
                            2⤵
                              PID:400
                          • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                            "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                            1⤵
                              PID:2492
                            • C:\Windows\system32\AUDIODG.EXE
                              C:\Windows\system32\AUDIODG.EXE 0x300 0x470
                              1⤵
                                PID:3616
                              • C:\Windows\System32\rundll32.exe
                                C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                1⤵
                                  PID:4216
                                • C:\Windows\system32\OpenWith.exe
                                  C:\Windows\system32\OpenWith.exe -Embedding
                                  1⤵
                                  • Modifies registry class
                                  • Suspicious behavior: GetForegroundWindowSpam
                                  • Suspicious use of SetWindowsHookEx
                                  PID:2456
                                  • C:\Windows\system32\NOTEPAD.EXE
                                    "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_BTC Flasher.zip\README.md
                                    2⤵
                                      PID:3812
                                  • C:\Windows\system32\OpenWith.exe
                                    C:\Windows\system32\OpenWith.exe -Embedding
                                    1⤵
                                    • Modifies registry class
                                    • Suspicious use of SetWindowsHookEx
                                    PID:3968
                                  • C:\Users\Admin\Downloads\BTC Flasher\BTC Flasher.exe
                                    "C:\Users\Admin\Downloads\BTC Flasher\BTC Flasher.exe"
                                    1⤵
                                      PID:1704
                                      • C:\Windows\System32\Wbem\wmic.exe
                                        "wmic.exe" csproduct get uuid
                                        2⤵
                                          PID:4288
                                      • C:\Windows\system32\taskmgr.exe
                                        "C:\Windows\system32\taskmgr.exe" /4
                                        1⤵
                                        • Checks SCSI registry key(s)
                                        • Suspicious behavior: EnumeratesProcesses
                                        • Suspicious behavior: GetForegroundWindowSpam
                                        • Suspicious use of FindShellTrayWindow
                                        • Suspicious use of SendNotifyMessage
                                        PID:3980
                                      • C:\Users\Admin\Downloads\BTC Flasher\BTC Flasher.exe
                                        "C:\Users\Admin\Downloads\BTC Flasher\BTC Flasher.exe"
                                        1⤵
                                          PID:2832
                                          • C:\Windows\System32\Wbem\wmic.exe
                                            "wmic.exe" csproduct get uuid
                                            2⤵
                                              PID:2612
                                          • C:\Users\Admin\Downloads\BTC Flasher\BTC Flasher.exe
                                            "C:\Users\Admin\Downloads\BTC Flasher\BTC Flasher.exe"
                                            1⤵
                                              PID:3216
                                              • C:\Windows\System32\Wbem\wmic.exe
                                                "wmic.exe" csproduct get uuid
                                                2⤵
                                                  PID:1632
                                              • C:\Windows\system32\taskmgr.exe
                                                "C:\Windows\system32\taskmgr.exe" /4
                                                1⤵
                                                • Checks SCSI registry key(s)
                                                • Suspicious behavior: EnumeratesProcesses
                                                • Suspicious use of FindShellTrayWindow
                                                • Suspicious use of SendNotifyMessage
                                                PID:3176
                                              • C:\Windows\system32\NOTEPAD.EXE
                                                "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\BTC Flasher\Time.txt
                                                1⤵
                                                  PID:4988
                                                • C:\Windows\system32\NOTEPAD.EXE
                                                  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\BTC Flasher\Amount.txt
                                                  1⤵
                                                    PID:3864

                                                  Network

                                                  MITRE ATT&CK Enterprise v15

                                                  Replay Monitor

                                                  Loading Replay Monitor...

                                                  Downloads

                                                  • C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

                                                    Filesize

                                                    64KB

                                                    MD5

                                                    d2fb266b97caff2086bf0fa74eddb6b2

                                                    SHA1

                                                    2f0061ce9c51b5b4fbab76b37fc6a540be7f805d

                                                    SHA256

                                                    b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a

                                                    SHA512

                                                    c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8

                                                  • C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

                                                    Filesize

                                                    4B

                                                    MD5

                                                    f49655f856acb8884cc0ace29216f511

                                                    SHA1

                                                    cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

                                                    SHA256

                                                    7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

                                                    SHA512

                                                    599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

                                                  • C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

                                                    Filesize

                                                    944B

                                                    MD5

                                                    6bd369f7c74a28194c991ed1404da30f

                                                    SHA1

                                                    0f8e3f8ab822c9374409fe399b6bfe5d68cbd643

                                                    SHA256

                                                    878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d

                                                    SHA512

                                                    8fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                    Filesize

                                                    72B

                                                    MD5

                                                    2a76e103b3e1d50aa12f10ba4f21329b

                                                    SHA1

                                                    ce9281d83912020e7cc24a32a65873594cfa93b8

                                                    SHA256

                                                    0379735e18cadaf931360785b59959f2f654121818d5ccff4b30cdca86ba7a4e

                                                    SHA512

                                                    1d6fda2fa7e4f77148af5648547b13cbe232d30c3c5e3016e2f203ed9679a2e74aa27314f0b8e3599995b25a936d7aac7fbab0c40f1d80461bceabdf95f1691a

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\MANIFEST-000001

                                                    Filesize

                                                    41B

                                                    MD5

                                                    5af87dfd673ba2115e2fcf5cfdb727ab

                                                    SHA1

                                                    d5b5bbf396dc291274584ef71f444f420b6056f1

                                                    SHA256

                                                    f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                                    SHA512

                                                    de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

                                                    Filesize

                                                    16B

                                                    MD5

                                                    46295cac801e5d4857d09837238a6394

                                                    SHA1

                                                    44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                    SHA256

                                                    0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                    SHA512

                                                    8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                    Filesize

                                                    962B

                                                    MD5

                                                    4397d8e2e4e3be762c5d354fd4cedad9

                                                    SHA1

                                                    c478c70974db4c95344a5aa808e2fb12454117b4

                                                    SHA256

                                                    6731fb611b1c4cf0b13fcf9cf4fbdb90da1f9e9ab67e039700182c50ec2760e9

                                                    SHA512

                                                    e050bafbaf650d44e00a1cf402296534250243534e5bb0f62b179aed0e3cfab05f261d70b4509f8b8d2f84c4f2f885ad560dcda2926a5edcae4dc89b52dbcf1e

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                    Filesize

                                                    538B

                                                    MD5

                                                    13e045aaa44ad960ade9f7443e741d8e

                                                    SHA1

                                                    3ca221e996411ae02d431c9fb90595b3f280bdc7

                                                    SHA256

                                                    cff88865a453f628bc0a40c71ca22fdec9a1068872d4806df170849d9880c30c

                                                    SHA512

                                                    0a5090a248b9e2b124c53a5b79006395afe589063a0a2c5cb425d3a8c420e621d38834f51125d7b84fde0817d1d1b2e964c31be8c920f3a3f493ebe993d1e852

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                    Filesize

                                                    6KB

                                                    MD5

                                                    672b2841b9237adf24e63c0f239319d2

                                                    SHA1

                                                    d5d57e0a8b1ab7523de2a2c30399c31e630f13ad

                                                    SHA256

                                                    e98bf3b746b9e5c94756fdc153274e0e8e154f2f6b7193f8ff5df5d6eef54600

                                                    SHA512

                                                    65fcb988ee3706fa51afceab4fab08c529add877d197eb08a21a8a1be92c71d1bf64f00e65c51a671c8b8c61d719f6057ae39791fd53697ed31e02314516ac50

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                    Filesize

                                                    7KB

                                                    MD5

                                                    f45800ce1491197000c2219877aa70ff

                                                    SHA1

                                                    063b364c7935c46663ad9d138873dd596d466e9e

                                                    SHA256

                                                    eb14496dbdc324869da597ddcabcab66a9cfab6a8278ee9f203c313711fa52d2

                                                    SHA512

                                                    5298c794d42334ab83631d90009887f6e031bac3dc248ced3b94a96df5c3566b03bd474e5e3aa74efca4d45d3a6b38a655cf704b78c4044b8759ff4b70176032

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                    Filesize

                                                    6KB

                                                    MD5

                                                    36adb0aaa6adbe025392318c0f0121cb

                                                    SHA1

                                                    904629c1e36f5b02090ba5057d2e4326e301980f

                                                    SHA256

                                                    5c829e9b606486a15cfd220e5f575d12de43ae9d23d34766eb1694dfa94022c1

                                                    SHA512

                                                    34fcf55e9d3ab6cd81a5fc01c12e21e32e0b5a0d96947f46ae80965bb877c13b9e6725c83e7c66b61067ed056ad4606c41b43e55d7bd8038f48130537609d573

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                                    Filesize

                                                    72B

                                                    MD5

                                                    8893db548e6bfd5cf56d63efcf6b4c2c

                                                    SHA1

                                                    0a05a435790dbe4fbc078e5caa2c5445b05e9e03

                                                    SHA256

                                                    55cb67b7ac0acbf20d1c205ad93c8bf76db7029f91524d4ca2aa62d3e8dffdc1

                                                    SHA512

                                                    4e89daaa9c29ffe8f37b36bd30f73d3315a0ab6b9a6b8afb2a2c3061d2191874d4df112713437695965b8d9f5b784e45664b475c7dcb5905bf4309efef417495

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe578bf4.TMP

                                                    Filesize

                                                    48B

                                                    MD5

                                                    208d3f9b1478574665f7f677d286d6a1

                                                    SHA1

                                                    2bc57c6b94e9606694320518d41a1cdca336d24e

                                                    SHA256

                                                    23cd71bf9d84081031f1345abcaf7a2fae045d4eda6d39a8749145fbd81d737c

                                                    SHA512

                                                    84d12298b75a5b701399ec99d66cff039e2e00c6abb7ac5c3332072480e29a50a46d6ac4583494c9d23aca6ed50c978bb49903bdfa078d88c37b3fe9214e065f

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                    Filesize

                                                    128KB

                                                    MD5

                                                    cba4377865add2947fa6d9bb94a98abe

                                                    SHA1

                                                    785259c0dea28b499734ed9d393f430dcf24d546

                                                    SHA256

                                                    9190e5424f13e4b9f30e7f21d42bd91b0e466c075df47ec4af985be489e256cc

                                                    SHA512

                                                    b4a1cd3ae021a1b4c20763690ebec377dd238929e64ec01d92d2b6be4031406a5021d24d11863ad2ee12ce76cb10df2a186bc576f3d3e3597b67a65a7e04dcde

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                    Filesize

                                                    128KB

                                                    MD5

                                                    40a16a785a9a8be99eb50c6e4d4c34a0

                                                    SHA1

                                                    75b00038bc15c1ad34e7b18081e38f979fa82027

                                                    SHA256

                                                    6427f9d3400f7ab0cd4dee31d285c2cfcafa027a3680791b0cdcd9a6f9b8c21d

                                                    SHA512

                                                    79096c08b202bf69eb23161bc40cdc94268ab4cb4b79cf18a9e93b9b84aea7c09ba3d3e9d7e3beee6f8bcbf2bfb453c42bf77a182b93c0cd65be20cb19ea975e

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                    Filesize

                                                    107KB

                                                    MD5

                                                    7d559be6b84840b28cd590855f7fd287

                                                    SHA1

                                                    f35369618ee423b07144662ca4278c8c4ffed01a

                                                    SHA256

                                                    4c95a7ce5c5da2980a6bdbb5914f7f7fd3ca66397bc24b149d6ee361cc0b2987

                                                    SHA512

                                                    dd164457d926fd20272608f8557fcbea6ac8e301d9dd18e8697ade878cd5d15cdda894dd17b2d7833cce4f44dd9e400559428a47599705372f0d9b2a9b251010

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                    Filesize

                                                    110KB

                                                    MD5

                                                    3c85327e83a6697ccbc0feabadc1848d

                                                    SHA1

                                                    91b3bb4f453a39a23743499f8d05e03b6853aab4

                                                    SHA256

                                                    7924386fc4029f161e3e98abf39bb70b5eb6c6d5ac09a0ecaeaedf10ef98f003

                                                    SHA512

                                                    e75a04c3bb5544140cb1fc58924bac85cf58a727ee6eebe53f43f724d20fe1b781043c8b9bb410658e8d58debdb54ee0c8eb3d3c780b0facbab87b5c38d3e2fa

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57e33c.TMP

                                                    Filesize

                                                    101KB

                                                    MD5

                                                    bfa16c75247b47a431bf5a3bd5358dfd

                                                    SHA1

                                                    335909cadc529768c2c41511db1ab8283a762b1b

                                                    SHA256

                                                    cd8a150358dcb4099be94f06e146494c2330bc4b1760d521619c1d5f3c65035f

                                                    SHA512

                                                    e5899fefe380ab047af195b566722086b6655f5acf3867c3361bdffd11256eb85e8804a722ea727491c351ffb6f69f400c1c11d0eaf3dbaf607164460e0cde71

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

                                                    Filesize

                                                    264KB

                                                    MD5

                                                    862301ffa6b97bffa8ccfbb5afc1b5df

                                                    SHA1

                                                    4e7612bad606b5baa2e675fe0289c98d105fcbf9

                                                    SHA256

                                                    1734a84e01ef41217123e0e75fa87751cfcbaefd666ee2e8ed989887603438a8

                                                    SHA512

                                                    935bfafcb17f0e99ed4ace017c1b452b0b08aef8dfd5f75237b713d4e0d39ae8b71620813b4f8ebaae741e9cb9b7d73f27c02aeebfcffd40ff1e8cfafa25b9a8

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                                                    Filesize

                                                    2B

                                                    MD5

                                                    99914b932bd37a50b983c5e7c90ae93b

                                                    SHA1

                                                    bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                                    SHA256

                                                    44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                                    SHA512

                                                    27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                                  • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\BTC Flasher.exe.log

                                                    Filesize

                                                    1KB

                                                    MD5

                                                    8094b248fe3231e48995c2be32aeb08c

                                                    SHA1

                                                    2fe06e000ebec919bf982d033c5d1219c1f916b6

                                                    SHA256

                                                    136c30d964f4abbb5279bdc86d0e00578333782f15f05f0d2d050730dcb7a9bc

                                                    SHA512

                                                    bf27a3822008796370e2c506c910a40992b9240606ea1bc19f683b2fee86b81897660ac0cf8e746ca093dae9e408949e2e9002ded75678a69f020d3b0452801f

                                                  • C:\Users\Admin\Downloads\BTC Flasher.zip

                                                    Filesize

                                                    150KB

                                                    MD5

                                                    c48f821f44c791e37c17a8a8b93534dc

                                                    SHA1

                                                    e5a78bea20cde62110934034859b9358a9bc76a3

                                                    SHA256

                                                    f26afee7a25b28f3d1c7982a7291333987668f39a2dc0eec9fa6d05ab25d2b4c

                                                    SHA512

                                                    e8e110c5f3761cc74096ae40d30767f26845da17d546f0f48ff4444dc96e7388719c25d2f8b33d6defb91047cb537d53626956e33bf793f8c0f5ae40bd056abc

                                                  • memory/1704-345-0x00007FFB0A010000-0x00007FFB0AAD1000-memory.dmp

                                                    Filesize

                                                    10.8MB

                                                  • memory/1704-346-0x000002DA6A750000-0x000002DA6A760000-memory.dmp

                                                    Filesize

                                                    64KB

                                                  • memory/1704-348-0x00007FFB0A010000-0x00007FFB0AAD1000-memory.dmp

                                                    Filesize

                                                    10.8MB

                                                  • memory/1704-344-0x000002DA50180000-0x000002DA501E0000-memory.dmp

                                                    Filesize

                                                    384KB

                                                  • memory/2832-365-0x00007FFB098E0000-0x00007FFB0A3A1000-memory.dmp

                                                    Filesize

                                                    10.8MB

                                                  • memory/2832-364-0x00007FFB098E0000-0x00007FFB0A3A1000-memory.dmp

                                                    Filesize

                                                    10.8MB

                                                  • memory/3176-380-0x000001A8591B0000-0x000001A8591B1000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/3176-370-0x000001A8591B0000-0x000001A8591B1000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/3176-375-0x000001A8591B0000-0x000001A8591B1000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/3176-368-0x000001A8591B0000-0x000001A8591B1000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/3176-376-0x000001A8591B0000-0x000001A8591B1000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/3176-377-0x000001A8591B0000-0x000001A8591B1000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/3176-378-0x000001A8591B0000-0x000001A8591B1000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/3176-379-0x000001A8591B0000-0x000001A8591B1000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/3176-369-0x000001A8591B0000-0x000001A8591B1000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/3216-366-0x00007FFB098E0000-0x00007FFB0A3A1000-memory.dmp

                                                    Filesize

                                                    10.8MB

                                                  • memory/3216-367-0x00007FFB098E0000-0x00007FFB0A3A1000-memory.dmp

                                                    Filesize

                                                    10.8MB

                                                  • memory/3980-361-0x00000288AE380000-0x00000288AE381000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/3980-359-0x00000288AE380000-0x00000288AE381000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/3980-360-0x00000288AE380000-0x00000288AE381000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/3980-357-0x00000288AE380000-0x00000288AE381000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/3980-358-0x00000288AE380000-0x00000288AE381000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/3980-355-0x00000288AE380000-0x00000288AE381000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/3980-356-0x00000288AE380000-0x00000288AE381000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/3980-351-0x00000288AE380000-0x00000288AE381000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/3980-350-0x00000288AE380000-0x00000288AE381000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/3980-349-0x00000288AE380000-0x00000288AE381000-memory.dmp

                                                    Filesize

                                                    4KB