troldesh | 88245085f618f12f441c95c7924fcb57409691942e8dbda1490a7d8c1720c24d

Resubmissions

19/03/2025, 12:07

250319-pap33awwdv 10

19/03/2025, 12:04

250319-n8zvgsznv5 10

Analysis

max time kernel
149s
max time network
149s
platform
windows11-21h2_x64
resource
win11-20250314-en
resource tags

arch:x64arch:x86image:win11-20250314-enlocale:en-usos:windows11-21h2-x64system
submitted
19/03/2025, 12:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DoNothing.exe
Size

4KB
MD5

06de0e898a82060eb95ac87fb8b52061
SHA1

d1232795cebb38209e0b58d05a0b3864439398c5
SHA256

56f452c753174e8a2048f851625c4de3e67c17cb5fbd3a753f7b0cac7932064f
SHA512

091b60a2994791fd76985276e6d4272e138c1d9019b6caa37cab5850cfdd2916d62c98619b86f025cbebfff5b82a3a2d889cc1e6de1300c6d76e823e800f1bb0

Score

10^/10

troldesh defense_evasion discovery persistence ransomware trojan upx

Malware Config

Signatures

Troldesh family
troldesh
Troldesh, Shade, Encoder.858
Troldesh is a ransomware spread by malspam.
ransomware trojan troldesh

Downloads MZ/PE file 1 IoCs

flow	pid	Process
133	2108	chrome.exe

Executes dropped EXE 1 IoCs

pid	Process
1844	NoMoreRansom.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000\Software\Microsoft\Windows\CurrentVersion\Run\Client Server Runtime Subsystem = "\"C:\\ProgramData\\Windows\\csrss.exe\""	NoMoreRansom.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
133	raw.githubusercontent.com
38	raw.githubusercontent.com

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1844-1532-0x0000000000400000-0x00000000005DE000-memory.dmp	upx
behavioral1/memory/1844-1533-0x0000000000400000-0x00000000005DE000-memory.dmp	upx
behavioral1/memory/1844-1534-0x0000000000400000-0x00000000005DE000-memory.dmp	upx
behavioral1/memory/1844-1536-0x0000000000400000-0x00000000005DE000-memory.dmp	upx

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\NoMoreRansom.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DoNothing.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NoMoreRansom.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133868595197226454"	chrome.exe

Modifies registry class 4 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\NoMoreRansom.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4896	chrome.exe
4896	chrome.exe
1844	NoMoreRansom.exe
1844	NoMoreRansom.exe
1844	NoMoreRansom.exe
1844	NoMoreRansom.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: 33	4600	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4600	AUDIODG.EXE
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe

Suspicious use of FindShellTrayWindow 42 IoCs

pid	Process
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe

Suspicious use of SendNotifyMessage 16 IoCs

pid	Process
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4244 wrote to memory of 4500	4244	chrome.exe	81
PID 4244 wrote to memory of 4500	4244	chrome.exe	81
PID 4244 wrote to memory of 3704	4244	chrome.exe	82
PID 4244 wrote to memory of 3704	4244	chrome.exe	82
PID 4244 wrote to memory of 3704	4244	chrome.exe	82
PID 4244 wrote to memory of 3704	4244	chrome.exe	82
PID 4244 wrote to memory of 3704	4244	chrome.exe	82
PID 4244 wrote to memory of 3704	4244	chrome.exe	82
PID 4244 wrote to memory of 3704	4244	chrome.exe	82
PID 4244 wrote to memory of 3704	4244	chrome.exe	82
PID 4244 wrote to memory of 3704	4244	chrome.exe	82
PID 4244 wrote to memory of 3704	4244	chrome.exe	82
PID 4244 wrote to memory of 3704	4244	chrome.exe	82
PID 4244 wrote to memory of 3704	4244	chrome.exe	82
PID 4244 wrote to memory of 3704	4244	chrome.exe	82
PID 4244 wrote to memory of 3704	4244	chrome.exe	82
PID 4244 wrote to memory of 3704	4244	chrome.exe	82
PID 4244 wrote to memory of 3704	4244	chrome.exe	82
PID 4244 wrote to memory of 3704	4244	chrome.exe	82
PID 4244 wrote to memory of 3704	4244	chrome.exe	82
PID 4244 wrote to memory of 3704	4244	chrome.exe	82
PID 4244 wrote to memory of 3704	4244	chrome.exe	82
PID 4244 wrote to memory of 3704	4244	chrome.exe	82
PID 4244 wrote to memory of 3704	4244	chrome.exe	82
PID 4244 wrote to memory of 3704	4244	chrome.exe	82
PID 4244 wrote to memory of 3704	4244	chrome.exe	82
PID 4244 wrote to memory of 3704	4244	chrome.exe	82
PID 4244 wrote to memory of 3704	4244	chrome.exe	82
PID 4244 wrote to memory of 3704	4244	chrome.exe	82
PID 4244 wrote to memory of 3704	4244	chrome.exe	82
PID 4244 wrote to memory of 3704	4244	chrome.exe	82
PID 4244 wrote to memory of 3704	4244	chrome.exe	82
PID 4244 wrote to memory of 2108	4244	chrome.exe	83
PID 4244 wrote to memory of 2108	4244	chrome.exe	83
PID 4244 wrote to memory of 4832	4244	chrome.exe	84
PID 4244 wrote to memory of 4832	4244	chrome.exe	84
PID 4244 wrote to memory of 4832	4244	chrome.exe	84
PID 4244 wrote to memory of 4832	4244	chrome.exe	84
PID 4244 wrote to memory of 4832	4244	chrome.exe	84
PID 4244 wrote to memory of 4832	4244	chrome.exe	84
PID 4244 wrote to memory of 4832	4244	chrome.exe	84
PID 4244 wrote to memory of 4832	4244	chrome.exe	84
PID 4244 wrote to memory of 4832	4244	chrome.exe	84
PID 4244 wrote to memory of 4832	4244	chrome.exe	84
PID 4244 wrote to memory of 4832	4244	chrome.exe	84
PID 4244 wrote to memory of 4832	4244	chrome.exe	84
PID 4244 wrote to memory of 4832	4244	chrome.exe	84
PID 4244 wrote to memory of 4832	4244	chrome.exe	84
PID 4244 wrote to memory of 4832	4244	chrome.exe	84
PID 4244 wrote to memory of 4832	4244	chrome.exe	84
PID 4244 wrote to memory of 4832	4244	chrome.exe	84
PID 4244 wrote to memory of 4832	4244	chrome.exe	84
PID 4244 wrote to memory of 4832	4244	chrome.exe	84
PID 4244 wrote to memory of 4832	4244	chrome.exe	84
PID 4244 wrote to memory of 4832	4244	chrome.exe	84
PID 4244 wrote to memory of 4832	4244	chrome.exe	84
PID 4244 wrote to memory of 4832	4244	chrome.exe	84
PID 4244 wrote to memory of 4832	4244	chrome.exe	84
PID 4244 wrote to memory of 4832	4244	chrome.exe	84
PID 4244 wrote to memory of 4832	4244	chrome.exe	84
PID 4244 wrote to memory of 4832	4244	chrome.exe	84
PID 4244 wrote to memory of 4832	4244	chrome.exe	84
PID 4244 wrote to memory of 4832	4244	chrome.exe	84
PID 4244 wrote to memory of 4832	4244	chrome.exe	84

C:\Users\Admin\AppData\Local\Temp\DoNothing.exe
"C:\Users\Admin\AppData\Local\Temp\DoNothing.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff82730dcf8,0x7ff82730dd04,0x7ff82730dd10
  2⤵
  PID:4500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1968,i,5306940178907495066,15048883670859193652,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=1964 /prefetch:2
  2⤵
  PID:3704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1480,i,5306940178907495066,15048883670859193652,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=2252 /prefetch:11
  2⤵
  - Downloads MZ/PE file
  PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2372,i,5306940178907495066,15048883670859193652,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=2352 /prefetch:13
  2⤵
  PID:4832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3228,i,5306940178907495066,15048883670859193652,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:3280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3300,i,5306940178907495066,15048883670859193652,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:2320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4200,i,5306940178907495066,15048883670859193652,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=4208 /prefetch:9
  2⤵
  PID:5100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4588,i,5306940178907495066,15048883670859193652,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=4560 /prefetch:1
  2⤵
  PID:3612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4804,i,5306940178907495066,15048883670859193652,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=4808 /prefetch:14
  2⤵
  PID:344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4972,i,5306940178907495066,15048883670859193652,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=4980 /prefetch:14
  2⤵
  PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5380,i,5306940178907495066,15048883670859193652,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=4784 /prefetch:1
  2⤵
  PID:3748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5528,i,5306940178907495066,15048883670859193652,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:5156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4724,i,5306940178907495066,15048883670859193652,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5668 /prefetch:12
  2⤵
  PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6232,i,5306940178907495066,15048883670859193652,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=6244 /prefetch:14
  2⤵
  PID:3296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6284,i,5306940178907495066,15048883670859193652,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=6292 /prefetch:14
  2⤵
  PID:3788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5364,i,5306940178907495066,15048883670859193652,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5344 /prefetch:14
  2⤵
  PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5692,i,5306940178907495066,15048883670859193652,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5296 /prefetch:14
  2⤵
  PID:2528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5360,i,5306940178907495066,15048883670859193652,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5268 /prefetch:14
  2⤵
  PID:6124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=4236,i,5306940178907495066,15048883670859193652,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=4332 /prefetch:1
  2⤵
  PID:2540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5272,i,5306940178907495066,15048883670859193652,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5320 /prefetch:14
  2⤵
  PID:6004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5312,i,5306940178907495066,15048883670859193652,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=4952 /prefetch:1
  2⤵
  PID:5184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5264,i,5306940178907495066,15048883670859193652,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=6380 /prefetch:14
  2⤵
  PID:3316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6532,i,5306940178907495066,15048883670859193652,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=6556 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=3192,i,5306940178907495066,15048883670859193652,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=6720 /prefetch:1
  2⤵
  PID:500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=4180,i,5306940178907495066,15048883670859193652,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=6272,i,5306940178907495066,15048883670859193652,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=6260 /prefetch:10
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5024,i,5306940178907495066,15048883670859193652,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5736 /prefetch:14
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:3940
- C:\Users\Admin\Downloads\NoMoreRansom.exe
  "C:\Users\Admin\Downloads\NoMoreRansom.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:1844

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:4896

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C8 0x00000000000004D8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4600

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2856

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:3464

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:1504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
414B

MD5
69c4d2aa057cdff9b8df6c0a2d8a8703

SHA1
e1d7107e671dfa9e782e6000473fbd39e9363748

SHA256
6a7b34b36b2135d819d2fe3f6162ae030ea472c4fc76433b961b89b4973f7d9f

SHA512
807af5a99394425bef7f484f5ea5bf4b2a172b65665bbfcc9a1d0a32cd60418ca0a9b3da853a8077a02c587122fec5ebd1e18f738fa30d565b6236f8f3cdea1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

Filesize
56KB

MD5
5e53ed25086aaa0d3337101b741466ae

SHA1
08b6244aa107201b2b4e6e76ce4c123dcacda182

SHA256
5ac2037030385ad8cf10e486b44475d778eef2e2a377751fbf3c938fd3991b1c

SHA512
7c90e1b48ee9a1dc112bc1921e2a42f4d329d734be246ed488aaead60ff14e2581580e6629bd2b24c109cb66279190df3ee494eb83d1b96f418886cd72f2747a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

Filesize
55KB

MD5
fdf2600d905a0faa060d691e0212e1a7

SHA1
62550f0993a219e265ff9a0795a4d9f49b28748f

SHA256
52a37b3a78eb5b59df3bdb129b9115c6fed9bec6ca62b55ae56d8c2701de5972

SHA512
7118d2ea3aafe3d77709842da20acbe3faaf4c6c92a50ab05ecd4986916bbb92fe297a1b00357572683b02c61762cdf31dc425f03221dd169803252db5f04f7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004a

Filesize
55KB

MD5
cfd886e1ca849a7f8e2600763f236d78

SHA1
c1fc2b10d20c529c01b465a1edc0ed2fe04f0bd5

SHA256
c0b1c3c6995c24eabd1a6fcc4f00523e022b546cf1fa4fce6c30d04763244d1b

SHA512
254e37e3650b2c87b524c96f517586b690094abf7c8e0539b050ecdc4c56c2593bedab7b1a830b827ddc19f1c3e05ff4096ebdf4cc969b5bc5fd33cb34e94fd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005a

Filesize
1024KB

MD5
afc19e2f8e7d3ded79511afb66ce5e39

SHA1
182ef200732afc2feb6dedbae1b64a2a5a8669ac

SHA256
2b0a9d076aa3fbacd0779e9bf0adf81afa0f43e594bb4ede141dc1d58ed04bb8

SHA512
2b731153a4996dc91042fbdbafe7f8d181172cfbb8c4f08ba47fc416199461859487934e9785fc06fc2985494c113abce416eeaa32480e3abcf69b0e5fe59504

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
158d9837c1a50149b7eaadd6c58221c1

SHA1
637750664b5e4475a96c4f574b655b67d1ca443f

SHA256
bf3013e38bd9eaf739e73ddf9e23feaa4642dda0438b49049c3b88e947d15ab4

SHA512
f0031e0e2875d73465d934306aacd8f5bb3fb9044dde9b003b29183e51df180f05d33661132d23b524fdc57232713a262cb1bbc0eef566aa5d83d1f4ebc94e90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
3c946b4c7fe13f6958f9e6016002e96e

SHA1
0382e384a64a8fce67c0f3db86cde24ba90ec701

SHA256
0e7d95ef3a7e784a5535df20f257412b5673444c0123ca98b047ba3b43a3e87b

SHA512
bfe6aa786dc30e3b8c88da4d641befd9ebc2f0d1b495543f442fd5571c0fd31d9f8b128aa28883a861a164f69b21695be1188438ebdd98e1ffc56c8965261bba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
6f42fa9912182afae52114616968c772

SHA1
6400d0740b235d5174f59423eb422360250806d2

SHA256
ad6b49f0e57e4aaa59b220b797981dd3ce50b1c2e1a3ef2b5c0774560c72cf02

SHA512
a07be8181bc95cd1e164464ef09fc0951ea7b4aa7820857c4f2f02e8ee63223c49c1b8e195f74b14de7d683bfa7cc8854be39a1f1a092b03f9cc544be0e4c785

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
452aeaa19d65cea79bc3c41b6f6c3f9f

SHA1
cc301257f2817445ae9f8cee733e7e8fbc027b38

SHA256
75508cd57785f352c78e927897d8154f51c38eb06b94cca48d0444e14dff8f30

SHA512
1d76b17967d9f60f563e8de39b761a52efa1622e33d36f249c3e78deb4d4eb985f9f675bf59cfe28d99f90f572c2e512a1d6f7c32750c8c4a2a09d78a2ffef0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8d60f814d822e8f35b83dca37adf51f1

SHA1
2748d3bcae088fce4b048b141b6b76462cb4718c

SHA256
bd6e78c9872cf645161b93e00202c9ffbafbada83a8ac4442c0f74d7ef54e341

SHA512
29cce6026438e7a58fab498332c44f01ab9b7eebcdb4759f58e6949ad0a8d7d82731c5b3f014bc4f93f642ea59004070fda7368d91a4a13143c3696f3a264c89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
939c7b721bc04ca341fe73d87d0735c4

SHA1
4eb6633f73c9156764aa0c42d983cd22ddc9a737

SHA256
440603a41c66c72ec500acca5cdf1828600ebbf08560f335c3bc4c334f732365

SHA512
a58bbc9421a5cc6712dcef04a477e0cc97bff435c7c29b6d6535a106824d3e5622a2b9272cd8a520e154302a673b3040fc4ffd43b4f95d61d3019bbfd36e0d3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ff5b6828e253bcd647ec3ffe94d06371

SHA1
5e0e2530cf80596c23936326a7c9b4d03ed529d2

SHA256
c8d4bd5c018ba73055ed083cdd08f4a56b94411998b25cb6344105565597270b

SHA512
08138d330c50b5a72079ee35711e949a6f51c8dcca93a2a8cc8ea490133a6c78a8bc7083330dd618482b2d713e3105470cae876652c24c1f0cf2956764945053

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
0b210f6c1e96846591e5ee54d0985879

SHA1
9d096013c4e828748af4d345ff1d065e5479934d

SHA256
4c1a57f07d621ed714d5d1db3501e5021275045ecf41b25530bcb4047441628d

SHA512
2317705d84f1ba8960f0a3ff01b224a7cd59a9affa89b5d2230a698dfdec239abfe8ba817d5030aae3e5fe35039a5c2fff150437d11f9b81ab0643175d17feb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
5cfb5bfb48506429ef6a52718501fed6

SHA1
e55de64ded37a589d572c278531c7225a60e348c

SHA256
7599d1363627e21301ed84db72fa8c336dd4489a77f2c24126178a249d0ee823

SHA512
19dc7116690033b5617c61e3ac37ccb94d27864da3c53d599622d3bb9961279efb5cba6eda52d944debadf269fdecc5a8bdeb79f38a3f8e6bd91e30073f51435

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
a7fd1c10e20fef5494da1ce2cc6378a0

SHA1
fcde90f676c7f5a46e9c5cb6236e0070c1a05d6c

SHA256
456a5229670bc4688b2fa5f2f777a093ca835bbbf91c23cb935f184a080894fa

SHA512
a82689b0c8a6c779a52e5ab369ea7f66f557df89375e6e42dcb4309177c6aa49ef827972ea521aa0bcb7e42aa813b8be27507daba7a7e53928f3724d55791d19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
b68098b464308c9c47f8101d9724182e

SHA1
346e58ebfcccc7b8f633789f41dd7a77311828b5

SHA256
831a766f698e551d686b3697e3b558141d6387e99e4e590e495aa31fb90ad536

SHA512
0c6e0580b8dd515d45ac728a7150c61057b3b07fe323789c93b399b1fb070ac04c8013599fe7c2d8d3737c2ce6667b47797e63fb4ef048f1e6577f73fb621aba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
d7796530121ec5572ad0ea699d98d714

SHA1
606c6ac7c8f031cee41c47a9333a6240a3f48665

SHA256
20ba5259b504c03d0c5392f8b61c27522272468a44cbdd350142ea6b774ba7a5

SHA512
a8c398af78f0e0c8b092c7722630ff1cf00fc1a55cd48acffe5c88a79ac9d25ccdcca597ff6cf1289a76e78da6fd0aa237e8b56c618ddf5740a74ec5366c54c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
7fb5d8691e3c63f82a40e675574b3aeb

SHA1
e7ad4cae117f523739d3c998c806172b1edb5488

SHA256
f569017d20f288da825bdf4b37eed734c4f19087f4fd41be7a0d6116124b043e

SHA512
571f89140ef8e305f57797fa883d30076d3fb4b931d582a11b6857cbad38f045c67715212405ae8e0a49647156c3a44bcd233836658e019ecd62eca49fbff2e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
0c4ee74392bcb9c2651fb89da5d6ea38

SHA1
3b0c059f0763113bc1f02ff5dcbc7ab421b9bb30

SHA256
271186f51c93e49b8e397d63570f77ed64355ad873c825457f56c4be696da869

SHA512
0c69717b1882b08f112a904faf5b582497a6ba83dceeb00e15c8522c1557dc55e25ee27713984c27e49a24c9d84606c6cb4edd41168ee16587e07a3402257080

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\108786fd-4033-43d3-b97a-ff2ddee10b9b\index-dir\the-real-index

Filesize
456B

MD5
6fbd3b57cdc04bb8860516d70aa9a871

SHA1
9c0bf60bc9d96b06f00e3f5ba90f6fae943e06e3

SHA256
ce335a1fd5656f38c285fa7f7973ea552be16804de5951d1cd889fe1a11e15a0

SHA512
58c279fe90f3f04fb004eea7a324af9232a8f2ceed032d662ab5edb2d315469faca4bac4fd9563e799e8c1fd1595a6b9aa83b1ea5596e3350d5135dc3c1eb471

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\108786fd-4033-43d3-b97a-ff2ddee10b9b\index-dir\the-real-index~RFe57f647.TMP

Filesize
48B

MD5
c8499e3d86deff4acbc058328fcddd3d

SHA1
a0b2e603d961a7b76c840b8345f33192cbf740f7

SHA256
329a144a4ab3772afac715aee3de020a62046c4d1dbfeac7a3c2dd3f02b60222

SHA512
229de227c5b2832aa0ba7205878d7bf59e8eee00a0a0543cc9a37c57a49f860a725d14694dac99de96e0add650575a4719d4671de167135a77cfde421b230085

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\bfdc55dd-397e-4a66-8abb-fae13ea8007d\index-dir\the-real-index

Filesize
72B

MD5
d0033fddde6bf12bdf7ead116d9b7bbd

SHA1
66a8e70c7b42513f01697e79458755588db4465b

SHA256
03641f95876e520b3180238c79a9ce64b1dd8b98b260ef08075d871fffca551f

SHA512
470425dbeb0e79ec0a7c27ced6c648a39e92d89a8f20e4d08084f8603c8d35fa5ed47f549747e314a0ffaaf3b352c9f1dc50e93c2252887008385d487b1efa42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\bfdc55dd-397e-4a66-8abb-fae13ea8007d\index-dir\the-real-index~RFe57f462.TMP

Filesize
48B

MD5
a039021939b36872abac172cc3ac56d3

SHA1
c68ba16ca4af9cde5abf3b852ae38d451572084e

SHA256
d1d389e5f211d7f2cfb7bb08b2f648cabfacd2515161adb48e7eaa09424292aa

SHA512
707e5a0c968e936ef2eb76116295af83133108b54ae4ece675a9044d6f3f0bbd0023f6352cb8df32951b5b4379eab8c6c78bf5618a81b2c2a601c2fd8eebf127

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\index.txt

Filesize
197B

MD5
4fe7ccdd2aa44f40d107788922f3fb61

SHA1
a96b37f889adfff2812a4f5ac4436619cb8ce31c

SHA256
40a3de2c4f2e8e81bcdac0fc4eccb26c1a0d8a846428032c9d0f4d46e361d662

SHA512
7556087c9706d5f4c42bd23172034c140bdd5a315f2b0a5748bc44da3dddf28942c77fbc3e7b8ef5d1f7184734215117f1855560c6c2fcd3f33d26d35c7e4dad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\index.txt

Filesize
193B

MD5
22bd59f5dfb6fc18bc4ff1afcddf6bdd

SHA1
80912f8cb128b7c30552aa046300e70fa9b3fd13

SHA256
2eeb493c3ea6e7a78a06d388d3650865b18fbe4a61ab4b6464fc8573797d4057

SHA512
e2370c6726b670e5c9074e16728630174d79559dbf4fff9b438974500bd8540f750b4239a571bfa05434a715767d189a3abc5863e2633f63957ca60d77adf32d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\index.txt~RFe57a633.TMP

Filesize
131B

MD5
50acb6653830576f2cd85f8331ce2388

SHA1
741814422ff4e11971d83d4aafc2962ccf1da877

SHA256
431b63ffb7797d3666b7b90f657e4b5d2a322d0d5ca4100ea1e30f913df922d8

SHA512
0760ca4576efee6de40367e057b11528ae23b8d860af38440a0f9ede0253c627082714e16d95a43846d4f87dd6062af51b54d5ed0ba121e7876d419596054ffd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
288B

MD5
2361bfc487c1ba8a39cea1a16f9f5091

SHA1
00b3543ac8655e3c25b19dab0c4b7ce2f0418717

SHA256
4841d0b9b383c145480667b2da76b1d21401a2ad2c485ec7e3b3ef646d8c341f

SHA512
36135a057a6bf7b60dd24a7825d8ff0809fa4b65a47e2e86f05b027a1bfdc3f2986b5b93772ccd5f33057e9ab2c9657f258605ffbb71c7daa13e220e88ef5483

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f443.TMP

Filesize
48B

MD5
a74a2969a36bcc0b6ec3f207703eb5e9

SHA1
37ad5d62657ce1637a866202c4fa54ac3998765f

SHA256
9d443ae5c0a9ce62c829fa5e670217b91bf06393507c3747a9cb439110a9a5af

SHA512
be0f10f5f889631095dc6c94e139b58bebc679c19be3f1ed96905a8e31fe3d6be2b0657c857b7c00432719391ede5ef1ab862ba6e728267ae63753670f2d1162

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
d95867892b84a849edf4b0cb2348ad6b

SHA1
c4d595441922aaaf2748579e6c2da9c34cfb6aa1

SHA256
06ab35121f7cab705d3a83231d04ceed250da9f91795e5bc9ab303b07f1ea769

SHA512
81b10ee5de63a4eac9c2f135348779dd0e8b13265bb35de87f142fd5503a1f1bb292e22a0526eb3f6e7cbca54a3361cb23f560df09d96f400a573edb5aa7bf7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
f185185bb8872e7c77c1fec7aeb9fad7

SHA1
172ee3a5509ae93cb7e2fe094e6fb2f7a6eb8e93

SHA256
95b39b72a1ab0d12191538b4fe5c901d21cd051cb587a478f56dd2a44fc25503

SHA512
d4112cf69558de2bb6ca68acfeaea21d3d2788bd792a3512e4d8b21dfd2d364b5b420ec21d29f8886ae42b7ed2f8d60481a21867bea2c9bc13a19187159dab46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
154KB

MD5
fc7ac4978d84b4bb2f730964de838b00

SHA1
95bb11a63f934a2d059e6d4bb6c54b02da600451

SHA256
e82865708f8fa585ab52e639174d611b456570a90d9e5e513f6d9dc48c4c6708

SHA512
bddfc9177254eaf235e974f203d0bb9cf71d9a7bd0a50e15b0992e36774bc9b8e332fa08c1b0d247106c763106bbb5adcee31ded24e61437996ad89e70293640

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\4d6727b3-d57c-440b-a24e-705d91e9e3a7.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\Downloads\NoMoreRansom.exe

Filesize
1.4MB

MD5
63210f8f1dde6c40a7f3643ccf0ff313

SHA1
57edd72391d710d71bead504d44389d0462ccec9

SHA256
2aab13d49b60001de3aa47fb8f7251a973faa7f3c53a3840cdf5fd0b26e9a09f

SHA512
87a89e8ab85be150a783a9f8d41797cfa12f86fdccb48f2180c0498bfd2b1040b730dee4665fe2c83b98d436453680226051b7f1532e1c0e0cda0cf702e80a11

Download Submit
C:\Users\Admin\Downloads\NoMoreRansom.exe:Zone.Identifier

Filesize
55B

MD5
0f98a5550abe0fb880568b1480c96a1c

SHA1
d2ce9f7057b201d31f79f3aee2225d89f36be07d

SHA256
2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1

SHA512
dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

Download Submit
memory/1844-1532-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/1844-1533-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/1844-1534-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/1844-1536-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download