Analysis
-
max time kernel
347s -
max time network
340s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
-
submitted
25-04-2024 10:55
General
-
Target
Secured.rar
-
Size
739KB
-
MD5
ef56c7500fa4341f60af74e8d81022c4
-
SHA1
67e072fa9cf296e4e2547e167444e3d667df9918
-
SHA256
a7720638aee803b36ede0135b593d476a86706174e2b2657975cc631e4368ff2
-
SHA512
90c8aa0b9b8b4faa52d300d24976f31d1285d3dfed446416d7da442b192264ead3ab97e64edb100df0b560b6dcd01f66671d24be3587bda3fef98d1b5d034eb9
-
SSDEEP
12288:YqlwtcEQtnhBQN8ud/p17/B2DpjJ92Ycp8oYuZUWqB265UlktJ02Algzre2Vlx8T:3+iEWnhBMTvjB2DpjzQ9UWCUkX8F27xC
Malware Config
Signatures
-
Looks for VirtualBox Guest Additions in registry 2 TTPs 2 IoCs
-
Downloads MZ/PE file
-
Looks for VMWare Tools registry key 2 TTPs 2 IoCs
-
Sets service image path in registry 2 TTPs 1 IoCs
-
Stops running service(s) 3 TTPs
-
Checks BIOS information in registry 2 TTPs 4 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 6 IoCs
-
Loads dropped DLL 6 IoCs
-
Registers COM server for autorun 1 TTPs 6 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Maps connected drives based on registry 3 TTPs 4 IoCs
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory 14 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 3 IoCs
-
Launches sc.exe 4 IoCs
Sc.exe is a Windows utlilty to control services on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 2 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Gathers network information 2 TTPs 2 IoCs
Uses commandline utility to view network configuration.
-
Kills process with taskkill 1 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 44 IoCs
-
Runs net.exe
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: LoadsDriver 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 55 IoCs
-
Suspicious use of SendNotifyMessage 32 IoCs
-
Suspicious use of SetWindowsHookEx 34 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\Secured.rar1⤵
- Modifies registry class
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa9055ab58,0x7ffa9055ab68,0x7ffa9055ab782⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 --field-trial-handle=2400,i,2925731637886552434,18304594218734779421,131072 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1948 --field-trial-handle=2400,i,2925731637886552434,18304594218734779421,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1988 --field-trial-handle=2400,i,2925731637886552434,18304594218734779421,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3104 --field-trial-handle=2400,i,2925731637886552434,18304594218734779421,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3120 --field-trial-handle=2400,i,2925731637886552434,18304594218734779421,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4336 --field-trial-handle=2400,i,2925731637886552434,18304594218734779421,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4524 --field-trial-handle=2400,i,2925731637886552434,18304594218734779421,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4660 --field-trial-handle=2400,i,2925731637886552434,18304594218734779421,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4684 --field-trial-handle=2400,i,2925731637886552434,18304594218734779421,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 --field-trial-handle=2400,i,2925731637886552434,18304594218734779421,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4996 --field-trial-handle=2400,i,2925731637886552434,18304594218734779421,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5040 --field-trial-handle=2400,i,2925731637886552434,18304594218734779421,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4552 --field-trial-handle=2400,i,2925731637886552434,18304594218734779421,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4712 --field-trial-handle=2400,i,2925731637886552434,18304594218734779421,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5108 --field-trial-handle=2400,i,2925731637886552434,18304594218734779421,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4068 --field-trial-handle=2400,i,2925731637886552434,18304594218734779421,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4988 --field-trial-handle=2400,i,2925731637886552434,18304594218734779421,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5044 --field-trial-handle=2400,i,2925731637886552434,18304594218734779421,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4584 --field-trial-handle=2400,i,2925731637886552434,18304594218734779421,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5032 --field-trial-handle=2400,i,2925731637886552434,18304594218734779421,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3520 --field-trial-handle=2400,i,2925731637886552434,18304594218734779421,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3444 --field-trial-handle=2400,i,2925731637886552434,18304594218734779421,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 --field-trial-handle=2400,i,2925731637886552434,18304594218734779421,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5284 --field-trial-handle=2400,i,2925731637886552434,18304594218734779421,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3460 --field-trial-handle=2400,i,2925731637886552434,18304594218734779421,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5504 --field-trial-handle=2400,i,2925731637886552434,18304594218734779421,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5652 --field-trial-handle=2400,i,2925731637886552434,18304594218734779421,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=3468 --field-trial-handle=2400,i,2925731637886552434,18304594218734779421,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=2052 --field-trial-handle=2400,i,2925731637886552434,18304594218734779421,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5624 --field-trial-handle=2400,i,2925731637886552434,18304594218734779421,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5668 --field-trial-handle=2400,i,2925731637886552434,18304594218734779421,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5860 --field-trial-handle=2400,i,2925731637886552434,18304594218734779421,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5696 --field-trial-handle=2400,i,2925731637886552434,18304594218734779421,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5580 --field-trial-handle=2400,i,2925731637886552434,18304594218734779421,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5804 --field-trial-handle=2400,i,2925731637886552434,18304594218734779421,131072 /prefetch:82⤵
-
C:\Users\Admin\Downloads\7z2301-x64.exe"C:\Users\Admin\Downloads\7z2301-x64.exe"2⤵
- Executes dropped EXE
- Registers COM server for autorun
- Drops file in Program Files directory
- Modifies registry class
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Downloads\7z2301-x64.exe"C:\Users\Admin\Downloads\7z2301-x64.exe"1⤵
- Executes dropped EXE
- Registers COM server for autorun
- Drops file in Program Files directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Secured\" -spe -an -ai#7zMap26838:76:7zEvent185131⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
-
C:\Users\Admin\Downloads\Secured\Plasmafree.exe"C:\Users\Admin\Downloads\Secured\Plasmafree.exe"1⤵
- Looks for VirtualBox Guest Additions in registry
- Looks for VMWare Tools registry key
- Checks BIOS information in registry
- Checks computer location settings
- Executes dropped EXE
- Maps connected drives based on registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\serialchecker.bat" "2⤵
-
C:\Windows\SysWOW64\mode.commode con: cols=90 lines=483⤵
-
C:\Windows\SysWOW64\net.exenet stop winmgmt /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop winmgmt /y4⤵
-
C:\Windows\SysWOW64\net.exenet start winmgmt /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 start winmgmt /y4⤵
-
C:\Windows\SysWOW64\sc.exesc stop winmgmt3⤵
- Launches sc.exe
-
C:\Windows\SysWOW64\sc.exesc start winmgmt3⤵
- Launches sc.exe
-
C:\Windows\SysWOW64\ipconfig.exeipconfig /flushdns3⤵
- Gathers network information
-
C:\Windows\SysWOW64\Wbem\WMIC.exewmic bios get serialnumber3⤵
-
C:\Windows\SysWOW64\Wbem\WMIC.exewmic csproduct get uuid3⤵
-
C:\Windows\SysWOW64\Wbem\WMIC.exewmic cpu get serialnumber3⤵
-
C:\Windows\SysWOW64\Wbem\WMIC.exewmic cpu get processorid3⤵
-
C:\Windows\SysWOW64\Wbem\WMIC.exewmic diskdrive get serialnumber3⤵
-
C:\Windows\SysWOW64\Wbem\WMIC.exewmic baseboard get serialnumber3⤵
-
C:\Windows\SysWOW64\Wbem\WMIC.exewmic memorychip get serialnumber3⤵
-
C:\Windows\SysWOW64\Wbem\WMIC.exewmic path Win32_NetworkAdapter where "PNPDeviceID like '%PCI%' AND NetConnectionStatus=2 AND AdapterTypeID='0'" get MacAddress3⤵
-
C:\Windows\SysWOW64\Wbem\WMIC.exewmic PATH Win32_VideoController GET Description,PNPDeviceID3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 228 -s 23082⤵
- Program crash
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s Winmgmt1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s Winmgmt1⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 228 -ip 2281⤵
-
C:\Users\Admin\Downloads\Secured\Plasmafree.exe"C:\Users\Admin\Downloads\Secured\Plasmafree.exe"1⤵
- Looks for VirtualBox Guest Additions in registry
- Looks for VMWare Tools registry key
- Checks BIOS information in registry
- Checks computer location settings
- Executes dropped EXE
- Maps connected drives based on registry
- Drops file in Windows directory
-
C:\Windows\SysWOW64\Wbem\wmic.exe"wmic.exe" diskdrive get serialnumber2⤵
-
C:\Windows\GameBarPresenceWriter\runtimedotnet.exe"C:\Windows\GameBarPresenceWriter\runtimedotnet.exe" C:\Windows\GameBarPresenceWriter\drive.sys2⤵
- Sets service image path in registry
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: LoadsDriver
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c C:\Windows\VOLUMEID.exe2⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c taskkill /f /im WmiPrvSE.exe2⤵
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im WmiPrvSE.exe3⤵
- Kills process with taskkill
-
C:\Windows\SysWOW64\Wbem\wmic.exe"wmic.exe" diskdrive get serialnumber2⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\serialchecker.bat" "2⤵
-
C:\Windows\SysWOW64\mode.commode con: cols=90 lines=483⤵
-
C:\Windows\SysWOW64\net.exenet stop winmgmt /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop winmgmt /y4⤵
-
C:\Windows\SysWOW64\net.exenet start winmgmt /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 start winmgmt /y4⤵
-
C:\Windows\SysWOW64\sc.exesc stop winmgmt3⤵
- Launches sc.exe
-
C:\Windows\SysWOW64\sc.exesc start winmgmt3⤵
- Launches sc.exe
-
C:\Windows\SysWOW64\ipconfig.exeipconfig /flushdns3⤵
- Gathers network information
-
C:\Windows\SysWOW64\Wbem\WMIC.exewmic bios get serialnumber3⤵
-
C:\Windows\SysWOW64\Wbem\WMIC.exewmic csproduct get uuid3⤵
-
C:\Windows\SysWOW64\Wbem\WMIC.exewmic cpu get serialnumber3⤵
-
C:\Windows\SysWOW64\Wbem\WMIC.exewmic cpu get processorid3⤵
-
C:\Windows\SysWOW64\Wbem\WMIC.exewmic diskdrive get serialnumber3⤵
-
C:\Windows\SysWOW64\Wbem\WMIC.exewmic baseboard get serialnumber3⤵
-
C:\Windows\SysWOW64\Wbem\WMIC.exewmic memorychip get serialnumber3⤵
-
C:\Windows\SysWOW64\Wbem\WMIC.exewmic path Win32_NetworkAdapter where "PNPDeviceID like '%PCI%' AND NetConnectionStatus=2 AND AdapterTypeID='0'" get MacAddress3⤵
-
C:\Windows\SysWOW64\Wbem\WMIC.exewmic PATH Win32_VideoController GET Description,PNPDeviceID3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4880 -s 25042⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 4880 -ip 48801⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s Winmgmt1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s Winmgmt1⤵
- Drops file in System32 directory
Network
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files\7-Zip\7-zip.chmFilesize
112KB
MD5da6aec447474df298eca9f18c2fda0a9
SHA1c1e918fc600856a85a00a89af6ce623a4349126b
SHA25620c7b0dc8b584975803f3d8dde90bad423cc16c0adde5b33899428fcf61e485e
SHA512c88d73183194b368d65da29d5573ff4598574b579d0b1824890c9915e06cee63f235702bfe78c943994c3fe1849d9773fddc0343e0cfd28735bceccf38d06dc1
-
C:\Program Files\7-Zip\7-zip.dll.tmp2Filesize
99KB
MD5956d826f03d88c0b5482002bb7a83412
SHA1560658185c225d1bd274b6a18372fd7de5f336af
SHA256f9b4944d3a5536a6f8b4d5db17d903988a3518b22fbee6e3f6019aaf44189b3d
SHA5126503064802101bca6e25b259a2bfe38e2d8b786bf2cf588ab1fb026b755f04a20857ee27e290cf50b2667425c528313b1c02e09b7b50edbcd75a3335439c3647
-
C:\Program Files\7-Zip\7zFM.exeFilesize
930KB
MD530ac0b832d75598fb3ec37b6f2a8c86a
SHA16f47dbfd6ff36df7ba581a4cef024da527dc3046
SHA2561ea0839c8dc95ad2c060af7d042c40c0daed58ce8e4524c0fba12fd73e4afb74
SHA512505870601a4389b7ed2c8fecf85835adfd2944cbc10801f74bc4e08f5a0d6ecc9a52052fc37e216304cd1655129021862294a698ed36b3b43d428698f7263057
-
C:\Program Files\7-Zip\History.txtFilesize
56KB
MD569a9ed93f118b332335d30f96c66f359
SHA1d125ad2574a90cfe50de95d36f84014d1d0012ee
SHA25683495c16b428d317ec3d27912c852f1af4b84526f6540e579ed34ebb66364d70
SHA51292625964248a543bd778af5fac10f48056d9adc02c741c0fc0fd3353abf2737ce838bc3dd08d057b86aa56a314a8c820406930b5b166497b89f321f657636201
-
C:\Program Files\7-Zip\Lang\af.txtFilesize
4KB
MD57db01445ef366652c133f316c6fdf764
SHA1ba1af33e920fc820bf474a47768a17c6c93a2ef4
SHA256181e34045fb6338338c68d7ccaa325d47969ac43a20d20d898846f64fb68251a
SHA51281373af8700ed071ab4f307753c6f00354ea212b7bf3f24d4a61ea2fcb9f16e0674685d621e294170daa6a71388e6b5bbf12bb1a837ab037a539af08c9061497
-
C:\Program Files\7-Zip\Lang\an.txtFilesize
7KB
MD51583a850ca7369fcecf12b4159b4328f
SHA1e651ff9613b31b8d9602ff6c4fa2cf27678f82f8
SHA256c082aed224d70a3f77e68c0db90fdfbcedb8e4c12bb1a4c6dc7561bd8b1fa071
SHA512bd4fc2a28e51147a78459fbd0b47d7898d1fc2024499ec65245173880979ee55f0b177decaabc94c392a08b04efb3b7713884525033c2414063422ebc17cf04e
-
C:\Program Files\7-Zip\Lang\ar.txtFilesize
12KB
MD51f1268bf2a1262ba99013f7b36a82655
SHA16101602d68a3f6e229847629dc03b691647046cf
SHA2565a18170adb8152458716a24bdaa12835fc26c68b31209a9e29e739fca212a356
SHA512fb44f1c92df165bba0eb3fdbf24f5764e5a6fce61e2484a439c2c914ee254bdb9f8118ecd116a4fefca6bc3d657ffe3c25bc66b7f4ff66b1a5ff63e2579a5f8e
-
C:\Program Files\7-Zip\Lang\ast.txtFilesize
5KB
MD523ece3a43d2577a1f4bb5d420abb563f
SHA134d0804c00f45c5cda77409cbd382dc11932ef4f
SHA25661d67f81971a8a2093041ce58b39c7229b413b991b2fc724e4898bc319539992
SHA5123515e580e9a0e912f8d23080c380f38f91857254967baa237f1a1cbcb1961a4e469a60a4cd2b33dd1f435cf242e364d95df3fc95eb6998cb0fb800e86ca47470
-
C:\Program Files\7-Zip\Lang\az.txtFilesize
9KB
MD5e5a80461b90f025be5ee9062673b53ac
SHA1cdf8042b7cd2bd7c9f09dfa271681ccc6e639864
SHA256f0d1ead49e7d42f897b7ea715cce41637c3ebd7ec556541aedd7ca2156cba065
SHA51243fa0dab6cd8321eecac6c3bdd5b0e90c5efdc8d2e3919e7684222791dde1d95c1b159e5398a1159e549ab1c33ff5c6d5052736162cfcc55267a644d631e9716
-
C:\Program Files\7-Zip\Lang\ba.txtFilesize
10KB
MD5c3efc3a627fb8b406f8805a12f09739b
SHA1bacc7eede7610a824ca8eac89aca9f6001d25336
SHA256aa8a4baebe75f9c0d4319fb65deb61786dd1bd7e692226fabf2679e2606fa0d5
SHA5124a4acdd09bb26e97031eb582352ee3733735fd44114230f42acfb16d3d820db4e91010dd297773538c7cb7383a9c03d047fbe5f47380a92b751fc42ffeb5b9a5
-
C:\Program Files\7-Zip\Lang\be.txtFilesize
11KB
MD5e48f4bf2d0103001ede9551d62a8c4dd
SHA1282d9093f55e9c55d449e074f7cc42d995661ec3
SHA256b49445240bbd9910d1fd693654f8a51d4035fc2d2b572e7c195b917321c27f05
SHA51280361ee17dc2abdc543bc29e2b3c3395d769845908d26ecd3fdf3da71f3cd8c514e7d15eb342104cb51aad4086255e3466da0e490f27960ea5602e918ebb0332
-
C:\Program Files\7-Zip\Lang\bg.txtFilesize
12KB
MD5f245a8437a36abe7bf356f77d7e9e104
SHA15ded5211b33e2835bc864e63981ddbb74a58dd32
SHA2564e308d796dbdf26a690102195426a6702ab567363ab8ecd5f063080ab66dc819
SHA512db868173ce3451efb02200ead2a33e1c8c27beceaec6768f7f683139d25e43d6d58d8687ed4c65f7bedaaa3288f20b16fd5bac11d46245c33f8d0bc64d2c7d39
-
C:\Program Files\7-Zip\Lang\bn.txtFilesize
14KB
MD5c0cf8da47fef56028edbb261e4f5a691
SHA1d5a8030e1ea15b8f85951149eac41aaa9c3072ca
SHA256389eeabae507e204bc53925cc1e2f1a4cc0cce5d6e74bca8f015213ed019d7f5
SHA51203392b7563dc5790f09c03dad7a3ba7154609e3a085ba374c123d9df482dbfbe12fc679b49e0b9d09c2c7ece860f4cf5e85a7a90c67eb2aea4f2786f73c35443
-
C:\Program Files\7-Zip\Lang\br.txtFilesize
5KB
MD5db2784955e875a93ef7f2d1557f3f6f4
SHA127cd891768902c51e1451f31894e3eff30620361
SHA25688233348e8bf385eccc6cb56c4a088900c92e1fa51329769ebc5c4a5e6c2cbe5
SHA512ff540924f456da8f2bdbc3b434068b239a4d85e163ddf500906683035e47abb1c0829a9b6fd1466c05c68f2f3ad365874beffbe139689771040ec95934b926cd
-
C:\Program Files\7-Zip\Lang\ca.txtFilesize
9KB
MD5812d4995102e9b475b874d0cfdd8f56a
SHA17377bbaa47ca91755574f07fc17be41c3fad3237
SHA2563d0ff58cce129a004ce1d7e0608808ce64e712a0e8aebddb908eda3b191bd883
SHA5124e5af4d5b699aa32da6c3f6e027ebd6ed2db7bceead648f5d4843b307335f21f3d617ac753cf7555ff044210b49bb5475f0d66619bd1353fa9a140d1428362e8
-
C:\Program Files\7-Zip\Lang\co.txtFilesize
10KB
MD5f9a98b99a163c842a7adab1cd8acca76
SHA1efeb42fd33ed61ae7430becf95f8e45e630ef501
SHA256c9a10ee60f89a139d36325595c3da0afc0c07d2b6e1cc065bb45d734e1fd133c
SHA512b1da9357e3d0bad24a7bb9bb17c94769b2b8a6c2f8f524394cf77b48013602bd35846997be6d662507ac643c8adfddc6ca6c8d36807d1212918563f72708c1ed
-
C:\Program Files\7-Zip\Lang\cs.txtFilesize
8KB
MD536a411cf8a6673fd95b4dd282732d5af
SHA1c87638050b904a596f07a3602d6f6ad327762a18
SHA25683916d0fe4cc8a4c414f2e90ee3dd7371a38e2ea44414f948f6da0f8dd23b600
SHA51237593f73db6062f4d146e24a4080c56b4625c8aab4e5bd8f58802082e56401ec218e93deb9908322064b4e434b855640b19822d568a4434038b6f15f4976ce16
-
C:\Program Files\7-Zip\Lang\cy.txtFilesize
5KB
MD50c15f3a55de5d538f2748444623f2745
SHA1c15440a16a08339088c563e505012e67c383216a
SHA2562dc41991631aab989fd2368e1ebab6b56dfe926307fcb1b8e887205584e99b5f
SHA512d11e819fcb176b185fb6402ebedbc29118a5cb7757577a04371182e46eb8c85b6f96a8305c15a3c366e4b2ff8da6479e7f2f7c0ce00ea12598b957d4643a2756
-
C:\Program Files\7-Zip\Lang\da.txtFilesize
8KB
MD5d8aba2da47c1031832957b75a6524737
SHA1b83069ef9f7a08f18804ae966b8d18657e2907cd
SHA256f65026ae33d4302a7ef06a856f6f062c9730100f5a87d5c00fb3feaf5fcd5805
SHA51282b5f4ab8e3e2310a98be87b5cf2cbf04b7aeae1798cd69529325ee74add40bdca38eda865a821f66436906d4f3224004f690cf406b532e116475d2b2424b570
-
C:\Program Files\7-Zip\Lang\de.txtFilesize
9KB
MD58c46fb4a3c5025c1089f5c634d5d951c
SHA146272d7178330b9f1ab1aaf7f3db068f4d8b72c0
SHA256e6a716c27f11bfadba853228a5bec9cdd6d043f22f5db8f70094cd2e857c3a6a
SHA512e39571a8605e7f6479016f721b5e449a6028a62cd8b058054c2f6e8129fe1c3ef19f5b0d776e9d25f6fb3d8f56e1f95159ea77758a0de5ddf9f07bada21744db
-
C:\Program Files\7-Zip\Lang\el.txtFilesize
16KB
MD5d74ce0f31e3c062b6631455ea2c3dcdb
SHA1b4267827e54a0e6d9ac32be961640b4530b59cb2
SHA2567f11663757a2bdc193547e8c2a221f92d8f1825db0e7c801d33ba1b42fbf08fa
SHA5127feba4c40a3634f2a2ded570448d6aa69e3118a725bb25a33144855705457bdd208c61d86e1347fbdc4bc16fdfae3e5c20bceaf85aace97292789e32f3fb71df
-
C:\Program Files\7-Zip\Lang\en.tttFilesize
7KB
MD572ea78fc93365651aa4222b6ebf31bf9
SHA19a2a5a2879e30dde4571f75eb00f95f58226c768
SHA2564d6405dc6f93c00fa7eff8bbcac256d079ff56c5d0edaac41bb1a80c0ab2fecd
SHA51261d5a60b26162ea6218a256e7f5c31d2aba4c24563d0a075cff280e683b6be61209042bd5f85e02ee6c4b5156d7f894934b6755f17594aede5199edb01f63fd2
-
C:\Program Files\7-Zip\Lang\eo.txtFilesize
5KB
MD5418188a5e20929d6948de22b970a3208
SHA12068dfa837475c14e13919555816416d44ff4a3e
SHA2567aeff9b0450b006c212104a541787b3a9e0912b85733f6addab700b7bcc0f33d
SHA51207da2c0ae34b1f5a47d8fe2e97b62ebfda0b3369ae257f0f4cda14ee9d1f469d23696930b810ee83761a142fd6400825c67d954b64cb5fa246cc43b483236151
-
C:\Program Files\7-Zip\Lang\es.txtFilesize
9KB
MD50e082b43a79586272b05c9ca8f7c16df
SHA19eea192851d5fb9045e88b506ed4e1558667e683
SHA25688972f7e173cfed678fba72f5eefbc1c485d8cdad14c49e57a9d3076cff0c2fd
SHA5123774139b300d88dccfb318f1a261d6f8bd49ec3be87fde0449c9600c436d7245181bea24e54d51b39835dd9b4f4c7db722d61a2a62812ad58b6599abdf8df2f6
-
C:\Program Files\7-Zip\Lang\et.txtFilesize
6KB
MD5ee84b1c885670eadec64639f14da46e2
SHA1c4701563afa270fd4c33802383347a3c19e2fd92
SHA2567b0e52653b536ad2595de618073c37a8fc833e1b43b0772a6a1fd3c2167f59ed
SHA512b2586aef602861a8423761164d221407fe91e4fa197956e03fc29c1cf2e560d4b338af34eabd5739b9a1fc51eab0ec281fc93f4615b960f99707de5f7bf985d0
-
C:\Program Files\7-Zip\Lang\eu.txtFilesize
8KB
MD529ec04893f6b2c9058a8f1e0beaf9081
SHA18e7b5a0ec24153aa7be02f0395c003df02cf6a09
SHA256536d93ca6d7c96d203b51333c4e78de2429f78d32cc321461589626759c84127
SHA512b84e6606a5f58392de5c5f8113db10b8212a82bb93367469284ad2dd9a961bf381e3d230179ec19a32cae7a266cdde7290d95a262dea247b267fdce905f89972
-
C:\Program Files\7-Zip\Lang\ext.txtFilesize
7KB
MD5316f7b64fc0b4acc1643322ab14afe46
SHA13bfb64c9fde5f0a1d6f7072b59f2fff3f08c29e8
SHA256d8770102923aa03e0441094fa729f602a52d447e30954f03e2dc56d1124cda69
SHA51244dd7dd40efb832867bb13d160e54fba8c8e2a092e34909b56c32abe8b0fc579cbd35abe0758589c6e2ad3cdcb1ff41f293f5743927916e4636a8bbfdc8814e3
-
C:\Program Files\7-Zip\Lang\fa.txtFilesize
13KB
MD56948e051256dcb49dd6e977a30c53881
SHA1c9c65393ddac81447743d1348a0f45db88a8ded8
SHA2561a368671bca4ebd97b9edeb84976ec208ceff1c251b93870ebcc9d35936faa06
SHA5124e580b070a1ca26b1243c3c2b99bf14756ac59d1ca0f152f0e1f61feff35a8e7164029a387c069812c2959f69c2f11736902dd33e7254569603ad403b8d7c1e8
-
C:\Program Files\7-Zip\descript.ionFilesize
366B
MD5eb7e322bdc62614e49ded60e0fb23845
SHA11bb477811ecdb01457790c46217b61cb53153b75
SHA2561da513f5a4e8018b9ae143884eb3eaf72454b606fd51f2401b7cfd9be4dbbf4f
SHA5128160b581a3f237d87e664d93310f5e85a42df793b3e22390093f9fb9a0a39950be6df2a713b55259fce5d5411d0499886a8039288d9481b4095fabadddbebb60
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000bFilesize
69KB
MD586862d3b5609f6ca70783528d7962690
SHA1886d4b35290775ceadf576b3bb5654f3a481baf3
SHA25619e1a1ad6c54fc29a402c10c551fa6e70022cefca6162a10640ee7d9b85783ed
SHA512f0746c23a06effd14e1e31b0ea7d12156ff92b1f80445aa46e1a4c65cf5df4bc94f6dabe7aead01f1bd6a6c7b851b577a11697a186426a2c8dca897c48515ef0
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000cFilesize
324KB
MD55a51673d5f494a5ca20aaa57b86baf94
SHA178484192b96b0301b88d0daf14b91a320a79fe7f
SHA2565493b5538d440926458a2777eac5a2fde1ab0ac49f374485f46635a47acb1f32
SHA512492e239b18d4083f8717102b41d76334674afb59aaf888d22df6600e059365232c5ebb245cef92ae93d086ed5d894a82f03383e728f17baf47a5d2812f2ad840
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000dFilesize
138KB
MD54b938035bb41d422eb7cb50d5cefdc1f
SHA1775d4ec9dacf39d88b11797b477f05f2f83db818
SHA256000da8d781ead6421966e11dc6a7ed2d0f9f483d302e0fe155742fe87231a0d9
SHA51245155ab9748af95b69e73d15849ff2b5459d290672b57ae84e2c1c7b48e8fedbc7fe1374e31722643a53dc4a7c23472a3121cb19ceab1ca5a5e61fd154a7c7c5
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012Filesize
250KB
MD57e5ca2e6f0fc049db4e498a1ba21e434
SHA100c0d95c92c71ee4cc94535418e4a0d0c3baa869
SHA256e98e5c2b0b986ff9fbad24fbf0f0fec68aad540af85e2e1f7308bd7a60e3be0d
SHA512d7ad0c6f94006f91ee2c7b8131d11e733deec1a95c77432a6ad3f091e7d0a5314bc67daf7b94838a4b782b4a3232f7fe3312a7b3aca69163dce6c97608b7beee
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013Filesize
170KB
MD5706f81b996b25597708a2f311ab6ca47
SHA15de3a4ce0892142f31300378d4c20a689d5607f4
SHA25666a2ea90cb0dcf684b6e74168d53970a2b8c034758c8959da5c756c7f49a361d
SHA512ccd35b1f8b03b192cafb70a95f752f675c55ff0e891560bf37c767d7665408573246a14d752d11af4ec522e38818c5ede4daae1b2b916ad1e9c6e2452c115508
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014Filesize
213KB
MD52dd35ee0db0380eae43132add10e858e
SHA1ff7f73cffd97bbb47de34d6429de5f1f0330873d
SHA256003d72a5ec8e81a3d8a05900b932a05e750df577eb0077a37d67f76e0452511e
SHA512e03b607cb9f0911eb1fe28b912360619dc4fe84a740c0683acc621ff66e550821bc37be036c589094f5679da04d776951052d4d3bd60f3b4bb9343bec983f60b
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015Filesize
41KB
MD5afda7e3222a5ec7053e1592254e954f5
SHA1cc7e785fbaee5d7eda52dc59efda35edd9d4ec0f
SHA25656f75ffe62b1fb3165ca86214951efae98561afbf157356ae97047915d6c892b
SHA51202b753b6d563855fc373b38a412b712b854f99bccf1af0e7f633f7c97e9a3135b8522e08083197fe2bffa3b74b109486e2409da634546f31a5c8047f3b03aab0
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
1KB
MD530ec365a291d94d312aa5ac4253c5f5c
SHA128eb631a87d52af596ad6b37ac9b7edaf35b5947
SHA256a2764745a17aab84a1f06a1cff2e27f2a634097f0ce5e73da94106745db73333
SHA5129f75274a65198ef053e25a4c8f474bbbd9e7f2203b2e90d217a985549e7c3686c175cfde175c4863e6b54cec1a89ce90c53e66eb8ba75a4ee6173aba7b93c99d
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
936B
MD5c713f5cd6e9fe0fb4d8761c0521defbc
SHA1ab696c8a860c47ca0c309108f4d2d74365dc468c
SHA256ec9c2129ef8b49719fde1719ff366a0fb50f76bdb785cf9b5ec5f7ffd4bc98f4
SHA5123a887a0af674e9a04245020622a9a6fe169033d957792711be60c3a1df41a2a22e67e31b30388fec2b5bdfa81106de4a46ba7a2606c9b83e1b19f890cc4a75d2
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
4KB
MD55253ed3889a04deae953fc3cb6a579d3
SHA1c0a88a1b079f0cd471543041ee2109045da9b29e
SHA256a0d98cfc8bc155664404019d0a5647927289e56f7f568b05b8a9202423e7437b
SHA512b71c124f71672bbdea9daf44dc05e2df3c38a045db3fd15c292095c4242066536225126c11c915b5de7e537d829e81572cbc493d1fc69c7eb73a7982ad193181
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
3KB
MD5c5019f9c2cc2d96c0cc675deea7e7e93
SHA17557e09a7d5a6229f7b68d9371b2501261027de0
SHA2560a6033d136ca54f9f0569606d99c547e2f5a9c967634322271442c83a7beaf51
SHA5120061132441878305b031b6f420b4ecfc0b1f699072541e87be13b4983e50193e2e809e50295aa80817f5835b06738246d20e5ff2d62c01d1db7d93249e67fc60
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
1KB
MD582b290fdd3f6f7b231d58c226d4ddcc0
SHA1fadf09d19fab8ffb7cbf9c7359710d30d7b802ff
SHA256f50a49ad3daef04e81f6ed10dd03363d13eedea2d3f4482ff7b20a5255b32eb2
SHA51252d76dd13180fdadc7da8ca5a9f1d97b7a74dd6c2026eed957115d8286ce17f82008d636cf4a45c92da8917e4034335f27266303330350dc6388bc980b0beeb7
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
4KB
MD57b6d929cf0092bc3cbf181af3cbf45ac
SHA12cba3e6b92fc12c5b2611c84063ae3e020959e99
SHA256bb969afdaae410c635919ba730a89ddeb8f32f18c4e8c28dca751e05d3fb5c0d
SHA5125a094c76477eb5c37fec5e58636831c59136357318c36d62a3972aa8da8c4b9f8459cd9406bcda83ac464b0d3407ac317ccac06befe64fa38b9d499d9f64d82a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending ReportsFilesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
356B
MD55f6141a0e6536a5660095bc2bc21cc3d
SHA12f55f4bf22cc770b37ec72d28a6f6dbdb147fdbe
SHA25693e93731de72748cf603ee2a5533b9a4e8dfe66aee451c73de0161a3ae4e2cc4
SHA5128dff0fc846ba239a2d05a4b7bb48c0d84fd6751c86a32023cc0940c88703e0a9ac2b73d8c5f3401152a69b335a47a20a6c6ad8307dbd34b2a99168676642cb97
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
858B
MD5ba6607c8620b535666a2b2f8077442fd
SHA134146b9474f8ce2931e5f66ffbefdb424b50610c
SHA256a41ddaa9ca0bc89f95fe9925669fb2a3a97957f842c9ab537609deaaa635948e
SHA512717025696a851f913bbf2fd0d05d18601fb037463bdf7a72ccc251e36a710684aa62e3da063634a2b8ed218ebc4c910a1cf5a8278b9143202a6bcc5485cf331e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD5a3f4b839a15fd5052f3890022bb7e2d5
SHA156077d62861d49cd168037ccf6440de70950a781
SHA25656cc10994936141cf11c892b43d1d2deaa1cc8b5c534544dcb7122f416310ab6
SHA512ad89b83dcf57ea3eadc4e51c156579c675532b37eb2e1c65369ea497385d7fe861dc8277619208c93132c286dfcf7c1e9962df3c4a1762f03942cdb96829259d
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
356B
MD54a0411bd697b07ba3b39d17286188b26
SHA13913f9934908140b8cc85c9782ca6a1a7a788e4f
SHA25690da041bce3dbda9710ab0567736f41aaa9124d3d269596bfbff083136c266f3
SHA512d4a17d53730235a49118bc1ceb6ea0b1c5b6f223676c673515bf45848ef7924fd7a52888a9dd16308370787dc15183960b5fcbbfbda24111854857416a885112
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
356B
MD5d89b445114aa234a4612ca31be405689
SHA1b43467aad4dc0129b08dc31b8c8f848fb90ed43b
SHA256bfb58e15e925913eac5f434d278b66dde058e7fbb9d45bd977bc3ab350341463
SHA512bca291a0a72262f07d80c77d4deb7fd8ca36dd8a2f900c5ab6a710f60107ed8a4163415922166dc23a2e996b54b890d65728f28917b53b1fbf42dd19a7f4e509
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
8KB
MD55d5ac10a6d855ea32ac8e03de77daafe
SHA193101c59777be3605f8c07ae2cc962e77eb9efaa
SHA25671cc3ebd659f00b497e07b3ed425dc70603895008c702a17b793534b80ce807d
SHA51208d88a954cd85c8fdd67ea340483c3adcf8870f3c72a386daec32fc88fbee8c2061ad9f88994eeedb359e78283a7d463af9b876a309ba94f3a271169238c2845
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD53382c5ccdf859d04a53b7153f5eeef8e
SHA1e3dec2ab023f71c15c40699a01993a31518b33a5
SHA2569d176fc115e059f1e76a3e13ce74b2a7ae943f576fd75ccc0739a01f90db182b
SHA5122621454541a90cade3dbfbcfd43122b30767a986bccd742a79bfa73a7b94750445e0bfd8b124440afc3afabeaf90f3ab1b33fa8b347d91bba93ddf7061b4c8c4
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD5870346e6a4e33235fbf4544a11e73141
SHA1dd7d85596de967f5cdecac1dfbef6f591c68cfd2
SHA256e32fcace6c486a0e9b8670cc6c321cdf522c969c479237d22e42eb26a8cf7b65
SHA512cb3f29db9f806ece76e1feed9c56efd13a48597e64831ffe6647f7114701e17aa7a5779483fc15fd102f5de0662a3a6f66cb8627bc7b592e85d7f414f9598295
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD5404f702b9343279493971ad87e54bcc2
SHA14537b3a310209624ba395ae1eed683f27acfbdd9
SHA256841097489cf846c01f50cb90cd7da2b72fd1c94db08f9aac17c23a2235dc5e17
SHA512f49a5bd89190fcf31feca35610f2d0d3daa43e65869f2364d02726388d4aef0e56f9870968ec1f538dbe2d16348beed21fed21ff13302e3a81b8ce7270c9e83e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD55f28f2dd56fc8054d52c268bff7728bf
SHA1c1a37f106480bfe12bb648872a6c5fc8e1e5adce
SHA25611fa5e92cf079332c866c4caea81319af86d813dc6ad90179357a31a98a649a6
SHA512dbbf6699ab0466f25eba61b69d7bc28f2a530703282fbfc796a15c77512cd0ba4985e8a930dc28eb4c83488047f2e8d972743218809e87feb904397e117b63cb
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD5a7875287ff6807a3b2733a14f34827ba
SHA1edd56d482e5075b99e106c1a3eadf75d751bce22
SHA2563a744785fffa692470a8fec8400a602537461ca25ab6030aeafe2fc30a18480c
SHA512131fc77d74726c196850d4e7dae2c6f7a60493e0b1ba3611206da95168bc9d2ae1741079e391ef0efa9bb4597aefd089758393e28ff9bba0f3de8ea224ee0e4b
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD521340ef3bd86bed9ac3657a871382b25
SHA14a445d2483f4462a7babe3de7225822f251e8148
SHA25638f8358b25445c2efa54f00ed76d67e2e2d6026f2fb42b6adef487dcb73ed82d
SHA512ad323bfa2c195dddf49006960f05bfc2209c3b0a48bcb2e8c5b4014058adb4e138e9c9691cf6ca407b64be2dcbfd623f62e5f008fb0070654e7fc5010ee33056
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
8KB
MD5a13784c2a4ec661c958ae59f1500a1bf
SHA162efa1071af77916dcbeaaf308f515c37179c97b
SHA256eeddd9711f8207e43eb54b87e88294ccc7daca029ff030aa858a45e72fd0071f
SHA51203ce58dad10aa099b8b44348e63a8e9aa55c6d36bad5149274f4732d4e22f9568d039e1f54810b5e85a144989f661a440dab3c213d38fa69fa5a00b1b0dafcd0
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure PreferencesFilesize
16KB
MD5b0f9456d4a5ab4943bdce4e1836dc18e
SHA1e3c18137e80d220a949d577a9c0123666a6aa261
SHA256b03f9dbc6145411d5e9515e6c21da86b25f7ac694549ee643c646c8b7cdd1cf4
SHA5121ed2973a75f52ed063510312f5ec5d06db51fe2ea9c303d5d5132006f2ce81425c40904898eca1883e46cdb351f069dcacc14148ac0ac430e1d5cffec5190abd
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txtFilesize
56B
MD5ae1bccd6831ebfe5ad03b482ee266e4f
SHA101f4179f48f1af383b275d7ee338dd160b6f558a
SHA2561b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649
SHA512baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5ad8ae.TMPFilesize
120B
MD5a318cd94f7b5d98024e5d99301689bd9
SHA1bbbafb351f5ca1dae866eaeb3b7b3e3087541d4a
SHA25668970f8489397e56d5b3ab2705f7e915bc80ced6be3222f5cd4be538fb063dd8
SHA512ee2567d64aa154f5b0984ea3acd6572dc061066b1b7c5b8e9808e00e580738f8a9c219fb3a5a308a357bafe08e6aff6f1fc3b177e759e883537fdf820c456230
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
286KB
MD51ec7a93ab20f63be98d6467f2cd43a72
SHA19a75ecdba8679f54b29fd4efed9fab13d386bd1e
SHA256eadd8ec3666e41bd43a9d3071d798fa0fdf87d8d416fb760f80cc6eef0ef06a9
SHA512de6614eaa41e8d05337afbaa2ae93838ce6e6bb757d446351cfba4c67c206216f02a14fd621a2da4db26b977572090cdfbeaaa197661a0e4f615e9f0ed70417c
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
255KB
MD58622d187acf48346bf02f9ff8a89e48e
SHA136cf9be9be87fd41feef8065cac9937abc2f475b
SHA2567c9b09f7560bc81858713184b9ff31ae66d1ad9dc87d8103d5d1cb63c232249a
SHA512a8984e0e01bb9838fd8fe40d9490a31c4e8397f2184d57ea5fcead5eb6fde6b8e6c204feb37bdbee42438cd1b57062f6d5c5bfd667dedccde2c0d8569e61af2f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
255KB
MD5535f15c0825f100d1aa3971d4d6e8dc3
SHA1068935b14001cdc70b80e1455f229df28ddf76e2
SHA256dc331bcad84bd25d737741ca149243397d0f0a8ce5febd29331e0056249c08df
SHA51247ad4a4c34f255ace92c1e0685187e451f96484a3549a9dabed7c6048feba059efd37220362c2b7fa239cfc022d299bbb5eb5af05775189d049151a3ff32dcdd
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
255KB
MD5f4bfc1c41bc9ebaed9e304b094f956d8
SHA1cfc19d8cf90cf0988c6f9102b0eb73284240742b
SHA256e9838459fc9481a5d352f78640a025c75b62b53a679e4a815d5ff5ed096c4abf
SHA5127ac671147a90e1ec6d3b060e26ff90f93a491bb9a66ac636154195e5d8c100e926c92c13c11702968c5efcd70202f23505bd5a232c0c65f305a636db036ea9d9
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
128KB
MD5f118c15ad58de4cb79a97a8b80348fde
SHA1560f6fc38b6e0554584477c1a0c6146603f1a04f
SHA256c3b250393bca46ee0b99225f15a815b8a72cb961f6e76f84d7b3fbe7271fc335
SHA51270e40cced4e12b161fcb51292c5b4c091e01cca0dd828c2b1bc65c3c8194a6d129e7c6a1d9eddc809fe8e96f3f4205ecaa695b0159d010144aa8277ddbc8fbdc
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info CacheFilesize
91KB
MD5ab1317761209a163f7d79c35931f6b96
SHA101c7a6d6ba59435d9aa8420a84b8c8c1b49efb83
SHA25690e1ef1a09a492e378084548e02f9a1f89dc3b48d63f3f5cf72ed36ecacdd234
SHA512ff2e58fda594e24add51b5eb09d20f7fec43ec5a7d323470db8e02ef4dfe04bf5a474ad9e74321e141c013094e59a1bc16558836e2b2a743d81549d8c68ee30c
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info CacheFilesize
99KB
MD5e8e75340f2314935c023d7a944d4b7e8
SHA1e7ef421a2d28362269e9b76ec78e4d3ab07b8c74
SHA25612ea25d53d0697a217cce5be148e0c072e780826913152f9fcc1ce3a029cdb47
SHA512f10cf09aa6d2630269eff6d5039b42108aa383818532ba2570bef10665a3228ac9741707d98a0916ae9a72742eedf2ff9c49e44a736dcad18321de55792328c6
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info CacheFilesize
104KB
MD566f16db118b53926cfb9814c28f57299
SHA1920fc7095ec182892f481233252a9c03b55e3730
SHA256adc09fcec63822e74709fe112b101b070a708cd73031d97796199de4a4b10fa3
SHA51245292f1c584942637d4afa425bf1110e6a5e3eaf0a36297b29dd0c0fa598d1af08e777f183ace392d65e3f5d9cdb6917f4dfc3c504e7ce6bd4fc68041ab496a1
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58f112.TMPFilesize
88KB
MD5900c7a52cc657a409ea140a4b8b1b86c
SHA1b5353464ebae690c1eafcf1b1b757ad41d7739f5
SHA256f2f3f460012de65d66d6d56c390a61d9224db5a77fe14b3189588d800464d898
SHA51209433914b91295243a6da9ec56037e312b76767611b3313d79c053eb14adaf7d53a4d7a54b33ab3c5b04fbd633705474e1246ccfd362da54f006f592372be3ee
-
C:\Users\Admin\Downloads\Secured.rarFilesize
739KB
MD5ef56c7500fa4341f60af74e8d81022c4
SHA167e072fa9cf296e4e2547e167444e3d667df9918
SHA256a7720638aee803b36ede0135b593d476a86706174e2b2657975cc631e4368ff2
SHA51290c8aa0b9b8b4faa52d300d24976f31d1285d3dfed446416d7da442b192264ead3ab97e64edb100df0b560b6dcd01f66671d24be3587bda3fef98d1b5d034eb9
-
C:\Users\Admin\Downloads\Unconfirmed 762830.crdownloadFilesize
1.5MB
MD5e5788b13546156281bf0a4b38bdd0901
SHA17df28d340d7084647921cc25a8c2068bb192bdbb
SHA25626cb6e9f56333682122fafe79dbcdfd51e9f47cc7217dccd29ac6fc33b5598cd
SHA5121f4da167ff2f1d34eeaf76c3003ba5fcabfc7a7da40e73e317aa99c6e1321cdf97e00f4feb9e79e1a72240e0376af0c3becb3d309e5bb0385e5192da17ea77ff
-
C:\serialchecker.batFilesize
935B
MD58821614580796004fb4ff93576bbf179
SHA1a2276d5ab07083bb00abc4576fa5aaf7fed5b439
SHA2563e14dd0495430ed0c9cd9c7fb4de94a482ffbe7158cdbb765ae314d8c22541fd
SHA512ad903e517f6aed7a7108009043ac32e2ed5500ac1059831c216ebc8d489b4c7c09f2704bff0d6b9a8183e7c8c2a3ffe96a61d789abec09593b8f266eabb8722b
-
\??\pipe\crashpad_3320_HNECONOFZRIJBDONMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/228-1101-0x0000000004D60000-0x0000000004DC6000-memory.dmpFilesize
408KB
-
memory/228-1100-0x0000000005300000-0x00000000058A4000-memory.dmpFilesize
5.6MB
-
memory/228-1099-0x0000000004A70000-0x0000000004A76000-memory.dmpFilesize
24KB
-
memory/228-1114-0x0000000074520000-0x0000000074CD0000-memory.dmpFilesize
7.7MB
-
memory/228-1098-0x0000000004B50000-0x0000000004B60000-memory.dmpFilesize
64KB
-
memory/228-1097-0x0000000074520000-0x0000000074CD0000-memory.dmpFilesize
7.7MB
-
memory/228-1096-0x0000000000140000-0x0000000000178000-memory.dmpFilesize
224KB
-
memory/2484-1121-0x00007FF6C1F40000-0x00007FF6C1FF3000-memory.dmpFilesize
716KB
-
memory/2484-1124-0x00007FF6C1F40000-0x00007FF6C1FF3000-memory.dmpFilesize
716KB
-
memory/4880-1131-0x0000000074520000-0x0000000074CD0000-memory.dmpFilesize
7.7MB
-
memory/4880-1115-0x0000000074520000-0x0000000074CD0000-memory.dmpFilesize
7.7MB
-
memory/4880-1116-0x00000000051C0000-0x00000000051D0000-memory.dmpFilesize
64KB