hxxps://sites[.]google[.]com/view/ulpackmnnz/главная-страница?authuser=0

Resubmissions

28-06-2024 20:45

240628-zjx55s1gqg 8

28-06-2024 20:44

240628-zh79qa1gnd 6

Analysis

max time kernel
630s
max time network
573s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
28-06-2024 20:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://sites.google.com/view/ulpackmnnz/главная-страница?authuser=0

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 6 IoCs

pid	Process
8964	7z2407.exe
5776	LC Launcher Setup.exe
1764	LC Launcher Setup.exe
3652	LC Launcher Setup.exe
3992	LC Launcher Setup.exe
812	LC Launcher Setup.exe

Loads dropped DLL 5 IoCs

pid	Process
5776	LC Launcher Setup.exe
1764	LC Launcher Setup.exe
3652	LC Launcher Setup.exe
3992	LC Launcher Setup.exe
812	LC Launcher Setup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
6	sites.google.com
8	sites.google.com

Suspicious use of SetThreadContext 5 IoCs

description	pid	Process	procid_target
PID 5776 set thread context of 7928	5776	LC Launcher Setup.exe	209
PID 1764 set thread context of 8996	1764	LC Launcher Setup.exe	213
PID 3652 set thread context of 7812	3652	LC Launcher Setup.exe	216
PID 3992 set thread context of 6196	3992	LC Launcher Setup.exe	219
PID 812 set thread context of 8596	812	LC Launcher Setup.exe	225

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\br.txt	7z2407.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\fy.txt	7z2407.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\az.txt	7z2407.exe
File created	C:\Program Files (x86)\7-Zip\Lang\ru.txt	7z2407.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\sq.txt	7z2407.exe
File created	C:\Program Files (x86)\7-Zip\Lang\sr-spl.txt	7z2407.exe
File created	C:\Program Files (x86)\7-Zip\Lang\mng2.txt	7z2407.exe
File created	C:\Program Files (x86)\7-Zip\Lang\ro.txt	7z2407.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\ug.txt	7z2407.exe
File created	C:\Program Files (x86)\7-Zip\Lang\ga.txt	7z2407.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\ky.txt	7z2407.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\ga.txt	7z2407.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\ta.txt	7z2407.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\ms.txt	7z2407.exe
File created	C:\Program Files (x86)\7-Zip\Lang\et.txt	7z2407.exe
File created	C:\Program Files (x86)\7-Zip\7-zip.chm	7z2407.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\mk.txt	7z2407.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\ru.txt	7z2407.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\zh-cn.txt	7z2407.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\sw.txt	7z2407.exe
File created	C:\Program Files (x86)\7-Zip\Lang\th.txt	7z2407.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\yo.txt	7z2407.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\be.txt	7z2407.exe
File created	C:\Program Files (x86)\7-Zip\Lang\lij.txt	7z2407.exe
File created	C:\Program Files (x86)\7-Zip\Lang\pl.txt	7z2407.exe
File created	C:\Program Files (x86)\7-Zip\Lang\sl.txt	7z2407.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\sr-spc.txt	7z2407.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\ba.txt	7z2407.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\gl.txt	7z2407.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\ps.txt	7z2407.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\mng2.txt	7z2407.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\ro.txt	7z2407.exe
File created	C:\Program Files (x86)\7-Zip\Lang\sr-spc.txt	7z2407.exe
File created	C:\Program Files (x86)\7-Zip\Lang\nl.txt	7z2407.exe
File created	C:\Program Files (x86)\7-Zip\7z.exe	7z2407.exe
File created	C:\Program Files (x86)\7-Zip\Lang\an.txt	7z2407.exe
File created	C:\Program Files (x86)\7-Zip\Lang\bg.txt	7z2407.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\cy.txt	7z2407.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\de.txt	7z2407.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\it.txt	7z2407.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\sl.txt	7z2407.exe
File created	C:\Program Files (x86)\7-Zip\7z.sfx	7z2407.exe
File created	C:\Program Files (x86)\7-Zip\Lang\sk.txt	7z2407.exe
File created	C:\Program Files (x86)\7-Zip\Lang\sv.txt	7z2407.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\tt.txt	7z2407.exe
File created	C:\Program Files (x86)\7-Zip\Lang\yo.txt	7z2407.exe
File created	C:\Program Files (x86)\7-Zip\Lang\eo.txt	7z2407.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\pt.txt	7z2407.exe
File opened for modification	C:\Program Files (x86)\7-Zip\7-zip.chm	7z2407.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\en.ttt	7z2407.exe
File created	C:\Program Files (x86)\7-Zip\Lang\ky.txt	7z2407.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\mn.txt	7z2407.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\pt-br.txt	7z2407.exe
File created	C:\Program Files (x86)\7-Zip\Lang\ext.txt	7z2407.exe
File created	C:\Program Files (x86)\7-Zip\Lang\ku-ckb.txt	7z2407.exe
File created	C:\Program Files (x86)\7-Zip\Lang\pa-in.txt	7z2407.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\th.txt	7z2407.exe
File opened for modification	C:\Program Files (x86)\7-Zip\7zFM.exe	7z2407.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\va.txt	7z2407.exe
File opened for modification	C:\Program Files (x86)\7-Zip\License.txt	7z2407.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\kk.txt	7z2407.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\uk.txt	7z2407.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\fi.txt	7z2407.exe
File created	C:\Program Files (x86)\7-Zip\Lang\ko.txt	7z2407.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133640811441565168"	chrome.exe

Modifies registry class 16 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip	7z2407.exe
Key created	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings	chrome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2407.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2407.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2407.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2407.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2407.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2407.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2407.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip	7z2407.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip	7z2407.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip	7z2407.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2407.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2407.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files (x86)\\7-Zip\\7-zip.dll"	7z2407.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip	7z2407.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
6584	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
448	chrome.exe
448	chrome.exe
4560	chrome.exe
4560	chrome.exe
7928	MSBuild.exe
7928	MSBuild.exe
7928	MSBuild.exe
7928	MSBuild.exe
7928	MSBuild.exe
7928	MSBuild.exe
7928	MSBuild.exe
7928	MSBuild.exe
7928	MSBuild.exe
7928	MSBuild.exe
7928	MSBuild.exe
7928	MSBuild.exe
7928	MSBuild.exe
7928	MSBuild.exe
7928	MSBuild.exe
7928	MSBuild.exe
7928	MSBuild.exe
7928	MSBuild.exe
7928	MSBuild.exe
7928	MSBuild.exe
7928	MSBuild.exe
7928	MSBuild.exe
7928	MSBuild.exe
7928	MSBuild.exe
7928	MSBuild.exe
7928	MSBuild.exe
7928	MSBuild.exe
7928	MSBuild.exe
7928	MSBuild.exe
7928	MSBuild.exe
7928	MSBuild.exe
7928	MSBuild.exe
7928	MSBuild.exe
7928	MSBuild.exe
7928	MSBuild.exe
7928	MSBuild.exe
7928	MSBuild.exe
7928	MSBuild.exe
7928	MSBuild.exe
7928	MSBuild.exe
7928	MSBuild.exe
7928	MSBuild.exe
7928	MSBuild.exe
7928	MSBuild.exe
7928	MSBuild.exe
7928	MSBuild.exe
7928	MSBuild.exe
7928	MSBuild.exe
7928	MSBuild.exe
7928	MSBuild.exe
7928	MSBuild.exe
7928	MSBuild.exe
7928	MSBuild.exe
7928	MSBuild.exe
7928	MSBuild.exe
7928	MSBuild.exe
7928	MSBuild.exe
7928	MSBuild.exe
7928	MSBuild.exe
7928	MSBuild.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 60 IoCs

pid	Process
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	448	chrome.exe
Token: SeCreatePagefilePrivilege	448	chrome.exe
Token: SeShutdownPrivilege	448	chrome.exe
Token: SeCreatePagefilePrivilege	448	chrome.exe
Token: SeShutdownPrivilege	448	chrome.exe
Token: SeCreatePagefilePrivilege	448	chrome.exe
Token: SeShutdownPrivilege	448	chrome.exe
Token: SeCreatePagefilePrivilege	448	chrome.exe
Token: SeShutdownPrivilege	448	chrome.exe
Token: SeCreatePagefilePrivilege	448	chrome.exe
Token: SeShutdownPrivilege	448	chrome.exe
Token: SeCreatePagefilePrivilege	448	chrome.exe
Token: SeShutdownPrivilege	448	chrome.exe
Token: SeCreatePagefilePrivilege	448	chrome.exe
Token: SeShutdownPrivilege	448	chrome.exe
Token: SeCreatePagefilePrivilege	448	chrome.exe
Token: SeShutdownPrivilege	448	chrome.exe
Token: SeCreatePagefilePrivilege	448	chrome.exe
Token: SeShutdownPrivilege	448	chrome.exe
Token: SeCreatePagefilePrivilege	448	chrome.exe
Token: SeShutdownPrivilege	448	chrome.exe
Token: SeCreatePagefilePrivilege	448	chrome.exe
Token: SeShutdownPrivilege	448	chrome.exe
Token: SeCreatePagefilePrivilege	448	chrome.exe
Token: SeShutdownPrivilege	448	chrome.exe
Token: SeCreatePagefilePrivilege	448	chrome.exe
Token: SeShutdownPrivilege	448	chrome.exe
Token: SeCreatePagefilePrivilege	448	chrome.exe
Token: SeShutdownPrivilege	448	chrome.exe
Token: SeCreatePagefilePrivilege	448	chrome.exe
Token: SeShutdownPrivilege	448	chrome.exe
Token: SeCreatePagefilePrivilege	448	chrome.exe
Token: SeShutdownPrivilege	448	chrome.exe
Token: SeCreatePagefilePrivilege	448	chrome.exe
Token: SeShutdownPrivilege	448	chrome.exe
Token: SeCreatePagefilePrivilege	448	chrome.exe
Token: SeShutdownPrivilege	448	chrome.exe
Token: SeCreatePagefilePrivilege	448	chrome.exe
Token: SeShutdownPrivilege	448	chrome.exe
Token: SeCreatePagefilePrivilege	448	chrome.exe
Token: SeShutdownPrivilege	448	chrome.exe
Token: SeCreatePagefilePrivilege	448	chrome.exe
Token: SeShutdownPrivilege	448	chrome.exe
Token: SeCreatePagefilePrivilege	448	chrome.exe
Token: SeShutdownPrivilege	448	chrome.exe
Token: SeCreatePagefilePrivilege	448	chrome.exe
Token: SeShutdownPrivilege	448	chrome.exe
Token: SeCreatePagefilePrivilege	448	chrome.exe
Token: SeShutdownPrivilege	448	chrome.exe
Token: SeCreatePagefilePrivilege	448	chrome.exe
Token: SeShutdownPrivilege	448	chrome.exe
Token: SeCreatePagefilePrivilege	448	chrome.exe
Token: SeShutdownPrivilege	448	chrome.exe
Token: SeCreatePagefilePrivilege	448	chrome.exe
Token: SeShutdownPrivilege	448	chrome.exe
Token: SeCreatePagefilePrivilege	448	chrome.exe
Token: SeShutdownPrivilege	448	chrome.exe
Token: SeCreatePagefilePrivilege	448	chrome.exe
Token: SeShutdownPrivilege	448	chrome.exe
Token: SeCreatePagefilePrivilege	448	chrome.exe
Token: SeShutdownPrivilege	448	chrome.exe
Token: SeCreatePagefilePrivilege	448	chrome.exe
Token: SeShutdownPrivilege	448	chrome.exe
Token: SeCreatePagefilePrivilege	448	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe

Suspicious use of SendNotifyMessage 40 IoCs

pid	Process
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
8964	7z2407.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 448 wrote to memory of 3480	448	chrome.exe	84
PID 448 wrote to memory of 3480	448	chrome.exe	84
PID 448 wrote to memory of 1556	448	chrome.exe	85
PID 448 wrote to memory of 1556	448	chrome.exe	85
PID 448 wrote to memory of 1556	448	chrome.exe	85
PID 448 wrote to memory of 1556	448	chrome.exe	85
PID 448 wrote to memory of 1556	448	chrome.exe	85
PID 448 wrote to memory of 1556	448	chrome.exe	85
PID 448 wrote to memory of 1556	448	chrome.exe	85
PID 448 wrote to memory of 1556	448	chrome.exe	85
PID 448 wrote to memory of 1556	448	chrome.exe	85
PID 448 wrote to memory of 1556	448	chrome.exe	85
PID 448 wrote to memory of 1556	448	chrome.exe	85
PID 448 wrote to memory of 1556	448	chrome.exe	85
PID 448 wrote to memory of 1556	448	chrome.exe	85
PID 448 wrote to memory of 1556	448	chrome.exe	85
PID 448 wrote to memory of 1556	448	chrome.exe	85
PID 448 wrote to memory of 1556	448	chrome.exe	85
PID 448 wrote to memory of 1556	448	chrome.exe	85
PID 448 wrote to memory of 1556	448	chrome.exe	85
PID 448 wrote to memory of 1556	448	chrome.exe	85
PID 448 wrote to memory of 1556	448	chrome.exe	85
PID 448 wrote to memory of 1556	448	chrome.exe	85
PID 448 wrote to memory of 1556	448	chrome.exe	85
PID 448 wrote to memory of 1556	448	chrome.exe	85
PID 448 wrote to memory of 1556	448	chrome.exe	85
PID 448 wrote to memory of 1556	448	chrome.exe	85
PID 448 wrote to memory of 1556	448	chrome.exe	85
PID 448 wrote to memory of 1556	448	chrome.exe	85
PID 448 wrote to memory of 1556	448	chrome.exe	85
PID 448 wrote to memory of 1556	448	chrome.exe	85
PID 448 wrote to memory of 1556	448	chrome.exe	85
PID 448 wrote to memory of 1556	448	chrome.exe	85
PID 448 wrote to memory of 436	448	chrome.exe	86
PID 448 wrote to memory of 436	448	chrome.exe	86
PID 448 wrote to memory of 1868	448	chrome.exe	87
PID 448 wrote to memory of 1868	448	chrome.exe	87
PID 448 wrote to memory of 1868	448	chrome.exe	87
PID 448 wrote to memory of 1868	448	chrome.exe	87
PID 448 wrote to memory of 1868	448	chrome.exe	87
PID 448 wrote to memory of 1868	448	chrome.exe	87
PID 448 wrote to memory of 1868	448	chrome.exe	87
PID 448 wrote to memory of 1868	448	chrome.exe	87
PID 448 wrote to memory of 1868	448	chrome.exe	87
PID 448 wrote to memory of 1868	448	chrome.exe	87
PID 448 wrote to memory of 1868	448	chrome.exe	87
PID 448 wrote to memory of 1868	448	chrome.exe	87
PID 448 wrote to memory of 1868	448	chrome.exe	87
PID 448 wrote to memory of 1868	448	chrome.exe	87
PID 448 wrote to memory of 1868	448	chrome.exe	87
PID 448 wrote to memory of 1868	448	chrome.exe	87
PID 448 wrote to memory of 1868	448	chrome.exe	87
PID 448 wrote to memory of 1868	448	chrome.exe	87
PID 448 wrote to memory of 1868	448	chrome.exe	87
PID 448 wrote to memory of 1868	448	chrome.exe	87
PID 448 wrote to memory of 1868	448	chrome.exe	87
PID 448 wrote to memory of 1868	448	chrome.exe	87
PID 448 wrote to memory of 1868	448	chrome.exe	87
PID 448 wrote to memory of 1868	448	chrome.exe	87
PID 448 wrote to memory of 1868	448	chrome.exe	87
PID 448 wrote to memory of 1868	448	chrome.exe	87
PID 448 wrote to memory of 1868	448	chrome.exe	87
PID 448 wrote to memory of 1868	448	chrome.exe	87
PID 448 wrote to memory of 1868	448	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://sites.google.com/view/ulpackmnnz/главная-страница?authuser=0
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffca75ab58,0x7fffca75ab68,0x7fffca75ab78
  2⤵
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1604 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:2
  2⤵
  PID:1556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:8
  2⤵
  PID:436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2216 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:8
  2⤵
  PID:1868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2148 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:1
  2⤵
  PID:2388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3092 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:1
  2⤵
  PID:2924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4636 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:8
  2⤵
  PID:1708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4420 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:8
  2⤵
  PID:3200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4776 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4220 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:8
  2⤵
  PID:2448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5616 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5008 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5724 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4760 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4424 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5924 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:1
  2⤵
  PID:5316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6056 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:1
  2⤵
  PID:5324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5176 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:1
  2⤵
  PID:5344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6264 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:1
  2⤵
  PID:5360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6396 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:1
  2⤵
  PID:5368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6540 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:1
  2⤵
  PID:5380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6584 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:1
  2⤵
  PID:5388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6592 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:1
  2⤵
  PID:5396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=7192 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:1
  2⤵
  PID:5980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=7344 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:1
  2⤵
  PID:6100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=7552 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=7660 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:1
  2⤵
  PID:3084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=7868 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:1
  2⤵
  PID:2680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=8108 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:1
  2⤵
  PID:6148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=8128 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:1
  2⤵
  PID:6224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=8224 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:1
  2⤵
  PID:6232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=8364 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:1
  2⤵
  PID:6240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=8608 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:1
  2⤵
  PID:6248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=8628 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:1
  2⤵
  PID:6256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=8772 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:1
  2⤵
  PID:6264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=8900 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:1
  2⤵
  PID:6272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=9168 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:1
  2⤵
  PID:6280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=9212 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:1
  2⤵
  PID:6288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=9248 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:1
  2⤵
  PID:6296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=9264 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:1
  2⤵
  PID:6304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=9724 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:1
  2⤵
  PID:6420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=9752 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:1
  2⤵
  PID:6428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=10012 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:1
  2⤵
  PID:6444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=10312 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:1
  2⤵
  PID:6032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=10352 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:1
  2⤵
  PID:6452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=10480 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:1
  2⤵
  PID:7176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=9992 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:1
  2⤵
  PID:7876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=1860 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:1
  2⤵
  PID:7912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=10808 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:1
  2⤵
  PID:7928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=8488 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:1
  2⤵
  PID:8004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=11008 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:1
  2⤵
  PID:8012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=2572 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:1
  2⤵
  PID:6384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=10188 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:1
  2⤵
  PID:6404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=10196 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:1
  2⤵
  PID:2952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=11676 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:1
  2⤵
  PID:7632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=11724 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:1
  2⤵
  PID:8208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=11864 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:1
  2⤵
  PID:8216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=11704 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:1
  2⤵
  PID:8372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=11184 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:1
  2⤵
  PID:8496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=11064 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:1
  2⤵
  PID:8572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=12364 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:1
  2⤵
  PID:8696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=11592 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:1
  2⤵
  PID:9060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=8732 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9164 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:8
  2⤵
  PID:8888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8344 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:8
  2⤵
  PID:7972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=5156 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:1
  2⤵
  PID:5504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=10956 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:1
  2⤵
  PID:5696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8992 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:8
  2⤵
  PID:6136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=10256 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:8
  2⤵
  PID:6456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=11000 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:1
  2⤵
  PID:6752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=8984 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:1
  2⤵
  PID:7844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=12424 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:8
  2⤵
  PID:4824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=11012 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:8
  2⤵
  PID:1760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9396 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:8
  2⤵
  PID:8152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=11420 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:8
  2⤵
  PID:6364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=12032 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:8
  2⤵
  PID:7048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8956 --field-trial-handle=1888,i,4326960804471613222,9199552953643563975,131072 /prefetch:8
  2⤵
  PID:6684
- C:\Users\Admin\Downloads\7z2407.exe
  "C:\Users\Admin\Downloads\7z2407.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:8964

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3088

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:7920

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap27717:84:7zEvent29758
1⤵
PID:6940

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\jre\README.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:6584

C:\Users\Admin\Desktop\LC Launcher Setup.exe
"C:\Users\Admin\Desktop\LC Launcher Setup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
PID:5776
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:7928

C:\Users\Admin\Desktop\LC Launcher Setup.exe
"C:\Users\Admin\Desktop\LC Launcher Setup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
PID:1764
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  PID:8996

C:\Users\Admin\Desktop\LC Launcher Setup.exe
"C:\Users\Admin\Desktop\LC Launcher Setup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
PID:3652
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  PID:7812

C:\Users\Admin\Desktop\LC Launcher Setup.exe
"C:\Users\Admin\Desktop\LC Launcher Setup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
PID:3992
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  PID:6196

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
1⤵
PID:1516

C:\Users\Admin\Desktop\LC Launcher Setup.exe
"C:\Users\Admin\Desktop\LC Launcher Setup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
PID:812
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  PID:8596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\60d3bf33-7886-4b52-b170-37dd2a8756f7.tmp

Filesize
138KB

MD5
2ca2e3eb76266c5a7df78efbd5e3c881

SHA1
0f74324e1f715d6bb87468297bdb0e6855b2e6df

SHA256
739a7e925745fdcb8d1f477746c5b2f9d6512d2f7e2f58fab7f786847269d998

SHA512
5b6a7ada0a8c717d5c1ab0c8e6cfbe77667b8b9439ae1d25f5bb6b741a5d1f2a7b2a4b54a2e8b344f1ec4a9ac2ba4fa4b1b47787168ff038f5cb3e23fa5c3fa3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
efdf336c3d3a1adb92b2ad84b9e0ddf8

SHA1
d12684bf46d8efdc7fe65d72974a64f8cfc83aae

SHA256
a3b64fe67ea4be6fd1cad4f43ab347f08f3c05afd11552101ddc5f80fd3e31cc

SHA512
d47956132f95e0f8c31b0d8e8b23a7748b4fd39b6acf746e65600499bb6dac8bf3ba64843a090e41066de86eadd02aeb9c1ebd3ab9cdee4bd9d7867febbb696e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ac63d21d2fd26ec0bc8184fbe5e29808

SHA1
acf838dbda4cc586967f88102235dc2383f4bef9

SHA256
8e4910a29a4c462b7bac389fdfb61e2fdabc1137777357545cf8f8147ada6b5b

SHA512
b2bd35c48f0f05c68b0fca9b2ed4587e8245c49ad1a47199d83fc02cd6b4becbc2075a4288e60aa8f205a38b4f0635f23d18b558696cffe484b9d5cfb2a8bd50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
a46db4a6cbd375d2eb3806108916984d

SHA1
4e069a11378644c8226b03d266088184a1bd5959

SHA256
50b5eb354cd15b233181d839060f146f0698e7e4a52db8eb50f076345d500b8e

SHA512
445efb1e25373c21c2f36fbe7e404407635c13e65e6a01432327d270b498bb472d8b930dd7dbe3854f7e6a04fcdd7a1f435295ec9c337f74bbfba371c696800c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
21KB

MD5
b0178c42cd2fec0a135de2e775b9d835

SHA1
2f09c3afc4855cb79f81cb673cec8585cca68d78

SHA256
60d8aeb0a77e5ae0f17266589713a5dd4176ecabf48d207168177b6ccba5e14e

SHA512
47dd25462459f1b5ec211d29e396a6bd810698de64f7b68dba9ef49f63ee0a7cccc55f611579da28229d1360da8e3c91c27aa715903e8d717efea858b4e494b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
22KB

MD5
25b74d32678a07231b04e94625518d2d

SHA1
b1e2c0bff5046e7615ad76fd44a51c991723c150

SHA256
80866c7e3d781feb16469a0965cbe8387d82ac1ae08ea03a3ce53d00b5c2a3ba

SHA512
ca5cc7ec52e6c466b9de732543da2320c44148469629ada33b3391dd75a7fe70f424d0b25dc740ada2977c026f56729dbfdaa6a3fc48d3d9ebd9a22674023fdb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
20KB

MD5
511fe58c3c975d949d58c2725e0e943c

SHA1
4b2e103026fb51c2c2321e24f70cd791af4274b3

SHA256
f128d8a74dd18d7c96e6dfbcb2e2d4ab72a4cbe47c7325086f9342b95e43fbd9

SHA512
31ecd5c6f5af5ac89a2ad5b6c19e645863231e084e208db9d7bfd50c3676901aac4f86ec1a338910496be573ab307366e33dfd589b07092d616c37fc8db76f5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
97b5c6c65eabc82c2f648212c0c0afcc

SHA1
ae45cad4e3d1cf0dee4d64cc7b958c30973250fa

SHA256
ac62b3d860972f77d2c26bb1c75e15f252541f15976357023d02a7712ed62a54

SHA512
246bb8a363392c3f0c2819b1da8fddd6ad1085470e5a94668d26884c6c061ac2ad1c5a3b6c7af51e6d0b56618d6ffeccf705c6f70f86d259ec60327cd6800a64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
786b6f6436240bad58979e4eeb286945

SHA1
2c0b14267f786e93f6098a617c08c13917f41a9f

SHA256
c5aef5eeddc96e2cb1e1313b45e7122cf2a1cc27977cdb459b49c9d4816e7b31

SHA512
0b9c2f6838b17d85ab4c9020065e47b9aed2b613e0e5d5c3bf01f23588a0fe608f24099f81406bdc4cf52e0fc79357709a8f7d08cf427c9d2e33bff8d81a8350

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
cd7d36946056dc74885269ec5737b1b7

SHA1
5cb8b5f3fd0b9aa5ce351b13496b57580ba05a5e

SHA256
3913da99ab0b6bfb343d9f79c4002d703db80f2ceead50f85992e93136ef9477

SHA512
0bf212afc6e8a76b64903a9949cc8fd821e1742a8e9e0ce20466e9c627d6fe8ea8457ea09593fe67499e45e8e744731ab79f032a04ba7969d9129de3cf32deeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
8614bebe4a6d69fb934bcd3d86648f49

SHA1
f86e639cf039f27c7c380bfd627463a1b75f075b

SHA256
bf646f62b7a383f801875a6b7a6521ab2dd216884ba4588c28245b96ac6ddc87

SHA512
a220df5b98e24eff27d2abcbd1947f1f4ce34d892509f241428f1e567b8ca8739b2d370efc43d98a0c7ce3ef0d673e419e5b0e59bc31658aa3cbf077bd571e08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
cf2e03e2c8a161116916ecd5b6d81d7b

SHA1
9f71c28521d8e38804dbcf09f41f4ab8742b0511

SHA256
1d5b4bdfab3017ebd38f14e7637c14b032364103671bdd19bb6b2bb55e56463f

SHA512
cfa17e5a654acb0fe3a5672018701c6aebcc220d23a79351e25c4025519859e670836798329b5b18ab2ca9982fee5483388be5cfa6c9f6d9949d7cad24221f28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
0d1ee310846e8bf69432d52e133807aa

SHA1
d09ee8045b17312c268ad9c36fe4a6c24ce4dd14

SHA256
ef53e506aac3bba68a634ba91bddad812bbc81227a82cc29fd850896046064cc

SHA512
dc2e5ceb544f034309be42b4a7d192fe04c251dc95e9f925effcaee95e0a612eecada9f6beeec7a825888415d8a8e05a600fa1562e41c384f024a35ee2060471

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
206372e8d45f3aa7f65e3496e1a2660e

SHA1
2ed6b96ac646403815dcff3085625ebf94e5ba5d

SHA256
fceb2fb51f812a9e91ea587879e1a7c24528dec2d70f72d291090b42ea658268

SHA512
b3e02a04cbfa837b39c7f943f359fc47a51014bfd8e2aa3074156c7da08aaed9cd35064aca38abb0aaf84f0936ddb2678d007155ef53d64acfac1654eec5143e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f2766195eb94bb32e955873e7988a23f

SHA1
b80715b9e62b6193db0d85f2aa09cff63861eb2c

SHA256
747ede6da907ce7554a15b4507efe9bcd833279bf26934daedfcbc23fcfa2f9e

SHA512
faeefcebd7cdd28b3d607c03264a58a7576dac46f4d756cbd7dcbc0a87d3288c73e734308216eb5118a25e48375841694d0b25aeccc45c65ac063c0bf6481cc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
df6ee47ade95055a577e5ee767266d9c

SHA1
e304a8f5431c7cb6518ef8b2cb5685cb4db0626a

SHA256
b6689413a3cf72363146d7d0a21f36b73146f8cb1c3d8054629d7c1e35836eeb

SHA512
207e7d3e1cae1552b58be0d87de3e957e3b9d464ac08dfd0939fdae376468968ecc5a18ce73fb9a731dced23e6f9ffe32b837a7db80cddf4ec5bc941c4268350

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
157ff0141758517b834952f5a8edaa4b

SHA1
b2bd558221f3abcf2e374f2101b3ccf0b673b5c9

SHA256
4cab5c843d30a112e89cbd12c1d764fcaa7950ff95403e99a67efd5e1c7c762c

SHA512
c9ceed3259967dab3c3cf77d528b3ffe5b40cb06e8c102d844c222420b5dd13414de281f1fa2a1c29d0cf56513b0ac6775c2507c67d0cf8c2f242f357d87a6ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
2ccce5c621e74478fa152fba9e0abb45

SHA1
2f40d67c8f0408d3bf8ad3bfc47f60b44530df08

SHA256
0e13dccd52b252b20ebd513455b8a615004b03bfcdf90fd20ecc1f0ade49ba71

SHA512
4fd3f32963d4cfb2b7d746bd35c38f2d006f82c96a6eadcf754c4ebe4ae757615aee8cca462848ab6d4e3ccb450371fb227f51bc88eef42be4e17c1a705d462a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e0ffbbc6aa55c4dc6810cd46dee8d40b

SHA1
6b7f0db0f40936792c398f7b403380690f3fb410

SHA256
bdc1dc98f8aba6fa01a162c6c38781d479b548c42b7b4c44173ca0da22cc2ec9

SHA512
3be1f5d6a812e22fac1dda1a6004d2644685e6b531fcb604f77e7e3ce255b6e016033f65280022cc25272b50335a42b318d267bae87cb3478bd737046d570af4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
37a4bcbd74a2fcb0629dbd4ef1fcdfee

SHA1
bb34721ffadc616f5b9a3357f9aa174e5884c92d

SHA256
eaf3bc5cbcfdb59316069528444d99eb473b7a04a0e78bb696e4c146b65f54a9

SHA512
a1d7b96878d0ab7fea3d3f463cd14b18726103dcfa46af8964aefcae0d80d978d9bcb733d6c7208c2114d47491e13231a2a98f262c6d52567d75a8b9ce098de3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
b086aea186492abb03a5d238a36fdaf4

SHA1
1d3ca0872480dba0210f386331aea7a7181b02d8

SHA256
9eba02a716cca2b19721f79950f23b9b525d525388b8b68fbc9211332eac18c3

SHA512
7f893d12183ef7b0888324f26893b65a9bc098f39bcb33ef6e516046338242fb7eaf551183a23eb300d47add1c8095d87c3e3365a8aa654b1049bcd5aab7d678

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
6d51b61c5211715244827fb10a4ee69b

SHA1
b162e001b458f4d3bfd8f1f1c7799da9352b4a94

SHA256
a691686f9e192cc27e851c7d322fbe607eebea6011fbacf29ef1ad0fa2594827

SHA512
07f53224878c92f7a8cc5ba056fd3f18bb22f4b606c59f7b6de9a217b39a6f0d84207a2f525a60ff36bd8356b5f15981bddb532e759b333eefdb51ff3dc07c92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
041eeb40ab2d036993ffc94a8709baae

SHA1
59b3cd9f0861cfe88125e1af11c5d8517e17c6ef

SHA256
4e659c7e0fd3b87a9762024132b5e86c586c2b796159107001d4e266ed2a68bc

SHA512
39b360b03ec163031db7df905e2f2f8d3ba0b964097e5c75e62e70b491fd0999c59cfd1940dd4b96dfe95bbcfbd5ba2708c7f507b7ff05fed2a8f7be0a1ab63b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
39e43bd97030ef81bfc3de103ed38260

SHA1
ab6f71b2a817db053fe00e9b6dda2dc79bedb566

SHA256
1a751bc15d6f67e9560d6f03dbc687d4fa4ea7e5d8a29be203e2d306a7d7781e

SHA512
e0652814facdef1354d3ed9e1d13bbaa5a88c24937b82e69bbf265d205bacbd96b509c56422ecc55e71be826a64e08207bd4bb59a9f1eaeab14657524ca1ff05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
96KB

MD5
24e61e9599e59a7a65495d353179debb

SHA1
9be588efb6b190305e52938d8f024be3f9378280

SHA256
966f4d1a2713a980a780dc39d44e02f6ccc2701eb850ee803ea8613d8c20ab26

SHA512
23ab0842181bd1ac59e13bec539ccc6031de1dd7665d5d4828603f565a00fc17f6d3ed1154bfdfac9fec3664ba071fee2ed4e67f43fbd35979b37d98917a32af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
104KB

MD5
a4147b65f878e05e22a86c9e151871e1

SHA1
5e6df3c97e67c7055982a9b664eb25c748401130

SHA256
90ac511e32cc6fea86cf39cf8d9a01c6a6f2586330d5c14320a6858135c6e13b

SHA512
6ae7528e14b85cc4a26a23a6a45d0a4ea199c29ae86ba274bb20780906f8e1c8fcfddc133188869c07f4ae9519a8fee3d76f7de48db979ad0f493aaae7649759

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57d438.TMP

Filesize
91KB

MD5
7778392f670a9a518a4d653388a91793

SHA1
0169290d19ebfc171f888f31b560533c2be58356

SHA256
e19f4de81ab9feac5e8ffaa8e9828f0e9be99da6c5902c75a445b346ab22798a

SHA512
99c368af6f90a08b6b835692d84c68c4cc76e9e681a91057cb1409b2453822a869662945360e5b7bb3047202ee238e8a7d948ff2e04787c2c5f2e0e2e2da5488

Download Submit
C:\Users\Admin\AppData\Roaming\d3d9.dll

Filesize
594KB

MD5
6fd42b5cf40c277b5a45a9d0f0b2480f

SHA1
954191e8fee5c0374170f584b1cbb66c5aa485f9

SHA256
213dd4c9638d77fe605f749dbf218863f769f381eb4f4934693b991079ee6df1

SHA512
d7ba3cbc3a7cbd167be9673a336a70cdc4e7946dfb635aa628c0952e00c4cc42e12aa3dfb088b93409ae830766df54c338a09d368c19391e47d7db4cf7b1c2ba

Download Submit
C:\Users\Admin\Desktop\jre\doc\bin\msvcr100.dll

Filesize
755KB

MD5
bf38660a9125935658cfa3e53fdc7d65

SHA1
0b51fb415ec89848f339f8989d323bea722bfd70

SHA256
60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa

SHA512
25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1

Download Submit
C:\Users\Admin\Desktop\jre\doc\lib\images\cursors\win32_LinkNoDrop32x32.gif

Filesize
153B

MD5
1e9d8f133a442da6b0c74d49bc84a341

SHA1
259edc45b4569427e8319895a444f4295d54348f

SHA256
1a1d3079d49583837662b84e11d8c0870698511d9110e710eb8e7eb20df7ae3b

SHA512
63d6f70c8cab9735f0f857f5bf99e319f6ae98238dc7829dd706b7d6855c70be206e32e3e55df884402483cf8bebad00d139283af5c0b85dc1c5bf8f253acd37

Download Submit
C:\Users\Admin\Desktop\jre\lib\deploy\messages_zh_HK.properties

Filesize
3KB

MD5
4287d97616f708e0a258be0141504beb

SHA1
5d2110cabbbc0f83a89aec60a6b37f5f5ad3163e

SHA256
479dc754bd7bff2c9c35d2e308b138eef2a1a94cf4f0fc6ccd529df02c877dc7

SHA512
f273f8d501c5d29422257733624b5193234635bd24b444874e38d8d823d728d935b176579d5d1203451c0ce377c57ed7eb3a9ce9adcb3bb591024c3b7ee78dcd

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 952683.crdownload

Filesize
1.3MB

MD5
3f6d2cef65fe49a38190781a0cb46707

SHA1
6132b1cbb8b81a587d3eda3c9ac3a1c434fb13b0

SHA256
151261d221ba0f6120c7f16700ab0724b92ff3230f05a89ef15dbcd8198678bb

SHA512
731b8fe2c578444ce859bf2061c342b13716e49647d99517358b69740e2f6e49d751474c241f25381b0e194defc2af9fe0f434aedd3bd96aa39cbd19dd457a58

Download Submit
memory/5776-1767-0x0000000000BE0000-0x0000000000C54000-memory.dmp

Filesize
464KB

Download
memory/5776-1768-0x0000000002F80000-0x0000000002F86000-memory.dmp

Filesize
24KB

Download
memory/7928-1776-0x0000000005190000-0x0000000005734000-memory.dmp

Filesize
5.6MB

Download
memory/7928-1783-0x0000000007E00000-0x0000000007E4C000-memory.dmp

Filesize
304KB

Download
memory/7928-1778-0x0000000004B50000-0x0000000004B5A000-memory.dmp

Filesize
40KB

Download
memory/7928-1779-0x00000000081C0000-0x00000000087D8000-memory.dmp

Filesize
6.1MB

Download
memory/7928-1780-0x0000000007CF0000-0x0000000007DFA000-memory.dmp

Filesize
1.0MB

Download
memory/7928-1781-0x0000000007C30000-0x0000000007C42000-memory.dmp

Filesize
72KB

Download
memory/7928-1782-0x0000000007C90000-0x0000000007CCC000-memory.dmp

Filesize
240KB

Download
memory/7928-1777-0x0000000004A80000-0x0000000004B12000-memory.dmp

Filesize
584KB

Download
memory/7928-1784-0x0000000008A50000-0x0000000008AB6000-memory.dmp

Filesize
408KB

Download
memory/7928-1785-0x0000000008D40000-0x0000000008DB6000-memory.dmp

Filesize
472KB

Download
memory/7928-1786-0x0000000008CC0000-0x0000000008CDE000-memory.dmp

Filesize
120KB

Download
memory/7928-1787-0x0000000009BE0000-0x0000000009DA2000-memory.dmp

Filesize
1.8MB

Download
memory/7928-1788-0x000000000A2E0000-0x000000000A80C000-memory.dmp

Filesize
5.2MB

Download
memory/7928-1774-0x0000000000510000-0x000000000058C000-memory.dmp

Filesize
496KB

Download