e48de1046a45882852e213acc1872dbfc7ca345a1a7c87a32491806a981cd64c

Analysis

max time kernel
257s
max time network
205s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 23:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

VLC media player.lnk
Size

1KB
MD5

59affb1190500fd7606556f2d52ab6d4
SHA1

c0907f24f7c239ce12e18a301270bfc57281dcec
SHA256

e48de1046a45882852e213acc1872dbfc7ca345a1a7c87a32491806a981cd64c
SHA512

99c00324068a5f4e26e7a6645429df0f860eff40c113bab4de7f8bd3199bc5b7df12289b88bca0d85953eae23969b844e889e6821d97ded8284521238b03d158

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral2/memory/532-765-0x00007FF737900000-0x00007FF738352000-memory.dmp	themida

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133600290211310929"	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
3652	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4904	chrome.exe
4904	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe

Suspicious use of FindShellTrayWindow 37 IoCs

pid	Process
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
3652	NOTEPAD.EXE

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4268 wrote to memory of 3884	4268	chrome.exe	88
PID 4268 wrote to memory of 3884	4268	chrome.exe	88
PID 4268 wrote to memory of 3968	4268	chrome.exe	89
PID 4268 wrote to memory of 3968	4268	chrome.exe	89
PID 4268 wrote to memory of 3968	4268	chrome.exe	89
PID 4268 wrote to memory of 3968	4268	chrome.exe	89
PID 4268 wrote to memory of 3968	4268	chrome.exe	89
PID 4268 wrote to memory of 3968	4268	chrome.exe	89
PID 4268 wrote to memory of 3968	4268	chrome.exe	89
PID 4268 wrote to memory of 3968	4268	chrome.exe	89
PID 4268 wrote to memory of 3968	4268	chrome.exe	89
PID 4268 wrote to memory of 3968	4268	chrome.exe	89
PID 4268 wrote to memory of 3968	4268	chrome.exe	89
PID 4268 wrote to memory of 3968	4268	chrome.exe	89
PID 4268 wrote to memory of 3968	4268	chrome.exe	89
PID 4268 wrote to memory of 3968	4268	chrome.exe	89
PID 4268 wrote to memory of 3968	4268	chrome.exe	89
PID 4268 wrote to memory of 3968	4268	chrome.exe	89
PID 4268 wrote to memory of 3968	4268	chrome.exe	89
PID 4268 wrote to memory of 3968	4268	chrome.exe	89
PID 4268 wrote to memory of 3968	4268	chrome.exe	89
PID 4268 wrote to memory of 3968	4268	chrome.exe	89
PID 4268 wrote to memory of 3968	4268	chrome.exe	89
PID 4268 wrote to memory of 3968	4268	chrome.exe	89
PID 4268 wrote to memory of 3968	4268	chrome.exe	89
PID 4268 wrote to memory of 3968	4268	chrome.exe	89
PID 4268 wrote to memory of 3968	4268	chrome.exe	89
PID 4268 wrote to memory of 3968	4268	chrome.exe	89
PID 4268 wrote to memory of 3968	4268	chrome.exe	89
PID 4268 wrote to memory of 3968	4268	chrome.exe	89
PID 4268 wrote to memory of 3968	4268	chrome.exe	89
PID 4268 wrote to memory of 3968	4268	chrome.exe	89
PID 4268 wrote to memory of 3968	4268	chrome.exe	89
PID 4268 wrote to memory of 2248	4268	chrome.exe	90
PID 4268 wrote to memory of 2248	4268	chrome.exe	90
PID 4268 wrote to memory of 3448	4268	chrome.exe	91
PID 4268 wrote to memory of 3448	4268	chrome.exe	91
PID 4268 wrote to memory of 3448	4268	chrome.exe	91
PID 4268 wrote to memory of 3448	4268	chrome.exe	91
PID 4268 wrote to memory of 3448	4268	chrome.exe	91
PID 4268 wrote to memory of 3448	4268	chrome.exe	91
PID 4268 wrote to memory of 3448	4268	chrome.exe	91
PID 4268 wrote to memory of 3448	4268	chrome.exe	91
PID 4268 wrote to memory of 3448	4268	chrome.exe	91
PID 4268 wrote to memory of 3448	4268	chrome.exe	91
PID 4268 wrote to memory of 3448	4268	chrome.exe	91
PID 4268 wrote to memory of 3448	4268	chrome.exe	91
PID 4268 wrote to memory of 3448	4268	chrome.exe	91
PID 4268 wrote to memory of 3448	4268	chrome.exe	91
PID 4268 wrote to memory of 3448	4268	chrome.exe	91
PID 4268 wrote to memory of 3448	4268	chrome.exe	91
PID 4268 wrote to memory of 3448	4268	chrome.exe	91
PID 4268 wrote to memory of 3448	4268	chrome.exe	91
PID 4268 wrote to memory of 3448	4268	chrome.exe	91
PID 4268 wrote to memory of 3448	4268	chrome.exe	91
PID 4268 wrote to memory of 3448	4268	chrome.exe	91
PID 4268 wrote to memory of 3448	4268	chrome.exe	91
PID 4268 wrote to memory of 3448	4268	chrome.exe	91
PID 4268 wrote to memory of 3448	4268	chrome.exe	91
PID 4268 wrote to memory of 3448	4268	chrome.exe	91
PID 4268 wrote to memory of 3448	4268	chrome.exe	91
PID 4268 wrote to memory of 3448	4268	chrome.exe	91
PID 4268 wrote to memory of 3448	4268	chrome.exe	91
PID 4268 wrote to memory of 3448	4268	chrome.exe	91

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\VLC media player.lnk"
1⤵
PID:1016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd1757ab58,0x7ffd1757ab68,0x7ffd1757ab78
  2⤵
  PID:3884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=512 --field-trial-handle=1928,i,8960584766178552296,15934238627308468315,131072 /prefetch:2
  2⤵
  PID:3968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1928,i,8960584766178552296,15934238627308468315,131072 /prefetch:8
  2⤵
  PID:2248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2232 --field-trial-handle=1928,i,8960584766178552296,15934238627308468315,131072 /prefetch:8
  2⤵
  PID:3448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3088 --field-trial-handle=1928,i,8960584766178552296,15934238627308468315,131072 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3096 --field-trial-handle=1928,i,8960584766178552296,15934238627308468315,131072 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4360 --field-trial-handle=1928,i,8960584766178552296,15934238627308468315,131072 /prefetch:1
  2⤵
  PID:1840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4364 --field-trial-handle=1928,i,8960584766178552296,15934238627308468315,131072 /prefetch:8
  2⤵
  PID:1184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4652 --field-trial-handle=1928,i,8960584766178552296,15934238627308468315,131072 /prefetch:8
  2⤵
  PID:4312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 --field-trial-handle=1928,i,8960584766178552296,15934238627308468315,131072 /prefetch:8
  2⤵
  PID:1648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5004 --field-trial-handle=1928,i,8960584766178552296,15934238627308468315,131072 /prefetch:8
  2⤵
  PID:3436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3600 --field-trial-handle=1928,i,8960584766178552296,15934238627308468315,131072 /prefetch:8
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5108 --field-trial-handle=1928,i,8960584766178552296,15934238627308468315,131072 /prefetch:1
  2⤵
  PID:1196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2488 --field-trial-handle=1928,i,8960584766178552296,15934238627308468315,131072 /prefetch:8
  2⤵
  PID:2004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1564 --field-trial-handle=1928,i,8960584766178552296,15934238627308468315,131072 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4336 --field-trial-handle=1928,i,8960584766178552296,15934238627308468315,131072 /prefetch:1
  2⤵
  PID:964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4548 --field-trial-handle=1928,i,8960584766178552296,15934238627308468315,131072 /prefetch:1
  2⤵
  PID:1616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4940 --field-trial-handle=1928,i,8960584766178552296,15934238627308468315,131072 /prefetch:1
  2⤵
  PID:8
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 --field-trial-handle=1928,i,8960584766178552296,15934238627308468315,131072 /prefetch:8
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5636 --field-trial-handle=1928,i,8960584766178552296,15934238627308468315,131072 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5836 --field-trial-handle=1928,i,8960584766178552296,15934238627308468315,131072 /prefetch:1
  2⤵
  PID:2304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6000 --field-trial-handle=1928,i,8960584766178552296,15934238627308468315,131072 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3488 --field-trial-handle=1928,i,8960584766178552296,15934238627308468315,131072 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 --field-trial-handle=1928,i,8960584766178552296,15934238627308468315,131072 /prefetch:8
  2⤵
  PID:2580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6116 --field-trial-handle=1928,i,8960584766178552296,15934238627308468315,131072 /prefetch:1
  2⤵
  PID:2072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5684 --field-trial-handle=1928,i,8960584766178552296,15934238627308468315,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=3492 --field-trial-handle=1928,i,8960584766178552296,15934238627308468315,131072 /prefetch:1
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=1888 --field-trial-handle=1928,i,8960584766178552296,15934238627308468315,131072 /prefetch:1
  2⤵
  PID:368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=1232 --field-trial-handle=1928,i,8960584766178552296,15934238627308468315,131072 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6088 --field-trial-handle=1928,i,8960584766178552296,15934238627308468315,131072 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=6000 --field-trial-handle=1928,i,8960584766178552296,15934238627308468315,131072 /prefetch:1
  2⤵
  PID:912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6032 --field-trial-handle=1928,i,8960584766178552296,15934238627308468315,131072 /prefetch:8
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 --field-trial-handle=1928,i,8960584766178552296,15934238627308468315,131072 /prefetch:8
  2⤵
  PID:1432

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:384

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2fc 0x320
1⤵
PID:4416

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:212

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\test\Readme.txt
1⤵
- Opens file in notepad (likely ransom note)
- Suspicious use of FindShellTrayWindow
PID:3652

C:\Users\Admin\Desktop\test\zubto6qwzu5g.exe
"C:\Users\Admin\Desktop\test\zubto6qwzu5g.exe"
1⤵
PID:532

C:\Users\Admin\Desktop\test\zubto6qwzu5g.exe
"C:\Users\Admin\Desktop\test\zubto6qwzu5g.exe"
1⤵
PID:2868

C:\Users\Admin\Desktop\test\zubto6qwzu5g.exe
"C:\Users\Admin\Desktop\test\zubto6qwzu5g.exe"
1⤵
PID:1732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\51b2760d-aac3-40c8-9ea7-99de50afd656.tmp

Filesize
7KB

MD5
8beda55f198047b46b32c62c4358b384

SHA1
85b4cc1597475cd29f0cf741a3a081b9df9bffff

SHA256
7554fed618b8cdb93a4a868e208ffbd492526d7af8a17dcf694802af369c640c

SHA512
70d81c777c185d677bee2460289bd46c0d37783e9fa347b19b32db92eaceb6e8b351c70cdd5d9fc2194482f9a3aa3acdec48abe1d326f641988f47a6b3dac211

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
1024KB

MD5
2f80f3370bd62afe4ffc164f50e56aee

SHA1
532bff0ac181f9ddc63409c3ecae55b68ae4a459

SHA256
cd65bbe2682bccc2d1672f9ad06b5ecce49228de350b04ce3a5a7eeb5b2c1a9c

SHA512
df5ac981df20d2e6671b16c5954f50d0975d1337abd1435a5e5ce34bd54806e99a9bda66235e1a3cc0446c81395908e5ebbf8b1507e183ae3d8675af1f5e7051

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
1024KB

MD5
83732ab0b0a5d1f9f7841dd0d3f9e263

SHA1
97cdb043348be658d98d89f37c3753395e035654

SHA256
6b0240dc3cea2f22ec08c62042817d9dff2539dfe8c96c58d8e885ca97e56b8f

SHA512
82be2cb914f3c46289a499fec9cef21c0748c01ac9d0924e77e6786355354b3b8e9d0a502fe1b112c244e91f3be67090ffc9918bf275b10edb7d70db94eee08a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
27KB

MD5
bffb059f66bf71c890cc5b5ae438989a

SHA1
e13ab1e1accbf64e3e430f02f7c10ae09d413ac4

SHA256
3a87dbcf5afda3daf93b5be8979affc5ed1a14c1050e004cf4c8897f2d96bd64

SHA512
cc7a0e52bc9278d4e69923eb6ead9da450144797c5aec7bb479cd68203221320341e271f2be120d7fabd6b8a9d0ecfe48c870c7eb18fe687d96dbb20ede9488a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
888B

MD5
65190b0c1fb1fbde16935d1ff81b4404

SHA1
da1305a6f92d22e18b50e0a322c9fd0cc9e59858

SHA256
776c7605878a6f490a817bd0eeb0ded5a0b73a6550fc6f5ea65b06d254dcbaac

SHA512
65f37d8a2478a67880cd6ce381c085dfecf2c00f4054207352bcdcf9fbeafd780fb9dda39f1700603c8f68fc9c9af315aece90b9eb008e3211d38ab5ed57e8e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
caa01f8151ee04d6c152c6fcd2501809

SHA1
d6574293f9e2b4713333cce7f9a98cba9948153e

SHA256
db4cfac6cd565185f7f0d744dfd44f3be8809e7c32824a138d4176c0f4372f88

SHA512
edc2e6b9674423bd8a46da9cb01d196177272d67a36ce32de3d1904accf4f1afe0a056f8b2bb3d2880705caf7fa6e13b8dfb5421f6602c619999f9f228607de0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
6df67181e88241a63a6f4a488426065c

SHA1
9c31b0e7cccb59e89e03b0b2076f30df518ccac7

SHA256
6dd8d2bd789ac64af9cb59fc6d26587fa136fce35abf09e741b9140bd4cb5ff0

SHA512
b2c84086f1950af769eef2fbf666535d01faeb71b04bfd20f120bdcc9464fc2f8a95a3c657cde5356acc741582483f9267decb340ec5adb3226e0635ed513d59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
11KB

MD5
de66ff00a2938c0a8a857777da74c222

SHA1
b1bcc89bbf595443562f38577eb3c793f3340cfc

SHA256
81e799db040849a6254221b62b20fc509dd5b3ebd6b5031b40d62f543cdd39eb

SHA512
9ff607a47fc27d4cb02ad9c7369cbc3846a38d5a610af0bef0d8f1778b62564fb59e979854d0ed3a9b2505ab3c3709957c21eecaa7d0627910094ccdace2c262

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
e3a00418219f5ee5178e7c78295b5553

SHA1
e875591891bc447673c3ee5695b2a50e00267e89

SHA256
5dcaf4a191ba679c1c4206b74aee2db43e565efa0c4ad7c7d3752336588fdc2f

SHA512
b5e95e5e304e281a8d05ded7636860ee872f4a079e5859fc02cd82e47503dc4658e1e5f2a4ea5128a27479f7a2685b347fa2ef080e98cd653ab2496f1febe4f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
46ba50e92c0daff43443ddb49ea2efa6

SHA1
98a037c7d00fd17ac5d303fd68610e857f8d805a

SHA256
2e4ca478d7f98a3da3976b18e80b81c538e34722a24be7603a67cab4dc7a26bd

SHA512
c582d95e1c5bdaa5ce85006b3d21f80fe4402937a428fe8ce9623ee2d28af95c89c12fb889b61ec64a3aee78e89da180345c0053d932f4d91dd46e5d25818424

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4a22864bef3de2df5ee80a799a8f0a2b

SHA1
fa4f94c6633335ec31c60ecf38e69fbe85eb81f7

SHA256
f1d2aa338cb26002b6f0a743d0be7f1a65edf9e6bfe67617b5731e64b4a92c3c

SHA512
fd289a6b58ef7fa08580abbdf9620635d5a62f80712d40176a14e78dd7948c55b1f074e3f7d3f48d22cb2c1be6eae330f6b1a1b6af5adad6e3dc7dc3d37d4fe0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
aeac3137472d6f8d08a60d54c25297c9

SHA1
4ffffaa0d6c50bd47a8a94c69d623005d5f346cb

SHA256
fd4c8d7e49df85dad7829b16ada6d40ea0ee9a1391d0fd97d1d6d728f7aa6fd8

SHA512
20f55f2ac22746a5878436dc0d5e7532b61a99c48e6f1951919dae72333a51a3d95a8404514b86bd2dcfec61a13bf07e7f2b4d8d9d84ae660ed25d140d8ce999

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
9ebf825f4a9951fcc7739dad2ade6d77

SHA1
eac2525e88d97e8167b352f0fcc6bdd89765fd34

SHA256
6c778fbd5dd93f7867c29f8f6000b4d36957336298aef4ed82ec36b7e7af2c50

SHA512
5a4eccc6ec616ad043f96a2ff2eb5421302d0c66f51b275d09c7abc6bc47316f0825112b0b2b05d827c85ea3e660cfe9cd89c307b5d0942325b10fa52da8e193

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
47618c4f1a86a0046355cd3d7d5b41e3

SHA1
164cbb734ef516f2baefe54e6f09370a3308fa05

SHA256
68bac30d006a816c57f3861779d43d5c19e115319184b0f5d5cf286acdc3e3ca

SHA512
a878a090f156558133adcb7d7ae7ac98b3092abaedcef84edff5fe6d2ca45d22242aee97b4bf3bd5dc6dd439d5a2c7726c1a9e9304b0ae17b94a14c18a395dfd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
4fd655e179717bdfa28818ff81e5da2a

SHA1
b62c68175f23aecc37ec4ef54e6c1691ad4fabbf

SHA256
458086e1038c5d9c428741081f4b055b657f93e7814898d8b0aab30a53ee0f17

SHA512
54fd1944d2a1b54a487cdfac5b3c47f7540c528d23bd7353254e421ec6d770ac33bed807f4cb172ffedebbf893f86d25cee09f5e545fc50606e825457819c4ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
351b9d15020ce8fc325ee67459c37dc9

SHA1
4bf4b965ea18019039f614bf5614db23c99c35c3

SHA256
21dfa9a52f46c1a8858cd3ee9b7b8cdc176a190608524a4bbd41292966ef9344

SHA512
670c8a144421954ebdcd937ab67aab8cf9f50bb72cafa07252fd0ba58c4a8e9d3fde0387b1e74c69957a19821d3af23bc4f8e61a493de69ca261647d50385a4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e0cc86c543e90c4aa5f5fb63414221f4

SHA1
f68f56b09acf3e5d439b4938efeb67ec0c7fad53

SHA256
6468c5c6aba28019ef19cafb04726fc6561e99ae9b94be4d7d1e242da4a77e0f

SHA512
f0684a1ef211e7cd961047bd0eaf988586b94eb5d003633631af44300be055e60f64b3f3b4c1dc1f2ef7298b8b60a92672d933e6c102bf5a52acabd4f4afa02a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
fa9c2d74cfaaa984853c961a4d415833

SHA1
057c275a72d868aab9dc6709f0db5a3e4398ea5c

SHA256
e0c768bf12f2d45d42d26f77d5bdba97baffff6a4c7b48b27f94d8e1892b684a

SHA512
427d73ef0ab35664e6efcb41fbd32fe6235fb18ca08d67bd55c791124b76378a421cacb7ac329f3e9b97801f11913370b3e7814e97c08bce72cad7e81b396ea2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
45475aac945af6e312c895804e532c04

SHA1
4c84f8cf1a4e6b3e07d68bf7e757711097dfbad2

SHA256
e3e920725186e08052b675ae6de0ad0e53d1ac0179d0d52fb820c1c5d93ae795

SHA512
4218a86bd9e91817262e1d29522328d5f4527cc9afae8c53fefb0f30b48116986efe8148c2ffb951855fd12cf062f92cde2d08610a41a397e05799a0f1ade317

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f17ed65abc88c10527583ff2b713f222

SHA1
3fbabbef708397bb6a7392ad4c0e396ad85d0256

SHA256
f30eedd244f991e59297bcabff53f90216e98ffab03a0308bfbc4703d7878937

SHA512
95c2810919da46f12310600797aec1496926405020baae1c7be5e12a4c9cc65642b7a058ca5eb152e6b3ecf7f71e5e7fe61d82531960372136c9a0bcea436364

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9c3e248a5ccea477f2d6c4faad995d53

SHA1
d74d2b9e84eaa1074fc7d2c96a7764f10c6509e5

SHA256
60a3d0a35cae4c1d77a7f67eaf9c2dfd3afa83f5e10dbab3669e0b6e674f59ed

SHA512
61a117248902d8b638b04fd9347619d505868c4838fd90df1ced0aaccadc70581dce865252bb4d7cd619a7556c53648920188bfaa5332d714f84bab9dad53558

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
dd7ef856985730cd31243af149354369

SHA1
b070a8a147c604397d5a982a20eb3bf944adc2f7

SHA256
1c488b8107084fe34e5ddaef05f24735f1244222a03bb429cb8b4fe4576a9d5f

SHA512
2f894b5dd52f05e79b8828ba465f428e1827aab0750f30a7165d648639b2b94dd7ae15e9c88e0e61b164c06c1955d7dea74d6c2fb9cbebfe18cd4a6b8067363c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
6bfb58fa21200d0ba3b5f43d02cc18af

SHA1
16e982037e7a51d22daf2fc2035f921339664ead

SHA256
68f234e4b81924a20a8eacab0aa9364877561fa46bb973870926fc74222ff814

SHA512
be5379c8b4035865a41097b7e04dd2410ec71b584ad2e8608c52bef4de6eb6a6e4f632d7ac95fbe5442e3afa1a2fef41d8c85790fb4d66bd77a635325ec86c2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
f5bb9f5045ff69f777bf6eb315b26913

SHA1
a4649c942898999c774ea6ab7356828d66796cd4

SHA256
2117546ef18967c3638010a7dfdf9c794a48aea481af11472c964c3f82de2b8b

SHA512
1e7c50673061be61423b7e31d905d789de072fa699501e1a173b07d322eb90c67f0d10ab8b0e09ab43b9b956566b0b221acbd52782358be6f3ca2de1f6bf5eb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
20089bbd62f765462f393a365048cd1b

SHA1
53927eaa547951b05b7a02c14a3869eeb9d7248d

SHA256
23eab01dc0f6d2b2d4dbd2f1f292c7b92d6ede15d14c67feeb5a75df89765020

SHA512
63a57297d5729e2dc31503672374e7d55f5a65e123f9a59b8b3fe472a70638630af431ab7897055fa54120fd12f897125711cc9d117a2ec659f6315bfe03c9cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
0e0543e3223eb0d59e46c751520e5f92

SHA1
55457b1a4bea3aa40805c695466a10caab32b8f4

SHA256
793464babd10234b042ace5cf9771393447704a204428f44ca7a5bae54bedb37

SHA512
4dd5dd82c02975643d701cfd1f352000a81b264615e282e23c1a31f1459518fd8cd201b673ee5bb6410ee62698a6f4086538009a051f60d15fef77c12811d1ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
9db44f0c7408b75fe0666257a311009e

SHA1
26d6571700fc151634e7383d87fe35b8ba773c0c

SHA256
e934ad598f870408b60c7ad8fa3b652bf912189e8dd9bd42dcccca404c656246

SHA512
f0b3a7f69bbc72376ab17c36eb6ab752fa3d913076898fe87af21be02a00862ac289d1f93b19c346d38d635a8e09703e4636972b7b62eeebd2f02e7badf47a8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
97KB

MD5
489241345cc852ee39bfd45b6fdfaf3b

SHA1
635b215ad012ede1defc60c022f0e9c69ef00b7e

SHA256
9c4f43e4bb46c59d756b4faebb3fbca995791429e15b80c9c40dcdd61aedf665

SHA512
f19783a0248b390d0493bf7783f058a202c2ef101639ee6063595dbc313d8aeaa3beb605b0a13f1f612f00f3a6db13b49741cb06a09262859314f8c201184826

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
91KB

MD5
9be43cdd70800c1f758e22559f55c03d

SHA1
7f176a9638343a67f7ac162102195ceec0678762

SHA256
574a3cd46d32aebccfdab3a6df530baaa23e56870baceb0a8694c93ebd515068

SHA512
9f747f0054cd7961aca991535a237bfd2555f2d9fd09b2fc9abc249de44a94798cd67557226947433ede4893eb3cd16d2cc44bc6218d49aca7874458db87f5c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe586f01.TMP

Filesize
88KB

MD5
21d2297c80a3d2136260ee5aab94cbf9

SHA1
41a61191c28965bb679845046c1ef86ac68ea8b1

SHA256
d5499e02e4d233f6cf7d7d1f800a1041e5656de2b68a9a2c06aa462f9f8516a5

SHA512
7de9723a1b762423fbd855fe3bd0764189d479bbf109c9c04f4b9ff3cfeb4a26c468ef39a51e37b66916d8c3f3695ec79ec53657b58326fda0747021808bf31b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
10KB

MD5
b47d65c680867a4c71ea760ecc545db0

SHA1
885f7ed294ad83b8bbd59244dcfc7dc32925c1a0

SHA256
4508b3a5f9a8c16dd31b93815eaedc5efac2908b07903a278eaa00bf46aa9682

SHA512
ec0c872651ff5d0d0e009942e4d733af778c153609f9617b8735c1650a1272e95d4f5d55a96cb951731bb96b650f37a5612d9922993cbe19d3a8d074e1ede19e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
12KB

MD5
8f5eb43a7525b2c9facbaac7579e5828

SHA1
d6f37a080c5e0314ecd9677a79f7aa49f7d34125

SHA256
326c287aa98f5e5f1688651ef910703a151d35ac1dd7dbc967df88e8cf9105ad

SHA512
8faa4cb279d08544fb18b35f11d723226ba8909082830cbb75e6bcad12d24b5cfd16bf3b897c614b0ed24055a37b430e9b816d2389c542a052e746169320d389

Download Submit
C:\Users\Admin\Downloads\test.zip.crdownload

Filesize
3.9MB

MD5
79fa06b8425a61a9ddfe9d647cce1ea6

SHA1
288f0cb96700a67a707213d2bc041336bff0bb7f

SHA256
288c1d5d64e1332b5c16194907256fa619b34eb4f576e707cd950f9f88e9a441

SHA512
02cc00f16fd260edf04662472d60044d59afbea67385280711c256433d810ce267df17eed59fd0b2e5d18aa91dfa263029a192a892ab2eda4c9e0d26002975fa

Download Submit
memory/532-765-0x00007FF737900000-0x00007FF738352000-memory.dmp

Filesize
10.3MB

Download