mimikatz | hxxp://45[.]207[.]168[.]170[:]7744/

Resubmissions

15-06-2024 16:28

240615-tyqrqaxbmb 1

15-06-2024 16:02

240615-tgvz4swfjf 1

15-06-2024 15:59

240615-tfeazazeqj 1

15-06-2024 15:48

240615-s85syswcpg 10

Analysis

max time kernel
601s
max time network
602s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
15-06-2024 15:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://45.207.168.170:7744/

Score

10^/10

mimikatz

Malware Config

Signatures

Mimikatz
mimikatz is an open source tool to dump credentials on Windows.
mimikatz

mimikatz is an open source tool to dump credentials on Windows 1 IoCs

resource	yara_rule
behavioral1/files/0x00030000000006e3-194.dat	mimikatz

Downloads MZ/PE file

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\Ladon911\desktop.ini	7zG.exe
File opened for modification	C:\Users\Admin\Downloads\Ladon911\desktop.ini	7zG.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133629401795440714"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
5044	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
5040	chrome.exe
5040	chrome.exe
4376	chrome.exe
4376	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe

Suspicious use of SendNotifyMessage 38 IoCs

pid	Process
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5040 wrote to memory of 2104	5040	chrome.exe	92
PID 5040 wrote to memory of 2104	5040	chrome.exe	92
PID 5040 wrote to memory of 3328	5040	chrome.exe	94
PID 5040 wrote to memory of 3328	5040	chrome.exe	94
PID 5040 wrote to memory of 3328	5040	chrome.exe	94
PID 5040 wrote to memory of 3328	5040	chrome.exe	94
PID 5040 wrote to memory of 3328	5040	chrome.exe	94
PID 5040 wrote to memory of 3328	5040	chrome.exe	94
PID 5040 wrote to memory of 3328	5040	chrome.exe	94
PID 5040 wrote to memory of 3328	5040	chrome.exe	94
PID 5040 wrote to memory of 3328	5040	chrome.exe	94
PID 5040 wrote to memory of 3328	5040	chrome.exe	94
PID 5040 wrote to memory of 3328	5040	chrome.exe	94
PID 5040 wrote to memory of 3328	5040	chrome.exe	94
PID 5040 wrote to memory of 3328	5040	chrome.exe	94
PID 5040 wrote to memory of 3328	5040	chrome.exe	94
PID 5040 wrote to memory of 3328	5040	chrome.exe	94
PID 5040 wrote to memory of 3328	5040	chrome.exe	94
PID 5040 wrote to memory of 3328	5040	chrome.exe	94
PID 5040 wrote to memory of 3328	5040	chrome.exe	94
PID 5040 wrote to memory of 3328	5040	chrome.exe	94
PID 5040 wrote to memory of 3328	5040	chrome.exe	94
PID 5040 wrote to memory of 3328	5040	chrome.exe	94
PID 5040 wrote to memory of 3328	5040	chrome.exe	94
PID 5040 wrote to memory of 3328	5040	chrome.exe	94
PID 5040 wrote to memory of 3328	5040	chrome.exe	94
PID 5040 wrote to memory of 3328	5040	chrome.exe	94
PID 5040 wrote to memory of 3328	5040	chrome.exe	94
PID 5040 wrote to memory of 3328	5040	chrome.exe	94
PID 5040 wrote to memory of 3328	5040	chrome.exe	94
PID 5040 wrote to memory of 3328	5040	chrome.exe	94
PID 5040 wrote to memory of 3328	5040	chrome.exe	94
PID 5040 wrote to memory of 3328	5040	chrome.exe	94
PID 5040 wrote to memory of 3328	5040	chrome.exe	94
PID 5040 wrote to memory of 3328	5040	chrome.exe	94
PID 5040 wrote to memory of 3328	5040	chrome.exe	94
PID 5040 wrote to memory of 3328	5040	chrome.exe	94
PID 5040 wrote to memory of 3328	5040	chrome.exe	94
PID 5040 wrote to memory of 3328	5040	chrome.exe	94
PID 5040 wrote to memory of 3328	5040	chrome.exe	94
PID 5040 wrote to memory of 1228	5040	chrome.exe	95
PID 5040 wrote to memory of 1228	5040	chrome.exe	95
PID 5040 wrote to memory of 404	5040	chrome.exe	96
PID 5040 wrote to memory of 404	5040	chrome.exe	96
PID 5040 wrote to memory of 404	5040	chrome.exe	96
PID 5040 wrote to memory of 404	5040	chrome.exe	96
PID 5040 wrote to memory of 404	5040	chrome.exe	96
PID 5040 wrote to memory of 404	5040	chrome.exe	96
PID 5040 wrote to memory of 404	5040	chrome.exe	96
PID 5040 wrote to memory of 404	5040	chrome.exe	96
PID 5040 wrote to memory of 404	5040	chrome.exe	96
PID 5040 wrote to memory of 404	5040	chrome.exe	96
PID 5040 wrote to memory of 404	5040	chrome.exe	96
PID 5040 wrote to memory of 404	5040	chrome.exe	96
PID 5040 wrote to memory of 404	5040	chrome.exe	96
PID 5040 wrote to memory of 404	5040	chrome.exe	96
PID 5040 wrote to memory of 404	5040	chrome.exe	96
PID 5040 wrote to memory of 404	5040	chrome.exe	96
PID 5040 wrote to memory of 404	5040	chrome.exe	96
PID 5040 wrote to memory of 404	5040	chrome.exe	96
PID 5040 wrote to memory of 404	5040	chrome.exe	96
PID 5040 wrote to memory of 404	5040	chrome.exe	96
PID 5040 wrote to memory of 404	5040	chrome.exe	96
PID 5040 wrote to memory of 404	5040	chrome.exe	96

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://45.207.168.170:7744/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffe70919758,0x7ffe70919768,0x7ffe70919778
  2⤵
  PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1876,i,17461838520460564809,16665824568156172649,131072 /prefetch:2
  2⤵
  PID:3328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1876,i,17461838520460564809,16665824568156172649,131072 /prefetch:8
  2⤵
  PID:1228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1876,i,17461838520460564809,16665824568156172649,131072 /prefetch:8
  2⤵
  PID:404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3004 --field-trial-handle=1876,i,17461838520460564809,16665824568156172649,131072 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3040 --field-trial-handle=1876,i,17461838520460564809,16665824568156172649,131072 /prefetch:1
  2⤵
  PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 --field-trial-handle=1876,i,17461838520460564809,16665824568156172649,131072 /prefetch:8
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4708 --field-trial-handle=1876,i,17461838520460564809,16665824568156172649,131072 /prefetch:8
  2⤵
  PID:1836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=980 --field-trial-handle=1876,i,17461838520460564809,16665824568156172649,131072 /prefetch:8
  2⤵
  PID:4964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5148 --field-trial-handle=1876,i,17461838520460564809,16665824568156172649,131072 /prefetch:8
  2⤵
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5200 --field-trial-handle=1876,i,17461838520460564809,16665824568156172649,131072 /prefetch:8
  2⤵
  PID:4376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5440 --field-trial-handle=1876,i,17461838520460564809,16665824568156172649,131072 /prefetch:8
  2⤵
  PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5412 --field-trial-handle=1876,i,17461838520460564809,16665824568156172649,131072 /prefetch:8
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4804 --field-trial-handle=1876,i,17461838520460564809,16665824568156172649,131072 /prefetch:8
  2⤵
  PID:4616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5548 --field-trial-handle=1876,i,17461838520460564809,16665824568156172649,131072 /prefetch:8
  2⤵
  PID:3372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5156 --field-trial-handle=1876,i,17461838520460564809,16665824568156172649,131072 /prefetch:8
  2⤵
  PID:1184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5584 --field-trial-handle=1876,i,17461838520460564809,16665824568156172649,131072 /prefetch:8
  2⤵
  PID:2260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5300 --field-trial-handle=1876,i,17461838520460564809,16665824568156172649,131072 /prefetch:8
  2⤵
  PID:1188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 --field-trial-handle=1876,i,17461838520460564809,16665824568156172649,131072 /prefetch:8
  2⤵
  PID:2936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5804 --field-trial-handle=1876,i,17461838520460564809,16665824568156172649,131072 /prefetch:8
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5628 --field-trial-handle=1876,i,17461838520460564809,16665824568156172649,131072 /prefetch:8
  2⤵
  PID:756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5948 --field-trial-handle=1876,i,17461838520460564809,16665824568156172649,131072 /prefetch:8
  2⤵
  PID:3776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5960 --field-trial-handle=1876,i,17461838520460564809,16665824568156172649,131072 /prefetch:8
  2⤵
  PID:1756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6100 --field-trial-handle=1876,i,17461838520460564809,16665824568156172649,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6100 --field-trial-handle=1876,i,17461838520460564809,16665824568156172649,131072 /prefetch:8
  2⤵
  PID:4824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5812 --field-trial-handle=1876,i,17461838520460564809,16665824568156172649,131072 /prefetch:8
  2⤵
  PID:488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5276 --field-trial-handle=1876,i,17461838520460564809,16665824568156172649,131072 /prefetch:8
  2⤵
  PID:4536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5992 --field-trial-handle=1876,i,17461838520460564809,16665824568156172649,131072 /prefetch:8
  2⤵
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5276 --field-trial-handle=1876,i,17461838520460564809,16665824568156172649,131072 /prefetch:8
  2⤵
  PID:1148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6072 --field-trial-handle=1876,i,17461838520460564809,16665824568156172649,131072 /prefetch:8
  2⤵
  PID:2208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1144 --field-trial-handle=1876,i,17461838520460564809,16665824568156172649,131072 /prefetch:8
  2⤵
  PID:2344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3744 --field-trial-handle=1876,i,17461838520460564809,16665824568156172649,131072 /prefetch:8
  2⤵
  PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=5940 --field-trial-handle=1876,i,17461838520460564809,16665824568156172649,131072 /prefetch:1
  2⤵
  PID:3976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6084 --field-trial-handle=1876,i,17461838520460564809,16665824568156172649,131072 /prefetch:8
  2⤵
  PID:216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5276 --field-trial-handle=1876,i,17461838520460564809,16665824568156172649,131072 /prefetch:8
  2⤵
  PID:2212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2720 --field-trial-handle=1876,i,17461838520460564809,16665824568156172649,131072 /prefetch:8
  2⤵
  PID:396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5584 --field-trial-handle=1876,i,17461838520460564809,16665824568156172649,131072 /prefetch:8
  2⤵
  PID:3632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5560 --field-trial-handle=1876,i,17461838520460564809,16665824568156172649,131072 /prefetch:8
  2⤵
  PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=5712 --field-trial-handle=1876,i,17461838520460564809,16665824568156172649,131072 /prefetch:1
  2⤵
  PID:2272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=2952 --field-trial-handle=1876,i,17461838520460564809,16665824568156172649,131072 /prefetch:1
  2⤵
  PID:1168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3960 --field-trial-handle=1876,i,17461838520460564809,16665824568156172649,131072 /prefetch:8
  2⤵
  PID:3932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5732 --field-trial-handle=1876,i,17461838520460564809,16665824568156172649,131072 /prefetch:8
  2⤵
  PID:1412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=1616 --field-trial-handle=1876,i,17461838520460564809,16665824568156172649,131072 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5576 --field-trial-handle=1876,i,17461838520460564809,16665824568156172649,131072 /prefetch:8
  2⤵
  PID:396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3396 --field-trial-handle=1876,i,17461838520460564809,16665824568156172649,131072 /prefetch:8
  2⤵
  PID:3372

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1312 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:8
1⤵
PID:4524

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2848

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap16737:78:7zEvent13973
1⤵
- Drops desktop.ini file(s)
PID:380

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Ladon911\update.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:5044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1268 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:8
1⤵
PID:180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
4.1MB

MD5
58f8e96f834d5d882046bd503ee83b18

SHA1
5e577ebeb8e8991262ce756857c4428893461440

SHA256
97ba9760d2b5c0ea8931ef386e725eb57bf190960895b37e98166559c5f49c84

SHA512
64c77b654eaf24690c21efba9f61f28a257c994ba502ac7918943a159b7392121eec3519f81ae0c29e3964cc63b0702f5551e091f97c6f0c2540b5a5f65c57b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
24KB

MD5
1fc15b901524b92722f9ff863f892a2b

SHA1
cfd0a92d2c92614684524739630a35750c0103ec

SHA256
da9a1e371b04099955c3a322baee3aeee1962c8b8dabe559703a7c2699968ef4

SHA512
5cdc691e1be0d28c30819c0245b292d914f0a5beaed3f4fc42ac67ba22834808d66a0bfc663d625274631957c9b7760ada4088309b5941786c794edad1329c75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
203KB

MD5
99916ce0720ed460e59d3fbd24d55be2

SHA1
d6bb9106eb65e3b84bfe03d872c931fb27f5a3db

SHA256
07118bf4bbc3ba87d75cbc11ddf427219a14d518436d7f3886d75301f897edaf

SHA512
8d3d52e57806d1850b57bffee12c1a8d9e1a1edcf871b2395df5c889991a183a8d652a0636d5452068f5ef78d37e08ce10b2b2f4e05c3e3c0f2f2230310418a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
27KB

MD5
6b5c5bc3ac6e12eaa80c654e675f72df

SHA1
9e7124ce24650bc44dc734b5dc4356a245763845

SHA256
d1d3f1ebec67cc7dc38ae8a3d46a48f76f39755bf7d78eb1d5f20e0608c40b81

SHA512
66bd618ca40261040b17d36e6ad6611d8180984fd7120ccda0dfe26d18b786dbf018a93576ebafe00d3ce86d1476589c7af314d1d608b843e502cb481a561348

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
bd628c657e9505120d1dfa415b8f5ad4

SHA1
8c9e6b2d3a3a20dd3de5c74c82cc493f40d266c8

SHA256
082da52b3aa3138f7beb69b904281d44b5e35bf66e30be3679a0423894e7b762

SHA512
bb3f5617952108f82896f60be015db2e14d88b6383ef8812294d2d7432c82798f63ad7a40ab12f973c1bbc122bc4477413b4970fe37d4c37a98a68e1da3b8703

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
a658cab53759c69cb9acf6c4958f40e0

SHA1
688ef8ec02b2dc601d025bf94c51308cc8aa9a4d

SHA256
a3d79d14f815efef879fa24e6f5982e77178c0bc55de681ea6635b30564912dc

SHA512
45788e310b9735b084172ab85b71fefe225055324c8150827be0946455cbea4b6385d2237a35f9ba6638535a5fe512239b245a0449bcdeb33472f44762260baa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
1d7568021c1cbbc46e5efeb4ffe794ad

SHA1
5202679a0af925fe39c04d9d0b6a516e45c919bd

SHA256
11e95ccc493c67726c1de9396ea81ac0909391af507ddf308b7c2c8efc0353c7

SHA512
5a163e601c0cdfd7c6d26a0a3c2c47791369e712feb338c9c19a7c03b60f141e38d18299ce2a776b97cf5d75cb8a9eb45df3befccb932a7a1a122f0973779321

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
7034c455b1ebcae4419311365803daea

SHA1
ee75219daef162d329de349abf9fe30d9747a58f

SHA256
cec9663dc64bc8f2ab00c9018ad0bbfab88920405932c59d2ecbd6fa7dfb9705

SHA512
c863867f3f0b835643086bc3bccea8d88d3713bafd637212ec558720197d79a1b33de8a577ddae8366aebdcadd3505fbc0f9b8a8c639e68f79b1d3fdb166c2ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
11be6745750b5e7369a79f2ffdb6ec04

SHA1
a4a109d62b13ed4ea7d8956633f5de6b30a30bf8

SHA256
80dde82d44f6ed5a5b8274f5a2473d02d35e0e60b5a40325429da2c706d33789

SHA512
ad90d727a8190d953f7f3d615bff42334bfb7a9d63b521aa1495edb10f8ebdd9bdf74dd8018902d155bf4c4efa0ffa717681aeff62cc9b8c2638736a5e46059c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e0e887c74ff69506e0a6b2dd5ef09f98

SHA1
b60ae5e0a830cd9ad0bf4cb532d06f1c3f97b4d3

SHA256
f5344e3a2a273dcfc987e89a29442c8a65704f1ea4bec19dd2d464ce26423beb

SHA512
81540214bcccf012efbe919065fc9d3bd21cd9cb17790bd775f0cf456f7cff8eacbe6f4cf7c7afbd2ddd229b58f67a5910214e162a9a06237ab3b5305be3cbe6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
690B

MD5
c5776f60337788d60ab1c104783a74f2

SHA1
ee1a33fbafdd4d1aa07f20ed15d0b30c0f3b069a

SHA256
f10cf9df58f84f97a718eac87bce5daf6b7c1815e78f7b7f3df8891b2977b55a

SHA512
c24fe8147cee056dcc99fa3cb1f9e986bd35950cc9744caf56061d368e52f727706388c73cbc7c7226d3faf650cc52b62f4e1df348e2245ed4a055da8cc7424c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
986B

MD5
415386164e19284d1d16071d65f6572f

SHA1
3fefec0739e3f1e4c387fc71e2cc208d0feeb2ae

SHA256
065c906a7919131e715cf7e863d450604ab38cc4dc68fbe7beae04099cd53129

SHA512
714f7876b00cf59d8dee56f04aa3d193f626252494caeaf9addc7c2cd54c7a3e50d39bf6902ae513054f1f878ad6a3e6eca1cae3d8d3b7de7145b744395e048d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
9370b509380a57658ff395a1220cbc2b

SHA1
ac8abac875ff47685ee66619635d09b662228605

SHA256
8d1a3df5862015ca9c6138e280d71167f67c7f9f52c93c0a1097c282cdcff987

SHA512
dddc36c3ffe4cc26978b4471497be68420ef35d11cd74016409128012811584510df9eaa8b1ee71a94d252ccf4d4c379190c78d38e5fa21d53c608b48cd7941b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
690B

MD5
58ff991c3bb24fb1300bc515e31d2086

SHA1
a63995dd40eccacf8f813b4e5e595fb66957fb36

SHA256
3dc666c887f600024ab9afdf9a83fac303779e19b6ed717a5f3474138be4a66b

SHA512
2dddcdbef4017b0f2ba777bb2dc322140d1b454ada2a3d5d2d21c7052822fdd3c08965f8c02c6867e237537d5aeffd0c43ffdfa1cba9c351e9428b4244ad9986

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
49b92bc10264e5df84b1d8c42333e253

SHA1
be300889cd8c81037dcf5f1174566b159bd36a47

SHA256
40b3890ed08d6c734eadd54d86d756cff0eb6ce423d6fa893c1285e2a64923bb

SHA512
2d1b1b36a997da3e4bbc425ce99c62df6b43ed5c560e0f19cfbae81e51102c51e2a62dbe379aea9ee570c66495cdc3ddb1ea0d29c05d04aecaf045471c6667fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
54e2d8f3ecf58450155bef782df80c39

SHA1
35775cee8b97451bb7b5179d2d2517fea8034e17

SHA256
14e5b5d8881b236db12fb2344082755ee70065da302eeb0adf1d15c2ab59b525

SHA512
7b840333fefede29dd5d10da39d744d4c212bc40b699cde11cfd36acfc19418763ad1cad63e29ec16283e2992e3e2c726c8324fc03220fbcead8b5a896bc3734

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
6225e7229505d0f63459e504a9c13f59

SHA1
ea70b1a9cc19ca31063b97b42719a869ccbcc048

SHA256
2d57d286d61a5084df0c3c030f427783484554272155d6a8765f6615a4b45367

SHA512
69c02860054a495c86991944f7a4ed8c9c86c7144ddb0d3622063bc38c5fd26c66f409e1e316837440a130912609b8a66042c75560d7c82910feb8e1ecc3dff1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
871B

MD5
929968d1acbd31bcf7eed42bde6dc484

SHA1
6c8c555d59db06efc561503b090848dca8dcec33

SHA256
4fc358382ea1e9c314bfa77e3dfff7bd799b2b49c1972243b2a5d0a0359418b8

SHA512
e5e85c11493c19b0faba1fb1d64f075f7e06e1e2290a9371cfd8de303e6294b25f4088e4e9e85737c0bf2f61fc31d89d3c2c81391b1e18739624360c61bf266f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a3a91a9ad1caaf5a12b62c03c5f86330

SHA1
b3a133eb89adbd6c4b26f1ec52bdd8931be67ef4

SHA256
1cc70704543b5c13998b2adafa45ff65df6d9056e6ef762dfeeb947242151617

SHA512
abf2fb2dd312dad88f04eeecedd2b8a01c9eca9cc0c198f5b4bf569de249d97c58f3f9324f4da8987dbaf3e883da520611955fd58fcdafd5fdd3d0563cc63d15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9086d1656afd4f7bd0e11a023eb1e3d8

SHA1
dac0b13a761dc1e4f8f20eb10b0f1fcddb7d31c4

SHA256
6574933460ebc0c4dd74dcd486985bf3226fd889216faf29d6d5ec965e9d5101

SHA512
f6be94249e03a64866c1bb0a3382bf0fdb8c2b26341b71b117f1be4812e1f29d55b6581d0a3023abac9e0430e9889eb57dca183efe62939bd0d069b6bbcd74b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
454f2dc181f9349d71233efd6438fcd9

SHA1
9dfe5185ed91f6e188b6b92b69eee70b0b01be1e

SHA256
1829a1dec80ba47a93adc1b222e86c2c3e811a0d6b1c6248a446ee1895455ceb

SHA512
fb54d304d0233be94c82e4de4737d9ea4ffb3499cd4631256863071bf9bb7075bf4e62b8680f83baaa4c4e51fc552ee7c5383dcf19eade7fe4f0c9e614fe11f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8f0d0ea4bee5c39c33e2b916a261a311

SHA1
8b3fd9f7f14da0d5cf97242cf37f1b85e56535a8

SHA256
4e8d4b58c8eee832b745a7709241bdf62f420457adad61ec54269e22568cee75

SHA512
49278b89d39a7f485d34d52085cc6ae1341c25d878026835215255a3a20ac04714c36edf9796fbd1446ac51f2c54270a437183c6888b41afe4d2900b3151af2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e31a1e4383e89f06a4f0637cd45dd886

SHA1
9a692532eeb56548a23ae45ea10fd9459c830bc4

SHA256
7bbe80386f8941346268fe4623a2a6a663faa21cbe6af9a8ca3ec103ab63fd3f

SHA512
01a3a2e0b5b63f47a21d64ccee1e81212df217bbe8f98da4bbac5e22d97ad9a47fa9451f9e83f1521c01ecd1d02ac90d7aebf070ac8f5aea8e7d36befa7a706c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9ea687af2a11afadf0c11e412a2a02d0

SHA1
028d2b1dd7968c584f74996a4a9bffb88bfca5e7

SHA256
5df7f084bd65b229d47db15620a03236d6da119eba228b6532bd7895c25ec077

SHA512
fbac8b96e01905896a1f1b7ca1e23604cc6f04bbd6bf4674b515ebca141e198ace5ebd85216ba37f45db97d3905a8b44881e740f57c1a2e6b1f4d91158612d93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
24571e81a76622e310834ddfede9431d

SHA1
c1531bba460c21ac51da75985c5b65d88a1eb0d4

SHA256
150002708d171e70d46233138cb50a7849c57322e9f00cfad8781e7cb580465d

SHA512
14bb4af5b6be5dfbd06faafae14a7ae5f28bc73ffd750aa1478a55349528a059d02303000d5531b96d82ce5ec513e89e18ff1c530d54fc51962de0d47d843c34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
864e676f42e92cd0f6a871846d9486a3

SHA1
bfaea52c8307700a8f04caa56bb1e13d6a5475b9

SHA256
fdfa2e1fde8f32056fdc00c594c885c54d06a0db8e789456a27f218311a8b44b

SHA512
0f8df2f8f278cb73bc759a5e4fe39d51e72dd368a91946b85b2551475b6f7ae2ef9be3b9440a2b5d5d3e0d1bb6e4d3d5cffa2fec7e00fb1aead9507335d9e83f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
03bbac6eae078f5ea31aa7b1ab437006

SHA1
bf36a1d3c11071b9fd2bc52cc9ededcc43c387d3

SHA256
b29615ccc86778f5c7f8d7952f3421906417fecbddc363de5870da25277bbff9

SHA512
7c0858cddb1c05b59339ff790beb209e8b366e01c16cff4d80a204b1390273519caee4575bef40f733e2ef744005ee4aaa83f0a4e5a1f3982eac1185c8636090

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3fd8506cac04ff476234db7745fe3072

SHA1
f1b7603155135f78415204b23ffafb576fb88f55

SHA256
7bc303e99f1bcb278d3e494c99d8af20477f976a8e3dd6b1db47ae3f278ab8a0

SHA512
fce89c956f0c75732ac724a9b1e5ab3290545897a2234f07e801239d706197e17e1b094911d405eaee0dc866b119e08d0aaf8379bb424bb0ab811c33c5e9fd4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
2143e731bd5e98b70aa12f4c1ed1871f

SHA1
f34c6dff371966727e1255e6e2b94ec44dbc5313

SHA256
f82b5d1ed7876a8991e8ff834aaddcbc9e1e0e35f6ea4f49c845119271c79936

SHA512
26d3f594505e62cb4b73ae1a655e050bcc206f13b79bf4f0b6e687c00cf99a2445761f59929adc4a8e01c3919391657fea40f184c067cc0ef8946b202f854b95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1f5752207b82e0cccef34a9f160e9fc8

SHA1
fdb6d9e09eed21eb104ee9a4952e241408abec89

SHA256
0b47bc003b56927ac3c485c45590e191df5379db80aa452e5d9d9740f2c10b13

SHA512
6eb784552acbbf4d6a58ae9098458fd7d876a63395c7b6bd40c7019e58f7ba2e65e099f4c185132f78799b5bfd091fa7d5481b018aad6da25bfe55e8f4cc471a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6b99307b5aec4da46439dc9859d21cca

SHA1
ae4d1ceb9b53b905d59b688e11d9c75cc7f34da2

SHA256
5ff977ada5e90f1aa3f141d644e484946d8061fa0edf58174392edbc4675c498

SHA512
720115adc80b6be1095aaf3d58ca45ada45b970fce3ddfbbaa7da12b5fd3bf0493ea2745d4d22fe5ee686567744c9a5e2aec27faf791441b9db90a501346763c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7a654d7f52faa88ddde0765b3f0ff1e3

SHA1
7ba4f1ff994df16e64f865827f249d0e7f7399de

SHA256
4da506aec15bbb3b079790b4a411f766e53980a6e5b1047da88f13fc2a71d7e3

SHA512
2c137b63cce6fa06ce0dfc7eb78facf025f43c0956f1d253ad8c440d2b0cb67cf4ecdc16faff78d3a7b5becb1970007030df59c02569e544b643ed985800079b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5c6fe086659e6f1391a0a3f27f32ef9c

SHA1
b069588f815bd55e881f89bdac8575f7c286ef67

SHA256
17b8780d5454ba05b70ed784be7072bdbc2c2cd962ad197717d4c5705867b9ce

SHA512
b2fbdb2f93a72ac9010715b21a9b5df2756ba521732ecb32e0ffb02b64276e36cb5e5523283a07f0004f47c470ecc5a8b09e9a3d5f14afe7386cf61f50134186

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
dc2fe9590bcf6e4c5e3d6285b0ea72dd

SHA1
5338c7d813a46f4f48fd0218251e8026dd9836f2

SHA256
e0a3a99460579da935fbb8a87066e7b6872863c14e082a1ea9bb6f42546ae93d

SHA512
50bb8ab1bd141c22d28fab085a51d450bbf7901377fe4417c1d83d76302ea25e54b6d63b9e2427977cda972ae7fc988adde0a8a96ab32dad2c6c8616e8ba6455

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5c01ad.TMP

Filesize
48B

MD5
59a377f8a3c1dc342af3e5a8cc205679

SHA1
4498b6046f4788641892ebeded8f243791c53412

SHA256
65c9023a69fb2898c59188532d0e5b7a60aec8d27c6e5525d83547d966886cfb

SHA512
f4c4c75f437d0a4d7ef5a20a1c1eca2972c1d7eddac659000a32e96bd9b4cfe72e3e630301d8df416279b56f06162a8af32a45946993eb321dac1a0b7a24cf5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\af9533bc-7aec-4029-b6b1-6b5c9fff056c.tmp

Filesize
5KB

MD5
130727aee58abde300e4b4bc27e86202

SHA1
ecc0b34fd49245c2f022484472f47fd651246535

SHA256
02251f5fec7fa733b206ae4973b47cbb7397e47d755628b5d9b686cbf1139654

SHA512
47420470a12c3b18b902a7a39dad48923a6a457148e6529d35cd088c3c2fbc6234e644a572f5da1bae6e5fdf95b432572e5b2c1b5795227b8847bdfe1173b4d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
9217b9c28aaa56e106f3840ddcf98172

SHA1
29875f17452ef133e0123d85ad74f83c34b78429

SHA256
95a51776c790e3d1f2e30abe979a8de2a09b0fdc0d9d8357fb860abec1804ca6

SHA512
42f7310ea3a5d5fa262f411f28177b835056111fba127bdb5d69e60b30a1d13e1ad440a784544e491a41e0c7f129cc26bb505e560a21d49e9841c9f75eaa2301

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
e4b69a91f035103023b454f36a4f94fc

SHA1
0aab0d018a7abca3119468801f41e7e447055450

SHA256
795c94846ab8a716f7b8ce4ce5eef12ee8d0c407c20a622412c8835c58770b6e

SHA512
7a7da16a7cba5f2f0ec9ee1a6ffe3b317b732cc0b4e3cf1104be64700b8420fd0fd212148f9130fbca5493c2add76920bb8521586fb1b65a102bfacee53157cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
fa40ee6ef44f34f0b2a5e07f9bef6352

SHA1
8b7fb43aeb5cbe6ab6505d029b2393486b6e1607

SHA256
3c8a22c5e075a6dad0b073f6c306958c19abc743455642d67a8ca983d1c3affc

SHA512
8be092d9dec8022f45aa9ab8da819ddd6570012815b216bc87f7e0391164ad4759a7ed740b6699dda7b90df552c4598b55e94f84fca4fefb89750f5f73381088

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
109KB

MD5
759de8bb16c2ebc520dd662315930eef

SHA1
bb383a27af508941c2c46a8ef7fbdc267cdcc5a0

SHA256
ac1352b7777a32d28beebf986906b332f520b7074dbbc6a47c3ce68f7041bfcb

SHA512
c1b2e48c242e4380a471949eaa97d7a20a423a02745264315b6465a3796ade2211743c642dc2033af474bffa1ed88b534472fe667e8dc69e010b94b5c11f05ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
f94d79dbf03d9ffffa0de8e2d53f85ca

SHA1
13bb1421e761e856b7e94d51326ad0eb9121ded0

SHA256
45e92d12d004e97996aeb4c6072c1cd6bbd6f7bc59e2511067b48b5bdcd17406

SHA512
cb87cf2e6027535746b7b936672c22b85534b44a030928c805e646763b29eda563527ecf775f8ec0b6bf64af7236d0f14b82f0a59040b8a3f04aa6c5dc89c370

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
107KB

MD5
145145189d52c9dc49f60097ee7a1cdc

SHA1
4387d76a82c92600cbeb50429c6c4e72e0725cf7

SHA256
8de6d9e05d15c5fb8b3b6626344dfa6e00666a8ac090cfa941f99eb5e2e9a8fd

SHA512
990fd5e5a58a6c8302b1d244bbb1444160f9cbdcc26c1848e80defc838244ae379bc8c73ca541804468b2c7ed371348812d29c181961f4dbf7184a2a7873b4f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59195a.TMP

Filesize
97KB

MD5
8575142cc4ea6aafa6dd0dcc576970dd

SHA1
29e0ebc497a695ffbaf0e8c630ec0855add06fb5

SHA256
eaf504baa0cc24e4b23551b70fa247047701290a1c55d62c9bdedfbd302bdc25

SHA512
31565c65a4ded6446b107142c09e55f0223b0f01db46c34d2f0f8d75de7961d5773410e0b4510d9ce40cf496019aa1e310e2eef8d19203500e345c94f0fc830e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\Ladon911.zip.crdownload

Filesize
8.8MB

MD5
801e2ea441cacf7a21e2000f78a7deab

SHA1
3afd17e8a2a872dd96887e55437f93353d7bd4fb

SHA256
2b0c865b552605e5bcd750f62c5fd979b49d911bb9326fc5df5384c820d919ee

SHA512
0fe7058bd9fa1ff80f04ce0279eb9217a1e8a09e3440e42c79e78b57521a84ca0db06b5ce2f985fded3205a5d39ff15a821ef2e39a6a16de47756f445c8793e4

Download Submit
C:\Users\Admin\Downloads\Ladon911\Ladon911.exe

Filesize
2.1MB

MD5
3e62f767da0e5bdd07daa9039830a709

SHA1
5209f9ac2990c54345658fed7d9f4bf80936e5d8

SHA256
1a51b96d3f6315f1115bc9d40c387051339ca1099c45d597d0ebc17d15cc885b

SHA512
e1afee86c32a4b4dbe5a3adc54da273d909a44f05c0189be7cb1d377f7c5eb15f0217ac9c03a332a442cf3c32fc57a21427916cf3cd711ddc5c6ad88124529d0

Download Submit
C:\Users\Admin\Downloads\Ladon911\desktop.ini

Filesize
417B

MD5
e859a30b74e57e604070311b180364a1

SHA1
36475e2ed96e539420977b275dce5e434a067c1c

SHA256
31e66ded49f1ea6c221442335c52428ecc4b823fb62d92f5568faae41f7a2694

SHA512
c5fb1455f22e37c05bb6696adfa078d6d76c0ddb1acecac8096c638d925ea777524554d44d44ab9e1895184cb4ec43e0245b5570580f77bcd1632d116e76c05b

Download Submit
C:\Users\Admin\Downloads\Ladon911\update.txt

Filesize
45KB

MD5
02a18ec011c699f07560e5df37880e76

SHA1
7880cb52a257b0bcc115162dfb8bd6e94c1c1c5e

SHA256
947b21977936b9d475b5df60c9d9ddb4c357de768be398797fcff7390201473b

SHA512
93c4d2224c1c3f1098d6915e688e7c6528b46f8c71275d988146da8fea47373875b04c2ddc09388e4400f3e4f15a589be6b358761359e4cd39a91852f20d7998

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 712915.crdownload

Filesize
60KB

MD5
d235285e6e98fcda120673a5bd248341

SHA1
6f209edd128d39beb1b301a2a98d09a529f0ea6f

SHA256
ad515feed47844341fee65e2824bae7675a17b263258f87c73e21cfd94c93866

SHA512
a584467b9479d0b070adc0806a4e5f2953bc013e03bff674fdb2a139185fa5d5bc10ce401f3e404239c302eaa5917f39c93ee89cf23ef750b60145c28a49b17b

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 809322.crdownload

Filesize
375KB

MD5
c51e84d4d53678605a1cb5feb6436c84

SHA1
c5b5bbc10b0901923bf13690d9e575b41d86ac59

SHA256
14f381c0d75d7477de4bc89012f6916dcf1d373c4ebb23684baa73ddd3bef054

SHA512
022d9ad8b1879ae110b8bb3ca6cde27d479ede1ff591f9ce8faea583e44e3d228f3f53558f68427be838a87a02a661227dd6290e35b6734411eeb6f14ea306f6

Download Submit
C:\Users\Admin\Downloads\Xshell-7.0.0128p.exe

Filesize
46.7MB

MD5
55525d1f543272b216e7ac97cf8a6faa

SHA1
7efafedc7c3b6a1e44d8598dc78efb73f8057286

SHA256
282ef3f8f339d80b6f4e5d0aa8547536a197d800268982c3028981f36a1f1269

SHA512
25fa4dd82d010000905798a7f17447bd7f4f7863c659c76640622a3bfc76cf6e870489293b6d77cca580933328582b1aed2cd7c857a344185cba8f7410465d48

Download Submit
C:\Users\Admin\Downloads\mz64.exe

Filesize
979KB

MD5
297b896dbf8d619c61fd947086fce6e8

SHA1
7cb9486abe2317e735bf2e2ddb58992835ac7556

SHA256
b294f94c469f43a78a324b5cfecbde0afb3aa0256bbde06ca2718b8c038a9324

SHA512
0726206509fae1d29612e04e20a4d2f7c32ef1128eeb861f7e24a4feec62e80ffe27864c5caeb60cf7d7e1dd962eaf535ce76751c3619d8f281c7a2c8e5fac44

Download Submit