cryptolocker | hxxps://github[.]com/Da2dalus/The-MALWARE-Repo/tree/master/Joke

Resubmissions

05/03/2025, 18:57

250305-xmervswtfv 8

05/03/2025, 18:52

250305-xjanqswtbw 10

Analysis

max time kernel
753s
max time network
755s
platform
windows11-21h2_x64
resource
win11-20250217-en
resource tags

arch:x64arch:x86image:win11-20250217-enlocale:en-usos:windows11-21h2-x64system
submitted
05/03/2025, 18:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Da2dalus/The-MALWARE-Repo/tree/master/Joke

Score

10^/10

cryptolocker defense_evasion discovery persistence ransomware

Malware Config

Signatures

CryptoLocker
Ransomware family with multiple variants.
ransomware cryptolocker
Cryptolocker family
cryptolocker

Downloads MZ/PE file 1 IoCs

flow	pid	Process
48	3420	chrome.exe

Executes dropped EXE 4 IoCs

pid	Process
3552	CryptoLocker.exe
2560	{34184A33-0407-212E-3320-09040709E2C2}.exe
2428	{34184A33-0407-212E-3320-09040709E2C2}.exe
4336	CryptoLocker.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2250935964-4080446702-2776729278-1000\Software\Microsoft\Windows\CurrentVersion\Run\CryptoLocker = "C:\\Users\\Admin\\AppData\\Roaming\\{34184A33-0407-212E-3320-09040709E2C2}.exe"	{34184A33-0407-212E-3320-09040709E2C2}.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
19	raw.githubusercontent.com
48	raw.githubusercontent.com

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\CryptoLocker.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\CryptoLocker.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CryptoLocker.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	{34184A33-0407-212E-3320-09040709E2C2}.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	{34184A33-0407-212E-3320-09040709E2C2}.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CryptoLocker.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133856750486381019"	chrome.exe

NTFS ADS 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\CryptoLocker.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\CryptoLocker.exe:Zone.Identifier	chrome.exe
File created	C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe\:Zone.Identifier:$DATA	CryptoLocker.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
580	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	580	chrome.exe
Token: SeCreatePagefilePrivilege	580	chrome.exe
Token: SeShutdownPrivilege	580	chrome.exe
Token: SeCreatePagefilePrivilege	580	chrome.exe
Token: SeShutdownPrivilege	580	chrome.exe
Token: SeCreatePagefilePrivilege	580	chrome.exe
Token: SeShutdownPrivilege	580	chrome.exe
Token: SeCreatePagefilePrivilege	580	chrome.exe
Token: SeShutdownPrivilege	580	chrome.exe
Token: SeCreatePagefilePrivilege	580	chrome.exe
Token: SeShutdownPrivilege	580	chrome.exe
Token: SeCreatePagefilePrivilege	580	chrome.exe
Token: SeShutdownPrivilege	580	chrome.exe
Token: SeCreatePagefilePrivilege	580	chrome.exe
Token: SeShutdownPrivilege	580	chrome.exe
Token: SeCreatePagefilePrivilege	580	chrome.exe
Token: SeShutdownPrivilege	580	chrome.exe
Token: SeCreatePagefilePrivilege	580	chrome.exe
Token: SeShutdownPrivilege	580	chrome.exe
Token: SeCreatePagefilePrivilege	580	chrome.exe
Token: SeShutdownPrivilege	580	chrome.exe
Token: SeCreatePagefilePrivilege	580	chrome.exe
Token: SeShutdownPrivilege	580	chrome.exe
Token: SeCreatePagefilePrivilege	580	chrome.exe
Token: SeShutdownPrivilege	580	chrome.exe
Token: SeCreatePagefilePrivilege	580	chrome.exe
Token: SeShutdownPrivilege	580	chrome.exe
Token: SeCreatePagefilePrivilege	580	chrome.exe
Token: SeShutdownPrivilege	580	chrome.exe
Token: SeCreatePagefilePrivilege	580	chrome.exe
Token: SeShutdownPrivilege	580	chrome.exe
Token: SeCreatePagefilePrivilege	580	chrome.exe
Token: SeShutdownPrivilege	580	chrome.exe
Token: SeCreatePagefilePrivilege	580	chrome.exe
Token: SeShutdownPrivilege	580	chrome.exe
Token: SeCreatePagefilePrivilege	580	chrome.exe
Token: SeShutdownPrivilege	580	chrome.exe
Token: SeCreatePagefilePrivilege	580	chrome.exe
Token: SeShutdownPrivilege	580	chrome.exe
Token: SeCreatePagefilePrivilege	580	chrome.exe
Token: SeShutdownPrivilege	580	chrome.exe
Token: SeCreatePagefilePrivilege	580	chrome.exe
Token: SeShutdownPrivilege	580	chrome.exe
Token: SeCreatePagefilePrivilege	580	chrome.exe
Token: SeShutdownPrivilege	580	chrome.exe
Token: SeCreatePagefilePrivilege	580	chrome.exe
Token: SeShutdownPrivilege	580	chrome.exe
Token: SeCreatePagefilePrivilege	580	chrome.exe
Token: SeShutdownPrivilege	580	chrome.exe
Token: SeCreatePagefilePrivilege	580	chrome.exe
Token: SeShutdownPrivilege	580	chrome.exe
Token: SeCreatePagefilePrivilege	580	chrome.exe
Token: SeShutdownPrivilege	580	chrome.exe
Token: SeCreatePagefilePrivilege	580	chrome.exe
Token: SeShutdownPrivilege	580	chrome.exe
Token: SeCreatePagefilePrivilege	580	chrome.exe
Token: SeShutdownPrivilege	580	chrome.exe
Token: SeCreatePagefilePrivilege	580	chrome.exe
Token: SeShutdownPrivilege	580	chrome.exe
Token: SeCreatePagefilePrivilege	580	chrome.exe
Token: SeShutdownPrivilege	580	chrome.exe
Token: SeCreatePagefilePrivilege	580	chrome.exe
Token: SeShutdownPrivilege	580	chrome.exe
Token: SeCreatePagefilePrivilege	580	chrome.exe

Suspicious use of FindShellTrayWindow 42 IoCs

pid	Process
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 580 wrote to memory of 1816	580	chrome.exe	81
PID 580 wrote to memory of 1816	580	chrome.exe	81
PID 580 wrote to memory of 3648	580	chrome.exe	82
PID 580 wrote to memory of 3648	580	chrome.exe	82
PID 580 wrote to memory of 3648	580	chrome.exe	82
PID 580 wrote to memory of 3648	580	chrome.exe	82
PID 580 wrote to memory of 3648	580	chrome.exe	82
PID 580 wrote to memory of 3648	580	chrome.exe	82
PID 580 wrote to memory of 3648	580	chrome.exe	82
PID 580 wrote to memory of 3648	580	chrome.exe	82
PID 580 wrote to memory of 3648	580	chrome.exe	82
PID 580 wrote to memory of 3648	580	chrome.exe	82
PID 580 wrote to memory of 3648	580	chrome.exe	82
PID 580 wrote to memory of 3648	580	chrome.exe	82
PID 580 wrote to memory of 3648	580	chrome.exe	82
PID 580 wrote to memory of 3648	580	chrome.exe	82
PID 580 wrote to memory of 3648	580	chrome.exe	82
PID 580 wrote to memory of 3648	580	chrome.exe	82
PID 580 wrote to memory of 3648	580	chrome.exe	82
PID 580 wrote to memory of 3648	580	chrome.exe	82
PID 580 wrote to memory of 3648	580	chrome.exe	82
PID 580 wrote to memory of 3648	580	chrome.exe	82
PID 580 wrote to memory of 3648	580	chrome.exe	82
PID 580 wrote to memory of 3648	580	chrome.exe	82
PID 580 wrote to memory of 3648	580	chrome.exe	82
PID 580 wrote to memory of 3648	580	chrome.exe	82
PID 580 wrote to memory of 3648	580	chrome.exe	82
PID 580 wrote to memory of 3648	580	chrome.exe	82
PID 580 wrote to memory of 3648	580	chrome.exe	82
PID 580 wrote to memory of 3648	580	chrome.exe	82
PID 580 wrote to memory of 3648	580	chrome.exe	82
PID 580 wrote to memory of 3648	580	chrome.exe	82
PID 580 wrote to memory of 3420	580	chrome.exe	83
PID 580 wrote to memory of 3420	580	chrome.exe	83
PID 580 wrote to memory of 3612	580	chrome.exe	84
PID 580 wrote to memory of 3612	580	chrome.exe	84
PID 580 wrote to memory of 3612	580	chrome.exe	84
PID 580 wrote to memory of 3612	580	chrome.exe	84
PID 580 wrote to memory of 3612	580	chrome.exe	84
PID 580 wrote to memory of 3612	580	chrome.exe	84
PID 580 wrote to memory of 3612	580	chrome.exe	84
PID 580 wrote to memory of 3612	580	chrome.exe	84
PID 580 wrote to memory of 3612	580	chrome.exe	84
PID 580 wrote to memory of 3612	580	chrome.exe	84
PID 580 wrote to memory of 3612	580	chrome.exe	84
PID 580 wrote to memory of 3612	580	chrome.exe	84
PID 580 wrote to memory of 3612	580	chrome.exe	84
PID 580 wrote to memory of 3612	580	chrome.exe	84
PID 580 wrote to memory of 3612	580	chrome.exe	84
PID 580 wrote to memory of 3612	580	chrome.exe	84
PID 580 wrote to memory of 3612	580	chrome.exe	84
PID 580 wrote to memory of 3612	580	chrome.exe	84
PID 580 wrote to memory of 3612	580	chrome.exe	84
PID 580 wrote to memory of 3612	580	chrome.exe	84
PID 580 wrote to memory of 3612	580	chrome.exe	84
PID 580 wrote to memory of 3612	580	chrome.exe	84
PID 580 wrote to memory of 3612	580	chrome.exe	84
PID 580 wrote to memory of 3612	580	chrome.exe	84
PID 580 wrote to memory of 3612	580	chrome.exe	84
PID 580 wrote to memory of 3612	580	chrome.exe	84
PID 580 wrote to memory of 3612	580	chrome.exe	84
PID 580 wrote to memory of 3612	580	chrome.exe	84
PID 580 wrote to memory of 3612	580	chrome.exe	84
PID 580 wrote to memory of 3612	580	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Da2dalus/The-MALWARE-Repo/tree/master/Joke
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xdc,0xe0,0xe4,0xd8,0x108,0x7ff8c052cc40,0x7ff8c052cc4c,0x7ff8c052cc58
  2⤵
  PID:1816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1828,i,16206038051764150065,3694323994214223404,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1824 /prefetch:2
  2⤵
  PID:3648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2124,i,16206038051764150065,3694323994214223404,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2136 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  PID:3420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2180,i,16206038051764150065,3694323994214223404,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2340 /prefetch:8
  2⤵
  PID:3612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3076,i,16206038051764150065,3694323994214223404,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3112 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3104,i,16206038051764150065,3694323994214223404,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:1220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4792,i,16206038051764150065,3694323994214223404,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4800 /prefetch:8
  2⤵
  PID:1700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=212,i,16206038051764150065,3694323994214223404,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4596 /prefetch:8
  2⤵
  PID:664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4252,i,16206038051764150065,3694323994214223404,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4896 /prefetch:8
  2⤵
  PID:2716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4520,i,16206038051764150065,3694323994214223404,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4808 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4884,i,16206038051764150065,3694323994214223404,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4596 /prefetch:8
  2⤵
  PID:2300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4876,i,16206038051764150065,3694323994214223404,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4388 /prefetch:8
  2⤵
  PID:1844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5192,i,16206038051764150065,3694323994214223404,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4940 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:1608
- C:\Users\Admin\Downloads\CryptoLocker.exe
  "C:\Users\Admin\Downloads\CryptoLocker.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - NTFS ADS
  PID:3552
- - C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe
    "C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe" "/rC:\Users\Admin\Downloads\CryptoLocker.exe"
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    PID:2560
  - - C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe
      "C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe" /w0000023C
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4412,i,16206038051764150065,3694323994214223404,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3760 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:2616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4380,i,16206038051764150065,3694323994214223404,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5384,i,16206038051764150065,3694323994214223404,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5368,i,16206038051764150065,3694323994214223404,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5544 /prefetch:8
  2⤵
  PID:3512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5704,i,16206038051764150065,3694323994214223404,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5560 /prefetch:8
  2⤵
  PID:3864

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2208

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4696

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2816

C:\Users\Admin\Downloads\CryptoLocker.exe
"C:\Users\Admin\Downloads\CryptoLocker.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4336

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
aa7da5ff12ba03ce94654385d3dbffe0

SHA1
689f8f93e056b28697284a89b99f894ce4c09f58

SHA256
40cf403b4d1825e6b93c894f5049d44ad3b91c7423fdd8ea275215729bcbcdcd

SHA512
10d41c2410b92a8780e505b94b3bf5a10b0771ce330fb5489c6101ea938d4f03aab627eebbec165d62dce81530260063762dc4604fbeef86247714a35e5e91be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
cfa4286b595aa598a5c65bc33e6830f1

SHA1
14717510acb4d24adea47e1e771b9dbcf345cfba

SHA256
a088f2a8d66aef085c93770269c4f59194ba7358b693769b49822dd5faaf4e60

SHA512
d085a9e52250cbf891f7359ee41f1f767ecb540e80c113b6e409ad2d2d832e0da46a137e5254a3f37f9fa97385d247c6440750c9344556f774485227e78ca121

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
192ea404039527b1e48267cac9241806

SHA1
e7df7d0dc798167aa9fde27569f2141a9f5a040a

SHA256
c0605cba830704e3df5b9a965dfacebaa8f2ed1f522429712354384e220446e3

SHA512
d980fd5b5c67c6778c8fdd19a81c9988ffb2287a31c8c273383c459412420d2431dff2a4b7b0ce56084a5df103879f236571e3871a39d8ba5ee76f40fc18db4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
7848b5ada625adf0b53036de1f25dd79

SHA1
5fb2ac4a3a94a6f9eb69798eb96083ef4bb1d308

SHA256
129f7d8c1045430b8d37fc309b5c6ddb34bd9073767cd8a889d74b8934f56d2a

SHA512
74408c5b4153556c4f061b3c54c0b47a8feb3a112de599fd5d71eb3df0530a238c64ffa22c007e25fc3d4afa764cb357b742386fe01d56d29e49109693537902

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
63ec4a5d47e38784a8fefe8c40dd601b

SHA1
ea22b12567041d7c21e94f4825a9f2d8745eecbd

SHA256
e664509335a69aa461c376b601f8248f82c4cfc11c7fc8fc92df036f8cb205e7

SHA512
5805482873d43fd34380e5b1af9adece2406b6afd63195c5bb191d970b39992cbf410fa3131640f74333410eaf124d600b4f90bcdb0e04571bf8254078555569

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3b6d2950b161b3b1816c25a5a2496774

SHA1
be92c6d23d23ef08e1e3fdbf47c347d7f456744d

SHA256
2cd565670ea84792ab98b278b8afe669672ed1e9705d574c69d3a5ded71d5bd6

SHA512
7f0c997b9618d680f83cd912bd61ede052d3a94afc384e7846a07908186a437482854aba4dc8b9dca74ce9b083e420405651cd7ec3de4d16267bb31e98b77f1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1e48cfe95423b6b96a4c03201045515e

SHA1
c2a1d503875fa83170dfdfd96e86db41f543313b

SHA256
ec3c9a1c5780b639fbd95d7096cd88210164ab2bdaa798fb2fad56a055806c7d

SHA512
1dd06c2d58def9a2a8d7b32544e755eb2e6977620ee47930df1dd27fe7c7e85e10fe64a8842504cebe50465e03a11e7f3a57dfc58a29d53cca953a285a9c4827

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7f0bb766e442e67fd9f19fe20c46a18a

SHA1
cfccbc34a26a5b0d5a4aba9063755b90689298c1

SHA256
4cc0e889c6bd8d7f8a1b47849984efb2e5d0383e3746823076d3095e99be1615

SHA512
0c408f9a99bf55bf33ad2059737afa453736e5d4e81a279bb2ec76a903502630cbd0f309aa0d072b6dc7ebce71d06f1ffa14ca127826c0aa4632a8deefad331b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
c450a9534f261d0eec34398fb6f0ec5f

SHA1
11ff582d947475527e6469e9543b41a76f25c9f0

SHA256
cb79468a6b9c697dcde3962181df30396140839291be1406cabb0af2586d61b5

SHA512
f77e84bc5a5bfb4c40a01771729a6c3ea5b478fcdab732a59a684e540af13ca9eca958f73bd0f2be1f9c6a86473edc75385a5c5cd5dc9baf3b2e4a153998650e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b9e41cbde73d73b7726e8c4239d80aa1

SHA1
fc4c0fa3e846716d008fcc0885231ca6de2e189e

SHA256
00f72e0be06a15dce4688482226539aff914e317a1a5aba609ead74ae2491de8

SHA512
bbd669b113c0b4924538abfdc9120b11920ebe5ac1cc280f272d9b0bf5e1741efef9ad37deb43ce1016bd0a28d20199e1097f7c9e7aaf44971c2a2488fe0f0e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e9a7d9d9edc6d106b292d50a9d464b8e

SHA1
763ff7b2478d5dda4b8421e6a1db214d4dd0a6dd

SHA256
0fff2ed3342fcafa745d5addd509d6a9518de83508266f8bf8b5308eb5d96ff9

SHA512
cb2f47663e379731921181386753b1bf2cbb43850de76513b6bb65fb3f4ca345a35e02c69feeeb59f12ec7dbbf9de46efa62d810f0dcbf3149bc0fa37db81cfd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ceee33ece73a1ad2ffaf00c040d0d629

SHA1
1ff78390a79dded7ed953fee288e9fa1d6ccd548

SHA256
4e26f729f034f0dde9c5e83f25b44be4826a5bacb1585460ab69f4da4aad093d

SHA512
12965f679131c35cdb914bb79cc34348cf72a0bec2a15ff44288da8ebf83caa044ab86989e27f1aa50f3b957d4e2ccda6cbedaeaf2d8638d8a27c98dc5f34a41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a46f62ae97d4869cc6e62f40cca3b6ab

SHA1
5002a728ed00c9faaee244bad6bcb16bdf179360

SHA256
d3f44100f7881271e34e69fc6a5924771e38ac61491ff7e6c3845978f98e865d

SHA512
903ea848efd8fec79450bceb85e97a5d7a65ddc9c42d09b31f634334e85846f5055723854715dfb3bd16be2c20e6f2ed912c9fa2442fd9c907c278b4a13b1013

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
65eda4123c4cb551f3ed066434bcd011

SHA1
62d1d737faeb26c33a2770d64dfbc59daba836df

SHA256
41af765f2730cc3eb258145c868a0514fdff3567b7de3b5cd754b586f3d8a901

SHA512
e9667bb29c1c0c9c4ffd62f2411a844161dbe206665478d0c002c3c9585102737f6ef4efb70465691509cdad1e92e4269b46ae260ad102bad571eeebc283ffe4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ede3dedfa66f8df65c5d0d6d06b331da

SHA1
f5ace756c1738c58ac0eae881ee43b6dc94515bc

SHA256
9f9204997af836d79cbd0adf32b2f5bdf911019175e37a51f6e8272a4d2238ed

SHA512
c9d261db89cd142a1bad0c2f6640c0b9e67d5e2c33127e060203503491db26c64c17ec26b2597f9f52fdbd1e56e7b4fd59dc63f86b947318616ada40b125cf32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
984286e91fedf2bd2e71a0e61b127ce0

SHA1
81fc45dc007da517ad5bc8aedbd076fa8d7c7531

SHA256
79fa0d9636dd698518521f0610616c8a9e9bd0f3e698a765056cdef311b7547a

SHA512
662ea035493559334ea9a803a7cb1fe05f097bc3d6909e9aa6bc36070fb53699476cb1e7bd53a86d3888adff8702038083c3ac42357572cdc4c5a1d46cc928cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9cf76df7871176313186892b49ae82ad

SHA1
4d4d3f02ff9f23333c2bac5d1b15306c5fa1208d

SHA256
541ad753994d00232c8c3b58ffbd249c1461474f46179415a9a515705b1b77f0

SHA512
918a9c6ba26a75675b047c51fc6a6169eed773e531cc009c1ecf8523502e70b26a210af38cee0cf46b39a8ce5e00d616f3ac981b223bfad6cf9005add805ffa9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f59c48faa0b8654ccf3e5cff7002be6f

SHA1
2602d8432307ac7d8ff680b114f82ed2fdbce8bb

SHA256
9cf1e1489e3e68b89329af0da5060ca0dbc75f4cbdd86b6b7bd7c8acec16cb0c

SHA512
3885a97576cd2cb11b69fae71d78d0caf3e1ad356a2b6d738af7ef6cd4a93c66cfa073c6aa3792e5836783756353cf4ac94f947ca0f3c8db508648e92e0813ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
74c61ba12035b1db5c9f65c4ebcefb8c

SHA1
b541eb6e5e49078292d7b250f92acc2ada53b663

SHA256
f1c6d4f7e340886a7f4d526aa6c73026ff22d56b604b6f070af2f02413851348

SHA512
8151e837e57bf1087ce61df4552f3111b09fe05b52a94aa8364a910a31a66726a2825c76354f11e16d439568388fc2a23571831b6528ad155e5076f9c3aba86a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6801af00caf57c16a2d921adb3801dae

SHA1
92bc3b085ddd2c692872b6207cab34bda3a1535e

SHA256
0ba3f82d03a10538e5c2aa1b5165f79ce3ec0db8049cab000b86a8f3ae06d51e

SHA512
a8b2e90de6fd55001fde77fe63b3070a3edaa277ef703832c5096eada794a2a8bdc60388cd9ca61047136758f93d136a4c3a4ce810602e00479f8fa6c7e84d7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8b42cd2c5788263294c316ba823032cb

SHA1
10be1e47ca44efcd894809166a9fdf1e81a1c7e5

SHA256
ceffaab905c5f868ed5edb97b2367e43f2bff52445381352c9510256eb6bb2f6

SHA512
d9a56b904b6d336965269faecc72ecfa1808408c5e0f28f8685b44c9924b61969f2d13459e449960e40646fee7e49489cb90f896565a2a5cff36ee0200e3a483

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4fa44bfdac605341ba812280b2e15aa2

SHA1
c7905ccd7a8b25a87ae643aaa5f60be8310403cb

SHA256
8d68f00d2dd020123533a9a94c63ebd184d74d9c352179ecc65e73c241cb72ce

SHA512
d91589fe544dced015216cc822c71bd6243dde3829948f610b4c9cc10d9adda6332d630c04481262ee4c2ba8997a329f63487fb1bc297f7eb2ac46abe8387d2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
eeb114c648c7d58b475df782acf85a00

SHA1
7650fa74ba47578a7299cea7f430e5fdc3cda17a

SHA256
d3ddc6a908a85ddfc0ff82595778581cefa491ed1a905e5aa8a7034ae4d3f0f6

SHA512
bd2c7d4a31d7011347707958dfa025c6e5dc8befd5d5195bd1b2c74fd37128980e007fd6d46cb3ee3e837ccf1659a97b6f031747e1de8a07c2bf4df2637fa3a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7544766e7868c9658bbd9bac3579a894

SHA1
ad287afd84b86b02c40a536c211177a48400e475

SHA256
5dbd609ccaa0b5dfd0afe28e27d14fe98e553cc452b73852172d76be75e1af3c

SHA512
bd5666d2a3bb8c16e30bd0d17c35128b0bbf974e7f1d592f88c4e8ae0e374cf8037ff9c18c414bd296f00d67c47655a27dcfd94d13edb632e400555b2abc2eb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7adaa29b383e3b113424d662209d33ce

SHA1
a885f0d88d1aa0e3308047da91a048a3b4fa8039

SHA256
a9a3ce4c3ad8f1a4b07de372ff8372d90fa96ff68f4bd77fd9208dae2951c7d0

SHA512
d0c58f161af7315b1c37e6bf27224ebba59860cb3ea08c1bca5b98988b92743de671a98f7c8ce01859b895e17b3c2b08eefbb4d43fb21a0277ad9fc459c63a2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d1a9c7256d0296415e01d1d389f7f2b3

SHA1
d91a2bf9a5627589780970f443eb62305378b892

SHA256
43ba6ae08da1c85f0b865613aba117f1abc46012f39fce8ead2098ed82501105

SHA512
f27c2492c3370788a80c042969c6caac9bd055cb07a46d9d4d6554c4a98799b79b55ebb5c41cbbfcfd26e93b960cb3817213884cb806e5a8585d8ababba222d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d77c5ca5e234ff8dadf6707c386daaad

SHA1
5ca2d267a62f1f80c2a5d9be8a52a2e2db6bb8b9

SHA256
2704abeb13900355806cb685d3514498f96de705257cc1f874cec3a1a2cc3be6

SHA512
ddad9751e3b4ec41928b17fe2990cb5da74f8886dbea730a6836eb17b0306fd9b95c76f388036addda098de7d437f0f54c0496a78f896b2d970b7fae2738ee97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a1b0ca6600aafbbf6be037303c3e57fb

SHA1
1d07e709075a66fb9aa5033ee575e4a04e033487

SHA256
996e9a0c4dfbb1a3fe682b992836550af4c82bde92f41540b33effc034b9ee97

SHA512
5e1aa3befcab1c6eb078f20b26eaae3215e122470ca00b3449e410b5af9974eb1db85c2269f8652f2ca92480c26552e26bb3b7b9fbba149f323d12d87680b50f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
57a685c160a8c5f72899a517a3504acf

SHA1
98fbd63fa7b63783e7b23e08fcfe29160e18d26b

SHA256
02ef9ee134ed179241b3a84f51e60172916fd3bbafe70722f99a183db6c1c2b3

SHA512
513334c9f6b2b14a4730e7810e9c436c2d7e69d2048e72571b87d9aac7891c27567e1419175e1797b7693e90a70c0f36d60445a6c254a1eaf53622c0f6b199cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9692878adbbd48ab5db0daf4814b28ca

SHA1
bf953a9e66cab4f6c32c9e26ec8b97878a59d48d

SHA256
18ebbe742233e12d24898006f9a6af381f1ae131bdf4c96708be6f1a3cd6278c

SHA512
78abaa5100423229e3c67e4dad460353da644b0f21167d8f02a83e902bab1cc0a509fa29704b20d427eb872d19a8a0169c1b53118188e696960ddeff0d110425

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6b8c381fddb290575a845c584b8ce5c2

SHA1
aeb659c72621a0c0abadf14e6cc800ba70f46b0e

SHA256
2d720803f37fb5558a2eea8572378515a075dfa655a713201738fc0b708e4866

SHA512
9c41f9365515dc6d61b5f4438d7365cf466906b4a67296fa8089c177dd6f8673be66e9ae2430f1755233f79e388e65f3b3dd1fd2199860bd02f1ad8f4167c110

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
54789344301739c84b82ae2045f1862d

SHA1
174471ed63b1de2ef8b82f46af699be34ad955eb

SHA256
23a8508ff7ec86b3b3d538c7077dab61e835393593d509d1da2e63f30dc6c151

SHA512
9b714b175f1bdc3c47634da642cd4ed67f205c9b93bb64f6b8ecab88eb49ccf838c4787e0bd077946a6d3740549dacd5154b08ca33dd089409d97f44e6c1c257

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
72836c3b5bb611b8aefe1f3dc30f396e

SHA1
6bf3cb9d96798ab044142193cf83e2c6ea446022

SHA256
daafd7bfcf2d82e5c7157a8ab89c6f2b34ffc5f8c8ae8384aa657b7bcde2e15b

SHA512
a9146cf2fadad1d5a4d1e591b840adcd46b6de3ad44fa761ff14825ba6d1c85cb83fc04546a9ce6c1b79f90ed5de2edc045eee0d6f9f4a8443ec65ee80b67811

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9f8df84db97ac39c1551a32d48405070

SHA1
26ccaaea0b2fb33de6f890288b1d3034006819cd

SHA256
5e6f3d65da7da0ce23cda70fe333e000be92ac6cc43afec2037fb29776cb841d

SHA512
0fbed826274c8d099f106f3bce9dab4eae31dcbe4801fe23d38a7e99ded3a0a9b86f50b29b9b9eb10d0929ab2f3a69e9960e827f23c751d5726fe986ceb7a478

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d6aee35dbd4704c0fa020d0c032f0957

SHA1
0748a119646046c017ab2b25c634dfe89975ca0a

SHA256
26f19b636ce5c4f25bafc7b5752bdbdc21fbbe4710734258f6ab5c959ee29833

SHA512
75f66b6777a65d5b36ee55d0bb8b629b5f0f4ed44c9ba7a3e0aa219f2334d6cccf4db4a1bd014e55e1b157fb5d85feba93880e44fecbbb8006d86a062afe188f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0cefd684ebb78807ade1d2bfaecfaba3

SHA1
4adb966f750ccd8df720ef4ee43caecc2ef51e63

SHA256
25f0760662f81697f22e21792bb525f5f7907ce8367ee1f775ba15aa47e21262

SHA512
57701355fd0095187be175d59c9df5c595bd035c6997fd036e2dbdd19a9167f35f34966e5071e4e0d8a84b9706ab2c7ebc98b0cd13cc54c891a2c1e3068b315f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b790be154157c939981585017c8b8ae2

SHA1
2dc849adf0431d6f5e48b80aaafcb9878c5cb277

SHA256
df4e246736a01fe3d648020542dd8ffced2e61ad37366b8dcaf8e6e9105890f0

SHA512
7b0f55ca120caf148528fcaed4729bedf09c49c9cef87168871668f8071d76f33383dd055361fb8015303b90947ed1e95b9acf3edce1d1d68562e7225183f77a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
be702feca08576c8b1248ba668dda804

SHA1
db616d5813de3d4b18bfb31605b8fc057aecd0b3

SHA256
1ad4d36b548b717029563566f3b897a3117c95b4b49c7b78fd5e254bafbdde28

SHA512
23d4f3c21722a5681a8586889e0201e177f552e98aa2b24b34d6b8c431951d494ec1eb2e6c01add3527d9009bc02f2064864ed89e50ebbbaeabbcb9c271d00b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5caadc4ac67aee5ebe89c0d0696fb9c3

SHA1
8d123b3a4216e0341341968bedcdeb4a7df1bbdf

SHA256
a6122418c4c60afd6da157595bbb1d93ea2455df077183c187810dba410a6771

SHA512
baef6484798b3801194b242831c1dbaafb57c195ad40947424db24a359e83d961f7d25f6723e31f1104ebec3cda81de210f705cf4c91395cc553bf64f4ca1ea5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b5f1b003ceebc382718c4d06f3b85dec

SHA1
fee50c3df7b6c7e77c95356fc576513c10274000

SHA256
1d62c8323c5d9db7d2ae66478461b83dce1f332b971f0bc342cb92f5f6398443

SHA512
d972bf126fe259fe86d98a5ae312b15930633d3a13fdcee358db9c55f05b0ae1d278f321b58b9bd7f3b293194a902da88c123863046c407ab15a7efc7694bd80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
72bcfd1a6b3f5584915eb8e5cad53c86

SHA1
437738f7494c84dc90494b0dfdd278353bddaeb0

SHA256
702e193e3007f27730f37043ce7cd429647c1531c69574fffadf92d9d53c9f3d

SHA512
1ca8ea06c49dd169e701161a4828d46302a96293cfa609f267c063dfacad36e4320d6f33099988ed7bbb4d9b51b74c378a8d1580b978fbde2a34cb79d182d7e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5fef5b484365f397229cdfd36f40ead3

SHA1
3366ea5659bd6b08ea37a63cccf73a51627c3c18

SHA256
20ec01678980f4505ecde7865fdacd6fef01cefa76b8c1e6c7f0cd8e87bc688f

SHA512
01dc9d3372ced7bf83ab875fa5dc84df726a63becc66432fabdbd4a10f1d72eafcf86389ece7bd47dc186a028a5f04e5acca44d7306f44e6420cf25f0ca5c284

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b7c1da33243269f727282031c586b18e

SHA1
87310992110853a8238c356336c8eaf9fd9d81a6

SHA256
fd50216ad47a4af0897eee07f3bb1da0c9bb42a775b428f5e25f070fe0817fce

SHA512
18ddde0256d42533c30599b38481d4e3fadbf459445e7087e89ab13885813a59f74158a319a62da0044ab930de5a5c138dbd4cce5875ff6acccf6cba1f167e0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1a63b8105fc0bb1422f9346a2911ef72

SHA1
c2f8e81a757f7cf2c798f50bd7bd00081f2845b5

SHA256
0075d69cd94f5f2cb26e9173c6afe9855d0fb05ab6fe139273cb7909942c3957

SHA512
66a6ce809aaf3108b9afd5abb8ae6c86a2723ccc8f36ea9adba3206d6002e2552e8c208dd23c11fa98933ae389073e684ea43aba1528c013be94f95d4b53ea85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d01a83c7b66a414fdab4010654cf17b0

SHA1
14e38b194d828892f54c585816e6c2f382878059

SHA256
e29fa09da1c6f2067e2d71a7962a36a85f92efd677adf410c410cdac8723a7b7

SHA512
2608b6661252606fc9759380208c37f751d0d57e907d4906920513841aae3bb3e1f09062e9b29928c0118f3882aa32cf8eed48e65766cef66e6b621eba81d49f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c3ad2ec53f0adc823fa80e29c340a006

SHA1
e8e993b872b3c50371940c164fbc3cbfd974abfe

SHA256
9771b6296763a8504938eaa4fc3fce26bc2ba36dd6a8326afbe920783f3dbd20

SHA512
47e50f482661b3e6a3003b5f6b0fe4db6aed9526f5800adb4c10bcc5121276d3ef8553c3de56bb40b0b9ef3dae16d9ae0174dacc5b5dfee74d5860e73dadaf14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
37c51738b2a3642c6cb5d0c51aba427e

SHA1
9163b778299b78f48e24137d8e0f63deea2ee89e

SHA256
464d8f2152e695ef3f1c0eb296bec71dd8d760acd6075147b5af5655c83b9dec

SHA512
7eef43e0edbc8c548d0fdb20ae493612e66a0e36fd2e7480afcb8da5b9f82ad51a7b4c77f4f27f640e8aee733b97042d14d11b18123b0fe824f035ca005e3e7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
243fbff25c53241e55b2d43a06a7f664

SHA1
cd899dd086e46b47437f8bb5a393c226502cf143

SHA256
9abc0bcd216dc75dd6877a56048ae5d2b62f0231a5ff9c7c8392b9a9b0831bd6

SHA512
b78e756f033d8a38806c9d44c36579e4c43da12d2f194334bb58a944ae6a2fba77d301ccbc2361fee1b57d470909fe07a634db9ef68d69ab85ad6be0cdecb0c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3a57e9d8fe8b26c12d91cbddc5236697

SHA1
15acd08076708f132308a337be09364c00b6b26d

SHA256
f94dbd4ac66ba7e9c6fd078189b17285d27995ed4e86ece623d5b2e26391bb49

SHA512
47c9214f259cbf12c01b68656531306eaea31d3dc924f363d60e8544f9bb44e811780f22c3f431a7874902d3d0421197c7cbd63baee43741753cd8091c10bb0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5fd2cc1701e5fec282354a09474772ae

SHA1
9d2f1991f85918ef5a376cc9d35c8ff62a4b5b51

SHA256
04b5910b0cf8816c8e5744726e0ef729aa03c98865a1be349a668af1af0e1577

SHA512
1095a0b3663c0e41134c95ea837c99bd01daea3a158cfd5861ff899860a08acbd38af73c13e771b38c9c28922e87258f6c63c7ce05d448748af514c18f0f265f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3a332e0f3d2d0ec709f444c99771d8b8

SHA1
b0199c5941a176d7a2ca27a10431d4055c604876

SHA256
a4a2b179aca6242ae856fb5dded4e1e69af5381bc2ac7f1a5fb8d5959625b450

SHA512
31623e0dee842a16571f4957c2c7a28826c5d7c3dc879c5cf87960e65e1c56c5afdbcfa6c2ff484afbf1c4183f7048def0c20d6abed7ad3ec8e4f4be276802a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e97c77f67e8b3acdd0da31387f0bdd6b

SHA1
33c9f7e855bff991e454170ef60300011df890f9

SHA256
418a64109efcd2fb8c527b0b95323a32d69f7cdcdd1f34b39d4f8ca6e38ef239

SHA512
a0463f543806226aef452f7ced609a909aacbc960536950b47688244eef14eb5e38f43fd1fd4daf9b9a24ff817c87be552a703aee9f2c001deb5abc7ebef0d0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
789bf5864db4813f08f00d5f3333d612

SHA1
fca32576a0b77d77425c9a8a8b725837dee7a598

SHA256
766b891f4a567515a60a6d6e27658a9a79a1059711c0b75e066be904901fcb78

SHA512
759fbadc78668f3deb0a7fb8dd400ef6d2dc80611cb5f5bdb24aa840ba2dea6cafc93b0aa3856c2bc9b4e43c4860c4609508576e56a60e4df30df8f588c39686

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c21e0a65759664c1e30debfe38d0d62f

SHA1
8b5c5229d5cfae86f2807c372666f91cca589950

SHA256
f6fbc3d94296174467a8be675b695a6656a7705124af1824bf2c3c9d35d40254

SHA512
c44a0feb23976087068dc8302c86a1b346ed6eeca08f52d994b34bab3b2f371097bec3248c6312e40882347acce635123f8157bf7f6c92d12a307210c4f9f41e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
77e9d729a49f0136204e667a5b5f22d2

SHA1
c0e237a77371ae75203c7d782292250316c74616

SHA256
1ab91d60a7fdbb74943d3cf0c32dc04ebd8c857b62d223adfa0d4977cc656c97

SHA512
7e82873d7c254b6c65b3fc3520645a5e2c56ea8ba7dba2667d037b240587ac82266c938df918f99435ec380cd7929afa4dc62a59afb584c54d1da6be3c737b05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0a6cbd6d2516ec1afe8a652d9a7fcdf2

SHA1
cee9a5a490b3ea548b1e8ea6d93262cb6e2b19f6

SHA256
9679cb5f36105cd40b60b02301e3c4a68b19602dd8523b3a4a028e2d7043459d

SHA512
5dc9b56fd52c2adda6baf403f154c5beaabc7cbf4cbeacca5534e5e05650a5554ba924fa7bdf9c1b074a8217720838f8d71c051e1076f9038172d5b375f88442

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
964703ac0b39e79d2e9fff3810840e6c

SHA1
b1a4c13b11031990cd79f2905e521754e46ad6ed

SHA256
02533da9e32916c094d5c6a8acdac268d5f0120bd6c6ca6da3f941b74f13d901

SHA512
0958818e78f27c55227461d07cdf7307b402a22bc27dd21d0e0591048abc333df52c89eb578889004304b36083eb760f8a44ff7143a342011d00bdbb3a6ad4ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c82003c9f428afda6fa4be5ebbc8b227

SHA1
dc4d27afe6ff5ed938012a957b3556667706dff8

SHA256
17f756dacf0f2be0397840537788ed1fa84f313ff396cdae6c0926713a7b83de

SHA512
fbb6000c0438a8b78ddf46d718065d0e4a56fb1a09877c2ecf4771f17eba557eea0edf7719bfe0d8a2c6c7916f22682bc5efd057a46469cee36a33ed52ad807d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
255a815f1c0a75c00d2c5dc85c88de2f

SHA1
e9eb2bd85912f2164ec38536fe9b442b75e8ccaa

SHA256
d38944204a965f43fb8a113a52432b3bdfa2db06403261b9de9fbeb25c652a6e

SHA512
f20a4f283300e41e88c20fb93e99badcaf81178949734a05f3385cee626954bf5519a404fb8a506e60dbfe1a55c723bc9db1be0575d87bd7de823d16af3a736c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fab05048e7e4428d70840d2e8cbffd6c

SHA1
222454d5ae9d9c6a8df7c33ffffc142a3db4e641

SHA256
baa429e0c6947a21e7191692711c2b38f4b4117992638353481028dbe81117d5

SHA512
b1ed7fccc00585833020cb3df70c569b361c50b8b973b48b99073273abbf8c884adbeb50e51d13b24c4984a39757b8b585301741365a2a9c5a62b465e4e2aa4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
125KB

MD5
b28ca8d7e2fea36c68ba14ab0003eda6

SHA1
6433f76816e9b1fe225d959a28d8f4337ce54386

SHA256
f853dfdedb5637e0632bb25c759a4021cade97196a40d2fa032eebf5c890d4b5

SHA512
b62b1f5d5bf1ce766444c78bdfc1a2c48129802416ea6d1ce04a5312bb5cd674e00cd6b5e1f948d4601a96e0ca17db4b880dc269788ac7603444eb0d510f95dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
125KB

MD5
616ac4ae447df1ee301e656219ffafd6

SHA1
4b9383c84c7580482008d1939cb205858f3ddc9c

SHA256
001573161c31219484f4d9a152f91e81775f6a1b997ff8a17dba37751785db0c

SHA512
09069e70a957e16d7a6cff7d59022937acf76532b873effdfec53b03fad7750e583c2d8184c2e841a3279d3816ef8aabd9f3f00f0e8fd989ecc85871ec511404

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
191KB

MD5
f87dba03806db3e7d8a4dbca4325f528

SHA1
c82be3cce0ab1b04cac619a2c75115913d8c1099

SHA256
30f0f885ea2835dfbb6e1fe7cb3338d325412a304f45da11c410a7b925c32cec

SHA512
5a8e9a6738f983d31b00d9ee8b41840849b2e0490c4e8cfde43da80055179af54674c9c9d8dc82a071f692d109c1a1d541c9dc45c347008fe910a4a73608faa6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
124KB

MD5
2755c2ccdd23b21556da20fafa539429

SHA1
b06633bea9479e23428dd500978b170c71dd005e

SHA256
a16694e892645302beab4c4b309b8f3f8798343455ef6c15a03505a688a2f0de

SHA512
9ee3edc5ebe1b9c8ea20a980f0cc735f45ef368749e55d470b7f636003dc98cfabaa614a74fb57d8b50f27ab17125fe6f8b4406f60fe02c855129fc7811b8dcd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
124KB

MD5
9f3aee7d1eb0abcc19c0cefed2845d67

SHA1
43b0ec63c5048be86a1142400dbe6d6efcb303de

SHA256
73d8d1ffbf3caedaae8760080da8047bd8783f5b4cdb964eb43143de28821445

SHA512
21c3413862aebb4dcb6c298af09f2c327081f86d39ea159a346d1917927806ac80609a39c08a290436e47d89280c50cc84d75e2f88b727bcb0855c40fa925baf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
124KB

MD5
3c1b31a435f5f250238a77ed2c63ef6b

SHA1
c6cfc3beaada9cdc53d4a4923648512a802a0824

SHA256
9cf56792e455401e7666fd108c9b3d7e411f23209f1c6e03c59cc4319e3f0271

SHA512
06d62e191b908082971e4e3f9d55fa7742cc70609b8c5a54d636813ad890e564edf760276a1854b812fcb2fc6da5bd70fa16337e4ce214143c80a76c1429fe67

Download Submit
C:\Users\Admin\Downloads\CryptoLocker.exe

Filesize
338KB

MD5
04fb36199787f2e3e2135611a38321eb

SHA1
65559245709fe98052eb284577f1fd61c01ad20d

SHA256
d765e722e295969c0a5c2d90f549db8b89ab617900bf4698db41c7cdad993bb9

SHA512
533d6603f6e2a77bd1b2c6591a135c4717753d53317c1be06e43774e896d9543bcd0ea6904a0688aa84b2d8424641d68994b1e7dc4aa46d66c36feecb6145444

Download Submit
C:\Users\Admin\Downloads\CryptoLocker.exe:Zone.Identifier

Filesize
55B

MD5
0f98a5550abe0fb880568b1480c96a1c

SHA1
d2ce9f7057b201d31f79f3aee2225d89f36be07d

SHA256
2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1

SHA512
dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

Download Submit
C:\Users\Admin\Downloads\CryptoLocker.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit