Analysis

  • max time kernel
    519s
  • max time network
    520s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    20-05-2024 11:24

Errors

Reason
Machine shutdown

General

  • Target

    1.txt

  • Size

    31B

  • MD5

    7bf03ee373d7b9c51be1f4d5660d48c5

  • SHA1

    cfaa36642ace2c88f8e1f0ce13ddd74fbd8ff7ae

  • SHA256

    0dbdeebf8e5a72d7d36839c711058954f4daabfb74ddde08bc65cf407d9bdb00

  • SHA512

    78631bcd0210195d9330457ac57f1c252530f36d0bf204794f39bd6069ed88b35016cdf4d30fedb826b5f264f0c2544bb9e7640fbfdd727224223a8eba2a42ff

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\_R_E_A_D___T_H_I_S___QFRW_.txt

Family

cerber

Ransom Note
CERBER RANSOMWARE ----- YOUR DOCUMENTS, PH0TOS, DATABASES AND OTHER IMPORTANT FILES HAVE BEEN ENCRYPTED! ----- The only way to decrypt y0ur files is to receive the private key and decryption program. To receive the private key and decryption program go to any decrypted folder, inside there is the special file (*_READ_THIS_FILE_*) with complete instructions how to decrypt your files. If you cannot find any (*_READ_THIS_FILE_*) file at your PC, follow the instructions below: ----- 1. Download "Tor Browser" from https://www.torproject.org/ and install it. 2. In the "Tor Browser" open your personal page here: http://p27dokhpz2n7nvgr.onion/54F7-C363-D27F-0446-9673 Note! This page is available via "Tor Browser" only. ----- Also you can use temporary addresses on your personal page without using "Tor Browser". ----- 1. http://p27dokhpz2n7nvgr.12hygy.top/54F7-C363-D27F-0446-9673 2. http://p27dokhpz2n7nvgr.14ewqv.top/54F7-C363-D27F-0446-9673 3. http://p27dokhpz2n7nvgr.14vvrc.top/54F7-C363-D27F-0446-9673 4. http://p27dokhpz2n7nvgr.129p1t.top/54F7-C363-D27F-0446-9673 5. http://p27dokhpz2n7nvgr.1apgrn.top/54F7-C363-D27F-0446-9673 ----- Note! These are temporary addresses! They will be available for a limited amount of time! -----
URLs

http://p27dokhpz2n7nvgr.onion/54F7-C363-D27F-0446-9673

http://p27dokhpz2n7nvgr.12hygy.top/54F7-C363-D27F-0446-9673

http://p27dokhpz2n7nvgr.14ewqv.top/54F7-C363-D27F-0446-9673

http://p27dokhpz2n7nvgr.14vvrc.top/54F7-C363-D27F-0446-9673

http://p27dokhpz2n7nvgr.129p1t.top/54F7-C363-D27F-0446-9673

http://p27dokhpz2n7nvgr.1apgrn.top/54F7-C363-D27F-0446-9673

Extracted

Path

C:\Users\Admin\AppData\Roaming\Microsoft\OneNote\16.0\_R_E_A_D___T_H_I_S___MNVR7_.hta

Family

cerber

Ransom Note
<!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <title>C&#069;&#82;BE&#82; &#82;ANSOMWA&#82;&#069;: Instructi&#111;ns</title> <HTA:APPLICATION APPLICATIONNAME="8EiuMQwBt" SCROLL="yes" SINGLEINSTANCE="yes" WINDOWSTATE="maximize"> <style type="text/css"> a { color: #04a; text-decoration: none; } a:hover { text-decoration: underline; } body { background-color: #e7e7e7; color: #222; font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif; font-size: 13pt; line-height: 19pt; } body, h1 { margin: 0; padding: 0; } hr { color: #bda; height: 2pt; margin: 1.5%; } h1 { color: #555; font-size: 14pt; } ol { padding-left: 2.5%; } ol li { padding-bottom: 13pt; } small { color: #555; font-size: 11pt; } ul { list-style-type: none; margin: 0; padding: 0; } .button { color: #04a; cursor: pointer; } .button:hover { text-decoration: underline; } .container { background-color: #fff; border: 2pt solid #c7c7c7; margin: 5%; min-width: 850px; padding: 2.5%; } .header { border-bottom: 2pt solid #c7c7c7; margin-bottom: 2.5%; padding-bottom: 2.5%; } .h { display: none; } .hr { background: #bda; display: block; height: 2pt; margin-top: 1.5%; margin-bottom: 1.5%; overflow: hidden; width: 100%; } .info { background-color: #efe; border: 2pt solid #bda; display: inline-block; padding: 1.5%; text-align: center; } .updating { color: red; display: none; padding-left: 35px; background: url("data:image/gif;base64,R0lGODlhGQAZAKIEAMzMzJmZmTMzM2ZmZgAAAAAAAAAAAAAAACH/C05FVFNDQVBFMi4wAwEAAAAh+QQFAAAEACwAAAAAGQAZAAADVki63P4wSEiZvLXemRf4yhYoQ0l9aMiVLISCDms+L/DIwwnfc+c3qZ9g6Hn5hkhF7YgUKI2dpvNpExJ/WKquSoMCvd9geDeuBpcuGFrcQWep5Df7jU0AACH5BAUAAAQALAoAAQAOABQAAAMwSLDU/iu+Gdl0FbTAqeXg5YCdSJCBuZVqKw5wC8/qHJv2IN+uKvytn9AnFBCHx0cCACH5BAUAAAQALAoABAAOABQAAAMzSLoEzrC5F9Wk9YK6Jv8gEYzgaH4myaVBqYbfIINyHdcDI+wKniu7YG+2CPI4RgFI+EkAACH5BAUAAAQALAQACgAUAA4AAAMzSLrcBNDJBeuUNd6WwXbWtwnkFZwMqUpnu6il06IKLChDrsxBGufAHW0C1IlwxeMieEkAACH5BAUAAAQALAEACgAUAA4AAAM0SLLU/lAtFquctk6aIe5gGA1kBpwPqVZn66hl1KINPDRB3sxAGufAHc0C1IkIxcARZ4QkAAAh+QQFAAAEACwBAAQADgAUAAADMUhK0vurSfiko8oKHC//yyCCYvmVI4cOZAq+UCCDcv3VM4cHCuDHOZ/wI/xxigDQMAEAIfkEBQAABAAsAQABAA4AFAAAAzNIuizOkLgZ13xraHVF1puEKWBYlUP1pWrLBLALz+0cq3Yg324PAUAXcNgaBlVGgPAISQAAIfkEBQAABAAsAQABABQADgAAAzRIujzOMBJHpaXPksAVHoogMlzpZWK6lF2UjgobSK9AtjSs7QTg8xCfELgQ/og9I1IxXCYAADs=") left no-repeat; } #change_language { float: right; } #change_language, #texts div { display: none; } </style> </head> <body> <div class="container"> <div class="header"> <a id="change_language" href="#" onclick="return changeLanguage1();" title="English">&#9745; English</a> <h1>C&#069;&#82;BE&#82; &#82;ANSOMWA&#82;&#069;</h1> <small id="title">Instructions</small> </div> <div id="languages"> <p>&#9745; Select your language</p> <ul> <li><a href="#" title="English" onclick="return sh_bl('en');">English</a></li> <li><a href="#" title="Arabic" onclick="return sh_bl('ar');">العربية</a></li> <li><a href="#" title="Chinese" onclick="return sh_bl('zh');">中文</a></li> <li><a href="#" title="Dutch" onclick="return sh_bl('nl');">Nederlands</a></li> <li><a href="#" title="French" onclick="return sh_bl('fr');">Français</a></li> <li><a href="#" title="German" onclick="return sh_bl('de');">Deutsch</a></li> <li><a href="#" title="Italian" onclick="return sh_bl('it');">Italiano</a></li> <li><a href="#" title="Japanese" onclick="return sh_bl('ja');">日本語</a></li> <li><a href="#" title="Korean" onclick="return sh_bl('ko');">한국어</a></li> <li><a href="#" title="Polish" onclick="return sh_bl('pl');">Polski</a></li> <li><a href="#" title="Portuguese" onclick="return sh_bl('pt');">Português</a></li> <li><a href="#" title="Spanish" onclick="return sh_bl('es');">Español</a></li> <li><a href="#" title="Turkish" onclick="return sh_bl('tr');">Türkçe</a></li> </ul> </div> <div id="texts"> <div id="en"> <p>Can't yo<span class="h">K</span>u find the necessary files?<br>Is the c<span class="h">UYc</span>ontent of your files not readable?</p> <p>It is normal be<span class="h">Zjd</span>cause the files' names and the data in your files have been encryp<span class="h">ZWrG</span>ted by "Ce<span class="h">Mtxskdj4w</span>r&#98;er&nbsp;Rans&#111;mware".</p> <p>It me<span class="h">LFDBw</span>ans your files are NOT damage<span class="h">CfNa</span>d! Your files are modified only. This modification is reversible.<br>F<span class="h">mBp</span>rom now it is not poss<span class="h">gHO3T</span>ible to use your files until they will be decrypted.</p> <p>The only way to dec<span class="h">x</span>rypt your files safely is to &#98;uy the special decryption software "C<span class="h">wxZF</span>er&#98;er&nbsp;Decryptor".</p> <p>Any attempts to rest<span class="h">UY</span>ore your files with the thir<span class="h">lJVclfM</span>d-party software will be fatal for your files!</p> <hr> <p class="w331208">You can proc<span class="h">ioXvOkOhLR</span>eed with purchasing of the decryption softw<span class="h">Yd5NQ</span>are at your personal page:</p> <p><span class="info"><span class="updating">Ple<span class="h">zJYq</span>ase wait...</span><a class="url" href="http://p27dokhpz2n7nvgr.12hygy.top/54F7-C363-D27F-0446-9673" target="_blank">http://p27dokhpz2n7nvgr.12hygy.top/54F7-C363-D27F-0446-9673</a><hr><a href="http://p27dokhpz2n7nvgr.14ewqv.top/54F7-C363-D27F-0446-9673" target="_blank">http://p27dokhpz2n7nvgr.14ewqv.top/54F7-C363-D27F-0446-9673</a><hr><a href="http://p27dokhpz2n7nvgr.14vvrc.top/54F7-C363-D27F-0446-9673" target="_blank">http://p27dokhpz2n7nvgr.14vvrc.top/54F7-C363-D27F-0446-9673</a><hr><a href="http://p27dokhpz2n7nvgr.129p1t.top/54F7-C363-D27F-0446-9673" target="_blank">http://p27dokhpz2n7nvgr.129p1t.top/54F7-C363-D27F-0446-9673</a><hr><a href="http://p27dokhpz2n7nvgr.1apgrn.top/54F7-C363-D27F-0446-9673" target="_blank">http://p27dokhpz2n7nvgr.1apgrn.top/54F7-C363-D27F-0446-9673</a></span></p> <p>If t<span class="h">jqlh</span>his page cannot be opened &nbsp;<span class="button" onclick="return _url_upd_('en');">cli<span class="h">Sw</span>ck here</span>&nbsp; to get a new addr<span class="h">Lz9k</span>ess of your personal page.<br><br>If the addre<span class="h">h4oisXWFB</span>ss of your personal page is the same as befo<span class="h">1b</span>re after you tried to get a new one,<br>you c<span class="h">iA0rO</span>an try to get a new address in one hour.</p> <p>At th<span class="h">Wr2rC1</span>is p&#097;ge you will receive the complete instr<span class="h">mXPuIhv</span>uctions how to buy the decrypti<span class="h">7Fm</span>on software for restoring all your files.</p> <p>Also at this p&#097;ge you will be able to res<span class="h">uPLUcgmn0</span>tore any one file for free to be sure "Cer&#98;e<span class="h">cJo4XlHwJ</span>r&nbsp;Decryptor" will help you.</p> <hr> <p>If your per<span class="h">bIm</span>sonal page is not availa<span class="h">e5nrLUEw</span>ble for a long period there is another way to open your personal page - insta<span class="h">Hrfwcd2na</span>llation and use of Tor&nbsp;Browser:</p> <ol> <li>run your Inte<span class="h">At9</span>rnet browser (if you do not know wh&#097;t it is run the Internet&nbsp;Explorer);</li> <li>ent<span class="h">n4uCNf2xk</span>er or copy the &#097;ddress <a href="https://www.torproject.org/download/download-easy.html.en" target="_blank">https://www.torproject.org/downlo&#097;d/download-easy.html.en</a> into the address bar of your browser &#097;nd press ENTER;</li> <li>wait for the site load<span class="h">UnT7h8XFN</span>ing;</li> <li>on the site you will be offered to do<span class="h">QgF5eO2</span>wnload Tor&nbsp;Browser; download and run it, follow the installation instructions, wait until the installation is completed;</li> <li>ru<span class="h">K8EocQQfS</span>n Tor&nbsp;Browser;</li> <li>connect with the butt<span class="h">ceF55GTV</span>on "Connect" (if you use the English version);</li> <li>a normal Internet bro<span class="h">Jyg9HVyJ</span>wser window will be opened &#097;fter the initialization;</li> <li>type or copy the add<span class="h">BhhtYf8204</span>ress <br><span class="info">http://p27dokhpz2n7nvgr.onion/54F7-C363-D27F-0446-9673</span><br> in this browser address bar;</li> <li>pre<span class="h">KQ</span>ss ENTER;</li> <li>the site sho<span class="h">ltMSMO8da</span>uld be loaded; if for some reason the site is not lo<span class="h">Z7</span>ading wait for a moment and try again.</li> </ol> <p>If you have any pr<span class="h">zlYhlGV</span>oblems during installation or use of Tor&nbsp;Browser, please, visit <a href="https://www.youtube.com/results?search_query=Install+Tor+Browser+Windows" target="_blank">https://www.youtube.com</a> and type request in the searc<span class="h">86B</span>h bar "Install Tor&nbsp;Browser Windows" and you will find a lot of training videos about Tor&nbsp;Browser installation and use.</p> <hr> <p><strong>Addit<span class="h">aa3Hc5Kv</span>ional information:</strong></p> <p>You will fi<span class="h">mCmZ8xm</span>nd the instru<span class="h">FtE</span>cti&#111;ns ("*_READ_THIS_FILE_*.hta") for re<span class="h">lcod</span>st&#111;ring y&#111;ur files in &#097;ny f<span class="h">l</span>&#111;lder with your enc<span class="h">0F8gbkH</span>rypted files.</p> <p>The instr<span class="h">a3qMw</span>ucti&#111;ns "*_READ_THIS_FILE_*.hta" in the f<span class="h">4pJf4t</span>&#111;lder<span class="h">6fHIefGNKf</span>s with your encry<span class="h">BZsjlX0u34</span>pted files are not vir<span class="h">NUg2f7</span>uses! The instruc<span class="h">o4Y3MHT5u</span>tions "*_READ_THIS_FILE_*.hta" will he<span class="h">hld</span>lp you to dec<span class="h">HI73A</span>rypt your files.</p> <p>Remembe<span class="h">sRYDgnlWY</span>r! The w&#111;rst si<span class="h">G7w28</span>tu&#097;tion already happ<span class="h">UMOGGm3ZL</span>ened and n&#111;w the future of your files de<span class="h">HoEHYaTIx</span>pends on your determ<span class="h">WZlU</span>ination and speed of your actions.</p> </div> <div id="ar" style="direction: rtl;"> <p>لا يمكنك العثور على الملفات الضرورية؟<br>هل محتوى الملفات غير قابل للقراءة؟</p> <p>هذا أمر طبيعي لأن أسماء الملفات والبيانات في الملفات قد تم تشفيرها بواسطة "Cer&#98;er&nbsp;Rans&#111;mware".</p> <p>وهذا يعني أن الملفات الخاصة بك ليست تالفة! فقد تم تعديل ملفاتك فقط. ويمكن التراجع عن هذا.<br>ومن الآن فإنه لا يكن استخدام الملفات الخاصة بك حتى يتم فك تشفيرها.</p> <p>الطريقة الوحيدة لفك تشفير ملفاتك بأمان هو أن تشتري برنامج فك التشفير المتخصص "Cer&#98;er&nbsp;Decryptor".</p> <p>إن أية محاولات لاستعادة الملفات الخاصة بك بواسطة برامج من طرف ثالث سوف تكون مدمرة لملفاتك!</p> <hr> <p>يمكنك الشروع في شراء برنامج فك التشفير من صفحتك الشخصية:</p> <p><span class="info"><span class="updating">أرجو الإنتظار...</span><a class="url" href="http://p27dokhpz2n7nvgr.12hygy.top/54F7-C363-D27F-0446-9673" target="_blank">http://p27dokhpz2n7nvgr.12hygy.top/54F7-C363-D27F-0446-9673</a><hr><a href="http://p27dokhpz2n7nvgr.14ewqv.top/54F7-C363-D27F-0446-9673" target="_blank">http://p27dokhpz2n7nvgr.14ewqv.top/54F7-C363-D27F-0446-9673</a><hr><a href="http://p27dokhpz2n7nvgr.14vvrc.top/54F7-C363-D27F-0446-9673" target="_blank">http://p27dokhpz2n7nvgr.14vvrc.top/54F7-C363-D27F-0446-9673</a><hr><a href="http://p27dokhpz2n7nvgr.129p1t.top/54F7-C363-D27F-0446-9673" target="_blank">http://p27dokhpz2n7nvgr.129p1t.top/54F7-C363-D27F-0446-9673</a><hr><a href="http://p27dokhpz2n7nvgr.1apgrn.top/54F7-C363-D27F-0446-9673" target="_blank">http://p27dokhpz2n7nvgr.1apgrn.top/54F7-C363-D27F-0446-9673</a></span></p> <p>في حالة تعذر فتح هذه الصفحة &nbsp;<span class="button" onclick="return _url_upd_('ar');">انقر هنا</span>&nbsp; لإنشاء عنوان جديد لصفحتك الشخصية.</p> <p>في هذه الصفحة سوف تتلقى تعليمات كاملة حول كيفية شراء برنامج فك التشفير لاستعادة جميع الملفات الخاصة بك.</p> <p>في هذه الصفحة أيضًا سوف تتمكن من استعادة ملف واحد بشكل مجاني للتأكد من أن "Cer&#98;er&nbsp;Decryptor" سوف يساعدك.</p> <hr> <p>إذا كانت صفحتك الشخصية غير متاحة لفترة طويلة فإن ثمّة طريقة أخرى لفتح صفحتك الشخصية - تحميل واستخدام متصفح Tor:</p> <ol> <li>قم بتشغيل متصفح الإنترنت الخاص بك (إذا كنت لا تعرف ما هو قم بتشغيل إنترنت إكسبلورر);</li> <li>قم بكتابة أو نسخ العنوان <a href="https://www.torproject.org/download/download-easy.html.en" target="_blank">https://www.torproject.org/download/download-easy.html.en</a> إلى شريط العنوان في المستعرض الخاص بك ثم اضغط ENTER;</li> <li>انتظر لتحميل الموقع;</li> <li>سوف يعرض عليك الموقع تحميل متصفح Tor. قم بتحميله وتشغيله، واتبع تعليمات التثبيت، وانتظر حتى اكتمال التثبيت;</li> <li>قم بتشغيل متصفح Tor;</li> <li>اضغط على الزر "Connect" (إذا كنت تستخدم النسخة الإنجليزية);</li> <li>سوف تُفتح نافذة متصفح الإنترنت العادي بعد البدء;</li> <li>قم بكتابة أو نسخ العنوان <br><span class="info">http://p27dokhpz2n7nvgr.onion/54F7-C363-D27F-0446-9673</span><br> في شريط العنوان في المتصفح;</li> <li>اضغط ENTER;</li> <li>يجب أن يتم تحميل الموقع؛ إذا لم يتم تحميل الموقع لأي سبب، انتظر للحظة وحاول مرة أخرى.</li> </ol> <p>إذا كان لديك أية مشكلات أثناء عملية التثبيت أو استخدام متصفح Tor، يُرجى زيارة <a href="https://www.youtube.com/results?search_query=Install+Tor+Browser+Windows" target="_blank">https://www.youtube.com</a> واكتب الطلب "install tor browser windows" أو "تثبيت نوافذ متصفح Tor" في شريط البحث، وسوف تجد الكثير من أشرطة الفيديو للتدريب حول تثبيت متصفح Tor واستخدامه.</p> <hr> <p><strong>معلومات إض<span class="h">NcqCK7r</span>افية:</strong></p> <p>س<span class="h">fC3d1G1</span>وف تجد إرشادات استعادة الملفات الخاصة بك ("*_READ_THIS_FILE_*") في أي مجلد مع ملفاتك المشفرة.</p> <p>الإرش<span class="h">LtoxC36w</span>ادات ("*_READ_THIS_FILE_*") الموجودة في المجلدات مع ملفاتك المشفرة ليست فيروسات والإرشادات ("*_READ_THIS_FILE_*") سوف تساعدك على فك تشفير الملفات الخاصة بك.</p> <p>تذكر أن أسوأ مو<span class="h">OUqan</span>قف قد حدث بالفعل، والآن مستقبل ملفاتك يعتمد على عزيمتك وسرعة الإجراءات الخاصة بك.</p> </div> <div id="zh"> <p>您找不到所需的文件?<br>您文件的内容无法阅读?</p> <p>这是正常的,因为您文件的文件名和数据已经被“Cer&#98;er&nbsp;Rans&#111;mware”加密了。</p> <p>这意味着您的文件并没有损坏!您的文�

Signatures

  • Cerber

    Cerber is a widely used ransomware-as-a-service (RaaS), first seen in 2017.

  • Contacts a large (1126) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Modifies Windows Firewall 2 TTPs 2 IoCs
  • Drops startup file 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Drops file in System32 directory 38 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
  • Drops file in Program Files directory 20 IoCs
  • Drops file in Windows directory 64 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Kills process with taskkill 1 IoCs
  • Modifies data under HKEY_USERS 17 IoCs
  • Modifies registry class 3 IoCs
  • Opens file in notepad (likely ransom note) 2 IoCs
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\1.txt
    1⤵
    • Opens file in notepad (likely ransom note)
    PID:4904
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4684
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4900
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4900.0.2070165283\526465517" -parentBuildID 20221007134813 -prefsHandle 1748 -prefMapHandle 1740 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ea8c7b5e-8c56-400e-84dd-f5bc94df6d7e} 4900 "\\.\pipe\gecko-crash-server-pipe.4900" 1828 1f97f9d5558 gpu
        3⤵
          PID:2556
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4900.1.750120776\185935291" -parentBuildID 20221007134813 -prefsHandle 2172 -prefMapHandle 2168 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {32e5a6ae-7e83-4e07-8b19-14e2a07ef491} 4900 "\\.\pipe\gecko-crash-server-pipe.4900" 2184 1f976c71f58 socket
          3⤵
          • Checks processor information in registry
          PID:4124
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4900.2.1689989008\1639025445" -childID 1 -isForBrowser -prefsHandle 3016 -prefMapHandle 3012 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1260 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b6f479a-a836-40f2-834d-5ef10f6dda57} 4900 "\\.\pipe\gecko-crash-server-pipe.4900" 2672 1f90d49be58 tab
          3⤵
            PID:1544
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4900.3.750459469\768419706" -childID 2 -isForBrowser -prefsHandle 3380 -prefMapHandle 3372 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1260 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c69e1473-fe63-4aa7-9a01-6712cfae0459} 4900 "\\.\pipe\gecko-crash-server-pipe.4900" 3396 1f90b8ce558 tab
            3⤵
              PID:4316
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4900.4.235066343\1039926147" -childID 3 -isForBrowser -prefsHandle 4300 -prefMapHandle 4296 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1260 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c2ed709-918f-4ae9-804a-2adfff8dcd2c} 4900 "\\.\pipe\gecko-crash-server-pipe.4900" 4312 1f97f9d6a58 tab
              3⤵
                PID:2220
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4900.5.81534900\748311843" -childID 4 -isForBrowser -prefsHandle 2548 -prefMapHandle 1608 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1260 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {abed3797-8117-4d34-926b-2a5d2a039a70} 4900 "\\.\pipe\gecko-crash-server-pipe.4900" 3852 1f9103ca058 tab
                3⤵
                  PID:1152
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4900.6.1631582472\621661956" -childID 5 -isForBrowser -prefsHandle 1684 -prefMapHandle 1600 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1260 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9ceab40-b9bf-4a30-beef-420435e20497} 4900 "\\.\pipe\gecko-crash-server-pipe.4900" 3796 1f9103ca958 tab
                  3⤵
                    PID:512
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4900.7.450264671\457625397" -childID 6 -isForBrowser -prefsHandle 5052 -prefMapHandle 3852 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1260 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b9ff875-c897-4bac-9c31-be709a02ebc7} 4900 "\\.\pipe\gecko-crash-server-pipe.4900" 5320 1f9103cbe58 tab
                    3⤵
                      PID:2152
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4900.8.1666809386\1898732801" -childID 7 -isForBrowser -prefsHandle 5588 -prefMapHandle 5584 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1260 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5b1dd41-2adf-46fb-b8e8-5d5ac22f5460} 4900 "\\.\pipe\gecko-crash-server-pipe.4900" 5536 1f9113f7858 tab
                      3⤵
                        PID:216
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe"
                    1⤵
                    • Enumerates system info in registry
                    • Modifies data under HKEY_USERS
                    • Modifies registry class
                    • Suspicious behavior: EnumeratesProcesses
                    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of FindShellTrayWindow
                    • Suspicious use of SendNotifyMessage
                    PID:3480
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff98e749758,0x7ff98e749768,0x7ff98e749778
                      2⤵
                        PID:4248
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1548 --field-trial-handle=1804,i,17698346448420852018,990439841960994639,131072 /prefetch:2
                        2⤵
                          PID:2900
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1948 --field-trial-handle=1804,i,17698346448420852018,990439841960994639,131072 /prefetch:8
                          2⤵
                            PID:4244
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2096 --field-trial-handle=1804,i,17698346448420852018,990439841960994639,131072 /prefetch:8
                            2⤵
                              PID:2824
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2852 --field-trial-handle=1804,i,17698346448420852018,990439841960994639,131072 /prefetch:1
                              2⤵
                                PID:5052
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2872 --field-trial-handle=1804,i,17698346448420852018,990439841960994639,131072 /prefetch:1
                                2⤵
                                  PID:3432
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4448 --field-trial-handle=1804,i,17698346448420852018,990439841960994639,131072 /prefetch:1
                                  2⤵
                                    PID:4544
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4652 --field-trial-handle=1804,i,17698346448420852018,990439841960994639,131072 /prefetch:8
                                    2⤵
                                      PID:4864
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4596 --field-trial-handle=1804,i,17698346448420852018,990439841960994639,131072 /prefetch:8
                                      2⤵
                                        PID:216
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 --field-trial-handle=1804,i,17698346448420852018,990439841960994639,131072 /prefetch:8
                                        2⤵
                                          PID:1444
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 --field-trial-handle=1804,i,17698346448420852018,990439841960994639,131072 /prefetch:8
                                          2⤵
                                            PID:60
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5108 --field-trial-handle=1804,i,17698346448420852018,990439841960994639,131072 /prefetch:8
                                            2⤵
                                              PID:1200
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4780 --field-trial-handle=1804,i,17698346448420852018,990439841960994639,131072 /prefetch:1
                                              2⤵
                                                PID:2164
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3860 --field-trial-handle=1804,i,17698346448420852018,990439841960994639,131072 /prefetch:1
                                                2⤵
                                                  PID:2740
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3052 --field-trial-handle=1804,i,17698346448420852018,990439841960994639,131072 /prefetch:8
                                                  2⤵
                                                    PID:4000
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3092 --field-trial-handle=1804,i,17698346448420852018,990439841960994639,131072 /prefetch:8
                                                    2⤵
                                                      PID:376
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2988 --field-trial-handle=1804,i,17698346448420852018,990439841960994639,131072 /prefetch:8
                                                      2⤵
                                                        PID:4336
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2484 --field-trial-handle=1804,i,17698346448420852018,990439841960994639,131072 /prefetch:1
                                                        2⤵
                                                          PID:2832
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1684 --field-trial-handle=1804,i,17698346448420852018,990439841960994639,131072 /prefetch:8
                                                          2⤵
                                                            PID:924
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 --field-trial-handle=1804,i,17698346448420852018,990439841960994639,131072 /prefetch:8
                                                            2⤵
                                                              PID:1148
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5468 --field-trial-handle=1804,i,17698346448420852018,990439841960994639,131072 /prefetch:2
                                                              2⤵
                                                              • Suspicious behavior: EnumeratesProcesses
                                                              PID:5052
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 --field-trial-handle=1804,i,17698346448420852018,990439841960994639,131072 /prefetch:8
                                                              2⤵
                                                                PID:4720
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2420 --field-trial-handle=1804,i,17698346448420852018,990439841960994639,131072 /prefetch:8
                                                                2⤵
                                                                  PID:4448
                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5616 --field-trial-handle=1804,i,17698346448420852018,990439841960994639,131072 /prefetch:1
                                                                  2⤵
                                                                    PID:3392
                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5664 --field-trial-handle=1804,i,17698346448420852018,990439841960994639,131072 /prefetch:1
                                                                    2⤵
                                                                      PID:596
                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4768 --field-trial-handle=1804,i,17698346448420852018,990439841960994639,131072 /prefetch:1
                                                                      2⤵
                                                                        PID:3772
                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5608 --field-trial-handle=1804,i,17698346448420852018,990439841960994639,131072 /prefetch:8
                                                                        2⤵
                                                                          PID:4028
                                                                      • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                                                        "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                                                        1⤵
                                                                          PID:1248
                                                                        • C:\Windows\System32\rundll32.exe
                                                                          C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                          1⤵
                                                                            PID:808
                                                                          • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.Cerber.zip\cerber.exe
                                                                            "C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.Cerber.zip\cerber.exe"
                                                                            1⤵
                                                                            • Drops startup file
                                                                            • Drops file in System32 directory
                                                                            • Sets desktop wallpaper using registry
                                                                            • Drops file in Program Files directory
                                                                            • Drops file in Windows directory
                                                                            • Modifies registry class
                                                                            PID:4928
                                                                            • C:\Windows\SysWOW64\netsh.exe
                                                                              C:\Windows\system32\netsh.exe advfirewall set allprofiles state on
                                                                              2⤵
                                                                              • Modifies Windows Firewall
                                                                              PID:3360
                                                                            • C:\Windows\SysWOW64\netsh.exe
                                                                              C:\Windows\system32\netsh.exe advfirewall reset
                                                                              2⤵
                                                                              • Modifies Windows Firewall
                                                                              PID:4360
                                                                            • C:\Windows\SysWOW64\mshta.exe
                                                                              "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\_R_E_A_D___T_H_I_S___6J25WF_.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
                                                                              2⤵
                                                                                PID:2488
                                                                              • C:\Windows\SysWOW64\NOTEPAD.EXE
                                                                                "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\_R_E_A_D___T_H_I_S___EB396DM4_.txt
                                                                                2⤵
                                                                                • Opens file in notepad (likely ransom note)
                                                                                PID:4908
                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                "C:\Windows\system32\cmd.exe"
                                                                                2⤵
                                                                                  PID:2676
                                                                                  • C:\Windows\SysWOW64\taskkill.exe
                                                                                    taskkill /f /im "cerber.exe"
                                                                                    3⤵
                                                                                    • Kills process with taskkill
                                                                                    PID:1060
                                                                                  • C:\Windows\SysWOW64\PING.EXE
                                                                                    ping -n 1 127.0.0.1
                                                                                    3⤵
                                                                                    • Runs ping.exe
                                                                                    PID:2856
                                                                              • C:\Windows\SysWOW64\werfault.exe
                                                                                werfault.exe /h /shared Global\86fe2e63057f4dc4bb245e04e6a22d8c /t 4680 /p 2488
                                                                                1⤵
                                                                                  PID:1704
                                                                                • C:\Windows\system32\taskmgr.exe
                                                                                  "C:\Windows\system32\taskmgr.exe" /4
                                                                                  1⤵
                                                                                  • Drops file in Windows directory
                                                                                  • Checks SCSI registry key(s)
                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                  • Suspicious use of SendNotifyMessage
                                                                                  PID:1596
                                                                                • C:\Windows\system32\LogonUI.exe
                                                                                  "LogonUI.exe" /flags:0x0 /state0:0xa3aa3855 /state1:0x41c64e6d
                                                                                  1⤵
                                                                                  • Modifies data under HKEY_USERS
                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                  PID:4584
                                                                                • C:\Windows\System32\rundll32.exe
                                                                                  C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding
                                                                                  1⤵
                                                                                    PID:4536
                                                                                  • C:\Windows\System32\rundll32.exe
                                                                                    C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding
                                                                                    1⤵
                                                                                      PID:1316

                                                                                    Network

                                                                                    MITRE ATT&CK Matrix ATT&CK v13

                                                                                    Persistence

                                                                                    Create or Modify System Process

                                                                                    1
                                                                                    T1543

                                                                                    Windows Service

                                                                                    1
                                                                                    T1543.003

                                                                                    Privilege Escalation

                                                                                    Create or Modify System Process

                                                                                    1
                                                                                    T1543

                                                                                    Windows Service

                                                                                    1
                                                                                    T1543.003

                                                                                    Defense Evasion

                                                                                    Impair Defenses

                                                                                    1
                                                                                    T1562

                                                                                    Disable or Modify System Firewall

                                                                                    1
                                                                                    T1562.004

                                                                                    Modify Registry

                                                                                    1
                                                                                    T1112

                                                                                    Discovery

                                                                                    Network Service Discovery

                                                                                    1
                                                                                    T1046

                                                                                    Query Registry

                                                                                    4
                                                                                    T1012

                                                                                    Peripheral Device Discovery

                                                                                    1
                                                                                    T1120

                                                                                    System Information Discovery

                                                                                    3
                                                                                    T1082

                                                                                    Remote System Discovery

                                                                                    1
                                                                                    T1018

                                                                                    Command and Control

                                                                                    Web Service

                                                                                    1
                                                                                    T1102

                                                                                    Impact

                                                                                    Defacement

                                                                                    1
                                                                                    T1491

                                                                                    Replay Monitor

                                                                                    Loading Replay Monitor...

                                                                                    Downloads

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
                                                                                      Filesize

                                                                                      69KB

                                                                                      MD5

                                                                                      805d4fdfc3d3e5ddd5391b8f361fa519

                                                                                      SHA1

                                                                                      5425f05d27964bc57cd879e16914bce5053ec743

                                                                                      SHA256

                                                                                      3924dabf7b129ad34cdd665768bff84c6ffa449b942cab5df2e30b0ea9efb659

                                                                                      SHA512

                                                                                      7a64df530a77faf100ba32d9cf82ca5d57f6f11f40a1e6688d695d3b726b807b6f7e34853fb2b7ecb30c137465618f09077031f42b24eb80ee90ab5c3a0bd8ca

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007
                                                                                      Filesize

                                                                                      325KB

                                                                                      MD5

                                                                                      a9ff8365ba5599a81243476f1a1feddc

                                                                                      SHA1

                                                                                      6b773a4aa592cf016587f2012f609acb9d8f3268

                                                                                      SHA256

                                                                                      c0202ec0d178205cd2cfabd7aa7c7b82ad484cc5254c7ac153cc2cacc567d9d1

                                                                                      SHA512

                                                                                      cd7bc03b7606e88c1a57fb1f48c71206b62274558118a293ecb090dbd8cadf688c09ca6477b2b998840a40c97d271cd74305d3b9517358752bc3a028094cbd39

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
                                                                                      Filesize

                                                                                      141KB

                                                                                      MD5

                                                                                      c08561b18d252f9a9528ccda1442ae2a

                                                                                      SHA1

                                                                                      7be97d70e98aaef31b74bd4f6fce72f1b6808de8

                                                                                      SHA256

                                                                                      12927070a0fe141a24fedb2ef7d706ec8813e7b86af3ac609c6825679688a988

                                                                                      SHA512

                                                                                      f38f2dec5137d96a049f073a14af35bb3c3cb84d2d277da697ead00d00dc9ab614c26c6cd2d3bd60868db204cfe32da63bc1271a65653d4aabb5ee2dca030d82

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f
                                                                                      Filesize

                                                                                      248KB

                                                                                      MD5

                                                                                      b02ef75ee171dd46cd7e85950804be49

                                                                                      SHA1

                                                                                      a1283c9e143ce18f1761c8b9c106cca177b2398c

                                                                                      SHA256

                                                                                      6a447f99e3386e4203cdfdb66938732f1328dba895666a2918e8994cf2d2c073

                                                                                      SHA512

                                                                                      e2b79cfbfebde40065a345a1013005048a32520ced0a9ede828937ef679e253c69dee52dd8b675a9182720d520cca120b7e6425db3749bd6f50b9388d7fa823c

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010
                                                                                      Filesize

                                                                                      160KB

                                                                                      MD5

                                                                                      509dc4b02eb8ee84785158902b34aaf0

                                                                                      SHA1

                                                                                      8f71d6b7aa6ee0171f14d35198f694586dbf3b10

                                                                                      SHA256

                                                                                      93abedc956d4291a401a8a619424fbace07da3e5d10fc4b93c5f455594276ce7

                                                                                      SHA512

                                                                                      c981d96d4f1bb9031df2e0706b77c610572cabe5fcb89afdae42d1542059e6b7fa72588bb1fdb76f4cf27deefc836506aa4c22761c093bb573a61c469c9aa4d0

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011
                                                                                      Filesize

                                                                                      218KB

                                                                                      MD5

                                                                                      fbd67cd63e5ebbaa3d136586cef0b195

                                                                                      SHA1

                                                                                      61e4654cf96fd23c478fe0e20ec87cd841170ca4

                                                                                      SHA256

                                                                                      093d28f08c493c414151298393889a64bb7f737951b513d395114ec08af5204b

                                                                                      SHA512

                                                                                      84a9166b2a3c528b5b510f98f147d3f7c83905c9a286cecd4cc070b91c33a1135909c80f539ae7939d235fe2376f90dad29f97a0fa37df4e15d046799ffff4be

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012
                                                                                      Filesize

                                                                                      41KB

                                                                                      MD5

                                                                                      948cfdaf5d10c750c7cc645072ac26cb

                                                                                      SHA1

                                                                                      98ca2e5f9e4eecbc45c87cbc14daed6f1843eab6

                                                                                      SHA256

                                                                                      207a3cc30261e0c5cf267c8a24246c5a3cd1d00e93ff57c2ee44b245efad9024

                                                                                      SHA512

                                                                                      2befd88ff95ea99a13d478c77da3d6bb61109dcc1ec30779ac95a73a7f30491beb5a83336d573bb3ab9775af8d462af506fa9b192c3c5867e403d4973c34d089

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019
                                                                                      Filesize

                                                                                      44KB

                                                                                      MD5

                                                                                      13c12dd8035a11f88f36de3b9dc964a4

                                                                                      SHA1

                                                                                      25fb02df3f77368d59eac2e7a1c59fabfe9ac9b6

                                                                                      SHA256

                                                                                      f58cce418d2df873187a718cd5a0d609c711405480c1b56f004d304107c87171

                                                                                      SHA512

                                                                                      7944f16894141495458ea9957172ab4ede54eafc76c50280075ce55f9eca941ffe7c876f2ae2536d7492da0cb340aa8094681929b96a428bf9fedfa47c8dad86

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a
                                                                                      Filesize

                                                                                      48KB

                                                                                      MD5

                                                                                      0f2b395cc63db1bd8a5d093e558cbdd1

                                                                                      SHA1

                                                                                      833d0657cb836d456c251473ed16dfb7d25e6ebe

                                                                                      SHA256

                                                                                      f3797115dd01a366cce0fbd7e6148b79559767164d2aa584b042d10f1ffd926d

                                                                                      SHA512

                                                                                      e8a4ada76efb453c77a38d25d2bbd3a7f03df27b85e26ba231791d65d286fe654c024b64f9d6869824db5d1cf59e4d4eb662f5a55c326e5e249144ae1a66b798

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b
                                                                                      Filesize

                                                                                      24KB

                                                                                      MD5

                                                                                      a5bb3bb3eda1301f6ac876a49d4b2f62

                                                                                      SHA1

                                                                                      1786309cdc2fb5c1d29cdac00dbdf13711f19f3a

                                                                                      SHA256

                                                                                      316ba0d916f3d3d945b42e589de9a0326836664f9a06e9680bb853c828c2bf35

                                                                                      SHA512

                                                                                      f2ab2d40d2ccd43c5e5bf2150ea79d575e0d4a41381a8fba3beb47a8944adeac0bd19dacdbe237f8dd1c06fc04403f0bda3fca1ec0fc429357dc705c6db1eea4

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c
                                                                                      Filesize

                                                                                      21KB

                                                                                      MD5

                                                                                      6b528d140a964a09d3ebb5c32cd1e63a

                                                                                      SHA1

                                                                                      45a066db0228ee8d5a9514352dc6c7366c192833

                                                                                      SHA256

                                                                                      f08969d8ae8e49b96283000267f978d09b79218bb9e57037a12a19091d4a3208

                                                                                      SHA512

                                                                                      d3c281c3130735c89ddbf9b52de407da75a3d7ecbf0026e0de5995f40989883178cd59198354976aaa2aa7b47fc5f3f3856a59fe1463d4e2fdb7a27e9f10e76f

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d
                                                                                      Filesize

                                                                                      20KB

                                                                                      MD5

                                                                                      0f3de113dc536643a187f641efae47f4

                                                                                      SHA1

                                                                                      729e48891d13fb7581697f5fee8175f60519615e

                                                                                      SHA256

                                                                                      9bef33945e76bc0012cdbd9941eab34f9472aca8e0ddbbaea52658423dc579f8

                                                                                      SHA512

                                                                                      8332bf7bd97ec1ebfc8e7fcf75132ca3f6dfd820863f2559ab22ac867aa882921f2b208ab76a6deb2e6fa2907bb0244851023af6c9960a77d3ad4101b314797f

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e
                                                                                      Filesize

                                                                                      65KB

                                                                                      MD5

                                                                                      c5a7113d962c5eb74a8dcc7b0420dc68

                                                                                      SHA1

                                                                                      c348dc63331cd35611851a53aff9cfca3f27daaf

                                                                                      SHA256

                                                                                      a3f9455a7908ac86647d2af76e2f84cd8025da815fe98f65da0f31f40337066d

                                                                                      SHA512

                                                                                      c9960f3c54f43129c1069ac57a33acbeb4bd0cce8393838f541c12c51fea6566bafafb053d72402f001c3909df252073e335833c6318a89f6101c7aa46afa4cd

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f
                                                                                      Filesize

                                                                                      21KB

                                                                                      MD5

                                                                                      ea48c33e2560afec958fe8c5396344bc

                                                                                      SHA1

                                                                                      2d83e09c5784df5c427e017cd312606df8e5bbe9

                                                                                      SHA256

                                                                                      fe6b76517c4f221c3241886d04702bb1ea480827d335ad37336cea28dd9c4df3

                                                                                      SHA512

                                                                                      3757c49932afd3eda89619a96572cf6d3f940b69d499ab83c6c14782fb320fb6e69681a33e8d9872e476cf697865f1bc358a01627ea455b3d97ecc772cf85d0f

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020
                                                                                      Filesize

                                                                                      59KB

                                                                                      MD5

                                                                                      4bc7fdb1eed64d29f27a427feea007b5

                                                                                      SHA1

                                                                                      62b5f0e1731484517796e3d512c5529d0af2666b

                                                                                      SHA256

                                                                                      05282cd78e71a5d9d14cc9676e20900a1d802016b721a48febec7b64e63775f6

                                                                                      SHA512

                                                                                      9900aecac98f2ca3d642a153dd5a53131b23ceec71dd9d3c59e83db24796a0db854f49629449a5c9fe4b7ca3afcdd294086f6b1ba724955551b622bc50e3ba1e

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021
                                                                                      Filesize

                                                                                      21KB

                                                                                      MD5

                                                                                      d13799a914badab072031a06fda7f0eb

                                                                                      SHA1

                                                                                      3c28322d73ea38efb97593843fecc749b5393db1

                                                                                      SHA256

                                                                                      123c3facdefd1fb463a411f64f3fea8eda47a1e17deb6663d1fbc1fd5932b0fd

                                                                                      SHA512

                                                                                      2316fdcdec1441cf4a6b79ffaa853e889934f6dfadcf76262fa6b15de696b10a244b93f89d64b96ce9f082a488f1f00f233fc4cd2944d6073e8211199c2ffa5c

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022
                                                                                      Filesize

                                                                                      24KB

                                                                                      MD5

                                                                                      6cbf8f829c02fb20c7025a2db54209a1

                                                                                      SHA1

                                                                                      a5c97ff92c09fb6d041e8c605233aff7f619f6bd

                                                                                      SHA256

                                                                                      beb80436725b4013784e4c1afde181c4b1179fcb193b48a408a63162c0ae1b5e

                                                                                      SHA512

                                                                                      d5529174a05906c3a3272256a68f555c70ba3a091bb11d9650d8b72d21323060fe35431b5179193ae38f7279efc87ea123e9381984e13611306c6f2bda09505b

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023
                                                                                      Filesize

                                                                                      150KB

                                                                                      MD5

                                                                                      0b1dfab8142eadfeffb0a3efd0067e64

                                                                                      SHA1

                                                                                      219f95edd8b49ec2ba7aa5f8984a273cdaf50e6c

                                                                                      SHA256

                                                                                      8e2ee8d51cfcc41a6a3bfa07361573142d949903c29f75de5b4d68f81a1ae954

                                                                                      SHA512

                                                                                      6d1104fd4cfe086a55a0dd3104c44c4dba9b7f01e2d620804cf62c3753a74c56b5eae4c1dc87c74664e44f58a966ba10600de74fb5557b3c6c438e52cc4decdb

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024
                                                                                      Filesize

                                                                                      36KB

                                                                                      MD5

                                                                                      01369d5062d49b270c8dd6ab535bc403

                                                                                      SHA1

                                                                                      39c654df64cd7386081da8108f23573f331debab

                                                                                      SHA256

                                                                                      ed672ed37bfdadddb835de8c346655a17b653094197a2d6080e6777fa59785ea

                                                                                      SHA512

                                                                                      de704934135717cb62e4d15ef1666e78b3d43c17ff5d50b279c21a5318ac2ce0cea88ebeb17b66f4668e1ca1a8801bdd6bab0194b157b1da6bd90c71b29da08e

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025
                                                                                      Filesize

                                                                                      19KB

                                                                                      MD5

                                                                                      bfff9d83b00a5aa9b944286ea3654726

                                                                                      SHA1

                                                                                      aac4c6e9f26a09c38aa59742b86313d4fed8a4c0

                                                                                      SHA256

                                                                                      90fe1ef718caa668c13dff783a028dcf133d7d9c5ceec7226312a182afe6cbd6

                                                                                      SHA512

                                                                                      ebe8fde5b6cd266a29bc731077ed905247bb6e9948996aeb38a91f200f77e588e514662713875db34279629b70ecf2bab326b6e152fe8dc4b7a595892e64a28c

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028
                                                                                      Filesize

                                                                                      125KB

                                                                                      MD5

                                                                                      b265305541dce2a140da7802442fbac4

                                                                                      SHA1

                                                                                      63d0b780954a2bc96b3a77d9a2b3369d865bf1fd

                                                                                      SHA256

                                                                                      0537fa38b88755f39df1cd774b907ec759dacab2388dc0109f4db9f0e9d191a0

                                                                                      SHA512

                                                                                      af65384f814633fe1cde8bf4a3a1a8f083c7f5f0b7f105d47f3324cd2a8c9184ccf13cb3e43b47473d52f39f4151e7a9da1e9a16868da50abb74fcbc47724282

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0a92d7d0f462109d_0
                                                                                      Filesize

                                                                                      1KB

                                                                                      MD5

                                                                                      953c102379bc17eda6bf4beb730418bf

                                                                                      SHA1

                                                                                      69401f96f2e3f06d7f4334836497242281900fb2

                                                                                      SHA256

                                                                                      6206495c885ba9500716a308e2551397cc9e5f686c1ee3fde480e484be6afbc8

                                                                                      SHA512

                                                                                      ebdb8c13ed8513fdd2ceb0a87960c705bd8b80fb3ab3a65fdbc7200f6a6b04577487556839a6074057e5078a53513bae74dbb2e0d1f8a9ecdda32203013b5946

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\72c21e422550d001_0
                                                                                      Filesize

                                                                                      4KB

                                                                                      MD5

                                                                                      6022a4ff6c440cd3a5456e7c9cc03759

                                                                                      SHA1

                                                                                      ddbfc0d3b9a1e3eae167a0f559fac1ceeb50e0ad

                                                                                      SHA256

                                                                                      1f7c3a304385728903050b509994d0f24cdb0063ebefb13581c79474ea0d22d1

                                                                                      SHA512

                                                                                      b46385f33d2ba62a708dcadfb8fab8eeb82ccb5169fa2db71381c5fcfb84d228351ee64924a88f3d2f5d5c9948e2762ea7a87008ca25026629596bda6dd063df

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\81037e226035aa29_0
                                                                                      Filesize

                                                                                      7KB

                                                                                      MD5

                                                                                      86e6de45b9725e415b9c1aa2ed7ddb89

                                                                                      SHA1

                                                                                      fd483f6b205bb029fc4d381d2f934b29ed8afc22

                                                                                      SHA256

                                                                                      f56ca860469f079beae9a06a771f1cc664114525122ea80ed507f05b79416f1f

                                                                                      SHA512

                                                                                      7f97a1362b6403682d9313c2027afd50c19239469148fc7cfdd3344f627abb23586204440af721a7e3671cf2f50241532bf80d0f3064e58d0aa7f8c81cf31574

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a89e6ddf70829024_0
                                                                                      Filesize

                                                                                      4KB

                                                                                      MD5

                                                                                      5901d890e936a7a0f7fc3d8a4697581d

                                                                                      SHA1

                                                                                      973fa122f4b5b4a3308ff39b83ff01c81ce4e873

                                                                                      SHA256

                                                                                      dfc5650a0c27e288cde3229b3de948ed117ca78b781eed4231287cd28d6a9e7a

                                                                                      SHA512

                                                                                      2464bf5f29bf9344d43f59fdf9d3d3ac993887a1cec6e27553d558d340c42df2ab3348d9a5e893450417bd95457f3380ee845f020a598be3ebd05890e6a5d02f

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                      Filesize

                                                                                      2KB

                                                                                      MD5

                                                                                      1e58a0ddac826254c126b9ec4d326c31

                                                                                      SHA1

                                                                                      100734cf0ad1843066fa2829b9e1c7d9b7d4d54c

                                                                                      SHA256

                                                                                      3bd699e84bd4f573593516fa9e4fac3202a23a02235bac0659f971c23f2da6ca

                                                                                      SHA512

                                                                                      82738a04377deac656b81396c149de0fffa2b14eaa2c0c41befa4a9cc1b512e30b1b93e07d52ca40d90c7700401a55aef26d72e44837db3d3797d250f6e105ed

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                      Filesize

                                                                                      2KB

                                                                                      MD5

                                                                                      5f7be7c5f98b789a79883128254fa62d

                                                                                      SHA1

                                                                                      d5bb379c28e8e886a1e871245a5318d13b6eb6cc

                                                                                      SHA256

                                                                                      67620a8b7957491a9473e3ef6344dfce13f4fe1d4ebcbcf6163549bcf6217b91

                                                                                      SHA512

                                                                                      f07a7c5fb89e87eead25dd02838e89d0381cd0428f80f819acc0359f96bbdb93e155a9e072af71a1bc8c0fb14fd58d8a4169a32be2e5111ccf4470d5d16c2238

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                      Filesize

                                                                                      2KB

                                                                                      MD5

                                                                                      7d22a2225aa2a141139053a5b19bcfe5

                                                                                      SHA1

                                                                                      42dcc1448af482c1640c32863f22aa555499fc26

                                                                                      SHA256

                                                                                      555f57f3890279b3d91b1e7e35813ab128cb8a42783441be741e453b0d8d05d5

                                                                                      SHA512

                                                                                      a21c425eac5fdc33fb505766a93029d4d3b8713841936912eabcb59c138a38c54cc4dd645354708610a833b8015799cd565a5034092d23453eee8af87f739093

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                      Filesize

                                                                                      3KB

                                                                                      MD5

                                                                                      16fd70ac1d7d277d1e1e2c17bc87043f

                                                                                      SHA1

                                                                                      280066be0184606bd50f4fe2c8943c5cbf105f3d

                                                                                      SHA256

                                                                                      612341deb9645860f5138a378a2a910a503c2a77bd6b0532c64e7e74519bd9ea

                                                                                      SHA512

                                                                                      3188bf1631fe1dd1ce4800745aaa8f8a1a728535a73e3cdc59db5194e14102b9a23c2c1e57364ee29dc5e5d50824bd7aa4cfc2ba6782947dd54ca8a245a2888c

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                                                                      Filesize

                                                                                      4KB

                                                                                      MD5

                                                                                      176918f9bb2e105795a781bf19ba7bbe

                                                                                      SHA1

                                                                                      88da308829cf3b8499bffdec8d6b32a15aaeb3d8

                                                                                      SHA256

                                                                                      31aee1b4595e64f45a597a781155827fce59cc1bbf484e6a699bc919f79b1c54

                                                                                      SHA512

                                                                                      c6e0ab247745e380d36bde92b9a0d8e2bc6af65d46994a121f73031e66c88e3e704ab7ce144b8bb53798c143af1efd077d9a99a6d62cebeff0bd0df4e2903ee4

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                                                                      Filesize

                                                                                      3KB

                                                                                      MD5

                                                                                      42a079309d6100de2fad8d1a20dfd449

                                                                                      SHA1

                                                                                      8521f3ac56592a7a18a55aa80bbd813e6ad57c9d

                                                                                      SHA256

                                                                                      8872ef41587c4d7f62049acbe5dd2b76ebf0947d2f7a972730a995dcd55c36d3

                                                                                      SHA512

                                                                                      66207c2a53a6c8a2bf348014add3141619eb44845a4823c0a766b2ad1998d0e305402e1bb0323ff2e1b447a31ea57c43b8077bfc8c93a6c367c44d6cc1b404d6

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                                                                      Filesize

                                                                                      4KB

                                                                                      MD5

                                                                                      6b2b2284fee9d985cbd22915916c3e36

                                                                                      SHA1

                                                                                      b8e016908f3dfe3ec403ed2798bd5c3988e19f80

                                                                                      SHA256

                                                                                      d9f05767c97af337b2be218c27fdf2ed99bb182115504802bf3118185cfc2deb

                                                                                      SHA512

                                                                                      a98a1bf95de7cc9b0d108532d05c5f2dcb00fd5360ed3eac8c6a46cd9e442a25661644fb69ca214dab1e19ddb84e8d0ee23c74f2b4eebb6afe905047cf6e3e66

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                                                                      Filesize

                                                                                      4KB

                                                                                      MD5

                                                                                      774154b81f3c43a893ba57d63a908d57

                                                                                      SHA1

                                                                                      c816f255287b5fba3873377e1475b5e530d6fbc1

                                                                                      SHA256

                                                                                      fd58213a2142cbb649676538a9574c48164cb4411d61ddfeae07402bfa72767a

                                                                                      SHA512

                                                                                      240db2cddf5c730893e332877d4ed65e81c8618ecdf8ce732d880af361e4e64705ff152ddaebeed4a62d2acd2e4c4a9cf555086a4c6d0cb782619898a7b8359d

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                                                                      Filesize

                                                                                      3KB

                                                                                      MD5

                                                                                      afd04e99713ee86af115b7ee1f61d57e

                                                                                      SHA1

                                                                                      d6143bab3d9f49ed4a8d29c9ff0a99a8eef72b46

                                                                                      SHA256

                                                                                      9c8884eb4747584ba2a1e96109a0e8a8c9bfa64d57accba876f28ab104456222

                                                                                      SHA512

                                                                                      86c38f17f2cab308fe849a338c1de7ccb0701cf37e86a0189a14aeaaeb3f8519d74307d135ecf6dd9f1dca9bb32439f9c5aae85bafad298befb220660d056c80

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                      Filesize

                                                                                      369B

                                                                                      MD5

                                                                                      045fcb49f5b25036796690bd89c3c217

                                                                                      SHA1

                                                                                      e6123a56c1f17a517de8e19061d2840514624f7f

                                                                                      SHA256

                                                                                      c95824ddf0267358191fd697b9a840b5e0b32cd44fef483148aaae02b2007496

                                                                                      SHA512

                                                                                      da47e19c3a7b93649c540ec6d64e0251358fb3332ce11954943542991efea10864ef3c42834c1e5160a02a80296580114aa499018b0fecb15478be69bb91ff01

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                      Filesize

                                                                                      1KB

                                                                                      MD5

                                                                                      078ccb87d6a414a2f80048f39b515986

                                                                                      SHA1

                                                                                      3a709f815dcda980bf63f50ead1648b344e93763

                                                                                      SHA256

                                                                                      b75d92e5f3a69ee13f002fe52bbaf4466c720c0dbff39fd4f9e11913696e9300

                                                                                      SHA512

                                                                                      676815c81fb6847d104efd01f659df13343e6653ec632c5227c356193f1fa76153671a43f686198b26cb76598b87fdfe76943323a5f271252c1e0c98f63b3980

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                      Filesize

                                                                                      1KB

                                                                                      MD5

                                                                                      c58c61992634fdeca202f4f02fa58cab

                                                                                      SHA1

                                                                                      2ba0ca6a1808cf6af7287dcf30d048eb3ce91c96

                                                                                      SHA256

                                                                                      c83aeca6e5ada8492e66d75647f2af3436428c44b4ec407456f98a58fc47f98b

                                                                                      SHA512

                                                                                      fcbd3ec36c2273ad3cd46b060354dfea8c21516db66f84823dce8471c330f0422534770b689dbede485f48b8494b0402828e5db49e26691af7ddcb91cdab255f

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                      Filesize

                                                                                      369B

                                                                                      MD5

                                                                                      87427e06fef34d2b4008623f78abb7ad

                                                                                      SHA1

                                                                                      92bc8f81d87f1b5b2917fffcb2c44348d3faca9b

                                                                                      SHA256

                                                                                      d5925e4e217e3213b3c6d29a926d3d7bc91682dee1572f37151495f85af595c1

                                                                                      SHA512

                                                                                      d2c20f1191f9a5b4a141a0c0ed143d01bd99f2353f9a78091884549ac732cb26d2f1c16f8d282e07c85669f088f6f7f0babda4fc4dd56850b77348840769d520

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                      Filesize

                                                                                      1KB

                                                                                      MD5

                                                                                      a8a16563b05a8633adf8891c713129c6

                                                                                      SHA1

                                                                                      12a7cb08b1bdd2d7c86c346f170a0d85dcbdb232

                                                                                      SHA256

                                                                                      6f1694a70e51c8edd179d32b2f5063280babef146ee1a43351ed8741ded58e95

                                                                                      SHA512

                                                                                      765eef6ad8c44cea0c17a949d5ce6cdd423837d9e3471d6177773fa34cb64f07732f08dbe0dfed024594f7aac24f1a19ce660c9028df32b13108bc1d3ee8e97c

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                      Filesize

                                                                                      1KB

                                                                                      MD5

                                                                                      101e1742007d57448c9a4c99c956827b

                                                                                      SHA1

                                                                                      d8aa3f3ba2c261257b96a65ba74cf2d96786a911

                                                                                      SHA256

                                                                                      ecb3b019f0d68689bfa00c1b8a8a7071cfeaf73f436721c1896d956e188fd25a

                                                                                      SHA512

                                                                                      3079b9465367471f5e2f23d7b1563fed4a330cf1f3c4aa9f2b4044fbeea89fa1b98fa2476e9e1bc7f56a1a47a3876706bc58c974156c39ace7961a508613ec4c

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                      Filesize

                                                                                      1KB

                                                                                      MD5

                                                                                      d9a749e5799f3ca8421aae65755c5cf7

                                                                                      SHA1

                                                                                      35c0f6c2b5446c2abd61ed722f20b88c5397894c

                                                                                      SHA256

                                                                                      f945b60d3a6b580e7bb657ba2410371ee85e4da8eb4b17efd3f4e22cfe63a580

                                                                                      SHA512

                                                                                      c633a2c264a528d7a234c2648cc1257765e655527093c47faa4f3a63b0fbf8a78063a0bd6ede5240f8b47cf39456390c744a60917874b9eab23558bf8e939cec

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                      Filesize

                                                                                      1KB

                                                                                      MD5

                                                                                      476c2406582840de4883c38a8a019161

                                                                                      SHA1

                                                                                      777b928b094c582a2b20d9171c91a6c4fb8d4c2c

                                                                                      SHA256

                                                                                      cb9364f0cd3518566c3c89fbf04112ff6c805c8952ff8e3b7becc8915b64205f

                                                                                      SHA512

                                                                                      72f32a68225dc053ca00e3282abfc9dfe2a3774da54f725af87d2aaac2788abbe14f08d72090d592922a49578b6fc01c5abdfa59167121728a632ad2a46987cc

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                      Filesize

                                                                                      1KB

                                                                                      MD5

                                                                                      4389e32ce2442118900a71487ffcfb4f

                                                                                      SHA1

                                                                                      3e69205a8b2addb6efda7dd4b02d10d22c5aa492

                                                                                      SHA256

                                                                                      3cd1e2a3bccbc367c387b8318d05cceb1c4e15303032fc8e21856f58fdd24e56

                                                                                      SHA512

                                                                                      0fe0da9a6c2c0ad7ee50fd3bf2acea6853ec4c671ae0f6092c1c17cffdaa08019e98375fa744984c57e68aea81f2536f3954f3e5c52e68e81a18d6b26640d7df

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                      Filesize

                                                                                      1KB

                                                                                      MD5

                                                                                      dab712099d1cfca9833216a1d54c5e17

                                                                                      SHA1

                                                                                      7aa0cecd49a0b1a759bfba537f8cec4d9deed1b7

                                                                                      SHA256

                                                                                      5cf3974b20f5adcb140e62af1060536962f280b77d803f607f261df45854d410

                                                                                      SHA512

                                                                                      3f1ee00a19f8e0ccd51896c1f3908e1c480a66ea5b8c37d0ddca97efa17daefe89a21f0b5f088528ca7ab77766d18741e6d39e13c7432a78ccd46169377c1647

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                      Filesize

                                                                                      1KB

                                                                                      MD5

                                                                                      47ded78df481d7dcff5cf885f750385f

                                                                                      SHA1

                                                                                      8dff07d096031b7c8c560fb74cf36a4410c25cc7

                                                                                      SHA256

                                                                                      876f81b02a835b5f13f030043b546d23a1310da0504ecfdbcdc404f558af716c

                                                                                      SHA512

                                                                                      787da7c008bfb1fd02ee2808e1f0530ba9e64efd2f9e311db7969ba4738ad37222c9d9adfe4377df9f5c2d37c29375dc2472a57ebf9f0ad5e89693a4cee46c99

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                      Filesize

                                                                                      1KB

                                                                                      MD5

                                                                                      de1f1945bcb1a7f660ecaadb3c963640

                                                                                      SHA1

                                                                                      f8f8a991388537a19dae00197d4c8b00d094a35f

                                                                                      SHA256

                                                                                      a66e54359e068b49751de1a5e97639e11a1eee95534e7d957aadb5b3c4fdf42f

                                                                                      SHA512

                                                                                      d67c92816a89d734de9b6d827ac55bd8c8e7c9f945822851ee467896a3ff9d92c4a151f89c0fad6861acbb35fdabedfb4f0942e1acc43d48048416bf874ba5f4

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                      Filesize

                                                                                      1KB

                                                                                      MD5

                                                                                      93866fb4144cc7bf2dc97f64803bd284

                                                                                      SHA1

                                                                                      45db8e9d00f4237bc48695bf149aa1678bfafa54

                                                                                      SHA256

                                                                                      19a82e7715ef83a034460f9797158a457959df5af9b7e8ee1f146022544e65e7

                                                                                      SHA512

                                                                                      7be3e49a9c49817b7c8c9bc392b3c7946e3d8caecfb4bfa164008d14af07a6108c940acf4147d2833ecf8112d93ad40ec1be9e8d9bf2bc4817f80af8d1a9169f

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                      Filesize

                                                                                      1KB

                                                                                      MD5

                                                                                      4813b6d20fa7de57f097d95dee7bab96

                                                                                      SHA1

                                                                                      9379d15aee5eda9773653415bcb7697ce55683aa

                                                                                      SHA256

                                                                                      e49328817009844ad1af41621d271987a9df0eefce4874910edda726cb4320eb

                                                                                      SHA512

                                                                                      44ca768cd26c45a4ab94e64218be6db445e75a23edd32c6284d38d56267157e4df5a4870e3fa6ab9b5d816e23c4fdfa6a652c81eea7fa8c61b3f7794cfbfc659

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                      Filesize

                                                                                      1KB

                                                                                      MD5

                                                                                      aba30c30a4b1889df3303e97207c8d3b

                                                                                      SHA1

                                                                                      79bc99cb5343dc553a4d8babc9afe72b0b35d5e7

                                                                                      SHA256

                                                                                      9ef5c4c1bbfea5a9e3fbc65aeb34fdd6a9a40903b9cca30985b47ca374f8f4c8

                                                                                      SHA512

                                                                                      b6fda5f16e2ff17fac0535992b9e53311bb4d61e367419d49af8721e005d6a1e0707eb68ef1f787beabe3db2c8d752d952438a4268378df851cb77a29c9f1d9a

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                      Filesize

                                                                                      1KB

                                                                                      MD5

                                                                                      88dbfb185c858de30454bdea876d65a8

                                                                                      SHA1

                                                                                      b91389782a69d04930e9c7c1d76f306caeaaf32b

                                                                                      SHA256

                                                                                      11e3d4be408cd6e21834b22059433e04ca6c9ed1a2cfe6a152a9fefbd1a29bbc

                                                                                      SHA512

                                                                                      ee3baba571f8df35eef486e5331b488bf1e03b5c837a7488628f9c46467ea28d1f99861e31939fb2f38f7e1b652f76f9b0c255c8614b7c0df9b17bf73a872b29

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                      Filesize

                                                                                      1KB

                                                                                      MD5

                                                                                      0019a2dccd5b6cb46bf70fde59a1fae5

                                                                                      SHA1

                                                                                      680047e42a7da2cf8fa88a3112cbaf92313f8524

                                                                                      SHA256

                                                                                      10160feb8e27230c21b6780d64fa209d0f63d401270649e0db3a13c8eaaec134

                                                                                      SHA512

                                                                                      e01a985be7bd6462b74cb4ada55e7c0fb4efd9f9d0266573c94795878a3cd4f1586bda41aacaaf7512a4ef77e2f3f99d6227b7717df8b84830678459583dfa6e

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                      Filesize

                                                                                      1KB

                                                                                      MD5

                                                                                      b682d470850bb8aadbc603c213beaaf3

                                                                                      SHA1

                                                                                      43ad84490f3924fec86f332e424b525be883752f

                                                                                      SHA256

                                                                                      df5e0729989f8816fc702aef835876b502c3a6656690b8f3f45f2ebe7a0bd384

                                                                                      SHA512

                                                                                      2efb4a8d6321340883be91b9d03a82cc203ea5b3c35804322b1bc7d1f225fccf7a3c8ffdb48ce08f1b1a788a66f9b7f5943cc713db12233f100f81881506f074

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                      Filesize

                                                                                      7KB

                                                                                      MD5

                                                                                      116e9a73a38d9d24e1f68cc2829ef3f5

                                                                                      SHA1

                                                                                      478c1f05ed668e870283b4975aba1dd446285dc6

                                                                                      SHA256

                                                                                      36f8eb27b1aff628dc280c9ab882178931a385899eb81e0263de85c6dfd96df2

                                                                                      SHA512

                                                                                      6f5f1f50b9fb95ca4d32815e2a7784684e1c8fdd621de5b16d7c83015c605097edf3f379a2e87ac060a112a5bd6d5d8068aed9906bbb6a7627a2186792fd19c3

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                      Filesize

                                                                                      7KB

                                                                                      MD5

                                                                                      5f606614f7566311ec8cc8855f7c3359

                                                                                      SHA1

                                                                                      ef6356855a2538afd1058f053dc785bb2acb4ccc

                                                                                      SHA256

                                                                                      0a11e6e7fdb5ef522a850fc67166f1c7462b0de40dcfc2d8d5fef4a9628e8f30

                                                                                      SHA512

                                                                                      d76afd0b4a2857f431953a53625cfebb650eb99e0466f00d1d97dfb72d9cbefd26c93251e9b71f9fc84c0cd49ae897da1db4593c0c2ce3764a6048b4d3e6ca52

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                      Filesize

                                                                                      7KB

                                                                                      MD5

                                                                                      012c2b2e4f8a17beab81e7556d8227e7

                                                                                      SHA1

                                                                                      ecdcca04e77ba43e2f41300f1e9b50967a785067

                                                                                      SHA256

                                                                                      ead6c837003a2d6b540208e31b6b1e144ec7cb0ea55289f081f102d3baabcb9e

                                                                                      SHA512

                                                                                      29cf7c6141b3e5825d56d4768a18a69774e1a603d8460fe5de0dd94c1c5be1788f4c1f0180de1c4ab9993330893535b9eca5736217fcdd4d7aad266466c7544f

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                      Filesize

                                                                                      7KB

                                                                                      MD5

                                                                                      4079b53ee0cfe0c7d32d7509a5b699da

                                                                                      SHA1

                                                                                      8cb547c03d41e78e3ece45458a64b9588941e080

                                                                                      SHA256

                                                                                      099f5b87ce2663544614650b9cf4b83f26854a1c7202ee2e2b0b8cd01d882287

                                                                                      SHA512

                                                                                      d6b362222473c1752613d003488425e84ccdf30743d0b619bdae6caedb68056993035c5ff1e5b09d97a2fbf97f873c20bc178fb7540b5782c6ffee1f559e9fb0

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                      Filesize

                                                                                      7KB

                                                                                      MD5

                                                                                      67f9358249b021b50cc4fb60f7c5cbc3

                                                                                      SHA1

                                                                                      46c2cd1e4c349649c6a8a46048411a8da7ca24f7

                                                                                      SHA256

                                                                                      28e680a4ffc7637926e08d9d23c39cae8114fa678caff53e5036844605b5ef86

                                                                                      SHA512

                                                                                      8e2e3f1421997b8152ed9fe9482e9f0764efb020278e04f386be977256cb01d18ef59e4ac7f1092e5c2cb6c47d3619b36a0603f6b53322ad29c49dff5c947847

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                      Filesize

                                                                                      7KB

                                                                                      MD5

                                                                                      ae916b8c363276acb8270ec289629108

                                                                                      SHA1

                                                                                      72c63095cd11845099e54663173092bae912fb78

                                                                                      SHA256

                                                                                      71d4fdf2d787d195f9c804f2d397d23f4444db97fa4b3986a36d9a2fd276cf4a

                                                                                      SHA512

                                                                                      3d0594768a329ba1d387e87b3add913d787cbe2da3d5f48f838b011526f2c9d70f8840b93b2854bf0f8eea592e9cb4ee8d1a977ef562dcafe9f95082ae03508b

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                      Filesize

                                                                                      7KB

                                                                                      MD5

                                                                                      ce977ea1f392ae3a6d7f88e1481682ad

                                                                                      SHA1

                                                                                      ac65fed5846d4a3a80ec6194c0d769860e9e27aa

                                                                                      SHA256

                                                                                      df9db6f9c01d12ccaf71a9abe4487649adeea0118e88680e4013cdd1a84a0367

                                                                                      SHA512

                                                                                      1c9cf7d9f3f0f3699e3f06f8e8d09cf10e8e1fc2b65cc9d9e4d96e2fc7fe02155f9f668819c57d85f263f53e369466374a27afefc2cb4eaf53de108f040b06a0

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                      Filesize

                                                                                      7KB

                                                                                      MD5

                                                                                      e8ceffa48a801062a8788e2160b928f4

                                                                                      SHA1

                                                                                      9e1cc69f9ff005f213ac820613bb20147fa7f6ce

                                                                                      SHA256

                                                                                      244b2ef09b6e9a90daceb61f289ddd1f0160aeb329454e6abcc430cb33c5220e

                                                                                      SHA512

                                                                                      116124055f507caa3d0d369a1a4f017d5832cb6950369b6ac84b338442b1725a3557d3bc531335fac9ce821f4e87181d9c54842716dc615769d8e49ed2a0618f

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                      Filesize

                                                                                      7KB

                                                                                      MD5

                                                                                      d0a9ceb2b06d0ddaeb1cdbe3d7b4d404

                                                                                      SHA1

                                                                                      b94423b4eb483e3906516cad85afa1dedfe35de9

                                                                                      SHA256

                                                                                      bee737af380c288537bd4d252e86750c33872a54937da2ce7e17f375664158c1

                                                                                      SHA512

                                                                                      43ef020e2994e628f8957db6614fbfe1895f79982625b549d066b35025142ff68d519fe8c987cbdd6cb3ff2c62f30141f6fb871ae8596473b4611c0f56c64b67

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                      Filesize

                                                                                      6KB

                                                                                      MD5

                                                                                      4ece0f370d139f7f334f4cf71d35c698

                                                                                      SHA1

                                                                                      a01dc54a7a79b1d887184f330da3f2314b4d4191

                                                                                      SHA256

                                                                                      67e28e9b4fc7ac7a2f6ff36b2b9ca4b208ebb45ed52b2c72ea361f6651081df0

                                                                                      SHA512

                                                                                      cb5be21fe2e56c52c06b7acbd66fc827fbc6790415304315fabdfe7ff7ed4ad17e06d4280e77be3415974ec9d6d9ebcc907fa7637277ef434f1c832d802c9526

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
                                                                                      Filesize

                                                                                      15KB

                                                                                      MD5

                                                                                      ece8b35369b9da2f08e53e36ce720013

                                                                                      SHA1

                                                                                      b700f120ad8f5f9f1dbe2caa778ff1e5607fd11b

                                                                                      SHA256

                                                                                      1762472c5cc72d6fc5ccb6e2b4dfaa6aec5acc7d07b07931b1b4d981233a955e

                                                                                      SHA512

                                                                                      0c5b37e82a11dbedc2b320854764128a250a003b4aaba591f2628c1d3e440454ae731387238acb75cf031d50c3ca24bb4554740bab0a90a72a3757bfb638bba9

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                                      Filesize

                                                                                      279KB

                                                                                      MD5

                                                                                      7f27f02a965fd6de8e657c73a9be1c27

                                                                                      SHA1

                                                                                      b1da89679de8437ea71f93889cba2c9f18d438a6

                                                                                      SHA256

                                                                                      0213f4d4fd92d822afbbd3e9b2a881c93173389139fb22897d3e2b37afa4d2b7

                                                                                      SHA512

                                                                                      8e71b9f302c4cde92d29122decf96ac6d7b582e7c59c3ab7697f3302e275f84073eb011331b8abdb6e819b7da3b14c615eb2acd9efff4b9e06898e05cec780c4

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                                      Filesize

                                                                                      279KB

                                                                                      MD5

                                                                                      795d770d04cbf9c472c5a55b82168bd3

                                                                                      SHA1

                                                                                      b4fb0a1c6dd5143c9499de14baaa3e568b1efef6

                                                                                      SHA256

                                                                                      1e48659ea6252aeccfac4d0723d0afcaac45bf6efb070aeb074c226435f34f96

                                                                                      SHA512

                                                                                      e06cabcc50059b58a1640251271e3661c342d7dbd3274269dc0b0bcaae90e49a64e5bcd3753f8c44542cb1a7b2f6a6e68e3d7d42c9c4a2eb90cd94870d151c16

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                                      Filesize

                                                                                      279KB

                                                                                      MD5

                                                                                      30c2cde3481c08f4211961c5e4d6fe02

                                                                                      SHA1

                                                                                      9eab4b54fcde3484b15a2b40dc84d58de686159e

                                                                                      SHA256

                                                                                      feac2de647ae35d9ea8fb6a6ff39a50b4bbf53c2edf693558d9bf7d5daec5875

                                                                                      SHA512

                                                                                      9971d83caba7b78be082a62c09190c41de53b1c2435b4bf970c23e56cea7b9661aa71b8439141d06cd411969a637ff528e9971d70017ac3de440c5daccca56df

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                                      Filesize

                                                                                      298KB

                                                                                      MD5

                                                                                      cc3df2daf96802ae2a03be5bb16ca87b

                                                                                      SHA1

                                                                                      680a2239887b856da072acce89c3bb16f1d632c0

                                                                                      SHA256

                                                                                      a7233d333af1795f05c5b9375300e18ff2c0a90ed22e3a0f464a3cd3613d8728

                                                                                      SHA512

                                                                                      177f110b6da3bde24154730b1cbe417323523488d59639ae00c3340514af558a1404fe8eaaac7247202c02048570d57e1186222a22585cdc15d5eb00f88715ee

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                                      Filesize

                                                                                      137KB

                                                                                      MD5

                                                                                      cd99070e6193ea51bdedb9233e21f032

                                                                                      SHA1

                                                                                      7ab5565cf4175b727a13aba98a05b0593e9525aa

                                                                                      SHA256

                                                                                      2111e33c9c00b46947bcd09e3993906a23558bd42f0152e04d9acc4c6741717d

                                                                                      SHA512

                                                                                      cb12d16621e88e201e5cd06a454ca7d12cb7f2bc8c46c28bd1fc1c23fd6901521ce768e8e10195862d9cdc2fc60f9892057a0f3dc0e6176a928d73b82efebc39

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
                                                                                      Filesize

                                                                                      109KB

                                                                                      MD5

                                                                                      98970fbb4ca14052173b766a2024ad03

                                                                                      SHA1

                                                                                      4f9b765b45ef87dd2e5a8c0fe7c2559dc9ccb68d

                                                                                      SHA256

                                                                                      7dbf108629418e07a01969930904eca49d05d9cd2ee3676390140e1f2d92e739

                                                                                      SHA512

                                                                                      5978c0011c2542eb906ff393202f9a181fabc3abf53851ddbeafe891ea7121a245ebcddcad9960f0db738675eed1fb22d9a89a08ae9be917937a78c78a33cc65

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
                                                                                      Filesize

                                                                                      98KB

                                                                                      MD5

                                                                                      4f087ab30712aedc7f470238f99e26c1

                                                                                      SHA1

                                                                                      0185f69d0088817005497d783d6e309923b495a1

                                                                                      SHA256

                                                                                      c057c682bcf1ad574953cf72d274d0faa1a7ab2a39ed58afd3dd888dfa2de834

                                                                                      SHA512

                                                                                      c63525119a15cf1ebfe132e66a752d928b091a35e5811a7d9bbcc209e809ef41be574a2ee4a50a2c0a1872ff4df2681306455cafcbe1c57198820f69b9e7690b

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59842a.TMP
                                                                                      Filesize

                                                                                      93KB

                                                                                      MD5

                                                                                      911dea47bd6cabe134666992502d4ad8

                                                                                      SHA1

                                                                                      bd9dc0e032945863e579dba2dcacd538ff281774

                                                                                      SHA256

                                                                                      46a5b68ec018ca33828f167c13c2c2a3ca4ac21d3c6576461d57307aadfc8e16

                                                                                      SHA512

                                                                                      a24ef51b0f438ee5890207ea55f9954bbc7abb3cfdefe2398aa443f978795851031ab6752a678fc39256e560797a396fa753b07210c7bf579a347c25a2b7ed66

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
                                                                                      Filesize

                                                                                      2B

                                                                                      MD5

                                                                                      99914b932bd37a50b983c5e7c90ae93b

                                                                                      SHA1

                                                                                      bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                                                                      SHA256

                                                                                      44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                                                                      SHA512

                                                                                      27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\_R_E_A_D___T_H_I_S___QFRW_.txt
                                                                                      Filesize

                                                                                      1KB

                                                                                      MD5

                                                                                      4e694b7fa020ae742d51ce37610c7b0e

                                                                                      SHA1

                                                                                      a5513227e14db9d9cee1b62c6c0277f5d0728d37

                                                                                      SHA256

                                                                                      5aaa12e13699187889c044928f9844798c4770acc1d09ef6b9b86543c981cd3e

                                                                                      SHA512

                                                                                      4b15857728d8327dad2bffbe8c04552163795a1c1301e6cd820a558e2ee57418dd70cc7a9d9452c61d87b31df6afdb6b7dc379f0be81652e7813c199dd343d7c

                                                                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\81D4B46E5F1C225F9056245AA4A09EA13A9F4FD3
                                                                                      Filesize

                                                                                      60KB

                                                                                      MD5

                                                                                      71458697ba3c12e267c65baff81e8aed

                                                                                      SHA1

                                                                                      e7c866e141fc67b219af4731db243c4163b4f141

                                                                                      SHA256

                                                                                      620d0b16b02e31aa9c5be5f12384c8b02f788a0e043203c09d24ab29022a62b2

                                                                                      SHA512

                                                                                      0bd9d1d52708278c2221ae6b64c785cee4788b7cdcb4df3dac16e9ca59fb985747d8120be2aac5c9875d85510517546e923dacec3054851a15f95f8171245e51

                                                                                    • C:\Users\Admin\AppData\Roaming\Microsoft\OneNote\16.0\_R_E_A_D___T_H_I_S___MNVR7_.hta
                                                                                      Filesize

                                                                                      75KB

                                                                                      MD5

                                                                                      710a50894d2b23e45f2a822f50e109b4

                                                                                      SHA1

                                                                                      aeed0b70817de6dff05d7b0da08be4ef406e7a5d

                                                                                      SHA256

                                                                                      779551b60273268e2a81de07a4e0f6fffff4c8d0ee525d08c16a7cfe35729ed0

                                                                                      SHA512

                                                                                      c95d52d6cb34f77a4cf05c8c248b428f3f19563b5584182a70e5579f56c26113ca2554199d8e379894a63d96f961d7637575995cb1c5658f61acf183bf7744cc

                                                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\db\data.safe.bin
                                                                                      Filesize

                                                                                      2KB

                                                                                      MD5

                                                                                      72ce5c6b1860926cf80303ff342f38ff

                                                                                      SHA1

                                                                                      72a3cd2364c9f22d548117cd34ddaf6e6d53a6aa

                                                                                      SHA256

                                                                                      0370fc38e1c1ced7d8e6bfe9201566456589e9ae3bb1713d0f5a1423382b6380

                                                                                      SHA512

                                                                                      a2d54b349d8b1d22a6c477e361dfcf1971a75b1a2174effc6a5cf0f5230052c62b2fa61ce3c783b8b6e38b94be5a5bf4a98c808dcb5a1856e72cb0d46a3d4040

                                                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\pending_pings\57ceee7d-5fd5-407c-9290-d89b21728541
                                                                                      Filesize

                                                                                      746B

                                                                                      MD5

                                                                                      3b2074803dfd84010580860b87e71054

                                                                                      SHA1

                                                                                      093fe3b78a4c98666828a8faa3a97da4c6789cc4

                                                                                      SHA256

                                                                                      58c4865b6c958d45f236e9cc0c5ca565cbac6ad5acd12119da69bef28207ddbd

                                                                                      SHA512

                                                                                      d7f628febcae43574447f9947e52b4e7751b855df4916665014eefbd89293e9b0204fbe8671b4026bd3be5cd3e2b324a2bcf1d0904a2680790d05cd9d9f505bb

                                                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\pending_pings\b5fa3f49-ffd2-4a39-9215-ba5a20532581
                                                                                      Filesize

                                                                                      9KB

                                                                                      MD5

                                                                                      481be4cf7e500166a4ad138c1a0309f0

                                                                                      SHA1

                                                                                      5eaff371c076de89bfe1f0b2bf61a5cebffecc5b

                                                                                      SHA256

                                                                                      8e7f1517cb431de3468d8e007f62cc7facf2f5a788cdd1301c92c733279e48a4

                                                                                      SHA512

                                                                                      92d216530feb46d7dfe8a0eb15ee79f580cb04ad8280fc40fdbbc388865743cc85255e0ac56cde1be825d595fb636eb858c05b69514de861079dd30b2906ff95

                                                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs-1.js
                                                                                      Filesize

                                                                                      6KB

                                                                                      MD5

                                                                                      25bd72b6ee85620539b736095320dd95

                                                                                      SHA1

                                                                                      4b3998278c356e2017439cc7d2570c60c44e4ff6

                                                                                      SHA256

                                                                                      c33c0702fffe132c41ccd33cab25444b06d49324859ff0cc3d923a4ea0dcc83e

                                                                                      SHA512

                                                                                      e6e0c199e33bdf74bfe782b8b2028b130c2032ffd7efd6fcd32d3e9aee7cb3d201e6967c67e3a2b52e95c7f3c203d71c3035cf359d5153ceb475b0008073b691

                                                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs-1.js
                                                                                      Filesize

                                                                                      6KB

                                                                                      MD5

                                                                                      0f89cf21f613381f8a2a09cb29117865

                                                                                      SHA1

                                                                                      639e34d1c3595e62dcbad38586e7172af3026ccd

                                                                                      SHA256

                                                                                      3b556ad74cbe377501cf80f00759ba12e5793d34067b74b551ffd3e878995ad8

                                                                                      SHA512

                                                                                      526b83bd136e6c81d964067a2521f32ac5aa3bc61ec446af30d224c63ceae7a6079d644c4dbc11ab5b74f6f1cc50b9d6efa9bce09a94a126b9641cb122d4a628

                                                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs.js
                                                                                      Filesize

                                                                                      6KB

                                                                                      MD5

                                                                                      200a240ac0b4aa9df6da99c01929a496

                                                                                      SHA1

                                                                                      98faac9198e432c3269d663b26dcdee1916e8fe0

                                                                                      SHA256

                                                                                      7e7c0740fed5bd517d8148a80219c9f1cb61315ba89275f141b2953888d4e5cc

                                                                                      SHA512

                                                                                      9ce96368c9c7c570be65e27454499fd3eef5c5b51f7add55508b476222cfd5e9f4c890dd64cdee364f7c41c9e66937093fc2fe5001866f324dc94ed2479a9e6f

                                                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionCheckpoints.json.tmp
                                                                                      Filesize

                                                                                      259B

                                                                                      MD5

                                                                                      e6c20f53d6714067f2b49d0e9ba8030e

                                                                                      SHA1

                                                                                      f516dc1084cdd8302b3e7f7167b905e603b6f04f

                                                                                      SHA256

                                                                                      50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092

                                                                                      SHA512

                                                                                      462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf

                                                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4
                                                                                      Filesize

                                                                                      3KB

                                                                                      MD5

                                                                                      8db3ba3aa2d9d877f77937b3797837cc

                                                                                      SHA1

                                                                                      fc91443bc09ab98ad925aa51aed76a9ca4b79fcd

                                                                                      SHA256

                                                                                      ec3a2678a20f9c3d1b908141eafe3d0152cef9e60a3b04e4e2eed9076ed1f5fd

                                                                                      SHA512

                                                                                      8ccb94ca8f729bd2c1d7ed1b0ff42267dd61e00ab321b1676ecfc516351ccb132799a64c7b659bee9397e51311cbe39a113be38a7f51844d8bcf1b58155b492f

                                                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4
                                                                                      Filesize

                                                                                      4KB

                                                                                      MD5

                                                                                      62c19616542c075b19d56ae055773b20

                                                                                      SHA1

                                                                                      06aab3646343a99a4678ee64d13c2d83821ac016

                                                                                      SHA256

                                                                                      f1b3a0b799bbd335f568833db7f40f9b47e2247f314925eb05816ce6cc8fa7b6

                                                                                      SHA512

                                                                                      42b830c5ac1272b289719e81ba1d61c4d68c4f77b5a30f91ddebaf5b53d29d5a6c01f1274cb9cbdcf0ba91ed1b3f8a9bbdbb903e23ba1dc2ca3a89c190338781

                                                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4
                                                                                      Filesize

                                                                                      4KB

                                                                                      MD5

                                                                                      d62aa2ef886c535184147f615a9daedf

                                                                                      SHA1

                                                                                      f59c882dc1893829a228e60b5ececf779b5214aa

                                                                                      SHA256

                                                                                      a828d876e4b777082067b8e79d6605bb143f3d6b75de97343785bd1bf3702a52

                                                                                      SHA512

                                                                                      19352f07054a9dfcfa1720598d700f46f61081cfefaab2d3d7597c8e4cc3d55e1e25cff885fef14f7a9bf9264caf920cb5a36dc7739c06545740e0566b4bbe2d

                                                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4
                                                                                      Filesize

                                                                                      4KB

                                                                                      MD5

                                                                                      3e5ea0730e46b3a9c8f5aafc6875fe8e

                                                                                      SHA1

                                                                                      3433754a839329771c91d14af5e8dcc587f74698

                                                                                      SHA256

                                                                                      abbb49328de9c34f0515a347f94cf0f9beeadfac2584107832f30b026bd4b471

                                                                                      SHA512

                                                                                      9cf9887fe3682fce610236195e66e0ce580be6ae4f61ba52f760a4fde0d24cfb7ae27eca7cc33762b8cc61fb772eb1759b2355bcaf541bfc8aa6d669017dbdef

                                                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore.jsonlz4
                                                                                      Filesize

                                                                                      4KB

                                                                                      MD5

                                                                                      9df80f7f91b5d3e676d145bf3c5ffd6e

                                                                                      SHA1

                                                                                      78159fb3875fdce756bc6f693b99481127e910df

                                                                                      SHA256

                                                                                      8726a547051ea0cece29978f40975da88c89815be9c91d157dab3f878ee4aa35

                                                                                      SHA512

                                                                                      851816b7e42e44b2f636fafaaf71fa6ddd2c2c9fe8d358d5db147161aa6c54792029915aba17c28039c81129581de1fcbf36b3e8d85a0c6de271c79f72d720e3

                                                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                                                                                      Filesize

                                                                                      184KB

                                                                                      MD5

                                                                                      0ed2663971e8051b2bcb574926400fa8

                                                                                      SHA1

                                                                                      467756bf41c377bdb07c8be10d5391f1df1d80a7

                                                                                      SHA256

                                                                                      0c44c9887ebd30506041e4f483422673660df0b74c7468b0cab2c69bee1f4e8c

                                                                                      SHA512

                                                                                      e521f02d0a4dc70e3bb33747c5113c76f18f15b4370826ef13700c4f559c8b158ed1d8ef79d7d88794bfea61496a75d653237391f2f8b5e53d8574a21f113898

                                                                                    • C:\Users\Admin\Downloads\Ransomware.Cerber.zip
                                                                                      Filesize

                                                                                      215KB

                                                                                      MD5

                                                                                      5c571c69dd75c30f95fe280ca6c624e9

                                                                                      SHA1

                                                                                      b0610fc5d35478c4b95c450b66d2305155776b56

                                                                                      SHA256

                                                                                      416774bf62d9612d11d561d7e13203a3cbc352382a8e382ade3332e3077e096c

                                                                                      SHA512

                                                                                      8e7b9a4a514506d9b8e0f50cc521f82b5816d4d9c27da65e4245e925ec74ac8f93f8fe006acbab5fcfd4970573b11d7ea049cc79fb14ad12a3ab6383a1c200b2

                                                                                    • C:\Users\Admin\Downloads\Ransomware.Rex.zip.crdownload
                                                                                      Filesize

                                                                                      2.7MB

                                                                                      MD5

                                                                                      50188823168525455c273c07d8457b87

                                                                                      SHA1

                                                                                      0d549631690ea297c25b2a4e133cacb8a87b97c6

                                                                                      SHA256

                                                                                      32856e998ff1a8b89e30c9658721595d403ff0eece70dc803a36d1939e429f8d

                                                                                      SHA512

                                                                                      b1a58ebcc48142fa4f79c600ea70921f883f2f23185a3a60059cb2238ed1a06049e701ccdab6e4ea0662d2d98a73f477f791aa1eec1e046b74dc1ce0a9680f70

                                                                                    • memory/4928-1575-0x0000000000400000-0x0000000000435000-memory.dmp
                                                                                      Filesize

                                                                                      212KB

                                                                                    • memory/4928-1572-0x0000000000400000-0x0000000000435000-memory.dmp
                                                                                      Filesize

                                                                                      212KB

                                                                                    • memory/4928-1927-0x0000000000400000-0x0000000000435000-memory.dmp
                                                                                      Filesize

                                                                                      212KB

                                                                                    • memory/4928-1955-0x0000000000400000-0x0000000000435000-memory.dmp
                                                                                      Filesize

                                                                                      212KB

                                                                                    • memory/4928-1956-0x0000000000440000-0x0000000000451000-memory.dmp
                                                                                      Filesize

                                                                                      68KB