zgrat | decaab89b5d7945dc59b18f066f110abeeb15d524e51099c2576309f599eadce

Analysis

max time kernel
1184s
max time network
1179s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12-05-2024 18:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

rbxfpsunlocker-master/Source/procutil.js
Size

5KB
MD5

8fb70f08715462425f71d95fd2bf098c
SHA1

05287585bf86cde2ebaf2c13c8219dfc21b4c922
SHA256

c34bc37be9d6c6f2cf36d072cc7f7695d31939dc50ce8ee1b27ea904473c3639
SHA512

cae27be30b51b768a54ad70a30294e2f6608ff72d02dc5799614172d8576bc5e722f0d1a0f363c29684fb5396b0fce68f66c9fd0e32497b07ed677705d0dfaa0
SSDEEP

96:SNzr4K/nILApISLo9jz6QAd2JzNMeleub7It3:6zrv/AAp7QAd2Rlllb7e

Score

10^/10

zgrat discovery execution persistence ransomware rat spyware stealer

Malware Config

Signatures

Detect ZGRat V1 1 IoCs

resource	yara_rule
behavioral4/memory/1132-2124-0x00000181CA6F0000-0x00000181CA99E000-memory.dmp	family_zgrat_v1

ZGRat
ZGRat is remote access trojan written in C#.
rat zgrat
Downloads MZ/PE file

.NET Reactor proctector 1 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

resource	yara_rule
behavioral4/memory/1132-2124-0x00000181CA6F0000-0x00000181CA99E000-memory.dmp	net_reactor

Deletes itself 1 IoCs

pid	Process
1132	958ccd8e8dcce5e7bac5f891e8edc42ad6c5497d9385c8ae26c328c5f7beda24.exe

Drops startup file 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.CashRansomware	958ccd8e8dcce5e7bac5f891e8edc42ad6c5497d9385c8ae26c328c5f7beda24.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MVI6MT0qPLmQhQ6j.exe	958ccd8e8dcce5e7bac5f891e8edc42ad6c5497d9385c8ae26c328c5f7beda24.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MVI6MT0qPLmQhQ6j.exe	958ccd8e8dcce5e7bac5f891e8edc42ad6c5497d9385c8ae26c328c5f7beda24.exe

Executes dropped EXE 3 IoCs

pid	Process
1032	7z2404-x64.exe
3616	7zFM.exe
1132	958ccd8e8dcce5e7bac5f891e8edc42ad6c5497d9385c8ae26c328c5f7beda24.exe

Loads dropped DLL 2 IoCs

pid	Process
3520	Process not Found
3616	7zFM.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Registers COM server for autorun 1 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2404-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll"	7z2404-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2404-x64.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
265	camo.githubusercontent.com
266	raw.githubusercontent.com

Looks up external IP address via web service 7 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
381	icanhazip.com
383	ip-api.com
88	whatismyipaddress.com
89	whatismyipaddress.com
90	whatismyipaddress.com
378	api.ipify.org
379	api.ipify.org

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Cash.img"	958ccd8e8dcce5e7bac5f891e8edc42ad6c5497d9385c8ae26c328c5f7beda24.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ipsel.xml.CashRansomware	958ccd8e8dcce5e7bac5f891e8edc42ad6c5497d9385c8ae26c328c5f7beda24.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\tr-TR\tipresx.dll.mui.CashRansomware	958ccd8e8dcce5e7bac5f891e8edc42ad6c5497d9385c8ae26c328c5f7beda24.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gu.txt	7z2404-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tg.txt	7z2404-x64.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_jpn.xml.CashRansomware	958ccd8e8dcce5e7bac5f891e8edc42ad6c5497d9385c8ae26c328c5f7beda24.exe
File opened for modification	C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.CashRansomware	958ccd8e8dcce5e7bac5f891e8edc42ad6c5497d9385c8ae26c328c5f7beda24.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sv.txt	7z2404-x64.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll.CashRansomware	958ccd8e8dcce5e7bac5f891e8edc42ad6c5497d9385c8ae26c328c5f7beda24.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.et-ee.dll.CashRansomware	958ccd8e8dcce5e7bac5f891e8edc42ad6c5497d9385c8ae26c328c5f7beda24.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\es-ES\InkObj.dll.mui.CashRansomware	958ccd8e8dcce5e7bac5f891e8edc42ad6c5497d9385c8ae26c328c5f7beda24.exe
File opened for modification	C:\Program Files\7-Zip\Lang\br.txt	7z2404-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ja.txt	7z2404-x64.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\symbase.xml.CashRansomware	958ccd8e8dcce5e7bac5f891e8edc42ad6c5497d9385c8ae26c328c5f7beda24.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sk.txt	7z2404-x64.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fr-fr.dll.CashRansomware	958ccd8e8dcce5e7bac5f891e8edc42ad6c5497d9385c8ae26c328c5f7beda24.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\FrequentOfficeUpdateSchedule.xml.CashRansomware	958ccd8e8dcce5e7bac5f891e8edc42ad6c5497d9385c8ae26c328c5f7beda24.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe.CashRansomware	958ccd8e8dcce5e7bac5f891e8edc42ad6c5497d9385c8ae26c328c5f7beda24.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\Content.xml.CashRansomware	958ccd8e8dcce5e7bac5f891e8edc42ad6c5497d9385c8ae26c328c5f7beda24.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe.CashRansomware	958ccd8e8dcce5e7bac5f891e8edc42ad6c5497d9385c8ae26c328c5f7beda24.exe
File opened for modification	C:\Program Files\Common Files\System\msadc\msadds.dll.CashRansomware	958ccd8e8dcce5e7bac5f891e8edc42ad6c5497d9385c8ae26c328c5f7beda24.exe
File opened for modification	C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.CashRansomware	958ccd8e8dcce5e7bac5f891e8edc42ad6c5497d9385c8ae26c328c5f7beda24.exe
File opened for modification	C:\Program Files\7-Zip\Lang\id.txt	7z2404-x64.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.it-it.dll.CashRansomware	958ccd8e8dcce5e7bac5f891e8edc42ad6c5497d9385c8ae26c328c5f7beda24.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\tipskins.dll.CashRansomware	958ccd8e8dcce5e7bac5f891e8edc42ad6c5497d9385c8ae26c328c5f7beda24.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\it-IT\tabskb.dll.mui.CashRansomware	958ccd8e8dcce5e7bac5f891e8edc42ad6c5497d9385c8ae26c328c5f7beda24.exe
File opened for modification	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.CashRansomware	958ccd8e8dcce5e7bac5f891e8edc42ad6c5497d9385c8ae26c328c5f7beda24.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uz.txt	7z2404-x64.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.es-es.dll.CashRansomware	958ccd8e8dcce5e7bac5f891e8edc42ad6c5497d9385c8ae26c328c5f7beda24.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ipssrl.xml.CashRansomware	958ccd8e8dcce5e7bac5f891e8edc42ad6c5497d9385c8ae26c328c5f7beda24.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\rtscom.dll.mui.CashRansomware	958ccd8e8dcce5e7bac5f891e8edc42ad6c5497d9385c8ae26c328c5f7beda24.exe
File opened for modification	C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui.CashRansomware	958ccd8e8dcce5e7bac5f891e8edc42ad6c5497d9385c8ae26c328c5f7beda24.exe
File opened for modification	C:\Program Files\7-Zip\Lang\et.txt	7z2404-x64.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-pt.dll.CashRansomware	958ccd8e8dcce5e7bac5f891e8edc42ad6c5497d9385c8ae26c328c5f7beda24.exe
File opened for modification	C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.CashRansomware	958ccd8e8dcce5e7bac5f891e8edc42ad6c5497d9385c8ae26c328c5f7beda24.exe
File opened for modification	C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.CashRansomware	958ccd8e8dcce5e7bac5f891e8edc42ad6c5497d9385c8ae26c328c5f7beda24.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ko-KR\tipresx.dll.mui.CashRansomware	958ccd8e8dcce5e7bac5f891e8edc42ad6c5497d9385c8ae26c328c5f7beda24.exe
File opened for modification	C:\Program Files\Common Files\System\ado\msador15.dll.CashRansomware	958ccd8e8dcce5e7bac5f891e8edc42ad6c5497d9385c8ae26c328c5f7beda24.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-phonetic.xml.CashRansomware	958ccd8e8dcce5e7bac5f891e8edc42ad6c5497d9385c8ae26c328c5f7beda24.exe
File opened for modification	C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui.CashRansomware	958ccd8e8dcce5e7bac5f891e8edc42ad6c5497d9385c8ae26c328c5f7beda24.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hi.txt	7z2404-x64.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ja-jp.dll.CashRansomware	958ccd8e8dcce5e7bac5f891e8edc42ad6c5497d9385c8ae26c328c5f7beda24.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVCatalog.dll.CashRansomware	958ccd8e8dcce5e7bac5f891e8edc42ad6c5497d9385c8ae26c328c5f7beda24.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad.xml.CashRansomware	958ccd8e8dcce5e7bac5f891e8edc42ad6c5497d9385c8ae26c328c5f7beda24.exe
File opened for modification	C:\Program Files\7-Zip\Lang\cs.txt	7z2404-x64.exe
File opened for modification	C:\Program Files\7-Zip\7z.dll	7z2404-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hr.txt	7z2404-x64.exe
File opened for modification	C:\Program Files\Common Files\System\msadc\msdaprst.dll.CashRansomware	958ccd8e8dcce5e7bac5f891e8edc42ad6c5497d9385c8ae26c328c5f7beda24.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.CashRansomware	958ccd8e8dcce5e7bac5f891e8edc42ad6c5497d9385c8ae26c328c5f7beda24.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll.CashRansomware	958ccd8e8dcce5e7bac5f891e8edc42ad6c5497d9385c8ae26c328c5f7beda24.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad.xml.CashRansomware	958ccd8e8dcce5e7bac5f891e8edc42ad6c5497d9385c8ae26c328c5f7beda24.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ipstr.xml.CashRansomware	958ccd8e8dcce5e7bac5f891e8edc42ad6c5497d9385c8ae26c328c5f7beda24.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\tpcps.dll.CashRansomware	958ccd8e8dcce5e7bac5f891e8edc42ad6c5497d9385c8ae26c328c5f7beda24.exe
File opened for modification	C:\Program Files\7-Zip\Lang\de.txt	7z2404-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uz-cyrl.txt	7z2404-x64.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe.CashRansomware	958ccd8e8dcce5e7bac5f891e8edc42ad6c5497d9385c8ae26c328c5f7beda24.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ipsnld.xml.CashRansomware	958ccd8e8dcce5e7bac5f891e8edc42ad6c5497d9385c8ae26c328c5f7beda24.exe
File opened for modification	C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui.CashRansomware	958ccd8e8dcce5e7bac5f891e8edc42ad6c5497d9385c8ae26c328c5f7beda24.exe
File opened for modification	C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.CashRansomware	958ccd8e8dcce5e7bac5f891e8edc42ad6c5497d9385c8ae26c328c5f7beda24.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-conio-l1-1-0.dll.CashRansomware	958ccd8e8dcce5e7bac5f891e8edc42ad6c5497d9385c8ae26c328c5f7beda24.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\ApiClient.dll.CashRansomware	958ccd8e8dcce5e7bac5f891e8edc42ad6c5497d9385c8ae26c328c5f7beda24.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-environment-l1-1-0.dll.CashRansomware	958ccd8e8dcce5e7bac5f891e8edc42ad6c5497d9385c8ae26c328c5f7beda24.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\kor-kor.xml.CashRansomware	958ccd8e8dcce5e7bac5f891e8edc42ad6c5497d9385c8ae26c328c5f7beda24.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\it-IT\rtscom.dll.mui.CashRansomware	958ccd8e8dcce5e7bac5f891e8edc42ad6c5497d9385c8ae26c328c5f7beda24.exe
File opened for modification	C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui.CashRansomware	958ccd8e8dcce5e7bac5f891e8edc42ad6c5497d9385c8ae26c328c5f7beda24.exe

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{05D9B6B9-108D-11EF-B8C0-C2BABBD8D0A3} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e07fffda99a4da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b2e58ab8bf361247b7301f68e304ddb200000000020000000000106600000001000020000000f4cf9344da3cada99ad6e5cd25720f68357fd832f1c2313d21e365498ce1706b000000000e8000000002000020000000151cec0b8f66468bda31c3a6e6112e9cede787c75326bdaa253154e12d67aeb920000000e12fdef119285c612c02dbea2db71455b0b06125d0af62d04d5ce30735ba2abe400000008232b2421f4c44c411108917509a578d0c4ef0e4bcb6645360d17604e4b580e21fac99c2e032759cd8684c7acd05dbf352baef0f10eab0a924a0b271d99c3411	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b2e58ab8bf361247b7301f68e304ddb2000000000200000000001066000000010000200000004c2aae76fc5835fa5dd7ec06d5a03c733206d66eeadcb4d297e65716f581f6c8000000000e80000000020000200000001aef30cb645b57e064b553d62eef5c97d4fbf64e66c8d412206672fb25b57d21200000002f9c7e30ddd1042540429c7a939b936fe83318e2d801d0ef359e076bcb479f6e40000000b2984822a3d1b97be9b51e19abe05f293d38a3e4aeb23a8a160842966aad1a42e3b14db75cb4f82fa8be69cbd0351b2c7d5b3f46253c7ed372330ba92bbfb490	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 007bf8da99a4da01	iexplore.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133600118302525807"	chrome.exe

Modifies registry class 42 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\.cpp	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\䉹ɶ\ = "cpp_auto_file"	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\ヨ㠺翹\ = "cpp_auto_file"	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\訦黝꼀蠀歨噃翹\ = "cpp_auto_file"	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip	7z2404-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2404-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\ヨ㠺翹	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\\ = "cpp_auto_file"	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\cpp_auto_file\shell\edit\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\cpp_auto_file\shell\open	OpenWith.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2404-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2404-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2404-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll"	7z2404-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2404-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip	7z2404-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\cpp_auto_file\shell\open\command	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2404-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll"	7z2404-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2404-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2404-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip	7z2404-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip	7z2404-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\䉹ɶ	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\訦黝꼀蠀歨噃翹	OpenWith.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2404-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2404-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2404-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2404-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\奸噃翹	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2404-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip	7z2404-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\cpp_auto_file	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\奸噃翹\ = "cpp_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\cpp_auto_file\shell\edit\command	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\cpp_auto_file\shell\open\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\.cpp\ = "cpp_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\cpp_auto_file\shell\edit	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\cpp_auto_file\shell	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1920	chrome.exe
1920	chrome.exe
1756	chrome.exe
1756	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3616	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 35 IoCs

pid	Process
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeCreatePagefilePrivilege	1920	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
2872	iexplore.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe

Suspicious use of SendNotifyMessage 34 IoCs

pid	Process
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe

Suspicious use of SetWindowsHookEx 15 IoCs

pid	Process
2872	iexplore.exe
2872	iexplore.exe
2184	IEXPLORE.EXE
2184	IEXPLORE.EXE
3100	OpenWith.exe
3100	OpenWith.exe
3100	OpenWith.exe
3100	OpenWith.exe
3100	OpenWith.exe
3100	OpenWith.exe
3100	OpenWith.exe
3100	OpenWith.exe
3100	OpenWith.exe
3100	OpenWith.exe
3100	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1920 wrote to memory of 2808	1920	chrome.exe	104
PID 1920 wrote to memory of 2808	1920	chrome.exe	104
PID 1920 wrote to memory of 4860	1920	chrome.exe	105
PID 1920 wrote to memory of 4860	1920	chrome.exe	105
PID 1920 wrote to memory of 4860	1920	chrome.exe	105
PID 1920 wrote to memory of 4860	1920	chrome.exe	105
PID 1920 wrote to memory of 4860	1920	chrome.exe	105
PID 1920 wrote to memory of 4860	1920	chrome.exe	105
PID 1920 wrote to memory of 4860	1920	chrome.exe	105
PID 1920 wrote to memory of 4860	1920	chrome.exe	105
PID 1920 wrote to memory of 4860	1920	chrome.exe	105
PID 1920 wrote to memory of 4860	1920	chrome.exe	105
PID 1920 wrote to memory of 4860	1920	chrome.exe	105
PID 1920 wrote to memory of 4860	1920	chrome.exe	105
PID 1920 wrote to memory of 4860	1920	chrome.exe	105
PID 1920 wrote to memory of 4860	1920	chrome.exe	105
PID 1920 wrote to memory of 4860	1920	chrome.exe	105
PID 1920 wrote to memory of 4860	1920	chrome.exe	105
PID 1920 wrote to memory of 4860	1920	chrome.exe	105
PID 1920 wrote to memory of 4860	1920	chrome.exe	105
PID 1920 wrote to memory of 4860	1920	chrome.exe	105
PID 1920 wrote to memory of 4860	1920	chrome.exe	105
PID 1920 wrote to memory of 4860	1920	chrome.exe	105
PID 1920 wrote to memory of 4860	1920	chrome.exe	105
PID 1920 wrote to memory of 4860	1920	chrome.exe	105
PID 1920 wrote to memory of 4860	1920	chrome.exe	105
PID 1920 wrote to memory of 4860	1920	chrome.exe	105
PID 1920 wrote to memory of 4860	1920	chrome.exe	105
PID 1920 wrote to memory of 4860	1920	chrome.exe	105
PID 1920 wrote to memory of 4860	1920	chrome.exe	105
PID 1920 wrote to memory of 4860	1920	chrome.exe	105
PID 1920 wrote to memory of 4860	1920	chrome.exe	105
PID 1920 wrote to memory of 4860	1920	chrome.exe	105
PID 1920 wrote to memory of 2108	1920	chrome.exe	106
PID 1920 wrote to memory of 2108	1920	chrome.exe	106
PID 1920 wrote to memory of 3624	1920	chrome.exe	107
PID 1920 wrote to memory of 3624	1920	chrome.exe	107
PID 1920 wrote to memory of 3624	1920	chrome.exe	107
PID 1920 wrote to memory of 3624	1920	chrome.exe	107
PID 1920 wrote to memory of 3624	1920	chrome.exe	107
PID 1920 wrote to memory of 3624	1920	chrome.exe	107
PID 1920 wrote to memory of 3624	1920	chrome.exe	107
PID 1920 wrote to memory of 3624	1920	chrome.exe	107
PID 1920 wrote to memory of 3624	1920	chrome.exe	107
PID 1920 wrote to memory of 3624	1920	chrome.exe	107
PID 1920 wrote to memory of 3624	1920	chrome.exe	107
PID 1920 wrote to memory of 3624	1920	chrome.exe	107
PID 1920 wrote to memory of 3624	1920	chrome.exe	107
PID 1920 wrote to memory of 3624	1920	chrome.exe	107
PID 1920 wrote to memory of 3624	1920	chrome.exe	107
PID 1920 wrote to memory of 3624	1920	chrome.exe	107
PID 1920 wrote to memory of 3624	1920	chrome.exe	107
PID 1920 wrote to memory of 3624	1920	chrome.exe	107
PID 1920 wrote to memory of 3624	1920	chrome.exe	107
PID 1920 wrote to memory of 3624	1920	chrome.exe	107
PID 1920 wrote to memory of 3624	1920	chrome.exe	107
PID 1920 wrote to memory of 3624	1920	chrome.exe	107
PID 1920 wrote to memory of 3624	1920	chrome.exe	107
PID 1920 wrote to memory of 3624	1920	chrome.exe	107
PID 1920 wrote to memory of 3624	1920	chrome.exe	107
PID 1920 wrote to memory of 3624	1920	chrome.exe	107
PID 1920 wrote to memory of 3624	1920	chrome.exe	107
PID 1920 wrote to memory of 3624	1920	chrome.exe	107
PID 1920 wrote to memory of 3624	1920	chrome.exe	107

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker-master\Source\procutil.js
1⤵
PID:2360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4036,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=1960 /prefetch:8
1⤵
PID:4700

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9496eab58,0x7ff9496eab68,0x7ff9496eab78
  2⤵
  PID:2808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 --field-trial-handle=1916,i,11801888205197537930,16625506016290294897,131072 /prefetch:2
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1916,i,11801888205197537930,16625506016290294897,131072 /prefetch:8
  2⤵
  PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2248 --field-trial-handle=1916,i,11801888205197537930,16625506016290294897,131072 /prefetch:8
  2⤵
  PID:3624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3056 --field-trial-handle=1916,i,11801888205197537930,16625506016290294897,131072 /prefetch:1
  2⤵
  PID:3704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3064 --field-trial-handle=1916,i,11801888205197537930,16625506016290294897,131072 /prefetch:1
  2⤵
  PID:4304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4372 --field-trial-handle=1916,i,11801888205197537930,16625506016290294897,131072 /prefetch:1
  2⤵
  PID:1352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4636 --field-trial-handle=1916,i,11801888205197537930,16625506016290294897,131072 /prefetch:8
  2⤵
  PID:1376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4776 --field-trial-handle=1916,i,11801888205197537930,16625506016290294897,131072 /prefetch:8
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4508 --field-trial-handle=1916,i,11801888205197537930,16625506016290294897,131072 /prefetch:8
  2⤵
  PID:3540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4816 --field-trial-handle=1916,i,11801888205197537930,16625506016290294897,131072 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4324 --field-trial-handle=1916,i,11801888205197537930,16625506016290294897,131072 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1092 --field-trial-handle=1916,i,11801888205197537930,16625506016290294897,131072 /prefetch:1
  2⤵
  PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3620 --field-trial-handle=1916,i,11801888205197537930,16625506016290294897,131072 /prefetch:1
  2⤵
  PID:1156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3312 --field-trial-handle=1916,i,11801888205197537930,16625506016290294897,131072 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3176 --field-trial-handle=1916,i,11801888205197537930,16625506016290294897,131072 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4544 --field-trial-handle=1916,i,11801888205197537930,16625506016290294897,131072 /prefetch:8
  2⤵
  PID:4144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5000 --field-trial-handle=1916,i,11801888205197537930,16625506016290294897,131072 /prefetch:8
  2⤵
  PID:3920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5184 --field-trial-handle=1916,i,11801888205197537930,16625506016290294897,131072 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3184 --field-trial-handle=1916,i,11801888205197537930,16625506016290294897,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4420 --field-trial-handle=1916,i,11801888205197537930,16625506016290294897,131072 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=1640 --field-trial-handle=1916,i,11801888205197537930,16625506016290294897,131072 /prefetch:1
  2⤵
  PID:536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5008 --field-trial-handle=1916,i,11801888205197537930,16625506016290294897,131072 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4648 --field-trial-handle=1916,i,11801888205197537930,16625506016290294897,131072 /prefetch:1
  2⤵
  PID:2996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=3204 --field-trial-handle=1916,i,11801888205197537930,16625506016290294897,131072 /prefetch:1
  2⤵
  PID:676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5188 --field-trial-handle=1916,i,11801888205197537930,16625506016290294897,131072 /prefetch:1
  2⤵
  PID:2600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=2620 --field-trial-handle=1916,i,11801888205197537930,16625506016290294897,131072 /prefetch:1
  2⤵
  PID:4144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=4460 --field-trial-handle=1916,i,11801888205197537930,16625506016290294897,131072 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=4540 --field-trial-handle=1916,i,11801888205197537930,16625506016290294897,131072 /prefetch:1
  2⤵
  PID:1376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=3232 --field-trial-handle=1916,i,11801888205197537930,16625506016290294897,131072 /prefetch:1
  2⤵
  PID:2684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=4676 --field-trial-handle=1916,i,11801888205197537930,16625506016290294897,131072 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5196 --field-trial-handle=1916,i,11801888205197537930,16625506016290294897,131072 /prefetch:1
  2⤵
  PID:3768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=5112 --field-trial-handle=1916,i,11801888205197537930,16625506016290294897,131072 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=4448 --field-trial-handle=1916,i,11801888205197537930,16625506016290294897,131072 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3220 --field-trial-handle=1916,i,11801888205197537930,16625506016290294897,131072 /prefetch:8
  2⤵
  PID:2268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2636 --field-trial-handle=1916,i,11801888205197537930,16625506016290294897,131072 /prefetch:8
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2004 --field-trial-handle=1916,i,11801888205197537930,16625506016290294897,131072 /prefetch:8
  2⤵
  PID:4516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=4560 --field-trial-handle=1916,i,11801888205197537930,16625506016290294897,131072 /prefetch:1
  2⤵
  PID:1412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5452 --field-trial-handle=1916,i,11801888205197537930,16625506016290294897,131072 /prefetch:8
  2⤵
  PID:1432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4544 --field-trial-handle=1916,i,11801888205197537930,16625506016290294897,131072 /prefetch:8
  2⤵
  PID:2884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=5032 --field-trial-handle=1916,i,11801888205197537930,16625506016290294897,131072 /prefetch:1
  2⤵
  PID:464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=2008 --field-trial-handle=1916,i,11801888205197537930,16625506016290294897,131072 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=1092 --field-trial-handle=1916,i,11801888205197537930,16625506016290294897,131072 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3336 --field-trial-handle=1916,i,11801888205197537930,16625506016290294897,131072 /prefetch:8
  2⤵
  PID:4772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=3168 --field-trial-handle=1916,i,11801888205197537930,16625506016290294897,131072 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2604 --field-trial-handle=1916,i,11801888205197537930,16625506016290294897,131072 /prefetch:8
  2⤵
  PID:4452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=5452 --field-trial-handle=1916,i,11801888205197537930,16625506016290294897,131072 /prefetch:1
  2⤵
  PID:960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5052 --field-trial-handle=1916,i,11801888205197537930,16625506016290294897,131072 /prefetch:8
  2⤵
  PID:392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=5448 --field-trial-handle=1916,i,11801888205197537930,16625506016290294897,131072 /prefetch:1
  2⤵
  PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=5640 --field-trial-handle=1916,i,11801888205197537930,16625506016290294897,131072 /prefetch:1
  2⤵
  PID:3896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2948 --field-trial-handle=1916,i,11801888205197537930,16625506016290294897,131072 /prefetch:8
  2⤵
  PID:1696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=5920 --field-trial-handle=1916,i,11801888205197537930,16625506016290294897,131072 /prefetch:1
  2⤵
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3484 --field-trial-handle=1916,i,11801888205197537930,16625506016290294897,131072 /prefetch:8
  2⤵
  PID:3712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6008 --field-trial-handle=1916,i,11801888205197537930,16625506016290294897,131072 /prefetch:8
  2⤵
  PID:3704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6336 --field-trial-handle=1916,i,11801888205197537930,16625506016290294897,131072 /prefetch:8
  2⤵
  PID:3440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=6384 --field-trial-handle=1916,i,11801888205197537930,16625506016290294897,131072 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=6148 --field-trial-handle=1916,i,11801888205197537930,16625506016290294897,131072 /prefetch:1
  2⤵
  PID:400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6380 --field-trial-handle=1916,i,11801888205197537930,16625506016290294897,131072 /prefetch:8
  2⤵
  PID:3156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6360 --field-trial-handle=1916,i,11801888205197537930,16625506016290294897,131072 /prefetch:8
  2⤵
  PID:1548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2644 --field-trial-handle=1916,i,11801888205197537930,16625506016290294897,131072 /prefetch:8
  2⤵
  PID:876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7144 --field-trial-handle=1916,i,11801888205197537930,16625506016290294897,131072 /prefetch:8
  2⤵
  PID:4540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7140 --field-trial-handle=1916,i,11801888205197537930,16625506016290294897,131072 /prefetch:8
  2⤵
  PID:2644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6928 --field-trial-handle=1916,i,11801888205197537930,16625506016290294897,131072 /prefetch:8
  2⤵
  PID:4700
- C:\Users\Admin\Downloads\7z2404-x64.exe
  "C:\Users\Admin\Downloads\7z2404-x64.exe"
  2⤵
  - Executes dropped EXE
  - Registers COM server for autorun
  - Drops file in Program Files directory
  - Modifies registry class
  PID:1032

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2416

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3896

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x534 0x52c
1⤵
PID:4040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3992,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=4008 /prefetch:8
1⤵
PID:208

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Downloads\ConfirmRevoke.gif
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:2872
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2872 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2184

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3100
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Malware-Collection-master\h3wroRemoterClient.cpp
  2⤵
  PID:4872

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\958ccd8e8dcce5e7bac5f891e8edc42ad6c5497d9385c8ae26c328c5f7beda24.zip"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
PID:3616

C:\Users\Admin\Downloads\958ccd8e8dcce5e7bac5f891e8edc42ad6c5497d9385c8ae26c328c5f7beda24.exe
"C:\Users\Admin\Downloads\958ccd8e8dcce5e7bac5f891e8edc42ad6c5497d9385c8ae26c328c5f7beda24.exe"
1⤵
- Deletes itself
- Drops startup file
- Executes dropped EXE
- Sets desktop wallpaper using registry
- Drops file in Program Files directory
PID:1132

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:3056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip.dll

Filesize
99KB

MD5
fe487725998a00de2ecd41b1357ca0bc

SHA1
cffe7d83767b3334533f9525bea67e34dcb2b632

SHA256
e0625e017c02038cf25b60d03f3c46da44b4232bf9c664cf30bcf67af81229b1

SHA512
173191f2678a4e73457ce4a4008c432080e050004fe034f93cf05281be6be670c54e0c37f23b90d4f9f6cce4de82fbff71cec817bf301d4d84405ea238f1c730

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
960KB

MD5
246da2a8b76013599e3d11b9f6f03515

SHA1
6a10aa64297e68fb5bb5abb940338d5a51c0e81c

SHA256
996e8436a50a1818b574a7ecb078d4f3566d6666fc4defb2493ec7f0c08538a8

SHA512
df9d86b41bca8e90ae212267b3cdac24e5c506dec0d88832b3a7f407f7f9057f23bb5c341137727f593088eb33a811eaddc445ecf1bd61b89cb1777837b0f1f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\metadata.CashRansomware

Filesize
16B

MD5
0df15a5bc3a421999fb0943442d230fb

SHA1
5801d35d989ec3aa5586eb557bc941a62a5e7e57

SHA256
d7897002c5aebd9d35dee78407036a7c0a6fa2c9d33620915a06ed883e4956d1

SHA512
e6602324cd09beeba3d71596ff2074568bc8944e3f9ba6ff5409290eea204f26f71eae111715e898190a54564bd32a9c824cd2f9a90d249f795b8c9f8b87f047

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
199KB

MD5
585ac11a4e8628c13c32de68f89f98d6

SHA1
bcea01f9deb8d6711088cb5c344ebd57997839db

SHA256
d692f27c385520c3b4078c35d78cdf154c424d09421dece6de73708659c7e2a6

SHA512
76d2ed3f41df567fe4d04060d9871684244764fc59b81cd574a521bb013a6d61955a6aedf390a1701e3bfc24f82d92fd062ca9e461086f762a3087c142211c19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
24KB

MD5
f782de7f00a1e90076b6b77a05fa908a

SHA1
4ed15dad2baa61e9627bf2179aa7b9188ce7d4e1

SHA256
d0b96d69ee7f70f041f493592de3805bfb338e50babdee522fcf145cb98fc968

SHA512
78ec6f253e876d8f0812a9570f6079903d63dd000458f4f517ec44c8dd7468e51703ea17ecce2658d9ea1fdb5246c8db5887a16be80115bbf71fe53f439d8766

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
24KB

MD5
87c2b09a983584b04a63f3ff44064d64

SHA1
8796d5ef1ad1196309ef582cecef3ab95db27043

SHA256
d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0

SHA512
df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
69KB

MD5
1aca9c8ab59e04077226bd0725f3fcaf

SHA1
64797498f2ec2270a489aff3ea9de0f461640aa0

SHA256
d79727a3a88e8ec88df6c42d9bb621a9c3780639c71b28297957ada492949971

SHA512
d63ebb8d19e6cbe9714603688bc29eda4e347e1bf0bb9b0b7816225220263781b84966413a946feb4ae27750371de01e03092dacc4051116073c518d6217fe65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
325KB

MD5
2d9ee45a5a27c48c224370cabad24567

SHA1
05694dd9ddc33f4cf3f70ed5567c98a7fdc5c0d4

SHA256
12e1464cfd222da970f5a2236f1f9c530fa1c0df0287c4d78f650d391e8f2e64

SHA512
17dd578f631d41be3ad7c661d75b5bd25785185fcb841203c75bca443281a76762cc5914c9851e3750ccf379da7cb93054b25999a99875694d71576b88b20b45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
140KB

MD5
79cc567412ca3fb71e05a593f1cce971

SHA1
56595a93c9ea1f4da5afb83bcd06b9ae63bac3c8

SHA256
2428a2d02bf338efee7febb9a2c1f34a36d010988c47fb4646a9729e32a8151d

SHA512
d4fa097e4bb7641357848056e0b88a68cb4fa012b5d99a8a608ea15113dd74f877c2a02854944443d1ee0486f46e698d0d32d46917c956184980f50fb58da4a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000033

Filesize
21KB

MD5
12b3b06a215a92b61047d4d676009d5c

SHA1
bfaffa1420406892f96c14563413c12b22d5578d

SHA256
ebddde1fdfe55665db44af96d9a914ea833d5c74b510150b0aafcc6598c8ec72

SHA512
5f597b93c1bd9e9be7d7aa42ec1a69d1183d164096046af276546f907c7796cd5d1ea80d152ac8cab76f1ddf3a6e3d51ed74c6dc97d467a4f5519dbad8d42ea8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000083

Filesize
22KB

MD5
3b5537dce96f57098998e410b0202920

SHA1
7732b57e4e3bbc122d63f67078efa7cf5f975448

SHA256
a1c54426705d6cef00e0ae98f5ad1615735a31a4e200c3a5835b44266a4a3f88

SHA512
c038c334db3a467a710c624704eb5884fd40314cd57bd2fd154806a59c0be954c414727628d50e41cdfd86f5334ceefcf1363d641b2681c1137651cbbb4fd55d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000086

Filesize
93KB

MD5
46d63234dee279f353d3497ec5006fbc

SHA1
bb58c3d15fe773659d30daea83ccbcd3e2b838d8

SHA256
09c24885ecbc68c0111f3b1c848939718f64016819586e28f279f483db40d9d1

SHA512
b8864be5da69d3622db78628da8acfdb51245e0743ca9fbc451a2e2af4569794f1f433aa0bcad9c7848a19636e0d66b1fd1c802e8f314ee7fd316c3fd9b42434

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7ce9d2e6fc982a4e_0

Filesize
347B

MD5
e2f360b337cf3b21c8067599b90d3d0b

SHA1
0624daf96552b5f84f90f947b8d637d06212e9b2

SHA256
2277b53797feab119f935a89b2ad5f7d1540678c3cb896097c8387bd8ae066f6

SHA512
04eff011897cd632864d59f981b679892cae307b0dc176dc4fb0d3d2178a3b33232495b35c4e2e0c9796c052a7b5746cf2e965115464112628c17aead2099f73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
3KB

MD5
690317dfcb50f3076475caaa30b8fde3

SHA1
caeb311b9ac15e5f0a054609ab12376911c16408

SHA256
16c8eea3c13d03daac4864b11950a07e1a4558774db4d4401eba230ab773c94d

SHA512
d90ac55570c2c3112e949a7594c8c78ce5853c2260c97d3fb20b6a97ba957c70c7827a4d836125741f26dff680f6ba42e05dc45bd2544deff67989935c11c672

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
7902b58299aa2ea39285e81a6b54d4cb

SHA1
da398963cbdcbc96da04c8439d5efce6551059b4

SHA256
0f8316d2a262e0b5c6cbcec04141de13c31092bc9b8e43c90ebacdb9392d1716

SHA512
da1a73055c2711f924ef13d03f1169296d102c5db88bc20b3163133c9ed150200d97551a163ac166cfe7089b9f458f931821d253cc12bc78283c4d79562460a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
499b93c81bd846d14cf7bb2b79782b6f

SHA1
13f0d5a184ca6c1608d29571bdb0fb31acf66191

SHA256
ef15e008edcf1b290a792d5e3330e54edbcc22da7f64352602c41db128eea3ee

SHA512
91d837014405d937cb79a0fe2d2bc18403210433ffec08872ceb492eb0d76f2f974876160f0f6687503ad0e26586103f778421ae22470db141ac8339dff064cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
187ae07009fb929bf23d4acdcb4b7ea0

SHA1
7cccc3b3141191d2a6dbf22a14f66c667013da19

SHA256
677dd764ba4d67e54b6ff313524bddd561380ae3b374c94f87c9440e1540db9a

SHA512
512a0bcc9ba71e680e23e248606128a48e835be8a38cbb9e1ce6bf84589bcc5c686fe3b1f4040e16f572a7ca62feb7402cfaf8c38191086370b5784eea63d27a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
dedb6aba5da858e5f665cd66b02cfeaf

SHA1
99de23610a3f26ad9b15a72cef35573726e0a238

SHA256
89d8dafe459e61121f036248a6d47e765dc051bf776b87d048b1e8b38e0655b4

SHA512
61052efc45f3db962225a5a887cbb2d646e2fd43b709c995ce2156c38fb0b709c497a52070d620225bd21ab414ae3fb668833dbb1799343c96225a54ae3e3379

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
d871d8045633987561b8602eef1876da

SHA1
4f2830c5d8e1f644ee47bc1b9d4b42759032051a

SHA256
542219aecc03b02e20ff4e88ed57ef79342842fdc48acf16979f727f8f2b7440

SHA512
6dbcd48abe0eedc982621424346832dc16ee7ca7e19c78f56bb4eadae1c748a07a6cfbe0b314f51b532c1cc3f7146a51af19af8bf2edb5fed5cd90566c18c0dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
423fe21cffe825fd599142baf33f52b7

SHA1
7a19e7367b6cce87e99006e4e7121419ed031864

SHA256
d4e94ccda3fc7cdfe492041a2b42b5524914ba7b1420a9561e9eff05551de320

SHA512
8a75200b11443cebe396dc7c624cda99bb963d5f178cd0eab022d27c25e6f1728caa16faba327a2563cadd1ea9788db4eee31bf4c1a26230a8a17d688e57f5f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
659067d735ec044b2be684f5314f7183

SHA1
f368ea8f353c36a1d12d0daf53179591265b3748

SHA256
38118b35e1347fa3be03de7ec5037061ffb689f6e70d42535ce1e31e8a0c17c8

SHA512
ca151e387b9017f53ba7a1b7a67377fa631894172021a42c535a74aeb63c329961873bbe782613627f621f2dfc4726d2e5138c2e90825824168f8eb1cbe2f4c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
2dd35e36fbe4bed222e20655b363eb95

SHA1
bb471c6960f8e7f1c2eb5cee57234147ac557213

SHA256
f59510a233254a5cf8d94aadfc642811eb7b8a71bdf73c213073e778840729d3

SHA512
f65c543e7b9ac0cdc092f34552d229e42081d802956a269606e9c91b37b71719f1a843d44cdda1e76c55ce5d60923698cbc4f51f20b3057dc5be46d15ae7d61d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
c1f15751e6ba2d89c057ca7023d38834

SHA1
c0268430b582ae8789391c0d4b1d74ab54390043

SHA256
f4a89dd28e6cd635bcbe32cccfc9bd68eeb854a4727cb4a079a3eb0223213ea8

SHA512
455840c8e8057f51a25f30a816328370a3a5a343f8a6bd0bc2eaed50d3438ce51c1f2745137dbbd4e09d41542a50fd01b5211028caf96489a9a129917bb674db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
79f8c00f2b0130162f8fa2cc47d19f9f

SHA1
3a8d8953e5ee68bcf40afa4e362cc5e77ac961ca

SHA256
0bdeedeb405e77358844d47ddba424b478a318236d944fa6bed326bbcfbc72f2

SHA512
27d657fbc4eff703efda580248165c8b6bf37c76d698de7cb737309ef6e9b9aa9f09cad30d363a56e486a27e3443540352c3005f849eeb4ea2e9c27c7f45fd0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
c99221ca70978db8a9dab7b3190aa11a

SHA1
832f8f7b0dc50db13c6be45fce9b3a029fb77dbf

SHA256
1c979f023abef30945c9e25c0ffb311c75fd0e9a16b292390a048ce8fa3a6913

SHA512
76c6c36440ae36c6098ebdd52d38fabacc3693181cdd84f113a9bcf433454f2e9b5258fe1f8860f2a0a7a28cf07aa29128738d526c876f76eda1349801a3030d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
e1a3ef0a89fa47d96507a57d999d59bc

SHA1
c5348b398cd90117994ece91a6644c9e5db78167

SHA256
702770471c9a3cae03897f5a1f6efcca23929547cae8d281e7c47e5e22cd6339

SHA512
a47b00edf5310d50dd4485c748e7bf4b89088367842a614d536c3f6fe2a2023219dd230544c42c73806c9088a2807db40505688b5889087d55d3774c1affaa3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
41adea6479afd50352744b7e77c6c514

SHA1
9348b5da945510fa688b6da3b674be32e83f665f

SHA256
0815582f9691353a3545c7dd03c2c4ba25bfdb2c9f332c70ac1587f036415d2c

SHA512
a3962f0c42d47d7e5ad5972a24d78694a58bac48d7262cb472852225fb66af48ae53d4510bfb9763b0fd15c12c9f991b4ea1cc3ea0359a4bbf83d8a3e06801e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
aae6e457214c8e6c14387f742539185e

SHA1
088006d458107a120595650ddfb358b109af20bc

SHA256
a4b40893538a1b7c5277dd870213f423fcaa10b124f4db10dec537255fb694ba

SHA512
4ff18e12cb63afc5e2b56a5005aa1a0a0e75415ce479a61683e445be6ffd64920b854eedd98e4d79e325b2ee2398f0ce5ec9ffb01ea2cbb2eb5e00d8925191ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\CURRENT.CashRansomware

Filesize
32B

MD5
790b86779b071006efba7242db494fbc

SHA1
60d81332ecfaae2d17b7de259e9b13a470028adb

SHA256
962a3eee3f91a9166c3f9d0b2cc0ec8625725a7adea5f6d7a275775659e9ee70

SHA512
d454680085d9df038668af488069a7af5f019589f7203d6ffd5ea270a2bedebd6be0618544f09bcbeb94606b9348e34c9c17aa68474d0d64692b67bd5d771579

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
3d59d88d2403efe704909c72161ac6d4

SHA1
10333a118e8d677a2232595f45d5ff919d22b1d3

SHA256
82391d53d3142ba1cf9032420ba055711d494b705f8fccbe50252a52458ef552

SHA512
ea7e71c88de9cafc9a9027e0cb7d8cda33474dae6279c152ee33e45b81b9fd68cda59ece6c687b93f95b3868be688ffad56fa6710f7cebc8a821c981b86e5153

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
f2b589a52499f5948cea0c1fb7c67a76

SHA1
452819923382aa55b3a345f25b56048a1476894f

SHA256
c50659b7a46eaeab6716b29296d77fe0ece8518f04296ea039ae44bbc8e914bf

SHA512
ef2e18309f32aa3759a57c248b16f5eed1d2deaae6934d5bad3d0a53aa43f692830ac2f0684350ba02a324b0f3d073c976c10e69c43018eac57b78b2d048b261

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
c4e45ad9d13b094be20b81dc13fd1c11

SHA1
29daa01cb41a14e82a700f51c4f1d97b553b8209

SHA256
1a8490a8b8d222e51ec61b1ba272080937f6b7f29dc14af4325ab43518a45a02

SHA512
0db870c56fb0650ab5462c975a703bbcd31d7a8cc79faefd7aaa4ca6b642064d9ef7179e244fc18c1aae1646f2b572d98ef1367499924d30fd58f259cca1828a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
32417efe9f136fd594f64b18a0414462

SHA1
859a89bbd1c106be2843d52f1a049f610b7dbab0

SHA256
8067319dc4324633692dd1baeef7a664c7af1d9a84d1b2a322bc060b57c2d48b

SHA512
f731ac2654a878f17e0e537c091a559d54396ca4867d6dd8a824f9347b216f9438128feccfa2898f2921c1032221e5966683fd74e22b33108a0fd75d99ba936b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
1436f9ab4011d502fabf34a55314c652

SHA1
f96b6440cfd8af8c15cde8a07fb5b3900c47539f

SHA256
8550195242fa1f9781fc8e56904b4a0646c5e49e4fb929717ea1c11793ea8bad

SHA512
1a060850d4033c35c712afe382b9209c11f031541a0d32aff7c4787af3e4ef913d0812b6039d46927ab9f2932bb047f6a3a9900b9866a45e5e2723782d0233a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
5b7991e6dee7a6392e17df6caf98b641

SHA1
93a7cd4fbd0548073e3202fd4d43a68cfa41eaef

SHA256
91765a82a5d935cb90b14741a716b6c1a6e92e0ac79b1095cc00be50e3054018

SHA512
9abaaed3fad1feed274ab07e2a9156d426580215864fb48a4b7383578e68782534c005feae25e9e86483330caa9c006fb9c71922d7cd5315c1d2ac88497658c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
32e21e17fd4afdd649866d56a0ada7a7

SHA1
d820634ffa6577aba5c3fa7f5759d149256fe838

SHA256
3e9fc84937a5ad4f6c219c0079fd7b754d0c50c273605fcb076fe7cdad634d0c

SHA512
54e479f5832ff075636402c0deeb05aa4af642fdef3d4409b411f11fe97201713bd7b6f867453b337026b35dc0ac97064089c51f2387094b2ec16a238278fd3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
89f22047d693e90f41a766cd29c80b5d

SHA1
2f655f3584ac0cde5f242fb80e9cb8b0506a2ddd

SHA256
4da093ea20dea4b3e32303dfe226faec88295827c9deef7c3e2c86189afbfe97

SHA512
b3b3ec945de1223f618e24a11eae110f6b5ba7b2d815ef8e8e55bdefea28f9f04a562317b98f7c589a345c5fe739fd5b73bbb2c20deb3b6b745cd5528eaddbfa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
0cea4e59c9517ba19688d6c25eb4ad10

SHA1
bad6ee70bd67a61683e3eaacae2bbdbaa346647e

SHA256
a641aa5581285a51c01f2fc4fee91e14bc8e2b5909f39b80f67013197c000c70

SHA512
aa6c19489f4be7dd439813c97e7b28f01f07d00aa3ff43a27f93fde894c8afcce1ce16c2e9f17f0c2ca68e63dbf567077d7a56afd333ce445457465e762bca4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
04bfcbeb08e4a43e085e0fae15f99858

SHA1
d3ee319eab5ec5f88343e453e3578fb37d0d5014

SHA256
611c1968e2fede6d1c400020e3f87a0afc3421902303f08275da7b920808c2e4

SHA512
c837ed6d0dc85838a06ee6ed287e7f48b6933c585c75b4a4dcfff80a452ad2f94a8855251b48413cdee5cfee849f70e794de9814b4ce473203d34a88695ed234

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
b8507024b146292671200d11b82d0d18

SHA1
a4f12e9cf7b96e4fa2ab187d8a2dc464b41c9d71

SHA256
903b9aefb8177f65778050e73d14aa1e5d215d5c99f5f94d8a6dd6df84d0caeb

SHA512
1522d054d58a94d41f9cfb621d066ac775c5cd800622e2cc9ebba14d3e516a98b70ff41adac3cf74d5b48767f15b2d980142a1b43448f77300cda5bda25731d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
9bbecbe080d72e395c5c2189394fe22b

SHA1
7fccdffa9d3c8ca5d1afcb7a7c44920ddde0b7a0

SHA256
fedbe401a267f87384c93e57dbe5d9842bcfad8d08dc7105f5d3e3eff0ed7f39

SHA512
96b6a982e967ea086dfa18c5060a726d8e21eb47e572516cedadc9db280b193690b47dd68159cb7e6d1ae6158c165dfecf81fde01f42d2bc20761a84935db245

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
24e5dcc7f0ae0ff1d23389baae8d3b62

SHA1
79e878155645235229fbb8aaf4a37dd1d6962461

SHA256
a5ef9c6554a674b8b15806ed5c2cf2d9d934a2937e75aa9c46228f92859a9d71

SHA512
4923115e0f96e1cfebd0cdb764718e78d93f9ba171d4a533846fac7db041cc69264b06ee283f6159261012ae887c0f50c8c4dfd89fe2ae39d758b115da64b4d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
51182d669a1c78851383ab38f6e595c9

SHA1
aaca61fa2eee6f40d6a0c5826f89f7f8de3fd98a

SHA256
efd9a754f1b9dded8049020006a9f224e3d3345ef3a7687ff7883e5155d7eda9

SHA512
d0e4ced136e6163f1999f8575ca6d701b572a7a3ceefe21e9d365cb506d5ec556f2daec4f60f3067244b1452daba56ea03bd44cd68f982c147c8216924f28124

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ae1c1659dd029d43cfbaeaeeae9637c2

SHA1
a3081e886136a41330fb73fc9c9e9458e4863ff7

SHA256
d7a9267905a6b8a550b9de7868d4b8cadcdbc55c24f6f2799f93b1e2dcfcf117

SHA512
afa7deff0267a456a9a5eea8744adb843d6419c062310b3b2056ec709ba12957842c87cd02e371012b70d8cfffed1640db1d0fadb0a1b6a8969ef48d5d0a6643

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
df5d6c9528af9187f3e8abdd9973147a

SHA1
d5265b56c311e2ed687fcde719aef8d3cc914628

SHA256
d3a53f48db966f40b20c36e0a668abb6bc202476fe8c85e5bf81ff14e8c542c7

SHA512
a58573cc374a834dd6d64161766e928d1bfa2bd3e3af52b081e8abbf40368880f605a4442d6b50d7f620c78a93792da1582ea1894778eac4b0d8430eebdc7f27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7e347d490b45b67a8110757c2c69f4da

SHA1
f902ae8b553cd835943fdd01844e1929469ca930

SHA256
ffedeb80c36a9f98d3e4d06719980932f59f73c6fe8207e046941825e4148c14

SHA512
c8f58df9291c6b2bfde5e652f8b957fa5784e68855dc600a7e2258a61a04e15a3aa42905577963948b3329cc24bb61953b2303e615c650ee6af33143d401b739

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7767638bb1f31aa392d6d71cacf914df

SHA1
6dbe5de632e02d40cae6619ab25bc79f2d0eb9fb

SHA256
fd8ece148b64c00327a10fb1321771436984f1d9d21177ad475fd6c0ad576c6a

SHA512
97c17757094d19859dc31b72d086237c781e3465c27b600429883fd906522b90d96fd84e188646f88732e8074bc17f124184065e0669f1adff6edbf2f829ceb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
2ce4b49318f41dd969d90e2622c3f060

SHA1
167b6d3858a50ee6163d16a44d6f782c2ba94e6f

SHA256
c307bd1e5534494e83e8eb308f2e95aef1f36b1725067ab603f4b4f9be4f7e7a

SHA512
7278ae1d352da48f2b7ac44ecdb1f13c9823d98b6c1f03f63476b4bc209938ffc84bfdabe2331cc4d45d13b51abc6f9fecab555adf41b12f92548798e54ef463

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
41efb1b23a125b787699281d6a3075aa

SHA1
2eec6269f8c863813337807563aa183c8e22dbd7

SHA256
c23a1d8031b9424f19cd99acc8c14c3e62c1a2f80bec10f0a177deec636d505c

SHA512
c47a1ba2d68aad01e92789f38cb57c5b9e653da47468d63e921d37b82d16b0005874bde62e2f908bf0aeb5526856d76174fb0adbff2185b63272f5a559bccf4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
8020dad747b741663bc2e887e9026731

SHA1
f1d05dee23a0dcce3808cb2e7978092cc406ddeb

SHA256
1fee0a0c688972aa92d0ebf536c4e98e80d4bd79b8588c62bc2d62e53fa1920e

SHA512
1d89bdba42493c3efa16dc155d2da540ed4b22e60161f763931247634dce76546918023857506b17c8bf1f2035229625e7b5e687d958b324be3fd75e8b475fa7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
463186f3e697465361f92c2cdf73544d

SHA1
817f6ad645e8bf58e1f9047639505182b3761801

SHA256
d1d1148a682da138787890557221de97404cdc6aca10e8de866304601a47e11e

SHA512
405e5be93d6b954c370aea267abfc18279bf7bd705b449331192aebeb61908831d36bdb64c3122fb8b55eed856f237c9d7b434c39236582728f2c573f147bc54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
a7a604851e9622345120e23acf231eb9

SHA1
547e0a26deceaad0c03a693526b4ddabdce57045

SHA256
be7dd6deb98063ce1f0e1bde012de2062d033e568e357810603f00fbd5ceb956

SHA512
f3339957cd9799c494e3c0b2cf07bc7db22168a4c5fce43157c8d178fa971b00375930e0c7f8508bfd763e9fd52c62341292ba2816bf2ca3ef94da8200c30098

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
cc541d9430296f4f32e2928259e076d8

SHA1
a111273a5c8cb9f682d25c3919b0f890f009c704

SHA256
9d4be15e0f50539968cf8b30481a7b429957549c57ee86ecebd8fa0ddc571c5e

SHA512
50e8856e7989905cba2cca1a09293fa1c4f3f3497712b7be413ff5beaec4c31c87da048b4b8d58c10b961165de7c30e97090db209abf201aa0fe5987b1a9352a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
da1b98792fcb906d3dee831c22c7a4ad

SHA1
e0d412cd0fef7f4c21f4eb167989699226b49d41

SHA256
c9c2379ff0964da254effdeb2058366de1531e5841b3de542482bbdb61f0c408

SHA512
d7bec7b5b6b3e7189d7a5aba51b11d535aa28ced76cb5e39c360208738d642c0ab5e6fc5a3a61680f42eb9fcd56facdf648bd40532a20ba0e285304f580cf9fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
67ce640dd66fd0f85df6d0ad9d1dbe10

SHA1
d1bb86576c51e7795fe080748000337e145c2f0c

SHA256
76132330360a3dd46811150affe5cbfab568410da7e903ebd8833bc6c9357838

SHA512
c075f8c887a2d6272100459418884d8ba647afde555e0ae8c016f7a8e086104504b77118b4ed1e5c6c8383da3286b4b75a3a733ead975f41f776e01b7ad6e9da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
486d020ebc1fc98e49b03afea6108530

SHA1
6b26d04dce557097fcad247758eddec379f9daa2

SHA256
988a911baa9068c8a225833a78ca6c4481a709ab7f173d01fe2bfbe8bf45b4bf

SHA512
6b9d0e155a10ea345defdc9c1b1cb77ef0e830bd61065928e330a3d780217a65d15c46d0e76de31db12f086a8f8b8aa70e643470537e439cfa4d2fe937bae39b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
76eef056986400a80e85d5f6a7f2e84d

SHA1
15693caeb59321655578499ddc2e36a81ea60ed7

SHA256
110a74f76395dd049c82402616683b9b51faf03ed2ff5178ee91d309112f7c5a

SHA512
572d9086c9326a91fffc4855a7dec5d9a411c2d381dcd05f346949ba6bff041b65dc51d607fdc27ba4aa309cb5e974b48ecbe1b11a7d2b5325d1ec9aa35c5a44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
0360d8f58a1f1cac7cf0c13ef51d19e4

SHA1
c89b043cca73b93d3f873acff7a740b16ef4bd34

SHA256
f170fe7b2a6a080f08ab0832e33e454b277e5a0d8b8e849ccb7a7f0e32afc64f

SHA512
0bf1e6957c6ecd31afecbdf0ea112f143277f4cfa2271979f72e97d759bc2a0838c0b1680d8b74549445ba6399e14a6793a8d4a1257ac363c5ed521e88d90ccf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
c78fa12c5b67dd4a877af9e6d9677f06

SHA1
6744307110139b8118a07b8acb5663019d8ff5e3

SHA256
4108e12db169ecc21ffee6b41812fa69d8da1c338fe0c8cfda83a5806f0c645b

SHA512
7684b4253d30aaec279cc234c6817d9c44db56c8d8235da64dc9ba26f2e3a3fa0b96964a9aab3d362e6275ccc0c2f699ba6613a8fef7a69240a57ab4bd990201

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
d46abd174735f130dc88fc89e67f2af0

SHA1
10dd89fefe68e343d2c69787db97ac0d3b52ee21

SHA256
6fa667f6152248a0fdf13e7cc892feb2166c3cd71413cc29a734e402120e4cee

SHA512
fabe0eeb36d41b10f64c5c437101699ac5cb084e0eb385b8052d70d1012857ca981616a6bd66296c013731159d17619d8430512040d525001723bf5d17d71649

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
9d141517e6cfcef2764ca2d2bbf81409

SHA1
87e2151e944060701b5d2b8fd8a2a9a44a790276

SHA256
f689ff069e23f32c8dc83546dce71f16fb76cd88745043504e15a7428701981b

SHA512
3205ed6ee7e346f33d6d6e66ad4846f7913d5151d722ce5880bc9bb6104f5cfb6fb06293264ebb13f3585b90740e4f5d59654ed9958a7d0adfc249d9621889e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
27c8b60ea26adb0706dbfb5d813f0472

SHA1
d9330da2c8d09c20092ea62dfea3f455c143c11b

SHA256
ed23cdd8c4a2f42ec3b3b166754c19bde9e32cfac065fb4678e690799c96f9a1

SHA512
eb5273ae17ab4be4fe3e246b74840e9ca1082b8756a608925cc2f0a62effc490137b5102e895a6a6fed836a9ad25bfba57b404048df1be0a7cccd12af05444ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
89255a33ffa64d4b79861b5c18cd3543

SHA1
9fd0b978114c14d787e6412cba7fcfa86ef0a6c9

SHA256
47cc34d0c7da632a644d3faf0f7331446513291869fb83966b826d66b9bda1be

SHA512
bc4547d0921c3d172796c58edfd83252772ed29bfcab451dbc1c5a8979c5212d9fbd7d691a4fb3c3a9234a2ae7b831d1fb5621dc73798163f2936c629a8d4617

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
6e2bc72628f4975eefbc37afcc1ff947

SHA1
1a4622ddfdc3234aab7977e1d2a0d68000038351

SHA256
2638eadb564c88753b9202e068626fc9c1022f25788daa14e13909d60a119efc

SHA512
9dc93ff7aa5e611c4f1e764f33ee186bacc98cff77e2014be063181cb9a6cbc14c0217dd8c945d3a8d16ed321215b886dfbd3ba13e0c4fdf57f44194e2db30d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
387b398caa6bc405e76d0393836d6591

SHA1
fc7648b8f83b24e5c6274bccc56982ea6abee064

SHA256
949c088261b046cea27306c27dfb374c74e250a50c4e9b43dd67891cf0cd17c0

SHA512
78cd5f60556d886157542cefe87eb43d6ef4901506f28818d5b704bda044b98c11751bf0f3329d747681a1626d620ba5a3587c4f9828908350e6adab178ce0b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
f20eda6c3df3021eb638e2663a053c50

SHA1
26c76151ec72dd1ef224e9baf0c44a54c4e35ad7

SHA256
d68ebf2a17d9b6c7e0a0d3546e1e17c3707b289526a571aea7851c41f91bc894

SHA512
007efaac578d39734784c23790827e04ccac1d73834ad87a7ea9dda50d712a885b48f9a6594ba17f08fc380ec61ab880d2fd5fe90d64419e04528fe6a40c77c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
8231e03d0a680fe3fceeb2c85fe9eeb1

SHA1
ff60b394f4d294eacdbdaa928f45f7a5b65b06fb

SHA256
2b32b7c67aaa586e60c2e47d3f54a2c0d4a509a816f5dd59ae8ef4b2c9a463b8

SHA512
3ff8a3ad64d7ba7edb8ac3d7cbb5c22f67b28f8c035855d74e40372f1fc74d760cac77b5c6da4730d9a71e056521c8498a5b252031b31d2f4d90e06d1e670a83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
2ace7b4e91c73cb2433c8f4331e521a9

SHA1
647479c1a405f51a251d25afc4320d21575cde8e

SHA256
3fb7c1907857fe195ec20675d6d681f9c0ca211a3ea12e769828ab2c6d496718

SHA512
cc31f88050b8b0b4fbd2ff16a281a82a16941737a964f0ec48161868f4b9c095ffaa5419755a24e36ef55bb794144186d75169a68e3e452d6b6683ca3e47e6a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
dd4254ef29e1e883212e2a21df007939

SHA1
9900a4f3e188e077327aef1a4169cbedc41b64c3

SHA256
7be034b6664191ddc42cbbfe8a80cf6410212f060332167534e634ed07dbfa04

SHA512
e99606f610318ab6871085d38594661fcfbabac1623a67c713fa3feb629d7b6ca8b31552028cadc38322bf00945b5446554cb8a214d7f93869068c7c7ef034e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
190254ad4efe6e3fa3c86bc7195cf752

SHA1
c5e128afb5a8caad299e57af4134a348a28406a0

SHA256
0e44457b6b4e892e51531f42836915b33928cbda5c13017f74a0de4424bf5147

SHA512
2b903d31da73df1bea3bc24e2711407c90a746a06ad3e7352d58ce4eef5c25104157c4c7e8ebdb0698d8a5f8fce18d02491cb02bd2c25b3729feef7bc041ddde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
82e11acdb488824dae1b405997c3d197

SHA1
e2915c8bc502021c659fc01d0e1c12ae848d204d

SHA256
88f046dde32a9de597998ead69bc264d2dc5f557b442870b0d2d7eb7d6156902

SHA512
9480aabc0ef6037664fe3a015cdc11f31046722db648f40c6fe7a7c01ad406646ddd473d25443e39f0b978a3943b15c7f6adec06d7eca73fa96e5116f9ced26c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
3eb09c94e06f84efaef33dfc3b468ea6

SHA1
c22ed66628cdf0693d0f0e7b0e59c3368a7de3bb

SHA256
344e6c7568249f04be213c8af82970477f3a26f5c7ce5e646b642e9013715d68

SHA512
09d0a83f7929cbdc5afc4b3f0f2f07d65f49e118f781906276ed3136b48ec4866c03869ab4bea8d9c20580870701299984580c0ffde046c1f96ecea434fe3120

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8af88b61d47f91d6fb0b2afeb7c18f04

SHA1
8cdcf716584f5e7d158d024a8cef156b5363dd67

SHA256
5847c7db67cfc281f76fd32c1baec56cc2bbd837ef146840d515920fcc728701

SHA512
2168d56759bcadcf601e97f4668f5f898ead09cb6f90bd1af18ecfd0b1bc410b135e29f13d2d20f96887e2f3a52113620444afe666b7f6b585d909501b8a4205

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
535bc1c042e7be43c70692db52c181e9

SHA1
d4c1c69490343cc3dce29ab50f65e445414e35a3

SHA256
6aff24789f5596a909bd2f289bd3f2577204fa68f1d1d95df52fc9549751b5dd

SHA512
df5e8b675ca0f876f9158ddf6dffaab1f78c59c6e5576989aa3618f1e35a312f94aee1c6eaba1e08af60bce7cffaeb3d86038ce35b7bf171f6561f2de5896166

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
41a01575ac415ee60436c69bf5f5208a

SHA1
3445071cb84037e8130c7f6d9eb6f92e7891dd61

SHA256
08a9b210c762255d01232e3ba33051d127fb2d153dc2ff96b4b874371b8c8690

SHA512
8a63d75fe6f6459a3aaa06250b5c762793989e334db6769e6db867129aeda83ba9fdc0d7eb7f7154a02b845031f09d84861090ab2e38bb686fd8b359bd8f2ffa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
2301a5fb0e57e7dbd3d8b4344830e5a4

SHA1
0d73e79e066415594ef1c6fb54af9a8b7eca4f7f

SHA256
24ba075e7319d4f7143044bf6f3ed46ba7e25da84f24187ef3e9f1bc9532a8eb

SHA512
b1ca481faecec9c5e41bbb7114c63e92f923d8ca7b94cd01c5b775ec9d2082be9a7c01646a9713bf6390f7b80883a52cc6385c90b4b89a265df6b69543fd37ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
8e8bce484cb58c61e01ab0e54ab75673

SHA1
a1b7fba40d6442c8b0ee75ec7fac8aaaeef650ac

SHA256
9304a19a6e8210d24e1cd8e2bd1ff9f50a3cf9b5198ac57c1f73d850a368e5e1

SHA512
c0e621741f576d18258a01dd7d112dcfc6a12a3a9bcc5027c01ea91d1d2a53133b1eea3c4770145ce65495b3596975a1db9fc98dbfc6a6c7bcff71b7f01fc238

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
12e8d18610df2f132815708e2ad0b00a

SHA1
a96b4cdce1d78881a41a1afbeab51c7a572a5215

SHA256
a0d8a398e5762ca063a86cbb1d3edface6ccc4c8b237396b6d8b0c2228a957c4

SHA512
fc9e808a99c50a90f92c01063d65ec5d647388b90b4f4205e8ad76871a9e318c2a535977d87f0b348430b4a0ce9bc837285ada9b19ed31b37d0ba0d4e032ac1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
896ee58afa2051fd36dcecfbcc3a55fa

SHA1
db251c8b1915b8cc67ff8df16222a0e4ad58f265

SHA256
f5f11750152d4cb514c224b24df8983fbf89625f8320acad20f0ddbc1b50ee91

SHA512
b187f58d85d5f88a4e9f56305b594ecb06446141991d869ab6df33b67abc39cdbdbc05badb6cf9a81b80294768ce6d19bedb8782618ad89d5a1d3b96843d7c6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
150c45302c17c232a3260edd9b434482

SHA1
decc1ab0bfbbba0ae606fd9289e3b17d8e4fd4fb

SHA256
07c24bbcb727eff101a93538acd14abebd09d20dfad6574806fe4ea1489deaf5

SHA512
e10c06e10103668b32e6dcf638d15aaec919d9b849083e13efc1f3678aa9dde9e130cd00907f502195acd0fd448599e80423e1c0273574d2845a50bb2e9c2096

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e9627745fc67a64f25736a0e8005a8a9

SHA1
b6812bcddfbf762c190ad7bf092bd69f79a7b3f9

SHA256
8b9488cb1ccb93e360ed8b33f6f326aec5c3d211516c762bf33f32d763a290b5

SHA512
7453544c50e55fdeb7f2bea369558fb2387d991e94ed86bccbd116e11151a9e30d5ee98890bb39c91820ad58f8d9e73871ed836fb2ea57cff0a86c5eca63a3b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
17c3ce121bf2f7e40160aaab25cd085e

SHA1
3c94f4edbb4287323c9cf356c8da22b887bdce95

SHA256
a1b0e888dc8c47790b6e7822e494674ef70d0d38349bbc83aaa3cdba9bbe6fe8

SHA512
fdc4cc124877a3d7e045ed2e59da32ea5655cddb4667c4783261956242e02c1cbb03322321a4a5e52f3264aa1a139c4944bb9bb25caa9a7b7a060c1edcea6d18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
f21523c167537637cf5f7c3d95bf6f2d

SHA1
444d3d4003e8efc942bdb93665b0b18f85d502fa

SHA256
10824da9fd0138ca7161fe7ebe79c23411bebe6e5a5d1aef3c6328f37a7e982c

SHA512
c11fd86ac733b49ae9fd7338644187297c6fc02d5f1a6c8d54bcf74a708dc42e04b486fc3004dd70e4a6ee88cb143d8ad9199c7e98871cb9bfaf4f8c05f7ecdb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
80f63ba9555873ab64fef02758d03a75

SHA1
f01bbc1c32c6eb85a36a61205648f256e8db2b6a

SHA256
10b917b3919c3771a8884541398dfb8e3572cf1120e9f7ed6cbea48b31b9882e

SHA512
14bec12f143db55317785459a10500f72a9ba2da653054d477f60c6c7dd893b75f62b4d32734f8d6fa9172ccd0a1030ed1f3f0771a12a1f86b02e983cdecbd2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
24b38a8636826355dd7827e00f43a0f8

SHA1
8bb7eb0750dad43f016dc2f5447a11e825e40d87

SHA256
de16e6098da7182fd43f0aac9602d843ea511336dfd0e7ec07564951aaa8d4b6

SHA512
4ceb2dc26af270f66615630613c1ef4ab06835d08a2ef003f48e044f106f81bcde1d84ab05aaa666beca6a554a02784f650cc68f3dc3b70f92756165dee091fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
8359e8aa9c28f65ab06149a5204819cf

SHA1
1861093644e92d899a20dfd259144493ae28e474

SHA256
a8d4da44a18a2fc35dd8b91efca443c707068a19de81fb2985a5d88d4b001ff2

SHA512
1081e5c7079179142ed7573135f9e907a40850ce3e75f7be8b2a7a2a7d04a1ad618ffaeacbdb057edce301d42ca125860a9012beed15fb5557e98b40e5fa7e67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9f7c84619e1d698bea8f680188ef361e

SHA1
944e51c2782862367d5323e4b0483de4114cd9e9

SHA256
79b31be42078dbe759b48d5852e541e26d2a50fc5f665e038f2333be6d47cb50

SHA512
a5a7ffb31c8d85b59f4a100139980cce9b4432b9dac39e13593fa037b77f8f57b06dfa5cd20c033db5644596d987c17552de9f429970557034f5724cdc283f87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a16ea8b79654b2ab1da991008783b63e

SHA1
2dd0ee0c86511f38bc361c9796e35069358efb6f

SHA256
0530af953abc25a56d2a191e78720d073159ee95dc7f49213f4a51e3e82b2f06

SHA512
f60ff8c271e1d08945c585633ea4a410984c5731228b6b7435391752eb09fc972ed0de4e8f92d2a1043e222e97e004cc54ca3ad6e34d4c538e3e144897b6bc2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2e54000f9f92ad1ce4bfff2c5d3be07b

SHA1
5cb87ee6196aec2a41c8964b14119f707bcf4b93

SHA256
2646ae607061e12f381ab4b55944eb576359f2fe1e896cc1b9ec5de8462a3247

SHA512
8fb28fb17a34912495a64a3c0c4582f924650e855f376215b8b304d7cc9c26239090ed0db0cedf3e7c081fb4f7b8a1d2071f73cf256ac730ecceb3d209104368

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b2aa3ed19eb1c7d060a0821b98576746

SHA1
74b59de1774af6ef113815115d4a2b7dcf0f1bcc

SHA256
9fb3814874b6b0e3eac08528612bbf07dfc22cd019f062e3b104aa6bb4100d4a

SHA512
5c82cb5aca17c580a6764eb9a8d8c84e6c70cb7bf21ad630cc869c0afb3c1f713b88cdffdc68e84a2b67275e3c99cf3bc5dd62d5e777a367fa6ffa297791dd9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
38cd02a16a01cd466f4910dcde40b157

SHA1
b2b382ee62f8cb973c11541c4803c88ddab598b1

SHA256
4513c0704ca7c76cf821113cc77cda909bf136092bae902909af170142c3c1ae

SHA512
4cc07e187590b97348997a03504d4d666c4825985b08622389f0de5e55cdacf8662b3e5bf15f1532ae54dcad5caf9624c897af29c9f1d65b5bcbb89f213b5485

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3d48c09584d5137b8364d8978855d187

SHA1
c5ca53cea984a128700a4761be2538869ee3bf0a

SHA256
0a29e35f1bed7b28b03d6a5b0abfb9cd2018abef5dcd84f025ff123a12129722

SHA512
0280032b33bfe7dc4a2ab9938b933bf2df55352cc02a87eb2c99535319cb009c02a8da7a809221ec46ac97fce14261fbf6a2660460c862cf587516672bdb4e95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
896add2c27a23ba77f3e53aa5f0173f5

SHA1
54722d499194d01b9eb00682769fb18af004390c

SHA256
eb1c286f0b23b90dfb7184de8669d79953ab58bafc77b7e606beaff58e43cbf6

SHA512
4a0b88cdfdece1c2235fadd21498b6c62d3d39da8867fedc9f5d5bedbc417356568d703d04cf5eb19fe34e41a39b0099f02d644a7bd75a26e628e342ba3f78fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
188f84a287f17c28b73d45490642f341

SHA1
5a57755ae424d5662f313f4abe55e04acd08caf5

SHA256
f54fd30c13acad8a129ed6723bd403429abcafc068552e4a77256421b015f1f4

SHA512
0a3d33ef374290a98a6dfc66758226fd8a4561ccd4ebaa1a242168ab1f7ee586d3d4359cc840f43736a24b5853996836d11ff4261b01c858d4eb58eff5afc0b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\MANIFEST-000001.CashRansomware

Filesize
48B

MD5
26eeabc1bc48cfe48cf0f37626cd30ea

SHA1
9d928c4b8141f54d9a0040d4b1c601099f96df91

SHA256
3e22ccc80fdc3f5ff71d8ad3bd7a1d3baf961e135a757f2a83c2c755ab6eb7fe

SHA512
3096b70757b8d1722eb4272bed42bb9dd6a79ec8184bf4f6330db45a5b342a307284d73b2fe4cf190a40e96ae9d4566869d20098031ba96d224da884a4e71330

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
93ca4d9994c3a15e63a57015ae12e5ae

SHA1
2ae7d186d5dba1fb54995f944c66685456d8b12e

SHA256
a471840f6193aa6e11a63ab58d2815f98b92d81aba73fa0525c5ad82e588fff0

SHA512
2dc312a78851bc1ad9c4b854814e537937e3ef635f3699e60df8f8843eed8069554ac390fa74037df98bb2823a04ff120b132f6435a7798062db186ac466d605

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
e05a9cdd3488ada79bbc9cb749eeb602

SHA1
2a0cc5f22f8c169c984d0bb8a9172a88a13387b2

SHA256
2b9ea19c09ff4f0dad2c38b59a6a74f804a95e63bc1a2f0f96b640eb2706c605

SHA512
af4e5ec65b6c7554ecc26a24d0585e21992b76b28fac6b9acce4d0febf9fe4b995241b57fc16eca17da01028629283afd97e1d7dd1011e796e5feaa259db1d94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
88c6e6c6beec0f64e814e4a29a7eb925

SHA1
946ee44fa6fd2f3b7c8ceaabd4908c2ff889056c

SHA256
f5e365bc97ca0eecae3a2f94d5f55b63f9bd10c808d61ce879b02f72d465a209

SHA512
567411346d8485ba96f8ee1e2f5a01d7372b185d9e10f1992ebdd14f27d0d1a9f5a02d08d109065a8648755e6f9ccfadaeb584e7d0edd74a814ae88c849654c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
99747f4fa1ef27cff3fbdbadc17ad0f6

SHA1
de385dcf9d6902461e79d02a0901037fa0e826c4

SHA256
c8e9b9916e1734d626dda4e854d1ec529222b6fabdb4ebc94bb5aed1f7ade5f2

SHA512
0c8b755e4efa82e26744305cc128f0509db6fb7992c3faa2f85676bb576d86f0332489b38a985ad06078881f89a137162771fe3fe96c329dede09df43d89e8d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
91KB

MD5
b639929338c82cb80187781e63383ed8

SHA1
5caa79a7bdf486945c52b4015bf2c98582584c18

SHA256
3678b5235175ae69d8d2b0e4bf440ba1b4fb8a81e6beab68a3571e027470d1fe

SHA512
7ad76de257af91cd27db0f2f2c4671098c118acce16dd91219f555a5de5aca877a06eb741a2370b6b6b4baa6e7bec49df537096a702cce0f6d4e7cffd9c45a06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
45254e7f3360a2a9386a312ae0f108c5

SHA1
7b7e3a52e7ccc7e9b9ba92bafc3e4d064098c15d

SHA256
1436fa4232d92c3f2d93f40b3314f510a5c0878d9554d0401406fb4d77166a9d

SHA512
432deb7e047d5e4b3cf2ed9ca430e3a0dd0a83435ce617f4c29476869a66a2c400343594c847ed49b37ce6f08a86106201b08876b638f8a61ed0b95708428bdc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
75890cf09a10e2e61655996e99905853

SHA1
0f39a64b51d25eb4569ed36e5dbf1776e9ef52ec

SHA256
28fb04c3ad91adcfc42e673dc67ab6aa7fe29589241d7031a7ff841217750ac8

SHA512
01e1875f1802dc4abc28f2f07cc82df820b35f2c342867093231b1f409bbbf8b04f1a8336f9c305bbdc0cbdb923c915582673e92e88c34ee037c05a8eee9ca49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
105KB

MD5
c668deb19f1afc936d5842a05f64c64f

SHA1
9107a820fdf7bf81a52db0d363795a4627583189

SHA256
c969760df1ab6b88444e71ab4ee5ae7e03c472bfb81dcdd1902721ed8161fd44

SHA512
d3518302957398f84a530e53b652e3d9851545b878d8cab1829f687c2091a0a2b09fb06dcfe0fad9b314469dfba8edb2c604b433494276d4cb4005e2927a0ea8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
b03295bf42ce5541048f6b2723e713d0

SHA1
674e0432c096e6219c8d7acf97c16b125df36b58

SHA256
d62c8d06eae2694f82bb94f89c06b229c1d1ff23700fb14cd87024119e2c81fc

SHA512
db4feb2c84e6bbe5c3d5fa425adf721a3cfb453ac7a385ff926373536e98da9bcebdf7283440dbe2eb5b709f7af0ea6b61f562edbc33b2f4884fe73040164599

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5e85c8.TMP

Filesize
89KB

MD5
4c2e4acc119e45633f60e98326c60b7c

SHA1
9a303bee1f4dc35961e618e06552ab770357a883

SHA256
97763efcc2b93443ea94dbbd97792cf10e8d74e8d6c0c02eebb9c7e063f7da79

SHA512
408d6bf8d8d3c1320ff828f028f670d34f3b18f5140e7813726c05948208d59905684b235b3774bc23480e261057613cb12fadcbe1d0bca6244dbfc6b434353b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\c69697fe-118f-4e0a-8f14-53c6d9580652.tmp

Filesize
256KB

MD5
afb8fc07d603c2b5faedb0a02a1235a5

SHA1
587bebbcd9b449b738d32a9cbb448417fb28d40a

SHA256
4087330000428fed04cb292092b4547a3072936a2d8d23ef624529b00b676778

SHA512
3456d9d9d96f4a196e43f5ad7ce291b74540e8eed96cb5afe748254ace4a4e4a4c63c5f5c4d3aef157dd1422151bca70de16e5d79e2b609a3036abde7e0463cd

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.CashRansomware

Filesize
8KB

MD5
ee454c287c6ba5947964d1b4d90961c6

SHA1
59d86de6410427266f088293cae8520781aaab1d

SHA256
a162e0ec0fe967152748fb6dd4747a86c4ce9e2a2bc289a7e13978fdfc29fbd6

SHA512
9081b417bf5b9b6703e72f60f0dfe14bd616a5bd742040814d9585a2b65077a33536d636cbdb6c422e6265b74ab661f68a9583307e3aa24e0d233e414d928b07

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{A5E73466-E220-8EF4-B956-A582187356D9}.CashRansomware

Filesize
36KB

MD5
b5f0747a7cbe63011558b30f735e9f98

SHA1
c9edbe2f9384bc7eace9aa0bba6e8bf1479f1f4b

SHA256
b4b492be4ae6526896abbc40cf37ea47c264818cbc0482f0fe2d2940ce142704

SHA512
eb80ff892ec15bc0fb55042f1234dbad113bde219da4c7a57f18e4433fecdc82527bbbb1d22ad566c866de9144a920bf58ba397138b2bbe861b36f3a928e93e1

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_comexp_msc.CashRansomware

Filesize
36KB

MD5
efa1ae7794a4942d6f5603c5c071a8e3

SHA1
e04354ea40795568ba0eb7e824eb02b1a722852f

SHA256
b5a124f5ae13d20d613e081417c30cc6ae7a7fc7d21ef0500c9bfbcca66905ff

SHA512
2ffc987e139fb213784f6a216c623750e18a1059af8bbd9170ac6c2630469c84148da230fd9b5f4cae47bd32f97034680c95b980a600e0b31ccb044268dc19a6

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{50c798ed-efe2-4fbb-8178-fb25fa3dd1e5}\0.1.filtertrie.intermediate.txt.CashRansomware

Filesize
16B

MD5
bae3aa7e32a66da31b24d135f1465b82

SHA1
fb5504c754ef82cd3b16304d0ebf44e8b3348485

SHA256
a8bc4e9245ac42e3682ad52a4746433dab0b2f685c15c7653012e0cdef30168c

SHA512
ef674c3f07a760236c03538e4776149d382220c9406b90f74f4eb18aa3b419a3c9782f8ab2ed61e897365f1f83a7cb06ae3a019eb5b66762c93ae2e4882ac748

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{50c798ed-efe2-4fbb-8178-fb25fa3dd1e5}\0.2.filtertrie.intermediate.txt.CashRansomware

Filesize
16B

MD5
6756c79c3f9e496cacd4f03979f7ac39

SHA1
521772964d4610fd426f59855f89c76ea4b43966

SHA256
0d3093abe0b1ab4ae0c0c3633e673b59bc3118ee8a1e0c5a64e2f810b9b72429

SHA512
3b3c24309004d516da1c6d5b6a9f0c5769384eb970dea2e7409b88d99025695fba386e3ecd773340db86ce8eb2826c9db430bca64d232ef06aa1cee4ca70c5c1

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133596440163211563.txt.CashRansomware

Filesize
47KB

MD5
d3bdc29f08edd0f14546308b9e727df4

SHA1
e9316c04b628ef0cd68a494c8f08eeb3b2d46341

SHA256
54cc539b7b27e11ceb06469966db3fe6e7a57ae5e1191c95a3cf6977a8e1b2ba

SHA512
12a469e26e2e0f2818ba9b509e6d1153ae422155eab88b1de6ed44f37ec26c56ea1f0e987aa85308b8771fde6a4417bad10340a8bad0431a1be94cdb7f4d7b1c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133596447899219805.txt.CashRansomware

Filesize
66KB

MD5
761400405432a7264486eb79c89c412a

SHA1
0e487bbe4da75126fc06c05bea2874ebb047faa7

SHA256
8ca02e1a4099aa8c62d848a5f0fb485154f248001aa03b42ba25191e22736173

SHA512
c668dd859ade515935342c5e236e456d403f72fc76a9ab1f7b23b4aef1ab7a3b506615ff1e20fee960e285ee7308d49e0246f05984dd2df3830d4d7924165884

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133596489537816243.txt.CashRansomware

Filesize
75KB

MD5
d59ca256efaa5a9fa7c748385eb67089

SHA1
db1afe98756c33d00fb4c882f0681c2d0e4b4ee7

SHA256
1391375ba35ddf1a8eba4a2610ebc8ccdb8b19cd6c9ee4545bdba615a875d120

SHA512
683cc1677f5fe9c3c32bdbefd969705bb6300090da3e087b04a686a71e1fb604a3a268c0e79cb66282d5d92db41d1adf82a9e6f33e6c0ff1a25bb61c932e7c24

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite.CashRansomware

Filesize
48KB

MD5
fdbf1390d37c041fca50f6a9b3e72cfc

SHA1
7ccb58fae1333777c3e80e1990665c4a517ba931

SHA256
809e7555049d8e46807b665f6a5e11a87bd59b1d54c82286ec3e5b3038a9f276

SHA512
09a1b1cf413c18894c35f31874062da9b6d4c4ca2d4487d0142f4b26290ad6f227458826890a3b6bd98acff93b8153bb3c425b8a3f7e764563dcf51aad3a0e75

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 311245.crdownload

Filesize
1.5MB

MD5
61ba723e67d41dd15e134b973f2d7262

SHA1
3282a5b7c20c7123ae6168f0c565d19930ffb6f6

SHA256
4931869d95ffa6f55788e3b5d92088f3fe590e13532b9d8e811a52e2b377bfb6

SHA512
b293d21403e8ac935a0ae8daf27a069b31b3b6c4d078d3966f2411e5df34094f9e0ea50c7fdb118ae7f2e7ca25a3b526f0bc172e769244bd92125858357ce0ff

Download Submit
memory/1132-4271-0x00000181EBA50000-0x00000181EBC12000-memory.dmp

Filesize
1.8MB

Download
memory/1132-4272-0x00000181EC150000-0x00000181EC678000-memory.dmp

Filesize
5.2MB

Download
memory/1132-2124-0x00000181CA6F0000-0x00000181CA99E000-memory.dmp

Filesize
2.7MB

Download