83d07e68ea4d6d5a4cc9c927100d0e036e8bc3a7fa592a2bc720864e00e2609a

Analysis

max time kernel
300s
max time network
293s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
13-10-2024 10:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Software Applications Incorporated.eml
Size

14KB
MD5

0094392d535f9b77c3f2c4a890a1eda8
SHA1

c710a3807254cf7de78890fe95a9bf369272d0af
SHA256

2884f9f230e488f191a902690969194e3a8df46992dff77d58fd4f87f3772a06
SHA512

ff07acc6f1958ff9466c6ef3accf3276132b7146928cfa8974118218521f9b146e7e506745d7681415890cd4737e936c18dd68b9d2db717d1fc8f84e2e1f379f
SSDEEP

192:B80FwQXjU1ucUPp6tEgGldd+bHdHMcNeuvjWuS+lOETUH4NeB:B80joupoDIWU5

Score

10^/10

discovery evasion exploit persistence

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "empty"	WormLocker2.0.exe

Disables Task Manager via registry modification
evasion

Possible privilege escalation attempt 2 IoCs

exploit

pid	Process
3908	takeown.exe
4344	icacls.exe

Executes dropped EXE 1 IoCs

pid	Process
4852	WormLocker2.0.exe

Modifies file permissions 1 TTPs 2 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
3908	takeown.exe
4344	icacls.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
75	camo.githubusercontent.com
82	camo.githubusercontent.com
129	raw.githubusercontent.com
130	raw.githubusercontent.com
131	raw.githubusercontent.com

Drops file in System32 directory 6 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\LogonUIinf.exe	Automatic_converter_rff_to_mp4.exe
File opened for modification	C:\Windows\System32\ransom_voice.vbs	Automatic_converter_rff_to_mp4.exe
File opened for modification	C:\Windows\System32\WormLocker2.0.exe	Automatic_converter_rff_to_mp4.exe
File created	C:\Windows\System32\LogonUItrue.exe	Automatic_converter_rff_to_mp4.exe
File opened for modification	C:\Windows\System32\LogonUItrue.exe	Automatic_converter_rff_to_mp4.exe
File created	C:\Windows\System32\LogonUI.exe	Automatic_converter_rff_to_mp4.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133732885786612182"	chrome.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings	WormLocker2.0.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings	chrome.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Local\Temp\Software Applications Incorporated.eml:OECustomProperty	cmd.exe
File opened for modification	C:\Users\Admin\Downloads\Worm Locker2.0(ransomware).zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
2840	chrome.exe
2840	chrome.exe
4852	WormLocker2.0.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
444	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2840 wrote to memory of 3564	2840	chrome.exe	89
PID 2840 wrote to memory of 3564	2840	chrome.exe	89
PID 2840 wrote to memory of 2756	2840	chrome.exe	90
PID 2840 wrote to memory of 2756	2840	chrome.exe	90
PID 2840 wrote to memory of 2756	2840	chrome.exe	90
PID 2840 wrote to memory of 2756	2840	chrome.exe	90
PID 2840 wrote to memory of 2756	2840	chrome.exe	90
PID 2840 wrote to memory of 2756	2840	chrome.exe	90
PID 2840 wrote to memory of 2756	2840	chrome.exe	90
PID 2840 wrote to memory of 2756	2840	chrome.exe	90
PID 2840 wrote to memory of 2756	2840	chrome.exe	90
PID 2840 wrote to memory of 2756	2840	chrome.exe	90
PID 2840 wrote to memory of 2756	2840	chrome.exe	90
PID 2840 wrote to memory of 2756	2840	chrome.exe	90
PID 2840 wrote to memory of 2756	2840	chrome.exe	90
PID 2840 wrote to memory of 2756	2840	chrome.exe	90
PID 2840 wrote to memory of 2756	2840	chrome.exe	90
PID 2840 wrote to memory of 2756	2840	chrome.exe	90
PID 2840 wrote to memory of 2756	2840	chrome.exe	90
PID 2840 wrote to memory of 2756	2840	chrome.exe	90
PID 2840 wrote to memory of 2756	2840	chrome.exe	90
PID 2840 wrote to memory of 2756	2840	chrome.exe	90
PID 2840 wrote to memory of 2756	2840	chrome.exe	90
PID 2840 wrote to memory of 2756	2840	chrome.exe	90
PID 2840 wrote to memory of 2756	2840	chrome.exe	90
PID 2840 wrote to memory of 2756	2840	chrome.exe	90
PID 2840 wrote to memory of 2756	2840	chrome.exe	90
PID 2840 wrote to memory of 2756	2840	chrome.exe	90
PID 2840 wrote to memory of 2756	2840	chrome.exe	90
PID 2840 wrote to memory of 2756	2840	chrome.exe	90
PID 2840 wrote to memory of 2756	2840	chrome.exe	90
PID 2840 wrote to memory of 2756	2840	chrome.exe	90
PID 2840 wrote to memory of 4664	2840	chrome.exe	91
PID 2840 wrote to memory of 4664	2840	chrome.exe	91
PID 2840 wrote to memory of 3616	2840	chrome.exe	92
PID 2840 wrote to memory of 3616	2840	chrome.exe	92
PID 2840 wrote to memory of 3616	2840	chrome.exe	92
PID 2840 wrote to memory of 3616	2840	chrome.exe	92
PID 2840 wrote to memory of 3616	2840	chrome.exe	92
PID 2840 wrote to memory of 3616	2840	chrome.exe	92
PID 2840 wrote to memory of 3616	2840	chrome.exe	92
PID 2840 wrote to memory of 3616	2840	chrome.exe	92
PID 2840 wrote to memory of 3616	2840	chrome.exe	92
PID 2840 wrote to memory of 3616	2840	chrome.exe	92
PID 2840 wrote to memory of 3616	2840	chrome.exe	92
PID 2840 wrote to memory of 3616	2840	chrome.exe	92
PID 2840 wrote to memory of 3616	2840	chrome.exe	92
PID 2840 wrote to memory of 3616	2840	chrome.exe	92
PID 2840 wrote to memory of 3616	2840	chrome.exe	92
PID 2840 wrote to memory of 3616	2840	chrome.exe	92
PID 2840 wrote to memory of 3616	2840	chrome.exe	92
PID 2840 wrote to memory of 3616	2840	chrome.exe	92
PID 2840 wrote to memory of 3616	2840	chrome.exe	92
PID 2840 wrote to memory of 3616	2840	chrome.exe	92
PID 2840 wrote to memory of 3616	2840	chrome.exe	92
PID 2840 wrote to memory of 3616	2840	chrome.exe	92
PID 2840 wrote to memory of 3616	2840	chrome.exe	92
PID 2840 wrote to memory of 3616	2840	chrome.exe	92
PID 2840 wrote to memory of 3616	2840	chrome.exe	92
PID 2840 wrote to memory of 3616	2840	chrome.exe	92
PID 2840 wrote to memory of 3616	2840	chrome.exe	92
PID 2840 wrote to memory of 3616	2840	chrome.exe	92
PID 2840 wrote to memory of 3616	2840	chrome.exe	92
PID 2840 wrote to memory of 3616	2840	chrome.exe	92

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Software Applications Incorporated.eml"
1⤵
- Modifies registry class
- NTFS ADS
PID:4820

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:444

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3584

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff1c0ccc40,0x7fff1c0ccc4c,0x7fff1c0ccc58
  2⤵
  PID:3564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1788,i,3734148738879227326,13462908010267899784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1780 /prefetch:2
  2⤵
  PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2128,i,3734148738879227326,13462908010267899784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2144 /prefetch:3
  2⤵
  PID:4664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2208,i,3734148738879227326,13462908010267899784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2220 /prefetch:8
  2⤵
  PID:3616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,3734148738879227326,13462908010267899784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:1116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3196,i,3734148738879227326,13462908010267899784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:3364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4524,i,3734148738879227326,13462908010267899784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3588 /prefetch:1
  2⤵
  PID:2548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3120,i,3734148738879227326,13462908010267899784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4504 /prefetch:8
  2⤵
  PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4752,i,3734148738879227326,13462908010267899784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4748 /prefetch:8
  2⤵
  PID:468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4808,i,3734148738879227326,13462908010267899784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4796 /prefetch:8
  2⤵
  PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4816,i,3734148738879227326,13462908010267899784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4796 /prefetch:8
  2⤵
  PID:3236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4348,i,3734148738879227326,13462908010267899784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4628 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5092,i,3734148738879227326,13462908010267899784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:1412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3472,i,3734148738879227326,13462908010267899784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:2780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3284,i,3734148738879227326,13462908010267899784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4532,i,3734148738879227326,13462908010267899784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4492 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3528,i,3734148738879227326,13462908010267899784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4536 /prefetch:1
  2⤵
  PID:2548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5476,i,3734148738879227326,13462908010267899784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:4052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5524,i,3734148738879227326,13462908010267899784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4564 /prefetch:1
  2⤵
  PID:2680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5672,i,3734148738879227326,13462908010267899784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:4140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5816,i,3734148738879227326,13462908010267899784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5956,i,3734148738879227326,13462908010267899784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:3640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3356,i,3734148738879227326,13462908010267899784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5576 /prefetch:8
  2⤵
  - NTFS ADS
  PID:1628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=6180,i,3734148738879227326,13462908010267899784,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5972 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3520

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4092

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4736

C:\Users\Admin\AppData\Local\Temp\Temp1_Worm Locker2.0(ransomware).zip\Automatic_converter_rff_to_mp4.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Worm Locker2.0(ransomware).zip\Automatic_converter_rff_to_mp4.exe"
1⤵
- Drops file in System32 directory
PID:1280
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32 && icacls C:\Windows\System32 /grant "%username%:F"
  2⤵
  PID:3488
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Windows\System32
    3⤵
    - Possible privilege escalation attempt
    - Modifies file permissions
    PID:3908
- - C:\Windows\system32\icacls.exe
    icacls C:\Windows\System32 /grant "Admin:F"
    3⤵
    - Possible privilege escalation attempt
    - Modifies file permissions
    PID:4344
- C:\Windows\System32\WormLocker2.0.exe
  "C:\Windows\System32\WormLocker2.0.exe"
  2⤵
  - Modifies WinLogon for persistence
  - Executes dropped EXE
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4852
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Windows\System32\ransom_voice.vbs"
    3⤵
    PID:3496

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004DC
1⤵
PID:4344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

File and Directory Permissions Modification

T1222

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
70KB

MD5
a8bc992bad7bae98e96d1c839fc939e0

SHA1
83c183c786ee2952427db80c6e91de04d800b3de

SHA256
6e7da6e50ed27be4e94e33192e0cc7b6c71570a360054a35786b7a8c36f94567

SHA512
3cb4d5b9bffdf5a8471e278693ae9f5121cf976ed4e431f7f8fea5bfb7e783c44ad8f5309f986e3badacbefc1704cb2ef611da0ef06ebbe7d56fe74afea5597c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
255KB

MD5
1ed50e4d16f302d405006a39a81216ff

SHA1
a3d24a57d3124eba07acb4a2851c45dd14ac5b05

SHA256
3557b820dd568da4bf7bb9f0e7caee1a37433d76ae657dc28af8d01a91f36aec

SHA512
14ea649119aa8e0175d9691e04bb0a8ec6d33011f44348e1b3d94feec5325ba3634e74c20d124de12b0a1f3125028d4b3f6d0c2781d4391577b6b99e98a4071e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
168KB

MD5
3f6c5d514290596ff4f2e65fd6799db7

SHA1
9f906b1a03663311398ac99a6406da9b030d49b7

SHA256
12af5ae614f78775181955bb0ec8ce5e7f7ff01561ddba709f3c551d6d4b1d8c

SHA512
a9993a9de8a08aa30efb662b7852cb040de2216e7271805cb0cb9e064354cd04f8d7928aefd3c95f10bc3cfb6e987a1e6f5e858c3904c20e5a920688a39f3873

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
21KB

MD5
c69b39cca3a3c5a67c0b25111f965411

SHA1
1314022da524c52eb53fa547cdaf0db012a0e589

SHA256
d44d542daa3d49d6185f400cb3890eeacf2ececd3ca6ac68b940cca9215ccd2d

SHA512
94a33f12f04ff64e9a277546197a7e8867ea7f69d6f09fb917de60223e7a4464ec468a352c66977a25689dd91e4eb2ade06a4c597bbd846810fd6ae6c2d0f569

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
285KB

MD5
a8425d91152031937e78fe3b0f1209f2

SHA1
43ca3f237a333ef9cceb0a8b9dd37490bbf1854e

SHA256
583c4e0da6965f71539110ce7d07e4b35ca83ec377849f7ecb3112f8ef15d903

SHA512
08bf38e9fa662b55a33681169afbab1563ab0e40a31e0c21cf9637b7ef0e6dd79f28702784266d17dda13983a1fe23d9c29a93de7cd964496b556e77e0d59531

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
8b827bb4f919db018ccbcd8aef92c945

SHA1
3474011d34f40435a47c09e3c80d89696368d17f

SHA256
fc80986a0fb9a39e26afac3993da50bc2a1374a6c987e7ddcaba499ba775a269

SHA512
93389b7c9c76539bf98673105fb005f03e3fdbb5931b35cd578a3637b3266900e2669c233d7bbb41478df9a4180850f51ac8a263cfeae832c9b12a901741c278

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
ce1b31fc0265f26f3d3289c74160b0a4

SHA1
900b6c34879d78b8134db6d70ba703858a20e8d8

SHA256
9de9896cae8b925e3083f8bd054545817ee04d405936d9ab54fe84c929d1b053

SHA512
e3af915ae727e69a45fb039f318509438330295a8ddefc61e6b54e35cbab836aa87d55159234d91054880f33c7e777d9456b0b3c5918b07f78b341c74d5f56c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
7d7077d010db8680f1b41fc3a47cfa4d

SHA1
f02832a2cb8466900f4476296177f26484c38f5f

SHA256
16363dbd885e439d02075d59150bc0aa459051408ee95f21e7062fa56e61c25b

SHA512
9d368468d3eb3aa288a078510f9bfcda59d472a39ddf202afa39c6aca867affcf6db7c406a8504f14f39ce545afa545d85d6b0d917e650364f1095a6dc2d3c93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
8fb00fbf0de817f373478fbc6ea5dd1a

SHA1
1e246f7536e477a2eb8920fe26e700f3c7033c12

SHA256
396e887ec7e934da680c3d9f0e1378fdd00450368a4de71f7a11bb652f937944

SHA512
eaf767b311db71d71a1fd8cb3a62577d13b66d6f6deb53865d906eee027380eb36936667a4e78e7beed7fe4e56b47e1a6314d60aca2ae5073793db9909bb55ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
26e582f96254c780d182a3ffff0351dd

SHA1
6e2b911e3d9740f4134411c4d37ae6488a14aa13

SHA256
75aa301eabdf6b4dfce254960371c4f7d818fd2917ab36457c7dd88955a8e9df

SHA512
30de702e9c8f09daf61331227362beaf7ff9f8f2c5c34804ca4f9fc8a77c137f852d385f87305c82d9ae1fc1a626ff50ca296011884d9215a935274a2c5c844a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5553ab76bd9bc9b50abff5e40d42dfaa

SHA1
9b59f5db6fd349f41d9170751a78233ce1e87a19

SHA256
d07b1e5015b5f364fbb965cd0b15d4b1bb2b65e0840992b63a806bc98be6fa35

SHA512
63aed6da47530c6b6f98c53873e35f176face4377a3243d7811f9db903e780a00a2b8f21e1ca798f862a290b665a52dd5f3e091cca3a0e1120f2b110e50d7dc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
a33d7d4abcf715d287a0f3606f834424

SHA1
f927ea21a86c693cc40f4d55b9993254c1c4e438

SHA256
b0a7b46bd8d5e279c7fbbf4c538119cc8cb5ae07d600b6c4f94a09c0a8df7c35

SHA512
652bc0ab5cbd6d3169e06fe4bc9b5846a66d03c09588b52935f15ab5f8afc244e49b909c85f984adaa4cbe1361f978a8febd1f7e59de937bacc461f5b6655376

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
692B

MD5
2e4b588b664ee744a550d2403990d780

SHA1
b8265ccb8f9734b488c64d6dba98826e5ca3ea6c

SHA256
0e1bfb71e3cb965c6acb491184eaa04b393749aa53eeb2f74643078c51b69e94

SHA512
ac68450293a335d2c9286858d6a7db9a04ecf3c34c71adfafd53df691df6da20c96b0ed21b40e8d3a88e215aaac7eb9f5d95466bf287f26095a12d16776d9dd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
692B

MD5
c3468619931c48b5eb62d7752ea1de5e

SHA1
43f2ab34abc84db8f2dfbe8edddc12658ae4f2ad

SHA256
35f4ab75ee7e684caae1fb05e80190b8d48e63ae53211474fc46c3e67d4f495f

SHA512
b7f59c02761f1edb76f4409ef3e4c9ef9dc22d97e3d8298a44db4a93dc9e2b035af4eabfc228b1e928a1e7d0c1f9cb6c967c0b474dd7887660438decdaff8b43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
9ac8e68405ab2685655a5b87df662240

SHA1
8ddf0c4229ba4119c36d45d7517e366dda2793ae

SHA256
1f3c02c5734e304d9313cc56dc4b6b1df162f08387e117cf9c802b03d6720497

SHA512
d75dd3cc1e87150f0b7547da4a8ede88e92dd63d1ffa4b2094d9640de0ea635ad2014215e237287bf00a40aef796c96e13e7a53e394b9e243073862b3041e4f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dd645da50f7d67ab60e3a03648a1ddc2

SHA1
7dbf8af0844118a17b4a63b7b31e1d3a1195fb70

SHA256
8844c91749340f3c046a8ccfa89eb638ed03629db4f077d59e83090a72acf88a

SHA512
7e8b8a4b94ba199526da56897d9d8219137ed699dbaa87c8dc515fef145f9a44d01c49b45bf84e308a7ef36290da83cace6180896db0135a74a521d06624a679

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f99a559473c9413e5bc236979671b284

SHA1
1281303cecc10e1b6c346893ff68fa2c05429cb8

SHA256
b24dc0cbc266798f08b43ed955c816c2424f6996eca9176b0747a5aff3ba16e6

SHA512
0ef263fa625fe6c13fc58800bc88544f33a8c1773ada3257f6bba1e3fe80a7760836c4c82de0d36d4e2a774f205a500f05a245e274341a38a844f283d9a5c356

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b519f4cbba999ec7b9e6110effea5af1

SHA1
f4af37c4d83c41ddd65f62b1933bbb24ace96f19

SHA256
31804a1fdf79e7537eba0b0cf58097e739a00bfacc284aab5670917cf98fd8c7

SHA512
5b9eb5e83ae0a407e938ec7c2ba6999228f707337c9aacd09de5e0b05855733aceb547f4d653e9a1ec7d98197a8303b6897ac8cbdaef93bcea154b7f433699f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0816269fba18474ef79a9ede11ce6b6c

SHA1
32ecc8bc7a36235d941c3f60a013cf2234d31931

SHA256
3b35a3d0501ab99ce5d6f1a65bace17e93e5572d5d9f0a4165c5550ab26c891f

SHA512
283cab0d254f320b89dede544927a701e20b86871713d8c6794e2d5cd58b7620ca26e29bdc4f323f502fa80ccb4e7dff2b38509b7f6838347f4aacb5698e47b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
985a1f7b4eaf8b83fac9ee0ed9db5084

SHA1
e0f070d47ba8064f5beb98bf3f5b8760e202ea67

SHA256
64dc1e408166df5cfab6e36e75607b91ad9f3af600aa74f61075966b4154fd42

SHA512
82c5da3c838be4e76a955899b19caca70d8234a2becadcaad72a1c7e2becac5a6d4457f7bd0bfe6a410dcb266b9bf341f47b00d6278fc00d429e49b5a617d218

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ea6f1e47dddf6cea2c54a802b4fc44b6

SHA1
6a685a47d00024dfa9fe02039f090c53d76dc6bc

SHA256
6ed1b30825f75853ba8170dacd4ed6e1798a521e4fdda49973bee389e260828a

SHA512
21ed1917edb7873f3b9ddcedaaeba43efd10394215ece1943074cfdcc9707fb73476265afab8676a7a7c96f47d3fa3643d28760e27cecd1ad8d645d92aecafae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8bd6f3e8817c9f3e4c9fb33554c03b5f

SHA1
153b66c181f7ab4a5dfe010a23818215474dcb73

SHA256
5e84d18c2d0a4555399e4796baec508560b85f4471f8f190b368f531646a6f87

SHA512
a34950519f27edb08ed52fa78013e24c493c69f699c1b507c8fe39748fd30717965b423391aac41ebf859afce95ceb983eceb66a7d56350d6b4168e2b10ad3ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
70e22dae59a8db2b1d9912a4911917a0

SHA1
6c93707b8cb8d960003091df8dc4a758ad7db1a9

SHA256
ed9af005c631457f0696947ed217369db4c1e670d3d0d2fe301cee82df36424d

SHA512
09d21821ed8680ce232bcd45ef5f499fc107088fe4c3d185ecc82c5dbe5df8223cce3345bbaaff8cec3a251969fd45ca9e7b0fa4a17cb6a949ba65907b9952a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
78285e04c089307002838734ee6742e0

SHA1
d3d8ebd16cc0b94c9445cf97710bf7dec0f45c8e

SHA256
dc3d55722438b983f86987462a80a17ec88cc5d2a9fbbc179681673964d4a3d8

SHA512
40192f826ba02696f48addaac405bacaadcc708f50255482135c422833d9c2e919b82af0faabe58c3b686501ad6953b109363a85a69ea1323b0ba42b10cb0ca0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a3ad85eba954bf782cf4de2cc5185c34

SHA1
5a3c23ce9ee57b920f9c9df81ab4381112f46874

SHA256
ece18d52077e722a8c737bf2f707e47f91fbf256948af34f3f55ec46c421604e

SHA512
4bc3a09e2577382a9b8c033d0ff8b981093dcc72c8baabb475aa46813a163a09731acb330fbc39df81956be349133be79785be3c7337e77e3104fa074a6b062f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5f2c02d76333ee891ead3ec3536a22ef

SHA1
03a99de2aec69e6baf5e9e0730b481a280295525

SHA256
3f4106f5e40e46302a8105de8f1b29b7bc4bb5a79647e0e05eb6d5d1a208763a

SHA512
d17f5baa4a90c807fa3237934a2fff01c79cebacc171fcdc116a2f1e720e3268f06de73fd0f935d7957e08bb7e82bec4777dd66210c9e4d88b6e06a62102f19b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
4450ae2ac43c6ed4b45fb580e40766ed

SHA1
adc02745ef69583921fd4d5e534170ae21ea578d

SHA256
0466568a5755f1224c22ffc20e451f3d12d1c0c461022c538ef86328b9725597

SHA512
b76b6838ab2a3febd629a268a9cfc6692110784942878181ee7df740a52f92aa7daa5d5a338cbb96c755d7b3d09a49f4f4a2b9ee4e5299b5ba2cf16f62975872

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
76B

MD5
a7a2f6dbe4e14a9267f786d0d5e06097

SHA1
5513aebb0bda58551acacbfc338d903316851a7b

SHA256
dd9045ea2f3beaf0282320db70fdf395854071bf212ad747e8765837ec390cbc

SHA512
aa5d81e7ee3a646afec55aee5435dc84fe06d84d3e7e1c45c934f258292c0c4dc2f2853a13d2f2b37a98fe2f1dcc7639eacf51b09e7dcccb2e29c2cbd3ba1835

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe59d2e6.TMP

Filesize
140B

MD5
4b71ddc04cfa1dcdc1c318fd2a567f9b

SHA1
b5794b4f3583fc9f1595c959c369e25b2a881d0f

SHA256
66ebc7c108a3d5d1136e3178e6e441832023b28c6e308232f06eabb23cb3dc35

SHA512
4ee24ede5ef6d14cb3113e29b78127a21855c97331fd417208d36d6fc6386752c5c4a67dcfb92054f39dbbb1bd55d5a13d6e740e7853698ac48be6af1e80dc9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
83dff2bdabee924f98744631b56ce9b7

SHA1
b5c36579639612edd34f40d54c9cabe67f95b854

SHA256
ea8e5dcebe0c1305045cb4b263cd02e648b9c0b0a1f99b78b34826911fe39c3a

SHA512
ae9079fd9123b36314862adfc21a4ce5621bf8bad0bea9e4296269d0b7d1e53c016eb967ccd0e8f0b764b68bb247b9212c8f0326b40fa4d25f41268adc76d27b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
fced614c3954e3a3a51f3391c34ed974

SHA1
5dbdac298229887b11b797c42eb96b1fb68aad16

SHA256
d8c84cd749e631df7b11aa3a17416e7a8626c5b06053331eea788d4dd07bbe30

SHA512
3051a24f5f62832a05b95418b63ae21f69afe11821aa48408e4617c35fbd7d46cc8d71f7c43bbf99c0286c813e9ac8721f1ebc9b9503928474892a61094f532f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
ba628b5f5a480a47bc6bc87227ab88d6

SHA1
89e7bc2846aba033e68aee6bd45435af9bd8e64d

SHA256
f442689ce6a124f20889d5da7f8f05ea4349a45844c76c4b88107fedb37c3581

SHA512
7876a504cd02d4867c9d019d866f8429ef529f6cd445438b0ae45ecc0ba59f54acc680cf2ef3f4a998e9069ae473cfb35b4ca39f1cbfcf0ec333653bfac35ce3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Speech\Files\UserLexicons\SP_75CF86B4E03A4BA6869FF3EB4B1618C2.dat

Filesize
940B

MD5
5c79843e3f32a2f8a5fab43d3222e7d8

SHA1
53116ee79dcb6dafe4b3d9355bb484074bb26ebc

SHA256
367b7ffb3b7da7550249f2c12518ff3ac696720d85f3ecf1eb7913b85102e56b

SHA512
8cb23849a661617032b87f3199cb08559375b7f049ca6c724918a35c18e797faf526f92b3050606451c308e3f9c873224ba20484deb322d3c4695f0b2f5fda70

Download Submit
C:\Users\Admin\Downloads\Worm Locker2.0(ransomware).zip.crdownload

Filesize
204KB

MD5
883752fed229f8a2e871296d217fb6c5

SHA1
aa730ba4b3191cd935ea8d7d1fda9efb3d89c44f

SHA256
995df061cec051f1964775932be424ee3da5a4ee91e2b9a17f7a625894088dbf

SHA512
a8baeaebd568d363f95202fc9e5660b7b367284413f6383b6ed469203a06f2601d0573bda58e529c1d9a23e0ae154306ee9be8ce52e5d65fe5662e67b7a3a549

Download Submit
C:\Users\Admin\Downloads\Worm Locker2.0(ransomware).zip:Zone.Identifier

Filesize
251B

MD5
35b03de48b75445b8b7d942c44860f98

SHA1
672e02cefb9a3f79427cc14af20f0afa5e6bc16b

SHA256
a1d54c7a0cf7c03523be926875ae6a961b2898578fc1fa30dacaf43b028db4a1

SHA512
c056ba5e22a0094af4840df91f8e3590fe0da62f40b0b42aec3059bebf5f94916894ce82c54588c4525d4dee679a1514e381e5b37968dcb0d492fde444fc1090

Download Submit
C:\Windows\System32\WormLocker2.0.exe

Filesize
116KB

MD5
041aa5e99ae545dac5f9306bb20d869e

SHA1
88ea126645bfd418abba44cca4a16adf12084d2f

SHA256
830c271c8aca775457a090a51c93ad08f9665361eeeaa3fda3f9ae032202ad73

SHA512
4b8007dddd519c77bb596f6d17f270da62b236894b6fd7f1c528e553b1aac3a7f9c0df4bb40b678461f70bde3c5a8ac4b5e97e5372dd127a8184862c7f6f4c7c

Download Submit
C:\Windows\System32\ransom_voice.vbs

Filesize
397B

MD5
c1f9613622f740c2f00c2fa8881ba7ba

SHA1
bf3271720634bebb3c41ef2b33af525b62f931bc

SHA256
d200a1e942b8cfdcd8190d1ad59f92e27e39b919ba230f2dd88d70c3df428c7b

SHA512
49e00bb3c76f7e69818a889f045f3d3c43badf2116facccbbf69c61de19f91a42aee891b9a5b72a256453e2fc5c637adac1e354cf88e6782679afa886ad1c615

Download Submit
memory/1280-885-0x0000000000BE0000-0x0000000000C36000-memory.dmp

Filesize
344KB

Download
memory/4852-920-0x00000000006A0000-0x00000000006C2000-memory.dmp

Filesize
136KB

Download