880c660c294b6a8cecfd83182de82154b75ae2fcd723d34bd498e05771a2efb2

Resubmissions

02-07-2024 05:30

240702-f7gzaayakh 10

02-07-2024 05:27

240702-f5tv3axhna 9

02-07-2024 05:22

240702-f2njwa1gnq 9

Analysis

max time kernel
59s
max time network
148s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
02-07-2024 05:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Heist Editor.exe
Size

7.7MB
MD5

2324a543219161cd967a7c62595ab445
SHA1

c5cb01869eb85be735592d20f584ce478e868624
SHA256

880c660c294b6a8cecfd83182de82154b75ae2fcd723d34bd498e05771a2efb2
SHA512

47a28ccb2285ef4eb4956e820049a2725c786a36bf9bec8e755ce414899e9540e8df1ebd5d715e2863fe2d447d701044391149b0edfe9b4c8b0316e0078a8173
SSDEEP

196608:Su0t9MU87PZx1xYeMJhM0m7vWMBu6xi6HV5n:SuEAPZFYeMJhM0m7rPk6H7

Score

9^/10

evasion themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
evasion

Query Registry
T1012

Virtualization/Sandbox Evasion
T1497

Processes:

Heist Editor.exe

description ioc process

Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Heist Editor.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Heist Editor.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Heist Editor.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Heist Editor.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Heist Editor.exe

Themida packer 11 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
behavioral1/memory/2416-0-0x000000013F420000-0x00000001406F6000-memory.dmp	themida
behavioral1/memory/2416-2-0x000000013F420000-0x00000001406F6000-memory.dmp	themida
behavioral1/memory/2416-3-0x000000013F420000-0x00000001406F6000-memory.dmp	themida
behavioral1/memory/2416-4-0x000000013F420000-0x00000001406F6000-memory.dmp	themida
behavioral1/memory/2416-5-0x000000013F420000-0x00000001406F6000-memory.dmp	themida
behavioral1/memory/2416-7-0x000000013F420000-0x00000001406F6000-memory.dmp	themida
behavioral1/memory/2416-8-0x000000013F420000-0x00000001406F6000-memory.dmp	themida
behavioral1/memory/2416-6-0x000000013F420000-0x00000001406F6000-memory.dmp	themida
behavioral1/memory/2416-9-0x000000013F420000-0x00000001406F6000-memory.dmp	themida
behavioral1/memory/2416-10-0x000000013F420000-0x00000001406F6000-memory.dmp	themida
behavioral1/memory/2416-22-0x000000013F420000-0x00000001406F6000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 1 IoCs
evasion trojan

System Information Discovery
T1082

Processes:

Heist Editor.exe

description ioc process

Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA Heist Editor.exe
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes:

Heist Editor.exe

pid process

2416 Heist Editor.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Heist Editor.exe

pid	process
2416	Heist Editor.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

Processes:

explorer.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies registry class 44 IoCs

Processes:

explorer.exe

description	ioc	process
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\ShowCmd = "1"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 7400310000000000a8587a811100557365727300600008000400efbeee3a851aa8587a812a000000e601000000000100000000000000000036000000000055007300650072007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003300000014000000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 00000000ffffffff	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Rev = "0"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\NodeSlot = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\HotKey = "0"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WFlags = "0"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616209"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 4c00310000000000e2587d2b100041646d696e00380008000400efbea8587a81e2587d2b2a00000030000000000004000000000000000000000000000000410064006d0069006e00000014000000	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid = "{137E7700-3573-11CF-AE69-08002B2E1262}"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 19002f433a5c000000000000000000000000000000000000000000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	explorer.exe

Opens file in notepad (likely ransom note) 1 IoCs
ransomware

Processes:

notepad.exe

pid process

2252 notepad.exe
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

2524 chrome.exe
2524 chrome.exe

pid	process
2252	notepad.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

Processes:

chrome.exe

pid	process
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

chrome.exe

pid	process
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

Heist Editor.exe

pid process

2416 Heist Editor.exe
2416 Heist Editor.exe

pid	process
2416	Heist Editor.exe
2416	Heist Editor.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Heist Editor.execmd.execmd.exechrome.exe

description	pid	process	target process
PID 2416 wrote to memory of 292	2416	Heist Editor.exe	cmd.exe
PID 2416 wrote to memory of 292	2416	Heist Editor.exe	cmd.exe
PID 2416 wrote to memory of 292	2416	Heist Editor.exe	cmd.exe
PID 292 wrote to memory of 1304	292	cmd.exe	explorer.exe
PID 292 wrote to memory of 1304	292	cmd.exe	explorer.exe
PID 292 wrote to memory of 1304	292	cmd.exe	explorer.exe
PID 2416 wrote to memory of 2736	2416	Heist Editor.exe	cmd.exe
PID 2416 wrote to memory of 2736	2416	Heist Editor.exe	cmd.exe
PID 2416 wrote to memory of 2736	2416	Heist Editor.exe	cmd.exe
PID 2736 wrote to memory of 2252	2736	cmd.exe	notepad.exe
PID 2736 wrote to memory of 2252	2736	cmd.exe	notepad.exe
PID 2736 wrote to memory of 2252	2736	cmd.exe	notepad.exe
PID 2524 wrote to memory of 2544	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 2544	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 2544	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3008	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3008	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3008	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3008	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3008	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3008	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3008	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3008	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3008	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3008	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3008	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3008	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3008	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3008	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3008	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3008	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3008	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3008	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3008	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3008	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3008	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3008	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3008	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3008	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3008	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3008	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3008	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3008	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3008	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3008	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3008	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3008	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3008	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3008	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3008	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3008	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3008	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3008	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3008	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 1628	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 1628	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 1628	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 2580	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 2580	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 2580	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 2580	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 2580	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 2580	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 2580	2524	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\Heist Editor.exe
"C:\Users\Admin\AppData\Local\Temp\Heist Editor.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2416

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c explorer/select,C:\Users\Admin\HELanguage.hel
2⤵
- Suspicious use of WriteProcessMemory
PID:292

C:\Windows\explorer.exe
explorer /select,C:\Users\Admin\HELanguage.hel
3⤵
PID:1304

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start notepad C:\Users\Admin\HELanguage.hel
2⤵
- Suspicious use of WriteProcessMemory
PID:2736

C:\Windows\system32\notepad.exe
notepad C:\Users\Admin\HELanguage.hel
3⤵
- Opens file in notepad (likely ransom note)
PID:2252

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
PID:2652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2524

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef67d9758,0x7fef67d9768,0x7fef67d9778
2⤵
PID:2544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1152 --field-trial-handle=1272,i,7348314863881801997,1388745407780424778,131072 /prefetch:2
2⤵
PID:3008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1508 --field-trial-handle=1272,i,7348314863881801997,1388745407780424778,131072 /prefetch:8
2⤵
PID:1628

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1628 --field-trial-handle=1272,i,7348314863881801997,1388745407780424778,131072 /prefetch:8
2⤵
PID:2580

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2132 --field-trial-handle=1272,i,7348314863881801997,1388745407780424778,131072 /prefetch:1
2⤵
PID:372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2140 --field-trial-handle=1272,i,7348314863881801997,1388745407780424778,131072 /prefetch:1
2⤵
PID:2784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1388 --field-trial-handle=1272,i,7348314863881801997,1388745407780424778,131072 /prefetch:2
2⤵
PID:2472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2740 --field-trial-handle=1272,i,7348314863881801997,1388745407780424778,131072 /prefetch:1
2⤵
PID:296

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3304 --field-trial-handle=1272,i,7348314863881801997,1388745407780424778,131072 /prefetch:8
2⤵
PID:688

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
2⤵
PID:1976

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13ffd7688,0x13ffd7698,0x13ffd76a8
3⤵
PID:536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2824 --field-trial-handle=1272,i,7348314863881801997,1388745407780424778,131072 /prefetch:1
2⤵
PID:2176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3304 --field-trial-handle=1272,i,7348314863881801997,1388745407780424778,131072 /prefetch:1
2⤵
PID:2192

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2496 --field-trial-handle=1272,i,7348314863881801997,1388745407780424778,131072 /prefetch:1
2⤵
PID:3064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3516 --field-trial-handle=1272,i,7348314863881801997,1388745407780424778,131072 /prefetch:1
2⤵
PID:2780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2580 --field-trial-handle=1272,i,7348314863881801997,1388745407780424778,131072 /prefetch:1
2⤵
PID:2688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3732 --field-trial-handle=1272,i,7348314863881801997,1388745407780424778,131072 /prefetch:1
2⤵
PID:1480

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3456 --field-trial-handle=1272,i,7348314863881801997,1388745407780424778,131072 /prefetch:1
2⤵
PID:1256

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2928 --field-trial-handle=1272,i,7348314863881801997,1388745407780424778,131072 /prefetch:1
2⤵
PID:1536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3792 --field-trial-handle=1272,i,7348314863881801997,1388745407780424778,131072 /prefetch:1
2⤵
PID:2292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3324 --field-trial-handle=1272,i,7348314863881801997,1388745407780424778,131072 /prefetch:1
2⤵
PID:2348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=1612 --field-trial-handle=1272,i,7348314863881801997,1388745407780424778,131072 /prefetch:1
2⤵
PID:1304

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1420 --field-trial-handle=1272,i,7348314863881801997,1388745407780424778,131072 /prefetch:8
2⤵
PID:2032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3048 --field-trial-handle=1272,i,7348314863881801997,1388745407780424778,131072 /prefetch:1
2⤵
PID:1624

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:1940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef67d9758,0x7fef67d9768,0x7fef67d9778
2⤵
PID:604

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1160 --field-trial-handle=1368,i,12267224202556399827,442492317892802493,131072 /prefetch:2
2⤵
PID:2332

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1508 --field-trial-handle=1368,i,12267224202556399827,442492317892802493,131072 /prefetch:8
2⤵
PID:304

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1612 --field-trial-handle=1368,i,12267224202556399827,442492317892802493,131072 /prefetch:8
2⤵
PID:2648

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2304 --field-trial-handle=1368,i,12267224202556399827,442492317892802493,131072 /prefetch:1
2⤵
PID:2484

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2324 --field-trial-handle=1368,i,12267224202556399827,442492317892802493,131072 /prefetch:1
2⤵
PID:444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1384 --field-trial-handle=1368,i,12267224202556399827,442492317892802493,131072 /prefetch:2
2⤵
PID:1808

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1460 --field-trial-handle=1368,i,12267224202556399827,442492317892802493,131072 /prefetch:1
2⤵
PID:2608

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\69e21f62-6ee4-472e-8304-9fb36da9b704.tmp

Filesize
140KB

MD5
e8b8afeca7a994fe7df0d8adb6b405f6

SHA1
1c41385ad8266f4498b47560b7e0def9b2c59e9b

SHA256
fa0f19b7b91552f8553ac5e3c230d05fcf9ef77be9c01f5f1f60cd0d2bf2342c

SHA512
ffac87edc04a2d619b1361d27a2f9ebe834e1a1e25195cfe946dd8674cb04031185fce62fee96840dbb33ea05ae4f8a3406f5d26674d0be6f093183323f67afb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
72c8c104a995be18d4523fc3a415c4c7

SHA1
2941caf4bcee7a327b91a6ed0279dd6dc2c92289

SHA256
a95637c551113d259419ed408b7a2f6166c7d2965c915494fbaafd5ffcb31e73

SHA512
9fe1c427a5e164d370929d2ef332ceabc2802395fa537525655dd2c97f02c38b1d087736f59675fb155d517bbab34c1e98f93a126ab29f1efe581c9123475baa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000009.dbtmp

Filesize
16B

MD5
979c29c2917bed63ccf520ece1d18cda

SHA1
65cd81cdce0be04c74222b54d0881d3fdfe4736c

SHA256
b3524365a633ee6d1fa9953638d2867946c515218c497a5ec2dbef7dc44a7c53

SHA512
e38f694fd6ab9f678ae156528230d7a8bfb7b59a13b227f59f9c38ab5617db11ebb6be1276323a905d09c4066a3fe820cf58077ab48bf201f3c467a98516ee7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
df02d9bea71a6007919ef1f0ddc8d51f

SHA1
7fa0cdafa0e1cd455b4ef07634904d67b59835eb

SHA256
f3a085081d08b469eb3478978c86a0e59f196d06e69263b461df4722669bfb54

SHA512
8e54a9f4677c208ac3ee1908634bf33427b12bb383580f26330377c4346eeade99bc775caf2f0e5bee959a3cd59062aa4e3e4f1f69026d59bd63c660aee5e641

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
148KB

MD5
03c3b369031e70480ff80ee099f6e7bc

SHA1
74b6079e4e1fe900afe107c321575c4a4e289bea

SHA256
2011ce6b03de88b7793ae813a3d2b09e48d325613e4e2c7848fa36af77c98df8

SHA512
a39932fc28d446a7c04d7df09fd6ea20709af0f21d984794b54f68667a39ae140f194af6189a4ad91e302cb17708cb48fe58522610075bd2d677ec751c36e23f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
136B

MD5
0ebc3ae1a03323a3e57fe17f8de38659

SHA1
e074b7907954a53372e0f3c337114efae0fb2643

SHA256
8ece35593a847fbf18c36fd5de2b78d80451b8f5d7c81becb02468b0ae9cf715

SHA512
0fec2e76970c332072c0022af87296bf6970355ec02ada059a0838e10add6843531cae4124f61e3c4965abb8fbf4a4d8934ac9a022901e79deca63d1470594c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000006

Filesize
50B

MD5
78c55e45e9d1dc2e44283cf45c66728a

SHA1
88e234d9f7a513c4806845ce5c07e0016cf13352

SHA256
7b69a2bee12703825dc20e7d07292125180b86685d2d1b9fd097df76fc6791ec

SHA512
f2ad4594024871286b98a94223b8e7155c7934ef4ebb55f25a4a485a059f75b572d21bc96e9b48ed394be8a41fe0208f7bfb6e28a79d75640c5b684f0c848fe3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
f90eb4bbe32002c926d69bca75bb3c99

SHA1
ca9f402df1e29d375d1101f4d2241d6f67f55030

SHA256
39160659071125c45886a100373372ea278497a336d4858d24bde2502f228343

SHA512
d5ec1676df67f4ae5ae45deb1ab6b5a7cc3b68663c9aaddd0c07cf0718f79df44c0dd79ad345fbf912f1234f8cfd3f65e0ea0add8492947f6c40ee961a994772

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
b815baa165c633ab9d2d7e08c012da60

SHA1
f7bcaae12c5c0afd4a75b055af3b24d389b9329f

SHA256
798cc9b232afa765d0b1f5b556a697a461feba8c5ff9bd70124df8a2f7ca2f1c

SHA512
b76639fcfa23e83fc245616b6c8a6811a90e8d23a73077356b71d91aac4c526c168020916aa315b5e8a40bc4f269932b551222e7696c61ab5b31d629e9b54670

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
392fb215e04c240cd95bb7e6ec64eb20

SHA1
818a0f0e50c95124ca8ab160664660d1c6e6dd84

SHA256
d46aa86712299d1761db174824285b21d70147a1c98f72ef80e9c7f497a3188f

SHA512
aeb16cd8cc10892a803e8b3cc0b154b2e2601b33295ccdbeb6a9b1b04a6ff2ad2ec379e7ed937e684772b4025ba0040b74bdc10a44cba18435adf6b29d65f797

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
f1c111b74cf8212f72a264a657f1ab9b

SHA1
82b671ae7a6d614d1e87c5ac665d78c6eb4753fb

SHA256
c9bab4edd437e78c2a42be064eaf5b854826b628fc6d275ae22817cadd995d6c

SHA512
00c5cde75a2ab2cf4957bf9e963ed9dd215eea9cdc50b4aef19fb934ec7f2b21d731471a25be02b272f3b7dbacc1b980f524705623309621e840b2d97205c43c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d48cd045e94383b58dc24c23ab536438

SHA1
d29dfdc5a5197c711500831c85036ecdf3e6edf9

SHA256
91b88193982ae55fa563104227fde60625561c8cc7d11fda1a4d4f1e0baa2b5c

SHA512
c3521d6823658c19dc9c81b6dd402fc1094b909f92cf2cab95af47f6fbc8643513bcb329c24b9d0e965d11bdf9dda8962947f4e9c98456b9d40ef9f38faa6145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
247B

MD5
8f36f8cac613fbd4eca018b6f1770e81

SHA1
c5938ae30a506498b6c7454745d4c5180c62e0e9

SHA256
fdc0169db028eee43476af24ae7f8c185e03e59e29e458ee78d97893acc4fc88

SHA512
0732e3b21d6e8ec4da194e8c39f2d6417113481a391c3dcae675a06405053a864398849301e64c8776e7a7db74574eb9be7883bc5ceed7e42bd26d02265dfc53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000007

Filesize
90B

MD5
b6d5d86412551e2d21c97af6f00d20c3

SHA1
543302ae0c758954e222399987bb5e364be89029

SHA256
e0b2fdc217d9c571a35f41c21ed2596309f3f00a7297a8d1ded05f54f0e68191

SHA512
5b56ae73a61add9e26f77d95c9b823f82a7fcdc75eed64b388fb4967f5c6c42cb0796b0b99dc25c89f38952786176c10d173dec7862a8a5ce5f820280f72d665

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13364371719019800

Filesize
5KB

MD5
22dee7ea02d4b312cbad3044c6bbdc31

SHA1
94bf60eea980c6905181406dfcf4b173fb404914

SHA256
2870c5c59265414e1f8c5dc9d0b7cf7cf4f7780b723be49cd772e3e557d30d1e

SHA512
08ed973533ec96e1574257f5b82f27254d722781c155426bbcbc04c6dcd32a2611ebd8bdf27e8dcc17a9e498148fd79344794be6e703b35efa9338bcfb200985

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000008.log

Filesize
132B

MD5
31bdf01cf2a502bc69291bc749116bab

SHA1
cfcb492860e2fe2d8df0e9d243fcd062270f26cc

SHA256
bb151cf2641b0d60d810f1539d7cee72408f76813cee5c001943d5673184a435

SHA512
85dd5eb64018ab623b2971c68226be85b315d299dca464df5d0140356bccb809b0ddbfb3a256a042d05435aae56e4998d10fcbb70abc0d92c515a9bb97c3f5fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
136B

MD5
45b3c0a1db435d276f1870a066586f53

SHA1
5f2c93d19afef274f109630f1ce39ef82f111e27

SHA256
66f174a72cdaf84e541cd358457946d77eb38c22c5795d11d3e92afaecb7eec1

SHA512
3fdaf41ddad73acbd3678f74d834ce75d5183a07274683846579eb1aa5306df602246ab94c34ca24cd4defbb46db0a3cf717b904d92ac53c524fce9e5a47d8df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\MANIFEST-000007

Filesize
107B

MD5
22b937965712bdbc90f3c4e5cd2a8950

SHA1
25a5df32156e12134996410c5f7d9e59b1d6c155

SHA256
cad3bbec41899ea5205612fc1494fa7ba88847fb75437a2def22211a4003e2eb

SHA512
931427ad4609ab4ca12b2ee852d4965680f58602b00c182a2d340acf3163d888be6cfad87ca089f2b47929ddfa66be03ab13a6d24922397334d6997d4c8ede3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000008.ldb

Filesize
1KB

MD5
c23c84bcfa1b2cf9c19f568229edd310

SHA1
c39ff5092f39daff9a7f5fa08dc3d90e06c0a70f

SHA256
1e48522e42a882d8e49bab171842dfbca1124ffa5676c1428e2d0899b1b04bd2

SHA512
5b38225b41e9bdc476155d6a03f76873dcb611968afab466337d9e04551d2e618ee338480a6032df5f7defd538a609dd3eaea303244997038716c8fb837fc6cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000009.log

Filesize
2KB

MD5
8e1a73a1cd869ddbd9bc13cc0bd2f059

SHA1
68ded220eac50e56e9178d7fd962fc3343c177cf

SHA256
bae99df9afc4ad8a8e3cbb6976a608b363f3da548584d57d4e01d3de9ba3a898

SHA512
90603012999c41d6a1805c3723870e70e9283b3bdc8dd2737d0219f9cadfe01a03709567caac1337e92617846e599d119d7c3ab35ae351345b942b3bbbc85912

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
250B

MD5
581311a1efca1f50a6a445cf9002384b

SHA1
c51787851c92663af5f7270a0533652b45e341dd

SHA256
5b3f1699459d47e2758c79c28796e56c36992837a9acccaefb95ea84f60060f3

SHA512
97a2d7669ddaa08f0830978655c1fd34b5c7bd147406e82ed99d694657cc87af266d7c38c186f2aa0432e88862978d8571e932797663fff813ea5302b20d6ffb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000007

Filesize
250B

MD5
03d881fc5a4ab4013bd1b30988abb179

SHA1
9ad861569715575d7b676e5683b14dd3cffec304

SHA256
5da7b30f55f920166ad821f532fb95bd11546bf63a228fc41357aa122fcaf5e8

SHA512
29ab8ac2c642a83086266f88ffde8d71c96cd0d98812fac526e0a0adc58d8bc7f99760ad19a71cc38c3ef5edb9ab9d642ef6b665bf4ce336260b0171411e26f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000009.log

Filesize
302B

MD5
9d158d1bf4f996b354d7809bed816ee2

SHA1
66b58bc40aca197a3ad0899fd4f8740a3aad2f5a

SHA256
76971b5c5db085eabea21af54a91680bbd8f6394772b9786cbe34ddec43a6e82

SHA512
2f16456afd4bd065b67d6edb22ea855431536b3921aacf9f9bb0e5f99a7e66f58f9a3097056d4a9d584e420879103f5f4c73093f236d1e99537de43120cae413

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
249B

MD5
f67a01b04b948ca6dfc76ad6f36f4012

SHA1
bb091a3473291816e446237c721b5428355bda3a

SHA256
28351cb5af984a101885de3732ea14d32cf7f8d795d3739c32626b1326efdfa8

SHA512
51264a85abacd0fd0e7a28d1f3e0fc99a0e692f718f89e00cba5e556086f1a2223f375d49a93fa66fee527c29b282c1467e24e062dbe365242e627dd79e6b2a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\MANIFEST-000007

Filesize
98B

MD5
bf5d2f12989c73855d34e9a23495f99c

SHA1
a60a6d01e549282c42f6b37b876b3eae373703dd

SHA256
ee67aea9e57a78d79308e5962b28ed026862916577883b97de65dfe26df7cebc

SHA512
a79aa5fd0b516be55d12b0a94e61a9d121cb2fbf43e8c761a108bdd6c52cc1e69674ee4720451020cc8081e7554bfbce43ce66971d07bb78c8993ec6bc5c19db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000008.ldb

Filesize
316B

MD5
f16f6cacf9889c98a98e85591f8e27ee

SHA1
6bc56e18ccaec7d5fa8c45828dbd3c5957ae9d4c

SHA256
71b5dfd9106885e95fd80cfe4c14d523754acffc11e581514b2e8ec9f13be794

SHA512
02ab4b8c771c9311db874018c1332632020710628518df1e69155a5e07f7eb29fd8f4bb0e93ce9d4ce88ed2ea62878e2775da5307a3a73811deb94f8d67df0a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000009.log

Filesize
34B

MD5
fe62c64b5b3d092170445d5f5230524e

SHA1
0e27b930da78fce26933c18129430816827b66d3

SHA256
1e1a9ca70503efd8c607f9bc7131f08aba0476d75f2586dadb4da5485a5315d4

SHA512
924daccfbfb0c0464b4c5fd769e01a8f2e96fe28b635aa27ab4cd91766b05b03bbf941af14c017436107673f01bad815ce1fac2a649e745c76b3c736994b4fd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000010.dbtmp

Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
249B

MD5
9723423c140f587f1809410bba15d0db

SHA1
18acaea5cdb63853622e602474b6c60ef91f61d6

SHA256
5f673c97a0554399e866fd82c485b52e6cda942ee890768040479957540b4cea

SHA512
2afcbf49492e8c48cc822b76b4d890f9555abd19af8f734c85f8587c6e5fa0e15b234fce7131d89b7a4c93912524536c38f4a661726888acfe477b0a86316d3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\MANIFEST-000007

Filesize
118B

MD5
f1e6d6f3b152afb6bd860796b83855e3

SHA1
3738ef87ace6f4828dea3562816cc85f5101be9b

SHA256
38a3991910145db7074f1c91cae33953d9993f4b5087a058116d4c40706c014a

SHA512
528cd5a4261f501fe07fd0eb6a028fbb6089f641006ee47da7c187f1e7cb71f09b3706331c5def6227594e599f339e58402c5e7369141ffc7d2f2e7e49e37a95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
140KB

MD5
26fdb563124e066c87b6dda251d6689c

SHA1
8083771017cd0da35931f6eee3fa359ee670889d

SHA256
ac691b74022dfed20604254b60a06e916760357ada295fa25d2bd793f199fab8

SHA512
363de1c8ef8452ed271b285b7ae253f2b35022c7b6b1ddb5a7c4a5a8bbc77325bc74bc512828893dbe58b75eec990f92c4e07409d823abad2f206254aa781063

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
140KB

MD5
3683617103cf4ae8edec2d4d1d48b70a

SHA1
f5b6f5a1feaf23988c88c285352a21b5427161cc

SHA256
ae61ae6b5b7e148d378812dc7062c74db61b09ccd6321d3262dc476bda864ec8

SHA512
60df97fbaf30cc328b1eddf9557a26c5046177704d745514462b2e4b2b8815a84a4a4540a6ff47fb05704447b7a10512d8fef216dc41fd54d8e6e0c34cb47e06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
140KB

MD5
1b3cf0f29ab64d5cec2631de473b3c58

SHA1
47f3499448da21af9ea39ebfc288b921ac7dc256

SHA256
a53d7c63c3e90d963eb669f2075dd6f40aafad25ea12f37c5a7a19f3a819e31b

SHA512
d5b47cf3d287e28fd4f9c5cb43b61f4582636abbe792dccf6acd20bb1d09f3f7a597b4293176ad84dc6ca41a2c8c59456f1f7690f754cbba414154a18fc979e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
de66f9a0a25ef706f1092d9c98f4fe16

SHA1
ee648a6ffb1614b3a06b13dc4cfe0f5b5aa987be

SHA256
aa39836c5b345de34f6b28397f78bd071d4465c6b64f5cfc20ea02005e36d558

SHA512
e50d44ee2dc089cf5eb43165ca597aaff452b559179322d503a7b7274ac5db54de4e9de3837e2f5709d89352dbd0af93a88fb873bfaa5977120eab9632644dcd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\HELanguage.hel

Filesize
10KB

MD5
e48671f08c254445aab192942dbf6059

SHA1
e349a76d4d6562e81fb1b7cd9bec0a79a2adce4f

SHA256
7c642b8a501c94cd614f1178b2d11e3d39557ae5a26bd8e17e6c2a29f7790bcc

SHA512
d33216bd275286dfb8891b374e88e9f91bcb9f9dd50f6dbca298ae7cfabc92dfadab321f29845c2c612e2ef75e7b32c257f886ffad437eb3118bf112115b76f6

Download Submit
C:\Users\Admin\HEModel.hem

Filesize
1KB

MD5
5d1a149f3203d84bd7a15c0f33398732

SHA1
ffb7ce1713781e256a8318b00364c11ff8c2c245

SHA256
77fff2b08f004f4cb4d695063e4f08d55271a5ad93273391e9a9e47c32b7e190

SHA512
8ed13f99e8fde319f1369231b1886e67e7333a48dccd5a242a0e531f9efda788ea9389b41a2043886a84d61fd6c90119461840d2443478deb7c1a7a811279901

Download Submit
C:\Users\Admin\HEVehicle.hev

Filesize
114B

MD5
cf7f9aee23075a7915cb46cc438c794b

SHA1
7cd29eac5c4ca59ce23ccd3a51fd53d4ed3608d4

SHA256
fbfa926cc6ace7c9ebd9c4ec2003370e21aa2d580e624eaa262045cb034c85de

SHA512
bcfc09ff5a0d5a5a9723f2f15104342454211810ef99f99a4094c78bfdad2f85fefbfa295a00ee0c1aeb66d6f878fa9c123e6e8ac1b109bd81040cf4541fb5c6

Download Submit
C:\Users\Admin\HE_Config.hec

Filesize
71B

MD5
094acb45fe35409f4f9fa34365cda714

SHA1
afe86528e78075b38afbe92f9df4433aa5843932

SHA256
deae8f9d469a291e3d2e0fd8606153e6d29c3560a32786043e7fe0557955195e

SHA512
15576071836ccef7ddf13faebb58a2e0a40468539a364f76cb9683bc913f0dbd8d9106e8b8aed2d56dcd1368981f480ec80f21954da5661be8eb89c0ae686b11

Download Submit
\??\pipe\crashpad_2524_RIDPGPLJYEMCUGPU

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2416-22-0x000000013F420000-0x00000001406F6000-memory.dmp

Filesize
18.8MB

Download
memory/2416-5-0x000000013F420000-0x00000001406F6000-memory.dmp

Filesize
18.8MB

Download
memory/2416-4-0x000000013F420000-0x00000001406F6000-memory.dmp

Filesize
18.8MB

Download
memory/2416-7-0x000000013F420000-0x00000001406F6000-memory.dmp

Filesize
18.8MB

Download
memory/2416-3-0x000000013F420000-0x00000001406F6000-memory.dmp

Filesize
18.8MB

Download
memory/2416-2-0x000000013F420000-0x00000001406F6000-memory.dmp

Filesize
18.8MB

Download
memory/2416-8-0x000000013F420000-0x00000001406F6000-memory.dmp

Filesize
18.8MB

Download
memory/2416-1-0x0000000077C40000-0x0000000077C42000-memory.dmp

Filesize
8KB

Download
memory/2416-0-0x000000013F420000-0x00000001406F6000-memory.dmp

Filesize
18.8MB

Download
memory/2416-6-0x000000013F420000-0x00000001406F6000-memory.dmp

Filesize
18.8MB

Download
memory/2416-10-0x000000013F420000-0x00000001406F6000-memory.dmp

Filesize
18.8MB

Download
memory/2416-9-0x000000013F420000-0x00000001406F6000-memory.dmp

Filesize
18.8MB

Download
memory/2652-18-0x0000000003A90000-0x0000000003AA0000-memory.dmp

Filesize
64KB

Download