Overview

overview

10

Static

static

1

URLScan

urlscan

https://github.com/t...

windows11-21h2-x64

10

Resubmissions

09/04/2025, 18:17

250409-wxezyayn18 6

09/04/2025, 18:08

250409-wq725symz6 10

Analysis

  • max time kernel
    472s
  • max time network
    475s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250313-en
  • resource tags

    arch:x64arch:x86image:win11-20250313-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    09/04/2025, 18:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://github.com/topics/malware-samples

Score
10/10
gandcrabbackdoorcredential_accessdefense_evasiondiscoveryexecutionimpactransomwarestealer

Malware Config

Extracted

Path

C:\$Recycle.Bin\EFZUBVNRQ-DECRYPT.txt

Ransom Note
---= GANDCRAB V5.0.3 =--- ***********************UNDER NO CIRCUMSTANCES DO NOT DELETE THIS FILE, UNTIL ALL YOUR DATA IS RECOVERED*********************** *****FAILING TO DO SO, WILL RESULT IN YOUR SYSTEM CORRUPTION, IF THERE WILL BE DECRYPTION ERRORS***** Attention! All your files, documents, photos, databases and other important files are encrypted and have the extension: .EFZUBVNRQ The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files. The server with your key is in a closed network TOR. You can get there by the following ways: ---------------------------------------------------------------------------------------- | 0. Download Tor browser - https://www.torproject.org/ | 1. Install Tor browser | 2. Open Tor Browser | 3. Open link in TOR browser: http://gandcrabmfe6mnef.onion/2a581c84442e9e29 | 4. Follow the instructions on this page ---------------------------------------------------------------------------------------- On our page you will see instructions on payment and get the opportunity to decrypt 1 file for free. ATTENTION! IN ORDER TO PREVENT DATA DAMAGE: * DO NOT MODIFY ENCRYPTED FILES * DO NOT CHANGE DATA BELOW ---BEGIN GANDCRAB KEY--- lAQAANp1mQ5is2pxnDCeFxD8m2qN4NqmHEu6nXQGmktEfR0FKH5vOMakH8sxU11gLLN1cCclNxAxA9QEcASgEHR2ciSWNtz9xgksvOjS6SBBhXoac+3rh04iIND/3hOuMF60D60XOA7W14mf8dXaT0l5R9g2TGCqAs0v1zRcHnpavNprogpg9Ue94NyzS7rePz3ifYl9K3m6qVvmaTdYdglg7fbgQItG7LjFO8DNVEtjmwHwhSrA8easjCSRVAiBmR5iCpYQ8RCNDj5SD19zdyg2l+PpdJzBE/1X+CDFN2Cxohsur+qcl9VSdLIAxhWn6wgyR/7oVtodThWNg77Vd+rNCLPeYN2m1v632U5lOkLgnBVzONGgGkPTRTRiSjmSJAf2ugcRmAMMCNb/7HGCTdMZNdxpvixkaQsVaeRY2kGxFhWueL1nBoOqV4Xzg1pJN7ICHwYd05JAUcD08wX/NA59njcDrU0+mlqv66zxgIwZVTod4rlLf0MB4FOA3CxTQGcduXPlYZZZXLK4GzTWNPltExFvi4d4o+hBLY+3fwfmqyEaGhTLXFdh1WR4JKMpPKVXfSLpYwDtwPnLvNhKbJt6PUQqw9AdvlXnXwKqDcrSY5Msc6XseROe60lmZP+Q7Rn+95d3D7fGj11tLhC+FdRkCp6mAIurOAE1/XTodcSKZ+cRfg/ula6XZXTISXXP2OoMUe7so9bVIT/Xim75e5LZ6HvzBIHSiXdqYojo1rdhR2AWW69Ds+ev3VvCkZW0P8LDhuzC2lATBCaM8pAABsz2tXdG6YZlTys90V7nSzCMfFFi6C5b8gA7ouLNdtlW8Ru4V7mvTBx+0jYW5xHvYE33F02qCiFvXYboQc9n/DZCzTbH1rL67EdoOpG0RAYN8Yi2UDg7ZskWuungFZ7GS68kxLF2RxPh74U71xzcBnqB71ncROeXPvrPpkNYcXsrvGQlekpv3J+yi4nLGvSRDlk5lB+5wF0rVu1HH3RPRCla1oCJSEiKBWtzyajYZoLAaXwXyIww1aK+neeTKt4GmVnHJeEtHFbtv5XfqGbw/df1pkS7pyN8Lly7kclgtoh3UUx2AN1Q9//x6e+rTqcR8iyK3g2Rl7aKvMbd5AuBA7smeUYXW2W+822m6pAUM7rQ7iG2pfSxXBMCcDNW5w1TPPbKB/qcPjezu2zgoDgOJz5HPjPmyINwuYHtY41VxVQPIg/dr8y4sNCDZh15PFb0HZu67pspUkt6ArGQVI5Px2udftfitFMY8ETY7BW7BEDTq9djUpDy5jUnnCYk3LW+nwhemXO8/1BSCZkUkqyZJwsdW/jh2yiI9Jni6C7HAQmqffK2YE6RDeAnisnrBqJBkppRZRaNKEBKdp13Rsw5gUzGCRy3bvs1m6zwP853wA8DYVM57HoJSh2t2USShYQz84aZJJDBTiiU8R2MWePGx8xv0bjFbVEbJwMOU7wYLROv6I7i3sMMNTgKqfNo7/YXMwuQWkWiwTyjkv5lLhGSEGHXbH6N04eLx/JJMjLRhoyeenkzrCxDwxuUEacNcovOpxpERpaPP6QNiPMOK+hbDE65ay7Fxopa3YbsARaB3yBFpJaPP4AC/3FZJh1Os6O71lW9Nuti1g4OT9GakRSz4R6Ja/xz9vlNgZ7tEa5lYoacBKdJ8PbyFniKobaZWKS4x+klh0OsYuii7pqSJ7DY5pxwtWNLuITiwoeqJANfxRPTLE6dKE9pp96cqme30Xfoe9Au6nUJy5C5cfoNkmiMungerjFE9AuazJ3V8DJga/D4DLgOYRlipeZbOhFL+/Oh8kq6+cSu7vh+NTTNCycGRGfCWXk60rq0+Y1QzxV0V63bH2nkTrFSS68bAEUR/0GNeN0jfzpd9Sjd8wAVwnX0ZWYVfKGAN4S+GUaDFdgmG9HgEgOPdqww7+V2OhKOVHEe5SaWd8Chadyn1ncxRf/ZHju0P8mUDnDlWLovy8bSs9rYmCLWB7iOi+J9Qnp5dKqETUxoGSdSMHolZ6i51blsT0bTJ/dt3sfcDzQ8odxnZx8mu7WjWjNLkDEYAXkFcjSVu8XDhN2XpXW2qxRvWWak3OuqWtri/0yZ19KIRwIcDjPyvSCZc1EBdbO0j+I4i5+dC1vkcBWLZq14BP/648ies+TRw+8v0dMfI42AdFl+3o3iyo4pVz5gnsFqENRblHEA6CQlk6hmnE/IW2XA4HhXDKHnmSFNkAq175gGstqgS+dOqXS7/U2PBo8= ---END GANDCRAB KEY--- ---BEGIN PC DATA--- wfKD6iudumBkmpL8IRr4U4exEVaoOXLtwDwmOrT1y1YWvOiWMx5GYaRdvZZbTpNRrHYN7mpWt7fBTGqHhh5qBJzzs9MC7736UkGSDDniUJJG8/LFF//kmGmoAZAGLo2j5/wd2UrxMJK+iqKhTkS3ArgAxrZOOOiXrbnhbWMkLHQnbYuWlMClYZxYU6SDxpopRo5r292AV1KIZBZV4APBuUHcKSIr2MWMI0O1MKIP2IpKLE2TS5wNmoQoAHZIP7k/TfrG1tVzlDb3jcZAB3gql9dnWN0lCD4xdg7bDNQrvH1xSi3FCw+6kfktKtizqdynr7r154JiurEmkUXB4uL1/2M2GesnGohYZFqHBiPtqRHUEYwbqCdH4tu4Mqb3Y5NyPYz32XaispQRTRkqF1PXJPcJ15EHwNAoARPLnK8+Au5ZALyfhGEwg6hrKQ3vxBFKwg70Zi7pARFK3vTLMuap1wEZNnQRRlOKYDmn1lvgAn90mSDf7SyGQSZnn7Ivlsuw7HIKVYbpfzf2fBccdMBnP2lNhH9XQ3DC2qZAEuDtLkioBZ9MNJGhHpcOfb/LRc8P54k7V/HuibORzJL9NXYEh8sz/ewORahtHP+ZbmbW4eJPXp1eNtQ19EJhJFLe2qhgw2mJLRMzwAtbfjn5E2ENiW4EkrJfTw== ---END PC DATA---
URLs

http://gandcrabmfe6mnef.onion/2a581c84442e9e29

Signatures

  • Gandcrab

    Gandcrab is a Trojan horse that encrypts files on a computer.

    ransomwarebackdoorgandcrab
  • Gandcrab family
    gandcrab
  • Deletes shadow copies 3 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution
  • Renames multiple (332) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Downloads MZ/PE file 5 IoCs
  • Credentials from Password Stores: Windows Credential Manager 1 TTPs

    Suspicious access to Credentials History.

    credential_accessstealer
  • Drops startup file 2 IoCs
  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Drops file in Program Files directory 32 IoCs
  • Drops file in Windows directory 1 IoCs
  • Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs

    When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

    defense_evasion
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 9 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 24 IoCs
  • NTFS ADS 9 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of SetWindowsHookEx 22 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/topics/malware-samples
    1⤵
    • Drops file in Windows directory
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:532
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0x84,0x108,0x7ffad0cedcf8,0x7ffad0cedd04,0x7ffad0cedd10
      2⤵
        PID:4760
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1960,i,1286738823712602079,12903097797521666411,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=1956 /prefetch:2
        2⤵
          PID:3468
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1480,i,1286738823712602079,12903097797521666411,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=2280 /prefetch:11
          2⤵
          • Downloads MZ/PE file
          PID:3820
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2352,i,1286738823712602079,12903097797521666411,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=2600 /prefetch:13
          2⤵
            PID:2200
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3208,i,1286738823712602079,12903097797521666411,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3236 /prefetch:1
            2⤵
              PID:1304
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3224,i,1286738823712602079,12903097797521666411,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3268 /prefetch:1
              2⤵
                PID:3956
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3844,i,1286738823712602079,12903097797521666411,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4352 /prefetch:9
                2⤵
                  PID:4996
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5244,i,1286738823712602079,12903097797521666411,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5256 /prefetch:14
                  2⤵
                    PID:4636
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5408,i,1286738823712602079,12903097797521666411,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=216 /prefetch:14
                    2⤵
                      PID:4992
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5100,i,1286738823712602079,12903097797521666411,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5436 /prefetch:14
                      2⤵
                        PID:1476
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5144,i,1286738823712602079,12903097797521666411,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5460 /prefetch:14
                        2⤵
                          PID:804
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4424,i,1286738823712602079,12903097797521666411,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4460 /prefetch:14
                          2⤵
                          • NTFS ADS
                          PID:1928
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=5028,i,1286738823712602079,12903097797521666411,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5688 /prefetch:10
                          2⤵
                            PID:2552
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5272,i,1286738823712602079,12903097797521666411,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4524 /prefetch:14
                            2⤵
                              PID:4232
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5140,i,1286738823712602079,12903097797521666411,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5444 /prefetch:14
                              2⤵
                              • NTFS ADS
                              PID:2104
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5696,i,1286738823712602079,12903097797521666411,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=216 /prefetch:14
                              2⤵
                              • NTFS ADS
                              PID:2000
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5816,i,1286738823712602079,12903097797521666411,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4748 /prefetch:14
                              2⤵
                              • NTFS ADS
                              PID:880
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5848,i,1286738823712602079,12903097797521666411,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4488 /prefetch:14
                              2⤵
                              • Subvert Trust Controls: Mark-of-the-Web Bypass
                              • NTFS ADS
                              PID:3644
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5612,i,1286738823712602079,12903097797521666411,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3792 /prefetch:14
                              2⤵
                              • NTFS ADS
                              PID:2556
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=1512,i,1286738823712602079,12903097797521666411,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4488 /prefetch:14
                              2⤵
                              • NTFS ADS
                              PID:5100
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5592,i,1286738823712602079,12903097797521666411,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5432 /prefetch:14
                              2⤵
                              • Subvert Trust Controls: Mark-of-the-Web Bypass
                              • NTFS ADS
                              PID:5112
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5032,i,1286738823712602079,12903097797521666411,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=1536 /prefetch:14
                              2⤵
                              • NTFS ADS
                              PID:4532
                          • C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
                            "C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
                            1⤵
                              PID:3840
                            • C:\Windows\system32\svchost.exe
                              C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                              1⤵
                                PID:2228
                              • C:\Windows\System32\rundll32.exe
                                C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                1⤵
                                  PID:3844
                                • C:\Windows\system32\OpenWith.exe
                                  C:\Windows\system32\OpenWith.exe -Embedding
                                  1⤵
                                  • Modifies registry class
                                  • Suspicious behavior: GetForegroundWindowSpam
                                  • Suspicious use of SetWindowsHookEx
                                  PID:2964
                                  • C:\Program Files\Microsoft Office\root\Office16\Winword.exe
                                    "C:\Program Files\Microsoft Office\root\Office16\Winword.exe" /n "C:\Users\Admin\AppData\Local\Temp\Temp1_AntiExe.A.zip\Anti_EXE_BOOT.IMA"
                                    2⤵
                                    • Checks processor information in registry
                                    • Enumerates system info in registry
                                    • Suspicious behavior: AddClipboardFormatListener
                                    • Suspicious use of SetWindowsHookEx
                                    PID:1812
                                • C:\Windows\system32\NOTEPAD.EXE
                                  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_AntiExe.A.zip\Anti_Exe_BOOT.txt
                                  1⤵
                                  • Opens file in notepad (likely ransom note)
                                  PID:1220
                                • C:\Users\Admin\Desktop\Gandcrab5.0.3.exe
                                  "C:\Users\Admin\Desktop\Gandcrab5.0.3.exe"
                                  1⤵
                                  • Executes dropped EXE
                                  • System Location Discovery: System Language Discovery
                                  PID:2400
                                  • C:\Windows\SysWOW64\wermgr.exe
                                    "C:\Windows\System32\wermgr.exe"
                                    2⤵
                                    • Drops startup file
                                    • Enumerates connected drives
                                    • Sets desktop wallpaper using registry
                                    • Drops file in Program Files directory
                                    • System Location Discovery: System Language Discovery
                                    • Checks processor information in registry
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:2444
                                    • C:\Windows\SysWOW64\wbem\wmic.exe
                                      "C:\Windows\system32\wbem\wmic.exe" shadowcopy delete
                                      3⤵
                                      • System Location Discovery: System Language Discovery
                                      PID:4720
                                • C:\Users\Admin\Desktop\GandCrabv4.exe
                                  "C:\Users\Admin\Desktop\GandCrabv4.exe"
                                  1⤵
                                  • Executes dropped EXE
                                  • Enumerates connected drives
                                  • System Location Discovery: System Language Discovery
                                  • Checks processor information in registry
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:2548
                                  • C:\Windows\SysWOW64\wbem\wmic.exe
                                    "C:\Windows\system32\wbem\wmic.exe" shadowcopy delete
                                    2⤵
                                    • System Location Discovery: System Language Discovery
                                    PID:2820
                                • C:\Windows\system32\vssvc.exe
                                  C:\Windows\system32\vssvc.exe
                                  1⤵
                                    PID:3120
                                  • C:\Windows\system32\BackgroundTransferHost.exe
                                    "BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
                                    1⤵
                                    • Modifies registry class
                                    PID:1228

                                  Network

                                  MITRE ATT&CK Enterprise v16

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\$Recycle.Bin\EFZUBVNRQ-DECRYPT.txt
                                    Filesize

                                    8KB

                                    MD5

                                    9e041849075b3b0ca72856186febb685

                                    SHA1

                                    44797c5fa16447dc70da0fefffb8e5f5a4de88f0

                                    SHA256

                                    e384a892a8e70ac416c13e59fb8fa6aafcdcc1b11566de2b8e5266265c08bc94

                                    SHA512

                                    43c446a04f0d6af3920685a222136450d1e395d9145a4e522b3bf7d6bf98683b75680245e5db64e94c0a37bd202c46498d7c9494ad3b5f2c34c20bc45f3df6d6

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
                                    Filesize

                                    649B

                                    MD5

                                    3a87379f081f2b42a1854875d6dc05dc

                                    SHA1

                                    2990f49357c6f188a9f6f6c3564c7b05f6770c46

                                    SHA256

                                    91052d8bf60ab83a5d02783cd3bec688bf94e1ae34328ea3fe5852a864f0f302

                                    SHA512

                                    aee8aba512137d47efbf196d6c5f98d8ef6ab674c6da62fb29b2c842b6ac0eacff2aa86e44af910a7280c8a8e05af9218556c2b4ec7436370bab11c07b5b8840

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005
                                    Filesize

                                    58KB

                                    MD5

                                    59f4da10d2f78509e07aeafba20e0c77

                                    SHA1

                                    0f4a151e3bac76e37a0df8b2a1796e63b8d1e520

                                    SHA256

                                    ded6d17cb77bf077410b86f28abe9fa78e46a17c4573750be1d34adb799c2d22

                                    SHA512

                                    2c39e5d125ab952ef7bc056d18585bca9675ecee998b9c6596323bd78d587a707b57c676a062c9979cde0c61b8c07ba326c280bb22d21734136a637265ca4f1c

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014
                                    Filesize

                                    23KB

                                    MD5

                                    687d5ee4793de5b13bc7b8bdbd7652a3

                                    SHA1

                                    0ae7bf43ea433c214a387d2c5a87082c5b504e8d

                                    SHA256

                                    c02a6078fe322344c31146e51e3444bdbb2d3e2e2964e6e1e0b11f9f3253c427

                                    SHA512

                                    d998096ab278845599534915c9ea976df6b5308b51b805ce1a4d2c0d239a01c8f98e3df4eccabd83f8f32eeb4cfd33412b0d8dd89c4bb8226aeabc536af8f958

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015
                                    Filesize

                                    158KB

                                    MD5

                                    a85f2754a98d47b084bda4d5b80d16cf

                                    SHA1

                                    785ba374d35ee68c12f7da524b2e21bf86d2a272

                                    SHA256

                                    f17170f603b0e07b71d279b17cee15212fcd7678b120cacc70e0ccee83ae4eca

                                    SHA512

                                    862705a71875d10fcdca8d59b69664bbe7a3d681b1bab1801c260fcaa222d45113d99ee39f08f095ac55d47031c9410f25667df27fcdbceef67b308cb1405a88

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000032
                                    Filesize

                                    463KB

                                    MD5

                                    60f2ef9fc914e5700f75d2501e4e7a6f

                                    SHA1

                                    ea7853e4c182f171009db1c6e444fde040ba756c

                                    SHA256

                                    2c7e46427b42cc29ef4dd8a7d06cac805035cb8dbebed9d9e9dbbfe97310c65c

                                    SHA512

                                    a2c447615d278ae947bcc027c3364f9ee5cb894c92764aa0331a2137d9428be20c7c0d5312508a786102f59bda88337d19d8630d47912641390303a6d50c3960

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003b
                                    Filesize

                                    168KB

                                    MD5

                                    41c673415dabbfa63905ff273bdc34e9

                                    SHA1

                                    828bd5168109bd999cf83e276bc9204992d6c5a9

                                    SHA256

                                    52f2b6380b492c175837418285cbefa51f1de3187d00c01383bb5f9ca4ebe7db

                                    SHA512

                                    c7bce30eeb9fb386c9bd4a35d2b725ebe1233d496bcc91dcbd5d31ad1e602387c9a51766b9ff98ced955067333c3d41cb56898bae40f30241ea9f1a0c32e3ee7

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
                                    Filesize

                                    2KB

                                    MD5

                                    60c49a6e386979e5691f61ba4ca17437

                                    SHA1

                                    9529d109222e4049644f8dab429da04984fd1b54

                                    SHA256

                                    e9026e8ab6d3b76906948ab45e58b39a551ea9d779428836b7dd5eac9eac7c50

                                    SHA512

                                    ed2ec2a4eaab2efc636f2c07951a498dbb0b33c2767e0c7e18acae359565a540428d17854f655cdd0556e97c88679590e6c23875c4860d44c2d9d2f69a14a5fb

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
                                    Filesize

                                    2KB

                                    MD5

                                    019af5e87507018a439ca989df79681b

                                    SHA1

                                    752f360d68841785dff745fa26e8f3a9785fe5bb

                                    SHA256

                                    563673478f2aaef96650307413219564874e6e16426df2f74d053e9cb718430d

                                    SHA512

                                    617da21365d5bb978dadc9e92b3a0998cdd7ca8114734536fd03fb0f274311c1b2c0a819de73e87111daddf2249610e27e1d2a276b112fbd803a1bdf5205510e

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
                                    Filesize

                                    2KB

                                    MD5

                                    e69d5837b69092af1c928824f5b6bceb

                                    SHA1

                                    0a2566e4635b39243c6f65488a907fc334b399f0

                                    SHA256

                                    146564b18bda0c577f68393329b12a08cf96e1425de5ce83ab6f584c18ca568b

                                    SHA512

                                    131461efd8f062ad39bf91b20da6e2777d797a2a85e7368b07a7d319c926d039dfa2478cfb6de2ae5edc19e6e298b8b56664b1ca6b1c55378ce479c9c1552c26

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                    Filesize

                                    3KB

                                    MD5

                                    daec60c77592615238ad205d7e689583

                                    SHA1

                                    48e7a46e8e1636192b98365d5a6a97ce109ca5c0

                                    SHA256

                                    b4608507186be44e7aa2f87067e04544a184552285ebda5704de13b90bbfa2c8

                                    SHA512

                                    28ee42a6b9329142aeed424e29aec7de6099078acf380f030f661918fe3aa577c85cf499d5f46c9b83fa2af8c8448db889e121fd1c0168ed7105d05021bde6fb

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                    Filesize

                                    3KB

                                    MD5

                                    314f5339ba71cc43d5e36a2483f20d2d

                                    SHA1

                                    124eb4d4dbd005731313300f150f43ffd600bb3f

                                    SHA256

                                    62fac98ee2b1c2752a59b51010f31d64947a4210b18c176a6d9498ba8c9feff9

                                    SHA512

                                    37e03be880e44b1ebe55d852fc65228c300d29dc178e36df1f7cd301ef734b822c82370a359e0d41ba57df6a5fa2dffd2f412357b5db99f0d88dea369b210ebc

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
                                    Filesize

                                    2B

                                    MD5

                                    d751713988987e9331980363e24189ce

                                    SHA1

                                    97d170e1550eee4afc0af065b78cda302a97674c

                                    SHA256

                                    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                    SHA512

                                    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                    Filesize

                                    11KB

                                    MD5

                                    eb7402c2a2fecda05fbc1b70a762e628

                                    SHA1

                                    372ef035f64c5bc400c82f728fd1a21d0679fd23

                                    SHA256

                                    bf16c5887b7ac2c1992f48d2d5caf9bc8c8f8458749892a188ded6c41f444a6a

                                    SHA512

                                    d32b3b704a336dfdebd68a47bdbe1cd01af4b5085c488ec319830437b63be3c47bb51b3f61c2da64fbb55ca339123c98b8788431665396d33b269ab247c075a7

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                    Filesize

                                    11KB

                                    MD5

                                    d4a7ef9626b82505247ea6a05d2e2a0e

                                    SHA1

                                    90d703cc3cdcae752ac2710d552d3242789aaac5

                                    SHA256

                                    be922e43e25880f049ce93af28d1dc73122cb786467906b5884a1b6d641b1b74

                                    SHA512

                                    64b4cbf3075727fd66780ed0d01aa47eb98fc7e76a7447a6e00d58c1880a02934cf129572ce73f0dfe9476fc8f6ec0292a1f898466760a8354cdca1b62ccdcd4

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                    Filesize

                                    11KB

                                    MD5

                                    25fb4c3779e0f4f4fe4c0aea3d0ae683

                                    SHA1

                                    3b40305d2293cb6aa439f5ade88cf7ccc557f972

                                    SHA256

                                    118785dddebd9a2ed1f46d4d7c52836e9b9a2461940e7d5140f139d1630c073d

                                    SHA512

                                    3127db90d3068cc5a5adbf0195b7240969c359a5c4c1e445845f6e4e9b7e3c2ace4e467d93a23c09a25f04988fd9c3c15d3f566533ef5eaaac19c075f5df5fea

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                    Filesize

                                    11KB

                                    MD5

                                    5b6735695390c9207f4dad88037ab000

                                    SHA1

                                    05aa33fc404c7fe71e62b8cc5051153d9bb47721

                                    SHA256

                                    db7ef6ebc0ca3b84bf8408658d83d84f0232fca22f1d732dc148654976a67b71

                                    SHA512

                                    8e19cdbabb3b4ed4ca6c7ca8eaa1d4012ece1537444c657e6b2a66abef3119894351a5ec425e582a861c2424d83d51596d93d6d9c77ba3f0ca12ac926cff1ddb

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                    Filesize

                                    11KB

                                    MD5

                                    3a6ba979fd4ad548451df73d13a7883b

                                    SHA1

                                    0f41be94374f4f6f53779eb94e86c5a541bfcce8

                                    SHA256

                                    d3b3126049e5607008241ec984185a00099b0b534c3571d47fc462694e82d51b

                                    SHA512

                                    746ace46c5fdf09a8c7dce1c5ceab59368f75de583b3b31adf895b5fad688926d2a6979d46b18e25ba74cfe03a95870528d61d58a8e8d5c9e4be00f2eb9cf45d

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                    Filesize

                                    11KB

                                    MD5

                                    435d3e30e570f06ab6a93729f64eec47

                                    SHA1

                                    f91aab695d54984636c1ff58d26a60cd8f182378

                                    SHA256

                                    85ff34ce6b5b606fdad1b4bcf329b9612f341efd53a9caa41857c6caf7795370

                                    SHA512

                                    c596f7386fe31640436adebc4cf18d70f4c07d9d51a84ab9a3ef591d3b71d6601a20b5d7d1c84086a403bef9d3d354cee88d78e2e10ad2d4945386b2142e8d39

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                    Filesize

                                    11KB

                                    MD5

                                    717c0bffc3d2f478cfd47813c2f256ae

                                    SHA1

                                    2fdee47073a7ad39b9004f6ab228f79b390bc436

                                    SHA256

                                    7463740088f3a74532cb1ec558c92c039508ce2b2003db4c99032e9ffff498d8

                                    SHA512

                                    87a818f349e45af3064a946f2f2d0ea329e7ddc93cc0743f8996ee2d9aa49491da0bc6b8d930543a32c4575ca150d59ab6ad7e7a39ec41c65c7322f1976dd362

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                    Filesize

                                    11KB

                                    MD5

                                    4e796b11e85fdb0ed91807824cc6de22

                                    SHA1

                                    933cdf3b2a4b5d0b3339626b22015b56aae0f5bc

                                    SHA256

                                    daea22f8dee1365b2070f6a204aa9882a7a6940ad1ab93a7f13aef7a3f9bff13

                                    SHA512

                                    dc23c0bce1743b7f7fbe48c4d8fee7ac4c358e2b92d9073bfc392d0e3e9b4a80e620751b1b11455836deac1b4f1608280eac6f520f5b557c4380427138f0d47a

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                    Filesize

                                    11KB

                                    MD5

                                    586c3065f14a84b8fe69b577fb752cff

                                    SHA1

                                    3de3f4892baa3e4346f12e43361709ea45d6bf32

                                    SHA256

                                    1e2a6200790f9033d51d6e3c6ec8405df66f34df674a7ae0433df468ab2dbb13

                                    SHA512

                                    e144c71ca0c1bea822851a68ae5aaf5ccc1d0956a41cc6e208a9b4090acf2b2ecb1f2ea16a3f03a0ba48b44dccdcfe4ecfe7b682ae718e7a9610c605006fd589

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                    Filesize

                                    11KB

                                    MD5

                                    62563df836c8aaae5fc0652985042204

                                    SHA1

                                    b283f5b09a283c4d3970029febc5e07ef7f3e97e

                                    SHA256

                                    b4349880dc54dd8dc4fbf6ec5c9b88af687c0fc9f7428fcb23515a0e832c074c

                                    SHA512

                                    ea6a3fcbfbd085c018b176711ec6498438c2077a73cfeaaaaa9268821e1a03d8367984e3307571cfdebfe41634b33dcba6eedccecc77e143f903eb08a432d922

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                    Filesize

                                    11KB

                                    MD5

                                    cddb6192348060fb2c0032463c143e97

                                    SHA1

                                    29cffe6adc700046166d04795224f42fd99670b2

                                    SHA256

                                    11c3209c9c5c6a58e4abb08ddccc2b065a5e4d14e8eb70629cc21dcdcf9d836d

                                    SHA512

                                    aaa795ff5dc7c42d4d7923a7522193e5ab8f25359b3a0ea62793c76d4d0458478bdb37f544af9e843cb7424f02ef932632943dc3079e1bc0f3e02a45b92ead74

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                    Filesize

                                    11KB

                                    MD5

                                    9cdc51f939a7328e6c3e9732b4340eb0

                                    SHA1

                                    aee29ee8069df48bf2f5faa30608e28647da7332

                                    SHA256

                                    5257c2d13bbbf0039dac9dc591aa4b646010ee9404c7f288554379d92fb6c1eb

                                    SHA512

                                    81bca80df58e4bc495d10cd098ef8b805cf9f3b83cbf5b6642719e604a740d82d61d5d5aa5a57945175afc23569125c65bdb511cc2baac7e5e06d79adba2af63

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                    Filesize

                                    11KB

                                    MD5

                                    0d75d7ea3d12a95c1daaeafbbd59c2a4

                                    SHA1

                                    e2c6e38267b072c4cf22f2bec15819309a67eaba

                                    SHA256

                                    232293eb1a9d244d693aa08e3c46926666ea7d1d7f9c3949b68667f5e488f6ce

                                    SHA512

                                    d1f6d8b9b7ad3004042cc437df7d4730085f59bb5c51b79be3f91d097172887b194a56251e741708bd703fc6cbbdb5d59124776b5cf0b0946eeac84f1233a5a4

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                    Filesize

                                    11KB

                                    MD5

                                    735ccd120044aa3fe528ccc53a410387

                                    SHA1

                                    7e16b729d36dbf6746d9c12e454a1d0e63f1b7a9

                                    SHA256

                                    efd2b567ef0735b1a1658eadeabc68cb85917a603326216ff1fcfb557cf91879

                                    SHA512

                                    269cb553aca8c4ec9b7ac8c77a91971b372942cbfb917081f6b4dce504c9a447011503651aba8537a05099e6ef23472db5bdf6981e31317d6468ae89333fef74

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                    Filesize

                                    11KB

                                    MD5

                                    a1539c5e281ba98467457916d9dd9a02

                                    SHA1

                                    459da178b3e4fc3ce7d12a15ffd2e90aee4ff734

                                    SHA256

                                    ccf039a9eb6e0e6e6b413d7b57833c4ccb3405c943b2e291477597acbe64a0b8

                                    SHA512

                                    c64b1bb0a62fde921f03f34ed1fe0b7df3c8fe29441b8f3f125fd6b4c6d35ca6072c02ed3ca8b67ad6e578183467ee989253b2b3974b9e1be008a57fb0f33b49

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                    Filesize

                                    11KB

                                    MD5

                                    8eda0c77b24b9ee548e0e2e17cecceb4

                                    SHA1

                                    0bf6af8e44cd062eca0bc98aae88bfcb99235ce3

                                    SHA256

                                    161b09927e6aca8ae3e3d13920a38ac615524e266d8844a76a66f0a6c8b46847

                                    SHA512

                                    2431e4ff2ecfe2763b65c773c5ce73ab809d8f23234b86c0fef65daa94174594d78c3d8d018c40ea05f60eb8e27d47574d843ee55674b54c073922469c2f1675

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                    Filesize

                                    11KB

                                    MD5

                                    31ef825ca8a2c51ec4cf49e4d234c625

                                    SHA1

                                    b150dec33d6b8770e2e1c1465e09448704b7d65a

                                    SHA256

                                    dd93ae18201186da1325390e21570880f3cbba4d10e3e7dee334a7209e2a7ce0

                                    SHA512

                                    1ae4e7355e1c5802ab8dca76dfbfda4f39e96cfc0c37690ffb46219f48ef628f43ff7bf682a0b0ad329aa64b13579fb00867496b866a08cd46de7d30a6c61b44

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                    Filesize

                                    11KB

                                    MD5

                                    714959df1e9545aeada2149b55423be4

                                    SHA1

                                    0478beaad0905de6b558854b045cd493aab0f48f

                                    SHA256

                                    82b63120aa5b7e90772d069adf6963b16b9d2bdb86e8e4a0cbf275597f039b87

                                    SHA512

                                    5699e395d528a8da7bb5f8292adf5b2dec90e56f0670055cd1ca994080c7a922f38b8bb8a755b2587e1f822a152af50e49ffc7d50e476dec4bd5db460b8f596c

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                    Filesize

                                    11KB

                                    MD5

                                    9f7a3a64539f6b7e2ca0b2ee29afee6e

                                    SHA1

                                    03b22bca8c84b360a4494a312092367234cecd72

                                    SHA256

                                    93c7d06f3cb19b77918e643f385cafc1206f3f101a2a8cb134c0d15eb3a90e11

                                    SHA512

                                    c954e8e838b283961d7e778488050cd88954f1312f8ac4ccfcf0e5e5ad3b3a3a4130a0d66edbae246c1b471bd6548aace93a12764626ade1fe435b520e6a60a0

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                    Filesize

                                    11KB

                                    MD5

                                    433add14dd447b8399a317ba3d99dfa2

                                    SHA1

                                    aad560785e0c4b782fd8423f3d2d773ec80321b4

                                    SHA256

                                    25a8ae047c0a2619303ceec4a18d9e37651ba021c9ba2fb99818bfffc9b6a1d4

                                    SHA512

                                    eb5961f8a18a63716ac59819875ef8a5fbb1617b744de9c5fb61d61ec4ecedbecffacfb1d9db21ac566ffd8ae85b924f73ac5caae641115c1d8ff9074cc9c8ff

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
                                    Filesize

                                    15KB

                                    MD5

                                    a8bb56ecfe871b00ae826bbd7b4a6fd0

                                    SHA1

                                    6a276534042dbb3960221f93b25f02c749a66145

                                    SHA256

                                    2b0bfc928ea1bb191367c5d9d0ee0f850c78fbd248395df56ad9feb64ee92090

                                    SHA512

                                    5078e3ee603f7e08f7d3537c2cd4bc7891f3550fdb3be0498c0cbfeb6baea202b756d1b7dae2053f3fd64e05e1249ca6150fd16b6fea350a8ccdb1fe21ca5f18

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
                                    Filesize

                                    72B

                                    MD5

                                    9f35df8f99a827b71ac925054ae037a3

                                    SHA1

                                    b799008cc97e1aacb931f0d1899cc8a18d8ce4fd

                                    SHA256

                                    b252b584dc3f35ee6a764b2f90ca2f00fa6cc2a030a7f99a25e9a0782f0ff05e

                                    SHA512

                                    3742ebae544e309c0213b88c3d359bccd937e44afd59ea00ace195416f2f3f3c421ea851fd3d88bf3f4aad0fb67d983547333f3e8e70a08fb2e80fd8565b3341

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58431f.TMP
                                    Filesize

                                    48B

                                    MD5

                                    d232c08898775dbd5c2c7f9ccfb89109

                                    SHA1

                                    365a5bf7ec4b76fecbfdc69b6ecb0db418192103

                                    SHA256

                                    8c297ce6a13e15571eeb89718589b290455dac80b8d8d8239be130d4110ee680

                                    SHA512

                                    a4de83c6fe2a7f1a61c6076fd227ba60fdfcd773a88bb52e2cbeb054487978ef4440eb4983b5c629a0cf0be60c431f82ae4b8e220c019b66e1c915dbc7bf24f3

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                    Filesize

                                    81KB

                                    MD5

                                    f4b667fce1609a58cbb9d2a5e3025321

                                    SHA1

                                    70dbf093c894bff93f069f69ee5db795b2d2382a

                                    SHA256

                                    e35ccf1a8cb1120b1b2f1fd25b1a672489d9d540879d22f93c1a538d40454de3

                                    SHA512

                                    2b57cd2dd65b7f27e5a9a5293fcd9860ec73c64512a22487e9a6ea111140971ab257bd8ed6ed3377a51eaf581aec92225e6330ccdc29009d4dc871d6d79b6557

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                    Filesize

                                    81KB

                                    MD5

                                    0b6242e5e2438f8fc1013bc8c94f526c

                                    SHA1

                                    b06fec8d25c2e684c99e1cc019d04c9e548ce365

                                    SHA256

                                    1657653fc6d74d9636d7f3777548a73e1314004c75ba5df27ffe64a4c22bc970

                                    SHA512

                                    2008125151cc8fc973ea75f4c86e42bdcc0e7d8ca3149918371e2c0a5a979341a273b280ce82eeef937a1ce3ae754c2964cdb256e2c781e723cb7e0ed540de2d

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                    Filesize

                                    80KB

                                    MD5

                                    f664b6e27c3f1b8b70c9ba0649ea4186

                                    SHA1

                                    17c9a99e991bd1b3ca5a9a32278bb499bb2aebc7

                                    SHA256

                                    c894b24b31328f84ec7810a482193b2a50ff0b8c3ba34eb3611f09fd5b6b9e7f

                                    SHA512

                                    2864472ebf108efb6a7cb0f246ab5189a1f40dcd0c7de69f3f5e179d7ed7a6324f73ce5f705924c05c918acbc7438a355f369b847acc51dfc00b1b3433c46c0a

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                    Filesize

                                    81KB

                                    MD5

                                    ba51c705f69a69fc5874ac211ed0a4c3

                                    SHA1

                                    b2d5782e5b1894214015f7da85da00d23cc8e5a1

                                    SHA256

                                    bb1d71380d8aca60e9c3d160cf57e4d1f0e2b4050b61b67436b46a8c6d3e461b

                                    SHA512

                                    ffc4441dca16fddc5a39587b501e4411e88dd975bc2d3a842ada82575307995603f9a36af7fc2c48f987016556ea26475eff0e65085db0e87c680777e488685c

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\8b8c42e5-93a5-466e-b4ea-17fad679f282.down_data
                                    Filesize

                                    555KB

                                    MD5

                                    5683c0028832cae4ef93ca39c8ac5029

                                    SHA1

                                    248755e4e1db552e0b6f8651b04ca6d1b31a86fb

                                    SHA256

                                    855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

                                    SHA512

                                    aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

                                    Download Submit

                                  • C:\Users\Admin\Desktop\Gandcrab5.0.3.exe
                                    Filesize

                                    424KB

                                    MD5

                                    95557a29de4b70a25ce62a03472be684

                                    SHA1

                                    5baabf2869278e60d4c4f236b832bffddd6cf969

                                    SHA256

                                    49b769536224f160b6087dc866edf6445531c6136ab76b9d5079ce622b043200

                                    SHA512

                                    79b78cf77926e0d8b424ad9984f72d4461c7d9e7af58c4e2af32fa7c58cc445c534228b0709b87f5e35e1c8793b3d028dc60787151d852b8524023d08b57f103

                                    Download Submit

                                  • C:\Users\Admin\Downloads\AntiExe.A.zip
                                    Filesize

                                    3KB

                                    MD5

                                    8cee47cd109adfa5c5816685af873909

                                    SHA1

                                    8fa3b60ea7b526b46ca22fa6544443a670a7de46

                                    SHA256

                                    93861a8aa9a4f42489d029c64bc0599c208971891c70a9b2192b60e20c57d3bc

                                    SHA512

                                    b24d2f10927d10520e017151c0184fabca08691119893fdc04852c7caa775fbcbad29c7e6a20517c7791036d42e18b0e4b4ded2babd1707546612cc12265007e

                                    Download Submit

                                  • C:\Users\Admin\Downloads\AntiExe.A.zip:Zone.Identifier
                                    Filesize

                                    239B

                                    MD5

                                    d90a69967b7c9731a5de509791122618

                                    SHA1

                                    64f7eab1c9ffa542739f4de4667894674ac4fc4a

                                    SHA256

                                    c063f154c6e18f9ee753ce250e020dc6730b8049737ee8ae9814ccb78008bb4b

                                    SHA512

                                    5a5f8fcca02d041c217039fb75ccc541ecc2878724ba88fc6ac5e08f751a03e87b305e37b51c5f910f314137c78d4219e0797492843e5482fbfad980ca66d10f

                                    Download Submit

                                  • C:\Users\Admin\Downloads\GandCrabv4.exe:Zone.Identifier
                                    Filesize

                                    241B

                                    MD5

                                    b357563ae5244cad64cdbb5fafd7c7d5

                                    SHA1

                                    b8215f6dd9147d9964689e7d96be4382c6991d37

                                    SHA256

                                    d60eedb71365ef848599e4eca6a919e6a612dc02209bf99dd6ad96446948b1d5

                                    SHA512

                                    edd73e804683e6e1f98e0251ef57227a8f5dbceeccddcea673b7817bf2c52fcba34cc751d19b4fdf36676a3cb3a03af06226c32c8a0d88652f808671658ebe19

                                    Download Submit

                                  • C:\Users\Admin\Downloads\GandCrabv5RandomExtension.bin
                                    Filesize

                                    168KB

                                    MD5

                                    38b9150d35d2aa3e64a6e6dcfaf158cd

                                    SHA1

                                    e6d6390c9c727b66e3ef274183c43a7d2d2bf3bd

                                    SHA256

                                    9b231eb8e354134ba22ea477c3be6359bc059d7f871d20136216d6816ac65c95

                                    SHA512

                                    32011c62bc1d306dfbaa4a469bae729b7087f51a05319d06ad56cc6337d0ddb5f479e84123eb1daf0b450dd4c2027fe5a37e7710d0fe176bdcd8dae79e961f20

                                    Download Submit

                                  • C:\Users\Admin\Downloads\GandCrabv5RandomExtension.bin:Zone.Identifier
                                    Filesize

                                    140B

                                    MD5

                                    52f262f4ef61c0674bc322b64bbc5e6a

                                    SHA1

                                    7e0a56378d48c972dd069541dd5b8dcabbb01c9d

                                    SHA256

                                    77cc1543ca9d21527ce45cd0b5032f2cba01f6f82b06f94493ca1fe1e8d66d45

                                    SHA512

                                    0ef2044100b384808e10a03da9b42deb453bb80b604de65a4e53df052b445efd3d9910ebfb93ef2d81b60076abab247123eb903e748326c6c44e60587dcfc0c4

                                    Download Submit

                                  • C:\Users\Admin\Downloads\Gandcrab5.0.2.bin
                                    Filesize

                                    168KB

                                    MD5

                                    d4d08793a3ec315f186a38e172b746a4

                                    SHA1

                                    2ada8141814879c67245957f2fae81da5d8ffde3

                                    SHA256

                                    fc5b96addcb295d2749cb003355c233b0f58577b0292f021288632e5914a848a

                                    SHA512

                                    b7b7686328f6547eef072b091c89cc8f931c80ecf838534f7085cfe9299b002faa5983c0494b60d8155dbe759a39f27c650957e674b5c0a6b71dd6fbe9bf486b

                                    Download Submit

                                  • C:\Users\Admin\Downloads\Gandcrab5.0.3.exe:Zone.Identifier
                                    Filesize

                                    247B

                                    MD5

                                    443319b0d18b3c2de9a0cdf82465bda3

                                    SHA1

                                    e2549fdf8d8074273213d007b945e1d9d176a78f

                                    SHA256

                                    66dbbbd6fad8005d3943db875e922c0be9b5d10f068baa47e4cfcb427026cd5c

                                    SHA512

                                    373498df663fa7a850864d747c5e131b55799fbd3eb5e02c3e0c1a5b181b9ce86d7e80118936aa500829511a7858c32a0695634b839142876769b0fe58ea6810

                                    Download Submit

                                  • C:\Users\Admin\Downloads\Gandcrabv5.0.2exe.bin
                                    Filesize

                                    168KB

                                    MD5

                                    bdc1db4477d8942c86a7bab2b1880d03

                                    SHA1

                                    d2fe95b9453552a6c19db6de130e53f53fb59616

                                    SHA256

                                    3af85e736d9a26a1446ec9a83f5df653396f21ddea73223c849bef7cdd1b8790

                                    SHA512

                                    4f7a7fa008950371782d7ec60915552d51d9cf57e599bd572ebc6d5ca5477a1eb6841616b4f3e83be7c4a3d4749fa67c6c63648b1bae06f2022d8fdedae58628

                                    Download Submit

                                  • C:\Users\Admin\Downloads\Gandcrabv5.0.2exe.bin:Zone.Identifier
                                    Filesize

                                    255B

                                    MD5

                                    c96bf4e47a44f9b7b962f55dee54671d

                                    SHA1

                                    756e0e17ce6bfdd12de9c743cf4cda03532924a9

                                    SHA256

                                    e20aebb08bbce51997211c4a2038083d5a6ad2e6e1895c826bdb971710eee385

                                    SHA512

                                    d812cef42f938101a989d8eeda771774bd2abd0db5edfea71d19943a52483702e146aeb960fe01c076a8d228527daed6946ebbc7e21fe5857029976cb9de2959

                                    Download Submit

                                  • C:\Users\Admin\Downloads\Unconfirmed 428656.crdownload
                                    Filesize

                                    121KB

                                    MD5

                                    0301296543c91492d49847ae636857a4

                                    SHA1

                                    147731983582c2196c304d1e6453cb2d26920756

                                    SHA256

                                    ce093ffa19f020a2b73719f653b5e0423df28ef1d59035d55e99154a85c5c668

                                    SHA512

                                    66a141b6e4df8fed9f6aaa4bdcda7d922542619de458ac5a43e904af3d5d77ef8dcc579b5fe8b7a70bb0520164d1e756adc2695360cf9c5b75e57959ac19df68

                                    Download Submit

                                  • C:\Users\Admin\Downloads\samples.zip
                                    Filesize

                                    670KB

                                    MD5

                                    59e4d70fa46fc9ab83baef40caff18e7

                                    SHA1

                                    fc2e2b0bc5e63ef860a51edb360995c8f51e5f10

                                    SHA256

                                    278837977440d7f70135fa867391e3018fc871e3bfa50e22549db5acc6240afa

                                    SHA512

                                    2e5ab6240ca137357c020033c6517e38fe1f553f66f3bca11b2e3dfd4ba9719242eb8eb9017ec45eac83a8417886ce3c04118f04b1cd310f01ffff5e21e9c35a

                                    Download Submit

                                  • C:\Users\Admin\Downloads\samples.zip:Zone.Identifier
                                    Filesize

                                    273B

                                    MD5

                                    2ca84370b6ff5e23121a355b477240d5

                                    SHA1

                                    b065b0da339ac444b41ac73eee50b746d90a8129

                                    SHA256

                                    3ef3657a0cec08864548d41ae977b411ad53850d745d28cf397045b9d79cdecd

                                    SHA512

                                    300a92b39f8bce766b937910961eba8c13e12a275ac7d72e5b397e8514f16780523ecad45ca892f0987a14bc41f9d65721b83b9d0afb6ca69f7d2857a70e4c90

                                    Download Submit

                                  • C:\Users\Admin\Downloads\samples_pcap (1).zip
                                    Filesize

                                    463KB

                                    MD5

                                    bc77d67c5e1e9741f80231bcc3854791

                                    SHA1

                                    cd9d3ef6e8c8c50994ba2d217d3b951434752459

                                    SHA256

                                    220efb7f8fd4854a8356b0fbe42bb7e68f225c2e916defb74b1cd91279ed7b23

                                    SHA512

                                    4dfa41e83d598e06b34f95cde27d0138fa10761bbe81c4390df7c85a2ccbd89e30a6081e89f0c2aa9e075f4431e0090bbd845ca71d119b105a6c808332d9b033

                                    Download Submit

                                  • C:\Users\Admin\Downloads\samples_pcap (1).zip:Zone.Identifier
                                    Filesize

                                    26B

                                    MD5

                                    fbccf14d504b7b2dbcb5a5bda75bd93b

                                    SHA1

                                    d59fc84cdd5217c6cf74785703655f78da6b582b

                                    SHA256

                                    eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

                                    SHA512

                                    aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

                                    Download Submit

                                  • C:\Users\Admin\Downloads\samples_pcap.zip:Zone.Identifier
                                    Filesize

                                    143B

                                    MD5

                                    a4774a164e3da307ffbb7a1230d65791

                                    SHA1

                                    2d71dd9802b6868cca8c2838ee6b4f4293315896

                                    SHA256

                                    41c8fb2ea65058d2b13405f7ee674354a6a1de2ed8afcd525cc8606b05e57618

                                    SHA512

                                    ee4fcd00f9745f06fbab1d6e90c52d1b8128b0e6cd0ad79f73722e944e780e38f3f5c2eb67b6afc648220c6af95c5e2d454005960fee7741bc301f0786c4ad40

                                    Download Submit

                                  • F:\$RECYCLE.BIN\EFZUBVNRQ-DECRYPT.txt
                                    Filesize

                                    9KB

                                    MD5

                                    f3b75ef1f216a4c4deb85305a816fa7f

                                    SHA1

                                    2d41a40ce5e661454799b7982ddc476b2e59e565

                                    SHA256

                                    44a49f20acf396de71b73b33932ef78cfad5527663b2ea4d1cf288fd2892ad3c

                                    SHA512

                                    226da91bbcac9ae25c5fd50a6b4f4e181837a295213fd5d9f0e4d3646bb0a655187b6ac81273e9cfc546eb18f028d12db28abdcf07886486ccc47aec30238254

                                    Download Submit

                                  • F:\$RECYCLE.BIN\S-1-5-21-1136229799-3442283115-138161576-1000\EFZUBVNRQ-DECRYPT.txt
                                    Filesize

                                    9KB

                                    MD5

                                    3c9ed05e6e70cf20a04bc581e61cfbfd

                                    SHA1

                                    cef5b543e1be0d37f2a9ba7f4d317a797024539a

                                    SHA256

                                    28c7156b943d28dd86cff791d27a45d7fc51c0a2c42fdb646440b11929ef673f

                                    SHA512

                                    c23f330d0bb0ce63e9691d0b250454fc4c7d318f11ee43c2db4048583d18592f0d69b81d29e6ea07296dce961833d33e06dc28278ab0321c718e1d1e4a13c263

                                    Download Submit

                                  • F:\EFZUBVNRQ-DECRYPT.txt
                                    Filesize

                                    9KB

                                    MD5

                                    6d1b02a6840512f2970185e13563f325

                                    SHA1

                                    559be7c061a20592dcccecf56a808d71daaeb641

                                    SHA256

                                    4c772675e19fd3500ef2fa1e24905c9b98930bf5e4f07cc7b11dc68957c8aea4

                                    SHA512

                                    17ae786c4b7fe94c878430e0ae6e42f1e1481b3c31f58ca5465214d596f431f54d1bd5a0452a3b8820b4cfa72c7a30b354cf1990a94c0f3ae6559b44967c4225

                                    Download Submit

                                  • memory/1812-660-0x00007FFAA0270000-0x00007FFAA0280000-memory.dmp

                                    Filesize

                                    64KB

                                    Download

                                  • memory/1812-661-0x00007FFAA0270000-0x00007FFAA0280000-memory.dmp

                                    Filesize

                                    64KB

                                    Download

                                  • memory/1812-691-0x00007FFAA0270000-0x00007FFAA0280000-memory.dmp

                                    Filesize

                                    64KB

                                    Download

                                  • memory/1812-692-0x00007FFAA0270000-0x00007FFAA0280000-memory.dmp

                                    Filesize

                                    64KB

                                    Download

                                  • memory/1812-659-0x00007FFAA0270000-0x00007FFAA0280000-memory.dmp

                                    Filesize

                                    64KB

                                    Download

                                  • memory/1812-658-0x00007FFAA0270000-0x00007FFAA0280000-memory.dmp

                                    Filesize

                                    64KB

                                    Download

                                  • memory/1812-662-0x00007FFA9D7C0000-0x00007FFA9D7D0000-memory.dmp

                                    Filesize

                                    64KB

                                    Download

                                  • memory/1812-663-0x00007FFA9D7C0000-0x00007FFA9D7D0000-memory.dmp

                                    Filesize

                                    64KB

                                    Download

                                  • memory/1812-690-0x00007FFAA0270000-0x00007FFAA0280000-memory.dmp

                                    Filesize

                                    64KB

                                    Download

                                  • memory/1812-693-0x00007FFAA0270000-0x00007FFAA0280000-memory.dmp

                                    Filesize

                                    64KB

                                    Download

                                  • memory/1812-657-0x00007FFAA0270000-0x00007FFAA0280000-memory.dmp

                                    Filesize

                                    64KB

                                    Download

                                  • memory/2400-1021-0x0000000000400000-0x000000000046A000-memory.dmp

                                    Filesize

                                    424KB

                                    Download

                                  • memory/2444-1022-0x0000000000400000-0x0000000000428000-memory.dmp

                                    Filesize

                                    160KB

                                    Download

                                  • memory/2444-1902-0x0000000000400000-0x0000000000428000-memory.dmp

                                    Filesize

                                    160KB

                                    Download

                                  • memory/2444-1916-0x0000000000400000-0x0000000000428000-memory.dmp

                                    Filesize

                                    160KB

                                    Download