e0e0906cc5495794dc8235c6925f9ac6ea43421185aaf63ced487dc0d61f6fb7

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240611-es
resource tags

arch:x64arch:x86image:win10v2004-20240611-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
24-06-2024 19:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

en.html
Size

18KB
MD5

c597248cbdf5e782004d04d4c5963d74
SHA1

568e78b29c759fcb6f6f1a97c411517ebb8d52f2
SHA256

e0e0906cc5495794dc8235c6925f9ac6ea43421185aaf63ced487dc0d61f6fb7
SHA512

2104499b470b4571e6c47d2b51a3034e631892678ce6a853ca341a68792ac8085d7d9fea91c6b40602d38df876c9308a16aab6f0a9c7c3c3b2128bcfd571e9d8
SSDEEP

384:soMOIjPk6k7aztnkQxPOOtAIQzq5YgX5Yga7X06E0zmuv2wKIYXbxautnkU8nx/k:sDO0Pk62wtnk0OOtq/UEY2KIYXbEutnn

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1508	airshipper.exe

Loads dropped DLL 1 IoCs

pid	Process
2992	MsiExec.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files\Airshipper\airshipper.exe	msiexec.exe

Drops file in Windows directory 10 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\{FB595806-A666-42D6-A451-1B9FAB5E95FF}\ProductICO	msiexec.exe
File created	C:\Windows\Installer\e58a321.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e58a321.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIA42A.tmp	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File created	C:\Windows\Installer\SourceHash{FB595806-A666-42D6-A451-1B9FAB5E95FF}	msiexec.exe
File created	C:\Windows\Installer\{FB595806-A666-42D6-A451-1B9FAB5E95FF}\ProductICO	msiexec.exe
File created	C:\Windows\Installer\e58a323.msi	msiexec.exe

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000a1a8d825d9cc14480000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000a1a8d8250000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900a1a8d825000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1da1a8d825000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000a1a8d82500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 6 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133637304670120528"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b	msiexec.exe

Modifies registry class 28 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\608595BF666A6D244A15B1F9BAE559FF\AuthorizedLUAApp = "0"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\608595BF666A6D244A15B1F9BAE559FF\DeploymentFlags = "3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\608595BF666A6D244A15B1F9BAE559FF\SourceList\PackageName = "airshipper-windows.msi"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\608595BF666A6D244A15B1F9BAE559FF\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\608595BF666A6D244A15B1F9BAE559FF\Environment = "MainProgram"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\608595BF666A6D244A15B1F9BAE559FF\DesktopShortcut = "MainProgram"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\608595BF666A6D244A15B1F9BAE559FF\ProductName = "Airshipper"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\608595BF666A6D244A15B1F9BAE559FF\Language = "1033"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\C88751717CF27D4419D2B26402C2F29D\608595BF666A6D244A15B1F9BAE559FF	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\608595BF666A6D244A15B1F9BAE559FF\SourceList\Media	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\608595BF666A6D244A15B1F9BAE559FF\Clients = 3a0000000000	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\608595BF666A6D244A15B1F9BAE559FF\Version = "720896"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\608595BF666A6D244A15B1F9BAE559FF\AdvertiseFlags = "388"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\608595BF666A6D244A15B1F9BAE559FF\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\608595BF666A6D244A15B1F9BAE559FF\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\Downloads\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\608595BF666A6D244A15B1F9BAE559FF\SourceList\Net\1 = "C:\\Users\\Admin\\Downloads\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\608595BF666A6D244A15B1F9BAE559FF\SourceList\Media\DiskPrompt = "Airshipper Installation"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings	chrome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\608595BF666A6D244A15B1F9BAE559FF\MainProgram	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\608595BF666A6D244A15B1F9BAE559FF	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\608595BF666A6D244A15B1F9BAE559FF\ProductIcon = "C:\\Windows\\Installer\\{FB595806-A666-42D6-A451-1B9FAB5E95FF}\\ProductICO"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\608595BF666A6D244A15B1F9BAE559FF\InstanceType = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\C88751717CF27D4419D2B26402C2F29D	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2080292272-204036150-2159171770-1000\{A8DAAC26-54E0-4E15-9591-A3F089B50BCE}	chrome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\608595BF666A6D244A15B1F9BAE559FF\PackageCode = "FB370AA76A88BE24B8CA8113591E4665"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\608595BF666A6D244A15B1F9BAE559FF\Assignment = "1"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\608595BF666A6D244A15B1F9BAE559FF	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\608595BF666A6D244A15B1F9BAE559FF\SourceList\Media\1 = ";CD-ROM #1"	msiexec.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4768	chrome.exe
4768	chrome.exe
2892	chrome.exe
2892	chrome.exe
3008	msiexec.exe
3008	msiexec.exe
5900	chrome.exe
5900	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1508	airshipper.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4768 wrote to memory of 2840	4768	chrome.exe	83
PID 4768 wrote to memory of 2840	4768	chrome.exe	83
PID 4768 wrote to memory of 2784	4768	chrome.exe	84
PID 4768 wrote to memory of 2784	4768	chrome.exe	84
PID 4768 wrote to memory of 2784	4768	chrome.exe	84
PID 4768 wrote to memory of 2784	4768	chrome.exe	84
PID 4768 wrote to memory of 2784	4768	chrome.exe	84
PID 4768 wrote to memory of 2784	4768	chrome.exe	84
PID 4768 wrote to memory of 2784	4768	chrome.exe	84
PID 4768 wrote to memory of 2784	4768	chrome.exe	84
PID 4768 wrote to memory of 2784	4768	chrome.exe	84
PID 4768 wrote to memory of 2784	4768	chrome.exe	84
PID 4768 wrote to memory of 2784	4768	chrome.exe	84
PID 4768 wrote to memory of 2784	4768	chrome.exe	84
PID 4768 wrote to memory of 2784	4768	chrome.exe	84
PID 4768 wrote to memory of 2784	4768	chrome.exe	84
PID 4768 wrote to memory of 2784	4768	chrome.exe	84
PID 4768 wrote to memory of 2784	4768	chrome.exe	84
PID 4768 wrote to memory of 2784	4768	chrome.exe	84
PID 4768 wrote to memory of 2784	4768	chrome.exe	84
PID 4768 wrote to memory of 2784	4768	chrome.exe	84
PID 4768 wrote to memory of 2784	4768	chrome.exe	84
PID 4768 wrote to memory of 2784	4768	chrome.exe	84
PID 4768 wrote to memory of 2784	4768	chrome.exe	84
PID 4768 wrote to memory of 2784	4768	chrome.exe	84
PID 4768 wrote to memory of 2784	4768	chrome.exe	84
PID 4768 wrote to memory of 2784	4768	chrome.exe	84
PID 4768 wrote to memory of 2784	4768	chrome.exe	84
PID 4768 wrote to memory of 2784	4768	chrome.exe	84
PID 4768 wrote to memory of 2784	4768	chrome.exe	84
PID 4768 wrote to memory of 2784	4768	chrome.exe	84
PID 4768 wrote to memory of 2784	4768	chrome.exe	84
PID 4768 wrote to memory of 2784	4768	chrome.exe	84
PID 4768 wrote to memory of 3096	4768	chrome.exe	85
PID 4768 wrote to memory of 3096	4768	chrome.exe	85
PID 4768 wrote to memory of 1908	4768	chrome.exe	86
PID 4768 wrote to memory of 1908	4768	chrome.exe	86
PID 4768 wrote to memory of 1908	4768	chrome.exe	86
PID 4768 wrote to memory of 1908	4768	chrome.exe	86
PID 4768 wrote to memory of 1908	4768	chrome.exe	86
PID 4768 wrote to memory of 1908	4768	chrome.exe	86
PID 4768 wrote to memory of 1908	4768	chrome.exe	86
PID 4768 wrote to memory of 1908	4768	chrome.exe	86
PID 4768 wrote to memory of 1908	4768	chrome.exe	86
PID 4768 wrote to memory of 1908	4768	chrome.exe	86
PID 4768 wrote to memory of 1908	4768	chrome.exe	86
PID 4768 wrote to memory of 1908	4768	chrome.exe	86
PID 4768 wrote to memory of 1908	4768	chrome.exe	86
PID 4768 wrote to memory of 1908	4768	chrome.exe	86
PID 4768 wrote to memory of 1908	4768	chrome.exe	86
PID 4768 wrote to memory of 1908	4768	chrome.exe	86
PID 4768 wrote to memory of 1908	4768	chrome.exe	86
PID 4768 wrote to memory of 1908	4768	chrome.exe	86
PID 4768 wrote to memory of 1908	4768	chrome.exe	86
PID 4768 wrote to memory of 1908	4768	chrome.exe	86
PID 4768 wrote to memory of 1908	4768	chrome.exe	86
PID 4768 wrote to memory of 1908	4768	chrome.exe	86
PID 4768 wrote to memory of 1908	4768	chrome.exe	86
PID 4768 wrote to memory of 1908	4768	chrome.exe	86
PID 4768 wrote to memory of 1908	4768	chrome.exe	86
PID 4768 wrote to memory of 1908	4768	chrome.exe	86
PID 4768 wrote to memory of 1908	4768	chrome.exe	86
PID 4768 wrote to memory of 1908	4768	chrome.exe	86
PID 4768 wrote to memory of 1908	4768	chrome.exe	86

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\en.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffa5b1ab58,0x7fffa5b1ab68,0x7fffa5b1ab78
  2⤵
  PID:2840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1604 --field-trial-handle=1900,i,17898846449388792995,13399993221365929428,131072 /prefetch:2
  2⤵
  PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1900,i,17898846449388792995,13399993221365929428,131072 /prefetch:8
  2⤵
  PID:3096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2188 --field-trial-handle=1900,i,17898846449388792995,13399993221365929428,131072 /prefetch:8
  2⤵
  PID:1908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3068 --field-trial-handle=1900,i,17898846449388792995,13399993221365929428,131072 /prefetch:1
  2⤵
  PID:2072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3084 --field-trial-handle=1900,i,17898846449388792995,13399993221365929428,131072 /prefetch:1
  2⤵
  PID:4240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4496 --field-trial-handle=1900,i,17898846449388792995,13399993221365929428,131072 /prefetch:8
  2⤵
  PID:3964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4732 --field-trial-handle=1900,i,17898846449388792995,13399993221365929428,131072 /prefetch:8
  2⤵
  PID:2572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4456 --field-trial-handle=1900,i,17898846449388792995,13399993221365929428,131072 /prefetch:1
  2⤵
  PID:1832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4900 --field-trial-handle=1900,i,17898846449388792995,13399993221365929428,131072 /prefetch:1
  2⤵
  PID:2464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5048 --field-trial-handle=1900,i,17898846449388792995,13399993221365929428,131072 /prefetch:8
  2⤵
  PID:4376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4448 --field-trial-handle=1900,i,17898846449388792995,13399993221365929428,131072 /prefetch:8
  2⤵
  PID:4192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4132 --field-trial-handle=1900,i,17898846449388792995,13399993221365929428,131072 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4756 --field-trial-handle=1900,i,17898846449388792995,13399993221365929428,131072 /prefetch:1
  2⤵
  PID:1080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4168 --field-trial-handle=1900,i,17898846449388792995,13399993221365929428,131072 /prefetch:8
  2⤵
  PID:4404

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fffa5b1ab58,0x7fffa5b1ab68,0x7fffa5b1ab78
  2⤵
  PID:396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 --field-trial-handle=1924,i,15833121228957668295,17971724259179924098,131072 /prefetch:2
  2⤵
  PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1924,i,15833121228957668295,17971724259179924098,131072 /prefetch:8
  2⤵
  PID:1640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2168 --field-trial-handle=1924,i,15833121228957668295,17971724259179924098,131072 /prefetch:8
  2⤵
  PID:864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3096 --field-trial-handle=1924,i,15833121228957668295,17971724259179924098,131072 /prefetch:1
  2⤵
  PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3104 --field-trial-handle=1924,i,15833121228957668295,17971724259179924098,131072 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4444 --field-trial-handle=1924,i,15833121228957668295,17971724259179924098,131072 /prefetch:1
  2⤵
  PID:740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4556 --field-trial-handle=1924,i,15833121228957668295,17971724259179924098,131072 /prefetch:8
  2⤵
  PID:3512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4680 --field-trial-handle=1924,i,15833121228957668295,17971724259179924098,131072 /prefetch:8
  2⤵
  PID:4748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 --field-trial-handle=1924,i,15833121228957668295,17971724259179924098,131072 /prefetch:8
  2⤵
  PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5096 --field-trial-handle=1924,i,15833121228957668295,17971724259179924098,131072 /prefetch:8
  2⤵
  PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4788 --field-trial-handle=1924,i,15833121228957668295,17971724259179924098,131072 /prefetch:8
  2⤵
  PID:1852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4268 --field-trial-handle=1924,i,15833121228957668295,17971724259179924098,131072 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4412 --field-trial-handle=1924,i,15833121228957668295,17971724259179924098,131072 /prefetch:1
  2⤵
  PID:1412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4068 --field-trial-handle=1924,i,15833121228957668295,17971724259179924098,131072 /prefetch:8
  2⤵
  PID:4088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4040 --field-trial-handle=1924,i,15833121228957668295,17971724259179924098,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:2328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4420 --field-trial-handle=1924,i,15833121228957668295,17971724259179924098,131072 /prefetch:1
  2⤵
  PID:912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5192 --field-trial-handle=1924,i,15833121228957668295,17971724259179924098,131072 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2396 --field-trial-handle=1924,i,15833121228957668295,17971724259179924098,131072 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4788 --field-trial-handle=1924,i,15833121228957668295,17971724259179924098,131072 /prefetch:8
  2⤵
  PID:2940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4700 --field-trial-handle=1924,i,15833121228957668295,17971724259179924098,131072 /prefetch:8
  2⤵
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 --field-trial-handle=1924,i,15833121228957668295,17971724259179924098,131072 /prefetch:8
  2⤵
  PID:3004
- C:\Windows\System32\msiexec.exe
  "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\airshipper-windows.msi"
  2⤵
  - Enumerates connected drives
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1892 --field-trial-handle=1924,i,15833121228957668295,17971724259179924098,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5900

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:828

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:3008
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  PID:4872
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 2D9D055E76F132B1843D909D42D72A5E C
  2⤵
  - Loads dropped DLL
  PID:2992
- - C:\Program Files\Airshipper\airshipper.exe
    "C:\Program Files\Airshipper\airshipper.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1508

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
PID:5068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e58a322.rbs

Filesize
10KB

MD5
96bf9eb914c99b3e0418fa61ba3ae252

SHA1
850c3f83892309f890fde179795132a6ea70173b

SHA256
fd3c144732225f994582ca63237c232828fcd2c091e27403e40da848a27b14f9

SHA512
d4b28d75f418dce995bf02c61e0c4ef71ce4fd529adc830dedd7bc575ddbc174dec1cb85f44ac58c8a01d5677682e0519786cc3d9c73418a35de1b2dbe87f465

Download Submit
C:\Program Files\Airshipper\airshipper.exe

Filesize
28.8MB

MD5
a25473a695c46d60057d7d29505438cc

SHA1
5fd25b2928fe073a36e413a8db538e092c7e92ac

SHA256
24bcbda2904786287e436d66f36ebf397a4358690b4873e1c490a061237527c3

SHA512
44830d2eb07a1366dc49f08c175fa1e4301bafc8581318bdac64366431f078d3da12a2036ed959e78a7842dff34d8d33ad29e08f7fa52e94d6e5d566ceab0bf0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\1d34ca4d-1545-4713-a315-7df6813bae5c.tmp

Filesize
138KB

MD5
5a350ee7f918be92291e87ff6adda143

SHA1
5da6fd24dbfab88fc1bff7a374cdb37d64240b29

SHA256
729b6d072d9d9af70413f05df74ec4e01f0232a0969c0ec43b4348de74598b17

SHA512
bf9997d04b486a4c70fb00eb1f2e4629ecb71bfe2da34a4749211ab22237a057ea329c9ea57d8837c7d1d8b0be01553aa5e20818806cf4053ca895fade61cf6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
a85e5add31f209ed527bf82ac0768582

SHA1
9551a7f1878b70b64d4ed23aa8f5d69cc6f272b9

SHA256
9b28265c7c93e93355a28432984cef0ab471397329c2924745ff139d2a585c43

SHA512
4e216dc0fb62569a58c05a34e91658cf481db11e2d27589f1cc556ed2e986bf6d999a51dd35a6cc98c59be97f9f64df3ff084bdd8b8f1739f4589e7c47e11bbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
ccb823ad3e22d686e5b06cdfd4481bf7

SHA1
18dd0e0d76bf0c37a0eff900b0aa3ff213e8df8f

SHA256
73823e9a58cfefe81594b872e787927df48f124093070d83eaa88176036ad2a4

SHA512
15d07799b3346c4bf6c0c8d6d2988c3591320d46a68af35ad6daf19112f27ffb83af906f555b61c86f0ef6f121c2dcffdbbfb5c09a9ca27f48b4dd7d760309d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
1bb0ce2eaea5ee60a5d1dd98aee6a786

SHA1
c68ebf30b18780df69cab5647a37baa35d8fb50e

SHA256
2f45e635546a4b83c7e308f8523763f3ea12b009300d88b75a79139442ff2b0f

SHA512
9291829ba9fe8787546231e6de876f0f243cd93d5226128a9006e9ba1bdd0bc2eb29f4295d9985a020e2e083c5f5364ad15df3bd7897e80f982d925a10662dc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
222228708d3d32cd7d8aba311f47319f

SHA1
3483c0bcadd30cc1691da831006579bc413bca27

SHA256
94b2a15047c4d84cfdb3096156ee1fc701a9549c305c7241c5c1d9c56e3818e2

SHA512
e4aa422798662fc0170de2bfe8d723ea947da029f2a712d0a713532ac7a229e9c21c9c9919cdc79241601a7905523ff37e6dcfbcdfb1c090d4bc3cb07573c4bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
2ff4281ff9e95939ec10310c07f91308

SHA1
531990ca419350f2083c1930f03941fda56a64d8

SHA256
99b9fefcf69ad5b4e492af828aed251df6071306cfd9c3684be03783b6347b7b

SHA512
58112fb966719fd9662e4713753fd23012bf97a40f3a9d38f9a14a015030e609a4b2e7cc101be545624b5154f12dbee817a17113adef8510b35e79d45591b426

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
107KB

MD5
4f2ee195aca092dfced46d716f4b96ce

SHA1
1c1413eb84b76140cc098e832ba26d72fadc5e44

SHA256
14b10b1bf2c9948896786a2eaf5de8e3ca0dd2f50faa2373af188c912a50d150

SHA512
0743fbb17b155b43aa8a6e60c0b084f44f8e74df8101b8a8d6d79401a8f11a57d42fa91a003fe990454371f664af687a6f821a7110737aa2b3fa68f87d303934

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
80KB

MD5
42396c01595d7ab87101df673774d911

SHA1
414dd1e580ab71ba0d8f980f516ba149bb293250

SHA256
584d6c06c82947d4482e32db4317fc21b106b1fa3b79c6eeee2bbbd8badff1db

SHA512
e0ad3218d2fe299ed4351af64f9c93e41edff9f40906bb4caa7523f51f89ef6a6ce3e15a4cb855cc89564823e1ed682650a94ba6cd1e5ea67273d4675ebedb05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
204KB

MD5
081c4aa5292d279891a28a6520fdc047

SHA1
c3dbb6c15f3555487c7b327f4f62235ddb568b84

SHA256
12cc87773068d1cd7105463287447561740be1cf4caefd563d0664da1f5f995f

SHA512
9a78ec4c2709c9f1b7e12fd9105552b1b5a2b033507de0c876d9a55d31678e6b81cec20e01cf0a9e536b013cdb862816601a79ce0a2bb92cb860d267501c0b69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
34KB

MD5
946d690cf4debe2e9592e24177cab035

SHA1
5fa020472422c312c704584a408035c3425b656e

SHA256
23ca8e8b4aeae5cbbc0b19ce5510214b48206c3afb746c1960f86fdb847ab091

SHA512
f5a5b6ac00359f36c0a059905c0a4a00f9341d79dfdf51d85cab0327d59ec6ae77210e956ce28f298b12043a5f65f79493e47a4c8c3a522a39b532c9f95654eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
59KB

MD5
caaa5222d179a24ca5540080c7018b99

SHA1
1f415a7a73a12a4c16f25709504f4e4e4beae9dd

SHA256
b729255f2e984a20fa0f0eb07e08368cf468fd17ff27a7d1dbb4042ec261d8cf

SHA512
71b4f878aa154ba4a8523c2e36faa8dbe3cfafa082b18796d8b69539dee9506253b9e55fc9b71cc2c9027d22ae08587b0e2ddadbc8d3395dbb73584d1ca1ebcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
24KB

MD5
87c2b09a983584b04a63f3ff44064d64

SHA1
8796d5ef1ad1196309ef582cecef3ab95db27043

SHA256
d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0

SHA512
df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
132KB

MD5
5692f6e915a19da990db4c32c2b58967

SHA1
d0220c06ff0ec62c375070a5d559a51d31998252

SHA256
69adcac9cf89335e380939b3eb1aec0b9f5e6621ac7a9bf8428b12782e4cd839

SHA512
70d2205f02bb8e5f879cd6477860a6e21e832d53ff371638c7c6df8e0b08e9170ef7f39d35e163e7279cda7966cef7ce4a8258d360f0525ae72c6d7c428e8633

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
328KB

MD5
5d4114cb033dd9abefa79daa8bb1fce3

SHA1
403170941671bb5c568c2a535cfc5d3e0c6798f2

SHA256
6d6e9e73e627d6becbe74b55cd632ced17a11df4e70a99ea305e76184e13dc2e

SHA512
8df0ac9df4d07c8d5572e5cfbd94f1d30fff4a8346bc6807f864550c78fa3293595eabdada7e669192d6b0fac47c06032bc94120ee9a3d4445791e865b54bd28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
105KB

MD5
989f75e894f728b36d6b1608a96fb908

SHA1
c5c82edad1b5668b151799a74e017a16732072ee

SHA256
32a2da14d39f556bcd2747be3b2599227b6feb35c4e06d5ea5402c03562b4d1b

SHA512
8f1aac4b0841caa18302b2313629ce7002d251a4e4e2f2839a987667501a43f2785863c647dd87139a3bb866a103aae2fb423425e258bb9ddfd912f499b7b97a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
73KB

MD5
bdaa1e84052d9aa4cd3fab7df47065b2

SHA1
5fe26535b18377eee3d6e3b7070458596ccd3155

SHA256
4d67bc9f812696d537d3c3e2ba2d2f27aac47442a73462b57e99de715cfd24fc

SHA512
a2230dd74842306c88f7205931bae69a2d074c0b240972265276b58ef35fd328d8700a1a6ef3a650007ae63e8efad6590c218e4c002a01f11801aa43c737ca1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
169KB

MD5
ef0674eb03466ee1593d6b345ec144b7

SHA1
c21a85ef88bce15d3f6a0ee544b7f8bb75493d30

SHA256
b0a0573afcad3570a134aa02caa96479f7449d455448228cd2041298404feefd

SHA512
885ecf1c326903897e1bac8dc6b81cd656fa95286cccb8f5d0ed1965900ae468811aab908b1c5417c3a00fdc6218c8ce40abc368ad536469394f113cb369ea09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
41KB

MD5
cfd2fdfedddc08d2932df2d665e36745

SHA1
b3ddd2ea3ff672a4f0babe49ed656b33800e79d0

SHA256
576cff014b4dea0ff3a0c7a4044503b758bceb6a30c2678a1177446f456a4536

SHA512
394c2f25b002b77fd5c12a4872fd669a0ef10c663b2803eb66e2cdaee48ca386e1f76fe552200535c30b05b7f21091a472a50271cd9620131dfb2317276dbe6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
151KB

MD5
85ec14db47f08ba1ca9f8f7fa7918913

SHA1
4aef06bc3a9227a6369352821fe11419d15c4a29

SHA256
01ac325b94ca384d1262664a9a9594c344bb3fbdf247a9c57d715b7b83c91c5a

SHA512
570bfffee78a2d7fbf010f54096e6423294996dff41805ce68a2f96e0e4fcfebe07642e25f0c8317dc04aa9136b9cf13f160e7f9f5da40786ca790afa35692d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
18KB

MD5
13797371069904725b6791e857715156

SHA1
02b4d7c669fb7600136f0ac4bba7b6e061fc1f4a

SHA256
3eee7c98aa1a4e575df5d77f1c4b5e560179595993851cf2c6bc8ec35e710fd7

SHA512
08f6dc0acd495800c5d8ced619605fb0a3b5af9f8f14dd8e58df5ad2e4492ec96693cc9624812141eec24a96aa99527f31dbfab8ed5dcae763543449daed3c13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
832ced511fbef8aed07f59c52f86743b

SHA1
9592f3ae8ab1d880b86d01ce16983b5b308602f7

SHA256
c6e20cf59674e8a2c6593823dd7c3a091d94816833c235008e05f230a20c3d7e

SHA512
b14c8604312281af2c894e52a78e96cd4cbc3da6f1ffdfdb1d92dd88556d409ccba2b5e40d3a383a1deb092de73d9418692be537307c95983b0288c9b1326f58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
ae11fb2d75b6e95a3075657a9c0f2b37

SHA1
f43b92e68fd07937abd039ccc88ed5e7d60499b6

SHA256
becef786f941d6244d829bf77413fff377305836f25c2f1c36f2e054be78d848

SHA512
09d7aa594be93d19d5d7475e7bef244d36157ce37f5ed21ec0f35f73de553281d239093351075ea2e3a574c883f98bde153594584eb9f89a6fc0703e725cbb8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

Filesize
20KB

MD5
9c74ab07224643650863fd78eaa32132

SHA1
9b74e35654f1c6e49009f90434d9205e71065208

SHA256
e57e858ad205b645b5e02a96f812275ffe8d4e011125c9ad34f3caaf11d4f15b

SHA512
c22269b67254a15e15051e11c9b40bc8c10b643af855960b9b0d74d905f8a213684f4d1cb29ea2ec6607c8afd9d632027c38d5f0f24affc418f6b4ec3af73ce3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
152KB

MD5
e3f8901d6172297df653a883c979550c

SHA1
686441af34255b4a56e6781b4923df6b78424e03

SHA256
321e92e25b13a6aace7881b2966f728022db8ea9dee3b4fe195673974761563e

SHA512
ff310d5422eeb5d3ca957616d98baaa8e3f327d32b116b67729d6c4547daee6cca2ef99245ff7b4234fe1dbb7b5669ecaebf52dc7822751cff84e5a31c47a942

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
20KB

MD5
f2c400c1e688d4316f2cf0f7cb0b9106

SHA1
dfe3a305c641ef3a51656d2f8b5bddc33736accd

SHA256
beb0f786397ca2a4e91c504435a3fdee35b013b63282ced5ee6fd02d1c5907fa

SHA512
50aaed016090f09f4512921d9f5d700325f85a5abc563afaf141fb709f98d47dd7a9aebcb04bc88b82a96fa3bcf25252d146013669ffe4f801c98a005ae5eb3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
97b71a9944c799d2aed045923fcad0f0

SHA1
65d4751ec3fb86cfe1bd74416fcd2c1c4f95bb4d

SHA256
07f6d7e744e85fdb22da664ff0c4cc7ec7279a49fa610ef662768c837d996492

SHA512
268fd1b5e05fd18cb17de104c040ef897da087324aeb062b6406541561f467f8b4e0ea12bcc523b9f1e48936d8f85293a6866bfe6614e341325faf90df114954

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
3047b5191a08953c0119800d0fcdf230

SHA1
0fb2534318b1e8dd96025103768d0e5a41e64acc

SHA256
77e37e81331a6c75848fd739c5f80018a4eb8e946a99e4f916ec84eba840a886

SHA512
34e4b99ab09f7fa48c93957a223cca21dc9b768a4d06bf125ffe27c755b2595113555583a9ed61f0cab19e23bbceafcdddd733296581694b9de0869a5b582717

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
35b06dbd35187e67825bd45c47b65ca9

SHA1
acca1954de75626bdca6811066e7ed1a10f286d5

SHA256
3253847a6bb9445c9b3d535d7be1671385444167ed0f89ccafa800db98b0ba01

SHA512
f50cf333a142ae2b10f61b3ad6b63aabe74d4e983170b55168cad2856b1754027b200bfa74d391e12436785870e0c5de7a1c34ccf8bc3e40c6146e37739d5e52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
692B

MD5
9f7e7af6d892a9c31f68d6c955e51ba7

SHA1
520d0ea3e37cf25ead24a35392f521cff7c13742

SHA256
0c908b210cddf64bc4ec7cefbfec55cb3b02b836c38de3e43e5d3dd3780baaad

SHA512
02977209e78c345379949b2b65ba490a7147ef29eda3e92d16c55f24dd20961a89d71d75129aebe917318ad4519b9bde81f6044518c709176cc302cd3bf85baa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
e9aef838e716c5b18e1a35b9ae6a0c80

SHA1
67b629d83776238eed051124bc9747ea7eb586aa

SHA256
4af1963dc844ad4619c9a6b3538a5d189fa49687b7addde22dbee1be734b4d69

SHA512
bfb2cf91f760ee3263b061ca1cc09b6f7ed356cc13e6d2bc38832961d06ea3b41d999a80d090d85eb80e725e2eb38d058c219f5048f5708668b92eb308478955

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
ca8a248bf2e568a703c269b6501cd716

SHA1
b4be6a2cd9fece2cba50f99bef94c7f9b698ce44

SHA256
8cf9c352009a7a40ea6b9264aa2a50fba6d3a2cd55550a5ab95ab356c06292c7

SHA512
b34cee8c6c767c32fc2a1b805493d3625db5213f82f922926e929dfc0ff4c18a5e6b2e09dc4cb2fc4fc3a099b6b64bd97f4a97fc6de9cf9d9046424a9d4d775d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4b340c7b9cca6be94c1e870b0f23ae35

SHA1
75cd6454ee37a569ed5a5ee2a055fad841e1c9ec

SHA256
4be2cea419072383e13bb85cd4b4f17629e7b77495b76bcf378020feddda0a57

SHA512
899e0d2bc0ea83f1a60889b2f9ec28bd481b2566cbcad4d07b6754e2527caf7472eb5d9c04b7686226e843e5465058738ee27540a8ac4fd1adfcc1bed815eff1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8ec7e66ae5fa7cb151b73327da7d6295

SHA1
eda61cc18adc9338baa578021d06ac4877cf360d

SHA256
9c28e108d40654541fcc48a96ee59083c767bab12ed9987f743dda134c063a5a

SHA512
ca5617483396d8e26cda2ec9f456eb70792d8c4171dc60cdbea0d073c866e65921d88b1600b5db62f846547e4c6215bb7878d7e85ade7e237b98269ff317bd41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
4a7a7a36214cef3b83e4a989db9344ad

SHA1
a052f52422b15d6bcead7451aa757356339a1780

SHA256
e2187dac3d1f4fb28d53e48fc2f6cabba48996f537c0fa775d96059810586616

SHA512
82e49a6c7e178f6d8cdd93f7f16073d082ae8b68298165c3c0dc6c24bb0da8c970566f9f84c9874e667f749c1bedf86e244dc6a1cf09be78b4fcdbc5597dd9aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
7fd170cc7d0d70d9d7701344d5f4eb2b

SHA1
5e5ff373cef24c15a3e260224c999e62eec27fa2

SHA256
6835e9c9b7125f617c207aa6caeb1d80ec1629add23577ab96dc80af53c4a96e

SHA512
9bec43e54c10badbdbae6ce7b9105020cbc75c351c37ed2e199f057f90b7e392c9059cd857469163b893c79a0433a0f55d87fc887851c4ce3de53619eb166aab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b27c8680a69fbfd6548890fd78fcda2f

SHA1
148e735f608f6c7d208ff1bab59b4e0876249e20

SHA256
5c4e1c0080b56f0600f1659cfefdefc7e5c5041c46bbad5d5764db59e5d6ef35

SHA512
15162bf1a76f196fb56c251a3ad70b4188270a98e24ee66cede6c314e8f462420f2d87a9fef1115279596b80beabc636e022890caab3d4a4ef7ecb6b288146e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
60c1a5239c1f5d34e9cd6ed210904a9f

SHA1
9d1889d07caea82f95fdb46ee44493b3c1f1e17f

SHA256
51792b8f580af9285f167afffc6f94509d94e136eba140c3688ce6d8d638c152

SHA512
124badf3e4baaee9584505a8b285a477d9440f225f997fd0f7c9d176ba512c452640be554f4c994246a86c08dc7756360b554f3554ee1db3a8a9c1551ac28ed3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1dd35fcac67fc64829ff842e364c5bda

SHA1
a4a1144c921c386000213d717a6254df79111e11

SHA256
f7173173648f322213eec529b571d31f19d643276012a9ebf31ac9fed6de2ab7

SHA512
3d05de978046b699bb2774f6a13d1c76999ec5bfb56736ab5262331857fce951d718dd6bb651e98c3ba26282c168cd48e52ddc197c5f768d49e631122ec54d23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
0d942abfc5524e68e4c25e658522a49c

SHA1
0f63712ec6741c1075af906a2e4560765e6feceb

SHA256
faccf83c3aee688c518fa24aaeb0450652e39105733e240e51119caaf97b9337

SHA512
37aa07e83061ab73355c3124e41fb9610bd5869a2a62d071322f49d964dfc351f49d7c8c94211aaec2ed156a815b1366484b11509a75e9a745d605e2b8cb1777

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
6fd19183b274b28d11cbfc566a1c1faa

SHA1
bfed0bc13552916b44c1f095a77ea3d13e7d6c9c

SHA256
ee4a7aa09575a5f715de62dec4f29d0092d5ad781cf77cfd46e777bc9dda3aa9

SHA512
a028f375c35729770435672e80e96a69d7c395a794fc52ad7c0cbfec1a79a35ec10a52f8189a156f3f24ccb9cf83f61952fcdda8c8ec78ff024e148b9f72b662

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
b6f48def1ad0dc727f479ce8ffec8a6b

SHA1
488a3d7c23f20d7c90d9cd3010d31836d67b4028

SHA256
88b9c140ca5cdbc682401e0cd009ef606ef17510c596d69c12b629f720543aec

SHA512
ff657c31fa12c36894ac6002bbc33c3263739b9727aa255687ff9299087d47b2a6b390cd0bb6ce588b992c245e497f5e9178de97bec3c72a2d696160dd9f3a9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57d9d5.TMP

Filesize
120B

MD5
d48bc4c68b6585f97f6f99213344f8b4

SHA1
b834c9729ced743ea766e057106386b951ee1eff

SHA256
f05fbfdf9a56f69b09e3f170bd562ac02048cc21c5772bbc0207f2edc53a366d

SHA512
2c5750588d2f6364f593f82167abcb407fa2b84ad729035d154f52d810d8716dc91c77a3b8bda3114a648560a1f37fa431bf011ddd8293875eff3de07d77d36c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000003.log

Filesize
2KB

MD5
e9a422cca522e51276be0097ad9f4fb8

SHA1
ec0d82f048b46bd41cf00ae50c48f089870c3b94

SHA256
1f084741ecc3762e03def2fb2885b9eee502bba67375f15e42b5994ca42145db

SHA512
2baf0aa5d9c2f9d0ea9e2277b7e5418b76c2256522719f9c98f22c436833028d32d53a23f80676337bc05f8bf90eb2c3d5f805da2a4cfc43793e496f37d0e950

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

Filesize
333B

MD5
d83d22e933b5f108ee20795e9efbc6eb

SHA1
e81ce0b47d1b4a0f2a8fe8c41be65b1ade769f30

SHA256
d9e6c3f7df046cd5ebecb8bea64c4ce26b48f92dc82dee21a49c9232cd4888cd

SHA512
2ab5adac3868cfa8761521a7fe0ced31178cff2d5e74137a32b3055b9a738dbdad22531cae3550f29bf08f809956f6f6c4f5a7217d3b425f7d9c265011bb09e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13363730486350864

Filesize
6KB

MD5
99ceadb649304cae75647cad1189e4c9

SHA1
c8268e0f96aa7f66335fe2db27e659c8d8748a70

SHA256
2f62d0eaac70295f00267298e8ae149dfecb70e52423a689c0c46350aa354a00

SHA512
b157ae7cb014838cf0872ce2b9fa3843938c7a0fd72fabfdebe17904786692d197d75af9b1d7b84aefaa4de22c87e87abf92e12b13f857d97b562492d43e4458

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log

Filesize
172B

MD5
bdd3a7421af8dd96463edfcc23494217

SHA1
cd890e3496f112d10f20a2e8467cf5311fd478a6

SHA256
585a8a210b283489506842b202eb8a978831b867b3cbb7b7ab390fe4c8231396

SHA512
e07f6020ff0f2bbc22ae816ead0382bb78f561a81b16c3ce7557141c92c61a743ff29605b4bd629eea87fef492c18e2ce7bb22e5ad6f0e7aaecea708a2abc045

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
681b4982d393aeacc643d04837559890

SHA1
afabbee06cd85af7cd5d4b3c57918515213ce381

SHA256
6401d0a4ab2753b5484079ec247d52be379f62bee61dd707bdf43c7772614843

SHA512
d556a638ff75745f9046469d34414cd5ea70107925c746b44bd621f3bf77177dd90b7926bfb0b95c4677a6189b255b1dff390ce243a5077d8d4511884de3f5d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

Filesize
15KB

MD5
ebd435df0787db59c0f0e52e2e581b9c

SHA1
6965b7f90e4dd0b885d64048f090fe49e8697d97

SHA256
1b35918f435bbbe15cac21a04c634a5feb92980d411f525e051202fdb48250d2

SHA512
f13c1a1385d625ef01f61e2700d2525311f98598a4a048208314dab0081a72963a6ffa5fb84967d2df3e1dac58c8ec6e3e40fb3dd2febe41b045986742392b07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
c404d1759d8c5dec38eee5d79571804f

SHA1
37be311b6b43f346d461e351509e6a70d7c2db0c

SHA256
1fae309aa91046c675575529b7d49cf53811d32f49b866d101f0d473e8bfe4c6

SHA512
9562ba41365b100f1d2c9035383bdaa6ba38fc9037a57880b86583c9fe89c37158988127f833f42e844ae880007713ece5eb25eaa44b18dd17f9e291e6f248b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

Filesize
128KB

MD5
0d556e4c827b98ccd591414f09b71a7d

SHA1
f02aef1f299a20f802748e2e1bddaaed83859a1e

SHA256
03586828980199bf944cea94bcc7bc9f4fc4bc825308c382b4a7fb32d3b2486c

SHA512
960284489fdc7b0b3ffe4843d2e593a0d4f56fde68f1f1e2bde370fd008577790a9053d37f16e698e5621691d6d8f77efa16ee8a3790374b9153ecad720d4624

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data

Filesize
100KB

MD5
c7dd503a9388b0ba62431c5a945070d1

SHA1
f9fc8d23c817932b9cf5e58fce4991aa777ecd03

SHA256
82d88106bc69442cf0ad0a9e8832be0c7c051de671ae1d19152ecad89424d771

SHA512
db229900fcd1b640c72d0af2bec6850d3ee8457e0854cfb57e5baedde7962234d48c42feff72bd985e4784d1ce647d7159ac3944684fca3beee43099b9c26bc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
889B

MD5
dbda198b1f71b22c9c9b3d24daac1689

SHA1
95868f6fbdb8e41fbcba7ec05dcdca6450820150

SHA256
4c5d32ee5e56989b17b89242281cf19f281f677fb15f958695f9f39ddec27383

SHA512
3cf9ca0361b08eb460df1d7d136280b69c33e10839e1880bfc088b4057b4832e958e7d05fe18c1a2b80aa2bc0bd412f2311cc56258dc352b523dfa97296fe2e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
335B

MD5
fb8a7b710f2fb66a1556ae50d39a6805

SHA1
15bfef72a5d1132c64d04e3e1dabeae2d0038c20

SHA256
cd0a80ed494c00e7d299721759a4e28850486b9376bbde6bc3bcca9bb855736d

SHA512
a41898c8363a0fa63c7e911fe8bd716b7fdc42b567db4fb3ee0447ed362f1719cd28fd848cad3f9654424b653f32860f43b159e4724d0e8a63e94536b8376f80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
009b9a2ee7afbf6dd0b9617fc8f8ecba

SHA1
c97ed0652e731fc412e3b7bdfca2994b7cc206a7

SHA256
de607a2c68f52e15a104ead9ecbaa3e6862fdb11eac080e408ba4d69f1f7a915

SHA512
6161dd952ae140a8fb8aa5e33f06bc65fdc15ce3fbfe4c576dc2668c86bce4a1d5c1112caee014e5efa3698547faad3bc80ec253eedb43148e36e1a02ce89910

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
51f23325fe4e12e7bceba742d97e2c1b

SHA1
b4878c29f6387cdec25a1778efc17afb33694f14

SHA256
de4cd7ee2ebe431814c5cecef283358a86c22a5f00784ff7a4bda7b8db09e48b

SHA512
bda9170cf42d7cf805bc4fa7b76789dfa2772befcd2da1dc013cbdd26c1562bf101828afe218819a21beb4a66514e1567860dccde05117dfc13f76697dabb8f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
280KB

MD5
593b037e8d603ea27ce382ed0b3a116a

SHA1
b900607bf8127788ee595d2ee5e2571501cfa3de

SHA256
4acd57179ccbc01b3309ca25de7f3cbaea1c03a03636f6daf89dd573ec90ed43

SHA512
62355f3302ac81d8ddeb7ebaf20fc14aa5d519560dd512f4ee648bbf200c2ac0c48c28dd98a59a8a1de8e08ac6a8c517fa880e77d5972c52ccb4d2e52e3edd8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
280KB

MD5
4555c36e321d5bfb30aa91e20eda51bd

SHA1
0a772a7fe28653cc69acdb90f5a34fc42c4b38f6

SHA256
e4df244eda1cb4118b55c2c11b8147e6f7c28bab792385bad0b689aaf4943888

SHA512
1b73798805326d4cbb9d75c9fd3b27fc37b65f3c2fd5e3a9a94f8094ab1ba2c3e90722eb9326f51d07a5cbf5312247737763e1e7e9471db592030dcb911b1ee8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
93KB

MD5
bdf0889051f048ef05de5ab6f8d4bae8

SHA1
0ca3ab13d94a4c877223439334e676375322bfdb

SHA256
a17f2a5a8ac3160df05fa8ffc0f2617be02985a0c3ec555fbdd3e0d566b56f20

SHA512
9636713bf4c0877f537509d55489919e445f114a7a2885a68c46ecd753e4348f3d5148f0e4637a4ae3515fcc92012a71323a58c37d2eeb7bfbc68cd4ef7521ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
99KB

MD5
ef11a3e35b0843d5a09baa5b47c29c7b

SHA1
85fea926db637e2208c190418422361ba827e35f

SHA256
7c4a095a303303bf66dd910e90551b38fd0dd9204a9f719849acbff74df72cb5

SHA512
a66ebeac92d4ba9e0a16c14e9b67ca0dbeb82035b16c11590f739607aa747c710d64bac6eababe01ad44d19fbd590f20df81561233e7337f11dfdb5cc8439f0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
105KB

MD5
6a4cd7547a297217ba5978bdf0f5af3c

SHA1
916600e6f1fb12f3a002c658063b2493b2156b08

SHA256
28c0ee46910a1cb116096509b26949be4225041a01d832572fd1db04cfb73545

SHA512
a5d2b9c4d9c190b52f1e000e0025a186432eafa80abc47ef68a688a3ac76e9f4fa66b2d803c65b8f5f830704315e5163871ad83aec971fdf4f0c865ba68760d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 232591.crdownload

Filesize
14.7MB

MD5
5f411e09561546143b1cb0145b938c9a

SHA1
791201d37dad63027b8e9ca155ec3fb3abd1e23e

SHA256
b49d28de218f87375945ffe0ff32605e2653b2c2a52fdc1084108358d97acca6

SHA512
5356609db144374d7f88bdadb853dabb3dad737d84f8477370d1b70fe6cf106a6200f8d04d2b79a0b649b63b676d03ee509d1845b818135e26915aee6af82264

Download Submit
memory/1508-634-0x0000022290180000-0x0000022290181000-memory.dmp

Filesize
4KB

Download
memory/1508-633-0x0000022290180000-0x0000022290181000-memory.dmp

Filesize
4KB

Download
memory/1508-632-0x0000022290180000-0x0000022290181000-memory.dmp

Filesize
4KB

Download
memory/1508-637-0x00000222901E0000-0x00000222901E2000-memory.dmp

Filesize
8KB

Download
memory/1508-636-0x00000222901E0000-0x00000222901E2000-memory.dmp

Filesize
8KB

Download
memory/1508-635-0x00000222901E0000-0x00000222901E2000-memory.dmp

Filesize
8KB

Download
memory/1508-673-0x0000022299550000-0x0000022299689000-memory.dmp

Filesize
1.2MB

Download
memory/1508-672-0x0000022290610000-0x00000222907DD000-memory.dmp

Filesize
1.8MB

Download