ryuk | 0acb78ccddd5b957983294ce68aa5526b7b703c8d047bb25fcbd7692d8679dad

Analysis

max time kernel
185s
max time network
28s
platform
windows7_x64
resource
win7-en-20211208
submitted
19-02-2022 08:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0acb78ccddd5b957983294ce68aa5526b7b703c8d047bb25fcbd7692d8679dad.exe
Size

207KB
MD5

36dfbe051ab87906b8de92085335bddb
SHA1

932d13cc4f14f33825d236cb7ed8c50314f73365
SHA256

0acb78ccddd5b957983294ce68aa5526b7b703c8d047bb25fcbd7692d8679dad
SHA512

3ad79c11e252513f651c2aa066668aeb263e51643eaa15766853ae764b2fd2b65f9f631b9e701c9b1c4f05232e9b87b3cc33d84fec4930f523c45a411356eb21

Score

10^/10

ryuk ransomware

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\RyukReadMe.html

Family

ryuk

Ransom Note

<html><body><p style="font-weight:bold;font-size:125%;top:0;left:0;"> [email protected] <br> [email protected] </p><p style="position:absolute;bottom:0;right:1%;font-weight:bold;font-size:170%">balance of shadow universe</p><div style="font-size: 550%;font-weight:bold;width:50%;height:50%;overflow:auto;margin:auto;position:absolute;top:35%;left:40%;">Ryuk</div></body></html��

Emails

[email protected]

Extracted

Path

C:\Documents and Settings\Admin\AppData\Local\RyukReadMe.html

Family

ryuk

Ransom Note

[email protected] [email protected] balance of shadow universe Ryuk

Emails

[email protected]

Signatures

Ryuk
Ransomware distributed via existing botnets, often Trickbot or Emotet.
ransomware ryuk

Drops desktop.ini file(s) 64 IoCs

Processes:

taskhost.exe0acb78ccddd5b957983294ce68aa5526b7b703c8d047bb25fcbd7692d8679dad.exe

description	ioc	process
File opened for modification	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\T0STXTA8\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\Documents\My Music\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\Documents\My Videos\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\QDAZQ7UR\desktop.ini	0acb78ccddd5b957983294ce68aa5526b7b703c8d047bb25fcbd7692d8679dad.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\T0STXTA8\desktop.ini	0acb78ccddd5b957983294ce68aa5526b7b703c8d047bb25fcbd7692d8679dad.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\FNOUQX38\desktop.ini	0acb78ccddd5b957983294ce68aa5526b7b703c8d047bb25fcbd7692d8679dad.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\T7AS43M2\desktop.ini	0acb78ccddd5b957983294ce68aa5526b7b703c8d047bb25fcbd7692d8679dad.exe
File opened for modification	C:\Documents and Settings\Admin\Downloads\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\Favorites\Links for United States\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\Start Menu\Programs\Accessories\Desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini	0acb78ccddd5b957983294ce68aa5526b7b703c8d047bb25fcbd7692d8679dad.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\S3IV548V\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\FNOUQX38\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini	0acb78ccddd5b957983294ce68aa5526b7b703c8d047bb25fcbd7692d8679dad.exe
File opened for modification	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini	0acb78ccddd5b957983294ce68aa5526b7b703c8d047bb25fcbd7692d8679dad.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\desktop.ini	0acb78ccddd5b957983294ce68aa5526b7b703c8d047bb25fcbd7692d8679dad.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\T0STXTA8\desktop.ini	0acb78ccddd5b957983294ce68aa5526b7b703c8d047bb25fcbd7692d8679dad.exe
File opened for modification	C:\Documents and Settings\Admin\Documents\My Pictures\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Games\Desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\S3IV548V\desktop.ini	0acb78ccddd5b957983294ce68aa5526b7b703c8d047bb25fcbd7692d8679dad.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\K819CMRP\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini	0acb78ccddd5b957983294ce68aa5526b7b703c8d047bb25fcbd7692d8679dad.exe
File opened for modification	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\Sample Videos\desktop.ini	0acb78ccddd5b957983294ce68aa5526b7b703c8d047bb25fcbd7692d8679dad.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Desktop.ini	0acb78ccddd5b957983294ce68aa5526b7b703c8d047bb25fcbd7692d8679dad.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini	0acb78ccddd5b957983294ce68aa5526b7b703c8d047bb25fcbd7692d8679dad.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\QDAZQ7UR\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\Contacts\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\Favorites\Links\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\Saved Games\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\Start Menu\Programs\Accessories\System Tools\Desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\SendTo\Desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\desktop.ini	0acb78ccddd5b957983294ce68aa5526b7b703c8d047bb25fcbd7692d8679dad.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\QDAZQ7UR\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\Start Menu\Programs\Accessories\Accessibility\Desktop.ini	0acb78ccddd5b957983294ce68aa5526b7b703c8d047bb25fcbd7692d8679dad.exe
File opened for modification	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\Sample Pictures\desktop.ini	0acb78ccddd5b957983294ce68aa5526b7b703c8d047bb25fcbd7692d8679dad.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\FNOUQX38\desktop.ini	0acb78ccddd5b957983294ce68aa5526b7b703c8d047bb25fcbd7692d8679dad.exe
File opened for modification	C:\Documents and Settings\Admin\Links\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\SendTo\Desktop.ini	0acb78ccddd5b957983294ce68aa5526b7b703c8d047bb25fcbd7692d8679dad.exe
File opened for modification	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\Sample Pictures\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\desktop.ini	0acb78ccddd5b957983294ce68aa5526b7b703c8d047bb25fcbd7692d8679dad.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\T7AS43M2\desktop.ini	0acb78ccddd5b957983294ce68aa5526b7b703c8d047bb25fcbd7692d8679dad.exe
File opened for modification	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\K819CMRP\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\NK9YD4KU\desktop.ini	0acb78ccddd5b957983294ce68aa5526b7b703c8d047bb25fcbd7692d8679dad.exe
File opened for modification	C:\Documents and Settings\Admin\Start Menu\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\Start Menu\Programs\Accessories\Accessibility\Desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini	0acb78ccddd5b957983294ce68aa5526b7b703c8d047bb25fcbd7692d8679dad.exe
File opened for modification	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\Sample Videos\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\Favorites\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\Recent\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Games\Desktop.ini	0acb78ccddd5b957983294ce68aa5526b7b703c8d047bb25fcbd7692d8679dad.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Runs net.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

0acb78ccddd5b957983294ce68aa5526b7b703c8d047bb25fcbd7692d8679dad.exetaskhost.exe

pid	process
1472	0acb78ccddd5b957983294ce68aa5526b7b703c8d047bb25fcbd7692d8679dad.exe
1472	0acb78ccddd5b957983294ce68aa5526b7b703c8d047bb25fcbd7692d8679dad.exe
1108	taskhost.exe
1472	0acb78ccddd5b957983294ce68aa5526b7b703c8d047bb25fcbd7692d8679dad.exe
1472	0acb78ccddd5b957983294ce68aa5526b7b703c8d047bb25fcbd7692d8679dad.exe
1108	taskhost.exe
1472	0acb78ccddd5b957983294ce68aa5526b7b703c8d047bb25fcbd7692d8679dad.exe
1472	0acb78ccddd5b957983294ce68aa5526b7b703c8d047bb25fcbd7692d8679dad.exe
1108	taskhost.exe
1472	0acb78ccddd5b957983294ce68aa5526b7b703c8d047bb25fcbd7692d8679dad.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

0acb78ccddd5b957983294ce68aa5526b7b703c8d047bb25fcbd7692d8679dad.exetaskhost.exe

description	pid	process
Token: SeDebugPrivilege	1472	0acb78ccddd5b957983294ce68aa5526b7b703c8d047bb25fcbd7692d8679dad.exe
Token: SeBackupPrivilege	1108	taskhost.exe
Token: SeBackupPrivilege	1472	0acb78ccddd5b957983294ce68aa5526b7b703c8d047bb25fcbd7692d8679dad.exe

Suspicious use of WriteProcessMemory 62 IoCs

Processes:

0acb78ccddd5b957983294ce68aa5526b7b703c8d047bb25fcbd7692d8679dad.exenet.exenet.exetaskhost.exenet.exenet.exenet.exenet.exenet.exenet.exenet.exenet.exe

description	pid	process	target process
PID 1472 wrote to memory of 1108	1472	0acb78ccddd5b957983294ce68aa5526b7b703c8d047bb25fcbd7692d8679dad.exe	taskhost.exe
PID 1472 wrote to memory of 1540	1472	0acb78ccddd5b957983294ce68aa5526b7b703c8d047bb25fcbd7692d8679dad.exe	net.exe
PID 1472 wrote to memory of 1540	1472	0acb78ccddd5b957983294ce68aa5526b7b703c8d047bb25fcbd7692d8679dad.exe	net.exe
PID 1472 wrote to memory of 1540	1472	0acb78ccddd5b957983294ce68aa5526b7b703c8d047bb25fcbd7692d8679dad.exe	net.exe
PID 1540 wrote to memory of 1528	1540	net.exe	net1.exe
PID 1540 wrote to memory of 1528	1540	net.exe	net1.exe
PID 1540 wrote to memory of 1528	1540	net.exe	net1.exe
PID 1472 wrote to memory of 624	1472	0acb78ccddd5b957983294ce68aa5526b7b703c8d047bb25fcbd7692d8679dad.exe	net.exe
PID 1472 wrote to memory of 624	1472	0acb78ccddd5b957983294ce68aa5526b7b703c8d047bb25fcbd7692d8679dad.exe	net.exe
PID 1472 wrote to memory of 624	1472	0acb78ccddd5b957983294ce68aa5526b7b703c8d047bb25fcbd7692d8679dad.exe	net.exe
PID 624 wrote to memory of 620	624	net.exe	net1.exe
PID 624 wrote to memory of 620	624	net.exe	net1.exe
PID 624 wrote to memory of 620	624	net.exe	net1.exe
PID 1472 wrote to memory of 1176	1472	0acb78ccddd5b957983294ce68aa5526b7b703c8d047bb25fcbd7692d8679dad.exe	Dwm.exe
PID 1108 wrote to memory of 1272	1108	taskhost.exe	net.exe
PID 1108 wrote to memory of 1272	1108	taskhost.exe	net.exe
PID 1108 wrote to memory of 1272	1108	taskhost.exe	net.exe
PID 1272 wrote to memory of 1640	1272	net.exe	net1.exe
PID 1272 wrote to memory of 1640	1272	net.exe	net1.exe
PID 1272 wrote to memory of 1640	1272	net.exe	net1.exe
PID 1472 wrote to memory of 1676	1472	0acb78ccddd5b957983294ce68aa5526b7b703c8d047bb25fcbd7692d8679dad.exe	net.exe
PID 1472 wrote to memory of 1676	1472	0acb78ccddd5b957983294ce68aa5526b7b703c8d047bb25fcbd7692d8679dad.exe	net.exe
PID 1472 wrote to memory of 1676	1472	0acb78ccddd5b957983294ce68aa5526b7b703c8d047bb25fcbd7692d8679dad.exe	net.exe
PID 1676 wrote to memory of 1896	1676	net.exe	net1.exe
PID 1676 wrote to memory of 1896	1676	net.exe	net1.exe
PID 1676 wrote to memory of 1896	1676	net.exe	net1.exe
PID 1472 wrote to memory of 18348	1472	0acb78ccddd5b957983294ce68aa5526b7b703c8d047bb25fcbd7692d8679dad.exe	net.exe
PID 1472 wrote to memory of 18348	1472	0acb78ccddd5b957983294ce68aa5526b7b703c8d047bb25fcbd7692d8679dad.exe	net.exe
PID 1472 wrote to memory of 18348	1472	0acb78ccddd5b957983294ce68aa5526b7b703c8d047bb25fcbd7692d8679dad.exe	net.exe
PID 18348 wrote to memory of 18372	18348	net.exe	net1.exe
PID 18348 wrote to memory of 18372	18348	net.exe	net1.exe
PID 18348 wrote to memory of 18372	18348	net.exe	net1.exe
PID 1108 wrote to memory of 18388	1108	taskhost.exe	net.exe
PID 1108 wrote to memory of 18388	1108	taskhost.exe	net.exe
PID 1108 wrote to memory of 18388	1108	taskhost.exe	net.exe
PID 18388 wrote to memory of 18412	18388	net.exe	net1.exe
PID 18388 wrote to memory of 18412	18388	net.exe	net1.exe
PID 18388 wrote to memory of 18412	18388	net.exe	net1.exe
PID 1472 wrote to memory of 18424	1472	0acb78ccddd5b957983294ce68aa5526b7b703c8d047bb25fcbd7692d8679dad.exe	net.exe
PID 1472 wrote to memory of 18424	1472	0acb78ccddd5b957983294ce68aa5526b7b703c8d047bb25fcbd7692d8679dad.exe	net.exe
PID 1472 wrote to memory of 18424	1472	0acb78ccddd5b957983294ce68aa5526b7b703c8d047bb25fcbd7692d8679dad.exe	net.exe
PID 18424 wrote to memory of 924	18424	net.exe	net1.exe
PID 18424 wrote to memory of 924	18424	net.exe	net1.exe
PID 18424 wrote to memory of 924	18424	net.exe	net1.exe
PID 1472 wrote to memory of 35480	1472	0acb78ccddd5b957983294ce68aa5526b7b703c8d047bb25fcbd7692d8679dad.exe	net.exe
PID 1472 wrote to memory of 35480	1472	0acb78ccddd5b957983294ce68aa5526b7b703c8d047bb25fcbd7692d8679dad.exe	net.exe
PID 1472 wrote to memory of 35480	1472	0acb78ccddd5b957983294ce68aa5526b7b703c8d047bb25fcbd7692d8679dad.exe	net.exe
PID 35480 wrote to memory of 35504	35480	net.exe	net1.exe
PID 35480 wrote to memory of 35504	35480	net.exe	net1.exe
PID 35480 wrote to memory of 35504	35480	net.exe	net1.exe
PID 1108 wrote to memory of 36060	1108	taskhost.exe	net.exe
PID 1108 wrote to memory of 36060	1108	taskhost.exe	net.exe
PID 1108 wrote to memory of 36060	1108	taskhost.exe	net.exe
PID 36060 wrote to memory of 36084	36060	net.exe	net1.exe
PID 36060 wrote to memory of 36084	36060	net.exe	net1.exe
PID 36060 wrote to memory of 36084	36060	net.exe	net1.exe
PID 1472 wrote to memory of 36244	1472	0acb78ccddd5b957983294ce68aa5526b7b703c8d047bb25fcbd7692d8679dad.exe	net.exe
PID 1472 wrote to memory of 36244	1472	0acb78ccddd5b957983294ce68aa5526b7b703c8d047bb25fcbd7692d8679dad.exe	net.exe
PID 1472 wrote to memory of 36244	1472	0acb78ccddd5b957983294ce68aa5526b7b703c8d047bb25fcbd7692d8679dad.exe	net.exe
PID 36244 wrote to memory of 36268	36244	net.exe	net1.exe
PID 36244 wrote to memory of 36268	36244	net.exe	net1.exe
PID 36244 wrote to memory of 36268	36244	net.exe	net1.exe

C:\Windows\system32\Dwm.exe
"C:\Windows\system32\Dwm.exe"
1⤵
PID:1176

C:\Windows\system32\taskhost.exe
"taskhost.exe"
1⤵
- Drops desktop.ini file(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1108

C:\Windows\System32\net.exe
"C:\Windows\System32\net.exe" stop "samss" /y
2⤵
- Suspicious use of WriteProcessMemory
PID:1272

C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop "samss" /y
3⤵
PID:1640

C:\Windows\System32\net.exe
"C:\Windows\System32\net.exe" stop "samss" /y
2⤵
- Suspicious use of WriteProcessMemory
PID:18388

C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop "samss" /y
3⤵
PID:18412

C:\Windows\System32\net.exe
"C:\Windows\System32\net.exe" stop "samss" /y
2⤵
- Suspicious use of WriteProcessMemory
PID:36060

C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop "samss" /y
3⤵
PID:36084

C:\Users\Admin\AppData\Local\Temp\0acb78ccddd5b957983294ce68aa5526b7b703c8d047bb25fcbd7692d8679dad.exe
"C:\Users\Admin\AppData\Local\Temp\0acb78ccddd5b957983294ce68aa5526b7b703c8d047bb25fcbd7692d8679dad.exe"
1⤵
- Drops desktop.ini file(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1472

C:\Windows\System32\net.exe
"C:\Windows\System32\net.exe" stop "audioendpointbuilder" /y
2⤵
- Suspicious use of WriteProcessMemory
PID:1540

C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop "audioendpointbuilder" /y
3⤵
PID:1528

C:\Windows\System32\net.exe
"C:\Windows\System32\net.exe" stop "samss" /y
2⤵
- Suspicious use of WriteProcessMemory
PID:624

C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop "samss" /y
3⤵
PID:620

C:\Windows\System32\net.exe
"C:\Windows\System32\net.exe" stop "samss" /y
2⤵
- Suspicious use of WriteProcessMemory
PID:1676

C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop "samss" /y
3⤵
PID:1896

C:\Windows\System32\net.exe
"C:\Windows\System32\net.exe" stop "samss" /y
2⤵
- Suspicious use of WriteProcessMemory
PID:18348

C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop "samss" /y
3⤵
PID:18372

C:\Windows\System32\net.exe
"C:\Windows\System32\net.exe" stop "samss" /y
2⤵
- Suspicious use of WriteProcessMemory
PID:18424

C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop "samss" /y
3⤵
PID:924

C:\Windows\System32\net.exe
"C:\Windows\System32\net.exe" stop "samss" /y
2⤵
- Suspicious use of WriteProcessMemory
PID:35480

C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop "samss" /y
3⤵
PID:35504

C:\Windows\System32\net.exe
"C:\Windows\System32\net.exe" stop "samss" /y
2⤵
- Suspicious use of WriteProcessMemory
PID:36244

C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop "samss" /y
3⤵
PID:36268

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Documents and Settings\Admin\AppData\Local\Adobe\Acrobat\9.0\Cache\AcroFnt09.lst
MD5
c1fc7180eafe5b80f7d56edb8b29dd64

SHA1
ea5f7eb16c29d601846732a8168878fa5d32e869

SHA256
873f1fd3991d7c1b37cdfc1bcc741a17b963ffcee8b9e5601ef109011e47c69b

SHA512
48293d13b7c467244014c58d995a873a454a087b53b9570aaae32e4be60b9fa3998f9194b84fc4e174c53201ebc350373050db86e87290fd17b66a7340817be3

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Adobe\Acrobat\9.0\Cache\RyukReadMe.html
MD5
38cff8fc8d25dd1101f9262263e5ea63

SHA1
9504170d4fd4d8664425e0a9e6aecfa6ad228888

SHA256
bd57b52935681cb626256c26404cbdd7065af70005d94801c508c98a9d292863

SHA512
86c25950f7bc48b136f1805f4f8a1455c7bb6b6638cb52d132d9d8c4471efff3302a9af2c98a2b4688d1aeaca3075de6fca1a8034bf8a8afc07401da3aeb6647

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Adobe\Acrobat\9.0\RyukReadMe.html
MD5
38cff8fc8d25dd1101f9262263e5ea63

SHA1
9504170d4fd4d8664425e0a9e6aecfa6ad228888

SHA256
bd57b52935681cb626256c26404cbdd7065af70005d94801c508c98a9d292863

SHA512
86c25950f7bc48b136f1805f4f8a1455c7bb6b6638cb52d132d9d8c4471efff3302a9af2c98a2b4688d1aeaca3075de6fca1a8034bf8a8afc07401da3aeb6647

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Adobe\Acrobat\RyukReadMe.html
MD5
38cff8fc8d25dd1101f9262263e5ea63

SHA1
9504170d4fd4d8664425e0a9e6aecfa6ad228888

SHA256
bd57b52935681cb626256c26404cbdd7065af70005d94801c508c98a9d292863

SHA512
86c25950f7bc48b136f1805f4f8a1455c7bb6b6638cb52d132d9d8c4471efff3302a9af2c98a2b4688d1aeaca3075de6fca1a8034bf8a8afc07401da3aeb6647

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Adobe\Color\Profiles\RyukReadMe.html
MD5
38cff8fc8d25dd1101f9262263e5ea63

SHA1
9504170d4fd4d8664425e0a9e6aecfa6ad228888

SHA256
bd57b52935681cb626256c26404cbdd7065af70005d94801c508c98a9d292863

SHA512
86c25950f7bc48b136f1805f4f8a1455c7bb6b6638cb52d132d9d8c4471efff3302a9af2c98a2b4688d1aeaca3075de6fca1a8034bf8a8afc07401da3aeb6647

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Adobe\Color\RyukReadMe.html
MD5
38cff8fc8d25dd1101f9262263e5ea63

SHA1
9504170d4fd4d8664425e0a9e6aecfa6ad228888

SHA256
bd57b52935681cb626256c26404cbdd7065af70005d94801c508c98a9d292863

SHA512
86c25950f7bc48b136f1805f4f8a1455c7bb6b6638cb52d132d9d8c4471efff3302a9af2c98a2b4688d1aeaca3075de6fca1a8034bf8a8afc07401da3aeb6647

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Adobe\RyukReadMe.html
MD5
38cff8fc8d25dd1101f9262263e5ea63

SHA1
9504170d4fd4d8664425e0a9e6aecfa6ad228888

SHA256
bd57b52935681cb626256c26404cbdd7065af70005d94801c508c98a9d292863

SHA512
86c25950f7bc48b136f1805f4f8a1455c7bb6b6638cb52d132d9d8c4471efff3302a9af2c98a2b4688d1aeaca3075de6fca1a8034bf8a8afc07401da3aeb6647

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Adobe\Color\ACECache10.lst
MD5
67128f7eca229937d8f46a9d0e598ddd

SHA1
a1291e4fbf4b5962819e63ad3913ee6a16e33ea9

SHA256
c48a7955c93966cd9d9f9e14c7bdf458a71c6428a218b340434968440101abdc

SHA512
e3296c20c19456eb473ace7f08b5df2ed6ef69ad69759e1308556e9d65004fa3e6e2607d5e2b56cf8586312cb77b5a0df4d7210443c9704cf325dede83e47aaf

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc
MD5
99979c1b468bb1a43d18feb18f1980d2

SHA1
79b88fd226164d7bbd8bd1fc332d3fd107437f96

SHA256
5830f5c44a7401d5c55601208ed5d9aa844807a1135b4eaa5b7980a01dbdc8ef

SHA512
ccbdc36d198316b4747f11cded12d55b3c06810eee0e1d6e41f813e59ba1b49eb5eb6ff3142e497b9845c9c03250838b02ca04cdd7934451f38e227e2dac716e

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc
MD5
99979c1b468bb1a43d18feb18f1980d2

SHA1
79b88fd226164d7bbd8bd1fc332d3fd107437f96

SHA256
5830f5c44a7401d5c55601208ed5d9aa844807a1135b4eaa5b7980a01dbdc8ef

SHA512
ccbdc36d198316b4747f11cded12d55b3c06810eee0e1d6e41f813e59ba1b49eb5eb6ff3142e497b9845c9c03250838b02ca04cdd7934451f38e227e2dac716e

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\RyukReadMe.html
MD5
38cff8fc8d25dd1101f9262263e5ea63

SHA1
9504170d4fd4d8664425e0a9e6aecfa6ad228888

SHA256
bd57b52935681cb626256c26404cbdd7065af70005d94801c508c98a9d292863

SHA512
86c25950f7bc48b136f1805f4f8a1455c7bb6b6638cb52d132d9d8c4471efff3302a9af2c98a2b4688d1aeaca3075de6fca1a8034bf8a8afc07401da3aeb6647

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\RyukReadMe.html
MD5
38cff8fc8d25dd1101f9262263e5ea63

SHA1
9504170d4fd4d8664425e0a9e6aecfa6ad228888

SHA256
bd57b52935681cb626256c26404cbdd7065af70005d94801c508c98a9d292863

SHA512
86c25950f7bc48b136f1805f4f8a1455c7bb6b6638cb52d132d9d8c4471efff3302a9af2c98a2b4688d1aeaca3075de6fca1a8034bf8a8afc07401da3aeb6647

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini
MD5
beec42e6f456a82bb454413bf6df406a

SHA1
c28c7d422b870754c8e9c04be412bc49862dab79

SHA256
b237914df154f6683a07d9dcf1eee5656fb6414886efa9166f8351f471cc20d6

SHA512
4dcda81d05db3907debcf7e196a6c5bad52d0a5702d778dbcab532a348206db61d094da34c55b19d6f5e61b123dcb41338878936aae86c8d3e03f08728dce5b8

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db
MD5
297b279ff0c8fc25b08b2cae69990053

SHA1
31a4c4ccc75815a59eb75a44919b104b436590c8

SHA256
2f2ce1a5f5661f8f50e55f89cb5d1bcd2b82a16a133e3bdc01b27c7a6409f177

SHA512
887709caa6d6c496b5f32a88a552f60a4c09476430dedfbafccaffc4037d47e9b0d30ea7b3244cebeef4e62e9ccb52fb462eb453f6e2b2a3776930b025c9ea62

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.html
MD5
38cff8fc8d25dd1101f9262263e5ea63

SHA1
9504170d4fd4d8664425e0a9e6aecfa6ad228888

SHA256
bd57b52935681cb626256c26404cbdd7065af70005d94801c508c98a9d292863

SHA512
86c25950f7bc48b136f1805f4f8a1455c7bb6b6638cb52d132d9d8c4471efff3302a9af2c98a2b4688d1aeaca3075de6fca1a8034bf8a8afc07401da3aeb6647

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ASPNETSetup_00001.log
MD5
9c14b89677fcd24fa9ee6a55988b5078

SHA1
220d6c94679f9cab178869357838f53e09b80899

SHA256
7888aa7eae74a98465a73df6c66aa9928096554ddb8266757338ac5f2f93dc66

SHA512
b9a8dbaa8d28f07de333a0dd161a1eb35360d564f765ad1d28193cdda5f4835ea5a7f04680b2fcbaa8847ce631eae05bd39ee3d00c8b1f80d8cb93bf4a832025

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\JavaDeployReg.log
MD5
b3ecb888ca22be4d51b17472cce15ad5

SHA1
6f531c9540c834f321150045bbf70e4218c9cdb6

SHA256
04a4b63950a23199431b1c133751b6a985d2cefe6a0a1febd552e8a67b7ced2c

SHA512
75b0322918a4481a122f2ae72d85750d3a479368949a1648b584c730bc9cd92d120e0446b4e4c6ec57cbe06eba7a36f1b40ff5b85dd1774970da23055fdd5251

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Low\RyukReadMe.html
MD5
38cff8fc8d25dd1101f9262263e5ea63

SHA1
9504170d4fd4d8664425e0a9e6aecfa6ad228888

SHA256
bd57b52935681cb626256c26404cbdd7065af70005d94801c508c98a9d292863

SHA512
86c25950f7bc48b136f1805f4f8a1455c7bb6b6638cb52d132d9d8c4471efff3302a9af2c98a2b4688d1aeaca3075de6fca1a8034bf8a8afc07401da3aeb6647

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RGID605.tmp
MD5
7ecc65d62eca1fa67a45a5071ca07613

SHA1
49008fef957fe9b90f79eaba53fd8fe20c5e543f

SHA256
aef62d225ebcbe6046f56deb4f420f1bc09793b2d891ea823e6cf50b0b6cbce0

SHA512
5de8df6eea5062d31dc507d84f8aacfbfa868651e9d71f50583d4a929ba0368335ba0b988c330b1f1831b6cd6b69a2e8f0aeb0403773bbea314bfa5291c97001

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dd_SetupUtility.txt
MD5
b48daca39dd21bef517407bbe5a08118

SHA1
1f88cdbb28377c1e2898b575f407a539f83cbeb7

SHA256
8718a8d62963b1c8f6553bedfebd535e811a99cdd4d669803c6e802e982900bb

SHA512
2443b60062a402177160fe4cd62730a518eb01a2dd39d353f5c438336d248272e1c8923a82dbdf95ecae6860be85b4a56dea444bfade589e97e0e220dd6d82f1

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dd_vcredistUI37AD.txt
MD5
77d09dfe5f6d6218d57d0a78f49911ca

SHA1
52db2e8d9c6c12c3ba886f0e39483535702cbb78

SHA256
85a244526a86ef3a5e4c5b5f3ab274010dc70ca5c9ac1bd8790d9cac00a4fc35

SHA512
5a769890db191435d4a6fbe3c9a5c377f48e14ef47b2058e7a3467a7380fc2290dd74a25235f3f229e8ef0234ffc421fe8372a2923d124bed2b30d3683558c20

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\java_install.log
MD5
bf031aea2f79a744a6772019ec355689

SHA1
57f9523e5e2320ff1bb5fe410c641c81521fc299

SHA256
7b94e1bee2d9c8f24015ebf864c902b6edfd1a849e78f7690d97a7a8af303707

SHA512
27515a0131018fb49ee4c5b47921871e18da7554ec0e919008071c792f1418e9f1ba999a6e549b8dcb9300edb5015f38111e20147f0ba1eda9dfee619a616b35

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\java_install_reg.log
MD5
f27ca86253a033dd06020a555347003e

SHA1
a026d63ce8a4fd89dd0e21ffeb95e2e2a06ba127

SHA256
616a84bc26779dd36ec9a3b788dad3993137f4d511402a0370ea09adb2e0fe38

SHA512
af6db629dccd6647f5cbda375b4bd90b8b5998310b32f93cc60a5522c426c116fac4fbd9541ff0bbef07bb7196d9bb5a883d1052a76b90cb2adab50dc7a9f963

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\jusched.log
MD5
a23d59fe7c06af0c3e9bf527b65926ba

SHA1
0926656e2f8f58707be7d405a809277ab22a370b

SHA256
9fa454a5156bb44e6bffe61daedec0bc54f295fa46a6f640036ee2b9a12a87a5

SHA512
d80b050586e0c2f60f302dc515df44a8d1831ffed0b167e406319c0617a1b30f469854066e39c6a0b78bf10cc24f9505cec2f5183a95f830aee9db8acdcc1050

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\RyukReadMe.html
MD5
38cff8fc8d25dd1101f9262263e5ea63

SHA1
9504170d4fd4d8664425e0a9e6aecfa6ad228888

SHA256
bd57b52935681cb626256c26404cbdd7065af70005d94801c508c98a9d292863

SHA512
86c25950f7bc48b136f1805f4f8a1455c7bb6b6638cb52d132d9d8c4471efff3302a9af2c98a2b4688d1aeaca3075de6fca1a8034bf8a8afc07401da3aeb6647

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\RyukReadMe.html
MD5
38cff8fc8d25dd1101f9262263e5ea63

SHA1
9504170d4fd4d8664425e0a9e6aecfa6ad228888

SHA256
bd57b52935681cb626256c26404cbdd7065af70005d94801c508c98a9d292863

SHA512
86c25950f7bc48b136f1805f4f8a1455c7bb6b6638cb52d132d9d8c4471efff3302a9af2c98a2b4688d1aeaca3075de6fca1a8034bf8a8afc07401da3aeb6647

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\K819CMRP\desktop.ini
MD5
b65a47cae618d950a104eea294ad453b

SHA1
8db03e66c57fdcd3b8f8704f202b5ff16833515b

SHA256
f1fb0bef648acacd804cd8b6d0249a483b4038a99112894c2f08ebd2bbae282b

SHA512
827e13421eef29a9d893b445717272a9071af1841045e8a23f7950b1ab6c1bfbf33ae0bfc4502a9824da8f57d3705a0cc9a128303115607918ce05e010313b76

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\NK9YD4KU\desktop.ini
MD5
674b571d309f8cec8c15ad8a6fb32548

SHA1
f4b19aaad5174cac70539ef29b3433e3a0e9f269

SHA256
5f87ee0147c1e04558b46b437b70afae1847f0ea3ef896f02c5ab5905d35771d

SHA512
7ed0b43bdc0caab745d3565292fa34bd1a6694b11c27548fddb2363bba636171c5da00776c009400fcc76146c4cb9d66aa828d6751ecefaa3d85179c5edb0b2d

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\QDAZQ7UR\desktop.ini
MD5
a80396ee743ecda3d73dc0636abdc810

SHA1
422dd197e9285ac6b0378f02164a773cada7ccf6

SHA256
d7addc6cbce75797c7b157cdb431e013d03a50b1638b0c91ade8e261ef0dd44e

SHA512
0b94897d8cd795211691c6bfea286c7015e84ddf1773ea0c60958e7ac8d87a562dc8989083483ab47dbc1ca93803c04de9e3952652813c66ef5772c9631a2ba0

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\RyukReadMe.html
MD5
38cff8fc8d25dd1101f9262263e5ea63

SHA1
9504170d4fd4d8664425e0a9e6aecfa6ad228888

SHA256
bd57b52935681cb626256c26404cbdd7065af70005d94801c508c98a9d292863

SHA512
86c25950f7bc48b136f1805f4f8a1455c7bb6b6638cb52d132d9d8c4471efff3302a9af2c98a2b4688d1aeaca3075de6fca1a8034bf8a8afc07401da3aeb6647

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\S3IV548V\desktop.ini
MD5
7e75a1f4c5913f7d02449ea238dfb086

SHA1
a046c56535556f844c7c9c2d9ecd69fa7e538cd0

SHA256
fa5e98d6089e1fb5067190a16d22489dcc561c939d10fcaf5a682293b2dbff50

SHA512
9debd0fdf10d2fac54370e0e2cddfdee7892c73a47edc7943cfd2f47d5522630ec3d1070ee844dc07fe0b93850cdfc53436554354b6cad1f9282a8e24ff5df9c

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\RyukReadMe.html
MD5
38cff8fc8d25dd1101f9262263e5ea63

SHA1
9504170d4fd4d8664425e0a9e6aecfa6ad228888

SHA256
bd57b52935681cb626256c26404cbdd7065af70005d94801c508c98a9d292863

SHA512
86c25950f7bc48b136f1805f4f8a1455c7bb6b6638cb52d132d9d8c4471efff3302a9af2c98a2b4688d1aeaca3075de6fca1a8034bf8a8afc07401da3aeb6647

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\RyukReadMe.html
MD5
38cff8fc8d25dd1101f9262263e5ea63

SHA1
9504170d4fd4d8664425e0a9e6aecfa6ad228888

SHA256
bd57b52935681cb626256c26404cbdd7065af70005d94801c508c98a9d292863

SHA512
86c25950f7bc48b136f1805f4f8a1455c7bb6b6638cb52d132d9d8c4471efff3302a9af2c98a2b4688d1aeaca3075de6fca1a8034bf8a8afc07401da3aeb6647

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.bak
MD5
0b74fceae78822e92f401a345bd15134

SHA1
07473aacf92949f5584f4e7516fe9c74bdf1939f

SHA256
3c07ba51ff8d862d566f7d0e9cddf621e333a7a0e6439ed2e0a423597103491a

SHA512
12eb1ac1fff5ac786200d96e89a3863be410e7f45740d544422d118d1a47023d1871ceedaf2540d54ea5c23157f6a12d39769b5f5d2c6cc5de3c8e46cc7a990a

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.txt
MD5
29378c4f7c45e812a4fa07d98c3c884e

SHA1
37896e417ec275fef116500509778826feed094a

SHA256
1a6d0f4babc09aa492fbc3d67c54b19c85eddc71fa0937fa7265a3e29d47899f

SHA512
0b60c71f6d34eb37f15c6063e3ad51016a0ec63735853485e9d35a24c1d414923b9f2a14941a10b3b514a256840baf7f0b1d98ce29bbd101d7455bea82077f9d

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\LocalMLS_3.wmdb
MD5
279fc1f396e9fd06cfbd1820348b6ba2

SHA1
f334661afc3ff90b78673b20129cf01b21c86ade

SHA256
d49153dd33ee86779923e1f0c31fe9dd4d58b400b1c0d0ae624b80b482ec439e

SHA512
6caa4f9c9aebd26bb144b56c53c07564bf9af0a5d342a5cc4aafbd4e9c33c292e5d176603efc90522462c75d205c8d3b6840a1644e440369be9febe22d42f951

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\RyukReadMe.html
MD5
38cff8fc8d25dd1101f9262263e5ea63

SHA1
9504170d4fd4d8664425e0a9e6aecfa6ad228888

SHA256
bd57b52935681cb626256c26404cbdd7065af70005d94801c508c98a9d292863

SHA512
86c25950f7bc48b136f1805f4f8a1455c7bb6b6638cb52d132d9d8c4471efff3302a9af2c98a2b4688d1aeaca3075de6fca1a8034bf8a8afc07401da3aeb6647

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\RyukReadMe.html
MD5
38cff8fc8d25dd1101f9262263e5ea63

SHA1
9504170d4fd4d8664425e0a9e6aecfa6ad228888

SHA256
bd57b52935681cb626256c26404cbdd7065af70005d94801c508c98a9d292863

SHA512
86c25950f7bc48b136f1805f4f8a1455c7bb6b6638cb52d132d9d8c4471efff3302a9af2c98a2b4688d1aeaca3075de6fca1a8034bf8a8afc07401da3aeb6647

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\PlayReady\RyukReadMe.html
MD5
38cff8fc8d25dd1101f9262263e5ea63

SHA1
9504170d4fd4d8664425e0a9e6aecfa6ad228888

SHA256
bd57b52935681cb626256c26404cbdd7065af70005d94801c508c98a9d292863

SHA512
86c25950f7bc48b136f1805f4f8a1455c7bb6b6638cb52d132d9d8c4471efff3302a9af2c98a2b4688d1aeaca3075de6fca1a8034bf8a8afc07401da3aeb6647

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\RyukReadMe.html
MD5
38cff8fc8d25dd1101f9262263e5ea63

SHA1
9504170d4fd4d8664425e0a9e6aecfa6ad228888

SHA256
bd57b52935681cb626256c26404cbdd7065af70005d94801c508c98a9d292863

SHA512
86c25950f7bc48b136f1805f4f8a1455c7bb6b6638cb52d132d9d8c4471efff3302a9af2c98a2b4688d1aeaca3075de6fca1a8034bf8a8afc07401da3aeb6647

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Bears.htm
MD5
d22b5fea7937ec09a4f66d50a7317011

SHA1
078e76b7080c28f6b50aead948f4fae7cb917736

SHA256
229a4d369bba88b98f6ef591967fbee90185eb0e94ccfe0a716979bb4ee1f26e

SHA512
ea1d6c8ba95b660f0320667a5bfc2efbf23889cfba58d4fc2e8f541987380af12bfb8ae78dc635e1dfe6cbaa3a312d96bc69947db865528eeb9cb49456d6aa7e

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Bears.jpg
MD5
3af514686e471679195f10fb278162d8

SHA1
972e0654a376c51e42b2f168ae218d76f3503996

SHA256
9a1d62c6b69e2cfeaeeca1debfbdcb547e9633508f1b53dc74d463e4f711c872

SHA512
67b2be2813be52e50d21c941e5a7fea424714db3f73f471005582523260112cdff15c4579f9295e581a9e7366af9bdc595a6b20d4968aea946aeef270e55556e

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Memo.emf
MD5
09488ff61ea33fb172454375beb17c86

SHA1
7b0718899a7a1eb02f569e823ca0fc064d2c348e

SHA256
0fe8b26f990bfb656395b1733e924c58dea67a2143fcdfa896f682f903cb2e58

SHA512
ea7a1e7bf77e29feb6f00ef84e61dcbe56d0f59e075bc3afa4de5e5807d99015d2fc4650533c8e35fc0357ecdd06f2b393f45d7f1f0283bfb59299ea3b29eccc

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Monet.jpg
MD5
c847ffe0162db3c88b13488b77ae8315

SHA1
b643911b0e7dfa822a2f93324ea0df60cda94a55

SHA256
bbac84e9bb03863c218f62a14a550b26cfa0551ca5affbcb808b5346d49a88d6

SHA512
3466ac098c01667aa8fdc8d16dabf00c9ff08106c7c578f63b0f09e62ce167777017d0d3dbd5b2090bb821d72b46c69b8fef2c93a871f805bdf7ab484ab855d0

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Music.emf
MD5
32b244bc46957b9e754a888bb707f17e

SHA1
b6ad07a6471ef36f3e68e4858db857d8f5229ebd

SHA256
1f6b883318ba3012f5da36cfb7325407cbfc22c20c0d0fb6b9d8c67d4444b6e4

SHA512
aeb8efdc2ee3fbcc2183fbb598f8ba645514c9a0209fb71a274a2262759db0e1793fd5481200bc3ef95f918107003144e4ec53d2b020135d44456a2d57ad95e4

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Roses.htm
MD5
f3dfda219448271f5004598fb1d34f9b

SHA1
f9511cd20673fe1977203b0c1815728fcad8f5fd

SHA256
a8d8791abe579f5c8e10edc080b467904bfa43ba919ae45462c3edb295015c1c

SHA512
0e2c27a77eb5577c42102e5d27bc57b6821b38412166811112ef951cc99e776092e7fe9f7f6e818505cf4c7d7dcb255e32ca2e8226403baacc587790abe94120

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Roses.jpg
MD5
07eb710a67d001026504b88130bf44d2

SHA1
131c742a80d85023770096318214131a42b7b80c

SHA256
966cce075cbea6b98df91af7e19cec0a850524381d8415f3f861ae156c19819e

SHA512
0e09949e3d291c4391bcd19f61717420160a5618f5990957ab8baabe50218d4e9e8de53192b321c75e42e6171d1f2dc4e9c076cace8faa0809e73508c10eb664

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Stars.htm
MD5
f180dbe863eda9c93419a0b7698d843a

SHA1
f4517f35c2c318b77b0919d39768885424126240

SHA256
2e8da23db7b539bfe432a8d20ec1323fa2d44c6ff10b2147b8b525ffb03b344b

SHA512
3d652bb95326dbbe3681cc1da00689c3d1b47e9a07ec517e825fce5e7aa187e1daec1ef174d6a96ba40f959e92b56b8db486f4269fdda23130924d36f7f1ca70

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Stars.jpg
MD5
db9654ce5cc4a14b89b1a7d401cf2a8a

SHA1
099d196a9153a737794b2310e7816cc417129bd7

SHA256
8f903fcfa6da4eb7d49f16807f59eaee0d6becc856b3aec8455d38fde9c30f71

SHA512
c516730dceb9ea95a5a1d9a00aad79b777de6f11c2fda2313a46254d1e8127df29f0b0476259974ee38e00e72ee372fab7b5e57fb1ed4d0b685fc5a9d2ede7e8

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Tiki.gif
MD5
07ca438cedee28d089072b976b51ae82

SHA1
31818ac05a136e853be5078e302ae8f1fabe6bce

SHA256
7a14631e489966da5cf9ff87ab5894f94ab05492a10a5c5efd317565eb975ada

SHA512
0ffe935e0c4a8614bee9a1b5c425647af3554effc85896c5802871879230c3c9beb94d5438b9e0c20d59d3cb7f987ba2189190a807fe94e400f28f21d121e9f9

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\Burn\RyukReadMe.html
MD5
38cff8fc8d25dd1101f9262263e5ea63

SHA1
9504170d4fd4d8664425e0a9e6aecfa6ad228888

SHA256
bd57b52935681cb626256c26404cbdd7065af70005d94801c508c98a9d292863

SHA512
86c25950f7bc48b136f1805f4f8a1455c7bb6b6638cb52d132d9d8c4471efff3302a9af2c98a2b4688d1aeaca3075de6fca1a8034bf8a8afc07401da3aeb6647

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\RyukReadMe.html
MD5
38cff8fc8d25dd1101f9262263e5ea63

SHA1
9504170d4fd4d8664425e0a9e6aecfa6ad228888

SHA256
bd57b52935681cb626256c26404cbdd7065af70005d94801c508c98a9d292863

SHA512
86c25950f7bc48b136f1805f4f8a1455c7bb6b6638cb52d132d9d8c4471efff3302a9af2c98a2b4688d1aeaca3075de6fca1a8034bf8a8afc07401da3aeb6647

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Explorer\RyukReadMe.html
MD5
38cff8fc8d25dd1101f9262263e5ea63

SHA1
9504170d4fd4d8664425e0a9e6aecfa6ad228888

SHA256
bd57b52935681cb626256c26404cbdd7065af70005d94801c508c98a9d292863

SHA512
86c25950f7bc48b136f1805f4f8a1455c7bb6b6638cb52d132d9d8c4471efff3302a9af2c98a2b4688d1aeaca3075de6fca1a8034bf8a8afc07401da3aeb6647

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\RyukReadMe.html
MD5
38cff8fc8d25dd1101f9262263e5ea63

SHA1
9504170d4fd4d8664425e0a9e6aecfa6ad228888

SHA256
bd57b52935681cb626256c26404cbdd7065af70005d94801c508c98a9d292863

SHA512
86c25950f7bc48b136f1805f4f8a1455c7bb6b6638cb52d132d9d8c4471efff3302a9af2c98a2b4688d1aeaca3075de6fca1a8034bf8a8afc07401da3aeb6647

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WebCache\RyukReadMe.html
MD5
38cff8fc8d25dd1101f9262263e5ea63

SHA1
9504170d4fd4d8664425e0a9e6aecfa6ad228888

SHA256
bd57b52935681cb626256c26404cbdd7065af70005d94801c508c98a9d292863

SHA512
86c25950f7bc48b136f1805f4f8a1455c7bb6b6638cb52d132d9d8c4471efff3302a9af2c98a2b4688d1aeaca3075de6fca1a8034bf8a8afc07401da3aeb6647

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\wmsetup.log.RYK
MD5
d4c791cfcc5ec5e53c7f3a4c241d43f7

SHA1
64bcc33f83173c1b710b96ef04d41243b9fd8085

SHA256
c9a97a30f574a430c8a1a45d6269e667e4cca405bb3a5649d3302ea54f526750

SHA512
ba7300bb33e142f31341a78fa55d3faa44d813297f9d40bc9d7519df270a613961009bf8d5ddaab00e8024b231bec5909e1238d40eeae85011415c2874bfd756

Download Submit
C:\Documents and Settings\Admin\AppData\Local\RyukReadMe.html
MD5
38cff8fc8d25dd1101f9262263e5ea63

SHA1
9504170d4fd4d8664425e0a9e6aecfa6ad228888

SHA256
bd57b52935681cb626256c26404cbdd7065af70005d94801c508c98a9d292863

SHA512
86c25950f7bc48b136f1805f4f8a1455c7bb6b6638cb52d132d9d8c4471efff3302a9af2c98a2b4688d1aeaca3075de6fca1a8034bf8a8afc07401da3aeb6647

Download Submit
C:\Documents and Settings\Admin\AppData\RyukReadMe.html
MD5
38cff8fc8d25dd1101f9262263e5ea63

SHA1
9504170d4fd4d8664425e0a9e6aecfa6ad228888

SHA256
bd57b52935681cb626256c26404cbdd7065af70005d94801c508c98a9d292863

SHA512
86c25950f7bc48b136f1805f4f8a1455c7bb6b6638cb52d132d9d8c4471efff3302a9af2c98a2b4688d1aeaca3075de6fca1a8034bf8a8afc07401da3aeb6647

Download Submit
C:\Documents and Settings\Admin\RyukReadMe.html
MD5
38cff8fc8d25dd1101f9262263e5ea63

SHA1
9504170d4fd4d8664425e0a9e6aecfa6ad228888

SHA256
bd57b52935681cb626256c26404cbdd7065af70005d94801c508c98a9d292863

SHA512
86c25950f7bc48b136f1805f4f8a1455c7bb6b6638cb52d132d9d8c4471efff3302a9af2c98a2b4688d1aeaca3075de6fca1a8034bf8a8afc07401da3aeb6647

Download Submit
C:\Documents and Settings\RyukReadMe.html
MD5
38cff8fc8d25dd1101f9262263e5ea63

SHA1
9504170d4fd4d8664425e0a9e6aecfa6ad228888

SHA256
bd57b52935681cb626256c26404cbdd7065af70005d94801c508c98a9d292863

SHA512
86c25950f7bc48b136f1805f4f8a1455c7bb6b6638cb52d132d9d8c4471efff3302a9af2c98a2b4688d1aeaca3075de6fca1a8034bf8a8afc07401da3aeb6647

Download Submit
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_bc8e1036-7fb3-448e-8ad9-a824b1a03b8e
MD5
93a5aadeec082ffc1bca5aa27af70f52

SHA1
47a92aee3ea4d1c1954ed4da9f86dd79d9277d31

SHA256
a1a21799e98f97f271657ce656076f33dcb020d9370f1f2671d783cafd230294

SHA512
df388c8d83e779e006d6311b2046fcf9259ec33d379fc0e2c6a4b6b90418f587a12c5c23acd488413a02568ca2d3effe04608ec7c791925c7ed53dc71093ca45

Download Submit
C:\RyukReadMe.html
MD5
38cff8fc8d25dd1101f9262263e5ea63

SHA1
9504170d4fd4d8664425e0a9e6aecfa6ad228888

SHA256
bd57b52935681cb626256c26404cbdd7065af70005d94801c508c98a9d292863

SHA512
86c25950f7bc48b136f1805f4f8a1455c7bb6b6638cb52d132d9d8c4471efff3302a9af2c98a2b4688d1aeaca3075de6fca1a8034bf8a8afc07401da3aeb6647

Download Submit
C:\Users\Admin\AppData\Local\Temp\RyukReadMe.html
MD5
38cff8fc8d25dd1101f9262263e5ea63

SHA1
9504170d4fd4d8664425e0a9e6aecfa6ad228888

SHA256
bd57b52935681cb626256c26404cbdd7065af70005d94801c508c98a9d292863

SHA512
86c25950f7bc48b136f1805f4f8a1455c7bb6b6638cb52d132d9d8c4471efff3302a9af2c98a2b4688d1aeaca3075de6fca1a8034bf8a8afc07401da3aeb6647

Download Submit
memory/1108-54-0x000000013F5C0000-0x000000013F89B000-memory.dmp

Filesize
2.9MB

Download
memory/1108-56-0x000000013F5C0000-0x000000013F89B000-memory.dmp

Filesize
2.9MB

Download
memory/1176-58-0x000000013F5C0000-0x000000013F89B000-memory.dmp

Filesize
2.9MB

Download
memory/1472-55-0x000007FEFBC11000-0x000007FEFBC13000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads