mafiaware666 | 096ef1633a1e4b28ea46406a6324998b5f4dc59f6596c3dfbe7d6ee403186733

Analysis

max time kernel
353s
max time network
354s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
02/02/2025, 09:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

skull.exe
Size

1.3MB
MD5

3dce90e3a6daa8810d0dec78fd960e7d
SHA1

d44f4aa742092f33ec60264e15f09fd127a7bb87
SHA256

096ef1633a1e4b28ea46406a6324998b5f4dc59f6596c3dfbe7d6ee403186733
SHA512

bd68ff08882a61bbc4d51ca4ae2e055e20db853c79f6ea0dd5867e673af38785ddc4f992c1891ecf6d658bba89556b23797d708f3d7ca1da1eb4332f9a2ea84c
SSDEEP

24576:RTSTiRsBE12BIVpT2QhYpAILUo/g9QZqpMC3QVbIoTdWR8SfEuGujqZF13z8H81:RT7RseZDT2tSbvQsIbe8YVjPH81

Score

10^/10

mafiaware666 discovery ransomware spyware stealer

Malware Config

Signatures

Detect MafiaWare666 ransomware 1 IoCs

resource	yara_rule
behavioral1/memory/4164-1-0x00000000000B0000-0x0000000000202000-memory.dmp	family_mafiaware666

MafiaWare666 Ransomware
MafiaWare666 is ransomware written in C# with multiple variants.
ransomware mafiaware666
Mafiaware666 family
mafiaware666
Renames multiple (64) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 1 IoCs

pid	Process
2400	avg_decryptor_Apocalypse.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Drops desktop.ini file(s) 5 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Pictures\Saved Pictures\desktop.ini	skull.exe
File opened for modification	C:\Users\Admin\Documents\desktop.ini	skull.exe
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	skull.exe
File opened for modification	C:\Users\Admin\Pictures\desktop.ini	skull.exe
File opened for modification	C:\Users\Admin\Pictures\Camera Roll\desktop.ini	skull.exe

Enumerates connected drives 3 TTPs 1 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	avg_decryptor_Apocalypse.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	skull.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	avg_decryptor_Apocalypse.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133829618841892709"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
3896	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2900	chrome.exe
2900	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2400	avg_decryptor_Apocalypse.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeCreatePagefilePrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeCreatePagefilePrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeCreatePagefilePrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeCreatePagefilePrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeCreatePagefilePrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeCreatePagefilePrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeCreatePagefilePrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeCreatePagefilePrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeCreatePagefilePrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeCreatePagefilePrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeCreatePagefilePrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeCreatePagefilePrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeCreatePagefilePrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeCreatePagefilePrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeCreatePagefilePrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeCreatePagefilePrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeCreatePagefilePrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeCreatePagefilePrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeCreatePagefilePrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeCreatePagefilePrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeCreatePagefilePrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeCreatePagefilePrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeCreatePagefilePrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeCreatePagefilePrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeCreatePagefilePrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeCreatePagefilePrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeCreatePagefilePrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeCreatePagefilePrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeCreatePagefilePrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeCreatePagefilePrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeCreatePagefilePrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeCreatePagefilePrivilege	2900	chrome.exe

Suspicious use of FindShellTrayWindow 45 IoCs

pid	Process
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2900 wrote to memory of 3132	2900	chrome.exe	97
PID 2900 wrote to memory of 3132	2900	chrome.exe	97
PID 2900 wrote to memory of 4168	2900	chrome.exe	98
PID 2900 wrote to memory of 4168	2900	chrome.exe	98
PID 2900 wrote to memory of 4168	2900	chrome.exe	98
PID 2900 wrote to memory of 4168	2900	chrome.exe	98
PID 2900 wrote to memory of 4168	2900	chrome.exe	98
PID 2900 wrote to memory of 4168	2900	chrome.exe	98
PID 2900 wrote to memory of 4168	2900	chrome.exe	98
PID 2900 wrote to memory of 4168	2900	chrome.exe	98
PID 2900 wrote to memory of 4168	2900	chrome.exe	98
PID 2900 wrote to memory of 4168	2900	chrome.exe	98
PID 2900 wrote to memory of 4168	2900	chrome.exe	98
PID 2900 wrote to memory of 4168	2900	chrome.exe	98
PID 2900 wrote to memory of 4168	2900	chrome.exe	98
PID 2900 wrote to memory of 4168	2900	chrome.exe	98
PID 2900 wrote to memory of 4168	2900	chrome.exe	98
PID 2900 wrote to memory of 4168	2900	chrome.exe	98
PID 2900 wrote to memory of 4168	2900	chrome.exe	98
PID 2900 wrote to memory of 4168	2900	chrome.exe	98
PID 2900 wrote to memory of 4168	2900	chrome.exe	98
PID 2900 wrote to memory of 4168	2900	chrome.exe	98
PID 2900 wrote to memory of 4168	2900	chrome.exe	98
PID 2900 wrote to memory of 4168	2900	chrome.exe	98
PID 2900 wrote to memory of 4168	2900	chrome.exe	98
PID 2900 wrote to memory of 4168	2900	chrome.exe	98
PID 2900 wrote to memory of 4168	2900	chrome.exe	98
PID 2900 wrote to memory of 4168	2900	chrome.exe	98
PID 2900 wrote to memory of 4168	2900	chrome.exe	98
PID 2900 wrote to memory of 4168	2900	chrome.exe	98
PID 2900 wrote to memory of 4168	2900	chrome.exe	98
PID 2900 wrote to memory of 4168	2900	chrome.exe	98
PID 2900 wrote to memory of 1800	2900	chrome.exe	99
PID 2900 wrote to memory of 1800	2900	chrome.exe	99
PID 2900 wrote to memory of 4308	2900	chrome.exe	100
PID 2900 wrote to memory of 4308	2900	chrome.exe	100
PID 2900 wrote to memory of 4308	2900	chrome.exe	100
PID 2900 wrote to memory of 4308	2900	chrome.exe	100
PID 2900 wrote to memory of 4308	2900	chrome.exe	100
PID 2900 wrote to memory of 4308	2900	chrome.exe	100
PID 2900 wrote to memory of 4308	2900	chrome.exe	100
PID 2900 wrote to memory of 4308	2900	chrome.exe	100
PID 2900 wrote to memory of 4308	2900	chrome.exe	100
PID 2900 wrote to memory of 4308	2900	chrome.exe	100
PID 2900 wrote to memory of 4308	2900	chrome.exe	100
PID 2900 wrote to memory of 4308	2900	chrome.exe	100
PID 2900 wrote to memory of 4308	2900	chrome.exe	100
PID 2900 wrote to memory of 4308	2900	chrome.exe	100
PID 2900 wrote to memory of 4308	2900	chrome.exe	100
PID 2900 wrote to memory of 4308	2900	chrome.exe	100
PID 2900 wrote to memory of 4308	2900	chrome.exe	100
PID 2900 wrote to memory of 4308	2900	chrome.exe	100
PID 2900 wrote to memory of 4308	2900	chrome.exe	100
PID 2900 wrote to memory of 4308	2900	chrome.exe	100
PID 2900 wrote to memory of 4308	2900	chrome.exe	100
PID 2900 wrote to memory of 4308	2900	chrome.exe	100
PID 2900 wrote to memory of 4308	2900	chrome.exe	100
PID 2900 wrote to memory of 4308	2900	chrome.exe	100
PID 2900 wrote to memory of 4308	2900	chrome.exe	100
PID 2900 wrote to memory of 4308	2900	chrome.exe	100
PID 2900 wrote to memory of 4308	2900	chrome.exe	100
PID 2900 wrote to memory of 4308	2900	chrome.exe	100
PID 2900 wrote to memory of 4308	2900	chrome.exe	100
PID 2900 wrote to memory of 4308	2900	chrome.exe	100

C:\Users\Admin\AppData\Local\Temp\skull.exe
"C:\Users\Admin\AppData\Local\Temp\skull.exe"
1⤵
- Drops desktop.ini file(s)
- System Location Discovery: System Language Discovery
PID:4164

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\___RECOVER__FILES__.jcrypt.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:3896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffffb04cc40,0x7ffffb04cc4c,0x7ffffb04cc58
  2⤵
  PID:3132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1824,i,8895465590481499030,13526358669948068845,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1820 /prefetch:2
  2⤵
  PID:4168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2192,i,8895465590481499030,13526358669948068845,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2376 /prefetch:3
  2⤵
  PID:1800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2224,i,8895465590481499030,13526358669948068845,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2400 /prefetch:8
  2⤵
  PID:4308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3184,i,8895465590481499030,13526358669948068845,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:3188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3304,i,8895465590481499030,13526358669948068845,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4584,i,8895465590481499030,13526358669948068845,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4512 /prefetch:1
  2⤵
  PID:116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4816,i,8895465590481499030,13526358669948068845,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4812 /prefetch:8
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4864,i,8895465590481499030,13526358669948068845,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5028 /prefetch:8
  2⤵
  PID:2700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5232,i,8895465590481499030,13526358669948068845,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5332,i,8895465590481499030,13526358669948068845,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5304 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5380,i,8895465590481499030,13526358669948068845,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5100,i,8895465590481499030,13526358669948068845,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3164,i,8895465590481499030,13526358669948068845,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:3692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=1292,i,8895465590481499030,13526358669948068845,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:3556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3536,i,8895465590481499030,13526358669948068845,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3552 /prefetch:8
  2⤵
  PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3448,i,8895465590481499030,13526358669948068845,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5652 /prefetch:8
  2⤵
  PID:3140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5804,i,8895465590481499030,13526358669948068845,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5812 /prefetch:8
  2⤵
  PID:3044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5824,i,8895465590481499030,13526358669948068845,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5844 /prefetch:8
  2⤵
  PID:3404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5052,i,8895465590481499030,13526358669948068845,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5988 /prefetch:8
  2⤵
  PID:3876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=4912,i,8895465590481499030,13526358669948068845,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6192 /prefetch:1
  2⤵
  PID:1264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6136,i,8895465590481499030,13526358669948068845,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6188,i,8895465590481499030,13526358669948068845,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4920 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5488,i,8895465590481499030,13526358669948068845,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5420 /prefetch:8
  2⤵
  PID:3628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3528,i,8895465590481499030,13526358669948068845,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6180 /prefetch:8
  2⤵
  PID:3176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5308,i,8895465590481499030,13526358669948068845,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5276 /prefetch:8
  2⤵
  PID:3512
- C:\Users\Admin\Downloads\avg_decryptor_Apocalypse.exe
  "C:\Users\Admin\Downloads\avg_decryptor_Apocalypse.exe"
  2⤵
  - Executes dropped EXE
  - Enumerates connected drives
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: GetForegroundWindowSpam
  PID:2400

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1900

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3024

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\44363f1c-f14b-49aa-82e4-a44c67a23d12.tmp

Filesize
9KB

MD5
86cdd2a53b77dce6d120893497d7e835

SHA1
5cdea6a9e362f696734c448a1fe22712b67ee7f7

SHA256
3fb51dd9c7f6911d8d301523d2502c4a28036cae1f13fbd00e6aa97df86034f3

SHA512
a8799219d062b7705effcc86b2ee481fc6a2615505a5bd2adf125fdbf46edf8bea24be75e920fb062c7b9aac29e66891a41d0b31305271a2f430ef66cb3052de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\5882f4d0-4b7e-44cc-85db-664c3242e599.tmp

Filesize
11KB

MD5
40c7c3a7a245e78bf413fb694eb2956d

SHA1
551ce6220a1c3550e7008a921a21c715f20e68dd

SHA256
2542a851adeb380cb1d0d3321d6274e609968635ac4ab9a1c01ccaa5e96eb83c

SHA512
5123eebc222221c69035d34459f41190e4191955bc7728b1d9f1d0f738fa3abc0edb4a4729d2267b25a6fb35cec6f8ef646ca50b1d84c0e0334348483ca463f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
c9e10b39e31f8d07f97e9aac3605e041

SHA1
6dbe0b78f64eaed8e6761976b70551daa08b26c2

SHA256
c321321742449ba0989333e473e6a9f50f965aaf672104ff68953077c5c3cff4

SHA512
0bd7b4ec07334e7ddd04a94359183cb371cc8dc856afc1cfe1d100904c5afed63605361d2d2a0fee48e678fa2ac1592a279b58871896673be66e53373838ea14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
9f4a0820b237d3c10867186554749152

SHA1
c12cf13362479d956c8313db2da09580201ecc72

SHA256
2c3448937ff3b4022198b9187ca0793f919afae578c51a29bb8698653b985571

SHA512
2538b075c77f38a919fa3d78d5906fc3a467b22c6023eeacea8e29e2ce6f7f1ed5ced5c8f7947c68d9acece29334eee1d1569aa26cf8f0c860cf2263eab98e40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
6d1791bbf5a25ad308bb36e224fba824

SHA1
1ab571a64432046afc4229446ee4c13ffab6c389

SHA256
015ce5900676d4f9659c22d27d54694e040ff3175fc51a93b879bad7ee563cec

SHA512
0a46e057b7ad33b5312e6d90018ae245184e726b5a1ea96bfb9a02a22a8bb0bd6a70b03c6d99b17c4827160e6e399813ca3b41ef762e05156ee0d4c5cbe6da16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
5b2012a5d27953afdceed88f4f388173

SHA1
b477d52d2ca52e82bcd425a9b797a1ff72d6274b

SHA256
417f3828eabda7f4ad8bce3c5991400559ebcf1baf23553ffa78bb1052c2c113

SHA512
19266b5ee1f295c5261d52722b0b60155605f2d6a60737ea62804c78923ee4f931fa9adfe19a716b2a1072a73e4c9ad80d85f29dd3506aa5e6aaafee3149436e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b2cbcb4c9c4e56f2fb8fb7e391d12eaa

SHA1
2bae947a7b43757bea4123261a5a1f2aee3fda16

SHA256
77e1df5c7c3a863145b53e3c93f811b47c0e0b944ac43c0982e9995ec2891c7d

SHA512
e2723afcb2c7fb8f51766ba4b34118aee597dcbaf417b04017f109fdb5c654180cb6f7504ffd3acd4753a22b691cfd4c0d8a2754825d36e8485af9103bd7cd72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c042fdd6698a079729b6870c7e4ab102

SHA1
02e26fca0cd3fdfb46482b96b63bf1392a3d5a75

SHA256
6376190ce895a168b65dda1a950095e825cb5424c5265be070e7996c6b3cb6ca

SHA512
6a1f7e177e475ed91347d6744015daef36a2d5297c9f437a0fb4b80a0a747813b3377692a047c6d73fe783dc966d9be3d6cc781075cb3fba5fde6dcafcf54249

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
de9b49e5769280120538d54b064706bd

SHA1
b35d48013331292964f97c13cb32c0b60f0d9fa5

SHA256
3314c61465e66d903362b820c76e5ee0a14cc68bb143445eaf7403ecc2235b30

SHA512
2b5597cc505454e7ac1b345c5538187b6388b0f9ef0100a00c834446c6d47ab4c863b75a6e89ad41b019d0a247250eda7ba85a7770cccdd62826fd6a96bcfb7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
60fd495adf09772a2be608afb0be1087

SHA1
7995fd78ed812819819f5edd38af62edb862d035

SHA256
b6f2d5f3517bf6a779b6a152e2cdd3b85b5164ee8b16c65b6aac447f0e80c735

SHA512
83c930e098040b77896401f7ba84585d3c44b0bedd45472f237b82a5c2c1a9427b0fd08f8156cdc5828a54d0d343e08fcfe3645b7694ba538e854dfa29a3a1b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
12947e99079e8aedc37edc478e32e3b7

SHA1
66acf837785b3586e899ac08f1a33a56ee7bc00a

SHA256
79b8c9feabd843ed744458fdec4489d7dffa151607c5884893b748e12936919b

SHA512
ed24a28beff268180dd9b444c991457114ad037be29ff6fe47b201619e1e9b4813c3ce42aa4288d39d1f35857c2a211e47efb583595744f2ffb1bd162b1238d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8536b0cfb147d7f8c5151537611fb2a0

SHA1
3e234735bd0f36b6ef42e671e3c5c924241da5e3

SHA256
724fa508831db8414a650f083c55351893193c366870859c030d90cb28d84da3

SHA512
881807c2baf396587ddbd4b06a786b1b98ff9ef38ea4f2058f0e3661fa2688569b4502f2d7bf133755873007e42f1ba3adc08eb2ab59ec672947700520ff5150

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b8d3e75f5c3b0347f7b4b32e0dcb0972

SHA1
fc6f87b2f86de573a8d90a06d4785d540bfea508

SHA256
2c10fd336f47290b2fb05cab3d2e5538ab05d3b787aadc3685a0e61801bd3b3b

SHA512
02ed75dc6a1e75962b065b182e65e50b8195f2befeb6b8471d69884ca0d89b77a39b71459e885e11d91c86a42097d75f54040cc3cf5eaa41b1521b7003860280

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
bd202d19019fa0e71a7875c8791d7199

SHA1
5d12520e4e0b89cc9d20234b9b863092a36036af

SHA256
f2b847a10d28ca6ed57206c49ceefff15bb4b3cd6dbdd8b339b8ed1ef090de44

SHA512
3476df0a8b37ea8fb2fc404adbaf08297978e60eabab693ca225e611d2009f34babec2dbaf2ec6b983d46488b5e4bb992cfd121853bfa294c44efb69787a645b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
0067a3003d60fe1dcf5813b018f0fba9

SHA1
0561551dcd77bfbcec0661315e68007e1c97d5c7

SHA256
46ef69344624c40d7e1942b5799e2f520b0209661137ed87ddd886da3646c899

SHA512
8ba2a4747fa91cfffde2238fe36e77cef642a9038dc4e5c7e38e7743c07898f557c1317d28084ad1bcbec498af56a184d2dde4da5e04666f94a2822659bafac6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1ad2d8bf18e7d985c09bee769b58790e

SHA1
273633a56b6b77e2a8e65dd0c2c2d1b213a00ea3

SHA256
a3b23c28a2ec72d2898c4fbad03d807acbdfbf8ff739318a1ad039858002705a

SHA512
90081e19fc46b97fe799e269fd3d4abc03fdc63b51d8af849b5ce8e6ebbc418215bf487f55b835444dd9b71d84caad21aa012c70ac22cf300c5041cb95c658ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ca481d2fb04756a841357a53e564f992

SHA1
675699f1188f75a6369f531bdc6066f7ed4ad7e6

SHA256
0447e19fa501c7bf71a4ace3af3d62b99839e9a45217a718e2398756ecea7bd4

SHA512
6b5f091bbe1e78a476400f606f6b05efd954b53083b69f6140956c90ee72c582e112ec7458f0e5f7eb14f6ad5664338c2a31e785f55866350bdd5ec0901e6eca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f36c36d278f2bdbdc280c0ae3785a0b0

SHA1
145e36b02d831014472456d00bf6b9f0495a2aea

SHA256
0dc8f4e5921615b9ec70d88a54dfefaabf124dd9787bb5eda018997af1b7f534

SHA512
1ff276f8c970345bac9ab61dc08f31bd47b17a0956808fbb3ccc0f2ca7de4bd94b62f3f0f3562c716fe814e2e5e0655a4835fe8642fe725890f12a2039606c83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
9de35348f4a6b4e2e2e3aba9175e953d

SHA1
9ddcd58f4b4408717e090c865f4811690e68241c

SHA256
a4cfe3b2fc1a2d7c18668a084c0c3fb238ef9f92543e9a7690ecda334c20d818

SHA512
003a39f6a54c8fcae3cb8255890f2350d3ddbd1fc31fb57ad602f50179adc015a769081df9ba6939869768b9116cbd004d093006977c4b59282911785d6d1a75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
33029b8baeed0b622485bda02ec80c4c

SHA1
427e4296aee573756968463a718bc07b134166f6

SHA256
2757e79102a502186fa7eb7b1fca54ec389e37c99b968a84e4e683cccf8b5d09

SHA512
eff6a0f8f3b0af76621d6b3385116e72263c4c09fbf0c61b139b7e650ea98bd78361bf45ab29a5bc1fe048858d9d72302da87d7dc1c1614352b149bb97cce91d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
190721a7ebc526cd7f7303ffac1770cf

SHA1
2e3f825a84e2f25ea9d489dd8aeb644cbd4ca8d6

SHA256
24a8f40361ddb454f6d97dbf5a1772c9467dbc5ed4ec00e9421c3ae6742515a1

SHA512
2bd40e86d7e8b160efaf90f3f602c45777cb35a311cb8c0b6181c62937c51d162ac4f6b1b6ca878fa62bc6b3cd5da8d89fbaa0627341475d59de870f3dcf1bfa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
03baabd4a371e2587541233d9da48263

SHA1
7792d60349f1006633a35cdc1abaf93ae6d5271b

SHA256
1bf83b52e93decbfcb08d77d665041a347907fff9d5ed23c1d5756e1c217b68c

SHA512
b4caa06021b892d6af89cd80b42d84e912231db88503180e1c0ba3db6102a1c031fb29604b164141b2aafadfbe0d73413becaee32c0203ff88963cd8bf8bc3ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
5eb1c02bacbc539c5ba8dc547036788c

SHA1
e87cacac3551a66897d0c59a70f72cd3cd0d58de

SHA256
351956e7dfb4bdbccd47f6025d98f350c0cf5baf392175cd1129d7a04bbf5bf0

SHA512
0201e01bed7de71af65381697acfc7a61439ed0a8949218c4b003cc006615a7ef6443ea673de38dcad0c51e20dcc9754d88af1dd7ccf19a1ecd436909322476f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
6bc26951574a933e5393596078474ca9

SHA1
7750c0ab24067e3b5da84e1fd0e79addafdf2e01

SHA256
4f4adfc5d2bfefc328b132edc254ee4aa86ef50b887ff0694e38ba18e8a7bfc2

SHA512
7dc26840a84b2d0c996fdf204f88036afac621707727f23dd61198b75ac24c471e6c8271e75ce62cbe98267ce0a367f105ef28d4f6996e2ac58e268fb9a68b63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e80486f6f8d1dcc191f065c8de6b75b5

SHA1
fe35a2d8b0da584d2ec5310547cdecbf310ea911

SHA256
6b6389588cdf085890903869bc5a9e0b421647cfd37af9993b249b9e22f43cb3

SHA512
12bf4fdb162c2240c535abaa02423e25f9e597275f4ebc11381cbba48a5dc3b28c9cca36dcdf2d1903a7fa55bf511c2cd212864d57aa4db1d65da9c56a257187

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1a401d0aea3fafd14219a7dceee7c288

SHA1
dfc21460fdc98ffd0544e8205bc79d76e9783ce3

SHA256
fd31b8f1167473ce235ba66a4b8b16fd0f57daf2a77fad789563f2447750e11e

SHA512
9bc41ca4a3b0ca7c5170e94e8e5377f38bb3526bdfe18baea9951b84743b03ec232b7dc7ac8d074b8d41fb17bc57d415adffebc0b1daf7a1dcdffbec14f2c070

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
17784a37c5419ac6fc8ad820fdef4c2c

SHA1
50b25ab8b78f2c3ced111c133e335adf1b70211d

SHA256
a324193d639cc3de0ace7dd8b4a9b9289cb27fdb6ed0d040edcc2bddeb625ed8

SHA512
5d13dba4ad29f0f4c5f80877c77713d350afa25c7dca593901a96951aadd9701ba31595d0a253d876c4cb407ed20b3c3260eba75c9edd2c633cec8f5ed044803

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
6713e924a22c18496a7451f64fea8f30

SHA1
cab80d69972cd5e73bda59c0336a68ec77a92aac

SHA256
451a88edd3128ef4b94976bc4b28aa3236f0d43f567aa4da88a08f2a3884bf2e

SHA512
8485ee9eb5d7c25ec8a3d3e2fa832adf51fdf56aa3fa5cb19e4e947e639453dafa72f36c1873b295c8cc99b6f6e1163573f1a511b5ee708c587860e24e47c314

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
4aab055dd2de601942bc19b7395bcfb7

SHA1
439ead91d1f247c7f47780567fc32e916067e39f

SHA256
6322b1a6a395b14d477b2f71e2efc9482f2df70b8a32332dffe13d41bf67c613

SHA512
9524525a2ef5494015b4d49d7b28b0435b5d8b502af73f30a2991d573eaa39688477cd0fa7f50492688f6b36d4d790fc877777f5b0e863f488130e15d5d2fdcf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
b2e005b0ab0ef9710e75ba524cad2909

SHA1
7cc42ceb85608ed98ff035140253c7bed4b15693

SHA256
cd89c6e02e4b774623f4455944ca2ff534d07499675e939b24e56ee1d541e948

SHA512
5b75c2983d385e459ae5a7ce41c3fe1784e59647fe1a8c392f53b515913466c12b8435db9d267035269351a5c3ac30bcba4e0c032ab86e526444f6ac451f6533

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
e40cede5d8871f029d9ddb5eef3762fc

SHA1
e35a9dba08f49c56e80aaa35717d9611a108edc8

SHA256
e614edcec0ab70be3821b62b9f96bbe61e24804c1740a38528975d43ae946244

SHA512
03de4a38199b39216f762289ebcdd5883107f812fda5a63d635ab7f1e5307bde6fffb1feef9646999bf75054f9bbf480315de9275c0a1b95c1daeaf558a53a2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
31624ef524db1f362a13891ff59503ff

SHA1
4f922d9e4334f3d75f90884a621b48471a0d128a

SHA256
384b41516172b71ca39ddb12ca35f0b2d9e3e5f295269e726d7926bac211999e

SHA512
9de6f36c73544e5bd9dbb73b7dcda5ce891d129d970d95ecee81703746ec15e6c01d7020d4380c179157f32d6c863ecb6bcf8f8298385b913753cf16b4c8cec2

Download Submit
C:\Users\Admin\Desktop\___RECOVER__FILES__.jcrypt.txt

Filesize
2KB

MD5
96a5c87e877959a0a3c2ccb8bc5db287

SHA1
1571d6d40a8850a2a31853a75f017945b23ba6c9

SHA256
a2f6cc05c1647fb0bf92762d5e1ede66eb381ba709e0263336e6eed5314e7dc4

SHA512
1b78bbf845be39e71cdf23cbd77d657661b03f4fec85f38042871f321634e11853f5dc2239d867b8b6a0aa1401f06e265742c159e3ee0971f62a56d4cf3eaef6

Download Submit
C:\Users\Admin\Downloads\avg_decryptor_Apocalypse.exe

Filesize
1.1MB

MD5
b1bf5d314a21a910591c0f0819c16f9b

SHA1
943166baf595110fee948abec75fabceadad552e

SHA256
03ab45a1c4fe7b82c5b7c88bbadcd7a5634c4cd6dcd51306d0b6dba6ebdce22a

SHA512
ca1369c82a01e90f53d3615472443cf942145e402c5cee4b4544eedaf157021c40d98cdc4f188507205146d0429c0bf7b0990e45a8556c167dba41cba114be0e

Download Submit
memory/4164-3-0x0000000004C00000-0x0000000004C92000-memory.dmp

Filesize
584KB

Download
memory/4164-76-0x0000000074450000-0x0000000074C00000-memory.dmp

Filesize
7.7MB

Download
memory/4164-5-0x0000000004CB0000-0x0000000004CBA000-memory.dmp

Filesize
40KB

Download
memory/4164-4-0x0000000074450000-0x0000000074C00000-memory.dmp

Filesize
7.7MB

Download
memory/4164-2-0x0000000005110000-0x00000000056B4000-memory.dmp

Filesize
5.6MB

Download
memory/4164-0-0x000000007445E000-0x000000007445F000-memory.dmp

Filesize
4KB

Download
memory/4164-6-0x0000000074450000-0x0000000074C00000-memory.dmp

Filesize
7.7MB

Download
memory/4164-26-0x000000007445E000-0x000000007445F000-memory.dmp

Filesize
4KB

Download
memory/4164-29-0x0000000074450000-0x0000000074C00000-memory.dmp

Filesize
7.7MB

Download
memory/4164-32-0x0000000074450000-0x0000000074C00000-memory.dmp

Filesize
7.7MB

Download
memory/4164-1-0x00000000000B0000-0x0000000000202000-memory.dmp

Filesize
1.3MB

Download