d448cfe08b8d84ff2d17f7431a4aaa006cdc9bf6971a3cb54963ee57a7fae0c9

Analysis

max time kernel
413s
max time network
412s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
25-05-2024 17:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

keylogger.pyc
Size

3KB
MD5

73e081c55443aa4ce30a2bf083444759
SHA1

38be1c14d2086f1373030baa399338d1a5948a67
SHA256

1f7571aae5837ad1989679c9095c5f48fc3682bba11c74c80993baf351ce82cc
SHA512

6a333c322184df96af103b0769ef7ec6e389f077331a7a6edb97845b93047707da67a7730dbc869fc3b3980440b72341acb2ec1ee85d44029daed520bb342030

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133611310539911132"	chrome.exe

Modifies registry class 64 IoCs

Processes:

NOTEPAD.EXEchrome.exechrome.exeOpenWith.exechrome.exeOpenWith.exechrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2 = 14002e80922b16d365937a46956b92703aca08af0000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\3\MRUListEx = ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 00000000ffffffff	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\py_auto_file\shell\edit\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 03000000020000000000000001000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\3 = 14002e8005398e082303024b98265d99428e115f0000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\3	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	NOTEPAD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 56003100000000009a586667100057696e646f777300400009000400efbe874f7748b958178a2e000000000600000000010000000000000000000000000000009aa0d900570069006e0064006f0077007300000016000000	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\py_auto_file\shell	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 020000000000000001000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	NOTEPAD.EXE

NTFS ADS 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\keylogger.py:Zone.Identifier chrome.exe
Opens file in notepad (likely ransom note) 3 IoCs
ransomware

Processes:

NOTEPAD.EXENOTEPAD.EXENOTEPAD.EXE

pid process

4704 NOTEPAD.EXE
3056 NOTEPAD.EXE
4964 NOTEPAD.EXE
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

2224 chrome.exe
2224 chrome.exe
4188 chrome.exe
4188 chrome.exe
Suspicious behavior: GetForegroundWindowSpam 8 IoCs

Processes:

OpenWith.exeNOTEPAD.EXEchrome.exechrome.exeOpenWith.exeOpenWith.exechrome.exechrome.exe

pid process

3920 OpenWith.exe
4704 NOTEPAD.EXE
2472 chrome.exe
904 chrome.exe
4428 OpenWith.exe
3284 OpenWith.exe
4560 chrome.exe
408 chrome.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\keylogger.py:Zone.Identifier	chrome.exe

pid	process
4704	NOTEPAD.EXE
3056	NOTEPAD.EXE
4964	NOTEPAD.EXE

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

Processes:

chrome.exe

pid	process
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe

Suspicious use of FindShellTrayWindow 60 IoCs

Processes:

chrome.exeNOTEPAD.EXE

pid	process
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
3056	NOTEPAD.EXE
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe

Suspicious use of SendNotifyMessage 42 IoCs

Processes:

chrome.exe

pid	process
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

OpenWith.exe

pid	process
3920	OpenWith.exe
3920	OpenWith.exe
3920	OpenWith.exe
3920	OpenWith.exe
3920	OpenWith.exe
3920	OpenWith.exe
3920	OpenWith.exe
3920	OpenWith.exe
3920	OpenWith.exe
3920	OpenWith.exe
3920	OpenWith.exe
3920	OpenWith.exe
3920	OpenWith.exe
3920	OpenWith.exe
3920	OpenWith.exe
3920	OpenWith.exe
3920	OpenWith.exe
3920	OpenWith.exe
3920	OpenWith.exe
3920	OpenWith.exe
3920	OpenWith.exe
3920	OpenWith.exe
3920	OpenWith.exe
3920	OpenWith.exe
3920	OpenWith.exe
3920	OpenWith.exe
3920	OpenWith.exe
3920	OpenWith.exe
3920	OpenWith.exe
3920	OpenWith.exe
3920	OpenWith.exe
3920	OpenWith.exe
3920	OpenWith.exe
3920	OpenWith.exe
3920	OpenWith.exe
3920	OpenWith.exe
3920	OpenWith.exe
3920	OpenWith.exe
3920	OpenWith.exe
3920	OpenWith.exe
3920	OpenWith.exe
3920	OpenWith.exe
3920	OpenWith.exe
3920	OpenWith.exe
3920	OpenWith.exe
3920	OpenWith.exe
3920	OpenWith.exe
3920	OpenWith.exe
3920	OpenWith.exe
3920	OpenWith.exe
3920	OpenWith.exe
3920	OpenWith.exe
3920	OpenWith.exe
3920	OpenWith.exe
3920	OpenWith.exe
3920	OpenWith.exe
3920	OpenWith.exe
3920	OpenWith.exe
3920	OpenWith.exe
3920	OpenWith.exe
3920	OpenWith.exe
3920	OpenWith.exe
3920	OpenWith.exe
3920	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

OpenWith.exechrome.exe

description	pid	process	target process
PID 3920 wrote to memory of 4704	3920	OpenWith.exe	NOTEPAD.EXE
PID 3920 wrote to memory of 4704	3920	OpenWith.exe	NOTEPAD.EXE
PID 2224 wrote to memory of 2260	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 2260	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 4308	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 4308	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 4308	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 4308	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 4308	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 4308	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 4308	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 4308	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 4308	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 4308	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 4308	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 4308	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 4308	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 4308	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 4308	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 4308	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 4308	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 4308	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 4308	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 4308	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 4308	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 4308	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 4308	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 4308	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 4308	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 4308	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 4308	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 4308	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 4308	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 4308	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 4308	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 3752	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 3752	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 3264	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 3264	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 3264	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 3264	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 3264	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 3264	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 3264	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 3264	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 3264	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 3264	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 3264	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 3264	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 3264	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 3264	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 3264	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 3264	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 3264	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 3264	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 3264	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 3264	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 3264	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 3264	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 3264	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 3264	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 3264	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 3264	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 3264	2224	chrome.exe	chrome.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\keylogger.pyc
1⤵
PID:3540

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3920

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\keylogger.pyc
2⤵
- Modifies registry class
- Opens file in notepad (likely ransom note)
- Suspicious behavior: GetForegroundWindowSpam
PID:4704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff95047ab58,0x7ff95047ab68,0x7ff95047ab78
2⤵
PID:2260

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=1948,i,10552122878752500678,5986863790260861402,131072 /prefetch:2
2⤵
PID:4308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1948,i,10552122878752500678,5986863790260861402,131072 /prefetch:8
2⤵
PID:3752

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2188 --field-trial-handle=1948,i,10552122878752500678,5986863790260861402,131072 /prefetch:8
2⤵
PID:3264

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3096 --field-trial-handle=1948,i,10552122878752500678,5986863790260861402,131072 /prefetch:1
2⤵
PID:4140

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3104 --field-trial-handle=1948,i,10552122878752500678,5986863790260861402,131072 /prefetch:1
2⤵
PID:1280

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4320 --field-trial-handle=1948,i,10552122878752500678,5986863790260861402,131072 /prefetch:1
2⤵
PID:2096

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4576 --field-trial-handle=1948,i,10552122878752500678,5986863790260861402,131072 /prefetch:8
2⤵
PID:4044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4596 --field-trial-handle=1948,i,10552122878752500678,5986863790260861402,131072 /prefetch:8
2⤵
PID:516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4720 --field-trial-handle=1948,i,10552122878752500678,5986863790260861402,131072 /prefetch:8
2⤵
PID:2700

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 --field-trial-handle=1948,i,10552122878752500678,5986863790260861402,131072 /prefetch:8
2⤵
PID:960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4908 --field-trial-handle=1948,i,10552122878752500678,5986863790260861402,131072 /prefetch:8
2⤵
PID:2956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4920 --field-trial-handle=1948,i,10552122878752500678,5986863790260861402,131072 /prefetch:1
2⤵
PID:3336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4872 --field-trial-handle=1948,i,10552122878752500678,5986863790260861402,131072 /prefetch:1
2⤵
PID:4636

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2448 --field-trial-handle=1948,i,10552122878752500678,5986863790260861402,131072 /prefetch:1
2⤵
PID:3084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3120 --field-trial-handle=1948,i,10552122878752500678,5986863790260861402,131072 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:2472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4160 --field-trial-handle=1948,i,10552122878752500678,5986863790260861402,131072 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1940 --field-trial-handle=1948,i,10552122878752500678,5986863790260861402,131072 /prefetch:8
2⤵
PID:1424

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5412 --field-trial-handle=1948,i,10552122878752500678,5986863790260861402,131072 /prefetch:8
2⤵
- NTFS ADS
PID:4296

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6112 --field-trial-handle=1948,i,10552122878752500678,5986863790260861402,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=1224 --field-trial-handle=1948,i,10552122878752500678,5986863790260861402,131072 /prefetch:1
2⤵
PID:340

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4236 --field-trial-handle=1948,i,10552122878752500678,5986863790260861402,131072 /prefetch:1
2⤵
PID:2084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6100 --field-trial-handle=1948,i,10552122878752500678,5986863790260861402,131072 /prefetch:1
2⤵
PID:4140

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 --field-trial-handle=1948,i,10552122878752500678,5986863790260861402,131072 /prefetch:8
2⤵
PID:1604

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4912 --field-trial-handle=1948,i,10552122878752500678,5986863790260861402,131072 /prefetch:1
2⤵
PID:4360

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5448 --field-trial-handle=1948,i,10552122878752500678,5986863790260861402,131072 /prefetch:1
2⤵
PID:3676

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4404 --field-trial-handle=1948,i,10552122878752500678,5986863790260861402,131072 /prefetch:1
2⤵
PID:3916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5252 --field-trial-handle=1948,i,10552122878752500678,5986863790260861402,131072 /prefetch:1
2⤵
PID:1236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=4256 --field-trial-handle=1948,i,10552122878752500678,5986863790260861402,131072 /prefetch:1
2⤵
PID:1336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=4424 --field-trial-handle=1948,i,10552122878752500678,5986863790260861402,131072 /prefetch:1
2⤵
PID:1120

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=4448 --field-trial-handle=1948,i,10552122878752500678,5986863790260861402,131072 /prefetch:1
2⤵
PID:1244

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 --field-trial-handle=1948,i,10552122878752500678,5986863790260861402,131072 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:4560

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2712 --field-trial-handle=1948,i,10552122878752500678,5986863790260861402,131072 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=4604 --field-trial-handle=1948,i,10552122878752500678,5986863790260861402,131072 /prefetch:1
2⤵
PID:1564

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4440

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3676

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:4428

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\keylogger.py
2⤵
- Opens file in notepad (likely ransom note)
- Suspicious use of FindShellTrayWindow
PID:3056

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:3284

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\keylogger.py
2⤵
- Opens file in notepad (likely ransom note)
PID:4964

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\3ee0ab58-cc0f-46d4-bca7-597ef485da3e.tmp
Filesize
8KB

MD5
c9707eba6d1f9eb81795dad3bc9932b5

SHA1
eca707829f079d98c64e4fe3c7fc795c04e5dd5e

SHA256
028143693109ffe76a5fa70770771ca61c664508dde17faf4ebefb0ba4c37a01

SHA512
4db85ec6bd6d7866d37ce5ea1ab97d6f1cf706dcdf9b879be1de3fdc857433e80c15a510e2151e7bd968c753a0b3c0518a9698aa817775b6b362e27ccf6b71ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011
Filesize
86KB

MD5
ed76d8947ea8e91a4b30c6ed0d2ce110

SHA1
ee3e7d071a7ceada5bb6fc1bd664e414f74beb28

SHA256
b83fb493fa17212206e43c83fbf8cccd55adef586925c715a4a1e131c00386d2

SHA512
09a85826789792e2771cf6a9f0777fd9e1d51bce53d80cb80d3f308370e9260f710373139d42ed8cb42fb09e4362ce771a4289504166972d10e23137baedfa8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012
Filesize
69KB

MD5
d9ff134704c108b2e3dfa876e2a37ea2

SHA1
671f585906da0a51f5e9ecbc00ad70912da6530a

SHA256
849b8935dadc97975e81967f1988667fd580334292978a8fba7b76d2b3e72286

SHA512
95adcbbd09cdbf61dee153d5bb8aaadaa953822f403c3f55c886d5773a5720d4827691d65a64748701f0376e87ffa9b978a9a1aded1a86f6e5a1431780184cd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013
Filesize
71KB

MD5
9e151343dc96c33765b0cd5aa2d72922

SHA1
18fc3fb652e6dec25d29e7802c093d0dfefdaeaa

SHA256
131fb76155635722359fa3ab0fa07c14f3031f6134b6077e71b0c3e4d8b4154f

SHA512
fd95dbe5e12599c62abb121f6c678191c98d25b57f322392d99b4191cc1d2ef115adb37ffb7dc581148ac4d340419fcfbc02e47dd4fcbcc02d1a387ccacb9739

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014
Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
792B

MD5
33d28ec5e6e78b5c90ed11a1458fcfa5

SHA1
ba847dc54a291004338d6b0ce5307131a9b3212d

SHA256
6ee8471eb130587f285399483790e9e2792b8e5ffe8669f8643a37f71c7060ec

SHA512
d8f235deca1b27c51bd7b8f77dc2a3d67252a95eefa2db92d48f3dad46fcc8812aaa6968104c8f8168d50af80da622de312c27fe0e748316aba2e61d63879c59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
288B

MD5
4922778a92afd794d6bd81db8dd611d5

SHA1
5af580b9508b1a3c9bb3a1867d4eaea2b5f897bd

SHA256
f79b53596d1e9972e74fad9bd141a868c2a1aa874ac310f93ece3fa795289b42

SHA512
10292479c84ee800e6b171d6a5f3a28d07ab5ae00d66b7497bde597887b24441061bf44fcf3c0d4f38bef97b009f5b402fb30440553fbd1b3c223755004ad5e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
5KB

MD5
6cc11fb981be1bce6ae4adc3e6e043ea

SHA1
5c43d9ae75390d900f10cab4c0c98b1d9c0d7e8b

SHA256
fe81e98dbe5965c8a924973c0e8d8516d1bd97ee70c2b3764ad0b5fc2daf79ae

SHA512
7c8c9bb20398aa93e5c11534642fd040ff9f2207980f29a3505fb13567e3c56e62e3da1d0501ab9eaebf364e10c34e168c6c3f9270b61dc7cbe98adba20b5a98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
816B

MD5
80c126c279ec6cd31c5a1e9d5beeda3e

SHA1
7e3a88a345ae68f50597e4c943bbf2bd4342d7e4

SHA256
d2a1381061b3abd591891b22431950c46a064b5e145d53d38a1d7c52a9edb0c2

SHA512
ec869db9c229b670a4154b386e523d60bbe2c6ec801f08f806c2d516bae99228776074db9837ada6478675e9cc6889ac9dac869aa3156804aa4589d616b50694

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
672B

MD5
1fbd900f5304a96331589b52def30122

SHA1
303b35bf90ef2efe3b97720046d3c615a917eae4

SHA256
fbd1f2ee7760c91cb22d6cb64dd9d68e3654326fa60478044588ecb5412d9359

SHA512
18769b7ac1ac05a4e1517271c4182a94f40eae05ca38dac94ed3a9c5ba3a4004269927203f6a86fef96a018e413d7c6b642ad4b4bf7e6580a44779ec3b5bf201

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
5KB

MD5
662b04f9d12dbfed634ff18e79f0a571

SHA1
40feab8be2a718080513270358b04504672524a0

SHA256
943578198f5a3263c5813e4c6cde119dce5bb12fe3915c53a161a00a7cb2e558

SHA512
41e1b2ec425139d4fee3f5d03d62c2ef5fb52d4b8c8b32e713253948badaca1a723322540ea1041a548c67a849fe1921c33af79885ab3d136081b1c8b5754a29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
6KB

MD5
be3a9d0d1f945ba1375dc78603f127cb

SHA1
fe25766c0aa3b06d77050ef6e12b4b5fad1a7e00

SHA256
fe1153b5934919b75de7ef26ee6ddf24ea06be6e77dd94b3cac57f2f4b4e6487

SHA512
9c5fd7fc3978d968b42deca5b26379c3f5f03f29efb19f8245326e1814d66071b2e6e71d13a8b1739cbcede6520f19c807258c87c45a19895a3fef4a6665ba33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
e8874364ff7c131f116f65333be69497

SHA1
14b15da475a40bc9c1ec7e95b91310843e0ac464

SHA256
e4dd5af46e408ccfaac95a4eefea9d809397f4373a9feaf0fc9406f90eb6faab

SHA512
2e9b65c5f973c6c1de0b42d0edf201b7428effb77b1a8980718ed9b8014c222103b77444f8d677f4ec60f16e4fb89a9f4b35a861fd7d797a662f673fbb3ac978

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
03e053acfffd3609bbdd5362dccf20ce

SHA1
3bb85bae30ae487a1027a6aa1e61c3966a0adc31

SHA256
5917d2bcad7443ad60350e2865717c64c8e2792c522984cc480914859ba83199

SHA512
c40e036a4754cffc4211211c07fa8a01f68b38f3fab28110126b814b386a7620d6a1ef8b463fec19d7958295e106dd9bd9d7afdda92fd59143974325bba6758f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
8KB

MD5
7333309ec58fc9980417fc63d678233b

SHA1
5167b3348a3cd963e9eb64d8fb904e6d1ed55c8a

SHA256
810f3e292c47d7e01edbbd582623d0dcd47813d58d08dae345879e6fdea25f3b

SHA512
8f2693f492a4feeb215d425af1f433e2d742b6a75dc831779204d85ca7510326bef104b118f7d86e57c486c9f99fa9188aaddee127f6b0c59ae2127f27293f06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
8KB

MD5
57101a8c301b2bceb0a60c21374cd9ae

SHA1
66eea52caa3ac7c4f9396666fa1b18700219c866

SHA256
fa8a299b4cf558154e0a0e32775cbc7ac7f93111203306e868a3c9e3e774e60b

SHA512
a2ffbc3facc785525b484f423d32f8bbf629e4e1a0037632fdf12f9837b7f008396761b1984bb5ac1207ae827c5134daf36eb00bd60bc5242ee8153135834fe8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
4c42025e612169ec7033f0473130319e

SHA1
80b4bf82601cccdd6d4c751d2fccce974db3a24e

SHA256
44fdcb3cb4c059b9d287f75186aefc71f038299a2df051ac19c2ba369d7a21a5

SHA512
fcf9a31cd3c25c684e4c24f2effbc9e4d0fa0cb546066fb34a9799ac6db6eb3be38cfbf74718b3d1961c33102cce7115482f19317344df090a392476a53b6ae9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
e66b20ab3827fc6b5c22cb439f51106a

SHA1
5b8481bd653815b9c06f424349130f450a449486

SHA256
9a0b18f603f644f2aa32d4f279e7fdbafba603b6428f2406c9a2fff22bacf804

SHA512
354e5b3a32a76381588c57bee541eef91e5cfca83e57aa985f3a665caebf2124c6671299e1724365ee83110b8d2bf9d7f9ffb2f0a449fed73d3486873f02844a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
00fae19615d1619d3284faeef3083ba7

SHA1
d70cf00f4105856eb1ba133b2b05b2d94ab1a207

SHA256
f5f2685ef3e5499bf5eda8fa195a650c2948f12f1d45cb2de995ddebd7f0a2b6

SHA512
74110af7ce3b40ddb27c7a2e6e0f373c4160d6d6229ff59c06c6fdd532301c45ccea41d066ce6af187842c686716897a57a84bb1516bbb19c54cf1079ac78b01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
c3d82fc5598d9b8c47071d9bf68e3390

SHA1
3e76bdbdc2475aef06c1b9e9b4c4ea2a3c1861ad

SHA256
7ce1e58cddc7813a30b5e77c65ce3d82a28effa9bee49f2422709e1a267f5a1b

SHA512
f8435c3f0a7724f93017cfb7591ac8404fc2ac24244eaf4b2ef1177955751a1c069e0ca3f2e3af3bb006f545303264c7c12d9243e7f834be8d7f280ac3b1f65d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
83a6a381f0887e9acb6e60368fb10081

SHA1
15b65f5d499be15cb56136c65583beaab01fa290

SHA256
3426fd0ed12340082a60c7abe2584ccbf6cfb76f967a99b4ae593b6f4717e088

SHA512
175c16d20cab0e0564cc483ef97e2d610b87ae4b40c66129704247d65f19c03de1c230034d00da90f21eef99b36b376ee47ef9d9253afc68c47f07d81847df46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
5863d1c1dcf7190b6be80b1e07886af7

SHA1
f1025972677444b8d7d75250cd71b095f3650d03

SHA256
4325265a2fadae3b72714746dd52a3774593d13282e8e5a78a1002aa71811849

SHA512
35887233e71fbc9d8c5f6f03ab785f0bf253fdf3b013f57afe8267752d3de524a4ee6e1462cb421834f7c376cfd58ce24e4bb7495b4d144a793bb736de885dbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
4KB

MD5
2d7ec29dbc067ee838ad70da54b469e4

SHA1
4ecca6c5db2ce3c0e73e524ef9e7250df7b1104e

SHA256
d322e898ca15568e9c2b190ec57c7efc8296e629a0c6eb299564e9d980caa41c

SHA512
3556d2f7b6dc9d1b541508a6d0f3f3f3e32014acef0ec16c6603786352ef422e30790e8e7e557ad47fe26f62f19395f62948e9901fc1c7e11fe92dcde624f65a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
4KB

MD5
975f889f87068f4a2b1b5fd92dc1b132

SHA1
eae3e04a116e2f0b9e939b8aabefac68294a10a8

SHA256
15abfe0e575e7910d7be75bcee5ffcf53f11de977af300ceebd5efe8ad84ba3d

SHA512
bb04a4ca1555bce18ad338699847656a77f637cbb074f2dd559318d6d2435c539990b0d675da4694c7167ceeae58be49d6f1738d2d306a6475b77281ae09d7ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
68c3ccee2a9f691c7b7fdfda8ac17c57

SHA1
8493820face62b2f255020062bad11c405ed7c49

SHA256
bc7a930b67ba7d5c975dd29042ec7396bcb4aea230f4dcebb778e5854cb95e30

SHA512
b2682eaf2402fd104db8ac894677449867dd615070436ef56144a1e08e6dfd212ba078e4c3cfc96c33e1299d3cde79217dd45c9885add25f357bf86c22aaa16d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
4f1759b8c8fbf83a613eefe23dda0768

SHA1
ff91fbac6ba40c5bf4aad4e160113873958a6cf0

SHA256
7f8d9d4355b0b35c4e8d263dfa9146e597af8242267a691ca8167f92da425540

SHA512
a4e8bb215d4531d3edf760824a64f11bbb4822ac1e38122732954a02b3626513cf8886beec88b9981d0d15b90200fd4bb5ad88c1d06825826347930824cc7b7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
dbab9c27816611a4df85e52a9e4ce5ea

SHA1
298b52200a9be6631daeea40cf0ddcb70616b277

SHA256
7de494bb09db05daf09dcfe6478697c6cb8c6a8ababfbf4c64eec95fde708f14

SHA512
f4b5b1501392ec6c7445b9f4c3c60e4212f7cc71cfa0b89769b48544118ef410429af18e021cb4105a07c23fa2b8ad96d8eb50851a7865ebee51102b0cb4cf9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
955d753e54c1248bb05c5df5ade1e143

SHA1
20eda9c69b188cbe19c88511c21cf6c88b646ef7

SHA256
ec2ac6dea88ce259992e9e3b93489efa81fd64a5f36492ce66d791b751f2314c

SHA512
69a5c6d4b4dfd972b9fd33c6b327273418e02f49452a3ee8c44e160e113b6fc5f4c85516672da813dcdafb93a3c16403caca1ac4e2a1c0f195d57a4fa81b9e5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
4KB

MD5
d79f33dfa4174fb4c79a181f86baeec0

SHA1
b910d5286dd46e946f3c26ba723d63b4f05b44d3

SHA256
3aba2f0b6618dc6eaa464e0bd6fa470a72599170e8ef85c0de2d3691a0136680

SHA512
48f6dc4388052456c6ec5b17257bb7b2b241f613a6c360c18eb31e3a1daaa24d56c906ba299d086b5563a30471531697a1ab7f1d2f2479d5c9d349ba00bded3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
d0849eaa9237fc3a52e4197cbc8fdcd4

SHA1
2d47c7bbbf6fd904bee985fa3360d01f728bdc81

SHA256
15b46b329e6ba5923a44b49c99680053a717eb9ede6c2e849259d7d43b02388a

SHA512
cfe837ce8a07fb27be33bf76d29e62a9aa2eb80fc6aef0931ac607097faa624e7faf7c561636b4b2ad5c381a52772b02695f6580e0ee5e5513d1cb0a5e1db11c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
f7ca3565b5662f63c2059a7a32b827a6

SHA1
7fc01f75834681298122f272ddb5ce11c9b5631d

SHA256
870f23d037ab27dd9428639627fd5b32b4f92cb52830fa85e24f33bc055627d2

SHA512
5a8c2b9550256896d5b214000fd962bbb5c09d36da4d04b75beb20b4cf3cc338b933e8de2147cd280619985fe023ad425f6d1a35ada0b8d5af89ec13388776ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
4KB

MD5
d52b82be32b501d30f472a696cef7fd3

SHA1
e62ce195e9e11f6362632b97af5a61f8214059bf

SHA256
f7a8dead1de773b182f8942d02a3d71fb708737956aa44c1d3c9d052cf5f8314

SHA512
137a86d31ab5dce09c37aed40e09d00c3b1681b19f7b907011e7733d6a8bb35b4f3eaff7653ed773eee3764a55b2dfa627237842498fe0af027ae786753bcf3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
7d097f21fafd4d105eb05917433f8c44

SHA1
e1cb19756abee10d37c22d7e2906f5edee33abdb

SHA256
8e06404e83bb2c7afa1fa0733420d0b6d02c8f2958d36a6a90181ef80cfc336b

SHA512
dd1b4ae5253d47c5aa1521c40d6f6449e52d911b18c57670b497cac2e7e8d81a53877e56dfa9925f09b8aa62f12d452f2143d95da968ec3b58c7164a0747458b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
978895423734c72e43d60d35553e4775

SHA1
5f4e70fc24104a0b56407a1c42d5ab1ba20b1fa2

SHA256
de3dfaed0916efd4e41da8b0acb6cde9919225298fb332ec360153d0b56635f3

SHA512
26ddebaebb6f9aa24519556c828953dd849d6541d07a1ef600ea21347a288a6b835e5caca60909570792c2289d153be07cab92c1e0ca3546cc38cf267811c510

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
28e0586dfd29d82c0f4a498a8fc2dcf3

SHA1
22c00c1f6e0c4801d92b0f61e9c2d78945997a85

SHA256
72c4d5940289ad1c4575ade82f3667a62e8f2b55653455ca81a7d520e185876e

SHA512
5337df6516b7a834246977490b27baa7188abe633848acfc91a607b120965eea076f245e2a7298ee58007e84753c2be2874c59a6c22490a300812e0ebcfbdf08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
905163c0bc44a595ee744b714c1d8c3e

SHA1
8e5ba9e5c1b7fdb384cdee4029e908d40f09d251

SHA256
a34c9e0de75c009357a4be7bd78ad189bbd9a33b6cbc001b0f63ba429d3de95a

SHA512
45634812730d8222e7c31d6fe2b8493dc22deaf7a32c76e88008833918a0a16b740a36a0798379a3f58d3c8a9021325a1832b41fc84efbf306e275a0f04d5f58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
2758ad4fdf683474b5fc78f6f0d48010

SHA1
f1f214103a2f33173d53043ed73197088f4ee836

SHA256
9baf4ecefe1569f752e16a34d5a4e9957b3a2f8e3a124c9f82dc92fd3020722f

SHA512
56d285b95812a02db95963ecd2ac8b3d4520802011d50c994d59c43121ba5710f88a27ace66badb3fb0750c42efd18d9c0310492694fc64cfad28d0829330a04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
1cd8556fb8135183ab07e501f9969601

SHA1
d3779db3e89b45983e84028eb3326562765cfcea

SHA256
fc9d97aed9a3099beee03b1688dd5e7010ba54f38ed7d2e8f810c4ced9630d59

SHA512
d4937b81820e2527ef4a68873e9b1d4030ddd2a9de2cc5caaa4ed1b5823ca8587af0120b21b76f288f9425484bf62c9dfdab2d38020199b89d11ea6954f954a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
db78f882c55795d5ba6c5e18fa0aeb83

SHA1
78f714596503ac944fa997797f7d5d95354beb3c

SHA256
43cf723c58be9d904b7441b6ae7e5d40bf188565039ac25e958262860e353294

SHA512
9d2d432f1eea12b64635bf5d1af14f35439389662d2dce5b00a1adea14e6f2adff8d8d190b9f1026542b97a8f352e37e7eaf26ec5f801570a7728611100765d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
74f135cd1545bb1739f37d6bcc34381c

SHA1
cdbc9b891f3621dbaf25bf0265c2b9ac6b4c08ae

SHA256
b77d1c5a37ef0569dbb78c06a2b38444eac9c20c94a116e0f6c8bd7ec146bc6e

SHA512
898390e6e6c094ad1cd31e5eeba0a19e4ec5f49c84f9f81661d1e81f7d8f7aebafee0016bccc6bba4997f213200c3fcf17ad78cb03a4d898c5d6589dc0498285

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
4bf2233002c9859bf8d07fe2bc06f78f

SHA1
3eee4c99ed23398d635c3430440505353973a222

SHA256
1d7385024a76b9cce66e5413f54aedec02da07feef958a2366cc6de64c908620

SHA512
7c5306c6a590b67f669c1f0792f7abd0b2cd09734dcc91d87e51ae45c5ba3a4da846cee1ade12d35052a8423edfc1d3e9d27e72e3b5591f5b0432622adc4493e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
16KB

MD5
0d51ea6279082bef2c837fa735e20afa

SHA1
426d2ffad9a17fdb5bca01e76294e59f74051917

SHA256
dd7a449c41cb76dc23aee8de884e7f7434d6912aba81a716962bc5e5a418c9f0

SHA512
716e7f0d4b485121f6cc32e84c1eb02af22a63ead0bb47fe6dd669b90c06a437f1a679c86eec3c361e41131d5d98037b898c2f10dbc0af79be2c8e45cce2bba5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
56B

MD5
b6f48def1ad0dc727f479ce8ffec8a6b

SHA1
488a3d7c23f20d7c90d9cd3010d31836d67b4028

SHA256
88b9c140ca5cdbc682401e0cd009ef606ef17510c596d69c12b629f720543aec

SHA512
ff657c31fa12c36894ac6002bbc33c3263739b9727aa255687ff9299087d47b2a6b390cd0bb6ce588b992c245e497f5e9178de97bec3c72a2d696160dd9f3a9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5b0f1f.TMP
Filesize
120B

MD5
2f1d9777ad3c03026023dc80db2cbf8b

SHA1
8926254aec440dfd35809d20f209a0de1fdae3c1

SHA256
d571119cec2f28ccfd2f92076c33eaa9f2b928c0f866e7056629ad2fc8dc44a2

SHA512
49835bf0613f6ad0fd7eeb77edd85d8eb90044842df8d24ce28d49781a08d649bfa0290115489397a9da548472f9dc33619d8a728a3935605bf73e79e09eb361

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
260KB

MD5
d68f626abf798fd325f11f035eae8177

SHA1
7f684c2c708bc63c3b117c5b3de9310e65b9cdcf

SHA256
35960d3b15d001bb3df69642dee78f6cfc2e6cc407ef335e14f1009da8a95121

SHA512
0818fcd2c15c6172d72dbc930690657d6ef63c3fc3a8bc3a9738c849a8ac277fc86acef29d575605743c7dcde9894c682c638c6bb7b484a38ce531c0cca2210d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
260KB

MD5
087dae371e0ab3cb69aeec0cd28fcc11

SHA1
993cd0293664d16d2dd596e9f56a43abd37c25cf

SHA256
e48f2bc704e1a24064a1322269aa4cc59c7bd10dbef9a215ef2a740b96f34fd5

SHA512
7f5ad3b8fa396624cd5c61101af2be188564722d794b034977879f3a608722b77b303865c7b0ea736efc4e26efabae5d6ccfc528d22d8a1b98de33f1fccf04b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
260KB

MD5
ee534d15906d6f31003e900967c16f1c

SHA1
15bd9f38a6e9fb2e32f1f1a837bb74db96bf1810

SHA256
f73d2e63fcb6e9dbb290049506dcd7c6b0cfb98ad71ccdf449d3c6ac3587b7fc

SHA512
1b0b27352957825bd907406e919ea60ef5e4b00382a55e6df488411dc35d7c16e2a00bf55fecb7a0147a0c580e32ee4ef870f3a0db436ebbc60791ab0170b874

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
100KB

MD5
d27bcbe8c407dbb6fd535c3d601cde40

SHA1
312e689e526403d8918219eff1c2037d80a9c7e2

SHA256
b2cf7660f63885af261ce85a0706ad05f83b2ca347709f1b7d23087743770139

SHA512
ef2ee70cadab41d28b4f74f1d5e8064cac3026fc379897a9fa999175f3fa233893653141575a41b1a480263b88d691e44c766ef9b3a794bca0dfa58d8d12bf55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
98KB

MD5
95be85a656bcb7670ebe7715362c486f

SHA1
2527cfea04ed007e669421b9c433e54876124896

SHA256
f643d44dcfd232dc36e29cf9b3ed56312386fc6ceda71093046740b0f1bb44f4

SHA512
4f5a3796a9a756b743e0673d75a5a5eba27ed1e3d57ba07385fd921b303dcf3af05d5850e73a0be597878c21a006405e0c8d9f77d140852b003810494ee2caaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe597611.TMP
Filesize
90KB

MD5
2ab067b48ac6270474b73be3cf7f3293

SHA1
418ca70b8b9747b86d25d5b5d18574945d179c26

SHA256
2961930f421c7f1e427590aea3667f24b3622ebaa54546f8d1c9cf6fcbb8ac51

SHA512
db6b7f86cd188c0a5dbccd51d62edc5dfb51fa898c0e2a488b943c2c482cc2a98f2a5352e88a5f54e93c815dd313c537441fd1cb02d38dd27ac7682e50432aa8

Download Submit
C:\Users\Admin\Desktop\keylogger.pyc.txt
Filesize
3KB

MD5
f82c316cb16b6528d52e11602b17d8f2

SHA1
88b1faa60e0a7dadd491b18e6e139e2beaabf581

SHA256
7b143fa5bd7592584a81f065260548a3acc2de91ba249a2582bd0e8d77f9b546

SHA512
1df92044f6d6454ceee70bf0686740cb70296e493b073983b7de1f1fb82574c2f55de871aa5b48c31e4baade7acb75ba3a5065952cece3cc1708302de64a0e22

Download Submit
\??\pipe\crashpad_2224_SDOTDTACREPNIWPF
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit